摘要:
A privilege management system enabling effective privilege management, such as confirmation processing of service receiving privileges and so forth, is realized. A group attribute certificate which has, as stored information, group identification information corresponding to a group which is a set of certain devices or certain users, and also has affixed an electronic signature of an issuer, is issued to a service reception entity, and verification is performed by means of signature verification for of the group attribute certificate presented from the user device regarding whether or not there has been tampering, screening is performed regarding whether or not this is a service-permitted group based on group identification information stored in the group attribute certificate by using a group information database, and determination is made regarding whether or not service can be provided, based on the screening. Centralized privilege confirmation corresponding to various user sets or device sets can be made, so management of individual privilege information can be omitted, thereby enabling effective privilege management.
摘要:
A system in which content usage conditions can be upgraded without the need for a service provider to control content-usage rights of a user. In the system in which encrypted content is distributed and is allowed to be utilized only by authorized users, the service provider receives a content usage-right certificate from the user, and on the condition that it is determined that data is not tampered with by verifying a digital signature of an issuing entity of the content usage-right certificate, the service provider obtains user information and content purchase information of the user from the content usage-right certificate, and performs upgrade processing by, for example, changing the usage conditions. It is thus possible to change the content usage conditions without the need for the service provider to possess usage control data.
摘要:
In a content delivery system, delivery of content and charging the fee of the content are performed and managed in a highly secure and effective fashion. If a content-purchasing request is transmitted from a user device to a shop server, a charging process is performed. A user device authentication server, which manages content delivery, converts an encrypted content key KpDAS(Kc) encrypted using a public key of the user device authentication server (DAS) into an encrypted content key KpDEV(Kc) encrypted using a public key KpDEV of the user device. If the charging process is successfully completed, the shop server transmits, to the user device, the encrypted content key KpDEV(Kc).
摘要:
A public key certificate issuing system is disclosed which comprises a certificate authority for issuing a public key certificate used by an entity, and a registration authority which, on receiving a public key certificate issuance request from anyone of entities under jurisdiction thereof, transmits the received request to the certificate authority. The certificate authority, having a plurality of signature modules each executing a different signature algorithm, selects at least one of the plurality of signature modules in accordance with the public key certificate issuance request from the registration authority, and causes the selected signature module to attach a digital signature to message data constituting a public key certificate.
摘要:
A public key certificate issuing system is disclosed which comprises a certificate authority for issuing a public key certificate for an entity, the certificate authority including a plurality of signature modules each executing a different encryption algorithm and a registration authority that receives a public key certificate issuance request from the entity.
摘要:
The present invention provides a novel configuration which allows devices capable of processing different signature algorithms to mutually verify public key certificates. In this configuration, public key certificates storing plural signatures based on different signature algorithms such as RSA and ECC are issued and each device selects a signature which can be processed (namely, verified) by itself and verifies the selected signature. Consequently, the novel configuration allows the devices each being capable of verifying only a different signature algorithm to verify the public key certificates of the other devices, so that each device can perform public key certificate verification in the cross-certification and encrypted data communication not only with the other devices having public key certificates attached with signatures based on the same signature algorithm as that of each device, but also with the other devices or providers having public key certificates attached with signatures based on different signature algorithms from that of each device, thereby significantly enhancing the reliability in communication.
摘要:
A biometric identification system enabling biometric authentication without a user providing his or her biometric data to an authentication entity, including an interface for data input/output with an electronic device in a state attached to an attachment part provided at the electronic device or data input/output by proximity wireless communication with the electronic device, a biometric data detecting means for acquiring the biometric data from a living subject, a memory for storing identification use biometric data used for the biometric identification in a secure state, and a controlling means for performing processing for comparing the biometric data acquired by the biometric data detecting means with the identification use biometric data stored in the memory for identification and processing for outputting a predetermined request or predetermined data to the electronic device via the interface on the condition that the comparison processing has judged coincidence in the secure state.
摘要:
A 5-substituted-3-oxadiazolyl-1,6-naphthyridin-2(1H)-one derivative of the formula (I): wherein Het is oxadiazolyl, R1 is H, lower alkyl, cyclo-lower alkyl, trifluoromethyl, lower alkenyl, lower alkynyl, lower alkoxy, lower alkoxy-lower alkyl, hydroxy-lower alkyl, substituted or unsubstituted aryl, or substituted or unsubstituted heteroaromatic group, and R2 is H, lower alkyl, cyclo-lower alkyl, cyclo-lower alkylmethyl, lower alkenyl, cyclo-lower alkenyl, lower alkynyl, substituted or unsubstituted aryl, or substituted or unsubstituted heteroaromatic group, or a pharmaceutically acceptable acid addition salt thereof, which has high selective affinity to benzodiazepine receptor and is useful particularly as a benzodiazepine inverse agonist, for example, as psychoanaleptic drug or a drug for the treatment of dysmnesia in senile dementia or Alzheimer's disease.
摘要:
3-Oxadiazolyl-5,6,7,8-tetrahydro-1,6-naphthyridine derivative of the formula (I): ##STR1## wherein Het is an oxadiazole ring, R.sub.1 is hydrogen atom, an acyl group, a lower alkyl group or a group of the formula: --CH.sub.2 R.sub.1' (in which R.sub.1' is a cyclo-lower alkyl group, a lower alkenyl group, a lower alkynyl group, benzyl group, aryl group or a heteroaromatic group), R.sub.2 is a lower alkyl group, a cyclo-lower alkyl group, a lower alkenyl group, a lower alkynyl group, aryl group, a heteroaromatic group, a halogeno-lower alkyl group, a lower alkoxy-lower alkyl group, a lower alkoxy group, a lower alkenyloxy group, a phenoxy group or a lower alkylthio group, or a pharmaceutically acceptable acid addition salt thereof, which are useful as benzodiazepine receptor agonist.
摘要:
MTID of a terminal apparatus is preliminarily registered into a database of an ISP. In step S2, when a power source of the terminal apparatus is turned on first, (MTID=B) is transmitted from the terminal apparatus to a router. A transmission signal is received by the router and (HGWID=A, MTID=B) is transmitted from the router to the ISP. If (HGWID=A, MTID=B) has been registered in the database, the ISP transmits a permission message in step S5. In step S6, an IP address for a new terminal apparatus is allocated and the new terminal apparatus can participate in a homenetwork. If (HGWID=A, MTID=B) is not registered, a refusal message is sent to the router.