Patents by Inventor Masayuki Numao
Masayuki Numao has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20050144460Abstract: Effective utilization of a database while protecting a data provider's privacy is accomplished by an access control system which controls access to a database in which open information and secret information about a data provider are stored while being related to each other has an output request acquisition section which obtains an output request for output of information generated by accessing the database, a plural-term output authorization section which prohibits output of information generated by combining the open information and the secret information in output information requested to be output according to the output request, and which permits output of information generated by using the secret information without using the open information, and an output section which outputs the information in the output information permitted by the plural-term output authorization section to be output.Type: ApplicationFiled: December 1, 2004Publication date: June 30, 2005Inventors: Madoka Yuriyama, Yuji Watanabe, Masayuki Numao
-
Publication number: 20050141720Abstract: Provided is a method for updating a group key in a highly secure manner and at high speed. A method includes: a step of making subscriber terminals (20) perform a part of decryption of an encrypted group key used to decrypt the information before distribution of the group key; a step of distributing the group key and individual decryption information used to perform a part of remaining decryption other than the part of decryption of the group key and corresponding to terminal devices to the subscriber terminals (20); and a step of making the subscriber terminals (20) perform decryption of the group key using the decryption information being distributed and results obtained by implementing a part of decryption of the group key, the part of decryption previously being performed.Type: ApplicationFiled: April 28, 2003Publication date: June 30, 2005Inventors: Yuji Watanabe, Masayuki Numao
-
Publication number: 20050097349Abstract: An access management system includes an access administration apparatus which permits access to a database when the access request satisfies an access permission condition, and a policy determination apparatus which determines whether the access permission condition is satisfied by the access request; in which the access administration apparatus stores decision information containing a decision as to whether the access permission condition is satisfied, determines that the access request satisfies the access permission condition if the decision information has a predetermined inclusion relation with the access request, receives a decision as to whether the access permission condition is satisfied by the access request from the policy determination apparatus if it is determined that the decision information does not have the inclusion relation with the access request, and permits access to the database if it is determined that the access request satisfies the access permission condition.Type: ApplicationFiled: October 6, 2004Publication date: May 5, 2005Inventors: Yuji Watanave, Masayuki Numao, Madoka Yuriyama, Keitaroh Dohmen
-
Publication number: 20040260699Abstract: Provides access management methods and systems wherein privacy needs are taken into consideration. An example access management system of this invention includes an authorization engine, which controls access to a registrant database storing registrant data including privacy data of a registrant and controls the access to the registrant database by use of a given privacy policy and by use of condition data designated by the registrant. The authorization engine includes an authorization judgment unit, which decides an access type from an access request received from outside and concerning the registrant data, controls reference to the registrant database based on the access request by use of access authorization data to be decided prior to the access request regarding the access type.Type: ApplicationFiled: March 18, 2004Publication date: December 23, 2004Applicant: International Business Machines CorporationInventors: Yoshinori Aoki, Masayuki Numao, Yuji Watanabe, Madoka Yuriyama
-
Publication number: 20040205348Abstract: An ID creating apparatus includes a derivative value creating unit for creating a derivative value, a user ID encrypting unit for creating encrypted ID by encrypting information including the user ID and the derivative value based on an encryption key, and a derivative ID creating unit for creating derivative ID based on the encrypted ID. An ID resolving apparatus includes an encrypted ID extracting unit for extracting the encrypted ID included in the derivative ID, an encrypted ID decrypting unit for decrypting the encrypted ID based on a decryption key corresponding to the encryption key and thereby creating decrypted ID, and an ID judging unit for determining that the derivative ID is created from the user ID when part of the decrypted ID coincides with information created based on the user ID.Type: ApplicationFiled: December 17, 2003Publication date: October 14, 2004Applicant: International Business Machines CorporationInventors: Yuji Watanabe, Yoshinori Aoki, Masayuki Numao
-
Patent number: 6701435Abstract: A method and a system for safely generating a cryptographic key that is separately provided to a plurality of servers. Through the collaboration of multiple users a cryptographic key is generated for the servers. Specifically, random values are exchanged among the multiple servers, and based on these values, cryptographic keys are generated. Even though the cyclic feature of the cryptographic keys of the individual servers is lost by the exchange of the random values by at least two servers, the cyclic feature for the overall system can be maintained. Public keys for the multiple cryptographic keys are generated and are published. A new public key is generated by combining a plurality of public keys, and a corresponding cryptographic key is calculated by using the cryptographic keys of the individual servers.Type: GrantFiled: August 16, 1999Date of Patent: March 2, 2004Assignee: International Business Machines CorporationInventors: Masayuki Numao, Michiharu Kudo
