Abstract: Provided is a group subordinate terminal in a key updating system that includes a server and a group of terminals including: a group managing terminal; and group subordinate terminals including the group subordinate terminal, the group subordinate terminal comprising: a group withdrawal request processing unit which transmits a group withdrawal request to the group managing terminal in response to an instruction to update its apparatus-unique key, the group withdrawal request requesting for withdrawal of the group subordinate terminal from the group; an update apparatus-unique key requesting unit which requests for another apparatus-unique key by transmitting to the server a group withdrawal certificate indicating that the withdrawal of the group subordinate terminal from the group of terminals is completed through invalidation of its group key; and an update processing unit which updates the apparatus-unique key held in an apparatus-unique key holding unit to the another apparatus-unique key obtained from th

Abstract: When a PC transmits a content request to a device registration apparatus in which a permitted number of devices have already been registered, an expiration time management unit judges whether any registration information registered in a registration list management unit has an exceeded registration expiration time. If registration information with an exceeded registration expiration time is registered in the registration list management unit, the registration list management unit deletes this registration information, and newly registers registration information of the PC.

Abstract: A time authentication device identifies clocks that show a time falling within the predetermined permissible range as compared with a time shown by the time authentication device. In a time authentication device embodied as a distribution device, a time-relation information storage unit stores a playback-device-time measured by a clock unit of a playback device, and also stores a distribution-device-time measured by a clock unit when the playback-device-time is acquired. The time authentication unit acquires from the playback device a target time measured by the clock unit, and also acquires an authentication time measured by the clock unit when the target time is received. The time authentication unit then calculates a first difference, a second difference, an authentication difference. If the authentication difference is smaller than or equal to a predetermined threshold, the time authentication unit judges that the clock unit of the playback device is valid.

Abstract: A content management system constructed by a plurality of storage apparatuses that can communicate with one another. A 1st storage apparatus, which is one of the storage apparatuses, stores therein, in correspondence, a content and copy destination information and sends the content and the copy destination information therefrom to a 2nd storage apparatus, which is another one of the storage apparatuses. Yet another one of the storage apparatuses that is indicated by the copy destination information stores therein, in correspondence, the content and copy source information and, after the 1st storage apparatus has sent the content and the copy destination information to the 2nd storage apparatus, rewrite the copy source information such that the copy source information indicates the 2nd storage apparatus.

Abstract: The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: In a server, an echo-request transmitting unit transmits echo-request data to a target device, and an echo-reply receiving unit receives echo-reply data from the target device. A time measuring unit measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

Abstract: Disclosed is a group admission system having a client and a server that belongs to a closed group within which contents are available. The client determines whether it is permissible to request to join the group to be a member device thereof based on the number of groups that the client is in and the maximum number of groups that the client is permitted to be in. If permissible, the client transmits a registration request to the server with information unique to the client. The server determines whether to permit the client to join the group by registering with the server based on the number of member devices registered with the server and the maximum number of member devices registerable with the server. If it is permitted, the server registers the unique information, and transmits group identification information to the client. The client receives and stores the group identification information.

Abstract: In order to allow a user to backup data, a backup system is used to transfer data from an information terminal to a backup device via a relay device. The information terminal includes a storing unit storing the data to be backed up, and includes a communication unit transmitting the data to the relay device and transferring condition information indicating a condition to be satisfied by the relay device. Further, the relay device includes (i) a storing unit storing information relating to transfer destination devices, (ii) a receiving unit receiving the data and the transfer condition information, and (iii) a transfer control unit selecting a transfer destination device that satisfies the condition indicated by the transfer condition information, and controlling transfer of the received data in accordance with the selection. The backup device includes a receiving unit receiving the data transferred by the relay device, and a storing unit storing the received data.

Abstract: Resistance against simple power analysis is maintained while a smaller table is used. An IC card 100 decrypts encrypted information using elliptic curve calculation for calculating a point k*C by multiplying a point C on an elliptic curve E with a coefficient k that is a positive integer less that a prime p. The calculation of the point k*C is performed by adding a multiplication result obtained by multiplying a digit position (window) value w of the acquired coefficient k with the point C in a position corresponding to the digit position, and is performed with respect to all digit positions. When a non-negative integer t exists that fulfills a condition that the acquired digit value w_can be divided by 2t and cannot be divided by 2t+1, the multiplication includes adding a point obtained by multiplying a point Q with w/2t.

Abstract: A measurement device includes: a first measurement unit (101) measuring first biological data at least k times (k?2) to obtain any k first measurement values; a distributed-signature generation unit (104) executing signature operations for the k first measurement values using any various k distributed-signature keys, respectively, to generate k distributed signatures, where the k distributed-signature keys can reconstruct a signature generation key only when all of them are available; a signature synthesis unit (106) synthesizing the k distributed signatures together to reconstruct a signature; and a steady state verification unit (107) verifying, using a signature verification key corresponding to the signature generation key, whether or not the signature reconstructed by the signature synthesis unit is correct, where the correctness of the signature means that the k first measurement values are same values.

