Abstract: In the method for sharing encrypted data region among two or more processes on a tamper resistant processor, one process creates the encrypted data region to be shared according to the common key generated as a result of the safe key exchange, and the other process maps that region to its own address space or process space. The address information of the shared encrypted data region and the common key of each process are set in relation in the encrypted attribute register inside the tamper resistant processor, so that it is possible to share the encrypted data region safely.

Abstract: A tamper resistant microprocessor has a task state table for assigning a task identifier to a task that can take a plurality of states, and storing a state of the task in correspondence to the task identifier; a task register for storing the task identifier of a currently executed task; an interface for reading a program stored in a form encrypted by using a program key at an external memory, in units of cache lines, when a request for the task is made; an encryption processing unit for generating decryption keys that are different for different cache lines, according to the program key, and decrypt a content read by the interface; a cache memory formed by a plurality of cache lines each having a tag, for storing the task identifier corresponding to a decryption key used in decrypting each cache line in the tag of each cache line; and an access check unit for comparing the task identifier stored in the tag of each cache line with a value of the task register, and discarding a content of each cache line when t

Abstract: A tamper resistant microprocessor has a task state table for assigning a task identifier to a task that can take a plurality of states, and storing a state of the task in correspondence to the task identifier; a task register for storing the task identifier of a currently executed task; an interface for reading a program stored in a form encrypted by using a program key at an external memory, in units of cache lines, when a request for the task is made; an encryption processing unit for generating decryption keys that are different for different cache lines, according to the program key, and decrypt a content read by the interface; a cache memory formed by a plurality of cache lines each having a tag, for storing the task identifier corresponding to a decryption key used in decrypting each cache line in the tag of each cache line; and an access check unit for comparing the task identifier stored in the tag of each cache line with a value of the task register, and discarding a content of each cache line when t

Abstract: Under a multi-task environment, a tamper resistant microprocessor saves a context information for one program whose execution is to be interrupted, where the context information contains information indicating an execution state of that one program and the execution code encryption key of that one program. An execution of that one program can be restarted by recovering the execution state of that one program from the saved context information. The context information can be encrypted by using the public key of the microprocessor, and then decrypted by using the secret key of the microprocessor.

Abstract: In the method for sharing encrypted data region among two or more processes on a tamper resistant processor, one process creates the encrypted data region to be shared according to the common key generated as a result of the safe key exchange, and the other process maps that region to its own address space or process space. The address information of the shared encrypted data region and the common key of each process are set in relation in the encrypted attribute register inside the tamper resistant processor, so that it is possible to share the encrypted data region safely.

Abstract: A scheme for distributing executable programs through a network from a program distribution device to a client device having a tamper resistant processor which is provided with a unique secret key and a unique public key corresponding to the unique secret key in advance is disclosed. In this scheme, a first communication path is set up between the program distribution device and the client device, and a second communication path directly connecting the program distribution device and the tamper resistant processor is set up on the first communication path. Then, the encrypted program is transmitted from the program distribution device to the tamper resistant processor through the second communication path.

Abstract: In an inner memory type tamper resistant microprocessor, a requested secret protection attribute requested for each access target memory page by a task is set and stored exclusively from other tasks, at a time of reading a program into memory pages and executing the program as the task, and a memory secret protection attribute is set and stored for each access target memory page by the task, at a time of executing the task. Then, an access to each access target memory page is refused when the requested secret protection attribute for each access target memory page and the memory secret protection attribute for each access target memory page do not coincide.

Abstract: In a microprocessor that internally has a microprocessor specific secret key, a key management unit is provided to carry out a key registration for reading out from an external memory a distribution key that is obtained in advance by encrypting the instruction key by using a public key corresponding to the secret key, decrypting the distribution key by using the secret key to obtain the instruction key, and registering the instruction key in correspondence to a specific program identifier for identifying the program into a key table, and to notify a completion of the key registration to the processor core asynchronously by interruption when the key registration is completed.

Abstract: In a microprocessor, a program key for decrypting a program and a data key for encrypting/decrypting data processed by the program are handled as cryptographically inseparable pair inside the microprocessor, so that it becomes possible for the microprocessor to protect processes that actually execute the program, without an intervention of the operating system, and it becomes possible to conceal secret information of the program not only from the other user program but also from the operating system.

Abstract: In a microprocessor, a program key for decrypting a program and a data key for encrypting/decrypting data processed by the program are handled as cryptographically inseparable pair inside the microprocessor, so that it becomes possible for the microprocessor to protect processes that actually execute the program, without an intervention of the operating system, and it becomes possible to conceal secret information of the program not only from the other user program but also from the operating system.

