Abstract: According to an embodiment, an information processing apparatus includes processing circuitry configured to function as a start process control unit, a file read detection unit, a determination unit, and a file reading unit. The start process control unit is configured to register at least a specific process of started processes in an identifiable manner into a first list. The file read detection unit is configured to detect a request to read a file by the specific process registered in the first list. The determination unit is configured to determine whether to allow reading of the requested file based on a first condition. The file reading unit is configured to control reading of the file in accordance with a determination result of the determination unit.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. One or more processors acquire first distinctive information of a first piece of software to be executed. When a whitelist that specifies distinctive information of pieces of software that are permitted to be executed records the distinctive information indicating the first distinctive information, one or more processors distinctively identify, as second distinctive information, the distinctive information of a second piece of software that represents another piece of software relating to the first piece of software in the whitelist.

Abstract: In an embodiment, an information processing apparatus is connected to external apparatuses. The information processing apparatus includes: a device key storage unit configured to store a device key; a shared key storage unit configured to store one or more shared keys shared by the external apparatuses; a key generating unit configured to generate a media key from the device key and media key blocks; and an updating unit configured to generate the shared keys as generated shared keys, which is updated, based upon the media key and the shared keys stored in the shared key storage unit, and to store the generated shared keys into the shared key storage unit.

Abstract: According to an embodiment, an information processing apparatus includes: a memory on which first/second processing applications are stored, the first processing application being a secure application; and a processor that is coupled to the memory and executes the first and second processing applications. The first processing application includes an issuance module, a first communication module, and a log verification module. The issuance module issues a command to call a function of the second processing application and links the command to a verification rule. The first communication module transmits, to the second processing application, a command execution request including command identification information that identifies the command, and receives, from the second processing application, an execution log including an execution result of the command identified by the command identification information.

Abstract: According to an embodiment, a communication control device is connected to communication devices and includes a storage, a generator, and an output unit. The storage is configured to store group information containing a group ID of a group and device IDs of the communication devices belonging to the group. The generator is configured to generate compressed information in which the device IDs are compressed. The output unit is configured to output, when the group information is updated, to all communication devices identified by the device IDs included in the group information after updating and to a plurality of communication devices including one or more of the communication devices identified by the device IDs not included in the group information after updating, output information containing identification information for identifying the group after updating and compressed information in which the device IDs included in the group information after updating are compressed.

Abstract: According to an embodiment, a communication control device includes a receiving unit, a generating unit, and an output unit. The receiving unit receives input of a binary tree in which each of leaf nodes has an index assigned thereto, and receives input of a node ID that enable identification of a leaf node belonging to a group. The generating unit generates set information indicating a set of a predetermined number of partial trees of the binary tree. Each partial tree includes only the leaf node identified by the node ID. The generating unit generates range information of the indexes assigned to one or more leaf nodes of each partial tree included in the set. The output unit outputs the set information and the range information at least to a communication device corresponding to a leaf node belonging to the group.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. The one or more processors are configured to acquire a program identifier of a computer program disposed on a memory and serving as an execution target; read a calculation result corresponding to the acquired program identifier from a storage; and verify whether the computer program serving as the execution target is permitted to be executed, on the basis of the read calculation result and a white list.

Abstract: A communication control device includes a receiving unit, a generating unit, and an output unit. The receiving unit receives input of a binary tree in which each leaf node has an index and a node key assigned thereto, and receives input of node IDs that, from among the leaf nodes, enable identification of the leaf nodes belonging to a group. The generating unit generates, using the node key assigned to the root node of each partial tree of the binary tree which includes only the leaf nodes identified by the node IDs, a cipher text by encrypting a group key shared in the group, and generates set information containing the generated cipher text. The output unit outputs the set information at least to the communication devices that are associated to the leaf nodes belonging to the group.

Abstract: A communication control device includes an extracting unit and an output unit. The extracting unit extracts, from a media key block containing a plurality of elements, partial information that contains elements which can be processed by a communication device having a device ID thereof identified in identification information for identifying one or more device IDs. The output unit outputs a group ID for identifying a group, the identification information, and the partial information, to a plurality of the communication devices that include all of the communication devices belonging to the group.

Abstract: According to an embodiment, an information processing device includes a prior verifying unit, and an execution control unit. The prior verifying unit is configured to verify integrity of software registered in a whitelist at a timing which does not depend on an execution start of software and generate an execution permission list in which software which is successfully verified is registered as execution-permitted software. The execution control unit is configured to permit execution of the software if the software is registered in the execution permission list as the execution-permitted software when the execution start of the software is detected.

