公开(公告)号：US08090956B2

公开(公告)日：2012-01-03

申请号：US11886576

申请日：2006-03-27

申请人： Rieko Asai ,  Taichi Sato ,  Tomoyuki Haga ,  Kenichi Matsumoto ,  Akito Monden ,  Masahide Nakamura

发明人： Rieko Asai ,  Taichi Sato ,  Tomoyuki Haga ,  Kenichi Matsumoto ,  Akito Monden ,  Masahide Nakamura

IPC分类号： G06F12/14

CPC分类号： H04L9/085 ,  G06F21/10 ,  G06F21/125 ,  G06F21/14 ,  G06F21/54 ,  G06F21/6209

摘要： To provide a program conversion device capable of executing a program that includes a secret operation using secret information without exposure of the secret information in a memory. In an execution program generation device, with respect to an original program that includes the secret operation, a combining function generation unit generates combining function processing for applying a bitwise self-dual function to an input value, a split secret information generation unit generates pieces of split secret information by performing an inverse operation of the self-dual function, a program conversion unit generates pieces of split secret operation processing each for performing the operation between each bit value of the operand information and a corresponding bit value of a different piece of the split secret information, and replaces the secret operation processing with the pieces of the split secret operation processing and the combining function processing.

摘要翻译： 提供一种程序转换装置，其能够执行包含使用秘密信息的秘密操作而不在存储器中隐藏秘密信息的秘密操作的程序。 在执行程序生成装置中，对于包含秘密操作的原始程序，组合函数生成单元生成用于对输入值应用按位自双重功能的组合功能处理，分割秘密信息生成单元生成 通过执行自双重功能的反向操作来分割秘密信息，程序转换单元生成分割秘密操作处理，每个分割秘密操作处理用于执行操作数信息的每个位值和不同片段的对应位值之间的操作 分割秘密信息，并且通过分割秘密操作处理和组合功能处理来代替秘密操作处理。

公开(公告)号：US20080278285A1

公开(公告)日：2008-11-13

申请号：US11951051

申请日：2007-12-05

申请人： Hideki Matsushima ,  Rieko Asai ,  Manabu Maeda ,  Kaoru Yokota

发明人： Hideki Matsushima ,  Rieko Asai ,  Manabu Maeda ,  Kaoru Yokota

IPC分类号： H04L9/32

CPC分类号： G11B20/00695 ,  G06F21/575 ,  G06F21/78 ,  G11B20/00086 ,  G11B2220/61

摘要： When a recording media 10 including secure areas is inserted in an electronic terminal 30, the electronic terminal 30 reads a predetermined program from the recording media 10. As a result of processing performed by the program, the recording media 10 judges a boot state of the electronic terminal 30 when the recording media 10 is inserted in the electronic terminal 30. As a result of the judgment, when the recording media 10 is inserted in the electronic terminal 30 immediately after the electronic terminal 30 is booted, the recording media 10 imposes a loose restriction of accessing the secure areas. As a point of time when the recording media 10 is inserted in the electronic terminal 30 is nearer to a point of time when the boot of the electronic terminal 30 has been completed, the recording media 10 imposes a severer restriction of accessing the secure areas.

摘要翻译： 当包括安全区域的记录介质10插入电子终端30中时，电子终端30从记录介质10读取预定程序。 作为由程序执行的处理的结果，当记录介质10插入电子终端30中时，记录介质10判断电子终端30的启动状态。 作为判断的结果，当记录介质10在电子终端30启动之后立即插入电子终端30中时，记录介质10对访问安全区域施加了松散的限制。 当电子终端30中插入记录介质10的时间点更靠近电子终端30的启动完成的时间点时，记录介质10对访问安全区域施加了更严格的限制。

公开(公告)号：US20070294534A1

公开(公告)日：2007-12-20

申请号：US11790399

申请日：2007-04-25

申请人： Rieko Asai ,  Yukie Shoda ,  Teruto Hirota ,  Yoshikatsu Ito ,  Taichi Sato ,  Hideki Matsushima ,  Toshihisa Abe

发明人： Rieko Asai ,  Yukie Shoda ,  Teruto Hirota ,  Yoshikatsu Ito ,  Taichi Sato ,  Hideki Matsushima ,  Toshihisa Abe

IPC分类号： G06F9/24

CPC分类号： G06F21/14 ,  G06F21/6218 ,  G06F21/6281

摘要： An encrypted-data decrypting apparatus that provides enhanced security protection for programs and data while they are in the processes of decryption to execution after having been encrypted. When a decrypted partial program needs to be loaded into the shared memory M, the controlling unit 11 loads it into an area indicated by the memory location information. According to the memory location information, a plurality of partial programs are sequentially loaded into an area so that one partial program gets overwritten by another; therefore, none of the partial programs exists in the memory for a long time, and thus there is less possibility of having the partial programs referred to illegitimately. In addition, since every time some data is decrypted, the decryption support program authenticating unit 13 confirms authenticity of the decryption support program P, it is possible to prevent having illegitimate references in which the decryption support program is abused.

