Abstract: Processing for generating a plurality of pieces of distributed data from original data or processing for restoring original data from a plurality of pieces of distributed data is performed safely and quickly. A distribution and restoration apparatus 200 generates a plurality of pieces of distributed data SD1 to SD3 by dividing original data OD into a plurality of divided blocks DB1 to DB16 and performing an operation of exclusive OR using divided blocks of different combinations. A combination including divided blocks used in common in a plurality of pieces of distributed data and a combination including divided blocks used only in specific distributed data are present in combinations of divided blocks in each piece of distributed data. Therefore, the distribution and restoration apparatus 200 can generate a plurality of pieces of safe distributed data having high information entropy at high speed.

Abstract: An encryption device includes a sharer that shares data to first data and second data with different sizes using secret sharing, a data encryptor that encrypts the second data with the size smaller than the first data using a common key corresponding to a common key encryption scheme, a combiner that combines the first data and the second data encrypted by the data encryptor, and a transmitter that transmits the encrypted data combined by the combiner to an external device. The encryption device suppresses deterioration in security at the time of delivery of the data while reducing a load of an encryption process for the data to be delivered.

Abstract: In a secret sharing process based on an improved threshold scheme, secret data is shared as shared data parts equal to or greater than a threshold value in number such that the secret data cannot be reconstructed from shared data parts less than the threshold value in number. Each of the shared data pieces is created essentially from a different combination of the secret data pieces and the data pieces for secret sharing computation. The secret sharing process allows an algorithm desired by the user to be freely incorporated, and can prevent the secret data to be easily reconstructed even when more shared data parts than the threshold value are acquired by a third party.

Abstract: A communication system includes a first communication device, a second communication device, and a key management apparatus. The second communication device generates a random number, generates encrypted data using an encryption key, encrypts the random number, generates key information data, and transmits the key information data, identification information of the second communication device, and the encrypted data to the first communication device. The first communication device receives the key information data, the identification information, and the encrypted data, transmits the key information data and the identification information to the key management apparatus, receives the encryption key from the key management device, decodes the encrypted data and obtains the predetermined data using the received encryption key.

Abstract: A first image processing device of an image processing system performs a blurring process on captured first image data, obtains second image data, performs a distribution process on the first image data or third image data based on the first image data, obtains a plurality of shares, and transmits the second image data and the plurality of shares to at least one designated storage device. A second image processing device of the image processing system receives the second image data and the plurality of shares from the at least one designated storage device, and restores the first image data based on at least the plurality of shares.

Abstract: Provided is a signature verification system including a communication device and a verification device. The communication device and the verification device are connected to each other through a network. The communication device derives a first hash value from a first random number, derives a second hash value from data including electronic data and a certificate of the communication device which includes the first hash value and a public key of the communication device, using a unidirectional function, generates a signature using a secret key of the communication device with respect to the second hash value, and transmits the electronic data, the certificate, and the signature to the verification device.

Abstract: Provided is a terminal authentication system including a client terminal and a server device. The client terminal transmits first information based on secret information different for each client terminal and a client certificate including a hash value of the secret information which is derived from the secret information, to a server device. The server device receives the first information and the client certificate, derives a hash value from the secret information based on the first information using a unidirectional function, and authenticates the client terminal on the basis of the derived hash value and the hash value of the secret information which is included in the client certificate.

Abstract: Provided is a certificate issuing system including a client terminal and a server device. The client terminal derives a first hash value from a first random number using a unidirectional function, generates a secret key and a public key of the client terminal, and transmits the first hash value and the public key of the client terminal to the server device. The server device receives the first hash value and the public key of the client terminal from the client terminal, stores the first hash value, authenticates the client terminal on the basis of the stored first hash value and the derived first hash value, generates a client certificate on the basis of the public key of the client terminal and a secret key of the server device when the authentication succeeds, and transmits the client certificate to the client terminal.

Abstract: Provided is an authentication system in which a client terminal that receives input of request information is connected to a server that executes a process with regard to the request information. The client terminal includes: a first authentication information generation unit that generates first authentication information based on information which is shared with the server; an encryption unit that generates encryption information; and a transmission unit that transmits the request information and encryption information to the server.

Abstract: A communication system includes a first communication apparatus and a second communication apparatus. The first communication apparatus includes a partial image data generation unit, configured to generate partial image data which is obtained by extracting a partial component from image data, and a transmission unit, configured to transmit the partial image data generated by the partial image data generation unit to the second communication apparatus. The second communication apparatus includes a reception unit, configured to receive the partial image data transmitted by the transmission unit of the first communication apparatus.

Abstract: A communication apparatus communicates with another communication apparatus by using a first key. The communication apparatus includes a processing unit that conducts a handshake process for a key exchange with the another communication apparatus and a key encryption unit that conducts an encryption process by using a second key. The processing unit conducts a first handshake process with the another communication apparatus without exchanging information on the first key while serving as a reception side of key information. Then, the processing unit conducts a second handshake process with the another communication apparatus to transmit the information on the first key encrypted by the key encryption unit by using the second key to the another communication apparatus.

