公开(公告)号：US08745735B2

公开(公告)日：2014-06-03

申请号：US13128080

申请日：2009-11-20

申请人： Manabu Maeda ,  Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Manabu Maeda ,  Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： H04L29/06 ,  G06F21/00

CPC分类号： G06F21/57 ,  G06F21/55

摘要： To aim to provide a monitoring system and a program execution apparatus that are capable of maintaining the security intensity even in the case where an unauthentic install module is invalidated. Install modules included in an apparatus each monitor an install module, which is a monitoring target indicated by a monitoring pattern included therein, as to whether the install module performs malicious operations. An install module that performs malicious operations is invalidated in accordance with an instruction from an update server. The monitoring patterns are restructured by the update server such that the install modules except the invalidated install module are each monitored by at least another one of the install modules. The restructured monitoring patterns are distributed to the install modules except the invalidated install module.

摘要翻译： 为了提供即使在不正当的安装模块被无效的情况下也能够保持安全强度的监视系统和程序执行装置。 安装在装置中的模块各自监视作为由其中包含的监视模式指示的监视目标的安装模块，关于该安装模块是否执行恶意操作。 根据更新服务器的指令，执行恶意操作的安装模块无效。 监视模式由更新服务器重构，使得除了无效的安装模块之外的安装模块各自由至少另一个安装模块监视。 重组的监控模式分发到除了无效的安装模块之外的安装模块。

公开(公告)号：US20080222418A1

公开(公告)日：2008-09-11

申请号：US11795871

申请日：2006-01-17

申请人： Yuichi Futa ,  Shingo Hasegawa ,  Shuji Isobe ,  Motoji Ohmori ,  Hiroki Shizuya

发明人： Yuichi Futa ,  Shingo Hasegawa ,  Shuji Isobe ,  Motoji Ohmori ,  Hiroki Shizuya

IPC分类号： H04L9/32 ,  H04L9/16 ,  H04L9/30 ,  H04L9/08

CPC分类号： H04L9/3247 ,  G06F9/30007 ,  H04L9/3263

摘要： A signature generation apparatus capable of preventing transcript attack on signature data is provided. The signature generation apparatus performing a digital signature operation with the use of a signature key: stores the signature key; performs the digital signature operation on signature target data with the use of the signature key to generate signature data; counts the cumulative count of digital signature operations having been performed by the signature generation unit with the use of the signature key; judges whether the cumulative count has reached a predetermined count; and inhibits the use of the signature key in the digital signature operation from then onward in a case where the judgment unit determines that the cumulative count has reached the predetermined count.

摘要翻译： 提供了能够防止对签名数据进行转录攻击的签名生成装置。 签名生成装置使用签名密钥执行数字签名操作;存储签名密钥; 使用签名密钥对签名目标数据执行数字签名操作，生成签名数据; 使用签名密钥对由签名生成单元执行的数字签名操作的累积计数进行计数; 判断累积计数是否达到预定计数; 并且在判断单元确定累积计数已达到预定计数的情况下，禁止在数字签名操作中使用签名密钥。

公开(公告)号：US08600896B2

公开(公告)日：2013-12-03

申请号：US12601368

申请日：2008-11-06

申请人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

发明人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F8/65 ,  G06F21/562

摘要： To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations. If any of the install modules is verified as having the possibility of performing the malicious operations, any another one of the install modules that is verified as not having the possibility revokes the any install module verified as having the possibility.

摘要翻译： 为了提供包括由多个安装模块组成的安装模块组（130）的软件更新装置。 每个更新模块具有从外部服务器（200）接收用于更新保护控制模块（120）的替换保护控制模块（121）的功能，所述保护控制模块具有验证预定应用是否已被 篡改。 每个安装模块同时运行由至少另一个同步运行的安装模块进行验证，以确定安装模块是否具有执行恶意操作的可能性。 如果任何安装模块被验证为具有执行恶意操作的可能性，则被验证为不具有可能性的另一个安装模块撤销已验证为具有可能性的任何安装模块。

公开(公告)号：US20110239297A1

公开(公告)日：2011-09-29

申请号：US13133029

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： G06F21/00

CPC分类号： H04N21/44236 ,  G06F21/55 ,  H04L2027/0034 ,  H04N1/0088

摘要： A management device detects whether any normal monitoring module that has not been tampered with exists by referring to monitoring results received from an information security device and selects, when existence is detected, one of the monitoring modules and assumes that the selected monitoring module has been tampered with. The monitoring device then successively applies a procedure to monitoring modules other than the selected monitoring module by referring to the monitoring results, starting from the selected monitoring module, the procedure being to assume that any monitoring module determining that a monitoring module assumed to have been tampered with is normal has also been tampered with. As a result of the procedure, when all of the monitoring modules are assumed to have been tampered with the management device determines the selected monitoring module to be a normal monitoring module that has not been tampered with.

