Abstract: A secure device is provided that can store programs therein, the secure device including: a low-protection level storage unit; a high-protection level storage unit; a program acquiring unit that acquires a program and corresponding additional information, the additional information used for determining a storage destination of the acquired program; an additional information analyzing unit that stores the acquired program in one of the low-protection level storage unit and the high-protection level storage unit, according to additional information; an area searching unit; a protection level judging unit; and a program storing unit.

Abstract: A system includes of a main device and a recording medium device. The main device includes a reception unit that receives a digital work from an external distribution server, an internal storage area for storing the digital work, a playback unit that plays back the digital work, and a unique information storage area for storing information that is unique to the main device. The main device also includes an encryption unit that encrypts the digital work using the unique information, a decryption unit that decrypts, using the unique information, the encrypted digital work having been read from the recording medium device, a write unit that writes the encrypted digital work into the recording medium device which is portable, and a read unit that reads the encrypted digital work from the recording medium device.

Abstract: Disclosed is a digital work protection system enabling a content distributor to flexibly define usage patterns of content permitted for users. The system is composed of a recording device and a playback device. The recording device acquires a digital work, range information showing a permission range within which the digital work is permitted to be used, and a subrange key for each subrange, generates an encryption key using all the acquired subrange keys, encrypts the digital work based on the encryption key to generate encryption information, and writes the encryption information and the range information to a recording medium. The playback device reads the range information and the encrypted information from the recording medium, acquires a subrange key for each subrange, generates a decryption key using all the acquired subrange keys, decrypts the encrypted information based on the decryption key to generate a digital work, and plays the digital work.

Abstract: A system includes of a main device and a recording medium device. The main device includes a reception unit that receives a digital work from an external distribution server, an internal storage area for storing the digital work, a playback unit that plays back the digital work, and a unique information storage area for storing information that is unique to the main device. The main device also includes an encryption unit that encrypts the digital work using the unique information, a decryption unit that decrypts, using the unique information, the encrypted digital work having been read from the recording medium device, a write unit that writes the encrypted digital work into the recording medium device which is portable, and a read unit that reads the encrypted digital work from the recording medium device.

Abstract: The present invention aims to provide an information security apparatus that counters a simple power analysis attack (SPA) on an information security apparatus such as an RSA cryptosystem. The information security apparatus uses a multiplication with 1 in a Montgomery domain. 1 in the Montgomery domain is determined depending on a modulus and an integer k, which is greater than a number of bits of a modulus p. Therefore, it is hard for attackers who do not know p or k to analyze. Also, even if an analyzer can predict the Hamming weight, it is possible to further improve the safety against the SPA by modifying k or the modulus at random.

Abstract: A data protection system is provided that reduces, to a degree, the amount of encrypted data that is distributed to a plurality of terminals. In the data protection system a terminal whose decryption keys are exposed by a dishonest party is made to be unable to decrypt the data correctly, while other terminals are able to decrypt the data correctly. The data protection system includes a plurality of terminals, and an encryption device that encrypts distribution data distributed to each terminal. Each terminal is corresponded with one node on a lowest level of a 4-ary tree structure or the like having a plurality of hierarchies.

Abstract: Provided is an information security apparatus (1100) that has enhanced stability and confidentiality of a hash key. The information security apparatus (1100) includes an information generating PUF unit (1104) that has tamper resistance set, using physical characteristics, so as to output a preset hash key, a partial error-correction information storage unit (1107) that stores partial error-correction information, an error correcting PUF unit (1106) that has tamper-resistance set, using physical characteristics, so as to output error-correcting PUF information, an error-correction information generating unit (1108) that generates error-correction information using partial correction information and the error-correcting PUF information, and an error correcting unit (1105) that corrects an error for the hash key outputted from the information generating PUF unit (1104) and outputs an error-corrected hash key.

Abstract: An information security device is provided that, when information is circulated through a chain, permits changing of a usage rule for the information or collection (deletion) of the information after the circulation. An information security device (200) includes: a receiving unit (201) that receives a content and a collection command; a content storing unit (202) that stores a content and its usage rule; a collection command confirmation unit (203) that checks the validity of a received collection command; a content deletion unit (204) that deletes a content; a chain information storage unit (205) that stores chain information containing sending and receiving information of a content; a destination list storage unit (206); a sending unit (207) that sends a content and a collection command; and a control unit (208) that controls the processing for a collection command. When a collection command is sent after content distribution, the content can be collected (deleted) in the destination of circulation.

Abstract: Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from th

Abstract: A problem to be solved is that a conventional device is not equipped with a unit that enables efficient circuit update taking into consideration an unconfigured area in the reconfigurable circuit in the device. A data using device 101 of the present invention transmits, to a design data generation apparatus 102, device information relating to functions and structures of circuits included in the data using device 101, and receives design data generated by the design data generation apparatus 102. The data using device 101 updates the function thereof based on the received design data. With this structure, the present invention can provide the data using device 101 and the design data generation apparatus 102 that are capable of managing the configuration of the circuits in the data using device 101, and acquiring properly the data to update the function thereof.

