Abstract: To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program. An information processing apparatus uses signed integrity values unique to software configuration and asserting integrity of initial codes of a networked server. The server apparatus generates keys used for certifying the server apparatus (S810, S820, S830). One of the keys are certified by a third party to generate a digital signature (S840). The digital signature is attached to the integrity values and the signed integrity values are transmitted to the information processing apparatus for allowing the information processing apparatus to have secure services through the network (S850, S860).

Abstract: A security device of this invention includes a nonvolatile storage unit 22 for storing a validity check unit including a counter updated every time signature function means 30 is called up, a volatile storage unit 24 for reading and storing a counter array out of an external nonvolatile storage unit storing the counter array, in which the counter array is obtained by coupling a hash value generated for each signature key with a signature number counter for counting the number of signatures performed by use of the signature key, and a hash function unit 28 for reading the counter array out of the volatile storage unit 24, generating the hash value, and transferring the hash value to the validity check unit for a validity check.

Abstract: A connection scheme for connection from a host or the like to multiple storage devices via an optical link, and in particular to an optical connection scheme or an optical wiring scheme for realizing multiplexing/redundancy by utilizing branches of an optical link and the unidirectionality of the optical link. When a host or the like and multiple storage devices such as memories are optically connected via two or more optical couplers, a configuration is made in which a loop is provided between the two optical couplers by utilizing branches of the optical couplers and the unidirectionality of light. Accordingly, a configuration is adopted in which an IO controller makes a selection from among multiple operation modes.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A system includes a detection unit configured to detect unauthorized access to one or more information processing apparatuses that are virtually implemented by virtual machines executed by a computer; an authorized network configured to transfer authorized access to the one or more information processing apparatuses from an external network; a honeypot network configured to transfer unauthorized access to the information processing apparatuses from the external network; and a control unit configured to connect the information processing apparatuses for which no unauthorized access has been detected to the authorized network, and connect the information processing apparatuses for which unauthorized access has been detected to the honeypot network; wherein the control unit shifts, in response to detecting unauthorized access by the detection unit, the corresponding information processing apparatus into a decoy mode in which the detected unauthorized access is disconnected from a normal operation.

Abstract: A method and an inspection apparatus for inspecting an information processing unit to which software update is applied. The apparatus includes a collection component configured to collect the behavior, for a plurality of times of software update, of the information processing unit to which one software update is applied. The apparatus also includes a determination component configured to compare the behavior collected for the plurality of times of software update to one another to determine whether the behavior of the information processing unit after the one software update is applied thereto is normal.

Abstract: To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program. An information processing apparatus uses signed integrity values unique to software configuration and asserting integrity of initial codes of a networked server. The server apparatus generates keys used for certifying the server apparatus (S810, S820, S830). One of the keys are certified by a third party to generate a digital signature (S840). The digital signature is attached to the integrity values and the signed integrity values are transmitted to the information processing apparatus for allowing the information processing apparatus to have secure services through the network (S850, S860).

Abstract: To provide an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program. An information processing apparatus uses signed integrity values unique to software configuration and asserting integrity of initial codes of a networked server. The server apparatus generates keys used for certifying the server apparatus (S810, S820, S830). One of the keys are certified by a third party to generate a digital signature (S840). The digital signature is attached to the integrity values and the signed integrity values are transmitted to the information processing apparatus for allowing the information processing apparatus to have secure services through the network (S850, S860).

Abstract: A backplane, a method for making a backplane, and optical communication apparatuses. The backplane includes: a plurality of optical elements each selected from the group consisting of: (i) optical fibers, (ii) optical waveguides, and (iii) a combination thereof, where the plurality of optical elements have the same length, where the plurality of optical elements form at least one bundle, where the elements are bundled at both ends of the at least one bundle such that end portion lengths of the plurality of optical elements differ from each other, thus forming a broadcast-star topology, and where the plurality of optical elements is connected such that communication distance between at least two blades that can be inserted into the back plane is constant.

Abstract: A security device of this invention includes a nonvolatile storage unit 22 for storing a validity check unit including a counter updated every time signature function means 30 is called up, a volatile storage unit 24 for reading and storing a counter array out of an external nonvolatile storage unit storing the counter array, in which the counter array is obtained by coupling a hash value generated for each signature key with a signature number counter for counting the number of signatures performed by use of the signature key, and a hash function unit 28 for reading the counter array out of the volatile storage unit 24, generating the hash value, and transferring the hash value to the validity check unit for a validity check.

