公开(公告)号：US20130067220A1

公开(公告)日：2013-03-14

申请号：US13698359

申请日：2011-04-21

申请人： Eriko Ando ,  Ken Naganuma ,  Toru Owada

发明人： Eriko Ando ,  Ken Naganuma ,  Toru Owada

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： G08G1/123 ,  G08G1/096783 ,  H04L9/3268 ,  H04L63/0823 ,  H04L67/12 ,  H04L2209/84

摘要： There is a need to reduce the certificate verification time in a communication system.A communication system (10) includes a certificate authority (100) for performing authentication, a roadside device (110), a vehicle-mounted terminal (120), a first server (130), and a second server (140). The vehicle-mounted terminal transmits its own position information to the first server. The certificate authority acquires information about a vehicle-mounted terminal highly likely to appear according to place and time from the first server. The certificate authority allows the second server to verify validity of a certificate for a vehicle-mounted terminal acquired from the first server. The certificate authority generates a first list of vehicle-mounted terminals having valid certificates and a second list of vehicle-mounted terminals having invalid certificates according to place and time based on a verification result. The certificate authority transmits the first list and the second list to the roadside device and the vehicle-mounted terminal. The roadside device and the vehicle-mounted terminal verify a certificate using the received first and second lists. Thus, the certificate verification time is reduced.

摘要翻译： 需要减少通信系统中的证书验证时间。 通信系统（10）包括用于执行认证的认证机构（100），路侧设备（110），车载终端（120），第一服务器（130）和第二服务器（140）。 车载终端将其自己的位置信息发送到第一服务器。 认证机构从第一台服务器获取有关根据地点和时间极有可能出现的车载终端的信息。 认证机构允许第二服务器验证从第一服务器获取的车载终端的证书的有效性。 基于验证结果，认证机构根据地点和时间生成具有有效证书的车载终端的第一列表和具有无效证书的车载终端的第二列表。 认证机构将第一列表和第二列表发送到路侧设备和车载终端。 路边设备和车载终端使用接收到的第一和第二列表来验证证书。 因此，证书验证时间减少。

公开(公告)号：US09432197B2

公开(公告)日：2016-08-30

申请号：US13580564

申请日：2011-02-22

申请人： Ken Naganuma ,  Toru Owada ,  Eriko Ando

发明人： Ken Naganuma ,  Toru Owada ,  Eriko Ando

IPC分类号： H04L29/00 ,  H04L9/32 ,  G06F21/35 ,  G06F21/74 ,  H04L29/06

CPC分类号： H04L9/3242 ,  G06F21/35 ,  G06F21/74 ,  G06F2221/2105 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/0869 ,  H04L63/123 ,  H04L2209/80 ,  H04L2209/84 ,  H04W12/06

摘要： An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S200 and S300). The generated message authentication cod and digital signature are transmitted with being added to the communication data. Upon reception, whether authentication should be done using either one of the message authentication code and the digital signature included in received information is determined according to its own state for the authentication (S400 and S500). This state includes, for example, a load state of a central processing unit or the like that performs an authentication process.

摘要翻译： 提供一种验证方法，其能够在允许的时间内执行消息认证，而不管消息数量的大小，并且在允许时间允许的范围内执行高精度的消息认证。 在通过与另一移动站或固定站的无线通信发送时，生成通信数据和数字签名的消息认证码（S200和S300）。 生成的消息认证码和数字签名被添加到通信数据中。 在接收时，根据其本身的认证状态来确定是否使用接收信息中包括的消息认证码和数字签名中的任何一个进行认证（S400和S500）。 该状态例如包括执行认证处理的中央处理单元等的负载状态。

公开(公告)号：US20120311340A1

公开(公告)日：2012-12-06

申请号：US13580564

申请日：2011-02-22

申请人： Ken Naganuma ,  Toru Owada ,  Eriko Ando

发明人： Ken Naganuma ,  Toru Owada ,  Eriko Ando

IPC分类号： H04L9/32 ,  H04L9/14

CPC分类号： H04L9/3242 ,  G06F21/35 ,  G06F21/74 ,  G06F2221/2105 ,  H04L63/08 ,  H04L63/0838 ,  H04L63/0869 ,  H04L63/123 ,  H04L2209/80 ,  H04L2209/84 ,  H04W12/06

摘要： An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S200 and S300). The generated message authentication cod and digital signature are transmitted with being added to the communication data. Upon reception, whether authentication should be done using either one of the message authentication code and the digital signature included in received information is determined according to its own state for the authentication (S400 and S500). This state includes, for example, a load state of a central processing unit or the like that performs an authentication process.