Abstract: Provided are a utilization apparatus, a server apparatus, and a key utilization system which enable the utilization apparatus to control deletion of the old key without using a secure clock and allow encrypted communications irrespective of whether the accessed server has updated its key or not. In key utilization system 1, one or more server apparatuses 5-1 to 5-n each provide service to an apparatus having an apparatus key corresponding with a server key. Update apparatus 2 distributes an update server key to each server apparatus and a new apparatus key to key utilization apparatus 3. CRL distribution apparatus 4 distributes to key utilization apparatus 3 a CRL indicating one or more server apparatuses which have completed key-updating. Key utilization apparatus 3 holds both the old and new apparatus key, judges whether the server apparatuses monitored using the CRL have completed key-updating, and if affirmative, deletes the old apparatus key.

Abstract: An authenticator apparatus which makes it difficult for an unauthorized user to masquerade and enhances safety includes an authenticating information holding unit (102) previously stores characteristic information indicating an input and output characteristic involving an environment change of an authentic authenticatee apparatus entitled to be authentic, an authenticating information transmitting unit (107) which transmits authenticating information to a portable medium (2), a response information receiving unit (108) which receives response information outputted from the portable medium (2) in response to an input of the authenticating information, an environment selecting unit (105) which identifies an environment of the portable medium (2), and a response information confirming unit (109) which determines whether or not the authenticating information and the response information satisfy the input and output characteristic indicated in the characteristic information stored in the authenticating information

Abstract: In a system for transmitting/receiving information, each of users of terminals subjectively determines a direct evaluation value of a party that the user knows personally and so on. Since the direct evaluation value determined in this way changes depending on the subjective evaluation criterion, the direct evaluation value is not generated based on the single evaluation criterion. In view of this, a terminal device 100A according to the present invention prestores therein content evaluation values respectively corresponding to pieces of content data that are stored therein. When transmitting a piece of content data to a terminal device, the terminal device 100A generates an entity evaluation value of the terminal device that is a transmission destination based on a content evaluation value of the transmitted piece of content data.

Abstract: A signature generating device for generating digital signature data that certifies authenticity of information of a person, and making the information obfuscated.

Abstract: A copyright protection system includes a recording device and a reproduction device. The recording device writes encrypted content, an encrypted content key for decrypting the encrypted content, and license information on a recording medium on which a unique media number has been recorded in an unrewritable state. The license information is generated using both the media number and the encrypted content key, and therefore reflects both values. The reproduction device reads the media number, the encrypted content key, and the license information from the recording medium, and judges whether the license information reflects both the media number and the encrypted content key. The reproduction device decrypts the encrypted content key, and decrypts the encrypted content using the content key only if the license information reflects both values. Thus, the copyright protection system allows only original recording media to be reproduced, and prohibits reproduction of copy recording media.

Abstract: A key delivery apparatus that prevents improper use of contents, and manages a decryption key for decrypting encrypted content and a suppliable number showing how many times the decryption key is suppliable, with respect to one or more terminal apparatuses connected to a network. The key delivery apparatus receives a supply request for the decryption key from a terminal apparatus, and if the terminal apparatus is a legitimate supply target, judges whether the terminal apparatus is a first-type that manages a content-usage period or a second-type that does not manage the content-usage period, and if the suppliable number has a remaining number, supplies to the terminal apparatus, the decryption key and a key-usage period of the decryption key when judged that the terminal apparatus is the first-type and the decryption key when judged that the terminal apparatus is the second-type.

Abstract: A device registration system including a server which holds content and a terminal apparatus which uses content, whereby the terminal apparatus is registered in the server if a communication time between the terminal apparatus and the server is less than or equal to a reference value. A measuring unit of the server measures the communication time, being a time period from transmitting measuring information to the terminal apparatus until receiving response information from the terminal apparatus, and repeats the transmission, the reception, and the measurement until the measured communication time is less than or equal to the reference value. An elapsed-time measuring unit measures an elapsed time from when the measuring unit first begins measuring the communication time, and a transmission unit transmits, to the terminal apparatus, status notification information showing a processing status which depends on the elapsed time.

Abstract: The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: A device registration system for registering a terminal device for obtaining and using contents in a server that stores contents. The server stores a contents list indicating contents stored and a registration list for registering specific information to the terminal device. The server receives the specific information and transmits the contents list to the terminal device. The terminal device receives a selection of a content from the contents list according to input by a user and requests the server to transmit the selected content. When the specific information to the terminal device of the request source is not registered in the registration list, the server performs a registration process and transmits the requested content to the terminal device.

Abstract: An authentication system, including a service use device 1 which presents blurred information obtained by blurring certification information desired to be certified, service providing devices 3a to 3c which verify the validity of blurred information presented by the service use device 1, and an authentication device 2 which supports the service use device 1 to issue valid blurred information. The authentication device 2 adds a digital signature to information including certification information and blurred information, and generates authentication information including the obtained digital signature, certification information, and blurred information (S2). The service use device 1 generates, based on the authentication information generated in the authentication device 2, blurred authentication information including blurred information selected according to an instruction from a user, instruction information representing the instruction, and a digital signature (S4).