Abstract: In a server, an echo-request transmitting unit 204 transmits echo-request data to a target device, and an echo-reply receiving unit 205 receives echo-reply data from the target device. A time measuring unit 206 measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

Abstract: The present invention provides an encryption apparatus that prevents plaintext data from leaking even if accumulated data is analyzed, while preventing the size of encrypted data from increasing. An encryption apparatus for encrypting a data piece that is smaller than a unit length for encryption performs the following: storing management information indicating a used area within an encryption area defined based on the unit length, the used area being an area already used for encryption; when encrypting a new data piece that is smaller than the unit length, generating encrypted data by adding the new data piece to an unused area within the encryption area with reference to the management information, the unused area being an area not used for encryption; and updating the management information to include an area for the new data piece into the used area, after generating the encrypted data.

Abstract: In a content-log analyzing system, content includes additional information indicating, according to a property of the content, whether or not to record communication of the content in a content-log. When transmitting content to a TV or a PC, a data-communication controlling device judges whether or not to record the communication in a content-log based upon additional information of the content, and when judging affirmatively, generates and stores content-log information. A content-log analyzing server obtains the content-log stored in the data-communication controlling device, and analyzes the obtained content-log.

Abstract: A portable data sensor tag (2), includes a memory (24), a data communication circuit (20) which receives a wireless activation signal from an external terminal, and, in an operation using electromotive force generated by the received activation signal, receives an encryption key from the external terminal and stores the received encryption key into the memory (24), a power source (23) which supplies power, an insulator (27) which switches a power supply from the power source (23) from off to on; and a sensor circuit (22) which reads the encryption key from the memory (24), encrypts measured data using the read encryption key, and stores the encrypted measurement data into the memory (24), the sensor circuit operating using the power supplied from the power source (23) after the power supply from the power source (23) is switched on.

Abstract: An electronic terminal performs early detection of unauthorized analysis thereon and prevents unauthorized acquisition and falsification of confidential information that is not to be released to a third party. The electronic terminal stores confidential information that is protected by consecutive application of a plurality of protection measures for defense against an attack from a third party. The electronic terminal monitors for attacks to the protection measures from an external source, and upon detecting an attack on one protection measure, updates a protection state of the confidential information to a new protection state in which either a new protection measure has been added to a protection path from the one attacked protection means to the confidential information, or the one protection measure on the path has been updated to a higher defense level.

Abstract: A distributing device for generating private information correctly even if shared information is destroyed or tampered with. A shared information distributing device for use in a system for managing private information by a secret sharing method, including: segmenting unit that segments private information into a first through an nth pieces of shared information; first distribution unit that distributes the n pieces of shared information to n holding devices on a one-to-one basis; and second distribution unit that distributes the n pieces of shared information to the n holding devices so that each holding device holds an ith piece of shared information distributed by the first distribution unit, as well as a pieces of shared information being different from the ith piece of shared information in ordinal position among n pieces of shared information, “i” being an integer in a range from 1 to n.

Abstract: Provided is a health care system including a key management server that receives from a server a request for a decryption key, with first identification information identifying a measuring apparatus, second identification information identifying vital sign data, and third identification information identifying the server. The key management server generates the decryption key using the first identification information, and stores fourth identification information identifying a server predetermined as a destination of the decryption key, and fifth identification information indicating the category of the vital sign data in correspondence with the fourth identification information. The key management server transmits the decryption key to the server, when the received third identification information matches the fourth identification information, and the received second identification information matches the fifth identification information.

Abstract: An update server 200 acquires, from an apparatus 100, a result of verifications relating to tampering of a protection control module 120 and each of install modules included in an install module group 130. The update server 200 determines a processing procedure of the apparatus 100 depending on the acquired result of verifications. Specifically, if it is judged that the protection control module 120 and each of the install module are unauthentic, the update server 200 transmits, to the apparatus 100, an instruction to perform updating of the unauthentic protection control module 120 in preference to revocation of the unauthentic install module.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.

Abstract: To aim to provide an information security device capable of reducing a period necessary for performing a power operation used for secret communication or authentication. The information security device performs secret communication or authentication by calculating an exponentiation X?d based on target data X and a secret value d using the window method. In the process of calculating the exponentiation X?d, immediately after square of a random value R acquired for multiplication is repeatedly performed a predetermined number of times, for example 256 times, a result of square of the random value R is cancelled using a cancellation value S (=R?(?2?256)). This makes it unnecessary to perform cancellation processing that has been conventionally performed.