Abstract: A security device of this invention includes a nonvolatile storage unit 22 for storing a validity check unit including a counter updated every time signature function means 30 is called up, a volatile storage unit 24 for reading and storing a counter array out of an external nonvolatile storage unit storing the counter array, in which the counter array is obtained by coupling a hash value generated for each signature key with a signature number counter for counting the number of signatures performed by use of the signature key, and a hash function unit 28 for reading the counter array out of the volatile storage unit 24, generating the hash value, and transferring the hash value to the validity check unit for a validity check.

Abstract: A connection scheme for connection from a host or the like to multiple storage devices via an optical link, and in particular to an optical connection scheme or an optical wiring scheme for realizing multiplexing/redundancy by utilizing branches of an optical link and the unidirectionality of the optical link. When a host or the like and multiple storage devices such as memories are optically connected via two or more optical couplers, a configuration is made in which a loop is provided between the two optical couplers by utilizing branches of the optical couplers and the unidirectionality of light. Accordingly, a configuration is adopted in which an IO controller makes a selection from among multiple operation modes.

Abstract: A platform configuration measurement device including: a configuration register; means for executing extension processing in which a predetermined operation is performed on a content of the configuration register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the configuration register; and measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values, random extension means is provided for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.

Abstract: A platform configuration measurement device including: a configuration register; means for executing extension processing in which a predetermined operation is performed on a content of the configuration register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the configuration register; and measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values, random extension means is provided for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.

Abstract: A security device of this invention includes a nonvolatile storage unit 22 for storing a validity check unit including a counter updated every time signature function means 30 is called up, a volatile storage unit 24 for reading and storing a counter array out of an external nonvolatile storage unit storing the counter array, in which the counter array is obtained by coupling a hash value generated for each signature key with a signature number counter for counting the number of signatures performed by use of the signature key, and a hash function unit 28 for reading the counter array out of the volatile storage unit 24, generating the hash value, and transferring the hash value to the validity check unit for a validity check.

Abstract: Systems, methods and computer program products for high availability enhancements of virtual security module servers. Exemplary embodiments include a virtual security appliance system, including a recipient Virtual Security Appliance having an I/O controller configured to received commands from a Virtual Machine Monitor and a crypto engine of the recipient virtual security appliance configured to assign a master/slave flag, the crypto engine having a master virtual Trusted Platform Module and a slave virtual Trusted Platform Module, wherein the crypto engine includes an appliance endorsement key configured to provide an identification and to pair with an additional recipient virtual security appliance in the virtual security appliance system, the additional recipient virtual security appliance including an additional crypto engine having an additional appliance endorsement key.

Abstract: A platform configuration measurement device including: a configuration register; means for executing extension processing in which a predetermined operation is performed on a content of the configuration register by using a given additional value, a hash value is obtained by applying a predetermined hash function to a value obtained by the predetermined operation, and the hash value is set for a new content of the configuration register; and measurement extension means for obtaining measured values, corresponding to predetermined components constituting a platform, by sequentially making predetermined measurement on the predetermined components, and for allowing the means for executing extension processing to execute the extension processing using the measured values as the additional values, random extension means is provided for allowing the means for executing extension processing to execute the extension processing using a random value as the additional value.

Abstract: A system for recording an expected value which a hash value of each of a plurality of the components in this system should take on. The system further records in association with secret information an expected value of integrity information which serves as a condition for permitting access to the secret information. The system includes a register for storing integrity information for certifying the integrity of the components. In the system, a value computed by further inputting to a hash function the expected values which hash values of the components should take on is stored in the register as the integrity information before the components are started. Then, a hash value of a component newly started is computed, and the integrity information of the register is updated on condition that the computed hash value is different from the expected value.

Abstract: Systems, methods and computer program products for high availability enhancements of virtual security module servers. Exemplary embodiments include a command processing method, including receiving a command from a virtual machine monitor in an I/O controller of a recipient virtual security appliance, determining a load of a crypto engine of the recipient virtual security appliance to assign a master/slave flag, the crypto engine having a master virtual trusted platform module and a slave trusted platform module, assigning a master/slave flag to the command to identify a command type, determining the command type in the I/O controller, receiving output from the crypto engine and returning the output to the virtual machine monitor.

Abstract: A computer system with authentication means including a storage device where first conditions, second conditions, and authentication information relating to authentication means are stored; means for acquiring the first conditions and the second conditions when a user requests authentication; and means for selecting at least one of a plurality of authentication means from the storage device based on the acquired first conditions and the second conditions.