公开(公告)号：US08656175B2

公开(公告)日：2014-02-18

申请号：US12091250

申请日：2006-10-24

申请人： Tomoyuki Haga ,  Taichi Sato ,  Rieko Asai

发明人： Tomoyuki Haga ,  Taichi Sato ,  Rieko Asai

IPC分类号： H04L9/16

CPC分类号： H04L9/085 ,  H04L9/3249

摘要： When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump. A signature generation device that provides a message M with a signature by using a signature key comprises: a split key storage unit that stores split secret keys obtained by splitting the signature key d into at least two, a signature key generation equation F for calculating the split secret keys to obtain the signature key d, and a signature generation equation; a signature key generation identical equation generation unit that generates a signature key generation identical equation G for obtaining the same result as the signature generation equation F, with use of an associative law, a distributive law, and a commutative law; a combined split key generation unit that generates a plurality of combined split keys that are each a result of calculating the split secret keys, and that are to be arguments for the signature key generation identical equation G; and a signature generation unit that provides the message with the signature, based on the signature key generation identical equation G and the split secret keys.

摘要翻译： 当使用需要保密的机密信息进行安全处理时，根据本发明的安全处理装置防止机密信息被诸如存储器转储之类的未经授权的分析所暴露。 通过使用签名密钥向消息M提供签名的签名生成装置包括：分割密钥存储单元，其将通过将签名密钥d分割为至少两个而获得的分离密钥，将签名密钥生成等式F计算为 分离密钥以获得签名密钥d和签名生成方程; 签名密钥生成相同方程生成单元，其使用关联定律，分配规则和交换规则生成用于获得与签名生成方程F相同的结果的签名密钥生成相同等式G; 组合分割密钥生成单元，其生成分别是计算分离的秘密密钥的结果的多个组合分割关键字，并且作为签名密钥生成相同方程式G的参数; 以及签名生成单元，其基于签名密钥生成相同的等式G和分割的秘密密钥向消息提供签名。

公开(公告)号：US08135963B2

公开(公告)日：2012-03-13

申请号：US11884147

申请日：2006-02-09

申请人： Taichi Sato ,  Rieko Asai ,  Yoshikatsu Ito ,  Kouichi Kanemura ,  Hideki Matsushima

发明人： Taichi Sato ,  Rieko Asai ,  Yoshikatsu Ito ,  Kouichi Kanemura ,  Hideki Matsushima

IPC分类号： H04L29/06 ,  H04L9/00 ,  G06F11/30 ,  G06F11/00 ,  H04N7/167

CPC分类号： G06F21/14

摘要： A program conversion device generates a program by obfuscating an original program, and generates and encrypts conversion parameters for inverse conversion of the obfuscated program. The program conversion device distributes the obfuscated program together with the encrypted conversion parameters. To execute the obfuscated program, a device having a high security level decrypts the encrypted parameters by using a decryption key stored in advance, applies inverse conversion to the obfuscated program by using the decrypted conversion parameters, and executes the program resulting from the inverse conversion. A device having a low security level executes the obfuscated program without any inverse conversion.

摘要翻译： 程序转换装置通过模糊原始程序来生成程序，并且生成并加密转换参数，用于对模糊程序进行逆转换。 程序转换装置将加密的程序与加密的转换参数一起分发。 为了执行混淆程序，具有高安全级别的设备通过使用预先存储的解密密钥对加密参数进行解密，通过使用解密的转换参数将反转换应用于混淆程序，并执行逆转换产生的程序。 具有低安全级别的设备执行混淆的程序而不进行任何逆转换。

公开(公告)号：US08108689B2

公开(公告)日：2012-01-31

申请号：US12091224

申请日：2006-10-27

申请人： Kenneth Alexander Nicolson ,  Rieko Asai ,  Taichi Sato

发明人： Kenneth Alexander Nicolson ,  Rieko Asai ,  Taichi Sato

IPC分类号： G06F21/00

CPC分类号： G06F21/14

摘要： An obfuscation evaluation method which sufficiently evaluates an obfuscation performed on a program. The obfuscation evaluation method includes: a step of executing an obfuscated code module produced by obfuscating an original code module of a program, and generating a trace output file by logging a result of the execution; and a step of identifying the degree of obfuscation of the obfuscated code module by evaluating the trace output file.