-
Publication number: 20040037424Abstract: Information distribution methods, systems and apparatus are provided in which, rather than specifying the addresses of recipients of a content, a combination of attributes is specified as criteria so that only those recipients that meet the criteria can receive the content. An example embodiment, provides an attribute key management server for managing secret keys and public keys for given attribute values, user terminals for accessing the attribute key management server to obtain attribute secret keys corresponding to their attributes generated based on secret keys, and a provider terminal for generating an encrypted content that can be decrypted by user terminals that has the attribute secret keys corresponding to given attributes. The provider terminal distributes the encrypted content and the user terminals decrypt the encrypted content that can be decrypted by using their attribute secret keys.Type: ApplicationFiled: June 20, 2003Publication date: February 26, 2004Applicant: International Business Machines CorporationInventors: Masayuki Numao, Yuji Watanabe
-
Publication number: 20040034628Abstract: A database search system ensures the privacy of a search request and the security of a database with high processing efficiency. The system comprises a database server residing on a network that stores predetermined data, and a client terminal issuing to the database server a search request for inquiring for desired data while keeping the desired data secret. The database server further comprises: a database storing predetermined data; and a search response message generation unit for receiving through a network the data search request in which data to be searched for is kept secret, searching the database by a predetermined computation based on the search request and a list of the data stored in the database while a data item involved with the search request is kept secret, and generating a response to the search request.Type: ApplicationFiled: April 22, 2003Publication date: February 19, 2004Applicant: International Business Machines CorporationInventors: Masayuki Numao, Yuji Watanabe
-
Publication number: 20040025019Abstract: Cryptographic communication system including a sender terminal for encrypting and transmitting a message, a recipient terminal for receiving and decrypting the encrypted message, an agent terminal for decrypting the message in place of the recipient terminal, and a conversion server for supporting the agent terminal to decrypt the message. The sender terminal encrypts the message using a public key of the recipient terminal. Using a public key of the conversion server, a predetermined restricted condition, and a secret key for decryption of the message, the recipient terminal generates a delegation key allowing decryption of the message under the restricted condition and passes the delegation key to the agent terminal. The conversion server validates a power of the agent terminal to decrypt the message based on the information contained in the delegation key from the agent terminal. The agent terminal then decrypts the message with validation of the conversion server.Type: ApplicationFiled: June 3, 2003Publication date: February 5, 2004Applicant: International Business Machines CorporationInventors: Yuji Watanabe, Masayuki Numao
-
Publication number: 20040003254Abstract: A method, apparatus and system to ensure the security in the information exchange and to provide list matching with higher efficiency and practicality. In a particular embodiment, each of lists to be subject to list matching is represented as a polynomial having roots equivalent to the items of the list. Then, polynomials generated for the lists to be subject to list matching are added according to a distributed secret computation. A list containing an item equivalent to a root of a polynomial resulting from the addition is created and output as the list of a common item.Type: ApplicationFiled: October 3, 2002Publication date: January 1, 2004Inventors: Masayuki Numao, Yuji Watanabe
-
Patent number: 6647388Abstract: It is one object of the present invention to use an access control process to evaluate under a specific condition an access permission request. An access control system 100 comprises a resource document 40 in which a policy description is stored; a policy evaluation module 10 for receiving an external request 110 for accessing the data file, for extracting, from the resource document 40, the policy description that is associated with target data for the access request 110, and for evaluating the policy description to determine whether or not the access request 110 is to be permitted; an enforcement function verification module 20 for, when an existing condition can not be evaluated using only the information included in the policy evaluation module 10, determining whether the condition can be evaluated or can be established; and an enforcement module 30 for evaluating or establishing the condition that, in accordance with the enforcement function verification module 20, can be evaluated or established.Type: GrantFiled: December 15, 2000Date of Patent: November 11, 2003Assignee: International Business Machines CorporationInventors: Masayuki Numao, Michiharu Kudoh, Tomio Amano
-
Publication number: 20030081789Abstract: Provides encryption methods, and systems and apparatus corresponding decryption method systems and apparatus in which terminals belonging to a subset selected as a recipient group can collaborate to decrypt encrypted information. In an example embodiment, a sender and recipients communicate information over a network. The sender sends information encrypted by using a group key that can be decrypted by collaboration among a given number of recipients to the recipients in a predetermined recipient group. On the other hand, the recipients receive encrypted data from the sender, exchange partial information concerning the encrypted data among a plurality of recipients in the recipient group to obtain decryption information used for decrypting the encrypted data, and decrypt the sent information by using the decryption information.Type: ApplicationFiled: October 15, 2002Publication date: May 1, 2003Applicant: International Business Machines CorporationInventors: Masayuki Numao, Yuji Watanabe
