Abstract: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may not be present, not correctly authorized, or not correctly operating.

Abstract: The present invention is designed to enable a secure device to authenticate a terminal application that operates on an information processing terminal and that accesses the secure device. An application issue request transmitter (301) of the information processing terminal (30) sends a request for issue of a terminal application to an application issuer (101). The application issuer (101) of an secure device (10) reads a terminal application (31) from an application storage (105) and embeds authentication information in the terminal application (31), associates an ID and the authentication information of the terminal application (31) and save them in an issue information storage (106), and sends the terminal application (31) to an application receiver (302) of the information processing terminal through an application transmitter (102). The application receiver (302) starts the terminal application (31).

Abstract: A terminal that performs secure boot processing when booting, thereby booting reliably even if, during updating of a software module, the power is cut off or the update is otherwise interrupted. The terminal comprises a CPU, a software module storage unit, a certificate storage unit, an updating unit for updating the software module and certificate, a security device provided with a configuration information storage unit for storing the configuration information of the software module, an alternate configuration information storage unit for storing the configuration information of a software module in the configuration before the update, and a boot control unit for verifying and executing the software module by using the certificate. The terminal verifies the certificate of the software module by comparing the configuration information stored by the configuration information storage unit with the configuration information stored by the alternate configuration information storage unit.

Abstract: It is an object of the present invention to provide an information processing device that verifies the authorization of an application that has issued an access request to access a device. For the present invention to fulfill the above object, when an application 102 on a universal OS issues a processing request to a secure device driver 105, a secure VMM 100 and an application identification unit 106 on a management dedicated OS 104 lock a page table of the application 102 and refer to the page table to generate a hash value. The application is determined to be authorized or unauthorized by comparing the generated hash value with a reference hash value.

Abstract: The present invention provides an information processing apparatus that is capable of continuously performing secure boot between module groups in the case where software of a terminal device consists of module groups provided by a plurality of providers, while keeping independence between the providers. The information processing apparatus is provided with a linkage certificate that contains a first configuration comparison value, which indicates a cumulative hash value of the first module group to be started up by secure boot, and a module measurement value, which indicates a hash value of the first module of the second module group to be started up by secure boot. After the secure boot of the first module group, it is verified that the first module group has been started up by comparison with the first configuration comparison value.

Abstract: The present invention provides a migration apparatus that realizes safe migration of secret data between a first terminal device and a second terminal device. Before transmitting the secret data to the second terminal device, the migration apparatus (i) receives, from the first terminal device, a minimum evaluation level required of a destination of the secret data by the first terminal device, (ii) receives, from the second terminal device, an evaluation level of the second terminal device, (iii) judges whether the evaluation level of the second terminal device is lower than the minimum evaluation level, and (iv) sends the secret data to the second terminal device only if the evaluation level of the second terminal device is no lower than the minimum evaluation level.

Abstract: The present invention provides an information processing device, an authentication system, etc. that save a server the trouble of updating a database, etc., even when a software module in a client device is updated, and that are capable of verifying whether software modules that have been started in the client device are valid. The terminal device A100 holds private keys 1 and 2, and performs authentication processing with the terminal device B101 using the private key 2. The private key 1 has been encrypted such that the private key 1 is decryptable only when secure boot is completed. The private key 2 has been encrypted such that the private key 2 is decryptable using the private key 1 only when the application module X that has been started is valid. When the authentication processing is successful, the terminal device B101 verifies that the terminal device A100 has completed secure boot and the application module X that has been started in the terminal device A100 is valid.

Abstract: Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. A first terminal includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority holds a security policy table describing a security policy and judges whether data movement from the first terminal to the second terminal is enabled according to the security policy table.

Abstract: A data aggregation part 14 uses, as a data set, setting data for controlling an air-conditioning apparatus 31 and a refrigerating showcase 32, the amount of electricity consumed by the air-conditioning apparatus 31 and the refrigerating showcase 32 and operation data thereof, and environmental data containing outdoor temperatures, and classifies the data set for each outdoor temperature. An environmental condition-specific analyzer 15 obtains optimum setting data for accomplishing energy saving for each outdoor temperature, by using the data set for each outdoor temperature. The environmental condition-specific analyzer 15 also corrects the amount of electricity consumption of the data set on the basis of the number of people in a space counted by a people counter 35. A time zone-specific analyzer 16 obtains optimum setting data for accomplishing energy saving for each time zone by using the optimum setting data for each outdoor temperature.

