Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili

Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili

Abstract: A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy.

Abstract: A tokenization unit that tokenizes a real name ID to a different tokenized ID according to a user's service usage situation, a service history analyzing unit that analyzes service history data, a tokenized ID checking unit that determines whether different tokenized IDs are the same in analyzing a plurality of items of service history data including the different tokenized IDs, and a tokenization change management unit that manages a service usage situation the same as that of tokenization by the tokenization unit. The service history analyzing unit performs: a predetermined service history analysis if a target is a service usage situation in which the same tokenized ID appears; and a predetermined service history analysis as different tokenized IDs are considered to be the same user by the tokenized ID checking unit if a target is a service usage situation in which a different tokenized ID appears.

Abstract: An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen.

Abstract: A key distribution method and system are disclosed in which a sender and receivers share a common key information for performing a secure broadcast communication. By use of a center side apparatus, a center generates key information of a receiver in association with a subset inclusive of two or more elements of a proper finite set S1 on the basis of a space determined by a subset inclusive of two or more elements of another finite set S2. A sender side apparatus, a sender makes the multi-address transmission of key distribution data W inclusive of data generated corresponding to each element of the finite set S1 and data generated corresponding to a set of plural receivers through a communication network. By use of a receiver side apparatus, a receiver generates common key information between the sender and the receiver from the key distribution data W and the key information of the receiver.

Abstract: A cipher communication method by public key cryptosystem, being provably secure and highly efficient, wherein a sender generates ciphertext within a sender device using a receiver's public key and sends the ciphertext over a communication line, and a receiver decrypts the ciphertext using a secret key. For n=pdq (p and q are prime integers, and pq is k bits), a plaintext space is set to be a subset of an open set (0,2k−2) and small residue groups, and an algorithm is formed so that the relationship among solutions of plural second-order equations can be clarified. This has enabled security to be proved by equivalence with the difficulty of the problem of prime factorization, and has achieved faster decryption processing, compared with conventional methods.

Abstract: A client-server system is provided in which access to a service by a user can properly be controlled, even if an approval by another user is required for receiving the service. First, the server 2 executes a log-in processing by using a user identifier and password transmitted from the client terminal 2, and a user control file 202. Next, the server 2 executes a service control by using a service supply request transmitted from the client terminal 1 and a service control file 42 provided with the server. When the server determines that an approval by another user is required for providing the service, the server executes the approval request to the client terminal 1 that the concerned user uses. When the reply to the approval request is affirmative, the server executes the processing in accordance with the foregoing service supply request. When the reply is negative, the server informs to the user who made the foregoing service supply request that the approval is rejected.

Abstract: A key distribution method and system are disclosed in which a sender and receivers share a common key information for performing a secure broadcast communication. By use of a center side apparatus, a center generates key information of a receiver in association with a subset inclusive of two or more elements of a proper finite set S1 on the basis of a space determined by a subset inclusive of two or more elements of another finite set S2. A sender side apparatus, a sender makes the multi-address transmission of key distribution data W inclusive of data generated corresponding to each element of the finite set S1 and data generated corresponding to a set of plural receivers through a communication network. By use of a receiver side apparatus, a receiver generates common key information between the sender and the receiver from the key distribution data W and the key information of the receiver.