摘要:
To provide a program conversion device capable of executing a program that includes a secret operation using secret information without exposure of the secret information in a memory. In an execution program generation device, with respect to an original program that includes the secret operation, a combining function generation unit generates combining function processing for applying a bitwise self-dual function to an input value, a split secret information generation unit generates pieces of split secret information by performing an inverse operation of the self-dual function, a program conversion unit generates pieces of split secret operation processing each for performing the operation between each bit value of the operand information and a corresponding bit value of a different piece of the split secret information, and replaces the secret operation processing with the pieces of the split secret operation processing and the combining function processing.
摘要:
When a recording media 10 including secure areas is inserted in an electronic terminal 30, the electronic terminal 30 reads a predetermined program from the recording media 10. As a result of processing performed by the program, the recording media 10 judges a boot state of the electronic terminal 30 when the recording media 10 is inserted in the electronic terminal 30. As a result of the judgment, when the recording media 10 is inserted in the electronic terminal 30 immediately after the electronic terminal 30 is booted, the recording media 10 imposes a loose restriction of accessing the secure areas. As a point of time when the recording media 10 is inserted in the electronic terminal 30 is nearer to a point of time when the boot of the electronic terminal 30 has been completed, the recording media 10 imposes a severer restriction of accessing the secure areas.
摘要:
An encrypted-data decrypting apparatus that provides enhanced security protection for programs and data while they are in the processes of decryption to execution after having been encrypted. When a decrypted partial program needs to be loaded into the shared memory M, the controlling unit 11 loads it into an area indicated by the memory location information. According to the memory location information, a plurality of partial programs are sequentially loaded into an area so that one partial program gets overwritten by another; therefore, none of the partial programs exists in the memory for a long time, and thus there is less possibility of having the partial programs referred to illegitimately. In addition, since every time some data is decrypted, the decryption support program authenticating unit 13 confirms authenticity of the decryption support program P, it is possible to prevent having illegitimate references in which the decryption support program is abused.
摘要:
When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump. A signature generation device that provides a message M with a signature by using a signature key comprises: a split key storage unit that stores split secret keys obtained by splitting the signature key d into at least two, a signature key generation equation F for calculating the split secret keys to obtain the signature key d, and a signature generation equation; a signature key generation identical equation generation unit that generates a signature key generation identical equation G for obtaining the same result as the signature generation equation F, with use of an associative law, a distributive law, and a commutative law; a combined split key generation unit that generates a plurality of combined split keys that are each a result of calculating the split secret keys, and that are to be arguments for the signature key generation identical equation G; and a signature generation unit that provides the message with the signature, based on the signature key generation identical equation G and the split secret keys.
摘要:
A program conversion device generates a program by obfuscating an original program, and generates and encrypts conversion parameters for inverse conversion of the obfuscated program. The program conversion device distributes the obfuscated program together with the encrypted conversion parameters. To execute the obfuscated program, a device having a high security level decrypts the encrypted parameters by using a decryption key stored in advance, applies inverse conversion to the obfuscated program by using the decrypted conversion parameters, and executes the program resulting from the inverse conversion. A device having a low security level executes the obfuscated program without any inverse conversion.
摘要:
An obfuscation evaluation method which sufficiently evaluates an obfuscation performed on a program. The obfuscation evaluation method includes: a step of executing an obfuscated code module produced by obfuscating an original code module of a program, and generating a trace output file by logging a result of the execution; and a step of identifying the degree of obfuscation of the obfuscated code module by evaluating the trace output file.
摘要:
A program obfuscator of the present invention divides a target program into a plurality of blocks and determines program instructions allocated according to an input/output relation between the blocks, in order to diffuse and allocate the program instructions for calculating a value of secret information in various places of the program. More specifically, with regard to a variable for calculating the secret information transferred to and from the blocks, a value of the variable when outputted from a block is equalized to a value of the variable when inputted to a next block. A random variable conversion instruction is added to each of the blocks so that a value of the variable when outputted from each block is in a range of a value expected as an input to the next block.
摘要:
It is troublesome for a distributor (server) to manage a plurality of programs of different obfuscated levels that are suitable for various devices, including ones having a high-speed CPU but with low security level (PCs) and ones having a low-speed CPU but with high security level (consumer products). A program conversion device generates a program by obfuscating an original program, and also generates and encrypts conversion parameters for inverse conversion of the obfuscated program. The program conversion device distributes the obfuscated program together with the encrypted conversion parameters. To execute the obfuscated program, a device having a high security level decrypts the encrypted parameters by using a decryption key stored in advance, applies inverse conversion to the obfuscated program by using the decrypted conversion parameters, and executes the program resulting from the inverse conversion. A device having a low security level executes the obfuscated program as it is without any inverse conversion.
摘要:
A cluster server apparatus operable to continuously carrying out data distribution to terminals even if among a plurality of cache servers of the cluster server apparatus cache server, while optimally distributing loads on the plurality of cache servers. A cluster control unit of the cluster server apparatus distributes requests from the terminals based on the load of each of the plurality of cache servers. A cache server among the plurality of cache servers distributes, requested data (streaming data) to a terminal if the requested data is stored in a streaming data storage unit of the cache server, while distributing data from a content server the requested data if it is not stored in the streaming data storage unit. The data distributed from the content server is redundantly stored in the respective streaming data storage units of two or more cache servers. One cache server detects the state of distribution of the other cache server that stores the same data as that stored in the one cache server. If the one cache server becomes unable to carry out distribution, the other cache server continues data distribution instead.
摘要:
A card terminal for settling transactions with a prepaid card or a credit card using comprising a card reader for reading data out of the card, a data writer for writing data on the card, a display for indicating the customer's data, transaction data, and stamp points, and a keyboard for inputting sales data, customer's data, or stamp point data. The card terminal has at least one of the functions from among inquiring about the transaction, cancellation of the transaction, purchase of commodities, calculation of the service points in accordance with an amount of transaction, display of the personal anniversary of the customer, and writing the details of a transaction, the service points, or personal data, even if the card is prepaid card or a credit card. The service point can be increased in accordance with the convenience of the stores, such as a bonus sales and customer's anniversary, by setting a multiple at the card terminal. These multiple functions are automatically and systematically achieved, to realize improved service and quick efficient business.