摘要翻译： 管理设备通过参考从信息安全设备接收到的监视结果来检测是否存在尚未被篡改的任何正常监视模块，并且当检测到存在时选择监视模块中的一个并假定所选监控模块已被篡改 与。 然后，监视装置依次从所选择的监视模块开始，参考监视结果，对所选择的监视模块以外的监控模块应用程序，该过程是假设任何监视模块确定监视模块被假定为被篡改 与正常也被篡改。 作为该过程的结果，当假定所有监视模块被篡改时，管理装置将所选择的监视模块确定为未被篡改的正常监视模块。

公开(公告)号：US20100180343A1

公开(公告)日：2010-07-15

申请号：US12601894

申请日：2008-11-06

申请人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

发明人： Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Kaoru Yokota ,  Masao Nonaka ,  Yuji Unagami ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Marika Minagawa

IPC分类号： G06F21/22 ,  G06F11/00 ,  G06F9/445

CPC分类号： G06F21/57 ,  G06F21/51

摘要： To aim provide a software update apparatus including an install module group (130) composed of a plurality of install modules. Each of the install modules has a function of receiving, from an external server (200), a replacement protection control module (121) to be used for updating a protection control module (120) having a function of verifying whether a predetermined application has been tampered with. Each of the install modules simultaneously running is verified by at least another one of the install modules simultaneously running, as to whether the install module has a possibility of performing malicious operations.

摘要翻译： 为了提供包括由多个安装模块组成的安装模块组（130）的软件更新装置。 每个更新模块具有从外部服务器（200）接收用于更新保护控制模块（120）的替换保护控制模块（121）的功能，所述保护控制模块具有验证预定应用是否已被 篡改。 每个安装模块同时运行由至少另一个同步运行的安装模块进行验证，以确定安装模块是否具有执行恶意操作的可能性。

公开(公告)号：US08707430B2

公开(公告)日：2014-04-22

申请号：US13089433

申请日：2011-04-19

申请人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

发明人： Yuji Unagami ,  Yuichi Futa ,  Natsume Matsuzaki ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F11/3048 ,  G06F11/3065 ,  G06F21/12 ,  G06F21/552 ,  G06F21/6281 ,  G06F2221/2103 ,  G06F2221/2143

摘要： An information security apparatus includes a plurality of monitoring modules that monitor for tampering. A management apparatus includes a reception unit that receives a plurality of monitoring results each generated by a source monitoring module monitoring a target monitoring module; a detection unit that detects an abnormality by referring to fewer than all of the received monitoring results; and an identification unit that identifies, when an abnormality is detected, a monitoring module that has been tampered with from among (i) a monitoring module that generates a monitoring result related to the abnormality, and (ii) one or more monitoring modules identified by tracing back through a chain of monitoring modules consecutively from the target of monitoring to the source of monitoring, starting from the monitoring module that generates the monitoring result related to the abnormality.

摘要翻译： 信息安全装置包括监视篡改的多个监视模块。 管理装置包括：接收单元，其接收由监视目标监视模块的源监视模块生成的多个监视结果; 检测单元，通过参照少于全部所接收到的监视结果来检测异常; 以及识别单元，其在检测到异常时识别从（i）产生与异常相关的监视结果的监视模块中被篡改的监视模块，以及（ii）由所述异常检测到的一个或多个监视模块， 从产生与异常相关的监测结果的监控模块开始，通过连续监控模块从监控目标追溯到监控源。

公开(公告)号：US08452975B2

公开(公告)日：2013-05-28

申请号：US12921507

申请日：2009-03-02

申请人： Yuichi Futa ,  Hiroki Shizuya ,  Shuji Isobe ,  Shingo Hasegawa

发明人： Yuichi Futa ,  Hiroki Shizuya ,  Shuji Isobe ,  Shingo Hasegawa

IPC分类号： H04L29/06

CPC分类号： H04L9/3093 ,  H04L9/3247

摘要： The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H′, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H′ in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L′ and, if so, recognizes the message data as valid.

摘要翻译： 本发明提供了一种签名生成装置和签名验证装置，其能够通过分析使用NTRUSign签名方案签名的多个签名文档（消息和签名对）来对抗寻求私钥的​​转录攻击。 签名生成装置计算消息数据的哈希值向量H，将基于私有分布的向量与散列值向量H相加，以计算转换后的散列值向量H'，并寻找作为签名向量S的最接近的格 指向由私钥基本向量定义的格子中的转换哈希值向量H'。 签名验证装置确定消息数据的哈希值向量H与签名向量S之间的距离是否等于或小于L'，如果是，则将该消息数据识别为有效。

公开(公告)号：US20110271344A1

公开(公告)日：2011-11-03

申请号：US13143594

申请日：2010-02-15

申请人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

发明人： Yuji Unagami ,  Manabu Maeda ,  Yuichi Futa ,  Natsume Matsuzaki ,  Masao Nonaka ,  Hiroki Shizuya ,  Masao Sakai ,  Shuji Isobe ,  Eisuke Koizumi ,  Shingo Hasegawa ,  Makoto Carlos Miyauchi

