Abstract: An information generating unit generates identification information for an equipment based on environment information of the equipment. A search-result transmitting unit searches, when an information output request for equipment information generated based on the identification information is received, a database for the equipment information corresponding to the identification information, and transmits a search result as information indicating whether the equipment is allowed to receive a service.

Abstract: A first electronic device stores first configuration information of the first electronic device collected by a tamper-resistant chip on the first electronic device and approved by a third-party device in the portable medium. A second electronic device stores second configuration information of the second electronic device collected by a tamper-resistant chip on the second electronic device and approved by the third-party device in the portable medium and acquires the first configuration information from the portable medium. The first electronic device transmits the first configuration information of the first electronic device and the second configuration information of the second electronic device acquired from the portable medium to the second electronic device over a long-distance network.

Abstract: A first electronic device transmits first configuration information of the first electronic device collected by a tamper-resistant chip mounted thereon and approved by a third-party device to a second electronic device over a short-distance network. The second electronic device transmits second configuration information of the second electronic device collected by a tamper-resistant chip mounted thereon and approved by the third-party device to the first electronic device over the short-distance network. The first electronic device transmits the first configuration information and the second configuration information to the second electronic device over a network. The second electronic device controls connection between the first electronic device and the second electronic device over the network based on the first configuration information and the second configuration information received from the first electronic device.

Abstract: A terminal of an environment management station that calculates an evaluation value of a user terminal security, the evaluation value being used to determine whether to provide a service from a service provider to the user terminal, the terminal of the environment management station set in a third-party organization and stores environment information about to identify software or hardware that can be incorporated in the user terminal or hardware that can be connected to the user terminal, and the evaluation value of the user terminal in association with each other; a receiving unit that receives the environment information of the user terminal; an evaluation value calculating unit that calculates the evaluation value of the user terminal based on the evaluation value; and a transmitting unit that transmits the evaluation value to the terminal of the service provider.

Abstract: A computer resource verifying method verifies computer resources introduced into a client device. The computer resource verifying method includes performing, by the client device, client side processing including verification of individual computer resources introduced into the client device and information collection for a dependence relation between computer resources; performing, by a server device, a server side processing by receiving information on a result of the client side processing performed in the performing of the client side processing to perform verification of the dependence relation between computer resources; and determining, by the server device, whether the client device is normal based on a verification result of the computer resources and a verification result of the dependence relation between computer resources.

Abstract: A data acquiring unit acquires electronic data. A tamper-resistant chip includes a storing unit that stores a confidential key specific to a device, and a collecting unit that collects device information that is internal information of the device. An attaching unit attaches collected device information to acquired electronic data. An encrypting unit encrypts the electronic data with the device information attached, using the confidential key stored in the storing unit.

Abstract: An authentication method of performing authentication for an information processing device connected via a communication network by an authentication device, including: receiving information related to biometric authentication concerning the information processing device; receiving information related to identification information for identifying the information processing device; receiving information related to environment of the information processing device; receiving an electronic signature by a secret key which is paired with an electronic certification transmitted from the information processing device; and determining, by a control unit, a biometric level based on the received information related to biometric authentication, a device level based on the received information related to identification information and an environment level based on the received information related to environment; correcting, by the control unit, the determined level based on validity of the received electronic signature.

Abstract: A method for identity verification includes receiving a request for proof of identity from a service provider and receiving biometric information associated with a user of a communication device. The method also includes determining that the received biometric information matches a biometric profile that contains biometric information associated with a registered user of the communication device. The method also includes unlocking a private key associated with the registered user in response to determining that the received biometric information matches a biometric profile and sending a request for a digital certificate that is signed with the private key associated with the registered user. The method further includes receiving the digital certificate that includes a public key associated with the registered user and satisfies the request for proof of identity. The method also includes with forwarding the digital certificate to the service provider.

Abstract: A device management system is configured with a target device including at least one unit that includes a tamper-resistant chip, a management apparatus that manages or uses the target device, and an authentication apparatus including a database for authentication, connected via a network in a communicable manner. In the target device, each unit is equipped with the tamper-resistant chip that collects device information specific to a unit, stores collected device information, and stores a confidential-key.

Abstract: According to one embodiment, a system includes a memory and a processor. The processor receives a message that includes a patch for installation and one or more requirements to be satisfied before the patch can be installed. The patch is configured to update the computing system. The processor also repeatedly collects information from one or more sensors until it is determined, based on the collected information, that the one or more requirements have been satisfied. Upon determining that the one or more requirements have been satisfied, the processor further conducts an installation process of the patch on the computing system. Upon determining that the installation process of the patch is finished, the processor further transmits a confirmation report indicating whether the patch was successfully installed. The confirmation report is generated and signed by a unique element associated with the computing system.

