Abstract: According to one embodiment, a semiconductor device includes a source region having p-type conductivity, a drain region having p-type conductivity, a channel region provided between the source region and the drain region and having n-type conductivity, a lower gate insulating film provided on the channel region, a lower gate electrode provided on the lower gate insulating film, an upper gate insulating film provided on the lower gate electrode, an upper gate electrode provided on the upper gate insulating film, and a switching element connected between the lower gate electrode and the source region.

Abstract: The present invention shortens the time required for watch list verification, and shortens the time required generally for the personal identification processing which includes watch list verification. In a personal identification system, a biometric information watch list comparison function (31) performs a first comparison of first biometric information in a traveler information DB (53), and biometric information on a biometric information watch list (52). Thereafter, a simplified alien immigration examination comparison function (41) performs a second comparison of the first biometric information in the traveler information DB (53), and second biometric information acquired by a biometric information acquisition function (62). As a result of the comparison, in the case where the difference between the time of the first comparison and the current time is within a previously defined time period, a terminal displays a first comparison result, and a second comparison result.

Abstract: In additional enrollment of a template in a biometric authentication system, the template is automatically enrolled on the basis of a plurality of authentication results to assure a user's convenience and security. A post-migration authentication server receives a first template and a second template from a post-migration authentication terminal, performs authentication on the basis of the comparison result between the received first template and the user's preliminarily first enrolled template, and provisionally enrolls the first template and the second template. It repeats the reception, authentication, and provisional enrollment and calculates a match probability from a plurality of comparison results of the provisionally first enrolled templates, determines whether or not to store a second enrolled template on the basis of the match probability, and automatically enrolls the second template in the post-migration authentication server.

Abstract: According to one embodiment, a semiconductor device includes a source region having p-type conductivity, a drain region having p-type conductivity, a channel region provided between the source region and the drain region and having n-type conductivity, a lower gate insulating film provided on the channel region, a lower gate electrode provided on the lower gate insulating film, an upper gate insulating film provided on the lower gate electrode, an upper gate electrode provided on the upper gate insulating film, and a switching element connected between the lower gate electrode and the source region.

Abstract: The present invention provides a system and a method for speeding up immigration. In first immigration, first biometric information is stored in a immigration biometric information DB. A normal immigration client terminal displays a first result of comparing an ID information watch list with a biometric information watch list. In subsequent second immigration, the first biometric information in the immigration biometric information DB is compared with second biometric information obtained by a simplified immigration client terminal. Then, the simplified immigration client terminal displays a second result of comparing the first biometric information with the watch list information that is added after the first comparison is done. Thus even if the number of registrations in a watch list database is large, a small amount of similar watch list information is displayed, reducing the time for checking the results by the operator.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: An encrypted communication system is provided, in which an encryption key for use in encrypted communication and settings information for the encrypted communication are distributed to each of a plurality of communication devices performing encrypted communication within a group, and in which traffic generated by distributing the encryption key and the like can be reduced. In the encrypted communication system according to the present invention, information including a key for use in the intra-group encrypted communication or a seed which generates the key is distributed to the communication devices belonging to the group that are participating (e.g., logged in) in the intra-group encrypted communication.

Abstract: In a data communication method and a data communication system, a session control message designating a destination server with identification information unique to application is transferred to the destination via a session management server. When an application program or encrypted communication software on a client issues a connection request designating a destination with identification information unique to application, the client or the session management server automatically converts the identification information into a desired resource identifier identifiable a domain to thereby determine a domain as the destination of the received connection request message.

Abstract: The present invention is to prevent user's attribute information from being distributed, in the case where it is to be determined whether or not the attribute information (for example, age, address, and the like) of the user satisfies a service providing condition, when a communication session is established across multiple session managing servers. According to the present invention, attribute information of a user who is using a client logging in a session managing server, and attribute information of a service operating on the client are managed, a condition (SEP) to establish a communication session among multiple session managing servers related to the session establishment is shared, and the session managing server which manages the attribute information compares the attribute information and the SEP to make an access judgment, in order to determine whether or not the communication session is to be established.

