Abstract: A certificate issuing support system includes: a certificate application device in a first organization making an application for issuing an EV certificate to a certificate authority; and an existence guarantee device included in a second organization that guarantees existence of the first organization. The existence guarantee device assigns a first electronic signature to first information guaranteeing existence of the first organization in response to a request from a terminal used by a member of the first organization, and verifies a second electronic signature assigned to second information that is generated by the certificate application device and guarantees affiliation of the member to the first organization in cooperation with the certificate authority.

Abstract: According to an embodiment, a key exchange system includes: a key generation device configured to generate a key based on quantum key exchange or post-quantum key exchange; a network device configured to perform encrypted communication with another network device by using the key; and an intermediate server deployed between the key generation device and the network device. The intermediate server includes: a state monitoring unit configured to transmit a state monitoring request to the key generation device at each predetermined time; a notification unit configured to give a push notification of key information included in a response to the state monitoring request, to the network device, when the response is received; and a key exchange unit configured to start key exchange between the network device and the key generation device in response to a request from the network device having received the push notification of the key information.

Abstract: A signature verification system includes a signature generation server, a signature verification server, and a verification key management server that are connected to one another via a communication network. The signature generation server includes: reporting means for, when a signing key and a verification key are generated by a publisher, reporting the verification key and publisher identification information that identifies the publisher to the verification key management server; and signature generation means for signing a bid request issued by the publisher with use of the signing key. The verification key management server includes: registration means for registering the publisher identification information and the verification key that were reported by the reporting means in a storage unit in association with information that enables specifying a version of the verification key.

Abstract: In an information processing system including: a resource management device that manages certain resources; an access device that accesses the resources; and an authorizing device that issues, to the access device, an access token corresponding to an access authority to the resources in a case where delegation of the access authority is permitted by an owner of the resources, the resource management device includes: an acquisition unit that acquires, in response to an access request to the resources accompanied by the access token from the access device, information in which a modifier is given to an access authority disclosed in advance by the authorizing device, which serves as information indicating a range of the access authority corresponding to the access token; and an execution unit that executes processing according to the access request within the range of the access authority limited by the modifier, thereby improving the flexibility of the range of an authority to be delegated to another person.

Abstract: A registration application support system includes: a registration application device that is included in a first organization and applies for pre-registration for delegation of a right regarding access to a resource to an authorization server; and an existence guarantee device that is included in a second organization and guarantees existence of the first organization, in which: the existence guarantee device includes a giving unit that gives an electronic signature to information that guarantees the existence of the first organization, in response to a request from a terminal used by a member of the first organization; the registration application device includes a transmission unit that transmits a display name of the first organization and the information to which the electronic signature has been given to the authorization server in order to apply for the pre-registration; and the authorization server includes a verification unit that causes the existence guarantee device to verify the electronic signatu

Abstract: A service providing system providing services to a plurality of users includes a transmitting unit configured to transmit, to a user terminal of each user, an authentication request requesting authentication for executing a predetermined process, a receiving unit configured to receive, from the user terminal of each user, an authentication response affixed with a user signature, and an executing unit configured to execute the predetermined process with respect to each user upon successful signature verification for all the plurality of users.

Abstract: A hey exchange system includes a plurality of terminals that perform key exchange; and a server that performs authentication of each of the terminals and mediation of the key exchange. The server is configured to generate a nonce used when the authentication is performed between the server and the terminal by federation using OpenID Connect; generate a public key and a secret key of token control encryption; transmit the nonce and the public key to the terminal; and decrypt a ciphertext received from the terminal by using the secret key and a token received from the terminal. The terminal is configured to generate a ciphertext obtained b encrypting predetermined data by using the public key and a token generated from the nonce; and transmit the ciphertext to the server.

Abstract: A key exchange system according to an embodiment includes: a plurality of terminals that perform key exchange; and a server that performs authentication of each of the terminals and mediation of the key exchange, in which the server includes a nonce generation unit that generates a nonce used when the authentication is performed between the server and the terminal by federation using OpenID Connect, a key generation unit that generates a public key and a secret key of token control encryption, a first transmission unit that transmits the nonce and the public key to the terminal, and a decryption unit that decrypts a ciphertext received from the terminal by using the secret key and a token received from the terminal, and the terminal includes an encryption unit that generates a ciphertext obtained by encrypting predetermined data by using the public key and a token generated from the nonce, a second transmission unit that transmits the ciphertext to the server, and a long-term secret string generation unit tha

Abstract: An information processing apparatus includes a secure area configured to execute a program in secret, and a security chip. The secure area conceals information related to the program, and requests the security chip to provide a blind signature with respect to the concealed information obtained by the concealing. The security chip calculates the blind signature and returns the blind signature to the secure area. The secure area acquires a signature with respect to the information related to the program from the blind signature.

