公开(公告)号：US08800038B2

公开(公告)日：2014-08-05

申请号：US13375912

申请日：2011-04-15

申请人： Yuichi Futa ,  Yuji Unagami ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Yuichi Futa ,  Yuji Unagami ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： G06F11/00 ,  G06F21/55

CPC分类号： G06F21/55 ,  G06F21/57 ,  G06F2221/2123 ,  G06F2221/2143

摘要： Provided is a tampering monitoring system that can identify a monitoring module that has been tampered with among a plurality of monitoring modules. A management apparatus is provided with an acquisition unit that acquires a new monitoring module that has not been tampered with, a generation unit that generates a decoy monitoring module by modifying the acquired monitoring module, a transmission unit that transmits the decoy monitoring module to the information security device and causes the information security device to install the decoy monitoring module therein, a reception unit that receives from the information security device, after the decoy monitoring module has been installed, monitoring results generated by the monitoring modules monitoring other monitoring modules, and a determination unit that identifies, by referring to the received monitoring results, a monitoring module that determines the decoy monitoring module to be valid and determines the identified monitoring module to be invalid.

摘要翻译： 提供了可以识别在多个监视模块中被篡改的监视模块的篡改监视系统。 一种管理装置，具备获取单元，其获取未被篡改的新的监视模块;生成单元，其通过修改获取的监视模块来生成诱饵监视模块;发送单元，将所述诱饵监视模块发送到所述信息 安全装置，使信息安全装置安装诱饵监视模块，在安装了诱饵监视模块之后从信息安全装置接收监视其他监视模块的监视模块生成的监视结果的接收部，以及 确定单元，其通过参考所接收的监视结果来识别监视模块，其将所述诱饵监视模块确定为有效并且将所识别的监视模块确定为无效。

公开(公告)号：US08726374B2

公开(公告)日：2014-05-13

申请号：US13133029

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： H04N21/442 ,  H04N1/00 ,  G06F21/55 ,  H04L27/00

CPC分类号： H04N21/44236 ,  G06F21/55 ,  H04L2027/0034 ,  H04N1/0088

摘要： A management device detects whether any normal monitoring module that has not been tampered with exists by referring to monitoring results received from an information security device and selects, when existence is detected, one of the monitoring modules and assumes that the selected monitoring module has been tampered with. The monitoring device then successively applies a procedure to monitoring modules other than the selected monitoring module by referring to the monitoring results, starting from the selected monitoring module, the procedure being to assume that any monitoring module determining that a monitoring module assumed to have been tampered with is normal has also been tampered with. As a result of the procedure, when all of the monitoring modules are assumed to have been tampered with the management device determines the selected monitoring module to be a normal monitoring module that has not been tampered with.

摘要翻译： 管理设备通过参考从信息安全设备接收到的监视结果来检测是否存在尚未被篡改的任何正常监视模块，并且当检测到存在时选择监视模块中的一个并假定所选监控模块已被篡改 与。 然后，监视装置依次从所选择的监视模块开始，参考监视结果，对所选择的监视模块以外的监控模块应用程序，该过程是假设任何监视模块确定监视模块被假定为被篡改 与正常也被篡改。 作为该过程的结果，当假定所有监视模块被篡改时，管理装置将所选择的监视模块确定为未被篡改的正常监视模块。

公开(公告)号：US08544093B2

公开(公告)日：2013-09-24

申请号：US13143594

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： H04L29/06

CPC分类号： G06F21/554

摘要： A malicious-module identification device identifies and deactivates a malicious module operating in an information processing device connected thereto via a network. The malicious-module identification device is provided with a reception unit for receiving results of tampering detection from a plurality of modules for detecting tampering, and a determination unit for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs. A deactivation unit outputs an instruction to deactivate the module identified as the malicious module.

摘要翻译： 恶意模块识别装置识别并去激活在经由网络与其连接的信息处理装置中工作的恶意模块。 恶意模块识别装置设置有用于从多个用于检测篡改的模块接收篡改检测结果的接收单元，以及用于假定多个模块中的模块是正常模块的确定单元，基于 假设在接收到的篡改检测结果中是否发生矛盾，并且在确定发生矛盾时，将假定为正常模块的模块识别为恶意模块。 停用单元输出禁用标识为恶意模块的模块的指令。

公开(公告)号：US08516574B2

公开(公告)日：2013-08-20

申请号：US12624739

申请日：2009-11-24

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： G06F17/30 ,  G06F11/00

CPC分类号： G06F21/57

摘要： An update server acquires, from an apparatus, a result of verifications relating to tampering of a protection control module and each of install modules included in an install module group. The update server determines a processing procedure of the apparatus depending on the acquired result of the verifications. Specifically, if it is judged that the protection control module and each of the install modules is unauthentic, then the update server transmits, to the apparatus, an instruction to perform updating of the unauthentic protection control module in preference to a revocation of the unauthentic install module.