Abstract: When a registration station appends an anonymous ID (AID), a linking validity of the anonymous ID and actual user ID (UID) is assured for an application businessperson in the case of applying to use a biometric authentication. Specifically, a biometric authentication service system includes a biometric authentication server, an application server, a registration station server and a client server, for holding a hash value alone of personal information (P) in the registration station server, supplying again the personal information on applying to use a template (T) for the application server, collating the hash with the previously held hash, and verifying that the user applying to use the template is identical with the user registered the biologic information in the registration station server, in addition, secret information (S) different for every user is added to the personal information to generate unique data and identify the user correctly.

Abstract: When a cryptographic communicating part 208 of the communication support server 20 exchanges information with the information processing units 14, if the term of validity of a first key stored in a cryptographic key storing part 200 and corresponding to the identification information of the information processing unit 14 does not expire, the cryptographic communicating part 208 performs the cryptographic communication with the information processing unit 14 using the first key, without performing a process of authenticating the information processing units 14. When the term of validity of the first key expires or the first key corresponding to the identification information of the information processing units 14 is not stored, the key sharing part 202 shares the first key with the information processing units 14, and the cryptographic communicating part 208 performs the cryptographic communication with the information processing units 14 using a newly shared first key.

Abstract: A server device that represents a plurality of service provision servers implements authentication and a SIP message exchange with respect to a SIP server as a representative, and notifies a service provision server of client communication information that is acquired by the SIP message exchange. The service provision server communicates with a client on the basis of the client communication information that is notified from the representative server.

Abstract: To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

Abstract: A data communication method for forwarding a session control message designating a destination server with an IP address to the destination server via a session management server, wherein, when an application program or encrypted communication software on a client issues a connection request designating a destination server with an IP address, the client or the session management server automatically converts the IP address into a desired resource identifier identifiable a domain, thereby to determine the domain to which the received connection request message should be forwarded.

Abstract: In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.

Abstract: In additional enrollment of a template in a biometric authentication system, the template is automatically enrolled on the basis of a plurality of authentication results to assure a user's convenience and security. A post-migration authentication server receives a first template and a second template from a post-migration authentication terminal, performs authentication on the basis of the comparison result between the received first template and the user's preliminarily first enrolled template, and provisionally enrolls the first template and the second template. It repeats the reception, authentication, and provisional enrollment and calculates a match probability from a plurality of comparison results of the provisionally first enrolled templates, determines whether or not to store a second enrolled template on the basis of the match probability, and automatically enrolls the second template in the post-migration authentication server.

Abstract: A communication management apparatus for managing communication exchanged between communication apparatuses, including: a communication information management control portion for receiving, after communication under a communication session between first and second communication apparatuses, first information of quantity of the communication from the first communication apparatus and for receiving second information of quantity of the communication from the second communication apparatus; a communication information storage portion for storing both the first and second information received from the communication information management control portion; and a communication information verification portion for comparing the first and second information of quantity of the communication to verify any falsification thereof in a statistical process.

Abstract: It takes time for an encryption data communication system to transfer encrypted data, because negotiations of security parameters are necessary prior to communications in order to protect security and integrity of a SIP message or public key cryptography is required to be used for an encryption process, a decryption process., an digital signature process and an digital digital signature verification process each time a SIP message is transmitted/received. When a SIP message is transferred between two entities, the message is encrypted by shared information if the information is being shared between the entities, or the message is encrypted by the public key of the transmission destination entity if the shared information is not being shared. The encrypted message contains shared information to be used for the transmission destination entity of the encrypted data to encrypt or decrypt the message, during communications after the encrypted data is generated.

Abstract: Cryptographic communication between communication terminals can be realized even when a plurality of cryptographic algorithms are present, and secure cryptographic communication for a longer time is realized without increasing a processing overhead at each of the communication terminals. A key management server manages cryptographic algorithms that can be used by each of the communication terminal, and searches for a cryptographic algorithm common to the communication terminals, and notifies each of the communication terminals of the cryptographic algorithm found by the search together with plural key generation informations, each piece containing a key to be used in the cryptographic algorithm or a key type for generating the key.

Abstract: Each terminal registers the key generation information into each session management server, the information including a plurality of setting items necessary for determining set values to generated a key to be used by itself, and set value candidates which are stored in the setting items. When the encryption communications are established between the terminals, the individual session management servers and a key generation information management server are associated, so that the key generation information management server selects the algorithm suite based on the key generation information. The session management server generates the parameters based on the selected algorithm suite, acquires the information on the selected algorithm suite from the key generation information management server, generates the key for the encryption communications based on that information and distributes the key to the each terminal.