Abstract: A common key block encryption apparatus for performing a nonlinear transformation with a multiplication executed in a binary field or a composite field includes a computing unit to execute a computation other than the nonlinear transformation with fixed value masked input data obtained by XORing input data with a fixed mask value, an XOR operation circuit to transform all input data into fixed value masked input data by XORing the input data with a fixed mask value and to transform the data into random value masked input data by XORing the input data with a random mask value in the multiplication, a multiplier to execute a multiplication based on the random value masked input data output from the XOR operation circuit, and a random value mask-to-fixed mask value transformation circuit to again transform the random value masked output data into fixed value masked output data and to output the data.

Abstract: The first route selection device re-arrays a plurality of extended key mask values at random according to the value of a random number generated by a random number generation device. An extended key operation device generates an exclusive logical OR of a plurality of the re-arrayed extended key mask values, a data string representing extended key and an input data string. The second route selection device re-arrays the data string of the exclusive logical OR by performing a re-array conversely with the first route selection device according to the value of the random number. A non-linear conversion device applies non-linear conversion to the re-arrayed data string and outputs a data string masked by a plurality of non-linear conversion mask values. The third route selection device re-arrays the masked data string by performing the same re-array as the first route selection device according to the value of the random number.

Abstract: A first access policy is stored to provide information on a first distributee to which an electronic document is distributed, to which the first distributee is permitted to distribute the electronic document, and use rights that permit the second distributees to use the electronic document. Also stored is a distribution target information indicating the second distributees. When the first distributee requests permission to grant use rights to a specific distributee, the distribution target is consulted to confirm whether or not the specific distributee is included in the second distributees. A second access policy associating the specific distributee with the information on the use rights is then registered. When the specific distributee requests permission to use the electronic document, the second access policy is consulted to permit the specific distributee to use the electronic document.

Abstract: An encrypting apparatus includes a digest part using a SHA-2 algorithm of which a basic unit of operation is 32*Y (Y=1 or 2) bits. The digest part includes a shift register including a series of registers, and a predetermined number of adders performing an addition operation based on data stored in the shift register. The shift register includes a (32*Y)/X-bit register, where X=2k (k is an integer such that 1?k?4 when Y=1 and 1?k?5 when Y=2). Each of the adders has a data width of (32*Y)/X bits and performs the addition operation in each cycle in which the data stored in the shift register is shifted between the registers with the data width of (32*Y)/X bits.

Abstract: A computer program, apparatus, and method for managing access to documents, capable of identifying the exact events of document access on the basis of given access logs even when access policies are modified in the middle of operations. Upon receipt of an access policy setup request from a first client, an access policy manager adds a new access policy to the access policy database or modifies an existing access policy in an access policy database according to the request. A policy log collector then stores the records of such a new access policy or modified existing access policy in a policy log database. Afterwards an access log collector receives an access log for the document 5 from the second client 3 and saves it in the access log database 1c. When a third client issues a log request with a specific search keyword, a log searcher retrieves relevant policy log records and access log records that match with the specified search keyword.

Abstract: A memory management unit manages a memory that stores a code, and sets that the memory that stores the code to be executed is valid to make a processor execute the code stores a verification key used to verify a validity of the code in a verification-key storing unit. When the code is stored in the memory and ready to be executed by the processor, the memory management unit verifies the validity of the code using the verification key stored in the verification-key storing unit and verification information assigned to the code. The memory management unit controls to set that the memory is valid when the validity is verified by the verifying unit, and not to set that the memory is valid when the validity is not verified by the verifying unit.

Abstract: A common key block encryption apparatus for performing a nonlinear transformation with a multiplication executed in a binary field or a composite field includes a computing unit to execute a computation other than the nonlinear transformation with fixed value masked input data obtained by XORing input data with a fixed mask value, an XOR operation circuit to transform all input data into fixed value masked input data by XORing the input data with a fixed mask value and to transform the data into random value masked input data by XORing the input data with a random mask value in the multiplication, a multiplier to execute a multiplication based on the random value masked input data output from the XOR operation circuit, and a random value mask-to-fixed mask value transformation circuit to again transform the random value masked output data into fixed value masked output data and to output the data.

Abstract: An encryption/decryption circuit includes a swap circuit for outputting each of text data and initialization vector data which are input from an input terminal to either a first or second output terminal in accordance with one of modes of operation, an encryption/decryption processing unit to which one of the text data and the initialization vector data are input from the first output terminal and which performs encryption processing and decryption processing on the data, and an exclusive OR processing unit to which another one of the initialization vector data and the text data are input from the second output terminal and which performs an exclusive OR operation on the data.