摘要翻译： 提供一种验证方法，其能够在允许的时间内执行消息认证，而不管消息数量的大小，并且在允许时间允许的范围内执行高精度的消息认证。 在通过与另一移动站或固定站的无线通信发送时，生成通信数据和数字签名的消息认证码（S200和S300）。 生成的消息认证码和数字签名被添加到通信数据中。 在接收时，根据其本身的认证状态来确定是否使用接收信息中包括的消息认证码和数字签名中的任何一个进行认证（S400和S500）。 该状态例如包括执行认证处理的中央处理单元等的负载状态。

公开(公告)号：US08819418B2

公开(公告)日：2014-08-26

申请号：US13698359

申请日：2011-04-21

申请人： Eriko Ando ,  Ken Naganuma ,  Toru Owada

发明人： Eriko Ando ,  Ken Naganuma ,  Toru Owada

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC分类号： G08G1/123 ,  G08G1/096783 ,  H04L9/3268 ,  H04L63/0823 ,  H04L67/12 ,  H04L2209/84

摘要： A communication system includes a certificate authority for performing authentication, a roadside device, a vehicle-mounted terminal, a first server, and a second server. The vehicle-mounted terminal transmits position information to the first server. The certificate authority acquires information about a vehicle-mounted terminal likely to appear according to place and time from the first server. The certificate authority allows the second server to verify validity of a certificate for a vehicle-mounted terminal acquired from the first server. The certificate authority generates a first list of vehicle-mounted terminals having valid certificates and a second list of vehicle-mounted terminals having invalid certificates according to place and time based on a verification result. The certificate authority transmits the first and second lists to the roadside device and the vehicle-mounted terminal. The roadside device and the vehicle-mounted terminal verify a certificate using the received first and second lists thereby reducing the certificate verification time.

摘要翻译： 通信系统包括用于执行认证的认证机构，路侧设备，车载终端，第一服务器和第二服务器。 车载终端将位置信息发送到第一服务器。 认证机构从第一台服务器获取有关根据地点和时间出现的车载终端的信息。 认证机构允许第二服务器验证从第一服务器获取的车载终端的证书的有效性。 基于验证结果，认证机构根据地点和时间生成具有有效证书的车载终端的第一列表和具有无效证书的车载终端的第二列表。 认证机构将第一和第二列表发送到路侧设备和车载终端。 路侧设备和车载终端使用接收到的第一和第二列表来验证证书，从而减少证书验证时间。

公开(公告)号：US07054990B1

公开(公告)日：2006-05-30

申请号：US09635217

申请日：2000-08-10

申请人： Takayuki Tamura ,  Jun Kitahara ,  Toru Owada ,  Shinichi Sawamura ,  Takeshi Asahi ,  Nagamasa Mizushima ,  Takashi Totsuka ,  Yasushi Akao

发明人： Takayuki Tamura ,  Jun Kitahara ,  Toru Owada ,  Shinichi Sawamura ,  Takeshi Asahi ,  Nagamasa Mizushima ,  Takashi Totsuka ,  Yasushi Akao

IPC分类号： G06F12/00

CPC分类号： G11C8/20 ,  G06F12/1466 ,  G11C7/24 ,  G11C16/22

摘要： The external storage device according to the present invention which uses a non-volatile semiconductor memory such as a flash memory is provided with plural areas which store user data, and restricts access to the user data from a host computer and also dynamically changes an area an access to which is to be restricted. Accordingly, the ease of use of the external storage device for the host computer is improved. Specifically, the interior of the flash memory is divided into a normal area not protected by a password or the like and a protected area protected by a password or the like. A microprocessor controls accesses to the normal area and the protected area in accordance with a command from the host computer. In addition, the host computer can access the protected area after passing through authentication using a password. Moreover, the host computer changes information indicative of the location of the protected area, thereby dynamically changing the protection area.

