Abstract: This computer system comprises a computer having a processor that has a function for setting a confidence region in a memory, the confidence region having ensured security and being logically isolated. The computer system accepts a request for execution of processing on encrypted data, in which data is encrypted that includes a plurality of block processes and also includes confidential information, determines whether the encrypted data needs to be decrypted when executing one block process, and executes the block process using a region that is different from the confidence region when the encrypted data does not need to be decrypted, or executes the block process using the confidence region when the encrypted data needs to be decrypted.

Abstract: An information processing apparatus that executes machine learning by a plurality of processing layers includes a processor and a memory, a normal region of the memory holds a parameter of the machine learning, an isolation region isolated from the normal region of the memory holds input data to an i-th layer included in the plurality of processing layers and a parameter of the machine learning, the processor determines whether there is a risk in executing processing of the i-th layer for the input data in the normal region based on a content of secret information of the input data in the isolation region, when determining that there is the risk, executes the processing of the i-th layer for the input data in the isolation region, and when determining that there is no risk, executes the processing of the i-th layer for the input data in the normal region.

Abstract: A retrieval system includes a first management unit which stores, in a first storage area that cannot be browsed by an administrator of a provider machine, management information in which an encrypted retrieval keyword used for a retrieval performed by the provider machine, and an encrypted ID, which is associated with the encrypted retrieval keyword, are associated and, of the management information, decrypts, and then once again encrypts, the encrypted retrieval keyword corresponding to the encrypted query from a browsing machine and the encrypted ID corresponding to the encrypted retrieval keyword, and a second management unit which stores, in a second storage area, index information in which the encrypted retrieval keyword used for the retrieval performed by the provider machine, and one or more encrypted IDs associated with the encrypted retrieval keyword, are associated, and, of the index information, updates the encrypted retrieval keyword and the encrypted ID.

Abstract: In the confidential information processing server, when the processing query execution unit receives a processing request, the TEE trusted part processing unit generates a confidential extraction query for extracting data that matches with a condition of a processing target in the processing request by confidential extraction based on the processing request and an encryption key that can be used only in a TEE trusted part, the confidential extraction processing unit instructs execution of the confidential extraction query so as to extract encrypted data of the processing target while the data is kept encrypted from the encryption DB unit, the TEE trusted part processing unit decrypts the encrypted data of the processing target extracted by the confidential extraction processing unit with an encryption key, and executes data processing requested by the processing request, and the processing query execution unit returns an execution result of the data processing to a transmission source of the processing reques

Abstract: A retrieval system includes a first management unit which stores, in a first storage area that cannot be browsed by an administrator of a provider machine, management information in which an encrypted retrieval keyword used for a retrieval performed by the provider machine, and an encrypted ID, which is associated with the encrypted retrieval keyword, are associated and, of the management information, decrypts, and then once again encrypts, the encrypted retrieval keyword corresponding to the encrypted query from a browsing machine and the encrypted ID corresponding to the encrypted retrieval keyword, and a second management unit which stores, in a second storage area, index information in which the encrypted retrieval keyword used for the retrieval performed by the provider machine, and one or more encrypted IDs associated with the encrypted retrieval keyword, are associated, and, of the index information, updates the encrypted retrieval keyword and the encrypted ID.

Abstract: In the confidential information processing server, when the processing query execution unit receives a processing request, the TEE trusted part processing unit generates a confidential extraction query for extracting data that matches with a condition of a processing target in the processing request by confidential extraction based on the processing request and an encryption key that can be used only in a TEE trusted part, the confidential extraction processing unit instructs execution of the confidential extraction query so as to extract encrypted data of the processing target while the data is kept encrypted from the encryption DB unit, the TEE trusted part processing unit decrypts the encrypted data of the processing target extracted by the confidential extraction processing unit with an encryption key, and executes data processing requested by the processing request, and the processing query execution unit returns an execution result of the data processing to a transmission source of the processing reques

Abstract: A database system including: a database server for storing registration information including encrypted data encrypted using a probabilistic encryption method; and a terminal. The terminal includes: an encryption unit; a decryption unit; an encrypted search query generating unit for generating an encrypted search query obtained by encrypting a search query used for retrieving the encrypted data; and an additional processing unit for encrypting a search condition of a plaintext and transmitting a data acquisition request including the encrypted search condition. The database server holds database operation command definition information and search additional information.

Abstract: A database system including: a database server for storing registration information including encrypted data encrypted using a probabilistic encryption method; and a terminal. The terminal includes: an encryption unit; a decryption unit; an encrypted search query generating unit for generating an encrypted search query obtained by encrypting a search query used for retrieving the encrypted data; and an additional processing unit for encrypting a search condition of a plaintext and transmitting a data acquisition request including the encrypted search condition. The database server holds database operation command definition information and search additional information.

Abstract: Encryption methods allowing encrypted data to be stored in a database and processed in the encrypted state have been proposed. However, since it is necessary for an application to use plaintext data, usage is only possible where security is assured. When an application for processing encrypted data stored in a database is used from a user system, the application is launched from the user system via an application extension unit. When the application processes the encrypted data stored in the database, the application extension unit performs a process in which, if an encryption SQL function enabling the encrypted data stored in the database to be processed is registered, the SQL function enabling the function for processing plaintext is replaced with the encryption SQL function, and, if a substitution process is registered, the SQL function is replaced with a substitution process function enabling the substitution process to be performed.