IPC分类号： G06F21/00

CPC分类号： G06F21/554

摘要： A malicious-module identification device (200a) identifies and deactivates a malicious module operating in an information processing device (100a) connected thereto via a network. The malicious-module identification device is provided with a reception unit (2310) for receiving results of tampering detection from a plurality of modules for detecting tampering, a determination unit (210a) for assuming that a module among the plurality of modules is a normal module, determining, based on the assumption, whether a contradiction occurs in the received results of tampering detection, and identifying the module assumed to be a normal module as a malicious module when determining that a contradiction occurs, and a deactivation unit (2320) for outputting an instruction to deactivate the module identified as the malicious module.

摘要翻译： 恶意模块识别装置（200a）通过网络识别和去激活与其连接的信息处理装置（100a）中工作的恶意模块。 恶意模块识别装置设置有用于从多个用于检测篡改的模块接收篡改检测结果的接收单元（2310），用于假定多个模块中的模块是正常模块的确定单元（210a） 基于所述假设，确定在接收到的篡改检测结果中是否发生矛盾，以及在确定发生矛盾时将被认为是正常模块的模块识别为恶意模块;以及用于输出的停用单元（2320） 禁用标识为恶意模块的模块的指令。

公开(公告)号：US20110016325A1

公开(公告)日：2011-01-20

申请号：US12921507

申请日：2009-03-02

申请人： Yuichi Futa ,  Hiroki Shizuya ,  Shuji Isobe ,  Shingo Hasegawa

发明人： Yuichi Futa ,  Hiroki Shizuya ,  Shuji Isobe ,  Shingo Hasegawa

IPC分类号： H04L9/32

CPC分类号： H04L9/3093 ,  H04L9/3247

摘要： The present invention provides a signature generation device and a signature verification device capable of countering a transcript attack that seeks a private key by analyzing a plurality of signed documents (pairs of a message and a signature) signed using the NTRUSign signature scheme. The signature generation device calculates a hash value vector H of message data, adds a vector based on a private distribution to the hash value vector H to calculate a converted hash value vector H′, and seeks, as a signature vector S, the closest lattice point to the converted hash value vector H′ in a lattice defined by private key basis vectors. The signature verification device determines whether the distance between the hash value vector H of the message data and the signature vector S is equal to or less than L′ and, if so, recognizes the message data as valid.

摘要翻译： 本发明提供了一种签名生成装置和签名验证装置，其能够通过分析使用NTRUSign签名方案签名的多个签名文档（消息和签名对）来对抗寻求私钥的​​转录攻击。 签名生成装置计算消息数据的哈希值向量H，将基于私有分布的向量与散列值向量H相加，以计算转换后的散列值向量H'，并寻找作为签名向量S的最接近的格 指向由私钥基本向量定义的格子中的转换哈希值向量H'。 签名验证装置确定消息数据的哈希值向量H与签名向量S之间的距离是否等于或小于L'，如果是，则将该消息数据识别为有效。

公开(公告)号：US20080282089A1

公开(公告)日：2008-11-13

申请号：US11578432

申请日：2006-03-14

申请人： Yuichi Futa ,  Shingo Hasegawa ,  Shuji Isobe ,  Motoji Ohmori ,  Hiroki Shizuya

发明人： Yuichi Futa ,  Shingo Hasegawa ,  Shuji Isobe ,  Motoji Ohmori ,  Hiroki Shizuya

IPC分类号： H04L9/06

CPC分类号： H04L9/3255 ,  H04L2209/68 ,  H04L2209/80

摘要： A signature generation apparatus and a signature verification apparatus which can prevent the occurrence of norm zero vector forgery attack. The signature generation apparatus (110) includes a signature generation unit (114) which generates signature data (S) for a message (m) using a private key stored in a private key storage unit (112), and converts the format of the signature data (S) so that the first sub-element of the N sub-elements in the signature data (S) indicates 0 without changing the norm of the signature data (S). The signature verification apparatus (120) includes a signature verification unit (124) which judges whether or not the first sub-element of the N sub-elements included in the signature data (S) indicates 0, and determines the signature data (S) as unauthorized data when judging that it is not 0.

摘要翻译： 签名生成装置和签名验证装置，其能够防止零向量伪造攻击的发生。 签名生成装置（110）具有使用存储在专用密钥存储部（112）中的专用密钥来生成消息（m）的签名数据（S）的签名生成部（114），并将签名的格式 数据（S），使得签名数据（S）中的N个子元素的第一子元素指示0而不改变签名数据（S）的范围。 签名验证装置（120）包括签名验证单元（124），其判断包括在签名数据（S）中的N个子元素的第一子元素是否指示0，并且确定签名数据（S） 作为未经授权的数据，当判断为不为0时。