Abstract: According to an embodiment, a tuner unit, a managing unit, a private code verifying unit, an application origin verifying unit, and a device operation command processing unit. The tuner unit is configured to perform a decoding process of a broadcast program and program related information from broadcasting waves. The managing unit is configured to store a private code on a device-by-device basis. The private code verifying unit is configured to verify whether the private code obtained from an information manipulation device matches with the stored private code. The application origin verifying unit is configured to determine whether first origin information that has been received matches with second origin information of the application being executed. The device operation command processing unit is configured to allow execution of the device operation command when the first origin information and the second origin information match and when the private codes match.

Abstract: According to one embodiment, an information processing apparatus includes a processor and a memory. The processor operates in a first state and a second state. The memory includes a first region and a second region. A first program code is written in the second region. The first program code is executed when a call of the function provided by an operation system is invoked. A second program code is written in the first region. The processor executes the second program code to replace a first instruction included in the first program code with a second instruction. The second instruction is for switching the second state and the first state.

Abstract: According to an embodiment, an information processing device is connectable to a peripheral device and includes a buffer, a first operating system, a second operating system, and a monitor. The monitor is configured to enable the first operating system or the second operating system to execute in a switching manner. The monitor includes a switching controller that, when the second operating system issues an access request to the peripheral device, saves a state of the second operating system and suspends its execution as well as restores a state of the first operating system and restarts its execution. The first operating system includes a request input-output controller that reads the access request from the buffer, that divides the read access request into instructions in receivable units for the peripheral device, and that issues each instruction. The first operating system includes an access controller that accesses the peripheral device according to the instructions.

Abstract: An information operating device has a first connection unit, a second connection unit, a machine operating command for operating the information output device and a usage certificate certifying that the machine operating web application, a domain name attacher to attach a domain name of the first communication device, when the connection is established by the second connection unit to transmit the machine operating command for operating the information output device using the connection, an application executing unit to execute the PIN code input web application acquired from the first communication device through the first connection unit, an encryption information generator to generate encryption information and transmit it to the information output device, and a client processing unit to transmit the usage certificate and the encryption information to the information output device through the second connection unit.

Abstract: According to an embodiment, an information processing apparatus includes a banked register determiner and a saving register determiner. The banked register determiner is configured to hold register information indicating which of a banked register and a non-banked register a register which is used by the operating system is, receive an acquisition instruction for the non-banked or banked register and the information about the mode of the operating system, and return a list of the non-banked or banked registers. The saving register determiner is configured to acquire the mode in which the operating system is capable of operating, determine that saving of the banked register for the mode is necessary when another operating system is capable of operating in the mode, acquire a list of the banked registers, and acquire a list of the non-banked registers from the banked register determiner.

Abstract: According to an embodiment, an information processing device includes an event processor and a first determining unit. The event processor includes an event detecting unit. The event detecting unit is configured to detect an event and suspend execution of the event. The first determining unit registering unit is configured to register the first determining unit when stored first identification information and identification information of the first determining unit match with each other. The first determining unit includes a second determining unit. The second determining unit registering unit is configured to register a second application as a second determining unit when the verification of a signature of the second application is successful. The event detecting unit cancels suspending of the event and executes the event when the result of determination indicates permission of the execution.

Abstract: According to an aspect of the embodiment, an information processing unit includes a browser unit that receives page files and execute a web application; an application range management unit that receives application range information at the start of execution of the web application, and stores that information in a memory unit; a termination detecting unit that, when the page file being processed by the browser unit changes, determines whether or not the web application being executed has terminated depending on whether or not the new page file is included in the application range information; a usability determining unit that determines whether or not an add-on for which a call request is issued is allowed to be used in the web application being executed; and an add-on calling unit that calls an add-on when determined that the add-on is allowed to be used in the web application being executed.

Abstract: According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes the protected program in a secure mode. The processor places a code region and a protected data region in the protected program which was decoded in a memory region having an access restriction by using the first program. When an access to the protected data region is confirmed, the processor confirms by using the second program that the access is caused by a command from the code region placed by the first program, and then, executes the command.

Abstract: According to an embodiment, an information processing device is connectable to a peripheral device and includes a buffer, a first operating system, a second operating system, and a monitor. The monitor is configured to enable the first operating system or the second operating system to execute in a switching manner. The monitor includes a switching controller that, when the second operating system issues an access request to the peripheral device, saves a state of the second operating system and suspends its execution as well as restores a state of the first operating system and restarts its execution. The first operating system includes a request input-output controller that reads the access request from the buffer, that divides the read access request into instructions in receivable units for the peripheral device, and that issues each instruction. The first operating system includes an access controller that accesses the peripheral device according to the instructions.

