摘要:
A content distribution/browsing system is disclosed. First to (m−1)th encrypted content items E(K1, C1∥K2,1), . . . , E(Km−1, Cm−1∥Km,1) contain second to m-th (next in order) sharing keys K2,1, . . . , Km,1, respectively. When desirous of browsing an (i+1)th content item Ci+1, the (i+1)th sharing key Ki+1,1 is acquired by browsing an immediately preceding i-th content item Ci.
摘要:
A content distribution/browsing system is disclosed. First to (m−1)th encrypted content items E(K1, C1∥K2,1), . . . , E(Km−1, Cm−1∥Km,1) contain second to m-th (next in order) sharing keys K2,1, . . . , Km,1, respectively. When desirous of browsing an (i+1)th content item Ci+1, the (i+1)th sharing key Ki+1,1 is acquired by browsing an immediately preceding i-th content item Ci.
摘要:
A purchaser apparatus stores “anonymous order information including an order ID and purchaser identity verifying information” and “purchaser identity proving secret information”. A shop apparatus stores “anonymous order information including an order ID and purchaser identity verifying information”. If necessary, a purchaser sends a request including an order ID and zero knowledge proving information that a purchaser knows the purchaser identity proving secret information, from a purchaser apparatus to a shop apparatus. A shop apparatus verifies the zero knowledge proving information, based on purchaser identity verifying information retrieved from an order ID included in the request. Therefore, the unlinkability for past use is eliminated if necessary, and inconvenience caused by the unlinkability is eliminated.
摘要:
A purchaser apparatus stores “anonymous order information including an order ID and purchaser identity verifying information” and “purchaser identity proving secret information”. A shop apparatus stores “anonymous order information including an order ID and purchaser identity verifying information”. If necessary, a purchaser sends a request including an order ID and zero knowledge proving information that a purchaser knows the purchaser identity proving secret information, from a purchaser apparatus to a shop apparatus. A shop apparatus verifies the zero knowledge proving information, based on purchaser identity verifying information retrieved from an order ID included in the request. Therefore, the unlinkability for past use is eliminated if necessary, and inconvenience caused by the unlinkability is eliminated.
摘要:
A secret sharing apparatus according to the present invention is based on a (k,n)-threshold scheme with a threshold of at least 4 but is still operational with a threshold of at least 2. The secret sharing apparatus generates a generator matrix (G) of GF(2) in which any k of n column vectors are at a full rank, divides secret information into n−1 pieces to generate divided secret data (K(1), . . . , K(n−1)), generates random data (U(0,1), . . . , U(k−2,n−1)), calculates the product of matrixes of the divided secret data, the random data, and the generator matrix (G), assigns the j×(n−1)+ith column of the calculation result to sharing partial data (D(j,i)) to calculate sharing partial data (D(j,1)), generates header information (H(j)), and individually distributes n pieces of sharing information (D(0), . . . , D(n−1)) made up of the header information (H(j)) and sharing partial data (D(j,i)) to n storage apparatuses.
摘要:
A secret sharing device of (k, n) threshold scheme creates a generator matrix G, first divided secret data, and random number data, calculates shared partial data based on the product of matrices with the random number data, the divided secret data, and the generator matrix G, and delivers the shared information formed by the shared partial data and the header information individually to the storage units. The secret sharing device calculates a recovery matrix and multiplies the shared information by the recovery matrix, hence to recover the secret information.
摘要:
A secret sharing device of (k, n) threshold scheme creates a generator matrix G, first divided secret data, and random number data, calculates shared partial data based on the product of matrices with the random number data, the divided secret data, and the generator matrix G, and delivers the shared information formed by the shared partial data and the header information individually to the storage units. The secret sharing device calculates a recovery matrix and multiplies the shared information by the recovery matrix, hence to recover the secret information.
摘要:
According to one embodiment, an access control apparatus suspends the resource access event prior to access of the resource access device when the resource access event is started. The access control apparatus acquires attribute information from the attribute management device by using the deny-type policy in the access control policy and decides the permission or the denial of the access based on this attribute information and the deny-type policy. The access control apparatus releases the suspension when a result of decision in the supplied access decision result is indicative of the permission and no obligation-type policy is present in the access decision response.
摘要:
According to one embodiment, an access control apparatus suspends the resource access event prior to access of the resource access device when the resource access event is started. The access control apparatus acquires attribute information from the attribute management device by using the deny-type policy in the access control policy and decides the permission or the denial of the access based on this attribute information and the deny-type policy. The access control apparatus releases the suspension when a result of decision in the supplied access decision result is indicative of the permission and no obligation-type policy is present in the access decision response.
摘要:
According to one embodiment, the resource access unit accesses a first resource including a replication target object and policy data assigned to the object. The policy data includes base policy data including a first condition and assertion policy data including a second condition. The first retrieval unit obtains first attribute data for accessing the first resource. The first policy evaluation unit determines whether the first attribute satisfies the first condition. When the first condition is satisfied, the copy processing unit executes the copy processing for copying the object. The second retrieval unit obtains the second attribute data for accessing the second resource. The second policy evaluation unit determines whether the second attribute data satisfies the second condition. When the second condition is satisfied, the paste processing unit executes paste processing for pasting the object to the second resource.