Abstract: In a remote authorization control system including a resource access device, a resource management device, and an authentication device, the resource access device downloads an access control list from the authentication device onto a secure region in the resource access device. The resource access device downloads resources from the resource management device onto the secure region. The resource access device determines whether a user is allowed to use the resources based on the access control list when a resource use request is received from the user, and the resources access device allows the user to use the resources when the resources are usable.

Abstract: In a voting system including a vote broadcasting server and a plurality of client terminals, the vote broadcasting server generates a plurality of pieces of vote information that is data in which secret information is shared and transmits the vote information to each client terminal, each client terminal generates voting information by encrypting vote information such that the vote information can be decrypted when predetermined conditions are satisfied and transmits the voting information to the vote broadcasting server, the vote broadcasting server transmits a voting information group composed of voting information received from respective client terminals to the respective client terminals, and each client terminal ascertains a vote result according to the number of pieces of vote information decrypted from the voting information group and executes processing based on the vote result.

Abstract: A certificate issuance support system includes a certificate application device in a first organization for applying to an authentication station for issuance of an OV certificate; and an existence assurance device in a second organization for guaranteeing the existence of the first organization. The existence assurance device imparts a first signature to first information for guaranteeing the existence of the first organization in response to a request from a terminal used by a member of the first organization, transmits the first information imparted with the first signature is to the certificate application device, and verifies a second signature generated by the certificate application device and imparted to second information for guaranteeing affiliation of the member with the authentication station. The certificate application device transmits the first information with the first signature and the second information with the second signature to the authentication station to receive the OV certificate.

Abstract: A program execution system includes a data holding apparatus, a program providing apparatus, and a data processing apparatus that performs computing in a secure region. The data holding apparatus transmits encrypted data, encrypted with a first common key, to the data processing apparatus, and the program providing apparatus transmits an encrypted program, encrypted with a second common key, to the data processing apparatus. In the secure region, the data processing apparatus acquires data by decrypting the encrypted data with the first common key, acquires a program by decrypting the encrypted program with the second common key, executes the program for the data, and encrypts a result of the execution with a public key of the data holding apparatus or the first common key. The data holding apparatus acquires the result of the execution by decrypting the encrypted result of the execution with a secret key or the first common key.

Abstract: An authentication-control system including one or more computers, the authentication-control system includes: a registration unit that, in response to a notification of registration of a software resource after a change, registers in a storage unit a person who has made the change as a right holder of the software resource after the change, together with a right holder of the software resource before the change; an inquiry control unit that, in response to a permission request for use or editing of the software resource, controls an inquiry as to permission or rejection to right holders registered in the storage unit regarding the software resource; and a response unit that makes a response indicating permission for the permission request when permission is obtained from all the right holders. As result, it is possible to appropriately control authorization for access to a software resource changed in a distribution process.

Abstract: A communication system includes a transmitting device configured to transmit information, and a receiving device configured to receive the information, the receiving device includes a determination unit configured to determine whether or not an electronic certificate of the transmitting device used for a communication with the transmitting device is an EV certificate, and a process that is performed is varied according to a determination result of the determination unit.

Abstract: An information processing system includes a certification authority server, a web server, and a terminal. The certification authority server includes a processor, and a memory storing program instructions that cause the processor to receive an issuance request for a certificate transmitted from the web server, verify whether an operator of the web server has a right to use a trademark identified on the basis of information included in the issuance request, and transmit a certificate including the trademark to the web server when the operator has the right. The web server includes a processor, and a memory storing program instructions that cause the processor to transmit the certificate to the terminal in response to access from the terminal. The terminal includes a processor, and a memory storing program instructions that cause the processor to display the trademark included in the certificate. This improves reliability of the certificate including the trademark.

Abstract: A printer includes: a platen configured to allow a rolled first recording medium and a sheet-like second recording medium to be placed thereon; and a guide table detachably provided on a base member and configured to guide movement of the second recording medium. The platen includes a first platen on which the first recording medium and the second recording medium are placed, and a second platen disposed ahead of the first platen, including an upper surface tilted obliquely downward from the rear toward the front, and configured to guide movement of the first recording medium. The guide table includes a placement portion including a flat upper surface which is located below the first platen and above a portion of the second platen and on which the second recording medium is placed.

Abstract: A signature verification system includes a signature generation server, a signature verification server, and a verification key management server that are connected to one another via a communication network. The signature generation server includes: reporting means for, when a signing key and a verification key are generated by a publisher, reporting the verification key and publisher identification information that identifies the publisher to the verification key management server; and signature generation means for signing a bid request issued by the publisher with use of the signing key.