Abstract: In response to a sign request including a digital document from a document-creating device 10, a digital-signed-document exchange supporting server 30 canonicalizes the digital document, calculates a digest value thereof and returns the digest value to the document creating device. When the document-creating device transmits a digital sign created by encrypting the digest value to the digital-signed-digital document exchange-supporting server 30, the digital-signed-digital document exchange-supporting server 30 creates a digital-signed document from the digital sign and the digital document and returns the document to the document-creating device.

Abstract: A data communication method for forwarding a session control message designating a destination server with an IP address to the destination server via a session management server, wherein, when an application program or encrypted communication software on a client issues a connection request designating a destination server with an IP address, the client or the session management server automatically converts the IP address into a desired resource identifier identifiable a domain, thereby to determine the domain to which the received connection request message should be forwarded.

Abstract: Both a management server and a validation server are installed. Both a terminal and a terminal register setting information which is usable in an encrypted communication in the management server. When carrying out the encrypted communication, the management server searches the registered setting information for coincident setting information. The management server generates keys for the encrypted communications which can be used by the terminals, and delivers these generated keys in combination with the coincident setting information. The management server authenticates both the terminals in conjunction with the validation server. Since the terminals trust such results that the management server has authenticated the terminals respectively, these terminals need not authenticate the respective communication counter terminals.

Abstract: A validation authority for certificates searches for and verifies paths and certificate revocation lists periodically, and classifies the paths into valid paths and invalid paths in accordance with the results of the validations, so as to register the paths in databases beforehand. Besides, in a case where a request for authenticating the validity of a certificate has been received from an end entity, the validation authority judges the validity of the public key certificate by checking in which of the valid-path database and the invalid-path database a path corresponding to the request is registered. On the other hand, in a case where the path corresponding to the validity authentication request is not registered in either of the databases, the validity of the public key certificate is authenticated by performing path search and validation anew.

Abstract: The present invention provides a technology for verifying the validity of an electronic document by using a signature affixed to the electronic document at the time of its creation even if the electronic document is partially rendered private at the time of its disclosure. An target electronic document is divided into two or more partial documents having an arbitrary or fixed length. This division is effected by using a tag of XML or other markup language so as to provide versatility or by adding a dedicated delimiter for division. The system has a signature function. The signature function uses a signature technique for generating the information for verifying the validity of each of the partial documents, and validating a signature affixed to the electronic document to confirm the validity of the whole electronic document by affixing a signature to the aggregate of the generated validity confirmation information.

Abstract: If a CRL is cached for an increased speed of a certificate validation process, when a certification authority issues a CRL in an urgent situation, the accuracy of the certificate validation result cannot be secured because the cached CRL is not the latest one. This problem is solved as follows. When it issues a CRL, the certification authority sends a CRL issuance notification to certificate validation servers. The certificate validation servers that received the CRL issuance notification cache the latest CRL. Thus, the accuracy of the certificate validation result can be secured.

Abstract: A system that can reduce possibility of outflow of private information in authentication of a user of an information terminal. A management apparatus has a user certificate DB in which a user certificate is registered in association with certificate identification information. Further, the management apparatus reads the user certificate associated with the certificate identification information sent from a service providing apparatus, from the user certificate DB, and judges whether the user certificate satisfies certain Web browsing conditions, to determine approval or denial of browsing the Web page concerned. Then, the management apparatus sends the service providing apparatus approval or denial information indicating the determination result.

Abstract: Subjects data indicating the names and positions of personnel and position hierarchy data indicating the hierarchical relations between positions are defined beforehand. When an activity status changes, activity status data is updated. When an activity is completed, history data is updated. Also, rules data is defined to indicate rules based on combinations of this data that specify personnel that cannot carry out activities (denied users), positions that cannot carry out activities (denied positions), personnel that must carry out activities (required users), and positions that must carry out activities (required positions). When a workflow server assigns personnel to activities, a security server is used to provide access control. The security server uses history data, activity status data, subjects data, position hierarchy data, and rules data to determine denied users, denied positions, required users, and required positions, and evaluates access permissions and determines assignment candidates.

Abstract: A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the c