Abstract: A search execution device receives a trapdoor generated based on a user secret key in which a search auxiliary key and an attribute of a user are set and a search keyword, together with a key identifier (ID) that identifies the search auxiliary key. The search execution device decrypts an encrypted tag in which an attribute of a user who is allowed retrieval and a search word are set, using the received trapdoor and the search auxiliary key indicated by the received key ID, so as to identify a tag that is retrievable for the attribute set in the user secret key and contains a search word corresponding to the search keyword.

Abstract: An ontology generation unit (110) generates information that represents an access policy for each attribute of access in a hierarchical structure, as a plurality of ontologies (30). An application rule generation unit (120) generates an application rule (40). A policy candidate extraction unit (140) acquires an access request (51), and extracts an ontology (30) that includes an attribute included in the access request (51) as an access policy candidate from the plurality of ontologies. An access rule determination unit (150) specifies a plurality of access policies that match the attribute included in the access request (51) form the access policy candidate, applies the application rule (40) to the plurality of access policies, and determines an access rule. A propriety decision unit (160) decides propriety of access based on the access rule.

Abstract: An anonymization apparatus (100) includes an anonymization unit (120), a plurality of attack units (131), a degree of safety calculation unit (133), and a parameter adjustment unit (140). The anonymization unit (120) generates anonymized data. Each of the plurality of attack units (131) generates re-identification data that corresponds to the anonymized data using a re-identification attack algorithm that differs from each other. The degree of safety calculation unit (133) calculates a degree of safety of each piece of the re-identification data that each of the plurality of attack units (131) generated. The parameter adjustment unit (140) adjusts an anonymization parameter in a case where at least one of the degrees of safety does not satisfy a degree of safety standard.

Abstract: A registration destination determination device (50) determines which data management device, among a plurality of data management devices (20A, 20B), is to manage registration data, such that, with a data type constituting the registration data as a target type, an appearance frequency distribution of values set for the target type of the registration data managed by each of the plurality of data management devices (20A, 20B) is different from an appearance frequency distribution of values set for the target type of the registration data managed by the whole of the plurality of data management devices (20A, 20B).

Abstract: An encrypted data receiving unit (201) receives encrypted data which has been encrypted, in which a decryption condition to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is embedded. A data storage unit (202) stores the encrypted data received by the encrypted data receiving unit (201) in an encrypted state. A revocation processing unit (209) adds revocation information in which a user attribute of a revoked user who is no longer the decryption-permission user is indicated, to an embedded decryption condition that is embedded in the encrypted data, while the encrypted data remains in an encrypted state.

Abstract: In a server apparatus, a data storage part stores a plurality of pieces of encrypted data. An index storage part stores, as an index I, a data structure which is for performing search with using a function H that outputs a unique numeric value in response to an inputted keyword, the data structure having a plurality of storage areas corresponding, in one-to-one relation, to numeric values outputted from the function H, and storing, for a plurality of keywords corresponding to plaintext data, an identifier of encrypted data being post-encryption data of the plaintext data to which each keyword corresponds, in a storage area corresponding to the numeric value outputted from the function H when each keyword is inputted.

Abstract: This invention is concerning a data disturbance device capable of protecting privacy according to the needs of each individual while maintaining data usability. The data disturbance device has a disturbance object setting unit that calculates a disturbance parameter necessary to disturb information, which is set as information to be disturbed, out of items of information contained in acquired data, and a data disturbance unit that generates disturbed data by irreversibly converting the acquired data using the disturbance parameter.

Abstract: An object is to enable to search genetic information in an encrypted state. An encryption apparatus (200) encrypts a target gene which is genetic information to be stored in a storage apparatus and generates an encrypted gene, as well compares a reference gene which is predefined genetic information with the target gene to generate differential information, and generates an encrypted tag which is encrypted by embedding the generated differential information. A data center (400) stores the encrypted gene with related to the encrypted tag in the storage apparatus. A search apparatus (300) generates a search query which is encrypted by embedding the differential information as a search keyword, and sends the generated search query to a data center (400). The data center (400) specifies the encrypted tag including the differential information specified in the search query, extracts the related encrypted gene, and sends the encrypted gene to the search apparatus (300).

Abstract: A registration destination determination device (50) determines which data management device, among a plurality of data management devices (20A, 20B), is to manage registration data, such that, with a data type constituting the registration data as a target type, an appearance frequency distribution of values set for the target type of the registration data managed by each of the plurality of data management devices (20A, 20B) is different from an appearance frequency distribution of values set for the target type of the registration data managed by the whole of the plurality of data management devices (20A, 20B).

Abstract: A server device 201 comprises a communication part 231, a search history storage region 213, a data storage part 210, and a checking part 220. The communication part receives a set of a trapdoor and a deterministic encrypted keyword from a search device 401. The search history storage region 213 stores the set of the trapdoor and the deterministic encrypted keyword. The data storage part 210 stores keyword information in which search target data and an encrypted keyword are associated with each other. If the deterministic encrypted keyword is obvious, a deterministic encrypted keyword corresponding to the encrypted keyword is additionally associated with the search target data and the encrypted keyword in the keyword information. The checking part 220 checks whether or not a deterministic encrypted keyword which matches the received deterministic encrypted keyword exists in the search history storage region 213.

