Abstract: An unauthorized connection detecting device which detects an unauthorized charge/discharge device includes: a time information obtaining unit obtaining, as time information, information from a first charge/discharge device, the information indicating at least one of an issuing date of a first certificate which is a public key certificate and an issuing date of a certificate revocation list held by the first charge/discharge device; an expiration date obtaining unit obtaining expiration date information from a second charge/discharge device, the expiration date information indicating an expiration date of a second certificate which is a public key certificate held by the second charge/discharge device; and an unauthorization detecting unit detecting whether or not the second charge/discharge device is the unauthorized charge/discharge device by comparing the time information with the expiration date information.

Abstract: An information security apparatus includes a plurality of monitoring modules that monitor for tampering. A management apparatus includes a reception unit that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.

Abstract: A method of managing map information including: attaching a retrieval identifier, according to input information, to map information which is obtained by retrieval based on the input information, the retrieval identifier indicating whether the map information is personal data or public data; storing the map information as the personal data into a storage device, the map information being indicated to be the personal data by the retrieval identifier attached in the attaching, and storing the map information as the public data into the storage device, the map information being indicated to be the public data by the retrieval identifier; and executing a navigation process using at least one of the personal data and the public data which are stored in the storage device.

Abstract: A portable data sensor tag includes a memory, a data communication circuit which receives a wireless activation signal from an external terminal, and, in an operation using electromotive force generated by the received activation signal, receives an encryption key from the external terminal and stores the received encryption key in the memory. A power source supplies power, an insulator which switches a power supply from the power source from off to on, and a sensor circuit reads the encryption key from the memory, encrypts measured data using the read encryption key, and stores the encrypted measurement data in the memory. The sensor circuit operates using the power supplied from the power source after the power supply from the power source is switched on.

Abstract: The present invention aims to perform tamper detection on a protection control module without having detection modules come to know the key data and functions thereof. The detection modules of the present invention perform tamper detection by verifying whether or not the correspondence between the input and output data of the application decryption process performed by the protection control module is correct. Furthermore, the present invention offers improved security against leaks of the application output data by the detection modules by having a plurality of detection modules verify different data blocks.

Abstract: A terminal device controls delivery of information from a primary delivery destination to a secondary delivery destination. The terminal device stores a primary delivery condition regarding whether delivery of the information to the primary delivery destination is prohibited or permitted, and a trustability value showing a degree of trust of a user in the primary delivery destination. The terminal device judges whether or not to deliver the information to the primary delivery destination, by using the primary delivery condition. When judging to deliver the information, the terminal device calculates a secondary delivery condition using the trustability value and the primary delivery condition, the secondary delivery condition regarding whether delivery of the information from the primary delivery destination to the secondary delivery destination is prohibited or permitted. The terminal device then sends the generated secondary delivery condition to the primary delivery destination.

Abstract: An access control method including: receiving a log information item indicating use history of electrical equipment that is used together with an intended product; receiving product information including information for identifying the intended product; storing the log information item received in the receiving of a log information item and the product information received in the receiving of product information, in association with each other; and controlling whether or not to allow access to the log information item based on the product information associated with the log information item when access to the log information item is attempted.

Abstract: In a key management system, a RFID tag decrypts a first key encrypted by a master key and stores the decrypted first key to a service key storage region, then decrypts a second key encrypted by the first key in a third party server, then, encrypts the decrypted second key by the master key and transmits the second key encrypted by the master key to an application of a mobile information terminal, and then decrypts the encrypted second key returned from the application and stores the decrypted second key to the service key storage region.

Abstract: An unauthorized connection detecting device, which detects whether or not a power storage device is an unauthorized power storage device, includes: a communications unit receiving first charge/discharge information in which first identification information and first connection information are associated each other, the first identification information identifying an encryption key of the power storage device used for mutual authentication between a charge/discharge device and the power storage device, and the first connection information being on the power storage device and obtained when the power storage device is connected to the charge/discharge device; and an unauthorization detecting unit detecting whether or not the power storage device is the unauthorized power storage device, by determining, using the first identification information and the first connection information, whether or not two or more power storage devices associated with a single first identification information item are present.

