Abstract: In order to allow a user to backup data, a backup system is used to transfer data from an information terminal to a backup device via a relay device. The information terminal includes a storing unit storing the data to be backed up, and includes a communication unit transmitting the data to the relay device and transferring condition information indicating a condition to be satisfied by the relay device. Further, the relay device includes (i) a storing unit storing information relating to transfer destination devices, (ii) a receiving unit receiving the data and the transfer condition information, and (iii) a transfer control unit selecting a transfer destination device that satisfies the condition indicated by the transfer condition information, and controlling transfer of the received data in accordance with the selection. The backup device includes a receiving unit receiving the data transferred by the relay device, and a storing unit storing the received data.

Abstract: A processing apparatus is connected to a network and has a content recording/playback function. The processing apparatus stores therein, in correspondence, (i) statuses of the recording/playback process and (ii) computer virus-handling processes to be performed if a detection unit detects a computer virus. If the computer virus is detected, the processing apparatus performs one of the computer virus-handling processes in correspondence with one of the statuses of the recording/playback processes.

Abstract: A measurement device includes: a first measurement unit (101) measuring first biological data at least k times (k?2) to obtain any k first measurement values; a distributed-signature generation unit (104) executing signature operations for the k first measurement values using any various k distributed-signature keys, respectively, to generate k distributed signatures, where the k distributed-signature keys can reconstruct a signature generation key only when all of them are available; a signature synthesis unit (106) synthesizing the k distributed signatures together to reconstruct a signature; and a steady state verification unit (107) verifying, using a signature verification key corresponding to the signature generation key, whether or not the signature reconstructed by the signature synthesis unit is correct, where the correctness of the signature means that the k first measurement values are same values.

Abstract: Processing load on an executing device for conducting playback is high during the playback of contents since the executing device performs verification of the contents validity in parallel with the contents playback, and therefore the executing device has to be equipped with a highly efficient processor. The present invention reduces the processing load involved in the verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on the DVD. In addition, the present invention is capable of improving the accuracy of detecting unauthorized contents to some extent by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: The present invention provides an encryption apparatus that prevents plaintext data from leaking even if accumulated data is analyzed, while preventing the size of encrypted data from increasing. An encryption apparatus for encrypting a data piece that is smaller than a unit length for encryption performs the following: storing management information indicating a used area within an encryption area defined based on the unit length, the used area being an area already used for encryption; when encrypting a new data piece that is smaller than the unit length, generating encrypted data by adding the new data piece to an unused area within the encryption area with reference to the management information, the unused area being an area not used for encryption; and updating the management information to include an area for the new data piece into the used area, after generating the encrypted data.

Abstract: A portable data sensor tag (2), includes a memory (24), a data communication circuit (20) which receives a wireless activation signal from an external terminal, and, in an operation using electromotive force generated by the received activation signal, receives an encryption key from the external terminal and stores the received encryption key into the memory (24), a power source (23) which supplies power, an insulator (27) which switches a power supply from the power source (23) from off to on; and a sensor circuit (22) which reads the encryption key from the memory (24), encrypts measured data using the read encryption key, and stores the encrypted measurement data into the memory (24), the sensor circuit operating using the power supplied from the power source (23) after the power supply from the power source (23) is switched on.

Abstract: A content distribution system distributes contents. The content distribution system includes a key issuing center, a server, eight output apparatuses, and a communication path that connects them to each other. The key issuing center and each of the output apparatuses are previously given an individual key shared between them. For example, the key issuing center shares individual key IKa with an output apparatus, individual key IKb with an output apparatus, and individual key IKh with an output apparatus.

Abstract: A distributing device for generating private information correctly even if shared information is destroyed or tampered with. A shared information distributing device for use in a system for managing private information by a secret sharing method, including: segmenting unit that segments private information into a first through an nth pieces of shared information; first distribution unit that distributes the n pieces of shared information to n holding devices on a one-to-one basis; and second distribution unit that distributes the n pieces of shared information to the n holding devices so that each holding device holds an ith piece of shared information distributed by the first distribution unit, as well as a pieces of shared information being different from the ith piece of shared information in ordinal position among n pieces of shared information, “i” being an integer in a range from 1 to n.

Abstract: Provided is a health care system including a key management server that receives from a server a request for a decryption key, with first identification information identifying a measuring apparatus, second identification information identifying vital sign data, and third identification information identifying the server. The key management server generates the decryption key using the first identification information, and stores fourth identification information identifying a server predetermined as a destination of the decryption key, and fifth identification information indicating the category of the vital sign data in correspondence with the fourth identification information. The key management server transmits the decryption key to the server, when the received third identification information matches the fourth identification information, and the received second identification information matches the fifth identification information.

