Abstract: The present invention aims to perform tamper detection on a protection control module without having detection modules come to know the key data and functions thereof. The detection modules of the present invention perform tamper detection by verifying whether or not the correspondence between the input and output data of the application decryption process performed by the protection control module is correct. Furthermore, the present invention offers improved security against leaks of the application output data by the detection modules by having a plurality of detection modules verify different data blocks.

Abstract: To aim provide a software update apparatus including an install module group composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server, a replacement protection control module to be used for updating a protection control module having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

Abstract: A malicious-module identification device identifies and deactivates a malicious module operating in an information processing device connected thereto via a network. The malicious-module identification device is provided with a reception unit for receiving results of tampering detection from a plurality of modules for detecting tampering, and a determination unit for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs. A deactivation unit outputs an instruction to deactivate the module identified as the malicious module.

Abstract: An update server acquires, from an apparatus, a result of verifications relating to tampering of a protection control module and each of install modules included in an install module group. The update server determines a processing procedure of the apparatus depending on the acquired result of the verifications. Specifically, if it is judged that the protection control module and each of the install modules is unauthentic, then the update server transmits, to the apparatus, an instruction to perform updating of the unauthentic protection control module in preference to a revocation of the unauthentic install module.

Abstract: Provided is a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules receives, from an external server (200), a replacement protection control module (121) for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified, by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.

Abstract: The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H?, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H? in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L? and, if so, recognizes the message data as valid.

Abstract: Tampering monitoring system 10d can detect whether protection control module is tampered with even if some of detection modules are tampered with. Tampering monitoring system 10d includes protection control module 120d, n detection modules, and management device 200d. Protection control module 120d includes: generation unit 310d generating d pieces of distribution data from computer program, n and d being positive integers, d smaller than n; selection unit 311d selecting d detection modules; and distribution unit 302d distributing d pieces of distribution data to d detection modules. Each detection module judges whether received piece of distribution data is authentic to detect whether protection control module is tampered with, and transmits judgment result indicating whether protection control module is tampered with. Management device 200d receives judgment results from d detection modules and manages protection control module with regard to tampering by using received judgment results.

Abstract: Provided is a tampering monitoring system that can identify a monitoring module that has been tampered with among a plurality of monitoring modules. A management apparatus is provided with an acquisition unit that acquires a new monitoring module that has not been tampered with, a generation unit that generates a decoy monitoring module by modifying the acquired monitoring module, a transmission unit that transmits the decoy monitoring module to the information security device and causes the information security device to install the decoy monitoring module therein, a reception unit that receives from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules, and a determination unit that identifies, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and determines the identified monitoring module to be invalid.

Abstract: A malicious-module identification device (200a) identifies and deactivates a malicious module operating in an information processing device (100a) connected thereto via a network. The malicious-module identification device is provided with a reception unit (2310) for receiving results of tampering detection from a plurality of modules for detecting tampering, a determination unit (210a) for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection, and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs, and a deactivation unit (2320) for outputting an instruction to deactivate the module identified as the malicious module.

Abstract: An information security apparatus (100c) includes a plurality of monitoring modules that monitor for tampering. A management apparatus (200c) includes a reception unit (230c) that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit (220c) that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit (210c) that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.

Abstract: The present invention aims to perform tamper detection on a protection control module without having detection modules come to know the key data and functions thereof. The detection modules of the present invention perform tamper detection by verifying whether or not the correspondence between the input and output data of the application decryption process performed by the protection control module is correct. Furthermore, the present invention offers improved security against leaks of the application output data by the detection modules by having a plurality of detection modules verify different data blocks.

Abstract: A management device detects whether any normal monitoring module that has not been tampered with exists by referring to monitoring results received from an information security device and selects, when existence is detected, one of the monitoring modules and assumes that the selected monitoring module has been tampered with. The monitoring device then successively applies a procedure to monitoring modules other than the selected monitoring module by referring to the monitoring results, starting from the selected monitoring module, the procedure being to assume that any monitoring module determining that a monitoring module assumed to have been tampered with is normal has also been tampered with. As a result of the procedure, when all of the monitoring modules are assumed to have been tampered with the management device determines the selected monitoring module to be a normal monitoring module that has not been tampered with.

Abstract: To aim to provide a monitoring system and a program execution apparatus that are capable of maintaining the security intensity even in the case where an unauthentic install module is invalidated. Install modules 131 to 133 included in an apparatus 100 each monitor an install module, which is a monitoring target indicated by a monitoring pattern included therein, as to whether the install module performs malicious operations. An install module that performs malicious operations is invalidated in accordance with an instruction from an update server 200. The monitoring patterns are restructured by the update server 200 such that the install modules except the invalidated install module are each monitored by at least another one of the install modules. The restructured monitoring patterns are distributed to the install modules except the invalidated install module.

Abstract: A signature generation apparatus capable of preventing transcript attack on signature data is provided. The signature generation apparatus performing a digital signature operation with the use of a signature key: stores the signature key; performs the digital signature operation on signature target data with the use of the signature key to generate signature data; counts the cumulative count of digital signature operations having been performed by the signature generation unit with the use of the signature key; judges whether the cumulative count has reached a predetermined count; and inhibits the use of the signature key in the digital signature operation from then onward in a case where the judgment unit determines that the cumulative count has reached the predetermined count.

Abstract: The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H?, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H? in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L? and, if so, recognizes the message data as valid.

Abstract: A distributing device for generating private information correctly even if shared information is destroyed or tampered with. A shared information distributing device for use in a system for managing private information by a secret sharing method, including: segmenting unit that segments private information into a first through an nth pieces of shared information; first distribution unit that distributes the n pieces of shared information to n holding devices on a one-to-one basis; and second distribution unit that distributes the n pieces of shared information to the n holding devices so that each holding device holds an ith piece of shared information distributed by the first distribution unit, as well as a pieces of shared information being different from the ith piece of shared information in ordinal position among n pieces of shared information, “i” being an integer in a range from 1 to n.

Abstract: A signature generation apparatus and a signature verification apparatus preventing an occurrence of an inappropriate signature verification error. The signature generation apparatus (110) including a signature generation unit (114) calculating signature vector (s, t) for a message m using a private key, and generating signature data S indicating polynomials sl and sh specifying the polynomial s and a polynomial th which is a quotient when the polynomial t is divided by q.

Abstract: An update server 200 acquires, from an apparatus 100, a result of verifications relating to tampering of a protection control module 120 and each of install modules included in an install module group 130. The update server 200 determines a processing procedure of the apparatus 100 depending on the acquired result of verifications. Specifically, if it is judged that the protection control module 120 and each of the install module are unauthentic, the update server 200 transmits, to the apparatus 100, an instruction to perform updating of the unauthentic protection control module 120 in preference to revocation of the unauthentic install module.

Abstract: To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.