Abstract: A terminal device according to an embodiment includes an accepting unit, a secret value generating unit, a response data generating unit, and an output unit. The accepting unit accepts an inquiry about genome data of each user. The secret value generating unit generates a secret value by applying a one-way function to the genome data. The response data generating unit generates response data to the inquiry on the basis of the secret value generated by the secret value generating unit and contents of the inquiry. The output unit outputs the response data generated by the response data generating unit.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. The one or more processors are configured to: estimate a related program related to a computer program identified with a specific program identifier; register, in a prior calculation result list, a calculation result for the related program and a related identifier for identifying the related program so that the calculation result and the related identifier are associated with each other; acquire the program identifier for identifying the program serving as an execution target; and verify whether the program serving as the execution target is permitted to be executed, based on the acquired program identifier, the calculation result corresponding to the related identifier indicating the acquired program identifier in the prior calculation result list, and a white list.

Abstract: According to one embodiment, there is provided an anonymization system including at least one encryption apparatus, an anonymization apparatus, and a decryption apparatus. The encryption apparatus store personal data including one or more values for each item, and generates encrypted data from the personal data by encrypting the one or more values for each item included in the personal data. The anonymization apparatus generates encrypted anonymized data from the encrypted data without decryption by anonymizing one or more values for at least a portion of the items of the encrypted data. The decryption apparatus generates anonymized data from the encrypted anonymized data by decrypting the encrypted anonymized data.

Abstract: According to an embodiment, an information processing apparatus includes one or more processor. The processor is configured to run a process and a process manager to manage the process. The process includes a first key generator, a first authentication code generator, and a first output unit. The first key generator is configured to generate a first message authentication key by using process unique data assigned by the process manager. The first authentication code generator is configured to generate a first message authentication code by using the first message authentication key and a first message. The first output unit is configured to transmit the first message and the first message authentication code to the process manager.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry. The processing circuitry is configured to detect writing on a first file and register, in a restriction target storage, file information on the first file and perform, when processing on a second file is requested and file information on the second file coincides with the file information stored in the restriction target storage, first restriction to restrict the processing on the second file.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry configured to function as a start process control unit, a file read detection unit, a determination unit, and a file reading unit. The start process control unit is configured to register at least a specific process of started processes in an identifiable manner into a first list. The file read detection unit is configured to detect a request to read a file by the specific process registered in the first list. The determination unit is configured to determine whether to allow reading of the requested file based on a first condition. The file reading unit is configured to control reading of the file in accordance with a determination result of the determination unit.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. One or more processors acquire first distinctive information of a first piece of software to be executed. When a whitelist that specifies distinctive information of pieces of software that are permitted to be executed records the distinctive information indicating the first distinctive information, one or more processors distinctively identify, as second distinctive information, the distinctive information of a second piece of software that represents another piece of software relating to the first piece of software in the whitelist.

Abstract: According to one embodiment, a management device includes a management tree storage and one or more processors. The management tree storage stores therein a binary tree including a plurality of nodes that are assigned with respective node keys. The processors update at least one of the node keys. The processors selects at least one of a first subtree and a second subtree, the first subtree and the second subtree being subtrees including leaf nodes of the binary tree, the leaf nodes corresponding to respective communication devices included in a group, the first subtree including only leaf nodes with the respective node keys assigned thereto not having been updated, the second subtree including only leaf nodes with the respective node keys assigned thereto having been updated. The processors transmit a group key encrypted using a node key assigned to a root node of the selected subtree.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry configured to function as a start process control unit, a file read detection unit, a determination unit, and a file reading unit. The start process control unit is configured to register at least a specific process of started processes in an identifiable manner into a first list. The file read detection unit is configured to detect a request to read a file by the specific process registered in the first list. The determination unit is configured to determine whether to allow reading of the requested file based on a first condition. The file reading unit is configured to control reading of the file in accordance with a determination result of the determination unit.

Abstract: According to one embodiment, an anonymization apparatus according to an embodiment is configured to execute a determination process, a division process, and a process of recursively executing at least the determination process and the division process, and to thereafter execute anonymization. A number-of-kinds calculation circuit calculates a number of kinds of different attribute values for each of a plurality of attributes, before the determination process is executed. A determination circuit determines the attribute to be noticed, based on also the calculated number of kinds. A sort circuit sorts a plurality of personal data items, based on the calculated number of kinds, before the division process is executed.