Abstract: Methods and systems for transmitting user aggregate data to a third party, such that a privacy of the aggregated data is protected, while analytical usefulness of the aggregated data is preserved. The method including receiving, using a transceiver, aggregated data including time-series data collected over a period of time. Selecting, from a memory, a mapping for transforming a segment of the aggregated data of a predetermined size. Partitioning the aggregated data into a multiple data segments, each data segment is of the predetermined size. Transforming each data segment using the mapping to produce multiple transformed data segments, wherein each data segment is transformed by the mapping independently from other data segments. Finally, transmitting, using the transceiver, the multiple transformed data segments to a third party over a communication channel, wherein steps of the method are performed by a processor operatively connected with the memory and the transceiver.

Abstract: A data storage unit (202) stores encrypted data while remaining in an encrypted state, and stores decryption conditions to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data. In a case wherein revocation information to indicate a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing arrives, a revocation information removing unit (206) removes the revocation information from the decryption condition while the encrypted data remains in the encrypted state.

Abstract: A data generation device 101 transmits communication data bound for a data receiving device 105 from a transmission unit, and a monitoring device 103 receives the communication data. The monitoring device 103 requests retransmission of the communication data to the data generation device 101, and the data generation device 101 retransmits the communication data from a retransmission unit being different from the transmission unit. The monitoring device 103 receives retransmission data retransmitted from the retransmission unit, compares the communication data with the retransmission data. If the communication data and the retransmission data are identical, the monitoring device 103 transmits the communication data to the data receiving device 105. If the communication data and the retransmission data are not identical, the monitoring device 103 transmits a message which notifies that the communication data and the retransmission data are not identical to the data generation device 101.

Abstract: The present invention relates to an authentication device that executes an online transaction typified by a transfer process of an online banking service. The authentication device includes a secret information storage unit to store secret information; a verification unit to verify validity of input data including input information of a user; an information extraction unit to extract the input information from the input data the validity of which has been verified by the verification unit; an authentication information generation unit to generate authentication information with the input information extracted by the information extraction unit and the secret information stored in the secret information storage unit; and a display unit to display the authentication information generated by the authentication information generation unit.

Abstract: A database (7) stores a first identifier and visiting destination authentication information in association with each other, the first identifier being generated from visitor authentication information which is one of an encrypted face photograph image and key data used for generating the encrypted face photograph image, the visiting destination authentication information being the other of the encrypted face photograph image and the key data. An authentication terminal apparatus (9) receives authentication data from a mobile terminal device (2) used by a visitor (1) who intends to enter a facility and generates a second identifier from the authentication data in the same generation procedure as that of the first identifier.

Abstract: Methods and systems for transmitting user aggregate data to a third party, such that a privacy of the aggregated data is protected, while analytical usefulness of the aggregated data is preserved. The method including receiving, using a transceiver, aggregated data including time-series data collected over a period of time. Selecting, from a memory, a mapping for transforming a segment of the aggregated data of a predetermined size. Partitioning the aggregated data into a multiple data segments, each data segment is of the predetermined size. Transforming each data segment using the mapping to produce multiple transformed data segments, wherein each data segment is transformed by the mapping independently from other data segments. Finally, transmitting, using the transceiver, the multiple transformed data segments to a third party over a communication channel, wherein steps of the method are performed by a processor operatively connected with the memory and the transceiver.

Abstract: A data storage unit (202) stores encrypted data while remaining in an encrypted state, and stores decryption conditions to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data. In a case wherein revocation information to indicate a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing arrives, a revocation information removing unit (206) removes the revocation information from the decryption condition while the encrypted data remains in the encrypted state.

Abstract: An encrypted data receiving unit (201) receives encrypted data which has been encrypted, in which a decryption condition to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is embedded. A data storage unit (202) stores the encrypted data received by the encrypted data receiving unit (201) in an encrypted state. A revocation processing unit (209) adds revocation information in which a user attribute of a revoked user who is no longer the decryption-permission user is indicated, to an embedded decryption condition that is embedded in the encrypted data, while the encrypted data remains in an encrypted state.

Abstract: In a server apparatus (301), a data storage part (303) stores a plurality of pieces of encrypted data. An index storage part (304) stores, as an index I, a data structure which is for performing search with using a function H that outputs a unique numeric value in response to an inputted keyword, the data structure having a plurality of storage areas corresponding, in one-to-one relation, to numeric values outputted from the function H, and storing, for a plurality of keywords corresponding to plaintext data, an identifier of encrypted data being post-encryption data of the plaintext data to which each keyword corresponds, in a storage area corresponding to the numeric value outputted from the function H when each keyword is inputted.

Abstract: A data search server stores a system ciphertext including a data ciphertext and a keyword ciphertext in each category-specific DB unit for each data category, and stores each category-determination secret key being associated with each category-specific DB unit. A search request receiving unit receives from a data search terminal a search request including a search trapdoor and an index tag. A data searching unit searches for a category-determination secret key with which the index tag is decrypted to the same value as a key-determination value. Using the search trapdoor, the data searching unit performs a search of a Public-key Encryption with Keyword Search scheme on system ciphertexts in a category-specific DB unit associated with this category-determination secret key. A search result transmitting unit transmits to the data search terminal a data ciphertext included in a system ciphertext which has been found as a hit in the search.