Abstract: In a secret sharing process based on an improved threshold scheme, secret data is shared as shared data parts equal to or greater than a threshold value in number such that the secret data cannot be reconstructed from shared data parts less than the threshold value in number. Each of the shared data pieces is created essentially from a different combination of the secret data pieces and the data pieces for secret sharing computation. The secret sharing process allows an algorithm desired by the user to be freely incorporated, and can prevent the secret data to be easily reconstructed even when more shared data parts than the threshold value are acquired by a third party.

Abstract: In order to protect SSL encrypted communication from MITM attacks, a server certificate is used in the communication. However, operation of the server certificate is not simple, and the certificate is not sufficient to protect the communication from the MITM attacks. In SSL encrypted communication in which a password is shared between a client and a server, the client encrypts random number data and a password by means of a public key, determines a value by processing encrypted data by means of encrypted password data, and transfers the thus-determined value to the server. The server eliminates the password encrypted data from the value and back calculates the random number data, which are then decrypted, to thus acquire the random number data generated by the client. A hash value of the random number data is submitted to the client.

Abstract: A decrypting apparatus for decrypting cryptography data included in a packet includes a receiver, a key generator, and a decrypting section. The receiver receives a packet transmitted from an encrypting apparatus that executes an encrypting process. The key generator generates a key used for the encrypting process. The decrypting section decrypts cryptography data included in the packet received by the receiver with using the key generated by the key generator. In the decrypting apparatus, the packet received by the receiver includes packet information used for generating the key. The key generator generates the key with using the packet information.

Abstract: There is provided a cryptographic communication apparatus for conducting a key exchange procedure with another cryptographic communication apparatus that shares a password. The apparatus includes a first encryption unit that encrypts information that is based on a first random number using a public key of the another apparatus, a second encryption unit that encrypts the information that is based on the first random number encrypted by the first encryption unit using the password, a third encryption unit that encrypts information that is based on a second random number using the first random number, and transmits a first signal and a second signal to the another apparatus, the first signal including the information that is based on the first random number encrypted by the second encryption unit, and the second signal including information that is based on the second random number encrypted by the third encryption unit.

Abstract: Processing for generating a plurality of pieces of distributed data from original data or processing for restoring original data from a plurality of pieces of distributed data is performed safely and quickly. A distribution and restoration apparatus 200 generates a plurality of pieces of distributed data SD1 to SD3 by dividing original data OD into a plurality of divided blocks DB1 to DB16 and performing an operation of exclusive OR using divided blocks of different combinations. A combination including divided blocks used in common in a plurality of pieces of distributed data and a combination including divided blocks used only in specific distributed data are present in combinations of divided blocks in each piece of distributed data. Therefore, the distribution and restoration apparatus 200 can generate a plurality of pieces of safe distributed data having high information entropy at high speed.

Abstract: In SSL encryption communication in which a client and a server share a password, the client generates random number data, encrypts the random number data with a public key and a password, and transmits the encrypted random number data to the server, so that the client and the server safely share the random number data having a bit length longer than that of the password. Safe cryptographic communication is performed without intermediaries by using the random number data or by mutually presenting a hash value of the random number data.

Abstract: There is provided a cryptographic communication apparatus for conducting a key exchange procedure with another cryptographic communication apparatus that shares a password. The apparatus includes a first encryption unit that encrypts information that is based on a first random number using a public key of the another apparatus, a second encryption unit that encrypts the information that is based on the first random number encrypted by the first encryption unit using the password, a third encryption unit that encrypts information that is based on a second random number using the first random number, and transmits a first signal and a second signal to the another apparatus, the first signal including the information that is based on the first random number encrypted by the second encryption unit, and the second signal including information that is based on the second random number encrypted by the third encryption unit.

Abstract: A communication apparatus communicates with another communication apparatus by using a first key. The communication apparatus includes a processing unit that conducts a handshake process for a key exchange with the another communication apparatus and a key encryption unit that conducts an encryption process by using a second key. The processing unit conducts a first handshake process with the another communication apparatus without exchanging information on the first key while serving as a reception side of key information. Then, the processing unit conducts a second handshake process with the another communication apparatus to transmit the information on the first key encrypted by the key encryption unit by using the second key to the another communication apparatus.

Abstract: A secret sharing apparatus generates, from secret data, a plurality of pieces of shared data from which the secret data is able to be restored. The secret data includes a plurality of pieces of divided data which does not include a random number. The secret sharing apparatus includes a shared data generating section which performs an XOR operation between the pieces of divided data and generates the plurality of pieces of shared data which includes the result of the XOR operation between the pieces of divided data.