Patents by Inventor Yuji Nagai
Yuji Nagai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8976586Abstract: According to one embodiment, a semiconductor memory device includes a memory cell array including a plurality of memory cells, a random number generation circuit configured to generate a random number, and a controller configured to control the memory cell array and the random number generation circuit. The random number generation circuit includes a random number control circuit configured to generate a random number parameter based on data which is read out from the memory cell by a generated control parameter, and a pseudo-random number generation circuit configured to generate the random number by using the random number parameter as a seed value.Type: GrantFiled: February 17, 2012Date of Patent: March 10, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Atsushi Inoue, Yoshikazu Takeyama
-
Patent number: 8971529Abstract: A data storage unit may store an encrypted medium device key Enc (Kcu, Kmd_i), and a medium device key certificate (Certmedia). A controller further includes: an information recording unit configured to store a controller key (Kc) and first controller identification information (IDcu). A key generation unit executes a one-way function calculation based on the controller key and the first controller identification information to generate a controller unique key (Kcu). An identification information generating unit executes a one-way function calculation based on on the controller key and the first controller identification information to generate second controller identification information (IDcntr). A key encryption unit encrypts the medium device key (Kmd_i) by the controller unique key (Kcu) to generate encrypted medium device key Enc (Kcu, Kmd_i).Type: GrantFiled: January 2, 2014Date of Patent: March 3, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Taku Kato, Yuji Nagai, Tatsuyuki Matsushita
-
Patent number: 8959615Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.Type: GrantFiled: February 25, 2013Date of Patent: February 17, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Yasufumi Tsumagari, Shinichi Matsukawa, Hiroyuki Sakamoto, Hideki Mimura
-
Publication number: 20150046720Abstract: According to one embodiment, encrypted secret identification information (E-SecretID) and the key management information (FKB) are read from a memory device. Encrypted management key (E-FKey) is obtained using the key management information (FKB) and index information (k). The index information (k) and the encrypted management key (E-FKey) are transmitted to the semiconductor memory device. An index key (INK) is generated using the first key information (NKey) and the received index information (k). The encrypted management key (E-FKey) is decrypted using the index key (INK) to obtain management key (FKey), which is transmitted to the host device.Type: ApplicationFiled: October 24, 2014Publication date: February 12, 2015Applicant: KABUSHIKI KAISHA TOSHIBAInventors: Taku KATO, Tatsuyuki MATSUSHITA, Yuji NAGAI
-
Patent number: 8949621Abstract: According to one embodiment, a device includes a first data generator configured to generate a second key (HKey) by encrypting a host constant (HC) with the first key (NKey); a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey); a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device.Type: GrantFiled: June 14, 2012Date of Patent: February 3, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
-
Patent number: 8948400Abstract: the host device being configured to receive, from a key issuer who issued the medium device key (Kmd_i) and the medium device key certificate, a host device key (Khd_i) and a host device certificate (Certhost), the host device being configured to execute authentication with the information recording device using the host device key (Khd_i) and the host device certificate (Certhost), the host device being configured to receive second controller identification information (IDcntr) from the information recording device, the second controller identification information being generated by executing a one-way function calculation based on the controller key (Kc) and the first controller identification information (IDcu), and the host device being configured to decrypt the encrypted content data stored in the information recording device, in response to reception of the second controller identification information (IDcntr) from the information recording device.Type: GrantFiled: June 15, 2012Date of Patent: February 3, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Taku Kato, Yuji Nagai, Tatsuyuki Matsushita
-
Patent number: 8938616Abstract: According to one embodiment, a authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.Type: GrantFiled: June 14, 2012Date of Patent: January 20, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
-
Patent number: 8930720Abstract: According to one embodiment, an authentication method includes generating a second key by a first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information using the session key and secret identification information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.Type: GrantFiled: November 13, 2013Date of Patent: January 6, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
-
Patent number: 8898463Abstract: According to one embodiment, a device includes a cell array including an ordinary area, a hidden area, and an identification information record area in which identification information which defines a condition for accessing the hidden area is recorded. An authentication circuit performs authentication. A sensing circuit recognizes information recorded in the identification information storage area, determines the information recorded in the identification information record area when an access request selects the hidden area, validates an access to the hidden area when determined that the identification information is recorded, and invalidates an access to the hidden area when determined that the identification information is not recorded.Type: GrantFiled: June 15, 2012Date of Patent: November 25, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
-
Publication number: 20140344582Abstract: The data storage portion stores an encrypted medium device key Enc (Kcu, Kmd_i) generated by encrypting a medium device key (Kmd_i), a medium device key certificate (Certmedia), and encrypted content data generated by encrypting content data, the controller stores a controller key (Kc) and first controller identification information (IDcu), the information recording device being configured to execute, after being connected to an external host device, an one-way function calculation based on the controller key (Kc) and the first controller identification information (IDcu) to generate a controller unique key (Kcu) used when decrypting the encrypted medium device key Enc (Kcu, Kmd_i), and second controller identification information (IDcntr) used when decrypting the encrypted content data.Type: ApplicationFiled: July 30, 2014Publication date: November 20, 2014Inventors: Taku KATO, Yuji NAGAI, Tatsuyuki MATSUSHITA
-