Abstract: According to some embodiments, systems and methods for binding dynamic host configuration and network access authentication are provided related to, inter alia, interactions between a PAA (PANA Authentication Agent) and a DHCP (Dynamic Host Configuration Protocol) server, such as, e.g., for synchronization between the PANA SA state and the DHCP SA state, such as, e.g., maintaining synchronization when a connection is lost. In some embodiments, systems and methods for binding network bridge and network access authentication are also provided related to, inter alia, interactions between a PAA and a layer-2 switch, such as, e.g., for avoiding service thefts and the like (such as, e.g., MAC address and/or IP address spoofing) in the context of, e.g., the above. In some other embodiments, systems and methods for bootstrapping multicast security from network access authentication protocol are also provided related to, inter alia, key management for protected IP multicast streams, such as, e.g.

Abstract: A radio terminal or gateway capable of executing the AV/C protocol on the datalink protocol which starts communications after setting up a logical channel on a radio network is disclosed. The radio terminal or gateway transfers data packets according to the stored correspondence information among the protocol identifier, the channel identifier that is set up for the radio terminal or gateway, and the channel identifier that is set up for a correspondent radio terminal or gateway, where the correspondence information is obtained through an exchange of signaling packets containing the channel identifier indicating a logical channel that is set up for transferring the data packets and the protocol identifier indicating the AV control protocol.

Abstract: Under a multi-task environment, a tamper resistant microprocessor saves a context information for one program whose execution is to be interrupted, where the context information contains information indicating an execution state of that one program and the execution code encryption key of that one program. An execution of that one program can be restarted by recovering the execution state of that one program from the saved context information. The context information can be encrypted by using the public key of the microprocessor, and then decrypted by using the secret key of the microprocessor.

Abstract: Under a multi-task environment, a tamper resistant microprocessor saves a context information for one program whose execution is to be interrupted, where the context information contains information indicating an execution state of that one program and the execution code encryption key of that one program. An execution of that one program can be restarted by recovering the execution state of that one program from the saved context information. The context information can be encrypted by using the public key of the microprocessor, and then decrypted by using the secret key of the microprocessor.

Abstract: Systems and methods are described for secure and seamless roaming between internal and external networks. Double and triple tunnels may be used to connect a mobile node to a correspondent host. A mobile node may include the ability to connect to two networks simultaneously to enable seamless roaming between networks.

Abstract: A wireless network system capable of controlling highly efficient transfer of AV data by an upper application, using information indicating a wireless link condition that varies dynamically is disclosed. In this wireless network system, a wireless terminal and a wire gateway apparatus each store collected wireless link condition information in a descriptor. An upper application on the wireless terminal reads the descriptor at said terminal device and obtains wireless LAN link condition information. The wireless gateway apparatus makes notification to a wireless terminal of a VTR, for example, that actually exists in a 1394 terminal as if it existed as a sub-unit in the local terminal device. The wireless terminal accesses the collected wireless link condition information and selects a AV/C command to be sent to the VTR sub-unit of the wireless gateway apparatus. The wireless terminal transfers the play command for playback to the wireless gateway apparatus.

Abstract: A radio terminal or gateway capable of executing the AV/C protocol on the datalink protocol which starts communications after setting up a logical channel on a radio network is disclosed. The radio terminal or gateway transfers data packets according to the stored correspondence information among the protocol identifier, the channel identifier that is set up for the radio terminal or gateway, and the channel identifier that is set up for a correspondent radio terminal or gateway, where the correspondence information is obtained through an exchange of signaling packets containing the channel identifier indicating a logical channel that is set up for transferring the data packets and the protocol identifier indicating the AV control protocol.

Abstract: A radio terminal or gateway capable of executing the AV/C protocol on the datalink protocol which starts communications after setting up a logical channel on a radio network is disclosed. The radio terminal or gateway transfers data packets according to the stored correspondence information among the protocol identifier, the channel identifier that is set up for the radio terminal or gateway, and the channel identifier that is set up for a correspondent radio terminal or gateway, where the correspondence information is obtained through an exchange of signaling packets containing the channel identifier indicating a logical channel that is set up for transferring the data packets and the protocol identifier indicating the AV control protocol.

Abstract: In an inner memory type tamper resistant microprocessor, a requested secret protection attribute requested for each access target memory page by a task is set and stored exclusively from other tasks, at a time of reading a program into memory pages and executing the program as the task, and a memory secret protection attribute is set and stored for each access target memory page by the task, at a time of executing the task. Then, an access to each access target memory page is refused when the requested secret protection attribute for each access target memory page and the memory secret protection attribute for each access target memory page do not coincide.

Abstract: In the method for sharing encrypted data region among two or more processes on a tamper resistant processor, one process creates the encrypted data region to be shared according to the common key generated as a result of the safe key exchange, and the other process maps that region to its own address space or process space. The address information of the shared encrypted data region and the common key of each process are set in relation in the encrypted attribute register inside the tamper resistant processor, so that it is possible to share the encrypted data region safely.