Abstract: An information processing apparatus includes a chip implemented therein to independently perform a predetermined process. The chip includes a storage unit that stores therein user signature information in which biometric information of a user and a user electronic signature key that is a key for generating an electronic signature of the user for information created by the user are associated with each other and an encryption key that is a key for encrypting information, an electronic signature adding unit that, if the biometric information is obtained from the user, searches the storage unit for the user signature information corresponding to the biometric information, and adds the electronic signature of the user to user created information with a user electronic signature key in the user signature information, and an encrypt processing unit that encrypts with the encryption key the user created information processed by the electronic signature adding unit.

Abstract: A TPM chip installed in an image reading apparatus records an operation log, and encrypts recorded operation log with a secret key. The image reading apparatus transmits encrypted operation log to an evaluation apparatus. The evaluation apparatus receives the encrypted operation log, decrypted received operation log, and evaluates an operation performed on the image reading apparatus based on decrypted operation log.

Abstract: A data managing device with a single chip that includes: first hardware that authenticates security of communication performed by a data processing apparatus that houses the data managing device; second hardware that performs different processing from processing performed by the first hardware; and third hardware that receives an update program for a program executed by any one of the first hardware and the second hardware, from a data providing apparatus with which security of communication is authenticated by the first hardware, and updates the program by the update program.

Abstract: A method for sharing content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management includes making a first request for delivery of content, receiving the requested electronic content, receiving a second request for delivery of the electronic content, communicating the second request, receiving a decision, and delivering the electronic content if the second request is granted. The first request is made to a policy enforcement point in the network for delivery of content to a first client, and includes a trust level of the first client. The second request is for delivery of the content to a second client at the trust level of the first client and includes integrity information about the second client, and is communicated to the policy enforcement point. If the second request is granted, the content is delivered from the first client to the second client.

Abstract: A method for sharing content between clients at a common trust level in a trust hierarchy associated with a network implementing policy-based management includes receiving integrity information from a first client at a first trust level in the trust hierarchy at a second client at the first trust level, requesting permission to receive electronic content from the first client, receiving a determination regarding the requested permission, and communicating the determination to the first client. The first client obtained content from a policy enforcement point in the network. The request for permission is made to the policy enforcement point and the request includes the integrity information. The determination is received from the policy enforcement point and is based in part on the integrity information about the first client. The second client communicates to the first client the determination of whether the second client receives the content from the first client.

Abstract: Security of an information processing apparatus is ensured by performing biological information authentication and collecting the environment information about the information processing apparatus. The information processing apparatus transmits the collected environment information to a first authentication apparatus. An electronic certificate issued by a second authentication apparatus and information encrypted with a secret key issued by the second authentication apparatus are transmitted to the first authentication apparatus. The first authentication apparatus acquires the public key of the second authentication apparatus and the public key of the information processing apparatus so as to decrypt the encrypted information, and judges whether or not the decrypted information is proper. The first authentication apparatus refers to an environment information database and the transmitted information, and judges whether or not the transmitted environment information is proper.

Abstract: In certain embodiments, processors may operate to establish trust with trust point systems by performing a user authentication, a platform authentication, and an environment authentication. The processors may communicate information with the trust point systems in response to establishing trust. In certain embodiments, the trust point systems may cooperate to provide a variety of services, such as escorting, battery charging, vehicle security, and/or emissions reporting services.

Abstract: According to one embodiment, a client system supported by remote maintenance in an electronic network configured to serve a plurality of clients may include an electronic network, a plurality of storage resources, a first virtual machine, a second virtual machine, and a virtual machine manager. The electronic network may include a plurality of processing resources and a communication bus. The plurality of storage resources may be accessible by the plurality of processing resources. The plurality of storage resources may include a computer readable memory. The first virtual machine may handle a first data set associated with the client system. The first virtual machine may include an operating system and a reporting agent. The second virtual machine may handle a second data set associated with an external data center. The virtual machine manager may be configured to manage data transfer between the first virtual machine and the second virtual machine.

Abstract: A method for verifying electronic software code integrity may comprise providing a list of encryption keys to a client, encrypting a software code packet using one of the plurality of encryption keys, delivering the encrypted software code packet to the client, and informing the client to choose an encryption key for decryption based on the specific time factor. Each encryption key on the list may correlate to a respective time factor. The one of the plurality of encryption keys may be chosen from the list based at least in part on a specific time factor.

Abstract: A client supported by remote maintenance in an electronic network configured to serve a plurality of clients may comprise a plurality of nodes, a first virtual machine (VM), a second virtual machine, and a virtual machine manager (VMM). The first VM may handle data associated with an external data center. The second VM may be associated with one of the plurality of nodes. The VMM may be configured to manage data transfer between the first VM and the second VM. The first VM may be configured to assess a state of the client system and identify a software update for installation on the one of the plurality of nodes. The software update may be configured to maintain identity between the data in the one of the plurality of nodes and the data center. The VMM may manage an attestation process prior to delivering or installing the software update on the client system using the first VM.