Abstract: According to one embodiment, an information processing apparatus includes one or more processors. The processors store a first public key certificate and second public key certificates in storage. The first public key certificate includes a first validity period, a signature, and a public key. Each of the second public key certificates including a signature and a second validity period that is within the first validity period and shorter than the first validity period. The second validity periods included in the second public key certificates are mutually different. The processors receive specific information of the first public key certificate. The processors transmit one of the plurality of second public key certificate including the second validity period in which a start time of the second validity period is before a current time and generated from the first public key certificate specified by the received specific information to a transmission source of the specific information.

Abstract: According to one embodiment, a management device includes a management tree storage and one or more processors. The management tree storage stores therein a binary tree including a plurality of nodes that are assigned with respective node keys. The processors update at least one of the node keys. The processors selects at least one of a first subtree and a second subtree, the first subtree and the second subtree being subtrees including leaf nodes of the binary tree, the leaf nodes corresponding to respective communication devices included in a group, the first subtree including only leaf nodes with the respective node keys assigned thereto not having been updated, the second subtree including only leaf nodes with the respective node keys assigned thereto having been updated. The processors transmit a group key encrypted using a node key assigned to a root node of the selected subtree.

Abstract: A management apparatus according to an embodiment is connected to a measurement apparatus deployed for each user via a first network. The management apparatus is connected to a service providing apparatus via a second network. The management apparatus includes a first communication device, a second communication device and one or more first processors. The first processors generate seed information using a service providing apparatus identifier. The first processors generate a user key using a measurement apparatus individual key, and the seed information. The first communication device transmits the generated seed information to the measurement apparatus via the first network. The second communication device transmits the generated user key to the service providing apparatus via the second network.

Abstract: According to an embodiment, a management apparatus manages pieces of information held by a plurality of devices. The apparatus includes storage, one or more processors, and a transmitter. The storage stores therein the pieces of information held by the devices. The processors generate a list of inspection values indicating the pieces of information stored in the storage. The processors generate determination information for determining, in a state where the list is concealed, whether a provided value is included in the list. The transmitter transmits the determination information to the respective devices.

Abstract: According to an embodiment, a management apparatus connectable to a plurality of devices through a network includes storage, one or more processors, and an assignment transmitter. The storage stores therein management tree information in which node keys are respectively assigned to nodes and devices are respectively assigned to leaf nodes. The processors calculate similarity between attribute information representing an attribute of a new device and attribute information of devices already assigned in the management tree information. The processors determine a first leaf node to which the new device is to be assigned in the management tree information, based on the similarity. The assignment transmitter transmits, to the new device, at least one node key of node keys assigned to nodes on a path from a root node to the first leaf node in the management tree information.

Abstract: A communication control device includes an extracting and an output unit. One or more communication devices belong to a first-type group, and one or more communication devices belong to a second-type group. From a media key block containing a plurality of elements, the extracting unit extracts partial information containing an element which is processible by each communication device belonging to a subset of the second-type group. To the communication devices belonging to the second-type group that is identified by identification information corresponding to the partial information; the output unit outputs a group ID that indicates the first-type group, the identification information, and the partial information.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry configured to function as a start process control unit, a file read detection unit, a determination unit, and a file reading unit. The start process control unit is configured to register at least a specific process of started processes in an identifiable manner into a first list. The file read detection unit is configured to detect a request to read a file by the specific process registered in the first list. The determination unit is configured to determine whether to allow reading of the requested file based on a first condition. The file reading unit is configured to control reading of the file in accordance with a determination result of the determination unit.

Abstract: According to an embodiment, a communication control device includes a generating unit and a sending unit. The generating unit refers to specification information, which specifies the communication device belonging to a group from among a plurality of communication devices, and generates identification information, which enables identification of the communication device specified in the specification information, by implementing, from among a plurality of generation methods for generating the identification information, a generation method in which the size of the generated identification information is smaller than the other generation methods. The sending unit sends the identification information to a plurality of communication devices.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. One or more processors acquire first distinctive information of a first piece of software to be executed. When a whitelist that specifies distinctive information of pieces of software that are permitted to be executed records the distinctive information indicating the first distinctive information, one or more processors distinctively identify, as second distinctive information, the distinctive information of a second piece of software that represents another piece of software relating to the first piece of software in the whitelist.

Abstract: According to an embodiment, an information processing apparatus includes one or more processor. The processor is configured to run a process and a process manager to manage the process. The process includes a first key generator, a first authentication code generator, and a first output unit. The first key generator is configured to generate a first message authentication key by using process unique data assigned by the process manager. The first authentication code generator is configured to generate a first message authentication code by using the first message authentication key and a first message. The first output unit is configured to transmit the first message and the first message authentication code to the process manager.