摘要翻译： 更新服务器从设备获取与保护控制模块和包括在安装模块组中的每个更新模块的篡改相关的验证结果。 更新服务器根据获取的验证结果确定设备的处理过程。 具体而言，如果判断出保护控制模块和每个更新模块是不正确的，则更新服务器将优先于非真实安装的撤销，向设备发送执行不正当保护控制模块的更新的指令 模块。

公开(公告)号：US08448259B2

公开(公告)日：2013-05-21

申请号：US12919967

申请日：2009-03-12

申请人： Tomoyuki Haga ,  Yoshikatsu Ito ,  Yuichi Futa ,  Hideki Matsushima ,  Takayuki Ito

发明人： Tomoyuki Haga ,  Yoshikatsu Ito ,  Yuichi Futa ,  Hideki Matsushima ,  Takayuki Ito

IPC分类号： G06F21/00

CPC分类号： G06F21/10

摘要： A content playback device of the present invention includes a playback unit 200 operable to play back a content; a normal storage unit 250 that is not tamper-resistant; a secure storage unit 350 that is tamper-resistant; a first control sub-unit 230 that writes playback records indicating elapsed playback time of the content into the normal storage unit one by one at regular time intervals; and a second control sub-unit 330 that (i) writes monitoring records with respect to the playback records into the secure storage unit 350 one by one at irregular time intervals and (ii) determines that the playback records stored in the normal storage unit 250 have not been tampered with if a prescribed relation is satisfied between a specific time point obtained according to a latest one of the monitoring records and one of the playback records corresponding to the specific time point.

摘要翻译： 本发明的内容回放装置包括可再现内容的重放单元200; 不防篡改的普通存储单元250; 防篡改的安全存储单元350; 第一控制子单元230，其以规则的时间间隔逐个地将指示所述内容的经过的播放时间的播放记录逐个写入正常存储单元; 以及第二控制子单元330，其（i）以不规则的时间间隔逐个地将关于重放记录的监视记录写入安全存储单元350，以及（ii）确定存储在正常存储单元250中的重放记录 如果在根据最新的一个监视记录获得的特定时间点与对应于特定时间点的播放记录之一满足规定的关系，则没有被篡改。

公开(公告)号：US08418256B2

公开(公告)日：2013-04-09

申请号：US12484627

申请日：2009-06-15

申请人： Yuichi Futa ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yoshikatsu Ito

发明人： Yuichi Futa ,  Tomoyuki Haga ,  Takayuki Ito ,  Hideki Matsushima ,  Yoshikatsu Ito

IPC分类号： G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F7/04 ,  G06F17/30 ,  H04N7/16

CPC分类号： G06F12/0246 ,  G06F21/10 ,  G06F21/64 ,  G06F2221/2101 ,  G06F2221/2151

摘要： A data storage apparatus is provided that realizes a measure against deterioration of a flash memory in which integrity check data is stored. A content playback apparatus (1000) uses a hash value of playback history information as integrity check data (confirmation data) for confirming whether the playback history information has been falsified. A first address calculation unit (1004) and a second address calculation unit (1006) determine a read-in address and a storage destination address for the integrity check data, with use of the hash value. Accordingly, the storage destination addresses can be diffused, thus enabling preventing deterioration of the flash memory.

摘要翻译： 提供了一种实现针对存储完整性检查数据的闪存的劣化的措施的数据存储装置。 内容再现装置（1000）使用回放历史信息的哈希值作为确认回放历史信息是否被伪造的完整性检查数据（确认数据）。 第一地址计算单元（1004）和第二地址计算单元（1006）利用散列值确定完整性检查数据的读入地址和存储目的地地址。 因此，存储目的地地址可以被扩散，从而能够防止闪存的劣化。

公开(公告)号：US20110246783A1

公开(公告)日：2011-10-06

申请号：US13127806

申请日：2010-09-16

申请人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Junya Iwazaki

发明人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Junya Iwazaki

IPC分类号： G06F11/30

CPC分类号： H04L63/1416 ,  G06F11/16 ,  G06F21/121 ,  G06F21/44 ,  G06F21/556 ,  G06F2221/2103 ,  G06F2221/2107 ,  G06F2221/2129 ,  H04L9/085 ,  H04L9/0891 ,  H04L9/3234 ,  H04L9/3242 ,  H04L9/3263 ,  H04L9/3273 ,  H04L63/126

摘要： The present invention aims to perform tamper detection on a protection control module without having detection modules come to know the key data and functions thereof. The detection modules of the present invention perform tamper detection by verifying whether or not the correspondence between the input and output data of the application decryption process performed by the protection control module is correct. Furthermore, the present invention offers improved security against leaks of the application output data by the detection modules by having a plurality of detection modules verify different data blocks.

