Abstract: A model generation unit (112) generates a state model that indicates a measurement value in each state of a monitoring target, based on a plurality of measurement values obtained by measuring the monitoring target. An integration unit (114) generates a detection rule that indicates communication information in each state of the monitoring target, based on pieces of communication data communicated by the monitoring target in a time period during which the plurality of measurement values are obtained. An attack detection unit (115) determines whether new communication data is attack data, using the state model and the detection rule.

Abstract: A data storage system (1) uses an encryption scheme in which an encrypted file can be decrypted using a decryption key when a decryption condition set in the encrypted file is satisfied by a user attribute set in the decryption key. The data storage system (1) stores encrypted files encrypted by the encryption scheme in a file storage apparatus (20). When user attribute is specified from a user terminal (10), the data storage system (1) extracts the encrypted file of which the decryption condition is satisfied by the specified user attribute from among the encrypted files stored in the file storage apparatus (20), and displays the extracted encrypted files classified by decryption condition.

Abstract: A database (7) stores a first identifier and visiting destination authentication information in association with each other, the first identifier being generated from visitor authentication information which is one of an encrypted face photograph image and key data used for generating the encrypted face photograph image, the visiting destination authentication information being the other of the encrypted face photograph image and the key data. An authentication terminal apparatus (9) receives authentication data from a mobile terminal device (2) used by a visitor (1) who intends to enter a facility and generates a second identifier from the authentication data in the same generation procedure as that of the first identifier.

Abstract: An input unit inputs a predicate which describes a plurality of selected elements being elements selected by a user. A predicate generation unit extracts two or more than two selected elements that are dependent on the same element in a higher layer, from the plurality of selected elements described in the predicate. Furthermore, the predicate generation unit reduces the number of elements described in the predicate by replacing a description of the two or more than two selected elements extracted with a description of the element in the higher layer.

Abstract: A cryptographic system (10) uses a cryptographic scheme capable of decrypting ciphertext on which one of two pieces of information corresponding to each other is set, with a decryption key on which the other piece of information is set. A key generation apparatus (401) generates a user private key on which one of key information u and key information y corresponding to each other is set, and a re-encryption key to convert ciphertext which can be decrypted with an attribute private key on which one of user attribute information x and user attribute information v corresponding to each other is set, into a re-ciphertext on which the other of the key information u and the key information y is set. A ciphertext storage apparatus (201) stores ciphertext on which the other of the user attribute information x and the user attribute information v is set. A re-encryption apparatus (301) re-encrypts the ciphertext stored in the ciphertext storage apparatus with the re-encryption key to generate the re-ciphertext.

Abstract: An encrypted text transmitting apparatus 100 and a key generation apparatus 300 generate a first encryption key and a first decryption key for a first decryption algorithm, generate a second encryption key and a second decryption key for a second decryption algorithm, encrypt the first decryption key using the second encryption key according to an encryption algorithm associated with the second decryption algorithm to generate an encrypted first decryption key, and encrypt plaintext data using the first encryption key according to an encryption algorithm associated with the first decryption algorithm to generate encrypted text data. A key device 400 performs a decryption process of the encrypted first decryption key using the second decryption key according to the second decryption algorithm. An encrypted text receiving apparatus 200 performs a decryption process of the encrypted text data using the first decryption key decrypted by the key device 400, according to the first decryption algorithm.

Abstract: A data storage system (1) uses an encryption scheme in which an encrypted file can be decrypted using a decryption key when a decryption condition set in the encrypted file is satisfied by a user attribute set in the decryption key. The data storage system (1) stores encrypted files encrypted by the encryption scheme in a file storage apparatus (20). When user attribute is specified from a user terminal (10), the data storage system (1) extracts the encrypted file of which the decryption condition is satisfied by the specified user attribute from among the encrypted files stored in the file storage apparatus (20), and displays the extracted encrypted files classified by decryption condition.

Abstract: An invalidation scheme of a secret key is implemented, which is usable for a functional encryption scheme. In a cryptographic processing system 10 employing an encryption scheme with which if attribute information and key information set in encrypted data do not correspond to attribute information and key information set in a secret key, the encrypted data cannot be decrypted using the secret key, an encrypted data management device 200 is provided, which carries out a relay between a user terminal 100 carrying out encryption and decryption of data and an encrypted data storage device 300 storing encrypted data. The encrypted data management device 200 determines whether or not a user whose secret key is invalid is included in users having attribute information set in the encrypted data acquired from the encrypted data storage device 300, and sets a different value as key information in the encrypted data based on the determination result.

Abstract: A device and method enhancing security of encrypted data by dividing a decrypting process of an attribute-based encryption scheme into plural stages. A KEM key partly decrypting part generates an r-KEM key mask value including a random number element, by performing a decrypting process for an encrypted KEM key being a common key encrypted using an attribute conditional expression, using an r-user secret key obtained by including the random number element into a user secret key generated in accordance with the attribute-based encryption scheme. A random number element removal requesting part requests an IC card to remove the random number element from the r-KEM key mask value, and acquires a KEM key mask value from the IC card. A mask removing part generates a KEM key using the KEM key mask value. A data decrypting part decrypts an encrypted data main body into target data using the KEM key.

Abstract: An input unit inputs a predicate which describes a plurality of selected elements being elements selected by a user. A predicate generation unit extracts two or more than two selected elements that are dependent on the same element in a higher layer, from the plurality of selected elements described in the predicate. Furthermore, the predicate generation unit reduces the number of elements described in the predicate by replacing a description of the two or more than two selected elements extracted with a description of the element in the higher layer.

Abstract: An invalidation scheme of a secret key is implemented, which is usable for a functional encryption scheme. In a cryptographic processing system 10 employing an encryption scheme with which if attribute information and key information set in encrypted data do not correspond to attribute information and key information set in a secret key, the encrypted data cannot be decrypted using the secret key, an encrypted data management device 200 is provided, which carries out a relay between a user terminal 100 carrying out encryption and decryption of data and an encrypted data storage device 300 storing encrypted data. The encrypted data management device 200 determines whether or not a user whose secret key is invalid is included in users having attribute information set in the encrypted data acquired from the encrypted data storage device 300, and sets a different value as key information in the encrypted data based on the determination result.