Abstract: A device includes a processor that performs a procedure.

Abstract: A device includes a processor that performs a procedure.

Abstract: A computer program, method, and system for access control, which are capable of keeping and guaranteeing consistency of access control settings. A collector collects access control information and resource information which are set for each unit of processing such as an application and a file system and are transmitted from a transmitter, and stores them in an access control information memory. A combiner combines the collected access control information to create and store combined access control information in a combined access control information memory. A consistency adjuster analyzes the policies defined in the combined access control information stored in the combined access control information memory to detect inconsistency, and if inconsistency is detected, resolves the inconsistency according to an inconsistency measure policy. Thus, consistent filtering master information for the entire system is created and stored in a filtering master information memory.

Abstract: A storage medium on which is recorded a program for causing an information processing device. The program executes, an access right management information obtainment process for obtaining access right management information, a violation detection process for obtaining a policy from a policy storing unit for storing the policy set for the resource or the access to the resource, for checking whether or not the access right management information complies with the policy, and for detecting access right management information, a policy compliance level calculation process for calculating a risk score in accordance with a degree of risk of the violation, and for calculating a level of compliance with the policy.

Abstract: In an information system, a web server records web access logs of a client outside of a LAN. A mail server records transmission/reception logs of e-mails. A DB server records access right operation logs. A task application server records DB access log. An administrative server collects logs recorded in the web server, the mail server, the DB server, and the task application server, and operation logs of the client terminals to trace a person and an operation related to information leakage using the collected logs.

Abstract: Encrypted music data and additional information necessary for accessing a server (30) are copied from a CD-ROM (200) onto a memory card (110). The memory card (110) receives via a digital portable phone network the distribution of a contents decoding key (Kc) necessary for decoding encrypted music data and control information data (AC1) for limiting the number of accesses to the memory card from the server (30).

Abstract: A memory card (110) stores access restriction information (AC1) to a license information hold unit (1440) arranged in a TRM area. Access restriction information (AC1) has information for example of a frequency of reproduction allowed and a number of licenses owned. A controller (1420) in reproducing and transferring content initially confirms access restriction information (AC1) and thereafter effects reproduction and transfer and after the reproduction and transfer are effected updates access restriction information (AC1), as required, for storage in a license information hold unit (1440).

Abstract: A memory card 110 extracts a session key Ks from the data applied onto a data bus BS3 by carrying out a decryption process. An encryption processing unit 1406 encrypts a public encryption key KPcard(1) of memory card 110 based on session key Ks, and applies the encrypted key to a server via data bus BS3. A memory 1412 receives from a server data such as license key Kc, license ID data License-ID and user ID data User-ID encrypted with a public encryption key KPcard(1) differing for each memory card for storage, and receives encrypted content data [Dc]Kc encrypted with license key Kc from data bus BS3 for storage.

Abstract: A storage medium on which is recorded a program for causing an information processing device. The program executes, an access right management information obtainment process for obtaining access right management information, a violation detection process for obtaining a policy from a policy storing unit for storing the policy set for the resource or the access to the resource, for checking whether or not the access right management information complies with the policy, and for detecting access right management information, a policy compliance level calculation process for calculating a risk score in accordance with a degree of risk of the violation, and for calculating a level of compliance with the policy.

Abstract: A memory card (110) includes a memory (1415) to store encrypted content data, a license hold unit (1440) to store at least a portion of license information distributed by a distribution system, a plurality of authentication data hold units (1400.1, 1400.2), each storing a plurality of authentication data that are authenticated respectively by a plurality of public authentication keys KPma, KPmb common to the distribution system, and a switch (SW2) to selectively provide the data from the plurality of authentication data hold units outside of said recording apparatus according to a request external to the memory card (110).

Abstract: Data processing apparatus distributes a public key certificate and information about a private key to a user terminal as activation information separately from a terminal module. In the case where the public key certification is vulnerable, it transmits only the activation information again.