摘要翻译： 本发明的目的是在保护控制模块上进行篡改检测，而不需要检测模块来了解其关键数据和功能。 本发明的检测模块通过验证由保护控制模块执行的应用解密处理的输入和输出数据之间的对应是否正确来执行篡改检测。 此外，本发明通过具有多个检测模块来验证不同的数据块，提供了通过检测模块来提高针对应用输出数据泄漏的安全性。

公开(公告)号：US07958240B2

公开(公告)日：2011-06-07

申请号：US12266010

申请日：2008-11-06

申请人： Yuichi Futa ,  Hiroki Yamauchi ,  Yuusaku Ohta ,  Natsume Matsuzaki

发明人： Yuichi Futa ,  Hiroki Yamauchi ,  Yuusaku Ohta ,  Natsume Matsuzaki

IPC分类号： G06F15/173

CPC分类号： H04W40/246 ,  H04L29/06 ,  H04L41/0893 ,  H04L41/509 ,  H04L43/50 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L67/18 ,  H04L69/16 ,  H04L69/329 ,  H04W4/02 ,  H04W40/20 ,  H04W76/10

摘要： In a server, an echo-request transmitting unit transmits echo-request data to a target device, and an echo-reply receiving unit receives echo-reply data from the target device. A time measuring unit measures, as the target time, the time required between transmission of the echo-request data and reception of the echo-reply data, and compares the target time with the reference time. In this way, the server judges whether the target device connected to its network belongs to a predetermined group.

摘要翻译： 在服务器中，回波请求发送单元向目标设备发送回波请求数据，回波应答接收单元从目标设备接收回波应答数据。 时间测量单元测量回波请求数据的发送和回波回复数据的接收之间的时间作为目标时间，并将目标时间与参考时间进行比较。 以这种方式，服务器判断连接到其网络的目标设备是否属于预定组。

公开(公告)号：US20110093210A1

公开(公告)日：2011-04-21

申请号：US12995801

申请日：2010-04-02

申请人： Natsume Matsuzaki ,  Yuichi Futa ,  Masao Nonaka

发明人： Natsume Matsuzaki ,  Yuichi Futa ,  Masao Nonaka

IPC分类号： G06F19/00 ,  H04L9/32

CPC分类号： A61B5/021 ,  A61B5/0002 ,  A61B5/0006 ,  A61B5/024 ,  A61B2560/0271 ,  G06F19/00 ,  G06F19/3418 ,  H04L9/085 ,  H04L9/302 ,  H04L9/3231 ,  H04L9/3247 ,  H04L2209/805 ,  H04L2209/88

摘要： A measurement device includes: a first measurement unit (101) measuring first biological data at least k times (k≧2) to obtain any k first measurement values; a distributed-signature generation unit (104) executing signature operations for the k first measurement values using any various k distributed-signature keys, respectively, to generate k distributed signatures, where the k distributed-signature keys can reconstruct a signature generation key only when all of them are available; a signature synthesis unit (106) synthesizing the k distributed signatures together to reconstruct a signature; and a steady state verification unit (107) verifying, using a signature verification key corresponding to the signature generation key, whether or not the signature reconstructed by the signature synthesis unit is correct, where the correctness of the signature means that the k first measurement values are same values.

摘要翻译： 测量装置包括：测量至少k次（k≥2）的第一生物数据以获得任何k个第一测量值的第一测量单元（101） 一个分布式签名生成单元（104）分别使用各种k个分布式签名密钥执行k个第一测量值的签名操作，以生成k个分布式签名，其中k个分布式签名密钥只能在 所有这些都可用; 签名合成单元（106），将k个分散签名合成在一起以重构签名; 以及稳定状态验证单元，使用与所述签名生成密钥相对应的签名验证密钥，验证由所述签名合成部重构的签名是否正确，所述签名的正确性是指所述k个第一测量值 是相同的值。

公开(公告)号：US20100177886A1

公开(公告)日：2010-07-15

申请号：US12376494

申请日：2008-05-20

申请人： Yuichi Futa ,  Masao Nonaka ,  Natsume Matsuzaki

发明人： Yuichi Futa ,  Masao Nonaka ,  Natsume Matsuzaki

IPC分类号： H04L9/28 ,  G06F1/28

CPC分类号： G06F7/723 ,  G06F2207/7261 ,  H04L9/002 ,  H04L9/302 ,  H04L9/3066

摘要： To aim to provide an information security device capable of reducing a period necessary for performing a power operation used for secret communication or authentication. The information security device performs secret communication or authentication by calculating an exponentiation X̂d based on target data X and a secret value d using the window method. In the process of calculating the exponentiation X̂d, immediately after square of a random value R acquired for multiplication is repeatedly performed a predetermined number of times, for example 256 times, a result of square of the random value R is cancelled using a cancellation value S (=R̂(−2̂256)). This makes it unnecessary to perform cancellation processing that has been conventionally performed.

摘要翻译： 旨在提供能够减少执行用于秘密通信或认证的电力操作所需的时间的信息安全装置。 信息安全装置通过使用窗口方法基于目标数据X和秘密值d计算取幂Xd来执行秘密通信或认证。 在计算求幂Xd的过程中，在乘法获得的随机值R的平方之后，如果重复执行预定次数（例如256次），则使用消除值S来取消随机值R的平方的结果 （= R（-2256））。 这使得不需要执行常规执行的取消处理。