Abstract: In the telemedical system securely sharing encryption keys for enabling secure exchange of the encrypted biological data between the measurement terminal and the server to prevent the data from being stolen by the malicious third party, a service key is transferred to the second adapter attached to a measurement terminal from the server via the first adapter attached to the management apparatus. First, the first adapter attached to the management apparatus receives the service key from the server. Next, the first adapter is temporarily detached from the management apparatus and is attached to the measurement terminal to store the symmetric key. The first adapter is detached from the measurement terminal, and is attached to the management apparatus again. The service key received in the first adapter is encrypted using the symmetric key, and the encrypted key is transmitted to the second adapter attached to the measurement terminal.

Abstract: The management-apparatus card capable of being attached to a management apparatus receives, from the measuring apparatus, first unique information indicating the measuring apparatus, and identification information indentifying a user of the measuring apparatus; stores second unique information indicating the management-apparatus card; generates a decryption key corresponding to an encryption key, using the first unique information, the second unique information, and the identification information; stores the generated decryption key; receives encrypted vital sign data from the measuring apparatus; decrypts the received vital sign data using the stored decryption key; and obtains the decrypted vital sign data.

Abstract: Provided is a health care system including a key management server that receives from a server a request for a decryption key, with first identification information identifying a measuring apparatus, second identification information identifying vital sign data, and third identification information identifying the server. The key management server generates the decryption key using the first identification information, and stores fourth identification information identifying a server predetermined as a destination of the decryption key, and fifth identification information indicating the category of the vital sign data in correspondence with the fourth identification information. The key management server transmits the decryption key to the server, when the received third identification information matches the fourth identification information, and the received second identification information matches the fifth identification information.

Abstract: A content management system constructed by a plurality of storage apparatuses that can communicate with one another. A 1st storage apparatus, which is one of the storage apparatuses, stores therein, in correspondence, a content and copy destination information and sends the content and the copy destination information therefrom to a 2nd storage apparatus, which is another one of the storage apparatuses. Yet another one of the storage apparatuses that is indicated by the copy destination information stores therein, in correspondence, the content and copy source information and, after the 1st storage apparatus has sent the content and the copy destination information to the 2nd storage apparatus, rewrite the copy source information such that the copy source information indicates the 2nd storage apparatus.

Abstract: Resistance against simple power analysis is maintained while a smaller table is used. An IC card 100 decrypts encrypted information using elliptic curve calculation for calculating a point k*C by multiplying a point C on the elliptic curve E with a coefficient k that is a positive integer less that a prime p. The calculation of the point k*C is performed by adding a multiplication result obtained by multiplying a digit position (window) value w of the acquired coefficient k with the point C in a position corresponding to the digit position, and is performed with respect to all digit positions. When a non-negative integer exists that fulfills a condition that the acquired digit value w can be divided by 2t and cannot be divided by 2t+1, the multiplication includes adding a point obtained by multiplying a point Q with w/2t.

Abstract: An information processing apparatus is provided with a reconfigurable unit (101) in which a circuit can be reconfigured. The provision of a generation unit (103) enables the generation of design data of a circuit configured by the reconfigurable unit (101), and enables a reduction in the amount of design data to be held by a design data storage unit (102).

Abstract: In a server, an echo-request transmitting unit 204 transmits echo-request data to a target device, and an echo-reply receiving unit 205 receives echo-reply data from the target device. A time measuring unit 206 measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

Abstract: A deactivation method is for a system including a communication terminal, a secure device, and a management apparatus. An identification number and communication identification code are notified to the management apparatus while the secure device is attached to the communication terminal. The management apparatus holds the identification number and the communication identification code by correlating them, acquires an identification number of a secure device to be deactivated, when instructed to deactivate the secure device by an authentic owner of a right to use the secure device, extracts the communication identification code in accordance with the identification number, and transmits the deactivation authentication code to an apparatus identified by the extracted communication identification code. If the communication terminal receives the deactivation authentication code while the secure device is attached to it, the secure device is deactivated.

Abstract: A design data storage unit stores a plurality of pieces of design data. A judgment unit 203 judges whether a circuit for decrypting an encrypted content received from a content server 10 is realized in a reconfigurable unit 208, and judges whether a piece of the design data for realizing the circuit for decrypting the encrypted content is held. If the desired circuit is not realized in the reconfigurable unit 208 and the desired piece of the design data is not held, the desired piece of the design data is acquired from a design data server 30 via a network.

