Abstract: The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: In a server, an echo-request transmitting unit transmits echo-request data to a target device, and an echo-reply receiving unit receives echo-reply data from the target device. A time measuring unit measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

Abstract: Disclosed is a group admission system having a client and a server that belongs to a closed group within which contents are available. The client determines whether it is permissible to request to join the group to be a member device thereof based on the number of groups that the client is in and the maximum number of groups that the client is permitted to be in. If permissible, the client transmits a registration request to the server with information unique to the client. The server determines whether to permit the client to join the group by registering with the server based on the number of member devices registered with the server and the maximum number of member devices registerable with the server. If it is permitted, the server registers the unique information, and transmits group identification information to the client. The client receives and stores the group identification information.

Abstract: In order to allow a user to backup data, a backup system is used to transfer data from an information terminal to a backup device via a relay device. The information terminal includes a storing unit storing the data to be backed up, and includes a communication unit transmitting the data to the relay device and transferring condition information indicating a condition to be satisfied by the relay device. Further, the relay device includes (i) a storing unit storing information relating to transfer destination devices, (ii) a receiving unit receiving the data and the transfer condition information, and (iii) a transfer control unit selecting a transfer destination device that satisfies the condition indicated by the transfer condition information, and controlling transfer of the received data in accordance with the selection. The backup device includes a receiving unit receiving the data transferred by the relay device, and a storing unit storing the received data.

Abstract: Resistance against simple power analysis is maintained while a smaller table is used. An IC card 100 decrypts encrypted information using elliptic curve calculation for calculating a point k*C by multiplying a point C on an elliptic curve E with a coefficient k that is a positive integer less that a prime p. The calculation of the point k*C is performed by adding a multiplication result obtained by multiplying a digit position (window) value w of the acquired coefficient k with the point C in a position corresponding to the digit position, and is performed with respect to all digit positions. When a non-negative integer t exists that fulfills a condition that the acquired digit value w_can be divided by 2t and cannot be divided by 2t+1, the multiplication includes adding a point obtained by multiplying a point Q with w/2t.

Abstract: A measurement device includes: a first measurement unit (101) measuring first biological data at least k times (k?2) to obtain any k first measurement values; a distributed-signature generation unit (104) executing signature operations for the k first measurement values using any various k distributed-signature keys, respectively, to generate k distributed signatures, where the k distributed-signature keys can reconstruct a signature generation key only when all of them are available; a signature synthesis unit (106) synthesizing the k distributed signatures together to reconstruct a signature; and a steady state verification unit (107) verifying, using a signature verification key corresponding to the signature generation key, whether or not the signature reconstructed by the signature synthesis unit is correct, where the correctness of the signature means that the k first measurement values are same values.

Abstract: In a server, an echo-request transmitting unit 204 transmits echo-request data to a target device, and an echo-reply receiving unit 205 receives echo-reply data from the target device. A time measuring unit 206 measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

Abstract: The present invention provides an encryption apparatus that prevents plaintext data from leaking even if accumulated data is analyzed, while preventing the size of encrypted data from increasing. An encryption apparatus for encrypting a data piece that is smaller than a unit length for encryption performs the following: storing management information indicating a used area within an encryption area defined based on the unit length, the used area being an area already used for encryption; when encrypting a new data piece that is smaller than the unit length, generating encrypted data by adding the new data piece to an unused area within the encryption area with reference to the management information, the unused area being an area not used for encryption; and updating the management information to include an area for the new data piece into the used area, after generating the encrypted data.

Abstract: In a content-log analyzing system, content includes additional information indicating, according to a property of the content, whether or not to record communication of the content in a content-log. When transmitting content to a TV or a PC, a data-communication controlling device judges whether or not to record the communication in a content-log based upon additional information of the content, and when judging affirmatively, generates and stores content-log information. A content-log analyzing server obtains the content-log stored in the data-communication controlling device, and analyzes the obtained content-log.

Abstract: A portable data sensor tag (2), includes a memory (24), a data communication circuit (20) which receives a wireless activation signal from an external terminal, and, in an operation using electromotive force generated by the received activation signal, receives an encryption key from the external terminal and stores the received encryption key into the memory (24), a power source (23) which supplies power, an insulator (27) which switches a power supply from the power source (23) from off to on; and a sensor circuit (22) which reads the encryption key from the memory (24), encrypts measured data using the read encryption key, and stores the encrypted measurement data into the memory (24), the sensor circuit operating using the power supplied from the power source (23) after the power supply from the power source (23) is switched on.