摘要翻译： 根据本发明的使用诸如闪速存储器的非易失性半导体存储器的外部存储装置设置有存储用户数据的多个区域，并且限制从主计算机访问用户数据，并且还动态地改变区域 访问被限制。 因此，提高了用于主计算机的外部存储装置的易用性。 具体地说，闪速存储器的内部被划分为不受密码等保护的正常区域和由密码等保护的保护区域。 微处理器根据主计算机的命令控制对正常区域和保护区域的访问。 此外，主机通过使用密码的认证后，可以访问保护区域。 此外，主计算机改变指示保护区域的位置的信息，从而动态地改变保护区域。

公开(公告)号：US07082539B1

公开(公告)日：2006-07-25

申请号：US09889410

申请日：2000-03-06

申请人： Jun Kitahara ,  Takeshi Asahi ,  Toru Owada

发明人： Jun Kitahara ,  Takeshi Asahi ,  Toru Owada

IPC分类号： G06F12/14

CPC分类号： G06F21/72 ,  G06F12/1408 ,  G06F21/71 ,  G06F21/85 ,  G06F2207/7219 ,  G06F2211/007 ,  G11B20/00086 ,  G11B20/0021

摘要： Since a conventional information processing apparatus includes a plurality of semiconductor devices, there is a problem that sensitive information may reside on a system bus in the apparatus or a semiconductor memory device serving as main memory therein. To obviate this problem, each information processing apparatus has a CPU which includes a microprocessor, a cryptographic processing algorithm ROM, a cryptographic processing hardware circuit, a RAM, a key custody area, and an external bus controller, which are all integrated on a single semiconductor chip. Thus, encryption/decryption processing is carried out only in the CPU, and internal operations of the CPU are made non-analyzable from an external signal of the CPU.

摘要翻译： 由于传统的信息处理设备包括多个半导体器件，因此存在敏感信息可能驻留在装置中的系统总线或用作主存储器的半导体存储器件中的问题。 为了避免这个问题，每个信息处理装置具有CPU，其包括微处理器，密码处理算法ROM，密码处理硬件电路，RAM，密钥管理区域和外部总线控制器，它们都集成在单个 半导体芯片 因此，仅在CPU中执行加密/解密处理，并且CPU的内部操作不能由CPU的外部信号进行分析。

公开(公告)号：US20080294913A1

公开(公告)日：2008-11-27

申请号：US12014250

申请日：2008-01-15

申请人： Hiroshi NAKAGOE ,  Toru Owada ,  Yasushi Nagai

发明人： Hiroshi NAKAGOE ,  Toru Owada ,  Yasushi Nagai

IPC分类号： H04L9/06

CPC分类号： H04L9/0637 ,  H04L2209/125

摘要： Provided is a disk array controller capable of speeding up the processing by simultaneously execution the encryption/decryption of a non parallel block cipher modes of operation. In a disk array controller for controlling a disk array according to a disk access request from a host system, a plurality of non parallel mode encryption/decryption target data are divided into a plurality of messages unrelated to the encryption/decryption processing, partitioning non parallel mode encryption/decryption target data belonging to the respective messages into a plurality of block data, storing each block data belonging to the respective messages by allocating it each line of Rnd[0] to Rnd[R−1] per message, and encrypting/decrypting block data corresponding to block data corresponding to a cell of the same column of each line among the block data stored in a data buffer simultaneously with the pipeline processing performed by a pipeline encryption/decryption circuit.

摘要翻译： 提供了一种能够通过同时执行非并行块加密操作模式的加密/解密来加速处理的盘阵列控制器。 在用于根据来自主机系统的磁盘访问请求来控制磁盘阵列的磁盘阵列控制器中，多个非并行模式加密/解密目标数据被分成与加密/解密处理无关的多个消息，分割非并行 将属于各个消息的模式加密/解密目标数据转换为多个块数据，通过将每个消息的Rnd [0]到Rnd [R-1]的每一行分配来存储属于各个消息的每个块数据，以及加密/ 在与由流水线加密/解密电路执行的流水线处理同时处理与数据缓冲器中存储的块数据中的与每行相同列的单元相对应的块数据的块数据解密。

公开(公告)号：US20090199010A1

公开(公告)日：2009-08-06

申请号：US12333823

申请日：2008-12-12

申请人： Keisuke HAKUTA ,  Hisayoshi Sato ,  Toru Owada ,  Sumie Nakabayashi ,  Munemitsu Kuwabara ,  Shinya Ogura ,  Tomomi Takada

发明人： Keisuke HAKUTA ,  Hisayoshi Sato ,  Toru Owada ,  Sumie Nakabayashi ,  Munemitsu Kuwabara ,  Shinya Ogura ,  Tomomi Takada

IPC分类号： H04L9/00

CPC分类号： H04L9/3236 ,  H04L9/3247

摘要： An efficient signature technology is provided, which is capable of arbitrary extraction and storage from a plurality of pieces of data and which can make a signature length relatively short. In a signature device (180), a mathematical function computing unit (190) repeats processing of calculating a hash value from a coupled value obtained by coupling together hash values calculated from each of the plurality of pieces of data to calculate one hash value (h), and calculates a signature value from the calculated one hash value. Then, a signature processing unit (189) generates, for one piece of data contained in the plurality of pieces of data, a signature containing the calculated signature value and a hash value coupled to another hash value calculated from the one piece of data before the one hash value (h) is calculated.