Abstract: To aim provide a software update apparatus including an install module group composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server, a replacement protection control module to be used for updating a protection control module having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: An information processing terminal (101) includes: a storage area (206), in which general information (211) and confidential information (210) are recorded; an input/output receiving unit (201) which receives an access command to general information (211) or confidential information (210); a route information holding unit (203) in which route information is held, the route information indicating an area of activity in which access to the confidential information (210) is allowed; a current location acquisition unit (304) which acquires current location information indicating the current location of the information processing terminal (101); an access determination unit (305) which allows access to the confidential information (210) when the location of the information processing terminal (101) indicated by the current location information is in the route information; and a confidential information access unit (306) which accesses the confidential information (210) in response to the access allowance by the ac

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: The present invention provides an apparatus for correctly controlling content recorded on an optical disc. An apparatus 600 for using content recorded on an optical disc 601, wherein the optical disc 601 includes a control information area 602 composed of partial areas 603a-603n, each being for recording control information indicating that use of the content is not permitted, the apparatus 600 comprises: a position information holding unit 612 holding therein position information indicating one of the partial areas 603a-603n that is allocated for the apparatus 600 to record the control information; a reading unit 613 reading information within the control information area 602; a judgment unit 614 judging whether use of the content is permitted, with use of the information read by the reading unit 613 and the position information; and a usage control unit 615 using the content when use of the content is judged to be permitted.

Abstract: A malicious-module identification device identifies and deactivates a malicious module operating in an information processing device connected thereto via a network. The malicious-module identification device is provided with a reception unit for receiving results of tampering detection from a plurality of modules for detecting tampering, and a determination unit for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs. A deactivation unit outputs an instruction to deactivate the module identified as the malicious module.

Abstract: A data protection system includes terminals, and an encryption device that encrypts distribution data distributed to each terminal. Each terminal corresponds with one node on a lowest level of a tree structure having hierarchies. A data protection system excludes nodes on the lowest level, determines a plurality of combination patterns that include combinations of two or more of all four nodes that are reached one level below the node, decides an individual decryption key for each determined combination pattern, and decides an individual decryption key for each node on the lowest level. The data protection system prescribes nodes that are reached from the node on the lowest level and a terminal to the node on the highest level that is an invalid node.

Abstract: An update server acquires, from an apparatus, a result of verifications relating to tampering of a protection control module and each of install modules included in an install module group. The update server determines a processing procedure of the apparatus depending on the acquired result of the verifications. Specifically, if it is judged that the protection control module and each of the install modules is unauthentic, then the update server transmits, to the apparatus, an instruction to perform updating of the unauthentic protection control module in preference to a revocation of the unauthentic install module.

Abstract: A system including a server holding content and a terminal using the content, whereby the terminal is registered in the server if a communication time between the terminal and the server is less than or equal to a reference value. A measuring unit of the server measures a communication time from transmitting measuring information to the terminal until receiving response information from the terminal, and repeats the transmission, the reception, and the measurement until the measured communication time is less than or equal to the reference value. An elapsed-time measuring unit measures an elapsed time from when the measuring unit first begins measuring the communication time, and a transmission unit transmits, to the terminal, status notification information showing a processing status depending on the elapsed time. A response unit of the terminal receives measuring information from the server and transmits response information to the server when the measuring information is received.

Abstract: Provided is an information security apparatus that has enhanced stability and confidentiality of a hash key. The information security apparatus includes an information generating PUF unit that has tamper resistance set, using physical characteristics, so as to output a preset hash key, a partial error-correction information storage unit that stores partial error-correction information, an error correcting PUF unit that has tamper-resistance set, using physical characteristics, so as to output error-correcting PUF information, an error-correction information generating unit that generates error-correction information using partial correction information and the error-correcting PUF information, and an error correcting unit that corrects an error for the hash key outputted from the information generating PUF unit and outputs an error-corrected hash key.

Abstract: A content management server comprises: a first connection detection unit that detects whether or not the content management server is connected with the content-using device; a content management unit that manages the content according to a result of the detection by the first connection detection unit and holds information on how the content-using device controls the use of the content. A content-using device comprises: a second connection detection unit that detects whether or not the content-using device is connected with the content management server; a second selection unit that specifies a method for controlling the use of the content according to a result of the detection by the second connection detection unit; and a content control unit that controls the use of the content according to the method specified by the second selection unit.

Abstract: Provided is a content management device for protecting a content of a provider. A content management device 800 deletes one or more contents shared with and held by a user of another device. The content management device 800 comprises: a sharing unit 801 configured to distribute the contents to the user and thereby share the contents with the user; and a switching unit 802 configured to switch a method of the deletion to another method according to a time elapsed from the distribution.