Abstract: A signature device having an item selection input section which accepts a selection of a group of items formed by combining an item delivered from at least one supplier and an item generated by itself, a path verification information updating section which updates path verification information to verify a delivery route included in the signature information on the delivered item, a signature information preparation section which prepares new signature information from a signature prepared by itself and the updated path verification information with respect to the selected item group, and a signature information transmitting section which transmits the new signature information to the signature verification device. The signature verification device receives the new signature information and verifies the delivery routes for all the items included in the selected item group based on the new signature information.

Abstract: Information acquisition is rapidly performed while judging whether the access to the information stored in a database by an application program satisfies a predetermined reference. A database system includes: an application (10) for processing personal information; a personal information DB (20) for storing personal information; a policy server (30) for performing policy-based check according to a personal information protection policy; and a privacy protection module (40). Upon reception of a read request of personal information stored in the personal information DB (20) from the application (10), the privacy protection module (40) reads out the personal information from the personal information database (20). When the privacy protection module (40) receives from the application (10) a passing request of particular personal information among the personal information which has been read out, it asks the policy server (30) whether the passing request is based on the personal information protection policy.

Abstract: A method and system for providing attribute data. A request is received from a user device for a virtual ID token relating to attribute information pertaining to a subscriber associated with the user device. Responsive to the request for the virtual ID token, a data record is read from a database. The data record includes L attributes of the subscriber. L is at least 2. The data record is provided to the user device. A selection of M attributes of the L attributes is received from the user device. M is less than L. A virtual record including the M attributes selected from the data record is generated. The virtual record includes a virtual ID (VID) for identifying the virtual record. The generated virtual record is stored in the database. The virtual ID token is provided to the user device. The virtual ID token includes the VID.

Abstract: Effective utilization of a database while protecting a data provider's privacy is accomplished by an access control system which controls access to a database in which open information and secret information about a data provider are stored while being related to each other has an output request acquisition section which obtains an output request for output of information generated by accessing the database, a plural-term output authorization section which prohibits output of information generated by combining the open information and the secret information in output information requested to be output according to the output request, and which permits output of information generated by using the secret information without using the open information, and an output section which outputs the information in the output information permitted by the plural-term output authorization section to be output.

Abstract: An access management system includes an access administration apparatus which permits access to a database when the access request satisfies an access permission condition, and a policy determination apparatus which determines whether the access permission condition is satisfied by the access request; in which the access administration apparatus stores decision information containing a decision as to whether the access permission condition is satisfied, determines that the access request satisfies the access permission condition if the decision information has a predetermined inclusion relation with the access request, receives a decision as to whether the access permission condition is satisfied by the access request from the policy determination apparatus if it is determined that the decision information does not have the inclusion relation with the access request, and permits access to the database if it is determined that the access request satisfies the access permission condition.

Abstract: Provides access management methods and systems wherein privacy needs are taken into consideration. An example access management system of this invention includes an authorization engine, which controls access to a registrant database storing registrant data including privacy data of a registrant and controls the access to the registrant database by use of a given privacy policy and by use of condition data designated by the registrant. The authorization engine includes an authorization judgment unit, which decides an access type from an access request received from outside and concerning the registrant data, controls reference to the registrant database based on the access request by use of access authorization data to be decided prior to the access request regarding the access type.

Abstract: To efficiently search an evaluation result of a plurality of XPath expressions with respect to a data file such as an XML document: an evaluation result of an XPath expression is obtained by generating a data structure with a redundant element by evaluating what common part or dependency has been omitted from a plurality of XPath expressions to be evaluated, and then the data structure is used with respect to a data file to be processed.