Abstract: In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree.

Abstract: According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area.

Abstract: An energy management system has an application storage, an application executing unit, a plurality of network interfaces, a policy setting unit configured to set whether each application should be permitted to access each of the network interfaces, a policy storage configured to store identification information for each application set by the policy setting unit, and access permit/inhibit information showing whether the application is permitted to access each of the network interfaces, an I/F management unit managing a correspondence relationship between a network address and each of the network interfaces, and to specify a network interface used by the application executed by the application executing unit, and an access controller configured to judge whether the application executed by the application executing unit is permitted to access the network interface to be used thereby, based on the access permit/inhibit information stored in the policy storage.

Abstract: According to one embodiment, an apparatus includes a receiver, a requesting controller, a substitution operation controller, a reflection controller, and an access controller. The receiver receives protection area information transmitted from a first application. The protection area information describes a protection area within storage. The requesting controller requests a second application to register first data based on the protection area information in a data file within a nonvolatile memory device. The substitution operation controller attempts to register the first data in the data file. The reflection controller reflects the protection area information in a kernel setting. The access controller controls access to data within the storage based on the kernel setting.

Abstract: According to an embodiment, a broadcast receiving device includes a tuner, an acquirer, a signature executor, a first interface, a command receiver, and a transmitter. The tuner is configured to receive broadcast waves containing information identifying a broadcast program, a broadcast program, and a viewing certificate certifying that a specific broadcast program has been received. The acquirer is configured to acquire the viewing certificate from the broadcast waves received by the tuner. The signature executor is configured to sign the acquired viewing certificate by using a key. The first interface is connected to an external device via a network. The command receiver is configured to receive a command for acquiring the viewing certificate from the external device. The transmitter is configured to transmit the viewing certificate to which the signature is applied to the external device that has issued the acquisition command.

Abstract: According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area.

Abstract: According to an embodiment, an information processing apparatus includes a secure OS, a non-secure OS, and a monitor. The monitor is configured to switch between the OSs. The secure OS includes a memory protection setting controller, a processing determination controller, and a secure device access controller. The memory protection setting controller is configured to set a protection address in a memory for each certain processing. The processing determination controller is configured to receive an access type, a physical address of an access destination, and data to be written, acquire a list of processing, and determine a type of processing to be performed. The secure device access controller is configured to receive the access type, the physical address of an access destination, and data to be written, and access a peripheral identified by the physical address.

Abstract: According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes the protected program in a secure mode. The processor places a code region and a protected data region in the protected program which was decoded in a memory region having an access restriction by using the first program. When an access to the protected data region is confirmed, the processor confirms by using the second program that the access is caused by a command from the code region placed by the first program, and then, executes the command.

Abstract: An application information reader acquires identification information about an application capable of operating an operation target device. An operation application executer executes the application corresponding to the identification information. A device information manager performs authentication with the target device using authentication information, and stores the authentication information when the authentication is successful. A token manager stores a certificate indicating a permission of the operation of the target device. A token receiver requests a token delivery device to generate the certificate corresponding to the authenticated target device; receives the generated certificate; and stores the generated certificate in the token manager. A transmitter transmits, to the target device, a device operation instruction requested from the executed application, the authentication information, and the certificate.

Abstract: According to an embodiment, an information processing apparatus includes a banked register determiner and a saving register determiner. The banked register determiner is configured to hold register information indicating which of a banked register and a non-banked register a register which is used by the operating system is, receive an acquisition instruction for the non-banked or banked register and the information about the mode of the operating system, and return a list of the non-banked or banked registers. The saving register determiner is configured to acquire the mode in which the operating system is capable of operating, determine that saving of the banked register for the mode is necessary when another operating system is capable of operating in the mode, acquire a list of the banked registers, and acquire a list of the non-banked registers from the banked register determiner.

Abstract: According to an embodiment, a device includes a processor unit, a control unit, a setting unit, a writing unit, and an executing unit. The processor unit is configured to switch between secure and non-secure modes, read/write data from/to a memory unit, and write an OS execution image of a secure OS unit to the memory unit. The setting unit is configured to set a shared memory area allowing reading and writing in both modes and an execution module memory area allowing reading and writing in the secure mode but not allowing reading or writing in the non-secure mode with respect to the control unit. The writing unit is configured to write an execution module to be executed in the secure OS unit to the shared memory area. The executing unit is configured to execute the execution module that has been written to the execution module memory area.