Abstract: An anonymization indicator computation system of the embodiment includes a data storing device, an anonymization device, an anonymization degree computation device, and an addition degree computation device. The data storing device stores original data including a value for each item for each person. The anonymization device generates anonymized data from the original data by anonymizing values of part of items in the original data. The anonymization degree computation device computes the anonymization degree indicating a degree of anonymizing data based on the anonymized data. The addition degree computation device computes the data addition degree indicative of a probability of generating the anonymized data from the original data.

Abstract: A data management device according to an embodiment stores first encrypted data obtained by encrypting plain text data with a first public key of a first user device. The data management device stores a first re-encryption key for re-encrypting the first encrypted data without decrypting to obtain first re-encrypted data decryptable with a private key of a second user device. The data management device stores a conversion key generated from a first private key corresponding to the first public key and a second private key of the first user device. The data management device converts the first encrypted data into second encrypted data with the conversion key. The data management device The data management device converts the first re-encryption key into a second re-encryption key with the conversion key.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. One or more processors acquire first distinctive information of a first piece of software to be executed. When a whitelist that specifies distinctive information of pieces of software that are permitted to be executed records the distinctive information indicating the first distinctive information, one or more processors distinctively identify, as second distinctive information, the distinctive information of a second piece of software that represents another piece of software relating to the first piece of software in the whitelist.

Abstract: According to an embodiment, an information processing apparatus includes one or more processor. The processor is configured to run a process and a process manager to manage the process. The process includes a first key generator, a first authentication code generator, and a first output unit. The first key generator is configured to generate a first message authentication key by using process unique data assigned by the process manager. The first authentication code generator is configured to generate a first message authentication code by using the first message authentication key and a first message. The first output unit is configured to transmit the first message and the first message authentication code to the process manager.

Abstract: According to an embodiment, an information processing apparatus includes processing circuitry. The processing circuitry is configured to detect writing on a first file and register, in a restriction target storage, file information on the first file and perform, when processing on a second file is requested and file information on the second file coincides with the file information stored in the restriction target storage, first restriction to restrict the processing on the second file.

Abstract: According to an embodiment, an information processing apparatus includes one or more processors. The one or more processors are configured to: estimate a related program related to a computer program identified with a specific program identifier; register, in a prior calculation result list, a calculation result for the related program and a related identifier for identifying the related program so that the calculation result and the related identifier are associated with each other; acquire the program identifier for identifying the program serving as an execution target; and verify whether the program serving as the execution target is permitted to be executed, based on the acquired program identifier, the calculation result corresponding to the related identifier indicating the acquired program identifier in the prior calculation result list, and a white list.

Abstract: According to one embodiment, an encryption device encrypts each of numerical values based on an encryption key, and generates encrypted data. On the basis of each of the encrypted data, a computation device generates a primary computation result corresponding to data in which a computation result of an expression that has added and subtracted each of the numerical values is encrypted. On the basis of the primary computation result, a secondary computation key and random numbers, a computation assist device generates a secondary computation result. The computation device generates a tertiary computation result based on the secondary computation result and a tertiary computation key, and decides the magnitude relation between a minuend and a subtrahend in the expression based on the tertiary computation result.

Abstract: According to one embodiment, a management device includes a management tree storage and one or more processors. The management tree storage stores therein a binary tree including a plurality of nodes that are assigned with respective node keys. The processors update at least one of the node keys. The processors selects at least one of a first subtree and a second subtree, the first subtree and the second subtree being subtrees including leaf nodes of the binary tree, the leaf nodes corresponding to respective communication devices included in a group, the first subtree including only leaf nodes with the respective node keys assigned thereto not having been updated, the second subtree including only leaf nodes with the respective node keys assigned thereto having been updated. The processors transmit a group key encrypted using a node key assigned to a root node of the selected subtree.

Abstract: According to one embodiment, there is provided an anonymization system including at least one encryption apparatus, an anonymization apparatus, and a decryption apparatus. The encryption apparatus store personal data including one or more values for each item, and generates encrypted data from the personal data by encrypting the one or more values for each item included in the personal data. The anonymization apparatus generates encrypted anonymized data from the encrypted data without decryption by anonymizing one or more values for at least a portion of the items of the encrypted data. The decryption apparatus generates anonymized data from the encrypted anonymized data by decrypting the encrypted anonymized data.

Abstract: According to one embodiment, an anonymization apparatus according to an embodiment is configured to execute a determination process, a division process, and a process of recursively executing at least the determination process and the division process, and to thereafter execute anonymization. A number-of-kinds calculation circuit calculates a number of kinds of different attribute values for each of a plurality of attributes, before the determination process is executed. A determination circuit determines the attribute to be noticed, based on also the calculated number of kinds. A sort circuit sorts a plurality of personal data items, based on the calculated number of kinds, before the division process is executed.