摘要翻译： 一种充分评估对程序执行的混淆的混淆评估方法。 混淆评估方法包括：执行通过对程序的原始代码模块进行模糊而产生的模糊化代码模块的步骤，以及通过记录执行结果生成跟踪输出文件; 以及通过评估跟踪输出文件来识别模糊化代码模块的混淆程度的步骤。

公开(公告)号：US20090307500A1

公开(公告)日：2009-12-10

申请号：US12162706

申请日：2007-02-06

申请人： Taichi Sato ,  Rieko Asai ,  Kenneth Alexander Nicolson

发明人： Taichi Sato ,  Rieko Asai ,  Kenneth Alexander Nicolson

IPC分类号： G06F21/22

CPC分类号： G06F21/14

摘要： A program obfuscator of the present invention divides a target program into a plurality of blocks and determines program instructions allocated according to an input/output relation between the blocks, in order to diffuse and allocate the program instructions for calculating a value of secret information in various places of the program. More specifically, with regard to a variable for calculating the secret information transferred to and from the blocks, a value of the variable when outputted from a block is equalized to a value of the variable when inputted to a next block. A random variable conversion instruction is added to each of the blocks so that a value of the variable when outputted from each block is in a range of a value expected as an input to the next block.

摘要翻译： 本发明的程序混淆器将目标程序划分为多个块，并根据块之间的输入/输出关系确定分配的程序指令，以扩散并分配用于计算各种秘密信息的值的程序指令 程序的地方。 更具体地，关于用于计算传送到块的秘密信息的变量，当从块输出时，变量的值在输入到下一个块时与变量的值相等。 随机变量指令被添加到每个块，使得当从每个块输出时变量的值在期望作为下一个块的输入的值的范围内。

公开(公告)号：US20080162949A1

公开(公告)日：2008-07-03

申请号：US11884147

申请日：2006-02-09

申请人： Taichi Sato ,  Rieko Asai ,  Yoshikatsu Ito ,  Kouichi Kanemura ,  Hideki Matsushima

发明人： Taichi Sato ,  Rieko Asai ,  Yoshikatsu Ito ,  Kouichi Kanemura ,  Hideki Matsushima

IPC分类号： G06F11/30

CPC分类号： G06F21/14

摘要： It is troublesome for a distributor (server) to manage a plurality of programs of different obfuscated levels that are suitable for various devices, including ones having a high-speed CPU but with low security level (PCs) and ones having a low-speed CPU but with high security level (consumer products). A program conversion device generates a program by obfuscating an original program, and also generates and encrypts conversion parameters for inverse conversion of the obfuscated program. The program conversion device distributes the obfuscated program together with the encrypted conversion parameters. To execute the obfuscated program, a device having a high security level decrypts the encrypted parameters by using a decryption key stored in advance, applies inverse conversion to the obfuscated program by using the decrypted conversion parameters, and executes the program resulting from the inverse conversion. A device having a low security level executes the obfuscated program as it is without any inverse conversion.

摘要翻译： 分销商（服务器）管理适合于各种设备的不同混淆级别的多个程序是麻烦的，包括具有高速CPU但具有低安全级别（PC）的程序，并且具有低速CPU 但具有较高的安全级别（消费品）。 程序转换装置通过模糊原始程序来生成程序，并且还生成并加密转换参数，用于对模糊程序进行逆转换。 程序转换装置将加密的程序与加密的转换参数一起分发。 为了执行混淆程序，具有高安全级别的设备通过使用预先存储的解密密钥对加密参数进行解密，通过使用解密的转换参数将反转换应用于混淆程序，并执行逆转换产生的程序。 具有低安全级别的设备按原样执行模糊化程序，而不进行任何逆转换。

公开(公告)号：US06760765B1

公开(公告)日：2004-07-06

申请号：US09692545

申请日：2000-10-20

申请人： Rieko Asai ,  Takeshi Omura ,  Masaki Horiuchi

发明人： Rieko Asai ,  Takeshi Omura ,  Masaki Horiuchi

IPC分类号： G06F15173

CPC分类号： H04L67/1008 ,  H04L29/06 ,  H04L29/06027 ,  H04L65/1069 ,  H04L65/4076 ,  H04L65/4084 ,  H04L67/1002 ,  H04L67/1012 ,  H04L67/1034 ,  H04L2029/06054