Abstract: An information terminal that decrypts sealed data without returning program data after update to the state before update. The information terminal includes update certificate storage unit storing an update certificate for certifying update of the program data to be executed by CPU, and a selection unit which, when the CPU is to execute program data, judges whether or not digest of the post-update program data in the update certificate matches digest of the program data to be executed, and selects digest of the pre-update program data in the update certificate when it judges that they match. The CPU executes the post-update program data. The information terminal further includes a security device that stores an extend value of a program data digest when the pre-update program data is executed by the CPU according to a request from the selection unit.

Abstract: The present invention provides mobile terminals with various types of services such as electronic commerce service, music delivery service, and position information service. User applications required for the electronic commerce service, music delivery service, and position information service are respectively configured as service objects each having a server facility, and further a local gateway is provided, whereby various types of services can be used through a browser.

Abstract: A power control system is provided with a plurality of electric appliances and a power control apparatus that controls the operation of the plurality of electric devices. The plurality of electric devices are grouped into one or a plurality of groups, each group containing a plurality of electric devices, and on the basis of state information of the electric devices, the power control apparatus controls the operation of each electric device by group according to a plurality of sets of control contents prepared ahead of time.

Abstract: An energy conservation diagnosis system manages electrical device K which consumes electricity to operate based on control schedule information, and comprises acquiring unit 14a, rule information generation unit 14b, operating determination unit 14c and display unit 12. Acquiring unit acquires operating information obtained by means of relating an operating condition of electrical device to a clock time. Rule information generation unit generates rule information by means of relating a rule on use of electrical device to a clock time, based on one or more predetermined time slots depending on a benefit of electricity consumed by electrical device. Operating determination unit acquires control schedule information of electrical device, and generates an image data by means of superimposing acquired control schedule information and rule information onto operating information so that each clock time is fitted to a clock time of operating information. Display unit displays the image data.

Abstract: A terminal device sets a beneficial use time slot for regarding the electrical consumption in the beneficial use time slot as the beneficial, a waste use time slot for regarding the electrical consumption in the waste use time slot as the waste, and an efficiency improvement time slot for regarding the electrical consumption in the efficiency improvement time slot as the electrical consumption to be reduced. On the basis of the data of an amount of the electrical consumption of the device to be monitored, calculating an amount of the electrical consumption in each the time slot and displaying an amount of the electrical consumption in each time slot are preformed.

Abstract: A power control system controls electric devices so as to consume a power generated by a self-generated power facility using a natural energy, which is provided with a surplus power detection unit that detects the surplus portion of power generated by the self-generated power facility, and a device control unit that controls the operation of a plurality of electric devices. When the surplus power detection unit detects the surplus power, the device control unit controls one or more of a plurality of electric devices to perform predetermined operations so as to consume the surplus power.

Abstract: The present invention provides mobile terminals with various types of services such as electronic commerce service, music delivery service, and position information service. User applications required for the electronic commerce service, music delivery service, and position information service are respectively configured as service objects each having a server facility, and further a local gateway is provided, whereby various types of services can be used through a browser.

Abstract: In the key management software having a key database with a tree structure, a high-speed data encryption/decryption process is achieved by changing the tree structure without reducing the security strength when deleting or adding a key from/to the tree structure. The key management software having the key database with the tree structure, when deleting or adding a key from/to the tree structure, refers to the encryption strength comparison table and the process time comparison table to change the tree structure without reducing the security strength. This reduces the number of times an encrypted key is loaded onto the encryption/decryption processing device during the data encryption/decryption process, thus achieving a high-speed data encryption/decryption.

Abstract: A method manages optional trusted components that are active within a device, such that the device itself controls the availability of trusted components. The device includes: a storing unit storing a plurality of pieces of software and a plurality of certificates; a receiving unit receiving the certificates; and a selecting unit selecting one of the certificates. The device further includes an executing unit verifying an enabled one of the plurality of pieces of software using the selected and updated one of the certificates.

Abstract: A method to allow a device to boot in a secure fashion, even though some of the components within the secure device's firmware may be not present, not authorised, or not correctly operating.

Abstract: Provided is a data storage device capable of safely and effectively updating software of a home electric apparatus. In the home electric apparatus (100) in which currently used data is to be updated to new data, a reception unit (140) receives encrypted new data and a serial number of data to be updated. A key generation unit (112) generates a key by executing a predetermined irreversible calculation on the unique information correlated to the currently used data by a number of times based on the serial number of the data to be updated. An update unit (113) decrypts the new data by using the key.