Abstract: An information providing apparatus for collecting data including personal information and distributing the data to a user terminal performs anonymization processing for converting data, which an individual who is an owner of personal information allows to use, into data with which the individual cannot be identified using multiple parameters, thus generating multiple anonymized data protecting the, privacy of the individual. Since each of the anonymized data is anonymized using a different parameter, the amount of information of each of the anonymized data is different. Then, when a request is received from a user terminal, anonymized data that can be provided to the user are identified from among multiple generated anonymized data on the basis of the reliability of the user who uses the user terminal.

Abstract: An information providing apparatus for collecting data including personal information and distributing the data to a user terminal performs anonymization processing for converting data, which an individual who is an owner of personal information allows to use, into data with which the individual cannot be identified using multiple parameters, thus generating multiple anonymized data protecting the, privacy of the individual. Since each of the anonymized data is anonymized using a different parameter, the amount of information of each of the anonymized data is different. Then, when a request is received from a user terminal, anonymized data that can be provided to the user are identified from among multiple generated anonymized data on the basis of the reliability of the user who uses the user terminal.

Abstract: A presence management apparatus connected to first and second apparatuses via a network includes a unit for updating a first user's presence received from the first apparatus and a second user's presence received from the second apparatus, wherein the first user uses the first apparatus and the second user uses the second apparatus; a unit for registering a matching condition for another user's presence received from the first apparatus and designated by the first user and a matching condition for another user's presence received from the second apparatus and designated by the second user; and a unit for deciding if the first and second user's presences match the designated conditions when registration processing and/or update processing is performed.

Abstract: In a computer system having a storage device, switches and hosts respectively connected by a network, in accordance with an ID of a logical volume of the storage device and an IP address of a host, access control configuration of the logical volume is performed relative to the storage device, the IP address of the host is converted into a MAC address, the MAC address of the host is converted into a port ID of the switch connected to the host, and addition of the port to virtual local area network (VLAN) is performed for the switch. Logical unit number (LUN) masking and VLAN configuration essential for security countermeasure of IP-SAN (Internet protocol-storage area network) can be managed collectively by a system administrator so that the running cost of IP-SAN can be lowered.

Abstract: In a computer system having a storage device switches and hosts respectively connected by a network, in accordance with an ID of a logical volume of the storage device and an IP address of a host, access control configuration of the logical volume is performed relative to the storage device, the IP address of the host is converted into a MAC address, the MAC address of the host is converted into a port ID of the switch connected to the host, and addition of the port to virtual local area network (VLAN) is performed for the switch. Logical unit number (LUN) masking and VLAN configuration essential for security countermeasure of IP-SAN (Internet protocol-storage area network) can be managed collectively by a system administrator so that the running cost of IP-SAN can be lowered.

Abstract: A storage device (1) communicating with a host computer and other storage devices through a network is characterized in that the storage device (1) secures memory buffers for temporarily storing data in a remote copy operation carried out between the storage devices. A network memory (100) in the storage device (1) includes an available buffer comprising a plurality of memory buffers and an in-use buffer also comprising a plurality of memory buffers. A buffer control unit (215) secures memory buffers of the available buffer as a reserved buffer having a reserved-buffer size specified in a buffer reservation request made by a storage management device (8) in response to the request. The buffer control unit (215) then allocates the memory buffers of the reserved buffer as the in-use buffer in response to a request received from the storage management device (8) to start a remote copy operation.

Abstract: In a computer system in which a computer, storage devices, and a storage management device are connected by a network, the computer or a first storage device accesses a second storage device using a plurality of paths in the network, and the computer or the first storage device performs load balancing among the plurality of paths on the basis of a ratio set in advance, it is detected that congestion has occurred on a path, a ratio at the time of congestion of the path is calculated, and a difference between the ratio at the time of congestion and the ratio set in advance is allocated to a ratio of the other paths between the computer or the first storage device and the second storage device.

Abstract: In a computer system in which a computer, storage devices, and a storage management device are connected by a network, the computer or a first storage device accesses a second storage device using a plurality of paths in the network, and the computer or the first storage device performs load balancing among the plurality of paths on the basis of a ratio set in advance, it is detected that congestion has occurred on a path, a ratio at the time of congestion of the path is calculated, and a difference between the ratio at the time of congestion and the ratio set in advance is allocated to a ratio of the other paths between the computer or the first storage device and the second storage device.

Abstract: In a computer system in which one or more computers on which one or more initiators operate and a storage device on which one or more targets operate are connected with each other through a network, an authentication table for authenticating validity of a user of a computer is associated with an authorization table for authorizing access of an initiator to a certain target, to limit such accesses.

Abstract: In a computer system having a storage device, switches and hosts respectively connected by a network, in accordance with an ID of a logical volume of the storage device and an IP address of a host, access control configuration of the logical volume is performed relative to the storage device, the IP address of the host is converted into a MAC address, the MAC address of the host is converted into a port ID of the switch connected to the host, and addition of the port to virtual local area network (VLAN) is performed for the switch. Logical unit number (LUN) masking and VLAN configuration essential for security countermeasure of IP-SAN (Internet protocol-storage area network) can be managed collectively by a system administrator so that the running cost of IP-SAN can be lowered.

Abstract: In a computer system having a storage device switches and hosts respectively connected by a network, in accordance with an ID of a logical volume of the storage device and an IP address of a host, access control configuration of the logical volume is performed relative to the storage device, the IP address of the host is converted into a MAC address, the MAC address of the host is converted into a port ID of the switch connected to the host, and addition of the port to virtual local area network (VLAN) is performed for the switch. Logical unit number (LUN) masking and VLAN configuration essential for security countermeasure of IP-SAN (Internet protocol-storage area network) can be managed collectively by a system administrator so that the running cost of IP-SAN can be lowered.