Abstract: An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context.

Abstract: A verification device transmits challenge information to a first entity device, and for each authentication context received in return, verifies that challenge information identical to the challenge information transmitted in advance is described, to thereby confirm that the authentication context is the current one. As a result, a repetitive attack in which the past authentication context is repeatedly used is prevented and the security against repetitive attacks is improved.

Abstract: According to one embodiment, a simulation apparatus includes a hardware model execution unit that executes a hardware model, a software model execution unit that executes a software model, a simulation time management unit that sets a first simulation time indicating a total elapsed time of a simulation time of the hardware model, ahead by the simulation time of which the HW model notified, and sets the second simulation time indicating a total elapsed time of a simulation time of the software model, ahead by the simulation time of which the SW model notified, and a scheduler that compares the first simulation time with the second simulation time, causes the SW model or the HW model to be executed based on the comparison result, and causes only the hardware model to be executed instead of execution of an idle loop when the SW model awaits an interrupt from the HW model.

Abstract: A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

Abstract: A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.

Abstract: A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

Abstract: In a security countermeasure function evaluation apparatus, an estimator operates an input unit, whereby an evaluation point calculation unit makes an evaluation as to whether each item of countermeasure information representing a security countermeasure function in detail satisfies each item of sufficient condition table information, and the evaluation point is calculated from the evaluation result of each item, whereby the transition probability calculation unit calculates a transition probability based on the evaluation point.

Abstract: According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information while the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.

Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

Abstract: According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P1 and P2 and a verification device which verifies the executed contents of each of the authentication subprocesses P1 and P2. The entity device includes a confidential information management unit which manages confidential information, an authenticator generating unit which generates an authenticator using the confidential information, and a context generating unit which generates a specific context pursuant to a specific format from the authenticator and the executed contents.

Abstract: According to one embodiment, a simulation apparatus includes a hardware model execution unit that executes a hardware model, a software model execution unit that executes a software model, a simulation time management unit that sets a first simulation time indicating a total elapsed time of a simulation time of the hardware model, ahead by the simulation time of which the HW model notified, and sets the second simulation time indicating a total elapsed time of a simulation time of the software model, ahead by the simulation time of which the SW model notified, and a scheduler that compares the first simulation time with the second simulation time, causes the SW model or the HW model to be executed based on the comparison result, and causes only the hardware model to be executed instead of execution of an idle loop when the SW model awaits an interrupt from the HW model.

Abstract: In a security countermeasure function evaluation apparatus, an estimator operates an input unit, whereby an evaluation point calculation unit makes an evaluation as to whether each item of countermeasure information representing a security countermeasure function in detail satisfies each item of sufficient condition table information, and the evaluation point is calculated from the evaluation result of each item, whereby the transition probability calculation unit calculates a transition probability based on the evaluation point.

Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

Abstract: Upon receiving server side entity information and a principal confirmation profile request data from a server side entity device, a consolidation apparatus transmits an entity information transmission request to each of a plurality of client side entity devices and receives client side entity information from each of the client side entity devices. Then, it determines the principal confirmation profile ID in each piece of client side entity information and the principal confirmation profile ID in the server side entity information according to the principal confirmation profile ID request information having the highest priority in the principal confirmation profile request data and prepares a routing table information associating the processing capability IDs and the entity IDs corresponding to the determined principal confirmation profile ID, which routing table information is then stored in a memory.

Abstract: A client device transmits service identification information to an authentication device at the time of a service request, prompts selection of one or more authentication entity devices which execute one or more authentication subprocesses from among all the authentication entity devices adaptive to profile information received from the authentication device, based on “function list information defining an execution environment of each of the authentication entity devices”, transmits a request for executing an authentication subprocess to such selected each authentication entity device, and transmits to the authentication device “authentication context information including an execution environment and an execution result of an authentication subprocess” received from such each authentication entity device.

Abstract: According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P1 and P2 and a verification device which verifies the executed contents of each of the authentication subprocesses P1 and P2. The entity device includes a confidential information management unit which manages confidential information, an authenticator generating unit which generates an authenticator using the confidential information, and a context generating unit which generates a specific context pursuant to a specific format from the authenticator and the executed contents.

Abstract: According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P1 and P2 and a verification device which verifies the executed contents of each of the authentication subprocesses P1 and P2. The entity device includes a confidential information management unit which manages confidential information, an authenticator generating unit which generates an authenticator using the confidential information, and a context generating unit which generates a specific context pursuant to a specific format from the authenticator and the executed contents.

Abstract: A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

Abstract: According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.