Abstract: According to an aspect of the embodiment, an information processing unit includes a browser unit that receives page files and execute a web application; an application range management unit that receives application range information at the start of execution of the web application, and stores that information in a memory unit; a termination detecting unit that, when the page file being processed by the browser unit changes, determines whether or not the web application being executed has terminated depending on whether or not the new page file is included in the application range information; a usability determining unit that determines whether or not an add-on for which a call request is issued is allowed to be used in the web application being executed; and an add-on calling unit that calls an add-on when determined that the add-on is allowed to be used in the web application being executed.

Abstract: According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes the protected program in a secure mode. The processor places a code region and a protected data region in the protected program which was decoded in a memory region having an access restriction by using the first program. When an access to the protected data region is confirmed, the processor confirms by using the second program that the access is caused by a command from the code region placed by the first program, and then, executes the command.

Abstract: According to an embodiment, an information processing device is connectable to a peripheral device and includes a buffer, a first operating system, a second operating system, and a monitor. The monitor is configured to enable the first operating system or the second operating system to execute in a switching manner. The monitor includes a switching controller that, when the second operating system issues an access request to the peripheral device, saves a state of the second operating system and suspends its execution as well as restores a state of the first operating system and restarts its execution. The first operating system includes a request input-output controller that reads the access request from the buffer, that divides the read access request into instructions in receivable units for the peripheral device, and that issues each instruction. The first operating system includes an access controller that accesses the peripheral device according to the instructions.

Abstract: According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area.

Abstract: According to one embodiment, a transmitting method transmits a start request for an authentication and key exchange from at least one of receivers to the transmitter, performs an authentication and key exchange for at least one of a first key common to the receivers and a second key peculiar to the at least one of the receivers, and encrypts the content by using a key shared by the transmitter and the at least one of the receivers to transmit the encrypted content to the at least one of the receivers.

Abstract: The debugging unit writes a public key of the key issuing server and an initializing program given from outside, to the storage unit. The instruction executing unit reads and executes the initializing program stored in the storage unit. The debug disabling unit disables the debugging unit. The public-key encrypting unit encrypts the random number by the public key in the storage unit, the random number generated by the random number generating unit after the debugging unit is disabled. The transmitting unit transmits the encrypted random number to the key issuing server. The receiving unit receives an individual key encrypted by the random number from the key issuing server. The individual-key writing unit decrypts the encrypted individual key by the random number to obtain the individual key and write the individual key to the storage unit.

Abstract: An energy management system has an application storage, an application executing unit, a plurality of network interfaces, a policy setting unit configured to set whether each application should be permitted to access each of the network interfaces, a policy storage configured to store identification information for each application set by the policy setting unit, and access permit/inhibit information showing whether the application is permitted to access each of the network interfaces, an I/F management unit managing a correspondence relationship between a network address and each of the network interfaces, and to specify a network interface used by the application executed by the application executing unit, and an access controller configured to judge whether the application executed by the application executing unit is permitted to access the network interface to be used thereby, based on the access permit/inhibit information stored in the policy storage.

Abstract: According to one embodiment, an apparatus includes a receiver, a requesting controller, a substitution operation controller, a reflection controller, and an access controller. The receiver receives protection area information transmitted from a first application. The protection area information describes a protection area within storage. The requesting controller requests a second application to register first data based on the protection area information in a data file within a nonvolatile memory device. The substitution operation controller attempts to register the first data in the data file. The reflection controller reflects the protection area information in a kernel setting. The access controller controls access to data within the storage based on the kernel setting.

Abstract: According to an embodiment, a broadcast receiving device includes a tuner, an acquirer, a signature executor, a first interface, a command receiver, and a transmitter. The tuner is configured to receive broadcast waves containing information identifying a broadcast program, a broadcast program, and a viewing certificate certifying that a specific broadcast program has been received. The acquirer is configured to acquire the viewing certificate from the broadcast waves received by the tuner. The signature executor is configured to sign the acquired viewing certificate by using a key. The first interface is connected to an external device via a network. The command receiver is configured to receive a command for acquiring the viewing certificate from the external device. The transmitter is configured to transmit the viewing certificate to which the signature is applied to the external device that has issued the acquisition command.

Abstract: According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area.