Abstract: A memory card includes a user ID hold unit holding user ID data provided to identify the user of the memory card, a first protection information memory unit holding first protection information restricting access to memory card, and a second protection information memory unit holding second protection information restricting access for each content data. Memory card refers to the user ID data to identify the user of the reproduction apparatus of interest and prohibits any unauthorized user from changing first and second protection information.

Abstract: A computer program, method, and system for access control, which are capable of keeping and guaranteeing consistency of access control settings. A collector collects access control information and resource information which are set for each unit of processing such as an application and a file system and are transmitted from a transmitter, and stores them in an access control information memory. A combiner combines the collected access control information to create and store combined access control information in a combined access control information memory. A consistency adjuster analyzes the policies defined in the combined access control information stored in the combined access control information memory to detect inconsistency, and if inconsistency is detected, resolves the inconsistency according to an inconsistency measure policy. Thus, consistent filtering master information for the entire system is created and stored in a filtering master information memory.

Abstract: A memory card (110) conducts an authentication process with a server based on data stored in an authentication data hold unit (1400). The memory card (110) extracts a first session key (Ks1) from a server by a decryption process and a transaction ID from the data applied on a data bus (BS3). The memory card (110) generates a second session key (Ks2) through a session key generation unit (1418), and transmits to the server, as the keys to encrypt content data in receiving decryption of content data, the second session key (Ks2) and a key (KPm(1)) unique to the memory card (110) in an encrypted state with the first session key (Ks1). The transaction ID and the second session key (Ks2) stored in the log memory (1460) are used in the redistribution process.

Abstract: A license server (10) includes a CRL database (306) holding a revocation list recording therein classes predetermined corresponding respectively to a memory device, such as a memory card, and a content reproduction circuit, such as a cellular phone, that are subjected to revocation of distributing, reproducing and transferring content data. A distribution control unit (315) suspends an operation distributing content data if the distribution is addressed to a class listed on the revocation list. The revocation list is also held in the memory card and distribution control unit (315) in distributing content also transmits information for updating the revocation list in the memory card.

Abstract: A cellular phone has distributed encrypted content data and an encrypted content key stored in a memory. The encrypted content key data read out from the memory is decrypted by a decryption processing unit using key data Kp stored in a Kp hold unit, and then applied to a audio reproduction module. A decryption processing unit decrypts encrypted content data read out from the memory using a content key Kc extracted by the decryption processing unit to reproduce content data Dc.

Abstract: An LA (License Agent) (or a license chip having the same function as the LA) is disposed in a PC (Personal Computer), a content distribution server, and a medium attached to a PD (Private Device or Portable Device) that use a license for electronic data. A content and electronic data are encrypted corresponding to a license. The encrypted content and electronic data are distributed among them. However, the license is distributed between the LAs as safe communication means. Thus, the license can be correctly managed and transferred.

Abstract: A memory card performs decryption processing to extract a session key from data applied from a server to a data bus over a cellular phone network. An encryption processing unit encrypts a public encryption key of memory card based on a session key, and applies the same to the server via data bus. A register receives and stores data such as a decrypted license ID and a user ID from the server, and a memory receives and stores encrypted content data applied from a data bus and encrypted with a license key.

Abstract: In an information system, a web server records web access logs of a client outside of a LAN. A mail server records transmission/reception logs of e-mails. A DB server records access right operation logs. A task application server records DB access log. An administrative server collects logs recorded in the web server, the mail server, the DB server, and the task application server, and operation logs of the client terminals to trace a person and an operation related to information leakage using the collected logs.

Abstract: A memory card (110) decodes data delivered to a data bus (BS3) and extracts a session key (Ks1) sent from a server from the data. Based on the session key (Ks1), an encrypting section (1406) encrypts a public encryption key (KPm (1)) of the memory card (110) and delivers it to a server through the data bus (BS3). The memory card (110) receives data including a license key (Kc) and a license (ID) encrypted with the public encryption key (KPm (1)) different with memory card to memory card, decrypts the data, encrypted it again with uniquely given secret key (K(1)), and stores it in a memory (1415).