Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is communicatively coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer's display, or may display the value to the user using the computer's display.

The present invention relates to a security device which performs processes such as authentication or cryptography, for example a security device for securely holding a key used in a cryptographic process, and a security method therefore. The security device includes: an identifier generation unit to generate an identifier specific to the security device by using a PUF; a PUF key generation unit to generate a PUF key specific to the security device by using the identifier; a reception unit to receive a registration command in which the registration key and a signature generated for the registration key by using a secret key corresponding to the public key are contained; a signature verification unit to verify, using the public key, validity of the signature contained in the registration command received by the reception unit and output the verification result indicating either failure or success in the verification; and a command execution unit to reject execution of the registration command in a case where the verification result outputted from the signature verification unit is failure, and to encrypt the registration key of the registration command with the PUF key and then store the encrypted registration key in the registration key storage unit in a case where the verification result is success.

The present invention relates to a security device which performs processes such as authentication or cryptography, for example a security device for securely holding a key used in a cryptographic process, and a security method therefore. The security device includes: an identifier generation unit to generate an identifier specific to the security device by using a PUF; a PUF key generation unit to generate a PUF key specific to the security device by using the identifier; a reception unit to receive a registration command in which the registration key and a signature generated for the registration key by using a secret key corresponding to the public key are contained; a signature verification unit to verify, using the public key, validity of the signature contained in the registration command received by the reception unit and output the verification result indicating either failure or success in the verification; and a command execution unit to reject execution of the registration command in a case where the verification result outputted from the signature verification unit is failure, and to encrypt the registration key of the registration command with the PUF key and then store the encrypted registration key in the registration key storage unit in a case where the verification result is success.

The present invention relates to a method and a system for inscribing and securely storing cryptographic keys on a physical medium, and to a corresponding physical medium, comprising the following steps: from a first management entity (31), generating (1) a first pair of asymmetric cryptographic keys comprising a first user public key (pub1) and a first user private key (priv1), inscribing (2) the first user private key (priv1) onto a physical medium, and affixing (4) a first tamper-evident concealing element (hol1) to the physical medium in order to conceal the first user private key (priv1) and seal same, said first user private key (priv1) being accessible only by visibly breaking said first tamper-evident concealing element (hol1); from the second management entity (32), generating (6) a second pair of asymmetric cryptographic keys comprising a second user public key (pub2) and a second user private key (priv2), inscribing (7) the second user private key (priv2) onto the physical medium and affixing (9) a second tamper-evident concealing element (hol2) to the physical medium in order to conceal the second user private key (priv2) and seal same, said second user private key (priv2) being accessible only by visibly breaking said second tamper-evident concealing element (hol2); generating (10) at least one last user public key (pub0) and/or at least one cryptographic address (adr, adr-mult) from the first user public key (pub1) and the second user public key (pub2), inscribing (11) said at least one last public user key (pub0) and/or said at least one cryptographic address (adr, adr-mult) onto the physical medium, and verifying (12, 13) same, and finally recovering the private keys (priv1, priv2) comprising the generation of a last user private key (priv0) corresponding to the last user public key (pub0) and/or to said at least one cryptographic address (adr, adr-mult).

Provided is an on-chip monitor circuit mounted on a semiconductor chip that is equipped with a security function module for performing a security function process on an input signal and outputting a security function signal, the on-chip monitor circuit comprising a monitor circuit for monitoring signal waveforms of the semiconductor chip, wherein the circuit is provided with a first storage means for storing data that designates a window period in which to perform a test of the semiconductor chip, and a control means for performing control to operate the circuit during the window period, when a prescribed test signal is inputted to the security function module. By using the on-chip monitor circuit in a semiconductor chip of which security is required, security attacks, e.g., a Trojan horse or the like, intended to embed a malicious circuit in the production stage of security function module-equipped semiconductors chips, can be prevented.

Provided is an on-chip monitor circuit mounted on a semiconductor chip that is equipped with a security function module for performing a security function process on an input signal and outputting a security function signal, the on-chip monitor circuit comprising a monitor circuit for monitoring signal waveforms of the semiconductor chip, wherein the circuit is provided with a first storage means for storing data that designates a window period in which to perform a test of the semiconductor chip, and a control means for performing control to operate the circuit during the window period, when a prescribed test signal is inputted to the security function module. By using the on-chip monitor circuit in a semiconductor chip of which security is required, security attacks, e.g., a Trojan horse or the like, intended to embed a malicious circuit in the production stage of security function module-equipped semiconductors chips, can be prevented.

A terminal device that acquires record information recorded on an IC card and performs information processing includes: a terminal key acquisition unit configured to acquire a terminal key from a terminal key card different from the IC card; and an authentication unit configured to perform connection authentication with a server performing the connection authentication with the own terminal device using the terminal key.

A terminal device that acquires record information recorded on an IC card and performs information processing includes: a terminal key acquisition unit configured to acquire a terminal key from a terminal key card different from the IC card; and an authentication unit configured to perform connection authentication with a server performing the connection authentication with the own terminal device using the terminal key.

Described are techniques for securing a most recent block in a data structure such as a blockchain. Techniques include configuring a data processing node that is deployable to a physical location, with a module that generates a verification signing key (VSK) pair, the VSK pair including a private VSK key that is known only to the data processing node, and a public VSK key, receiving by the data processing node, an indication of the deployment to the physical location, generating in response to the indication, by the data processing node the verification signing key (VSK) pair, and transmitting from the data processing node the public VSK key to one or more electronic devices. These techniques assure to a high degree that the generated private key remains unknown and thus can be used to secure the most recent block that is added to a data structure such as a blockchain.