Abstract: An update server 200 acquires, from an apparatus 100, a result of verifications relating to tampering of a protection control module 120 and each of install modules included in an install module group 130. The update server 200 determines a processing procedure of the apparatus 100 depending on the acquired result of verifications. Specifically, if it is judged that the protection control module 120 and each of the install module are unauthentic, the update server 200 transmits, to the apparatus 100, an instruction to perform updating of the unauthentic protection control module 120 in preference to revocation of the unauthentic install module.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.

Abstract: To aim to provide an information security device capable of reducing a period necessary for performing a power operation used for secret communication or authentication. The information security device performs secret communication or authentication by calculating an exponentiation X?d based on target data X and a secret value d using the window method. In the process of calculating the exponentiation X?d, immediately after square of a random value R acquired for multiplication is repeatedly performed a predetermined number of times, for example 256 times, a result of square of the random value R is cancelled using a cancellation value S (=R?(?2?256)). This makes it unnecessary to perform cancellation processing that has been conventionally performed.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: An executing device conducts playback of contents. The executing device is equipped with a highly efficient processor and reduces the processing load involved in verification by using, for the verification, only a predetermined number of encrypted units selected randomly from multiple encrypted units constituting encrypted contents recorded on a DVD. In addition, the executing device is capable of improving the accuracy of detecting unauthorized contents by randomly selecting a predetermined number of encrypted units every time the verification is performed.

Abstract: A data encryption apparatus reduces a hardware gate scale over that of conventional technology which uses substitution tables, and realizes high scrambling performance. The data encryption apparatus includes a data converting unit that splits 256-bit input data into 32-bit data blocks A1, B1, A2, and B2. A first combining unit (43) performs an exclusive OR operation on A1 and B1, and on A2 and B2. A first scramble unit (44) branches A1, A2, and the results of the exclusive OR operations (C1 and C2) into three data blocks each, and for each set of three data blocks, shift-rotates two of the data blocks and combines the shifted data blocks with the remaining data block. A second combining unit (45) performs an exclusive OR operation on D1 and E2, and on D2 and E1, which are the results of the processing performed by the first scramble unit (44). A block concatenating unit (46) concatenates the results of the operations performed by the second combining unit (45).

Abstract: Provided is an information security apparatus (1100) that has enhanced stability and confidentiality of a hash key. The information security apparatus (1100) includes an information generating PUF unit (1104) that has tamper resistance set, using physical characteristics, so as to output a preset hash key, a partial error-correction information storage unit (1107) that stores partial error-correction information, an error correcting PUF unit (1106) that has tamper-resistance set, using physical characteristics, so as to output error-correcting PUF information, an error-correction information generating unit (1108) that generates error-correction information using partial correction information and the error-correcting PUF information, and an error correcting unit (1105) that corrects an error for the hash key outputted from the information generating PUF unit (1104) and outputs an error-corrected hash key.

Abstract: An information security device is provided that, when information is circulated through a chain, permits changing of a usage rule for the information or collection (deletion) of the information after the circulation. An information security device (200) includes: a receiving unit (201) that receives a content and a collection command; a content storing unit (202) that stores a content and its usage rule; a collection command confirmation unit (203) that checks the validity of a received collection command; a content deletion unit (204) that deletes a content; a chain information storage unit (205) that stores chain information containing sending and receiving information of a content; a destination list storage unit (206); a sending unit (207) that sends a content and a collection command; and a control unit (208) that controls the processing for a collection command. When a collection command is sent after content distribution, the content can be collected (deleted) in the destination of circulation.

Abstract: Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from th

Abstract: Provided are a utilization apparatus, a server apparatus, and a key utilization system which enable the utilization apparatus to control deletion of the old key without using a secure clock and allow encrypted communications irrespective of whether the accessed server has updated its key or not. In key utilization system 1, one or more server apparatuses 5-1 to 5-n each provide service to an apparatus having an apparatus key corresponding with a server key. Update apparatus 2 distributes an update server key to each server apparatus and a new apparatus key to key utilization apparatus 3. CRL distribution apparatus 4 distributes to key utilization apparatus 3 a CRL indicating one or more server apparatuses which have completed key-updating. Key utilization apparatus 3 holds both the old and new apparatus key, judges whether the server apparatuses monitored using the CRL have completed key-updating, and if affirmative, deletes the old apparatus key.

Abstract: An unauthorized apparatus detection device detecting clones of a playback device. In a management server, a reception processing unit acquires a user terminal identifier and a first random number of a user terminal, judges whether a second management server random number, which is stored in a storage unit in correspondence with the user terminal identifier, matches the first user terminal random number. If the two fail to match, a display unit displays a message indicating that a clone exists. If the two match, a terminal information generation unit generates a new random number, and writes the generated random number as the second random number in the storage unit. A transmission processing unit transmits the generated random number to the user terminal via a transmission/reception unit and the user terminal updates the first user terminal random number to the generated random number.