Abstract: An analysis apparatus analyzes access logs including authentication results and authentication information of users, and includes: a calculation unit that calculates a similarity between pieces of authentication information in two consecutive access logs when access logs of the same access source, from the access logs, are chronologically arranged, and presumes that a piece of authentication information of the access logs of the user has been input by a human if the calculated similarity is equal to or greater than a predetermined value; and a risk determination unit that determines that there is a possibility that the access source in the access logs is being an attack source if an authentication result of any of the two access logs is authentication failure and the calculation unit presumes that any piece of authentication information of the two access logs has not been input by a human.

Abstract: An information analysis system includes a remark analysis unit, a thread analysis unit, and a storing unit. The remark analysis unit analyzes importance of a remark included in a thread serving as a group of remarks posted on a network, based on remark data serving as data relating to the remark, for each of the remarks. The thread analysis unit analyzes which of a plurality of preset categories the thread belongs to, based on thread data serving as data relating to the thread. The storing unit stores the remark, the importance of the remark, and a category of the thread including the remark in association with each other for each of the remarks, in a predetermined storage unit.

Abstract: A device including: a parameter extracting unit that extracts each parameter from an access request, a character-string class converting unit that, with regard to each parameter, compares each part of a parameter value with a previously defined character string class, replaces the part with a longest matching character string class, and conducting conversion for a class sequence that is sequentially arranged in order of replacement, a profile storing unit that stores, as a profile in a storage unit, a class sequence with the appearance frequency of equal to or more than a predetermined value in the above-described group of class sequences with regard to the access request of the normal data as learning data, and a failure detecting unit that determines the presence or absence of an attack in accordance with the degree of similarity between the above-described class sequence and the profile with regard to the access request.

Abstract: A malware determination device, in which, upon input of an attribute name and an attribute value of an attribute of an executable file, a feature-selection setting unit registers the attribute with the attribute name in an attribute table as an attribute to be extracted, and registers the attribute value as an attribute value to be deleted in an attribute value table. Upon input of an executable file to be learned or to be determined, a feature extraction unit extracts an attribute value of an attribute registered as an attribute to be extracted in the attribute table from the executable file, to generate a feature vector including the extracted attribute value as a feature. A feature selection unit performs deletion of an attribute value registered as an attribute value to be deleted in the attribute value table from the feature vector.

Abstract: In an information management device, plural sets of document data on a network are collected. Subsequently, in the information management device, by use of words included in the respective sets of document data collected, the respective sets of document data are classified into predetermined fields, and tag information corresponding to the fields are respectively added to the sets of document data. In the information management device, a specification of a field of document data to be searched is then received. Subsequently, in the information management device, document data added with tag information corresponding to the received field are searched.

Abstract: In a security information management device, security information, which is information related to security, is collected. The security information management device extracts, by referring to a security dictionary storing therein a keyword related to security for each attribute, a keyword from referer security information that becomes a source to be compared with security information for relevance thereto, and calculates, by comparing the extracted keyword with a keyword included in the collected security information, relevance between the referer security information and the security information. The security information management device then output security information having higher calculated relevance more preferentially.

Abstract: A terminal device 4 transmits a certificate issue request including a communication ID thereof and a sub ID to a certificate issuing device 7 via a NW1 (a first network). The certificate issuing device 7 inquires of a communication ID (identifier) checking device 5 whether or not the communication ID included in the certificate issue request is in use or not and inquires of a communication ID/sub ID checking device 6 whether or not the communication ID and the sub ID are associated with each other. If both the check results are OK, the certificate issuing device 7 generates a certificate including the ID of the certificate issuing device 7, the communication ID, the sub ID and a validity period and transmits the certificate to the terminal device 4. In this way, a certificate with a short validity period can be issued only based on the access to the NW1 using the communication ID and the sub ID.

Abstract: At the user authentication apparatus 30, an identifier of a certification authority (CA) certificate that a CA information disclosure server 20 discloses in advance is registered in an identifier list of the CA. At the user terminal 10, a key pair consisting of a terminal public key and a terminal secret key is generated, the terminal signature is generated for information containing the terminal public key using the CA secret key acquired in advance, and a self-signed certificate of the same form as the certificate issued from CA, that is, a terminal certificate containing at least a terminal public key, a terminal signature, and a CA identifier, is created and stored, and registered in the user authentication apparatus 30.

Abstract: At user registration, a client device obtains a signature for a user ID, a password, and a public key by using a private key, and sends user information that includes the signature and the above-described information items to a service providing apparatus. The service providing apparatus verifies the signature by using the public key and stores the user information by which the password and the public key are associated with each other. When a request for a service is made, the client device allows authentication processing by sending to the service providing apparatus an authentication response that includes the user ID together with password authentication information, a signature for a challenge sent from the service providing apparatus, or a signature for the password and the challenge, irrespective of whether the authentication method for the service is password authentication, public key authentication, or public-key-and-password combination authentication.

Abstract: A secret key of a second apparatus is stored in a relay apparatus. A first apparatus specifies secret information used to identify a common key, generates encrypted secret information by encrypting the secret information by using a public key of the second apparatus, and transmits the encrypted secret information to the relay apparatus. Then, the relay apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. The relay apparatus transmits the encrypted secret information to the second apparatus. The second apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. Finished messages corresponding to communication log information and the secret information are exchanged between the first apparatus and the relay apparatus and between the second apparatus and the relay apparatus.

Abstract: A terminal device 4 transmits a certificate issue request including a communication ID thereof and a sub ID to a certificate issuing device 7 via a NW1. The certificate issuing device 7 inquires of a communication ID checking device 5 whether or not the communication ID included in the certificate issue request is in use or not and inquires of a communication ID/sub ID checking device 6 whether or not the communication ID and the sub ID are associated with each other. If both the check results are OK, the certificate issuing device 7 generates a certificate including the ID of the certificate issuing device 7, the communication ID, the sub ID and a validity period and transmits the certificate to the terminal device 4. In this way, a certificate with a short validity period can be issued only based on the access to the NW1 using the communication ID and the sub ID.

Abstract: At the user authentication apparatus 30, an identifier of a certification authority (CA) certificate that a CA information disclosure server 20 discloses in advance is registered in an identifier list of the CA. At the user terminal 10, a key pair consisting of a terminal public key and a terminal secret key is generated, the terminal signature is generated for information containing the terminal public key using the CA secret key acquired in advance, and a self-signed certificate of the same form as the certificate issued from CA, that is, a terminal certificate containing at least a terminal public key, a terminal signature, and a CA identifier, is created and stored, and registered in the user authentication apparatus 30.

Abstract: A secret key of a second apparatus is stored in a relay apparatus. A first apparatus specifies secret information used to identify a common key, generates encrypted secret information by encrypting the secret information by using a public key of the second apparatus, and transmits the encrypted secret information to the relay apparatus. Then, the relay apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. The relay apparatus transmits the encrypted secret information to the second apparatus. The second apparatus decrypts the encrypted secret information by using the secret key of the second apparatus to extract the secret information. Finished messages corresponding to communication log information and the secret information are exchanged between the first apparatus and the relay apparatus and between the second apparatus and the relay apparatus.

Abstract: In a user authentication system according to the present invention, at user registration, a client device obtains a signature for a user ID, a password, and a public key by using a private key corresponding to the public key, and sends user information that includes the signature and the above-described information items to a service providing apparatus. The service providing apparatus verifies the signature by using the public key and stores the user information by which the password and the public key are associated with each other.