Patent number: 8874917Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.Type: GrantFiled: December 31, 2012Date of Patent: October 28, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Yasufumi Tsumagari, Shinichi Matsukawa, Hiroyuki Sakamoto, Hideki Mimura
-
Patent number: 8855297Abstract: According to one embodiment, an authentication method includes generating, by the memory, first authentication information by calculating secret identification information with a memory session key in one-way function operation, transmitting encrypted secret identification information, a family key block, and the first authentication information to a host, and generating, by the host, second authentication information by calculating the secret identification information generated by decrypting the encrypted secret identification information with the host session key in one-way function operation. The method further includes comparing, by the host, the first authentication information with the second authentication information.Type: GrantFiled: June 15, 2012Date of Patent: October 7, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita, Toshihiro Suzuki, Noboru Shibata
-
Patent number: 8850207Abstract: A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel.Type: GrantFiled: March 22, 2012Date of Patent: September 30, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Taku Kato, Yuji Nagai, Tatsuyuki Matsushita
-
Publication number: 20140289526Abstract: According to one embodiment, an authentication method between an authenticatee which stores key information having a data structure composed of a key transition record, secret information XY of a matrix form, and secret information XYE which is created by encrypting the secret information XY, and an authenticator which authenticates the authenticatee, includes selecting, by the authenticator, a record corresponding to a device index of the authenticator from the key information which is received from the authenticatee, and decrypting the record by a device key, thereby taking out a key transition, and executing, by the authenticator, a decryption process on the secret information XYE, which is received from the authenticatee, by using the corresponding key transition, and sharing the secret information XY.Type: ApplicationFiled: February 17, 2012Publication date: September 25, 2014Inventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita
-
Publication number: 20140281570Abstract: A method of performing an authentication process between a data recording device and a host device includes generating second controller identification information based on the first controller identification information, performing an authentication/key exchange process using the encrypted medium device key, the medium device key certificate, the host device key and the host device certificate to obtain medium device key certificate ID contained in the medium device key certificate, generating data recording device identification information based on the second controller identification information and the medium device key certificate ID, and generating a medium unique key based on the data recording device identification information.Type: ApplicationFiled: March 13, 2013Publication date: September 18, 2014Inventors: Taku KATO, Yuji NAGAI, Tatsuyuki MATSUSHITA
-
Publication number: 20140281563Abstract: An authentication process for a memory device that stores a host identification key and a host constant, includes generating a first key based on the host constant, decrypting encrypted secret identification information read from the external device using information generated with the host identification key to generate a secret identification information, generating a random number, generating a session key using the first key and the random number, generating a first authentication information by processing the secret identification information with the session key in a one-way function operation, and authenticating access to the memory device based on whether or not there is a match between the first authentication information and a second authentication information that is generated by the external device with the host constant transmitted to the external device.Type: ApplicationFiled: March 12, 2013Publication date: September 18, 2014Inventors: Yuji NAGAI, Taku KATO, Tatsuyuki MATSUSHITA
-
Publication number: 20140281564Abstract: A method of authenticating access to a memory device that stores a host identification key and a host constant, includes generating a first key based on the host constant, decrypting a family key block read from an external device using the host identification key to generate a family key, decrypting encrypted secret identification information read from the external device using the family key to generate a secret identification information, generating a random number, generating a session key by using the first key and the random number, generating a first authentication information by processing the secret identification information with the session key in one-way function operation, and authenticating access to the memory device based on whether or not there is a match between the first authentication information and a second authentication information that is generated by the external device with the host constant transmitted to the external device.Type: ApplicationFiled: March 13, 2013Publication date: September 18, 2014Inventors: Yuji NAGAI, Taku KATO, Tatsuyuki MATSUSHITA
-
Publication number: 20140281551Abstract: A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel.Type: ApplicationFiled: June 2, 2014Publication date: September 18, 2014Applicant: KABUSHIKI KAISHA TOSHIBAInventors: Taku KATO, Yuji Nagai, Tatsuyuki Matsushita
-
Publication number: 20140281543Abstract: A host device connected to a data recording device, includes a holding unit for holding a host device key and a host device certificate, an authentication/key exchange process unit configured to perform an authentication/key exchange process with the data recording device using the host device key and the host device certificate to receive medium device key certificate ID held in the data recording device and contained in the medium device key certificate, an interface unit configured to perform data communication with the data recording device through a secure channel, and an identification information generating unit configured to receive second controller identification information generated in the data recording device based on the first controller identification information by data communication through the secure channel and the interface unit, to generate data recording device identification information based on the second controller identification information and the medium device key certificate ID.Type: ApplicationFiled: March 12, 2013Publication date: September 18, 2014Inventors: Taku KATO, Yuji NAGAI, Tatsuyuki MATSUSHITA
-
Publication number: 20140250302Abstract: According to one embodiment, a device includes a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey) in AES operation; a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device.Type: ApplicationFiled: April 21, 2014Publication date: September 4, 2014Applicant: KABUSHIKI KAISHA TOSHIBAInventors: Yuji Nagai, Taku Kato, Tatsuyuki Matsushita