Abstract: An electronic terminal performs early detection of unauthorized analysis thereon and prevents unauthorized acquisition and falsification of confidential information that is not to be released to a third party. The electronic terminal stores confidential information that is protected by consecutive application of a plurality of protection measures for defense against an attack from a third party. The electronic terminal monitors for attacks to the protection measures from an external source, and upon detecting an attack on one protection measure, updates a protection state of the confidential information to a new protection state in which either a new protection measure has been added to a protection path from the one attacked protection means to the confidential information, or the one protection measure on the path has been updated to a higher defense level.

Abstract: A distributing device for generating private information correctly even if shared information is destroyed or tampered with. A shared information distributing device for use in a system for managing private information by a secret sharing method, including: segmenting unit that segments private information into a first through an nth pieces of shared information; first distribution unit that distributes the n pieces of shared information to n holding devices on a one-to-one basis; and second distribution unit that distributes the n pieces of shared information to the n holding devices so that each holding device holds an ith piece of shared information distributed by the first distribution unit, as well as a pieces of shared information being different from the ith piece of shared information in ordinal position among n pieces of shared information, “i” being an integer in a range from 1 to n.

Abstract: Provided is a health care system including a key management server that receives from a server a request for a decryption key, with first identification information identifying a measuring apparatus, second identification information identifying vital sign data, and third identification information identifying the server. The key management server generates the decryption key using the first identification information, and stores fourth identification information identifying a server predetermined as a destination of the decryption key, and fifth identification information indicating the category of the vital sign data in correspondence with the fourth identification information. The key management server transmits the decryption key to the server, when the received third identification information matches the fourth identification information, and the received second identification information matches the fifth identification information.

Abstract: An update server 200 acquires, from an apparatus 100, a result of verifications relating to tampering of a protection control module 120 and each of install modules included in an install module group 130. The update server 200 determines a processing procedure of the apparatus 100 depending on the acquired result of verifications. Specifically, if it is judged that the protection control module 120 and each of the install module are unauthentic, the update server 200 transmits, to the apparatus 100, an instruction to perform updating of the unauthentic protection control module 120 in preference to revocation of the unauthentic install module.

Abstract: To aim to provide an information security device capable of reducing a period necessary for performing a power operation used for secret communication or authentication. The information security device performs secret communication or authentication by calculating an exponentiation X?d based on target data X and a secret value d using the window method. In the process of calculating the exponentiation X?d, immediately after square of a random value R acquired for multiplication is repeatedly performed a predetermined number of times, for example 256 times, a result of square of the random value R is cancelled using a cancellation value S (=R?(?2?256)). This makes it unnecessary to perform cancellation processing that has been conventionally performed.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: A content management system formed from a playback apparatus that requests and plays content, and a content management apparatus that manages duplication and deletion of content. The playback apparatus notifies group information of the playback apparatus to the content management apparatus, acquires information from the content management apparatus showing whether requests are permitted, and duplicates/deletes content. By judging whether the playback apparatus belongs to a group, and notifying whether a duplication request is permitted or rejected, based on in-group and out-group remaining numbers that show the remaining number of duplications permitted of apparatuses in-group and out-group, respectively, the content management apparatus relaxes restrictions on in-group content duplication as compared with out-group content duplication, and thus improves convenience for users in a home network, while protecting the rights of copyright holders, with respect to content duplication and usage.

Abstract: Conventional pet robots have the ability to distinguish users and take a different behavior pattern per each different user, and conventional pet robots have the ability to phase their behavior patterns based on their own behavior history to stage a growth process. The present invention provides an improvement to the conventional pet robots by, when in contact with a user in possession of a memory card, acquiring various types of information from the memory card, such as identification information of the memory card, information regarding the user, and history information regarding contact between the user and the robot. This provides the user a high degree of satisfaction by performing behavior that reflects the acquired information.

Abstract: A secure device is provided that can store programs therein, the secure device including: a low-protection level storage unit; a high-protection level storage unit; a program acquiring unit that acquires a program and corresponding additional information, the additional information used for determining a storage destination of the acquired program; an additional information analyzing unit that stores the acquired program in one of the low-protection level storage unit and the high-protection level storage unit, according to additional information; an area searching unit; a protection level judging unit; and a program storing unit.