摘要翻译： 提供了一种有效的签名技术，其能够从多条数据中任意提取和存储，并且可使签名长度相对较短。 在签名装置（180）中，数学函数计算单元（190）重复从通过将从多个数据中的每一个计算出的散列值耦合在一起而获得的耦合值来计算哈希值的处理，以计算哈希值（h ），并根据计算的一个散列值计算签名值。 然后，签名处理单元（189）对于包含在多条数据中的一条数据生成包含计算出的签名值的签名和与根据该数据之前的一条数据计算出的另一哈希值相耦合的哈希值 计算一个哈希值（h）。

公开(公告)号：US07225340B2

公开(公告)日：2007-05-29

申请号：US10013607

申请日：2001-12-10

申请人： Takeshi Asahi ,  Jun Kitahara ,  Toru Owada

发明人： Takeshi Asahi ,  Jun Kitahara ,  Toru Owada

IPC分类号： H04L9/32 ,  H04L9/28

CPC分类号： G11B20/00753 ,  G11B20/00086 ,  G11B20/0021 ,  G11B20/00246 ,  H04N5/913 ,  H04N2005/91364

摘要： The present invention provides a digital copying method for preventing complete copying by the use of digital copying. A data generating portion includes a storage device which generates a plurality of digital copies having mutually different amounts of effective information from original digital data, and stores the set of digital content having the digital copies encrypted different numbers of times in a memory. A digital output portion decrypts the set of digital content retrieved from the memory a prescribed number of times, making usable and outputting one of the digital copies in the set of digital content. An analog output portion extracts the digital copy that has been encrypted zero times from the set of digital content, converts that copy to analog data, and outputs that data.

摘要翻译： 本发明提供一种数字复制方法，用于防止通过使用数字复制的完全复印。 数据产生部分包括存储装置，其生成具有与原始数字数据相互不同的有效信息量的多个数字副本，并将具有加密不同次数的数字副本的数字内容组合存储在存储器中。 数字输出部分将从存储器检索的一组数字内容解密规定次数，从而在数字内容集合中可用并输出数字副本之一。 模拟输出部分从数字内容集中提取已被加密零时的数字拷贝，将该拷贝转换为模拟数据，并输出该数据。

公开(公告)号：US07100055B2

公开(公告)日：2006-08-29

申请号：US09943754

申请日：2001-09-04

申请人： Toru Owada ,  Jun Kitahara ,  Takeshi Asahi ,  Takayuki Tamura ,  Nagamasa Mizushima ,  Ikuya Kawasaki ,  Takashi Totsuka

发明人： Toru Owada ,  Jun Kitahara ,  Takeshi Asahi ,  Takayuki Tamura ,  Nagamasa Mizushima ,  Ikuya Kawasaki ,  Takashi Totsuka

IPC分类号： G06F17/00

CPC分类号： G06F21/78

摘要： A storage medium includes a storage device for storing information, information required for encryption and encrypted information, and an I/F device for inputting and outputting information, information required for coding and store encrypted information in a storage device or from an external apparatus other than the storage device, and an encoding device for coding of information and decoding of encoded information. When outputting information stored inside the storage device, information is encoded using encryption key information, and along with obtaining the encoded information and obtaining the encoded encryption key information by using another encryption key. Both the encoded information and encoded encryption key information are output so that decoding the information without the storage medium is impossible.

摘要翻译： 存储介质包括用于存储信息的存储装置，用于加密和加密信息所需的信息，以及用于输入和输出信息的I / F装置，用于对存储装置中的加密信息进行编码和存储所需的信息，或者从除外 存储装置，以及用于编码信息和编码信息的解码的编码装置。 当输出存储在存储装置内的信息时，使用加密密钥信息对信息进行编码，并且获得编码信息并通过使用其他加密密钥获得编码的加密密钥信息。 输出编码信息和编码加密密钥信息，使得不存储介质的信息解码是不可能的。