Abstract: A collation system includes a first node, a second node and a third node. The first node includes: an encryption unit; a distance calculation unit t; and a collation data generation unit. The second node includes: a key generation unit; and a collation unit. The third node includes: a storage unit; and a collation information generation unit.

Abstract: An encrypted text matching system includes: an auxiliary data generating unit configured to generate first auxiliary data and second auxiliary data, respectively, which are for verification of matching between a first encrypted text that is obtained by encrypting input data and is registered with a storage device and a second encrypted text that is obtained by encrypting input data to be matched, the verification being performed by using a Hamming distance between plaintexts; and matching determining unit configured to perform one-way conversion on at least part of the first auxiliary data, perform one-way conversion on intermediate data that is generated based on a difference between the first encrypted text and the second encrypted text and on the second auxiliary data, and determine, by using a result of the one-way conversion performed on the intermediate data as well as using the first auxiliary data that underwent the one-way conversion, whether a Hamming distance between plaintexts is equal to or less

Abstract: A system includes a first bit string position permutation unit to perform position permutation of an input first bit string; a template generation unit to perform an exclusive OR operation of a bit string resulting from the position permutation of the first bit string and a code word of a binary linear code and generate auxiliary data; a second bit string position permutation unit to perform same position permutation of an input second bit string; and a bit string collation unit to verify that a hamming distance between position permutation result of the second and second bit strings is not more than a predetermined value.

Abstract: The present invention makes it possible, in encrypted data verification, to avoid the leaking of information related to the original plaintext, thereby ensuring safety. The system of the present invention is provided with: means (103 in FIG. 1) for generating first and second auxiliary data for verifying whether or not the Hamming distance of a plaintext between a first encrypted data in which input data is encrypted and is recorded in a storage device, and a second encrypted data obtained by encrypting input data of a target to be checked is equal to or less than a predetermined value; and means (402 and 403 in FIG. 1) for taking the difference between the first encrypted data recorded in the storage device, and the second encrypted data, and determining, using the first and second auxiliary data, whether or not the Hamming distance of the plaintext corresponding to the difference between the first encrypted data and the second encrypted data is equal to or less than the predetermined value.

Abstract: A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configur

Abstract: A disclosed anonymous authentication system comprises a group management device, an authentication-subjected user device, a verification device and an authentication-subjected user identification device. A user previously registers a verification key in the group management device such that his signature can be verified. For authentication, the user generates his or her own signature using the authentication-subjected user device, and encrypts the signature using an encryption key of the group to generate authentication data. The verification device authenticates the signature in collaboration with a verification assistant who has a decryption key of the group. The authentication-subjected user identification device that has the decryption key of the group decrypts the authentication data as required to identify a user who is to be authenticated.

Abstract: A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configur

Abstract: A service provider device includes key generation means, which generates a service public key for encrypting data and a secret key, and proxy key generation means, which inputs the service public key and the secret key and generates a proxy key. A data registration device includes encrypted data generation means, which generates encrypted data upon input of the service public key and data, and stores the generated encrypted data in a database. Proxy devices each includes encrypted portion statistical data generation means, which generates encrypted portion statistical data upon input of the proxy key with respect to the encrypted data stored in the database. An integrated data generation device includes encrypted statistical data generation means, which inputs the encrypted portion statistical data from each of the proxy devices, generates encrypted statistical data, and stores the generated encrypted statistical data in an integrated data storage device.

Abstract: A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configur

Abstract: Means for confirming the validity of the contents of a change made to a disclosed content is provided for use in a content disclosure system in which a signed content may be modified and the validity of the modified signed content may be verified using a verification key corresponding to a signature on the content before the modification. When a signed changed-content is created based on a request to change a signed content, a signed content change device connected to the content disclosure system generates restoration validity proving data for restoring the signed changed-content to a state before the change and proving the validity of the restored Contents. A verification key of the signed content, the signed changed-content, and the restoration validity proving data are provided to allow a third party to confirm the validity of the content.

Abstract: A disclosed anonymous authentication system comprises a group management device, an authentication-subjected user device, a verification device and an authentication-subjected user identification device. A user previously registers a verification key in the group management device such that his signature can be verified. For authentication, the user generates his or her own signature using the authentication-subjected user device, and encrypts the signature using an encryption key of the group to generate authentication data. The verification device authenticates the signature in collaboration with a verification assistant who has a decryption key of the group. The authentication-subjected user identification device that has the decryption key of the group decrypts the authentication data as required to identify a user who is to be authenticated.

Abstract: In an electronic bidding system and method, it is unnecessary to disclose to bidders a list of public keys matched to bid prices, and in which price secrecy may be proved. In a function of encryption of a bidding device 300, a public key is generated using a bid price and an IBE public key, based on an ID-Based Encryption (IBE) system having a bid value as an ID. IBE public key is obtained on combining a plurality of partial public keys matched to partial secret keys generated by a plural number of partial bid opening devices based on a combination condition enabling group decryption. A preset message for bidding is then encrypted. In a function of decryption of a bid opening device 400, a number of partial bid opening devices, which is in keeping with a satisfying number of the group decryption, perform calculations for decryption for winning bid value candidates, beginning from such candidate, the allowable bid value closest to the bid closing condition.