摘要： A cluster server apparatus operable to continuously carrying out data distribution to terminals even if among a plurality of cache servers of the cluster server apparatus cache server, while optimally distributing loads on the plurality of cache servers. A cluster control unit of the cluster server apparatus distributes requests from the terminals based on the load of each of the plurality of cache servers. A cache server among the plurality of cache servers distributes, requested data (streaming data) to a terminal if the requested data is stored in a streaming data storage unit of the cache server, while distributing data from a content server the requested data if it is not stored in the streaming data storage unit. The data distributed from the content server is redundantly stored in the respective streaming data storage units of two or more cache servers. One cache server detects the state of distribution of the other cache server that stores the same data as that stored in the one cache server. If the one cache server becomes unable to carry out distribution, the other cache server continues data distribution instead.

摘要翻译： 一种群集服务器装置，即使在所述群集服务器装置高速缓存服务器的多个高速缓存服务器中，即使在所述多个高速缓存服务器上最佳地分配负载的情况下，也可以连续地对终端进行数据分发。 集群服务器装置的集群控制部基于多个高速缓存服务器的负载分配来自终端的请求。 如果所请求的数据被存储在缓存服务器的流式数据存储单元中，则多个高速缓存服务器之间的缓存服务器将所请求的数据（流数据）分发到终端，同时从内容服务器分发数据，如果是所请求的数据 不存储在流数据存储单元中。 从内容服务器分发的数据被冗余地存储在两个或更多个缓存服务器的各个流数据存储单元中。 一个缓存服务器检测存储与存储在一个缓存服务器中的数据相同的数据的另一高速缓存服务器的分发状态。 如果一个缓存服务器无法执行分发，则另一个缓存服务器将继续进行数据分发。

公开(公告)号：US6012635A

公开(公告)日：2000-01-11

申请号：US618731

申请日：1996-03-20

申请人： Katsumi Shimada ,  Rieko Asai ,  Chizuo Suzuki ,  Seiji Mori ,  Kyouko Terada ,  Asako Haseba

发明人： Katsumi Shimada ,  Rieko Asai ,  Chizuo Suzuki ,  Seiji Mori ,  Kyouko Terada ,  Asako Haseba

IPC分类号： G06K17/00 ,  G07F7/02 ,  G07F7/08 ,  G07F7/10 ,  G07G1/00 ,  G07G1/12 ,  G06K5/00

CPC分类号： G07F7/1008 ,  G06Q20/0453 ,  G06Q20/341 ,  G06Q20/342 ,  G06Q20/346 ,  G06Q20/3576 ,  G06Q20/387 ,  G06Q20/389 ,  G07F7/025 ,  G07G1/0036 ,  G07G1/12

摘要： A card terminal for settling transactions with a prepaid card or a credit card using comprising a card reader for reading data out of the card, a data writer for writing data on the card, a display for indicating the customer's data, transaction data, and stamp points, and a keyboard for inputting sales data, customer's data, or stamp point data. The card terminal has at least one of the functions from among inquiring about the transaction, cancellation of the transaction, purchase of commodities, calculation of the service points in accordance with an amount of transaction, display of the personal anniversary of the customer, and writing the details of a transaction, the service points, or personal data, even if the card is prepaid card or a credit card. The service point can be increased in accordance with the convenience of the stores, such as a bonus sales and customer's anniversary, by setting a multiple at the card terminal. These multiple functions are automatically and systematically achieved, to realize improved service and quick efficient business.

摘要翻译： 一种用于使用预付卡或信用卡结算交易的卡终端，包括用于从卡读取数据的读卡器，用于在卡上写入数据的数据写入器，用于指示客户数据的显示器，交易数据和印记 点和用于输入销售数据，客户数据或印记点数据的键盘。 卡终端​​至少有一个功能是查询交易，取消交易，购买商品，根据交易金额计算服务点，显示客户的个人周年以及写 交易的细节，服务点或个人数据，即使卡是预付卡还是信用卡。 通过在卡终端设置倍数，可以根据商店的便利性（如奖金销售和客户周年纪念）来增加服务点。 自动系统地实现这些多功能，实现改进服务，快速有效的业务。