Abstract: The first route selection device re-arrays a plurality of extended key mask values at random according to the value of a random number generated by a random number generation device. An extended key operation device generates an exclusive logical OR of a plurality of the re-arrayed extended key mask values, a data string representing extended key and an input data string. The second route selection device re-arrays the data string of the exclusive logical OR by performing a re-array conversely with the first route selection device according to the value of the random number. A non-linear conversion device applies non-linear conversion to the re-arrayed data string and outputs a data string masked by a plurality of non-linear conversion mask values. The third route selection device re-arrays the masked data string by performing the same re-array as the first route selection device according to the value of the random number.

Abstract: In a cryptographic operation apparatus, the result of an encryption process, or decryption process, is obtained by disposing two operational circuits in parallel, each comprising four multiplying devices and an exclusive-OR device, and by processing an input data string in two cycles; or by processing an input data string by a single operational circuit in four cycles.

Abstract: A computer-readable recording medium storing an access rights management program which is capable of safely managing the use of an electronic document with ease and efficiency. An access policy-storing device stores a first access policy containing information on a first distributee to which the electronic document is distributed, and information on second distributees, which is indicative of a range within which the first distributes is permitted to distribute the electronic document, as well as information on use rights that permit the second distributees to use the electronic document with a defined scope of authority. A storage device stores a distribution target indicative of the second distributees. When a distributes specifying request for permission to grant the use rights to a specific distributes is received from the first distributee, an access policy-confirming device refers to the distribution target to confirm whether or not the specific distributes is included in the second distributees.

Abstract: A computer program, apparatus, and method for managing access to documents, capable of identifying the exact events of document access on the basis of given access logs even when access policies are modified in the middle of operations. Upon receipt of an access policy setup request from a first client, an access policy manager adds a new access policy to the access policy database or modifies an existing access policy in an access policy database according to the request. A policy log collector then stores the records of such a new access policy or modified existing access policy in a policy log database. Afterwards an access log collector receives an access log for the document 5 from the second client 3 and saves it in the access log database 1c. When a third client issues a log request with a specific search keyword, a log searcher retrieves relevant policy log records and access log records that match with the specified search keyword.

Abstract: An encryption circuit that reduces a scale of circuit and can achieve a certain level of high-speed processing in the implementation of the AES block cipher.

Abstract: A personal identification terminal includes a plurality of identification means or a plurality of identification levels that are selectable for use, and means for selecting one of the plural identification means or one of the identification levels in accordance with identification means/level setting information that is received from a server every time when receiving a request for identification from the server. The personal identification terminal sends used means/level information that indicates one of the identification means or one of the identification levels that was used for the real identification back to the server in a format that enables detection of an alteration thereof together with a result of the identification.

Abstract: A program execution control device adapted to authorize execution of a program specified in advance comprises an expected value table storage section that stores at least a set of an expected value obtained by applying a predetermined function to the program specified in advance and the identifier of the specified program, an input interface that allows at least a set of an input program and the identifier of the input program to be input externally, a function operating section that acquires a computed value by applying a predetermined function to the input program, a comparing section that compares the expected value corresponding to the identifier of the input program out of the expected values in the expected value table and the computed value and an output interface that externally outputs the input program in response to agreement of the compared two values.

Abstract: A memory management unit manages a memory that stores a code, and sets that the memory that stores the code to be executed is valid to make a processor execute the code stores a verification key used to verify a validity of the code in a verification-key storing unit. When the code is stored in the memory and ready to be executed by the processor, the memory management unit verifies the validity of the code using the verification key stored in the verification-key storing unit and verification information assigned to the code. The memory management unit controls to set that the memory is valid when the validity is verified by the verifying unit, and not to set that the memory is valid when the validity is not verified by the verifying unit.

Abstract: When a user works data required for allowance for the use thereof, the work processing is carried out by utilizing an exclusive work processing device. Thereafter, only the data of work information indicating what kind of working has been made to the original data (for example, differential static image data indicating a difference between the original static image required for allowance for the use and the static image after having been worked) is stored, whereby the use without permission of the data is prevented.

Abstract: An information fragments editing system for getting information fragments from a variety of application programs to treat the obtained information with a direct method, such as movement, relation making, combination and separation by a mouse. The system has a function for storing the contents and attribute information of an information object to be shown, a function for showing the information object on a window in accordance with the stored information, a function for transmitting a control message to an external application program, a function for analyzing an event and a function for performing at least one of processes including a process for controlling the stored information, a process for controlling transmission of the control message to an external application program and a process for controlling drawing in such a manner that the information object is shown, in accordance with a result of analysis.

Abstract: A personal identification terminal includes a plurality of identification means or a plurality of identification levels that are selectable for use, and means for selecting one of the plural identification means or one of the identification levels in accordance with identification means/level setting information that is received from a server every time when receiving a request for identification from the server. The personal identification terminal sends used means/level information that indicates one of the identification means or one of the identification levels that was used for the real identification back to the server in a format that enables detection of an alteration thereof together with a result of the identification.

Abstract: An encryption circuit that reduces a scale of circuit and can achieve a certain level of high-speed processing in the implementation of the AES block cipher.