Abstract: A microcontroller includes a CPU and a cryptographic circuit, and when a first program uses the cryptographic circuit, the second program transmits installation information of the first program and encrypted program installation information to the cryptographic circuit. The cryptographic circuit decrypts the encrypted program installation information and compares it with the installation information of the first program. In the case of match, the use of the cryptographic circuit by the first program is permitted.

Abstract: To shorten a processing time at boot time without lowering a security level, an acquiring unit acquires a public key, a signature generated with a secret key corresponding to the public key, and a program associated with the signature. A signature verification unit performs signature verification by using the public key and the signature acquired by the acquiring unit, before the program acquired by the acquiring unit is booted. A calculation unit calculates a first MAC value by using a device eigenvalue and stores the first MAC value, when the result of signature verification by the signature verification unit is appropriate. A boot unit calculates a second MAC value by using the device eigenvalue, compares the second MAC value and the stored first MAC value with each other to determine that the program is legitimate, and executes boot based on the determination result.

Abstract: A microcontroller includes a CPU and a cryptographic circuit, and when a first program uses the cryptographic circuit, the second program transmits installation information of the first program and encrypted program installation information to the cryptographic circuit. The cryptographic circuit decrypts the encrypted program installation information and compares it with the installation information of the first program. In the case of match, the use of the cryptographic circuit by the first program is permitted.

Abstract: In a system including a terminal device where a plurality of apps are installed and can be executed and a management device capable of communicating with the terminal device; even if the terminal device does not have an advanced security function such as a secure boot, the validity of apps is determined in conjunction with the reliable management device. The management device stores specific values uniquely calculated respectively from a plurality of apps installed on the terminal device, as a plurality of installation-time specific values. The system causes the terminal device to calculate a specific value uniquely calculated from one app, as an execution-time specific value, and determines that the app is authentic if the calculated execution-time specific value matches one of the installation-time specific values stored in the management device.

Abstract: To shorten a processing time at boot time without lowering a security level, an acquiring unit acquires a public key, a signature generated with a secret key corresponding to the public key, and a program associated with the signature. A signature verification unit performs signature verification by using the public key and the signature acquired by the acquiring unit, before the program acquired by the acquiring unit is booted. A calculation unit calculates a first MAC value by using a device eigenvalue and stores the first MAC value, when the result of signature verification by the signature verification unit is appropriate. A boot unit calculates a second MAC value by using the device eigenvalue, compares the second MAC value and the stored first MAC value with each other to determine that the program is legitimate, and executes boot based on the determination result.

Abstract: In a system including a terminal device where a plurality of apps are installed and can be executed and a management device capable of communicating with the terminal device; even if the terminal device does not have an advanced security function such as a secure boot, the validity of apps is determined in conjunction with the reliable management device. The management device stores specific values uniquely calculated respectively from a plurality of apps installed on the terminal device, as a plurality of installation-time specific values. The system causes the terminal device to calculate a specific value uniquely calculated from one app, as an execution-time specific value, and determines that the app is authentic if the calculated execution-time specific value matches one of the installation-time specific values stored in the management device.

Abstract: There is a need to perform recalculation against a fault attack on any public key e within a time period required for one-time modulo exponentiation. A modulo exponentiation operation is expressed as Y=XdmodN. The modulo exponentiation operation is performed to yield C0=Xd?modN, C1=XdmodN, and T=X2^nmodN, where d? denotes two's complement of d and n denotes the number of bits in d. The modulo exponentiation operation determines whether or not a remainder resulting from the product of a value of C0 and a value of C1 modulo N matches a value of T. The modulo exponentiation operation assigns the value of C1 to Y if a match is found. The modulo exponentiation operation reports an error if a match is not found. The modulo exponentiation operation applies an RSA decryption process to a modulo exponentiation operation using the Chinese remainder theorem.

Abstract: There is a need to perform recalculation against a fault attack on any public key e within a time period required for one-time modulo exponentiation. A modulo exponentiation operation is expressed as Y=XdmodN. The modulo exponentiation operation is performed to yield C0=Xd?modN, C1=XdmodN, and T=X2?nmodN, where d? denotes two's complement of d and n denotes the number of bits in d. The modulo exponentiation operation determines whether or not a remainder resulting from the product of a value of C0 and a value of C1 modulo N matches a value of T. The modulo exponentiation operation assigns the value of C1 to Y if a match is found. The modulo exponentiation operation reports an error if a match is not found. The modulo exponentiation operation applies an RSA decryption process to a modulo exponentiation operation using the Chinese remainder theorem.