Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: Each domain is provided with an access right management device which creates a resource-sharing policy and performs processing for resource-sharing policy negotiation between a plurality of domain administrators. An access right management device that has created a resource-sharing policy identifies, for each policy unit included in the resource-sharing policy, an access right management device that is a negotiating partner to negotiate with about the policy unit in question. The access right management device generates negotiation information including an identification name of the identified negotiating-partner access right management device and the policy unit in question and sends the negotiation information to the negotiating-partner access right management device. Only when all policy units are agreed on by respective identified negotiating-partner access right management devices, the resource-sharing policy is set on shared resources.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.

Abstract: An information sharing system manages computing resources such as files and processes by virtually assigning them to a compartment that is a unique area identified by a group ID. As the information sharing system detects a file input event of an object by using the compartment, it authorizes only referring to files belonging to the same compartment or a lower order compartment. Additionally, as the information sharing system detects a file output event of an object, it allows files to be arranged within only the same compartment. By doing so, it is possible for remotely located users of a user group to share confidential information within the group and at the same time also share information ordinarily and more broadly.

Abstract: A policy storage stores an access control policy as a set of setting information items to make resources (access destinations) shared by an adhoc group. When a part of the access control policy is edited, a policy analyzer updates a rule generated from the edited access control policy. At this time, the rule is updated with use of object knowledge having a data configuration capable of expressing a user as belonging to plural user groups. An access control list setting means updates a part of an access control list, based on the updated rule. Accordingly, an access control list can be generated with respect to a user group including a user who belongs to plural organizations, and the access control list can be updated efficiently.

Abstract: An editing apparatus generates a capsular work in which usage conditions for each of plural usages and usage secret information, obtained by encrypting a decryption key encrypted work data with ticket keys which differ depending on usage from each other, are encapsulated together with the encrypted work data. A ticket server apparatus, which manages the usage conditions and the ticket keys, issues a ticket containing a ticket key in the case of allowing a user to practice the usage requested by the user. A distribution center apparatus, which manages the capsular work, distributes the capsular work in accordance with the user's request. An audiovisual apparatus acquires the capsular work from the distribution center apparatus and requests the ticket necessary to make use of the capsular work from the ticket server apparatus.

Abstract: An editing apparatus generates a capsular work in which usage conditions for each of plural usages and usage secret information, obtained by encrypting a decryption key of encrypted work data with ticket keys which differ depending on usage from each other, are encapsulated together with the encrypted work data. A ticket server apparatus, which manages the usage conditions and the ticket keys, issues a ticket containing a ticket key in the case of allowing a user to practice the usage requested by the user. A distribution center apparatus, which manages the capsular work, distributes the capsular work in accordance with the user's request. An audiovisual apparatus acquires the capsular work from the distribution center apparatus and requests the ticket necessary to make use of the capsular work from the ticket server apparatus.

Abstract: An attack defending system allows effective defense against attacks from external networks even when a communication system uses a communication path encryption technique such as SSL. A firewall device and a decoy device are provided. The firewall device refers to the header of an input IP packet and, when it is determined that the input IP packet is suspicious, it is guided into the decoy device. The decoy device monitors a process providing a service to detect the presence or absence of attacks. When an attack has been detected, an alert including the attack-source IP address is sent to the firewall device so as to reject subsequent packets from attack source.