-
Patent number: 6512835Abstract: The present invention provides a data hiding method of hiding media data in message data and a data extraction method of extracting the hidden data wherein message data is dispersively hidden in media data such as an image or sound to prevent a third person from modifying the message data easily.Type: GrantFiled: January 10, 2000Date of Patent: January 28, 2003Assignee: International Business Machines CorporationInventors: Masayuki Numao, Shuichi Shimizu, Norishige Morimoto, Mei Kobayashi
-
Patent number: 6381695Abstract: An object of the invention is to provide an encryption system and method for inhibiting the decryption of encrypted data unless a decryption condition is satisfied. Thus, according to the present invention, in order to provide the encryption system for inhibiting the decryption of encrypted data unless a decryption condition is satisfied, decryption enabled time is designated as a decryption condition, and an encryption system incorporating time-dependent decryption is constituted by a time-key certificate and a time-key certificate manager. A time-key certificate is employed when a third party proves that a public encryption key added to the certificate satisfies the decryption condition. The time-key certificate manager issues a time-key certificate and then manages a decryption key.Type: GrantFiled: July 14, 1998Date of Patent: April 30, 2002Assignee: International Business Machines CorporationInventors: Michiharu Kudo, Masayuki Numao, Hiroshi Kawazoe
-
Patent number: 6377688Abstract: The object of the present invention is to provide a cryptographic communication system that maintains a high level of information security without a sender and a receiver being required to manage a secret key. According to the system of the present invention, a dedicated decryption server that has a secret key is employed in addition to a transmitter used by a sender and a receiver used by a recipient. While the presence of nonencrypted messages in the server is precluded, the server can decrypt an encrypted message and send the decrypted message to an authorized receiver.Type: GrantFiled: December 31, 1997Date of Patent: April 23, 2002Assignee: International Business Machines CorporationInventor: Masayuki Numao
-
Publication number: 20010052071Abstract: An object of the invention is to provide an encryption system and method for inhibiting the decryption of encrypted data unless a decryption condition is satisfied. Thus, according to the present invention, in order to provide the encryption system for inhibiting the decryption of encrypted data unless a decryption condition is satisfied, decryption enabled time is designated as a decryption condition, and an encryption system incorporating time-dependent decryption is constituted by a time-key certificate and a time-key certificate manager. A time-key certificate is employed when a third party proves that a public encryption key added to the certificate satisfies the decryption condition. The time-key certificate manager issues a time-key certificate and then manages a decryption key.Type: ApplicationFiled: July 14, 1998Publication date: December 13, 2001Inventors: MICHIHARU KUDO, MASAYUKI NUMAO, HIROSHI KAWAZOE
-
Publication number: 20010023421Abstract: It is one object of the present invention to use an access control process to evaluate under a specific condition an access permission request.Type: ApplicationFiled: December 15, 2000Publication date: September 20, 2001Applicant: International Business Machines CorporationInventors: Masayuki Numao, Michiharu Kudoh, Tomio Amano
-
Patent number: 6078330Abstract: To simplify the solid model selection work of the user. An image processing unit prepares a cell decomposition model from three orthographic view data, a link of individual cells C1, C2, C3, C4, . . . in the prepared cell decomposition model is detailed referring to lines E1, . . . represented on the three orthographic views, and a solid model is constructed according to a non-conflicting cell combination.Type: GrantFiled: October 7, 1993Date of Patent: June 20, 2000Assignee: International Business Machines CorporationInventors: Hiroshi Masuda, Masayuki Numao, Shuichi Shimizu
-
Patent number: 6055321Abstract: The present invention provides a data hiding method of hiding media data in message data and a data extraction method of extracting the hidden data wherein message data is dispersively hidden in media data such as an image or sound to prevent a third person from modifying the message data easily.More specifically, the present invention relates to a data hiding method in which media data is expressed as a media array while message data is expressed as a message array so that the array elements of the message array can be dispersively hidden in the message array based on a state values specifying a particular array element of the media array, comprising the steps of:(a) determining the j-th (j.gtoreq.0) state value S.sub.j ;(b) determining (j+1)-th state value S.sub.Type: GrantFiled: June 3, 1997Date of Patent: April 25, 2000Assignee: International Business Machines CorporationInventors: Masayuki Numao, Shuichi Shimizu, Norishige Morimoto, Mei Kobayashi
-
Patent number: 6005936Abstract: A digital camera for embedding authentication information to detect the identity of a photographed image into an image. By supplying the authentication information integrally with image data, the verifier is enabled to verify the image data without saving the authentication information. Particularly, by converting the light inputted through an optical system to an electric signal, a CCD outputs an analog signal of an image which is converted to a digital signal. In response to the digital signal of the image, a digital camera having a region dividing unit divides the digital image into first and second regions. Authentication information is generated from data in the first region, which information is then encrypted. The encrypted authentication information is embedded into the second image region. The first and second image regions are then combined.Type: GrantFiled: August 25, 1997Date of Patent: December 21, 1999Inventors: Shuichi Shimizu, Masayuki Numao, Norishige Morimoto