Abstract: According to an embodiment, an information processing apparatus includes a secure OS, a non-secure OS, and a monitor. The monitor is configured to switch between the OSs. The secure OS includes a memory protection setting controller, a processing determination controller, and a secure device access controller. The memory protection setting controller is configured to set a protection address in a memory for each certain processing. The processing determination controller is configured to receive an access type, a physical address of an access destination, and data to be written, acquire a list of processing, and determine a type of processing to be performed. The secure device access controller is configured to receive the access type, the physical address of an access destination, and data to be written, and access a peripheral identified by the physical address.

Abstract: According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes the protected program in a secure mode. The processor places a code region and a protected data region in the protected program which was decoded in a memory region having an access restriction by using the first program. When an access to the protected data region is confirmed, the processor confirms by using the second program that the access is caused by a command from the code region placed by the first program, and then, executes the command.

Abstract: According to one embodiment, a first processor of an information processing apparatus switches between a secure mode and a non-secure mode and reports its mode. When the first processor is in the secure mode, a second processor accesses to a protected area of a storage module. A boot program for the first processor and a program which activates the first processor in the non-secure mode are verified. Furthermore, a program which activates the first processor in the secure mode is encrypted, and its decryption key is stored in the protected area of the storage module.

Abstract: An application information reader acquires identification information about an application capable of operating an operation target device. An operation application executer executes the application corresponding to the identification information. A device information manager performs authentication with the target device using authentication information, and stores the authentication information when the authentication is successful. A token manager stores a certificate indicating a permission of the operation of the target device. A token receiver requests a token delivery device to generate the certificate corresponding to the authenticated target device; receives the generated certificate; and stores the generated certificate in the token manager. A transmitter transmits, to the target device, a device operation instruction requested from the executed application, the authentication information, and the certificate.

Abstract: According to an embodiment, an information processing apparatus includes a banked register determiner and a saving register determiner. The banked register determiner is configured to hold register information indicating which of a banked register and a non-banked register a register which is used by the operating system is, receive an acquisition instruction for the non-banked or banked register and the information about the mode of the operating system, and return a list of the non-banked or banked registers. The saving register determiner is configured to acquire the mode in which the operating system is capable of operating, determine that saving of the banked register for the mode is necessary when another operating system is capable of operating in the mode, acquire a list of the banked registers, and acquire a list of the non-banked registers from the banked register determiner.

Abstract: An information processing apparatus has a request determining part determining a request type for streaming contents from a communicating apparatus, a copy number managing part managing the number of copies permissible for the communicating apparatus, a stream number managing part managing the number of streams now in communication, a key-selection processing part selecting a first key corresponding to transfer of streaming contents permissible for one or more of copies or a second key corresponding to transfer of streaming contents for copies with generation management restriction or not permissible for copies, an encryption processing part generating encrypted streaming contents using the first or the second key, and a packet processing part generating a packet that includes the encrypted streaming contents and key information selected by the key-selection processing part and to include information on the number of copies to the packet when the first key is selected.

Abstract: According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area.

Abstract: According to an embodiment, a tuner unit, a managing unit, a private code verifying unit, an application origin verifying unit, and a device operation command processing unit. The tuner unit is configured to perform a decoding process of a broadcast program and program related information from broadcasting waves. The managing unit is configured to store a private code on a device-by-device basis. The private code verifying unit is configured to verify whether the private code obtained from an information manipulation device matches with the stored private code. The application origin verifying unit is configured to determine whether first origin information that has been received matches with second origin information of the application being executed. The device operation command processing unit is configured to allow execution of the device operation command when the first origin information and the second origin information match and when the private codes match.

Abstract: According to an embodiment, an authority changing device includes a first determiner, a second determiner, and a changing unit. A first authority is defined by a first combination of first to third item values, and a second authority is defined by a second combination of the fourth to sixth item values. The first determiner uses a logical expression to determine whether the change from the first authority to the second authority is possible, not possible, or unknown. The second determiner uses a first table to determine the availability of change from the first authority to the second authority when the availability of the change is determined to be unknown. The changing unit changes the first authority to the second authority when the change is determined to be possible.

Abstract: According to one embodiment, a first processor of an information processing apparatus switches between a secure mode and a non-secure mode and reports its mode. When the first processor is in the secure mode, a second processor accesses to a protected area of a storage module. A boot program for the first processor and a program which activates the first processor in the non-secure mode are verified. Furthermore, a program which activates the first processor in the secure mode is encrypted, and its decryption key is stored in the protected area of the storage module.