Abstract: A computing apparatus outputs ?1 and ?2 corresponding to a ciphertext x, a capability providing apparatus uses ?1 to correctly compute f(?1) with a probability greater than a certain probability and sets the result of the computation as z1, uses ?2 to correctly compute f(?2) with a probability greater than a certain probability and sets the result of the computation as z2, the computing apparatus generates a computation result u=f(x)bx1 from z1, generates a computation result v=f(x)ax2 from z2, and outputs ub?va? if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for x?H, X1 and X2 are random variables having values in the group G, x1 is a realization of the random variable X1, and x2 is a realization of the random variable X2.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit computes Ri and ci based on a twisted pseudo-random function. A session ID generation unit generates sid based on a target-collision resistant hash function and transmits (sid, R?, R?) to communication devices Ui. A second key generation unit of a representative communication device U1 computes T1 based on a pseudo-random function. A second key generation unit of general communication devices Uj computes Tj based on the pseudo-random function. A third key generation unit computes k? based on the twisted pseudo-random function and computes T?j with respect to each j. A session key generation unit of the general communication devices Uj computes Kjl and k1. The session key generation unit generates a common key K2 based on the pseudo-random function.

Abstract: There is provided an encrypted message search technique making it difficult to, at the time of searching for a message in a state of being encrypted, guess content of the search and a result of the search.

Abstract: A computing apparatus outputs ?1 and ?2 corresponding to a ciphertext x, a capability providing apparatus uses ?1 to correctly compute f(?1) with a probability greater than a certain probability and sets the result of the computation as z1, uses ?2 to correctly compute f(?2) with a probability greater than a certain probability and sets the result of the computation as z2, the computing apparatus generates a computation result u=f(x)bx1 from z1, generates a computation result v=f(x)ax2 from z2, and outputs ub?va? if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for x?H, X1 and X2 are random variables having values in the group G, x1 is a realization of the random variable X1, and x2 is a realization of the random variable X2.

Abstract: At the time of setting authority, a management apparatus stores a database in which authority information corresponding to authority to physically drive a drive apparatus, which is a tangible object, using a terminal apparatus, and registration identification information corresponding to a subject that is given the authority are associated, and outputs information representing any of the registration identification information; and a permission apparatus receives and stores the information. At the time of exercising the authority, the terminal apparatus outputs information representing identification information, and the permission apparatus receives the information and, when the identification information corresponds to registration identification information comprised in setting information, outputs information representing authority exercise information required to exercise the authority.

Abstract: To provide a terminal device that can share a session key for use in encryption communication with multiple terminal devices at a certain timing without relying on an existing server device.

Abstract: A decoding apparatus performs self-correcting processing with a decoding capability providing apparatus holding a decoding key for decoding first ciphertext which can be decoded by homomorphic operation to obtain a decoding value of the first ciphertext, and performs non-homomorphic operation using a value corresponding to or deriving from the decoding value of the first ciphertext and an addition value to output plaintext.

Abstract: A client apparatus converts second input authentication information having a data content compliant with a second authentication method different from a first authentication method into authentication target information in a data format compliant with the first authentication method and transmits information corresponding to the authentication target information to a communication server apparatus. A server apparatus is capable of carrying out both a first process of providing a first authentication server apparatus that carries out an authentication process compliant with the first authentication method with first information corresponding to the authentication target information and a second process of providing a second authentication server apparatus that carries out an authentication process compliant with the second authentication method with second information corresponding to the authentication target information.

Abstract: Name information which is generated by using a value corresponding to a decryption key and address information of a key cloud device which provides a cloud-key management type decryption service in which the decryption key is used are stored in a storage of a directory service device in a manner to associate the name information with the address information, and a searching unit of the directory service device searches the storage by using the inputted name information to obtain address information corresponding to the inputted name information.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit computes Ri and ci based on a twisted pseudo-random function. A session ID generation unit generates sid based on a target-collision resistant hash function and transmits (sid, R?, R?) to communication devices Ui. A second key generation unit of a representative communication device U1 computes T1 based on a pseudo-random function. A second key generation unit of general communication devices Uj computes Tj based on the pseudo-random function. A third key generation unit computes k? based on the twisted pseudo-random function and computes T?j with respect to each j. A session key generation unit of the general communication devices Uj computes Kjl and k1. The session key generation unit generates a common key K2 based on the pseudo-random function.

Abstract: A computing apparatus outputs ?1 and ?2 corresponding to a ciphertext x, a capability providing apparatus uses ?1 to correctly compute f(?1) with a probability greater than a certain probability and sets the result of the computation as z1, uses ?2 to correctly compute f(?2) with a probability greater than a certain probability and sets the result of the computation as z2, the computing apparatus generates a computation result u=f(x)bx1 from z1, generates a computation result v=f(x)ax2 from z2, and outputs ub?va? if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for x?H, X1 and X2 are random variables having values in the group G, x1 is a realization of the random variable X1, and x2 is a realization of the random variable X2.

Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.

Abstract: The risk of leakage of secret information caused by leakage of a secret key is reduced. A segmented secret-key storage system segments a secret key SK into segments that can be combined at the time of decryption or at the time of generation of a signature and records the secret-key segments sk1, . . . , skN in segment storage apparatuses. The secret-key segments are changed, periodically or under a predetermined condition, to another set of secret-key segments that satisfies a condition for combination. In the segmented secret-key storage system, the secret key SK is not revealed unless the secret-key segments are stolen from all the segment storage apparatuses in an interval between changes made to the secret-key segments. Accordingly, the risk of leakage can be greatly reduced in comparison with the risk of leakage of the secret key from a single apparatus.

Abstract: A random number generating unit generates random numbers s1, s2, s?1, and s?2. A public keys randomizing unit generates first randomized public keys information obtained by randomizing public keys using the random number s1 and second randomized public keys information obtained by randomizing the public keys using the random number s2. A proxy calculation unit calculates a first commission result by using a secret key and calculates a second commission result by using the secret key. A verification unit calculates a first verification value by using the random number s2, calculates a second verification value by using the random number s1, and verifies whether or not the first verification value and the second verification value coincide with each other. A common key calculation unit calculates a common key by using the random numbers s?1 and s?2 if the first verification value and the second verification value coincide with each other.

Abstract: An assumed use permission range storage stores a predetermined assumed use permission range. An unavailable state storage stores an information asset in an unavailable state by encryption. An available state storage stores an information asset in an available state by decryption. A leakage-concerned state storage stores an information asset in a leakage-concerned state. When use of an information asset in the unavailable state is requested by an application corresponding to the assumed use permission range, a state changing part decrypts the information asset into the available state. When use of the information asset in the available state by the application ends, the state changing part encrypts the information asset into the unavailable state. When use of an information asset in the unavailable state is requested by an application not corresponding to the assumed use permission range, a state monitoring part puts the information asset in the leakage-concerned state.

Abstract: A first calculation unit is capable of calculating f(x)bx1 and sets a calculation result of f(x)bx1 to u, and a second calculation unit is capable of calculating f(x)ax2, and sets a calculation result of f(x)ax2 to v. A final calculation unit outputs (ub?va?)1/d for d=a?a+b?b when the calculation result u and the calculation result v satisfy ua=vb. Here, G and H are groups, f is a function for mapping an element x of the group H to the group G, X1 and X2 are random variables values of which are in the group G, a realization of the random variable X1 is x1, a realization of the random variable X2 is x2, and a, b, a?, and b? are integers.

Abstract: A computing apparatus outputs ?1 and ?2 corresponding to a ciphertext x, a capability providing apparatus uses ?1 to correctly compute f(?1) with a probability greater than a certain probability and sets the result of the computation as z1, uses ?2 to correctly compute f(?2) with a probability greater than a certain probability and sets the result of the computation as z2, the computing apparatus generates a computation result u=f(x)bx1 from z1, generates a computation result v=f(x)ax2 from z2, and outputs ub?va? if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for x?H, X1 and X2 are random variables having values in the group G, x1 is a realization of the random variable X1, and x2 is a realization of the random variable X2.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit 212 of the communication devices Ui computes Ri and ci, or ci based on a twisted pseudo-random function. A session ID generation unit 113 of a key distribution device S generates sid based on a target-collision resistant hash function and transmits sid to the communication devices Ui. A second key generation unit 214 of the communication devices Ui computes Ti based on a pseudo-random function. A third key generation unit 115 of the key distribution device S computes k? and T?i based on the twisted pseudo-random function. A session key generation unit 217 of the communication devices Ui generates the common key K2 based on a pseudo-random function.

Abstract: A computing apparatus outputs ?1 and ?2 corresponding to a ciphertext x, a capability providing apparatus uses ?1 to correctly compute f(?1) with a probability greater than a certain probability and sets the result of the computation as z1, uses ?2 to correctly compute f(?2) with a probability greater than a certain probability and sets the result of the computation as z2, the computing apparatus generates a computation result u=f(x)bx1 from z1, generates a computation result v=f(x)ax2 from z2, and outputs ub?va? if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for x?H, X1 and X2 are random variables having values in the group G, x1 is a realization of the random variable X1, and x2 is a realization of the random variable X2.

Abstract: A private key is held which conforms to an ElGamal encryption system on a semigroup, calculation of an order of an element of the semigroup being computationally difficult, information corresponding to ciphertext conforming to the ElGamal encryption system is input, a private key s is used to decrypt the information corresponding to the ciphertext in conformance to the ElGamal encryption system, and information corresponding to a result of decrypting the ciphertext is obtained and output. Alternatively, whether it is computationally difficult or easy to calculate the order of the element of the semigroup is determined, and the safety of a decryption service providing device is evaluated based on the determination result.