Abstract: The conventional method of limiting the number of receiving apparatus has a problem that if the limited number of appliances is reduced to limit distribution to unspecified appliances outside a home, distribution to appliances in the home is limited unnecessarily. If the limited number of appliances is increased, distribution to appliances outside the home cannot be sufficiently limited. The invention provides at least one receiving apparatus, (e.g., digital television sets and PCs,) connected to a network and capable of receiving and using predetermined data, and a transmitting apparatus, (e.g., an AV server) for transmitting the data to the receiving apparatus via the network. Use of the data on the network is managed based on the transmission time required for transmission of predetermined information between the transmitting apparatus and the receiving apparatus.

Abstract: The present invention provides an apparatus for securely acquiring a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: A server and a client hold common secret information in respective secret information holding units. A server Cyclic Redundancy Check (CRC) unit in the server generates a CRC code after adding the secret information to communication data, and transmits the communication data with the CRC code attached. A client CRC unit of the client generates a CRC code after adding the secret information to communication data, and checks whether or not an error has occurred in the communication data on the communication path. Since the client holds the secret information, the client determines that an error has not occurred, and obtains the communication data. On the other hand, a router, which does not hold the secret information, is unable to obtain the communication data. This prevents the communication data from being transferred to devices outside an authorized domain.

Abstract: The present invention makes it possible to use data that is held by a given terminal device in another terminal device, even after the given terminal device can no longer be accessed externally. If a terminal device 100a detects an event wherein one's own terminal will no longer be externally accessible, then the data held by one's own terminal 100a is transferred to another device 200 that can be accessed externally. Another terminal device 100b, which acquires and uses data, acquires data from the device 200, and uses such.

Abstract: A group management device provides with a content a device included in a group managed by the group management device. The group management device includes a storage unit that stores a total number of remote device that the group management device currently registers, a maximum number of remote devices that the group management device is permitted to register, a total number of local device that the group management device currently registers, and a maximum number of local devices that the group management device is permitted to register. The group management device also includes a judging unit that judges whether the total number of the remote device exceeds the maximum number of the remote devices when it is judged that the one device is the remote device. The judging unit judges whether the total number of the local device exceeds the maximum number of the local devices when it is judged that the one device is the local device.

Abstract: A terminal device that can, when delivering information to an other terminal device, control delivery of the information from a primary delivery destination to a secondary delivery destination is provided. The terminal device stores a primary delivery condition regarding whether delivery of the information to the primary delivery destination is prohibited or permitted, and trustability showing a degree of trust of a user in the primary delivery destination. The terminal device judges whether or not to deliver the information to the primary delivery destination, by using the primary delivery condition. When judging to deliver the information, the terminal device calculates a secondary delivery condition using the trustability and the primary delivery condition, the secondary delivery condition regarding whether delivery of the information from the primary delivery destination to the secondary delivery destination is prohibited or permitted.

Abstract: A group formation/management system rigidly sets a group range, allows contents to be used freely among member devices in the group, and includes one or more registered member devices for holding common secret information unique to the group, a new member device for transmitting a request for registration in the group and receiving and holding common secret information, and a group management device for receiving the registration request from the new member device and, when the number of registered member devices is less than the maximum number of registerable member devices, outputting the common secret information to the new member device. Furthermore, because member devices are authenticated using the common secret information when contents are to be used, and contents are only delivered if the authentication is successful, member devices that do not hold the common secret information (i.e. unregistered member devices) can be prevented from using contents.

Abstract: There is a demand for a device handling information with the use of encryption technology to safely and simply update the encryption schemes. The present invention offers an information security device having a plurality of encryption schemes and handling information safely and reliably, characterized by selecting one of the plurality of encryption schemes as an application encryption scheme and installing a different encryption scheme from the plurality of encryption schemes based on the application encryption scheme.

Abstract: A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data.

Abstract: When a PC 20 transmits a content request to a device registration apparatus 10 in which a permitted number of devices have already been registered, an expiration time management unit 105 judges whether any registration information registered in a registration list management unit 102 has an exceeded registration expiration time. If registration information with an exceeded registration expiration time is registered in the registration list management unit 102, the registration list management unit 102 deletes this registration information, and newly registers registration information of the PC 20.

Abstract: The confidential data protection apparatus that restricts use of confidential data to a particular place, thereby satisfying high security. When the confidential data is encrypted, the image data acquisition unit 1004 captures an image in the particular place using a camera module, the place-specific code generation unit 1007 generates a place-specific code using data of the captured image, the encryption processing unit 1009 encrypts the confidential data using the place-specific code, which is deleted after use. When the confidential data is attempted to be used, the image data acquisition unit 1004 uses the camera module again to capture another image in a place where the confidential data is attempted to be used, and the place-specific code generation unit 1007 uses data of the newly captured image to generate a new place-specific code. The encryption processing unit 1009 uses the new place-specific code in an attempt to decrypt the confidential data that has been encrypted.