In [1], Bellare, Boldyreva, and Micali addressed the security of public-key encryptions (PKEs) in a multi-user setting (called the BBM model in this paper). They showed that although the indistinguishability in the BBM model is induced from that in the conventional model, its reduction is far from tight in general, and this brings a serious key length problem. In this paper, we discuss PKE schemes in which the IND-CCA security in the BBM model can be obtained tightly from the IND-CCA security. We call such PKE schemes IND-CCA secure in the BBM model with invariant security reductions (briefly, SR-invariant IND-CCABBM secure). These schemes never suffer from the underlying key length problem in the BBM model. We present three instances of an SR-invariant IND-CCABBM secure PKE scheme: the first is based on the Fujisaki-Okamoto PKE scheme [7], the second is based on the Bellare-Rogaway PKE scheme [3], and the last is based on the Cramer-Shoup PKE scheme [5].

In this paper, the ATM Mini-Bar System (AMBS) which is a future information providing service infrastructure is proposed. The purpose of AMBS is to provide a multi-media environment in which a user can (1) select and get quickly any needed information, in low cost, at any time, among very large amount of different media information provided by a variety of providers, (2) be charged only for the information which is selected and used, (3) edit or process informations into users' individually requested style or format before using them. The basic concept and configurations of AMBS are also addressed. This system is basically a center-end oriented one-way information providing system. The information center broadcasts its contents to all user equipments based on a user request forecast, and every user equipment stores the delivered contents in its large storage. A user can select one's needed informations from the storage, and may edit or process them within the user equipment. The charge is only on the read informations from the storage, not on all contents in it. The key points of this system are the following three. (A) Introduction of a broadcast (or multicast) media for economical information delivery (exactly speaking, it is a predelivery which means a delivery before request) to user equipments. (B) Introduction of a 1 to 1 communication network for selective charging and control of each user equipments. (C) Introduction of the user equipment storage for Quick response to user information request in most cases with the broadcast (or multicast) information delivery media described above, Separation of information delivery speed and replay speed to increase system flexibility, Local user information processing or editing. As an example of technical solutions, a memory architecture, which is based on hierarchical architecture, is described. AMBS is expected to give some impacts to information industries because it can integrate many kinds of services into the same platform, but some standerdization items are needed to realize it.

This paper describes a biometric-based key generation method and its application to a secure communication system. In the proposed method, a personal key which is unique to each user is generated by extracting his/her biometric information. Using the generated personal key, a secure communication system which has the functions of confidentiality and user authentication is realized. As an example of the proposed method, we introduce a personal key generation method based on one's handwriting, and a secure telewriting system which enables the encryption of handwriting information as well as the authentication of a writer. Some simulation results indicate the possibility of realizing the above functions by using a writer's personal key.

A method is described that can allocate bandwidth to each user flow fairly in a scalable network architecture such as differentiated services architecture. As promising queueing techniques for providing differentiated services, class-based packet scheduling and selective packet discarding have been attracting attention. However, if we consider that bandwidth should be allocated to each flow in a weighted manner, the parameters used in these methods such as the weight assigned to each class queue should be pre-determined appropriately based on an assumption about the number of flows in each class. Thus, when the actual traffic pattern differs from the assumed one, they may not work well. Instead of assuming the traffic conditions, our method estimates the number of active flows in each class by simple traffic measurement and dynamically changes the weight assigned to each class queue based on the estimated number. Our method does not need to maintain the per-flow state, which gives it scalability. Simulation showed that this method is effective under various patterns of the number of active flows.

We propose an extraction method of personal features based on on-line handwriting information. Most recent research has been focused on signature verification, especially in the field of on-line writer verification. However, signature verification has a serious problem in that it will accept forged handwriting. To solve this problem, we have introduced an on-line writer verification method which uses ordinary characters. In this method, any handwritten characters (i.e., ordinary characters) are accepted as a text in the verification process, and the text used in the verification process can be different from that in the enrollment process. However, in the proposed method, personal features are extracted only from the shape of strokes, and it is still uncertain how efficient other on-line information, such as writing pressure or pen inclination, is for extracting personal features. Therefore, we propose an extraction method of personal features based on on-line handwriting information, including writing-pressure and pen-inclination information. In the proposed method, handwriting information is described by a set of three-dimensional curves, and personal features are described by a set of Fourier descriptors for the three-dimensional curves. We also discuss the reliability of the proposed method with some simulation results using handwritten data. From these simulation results, it is clear that the proposed method effectively extracts personal features from ordinary characters.

In this paper, we present a new methodology, called a random oracle (RO) transformation, for designing IND-CCA secure PKE schemes in the standard model from schemes in the RO model. Unlike the RO methodology [3], [19], the security of the original scheme in the RO model does not necessarily have to be identical with that of the scheme resulting from the RO transformation. We then introduce a new notion, IND-INS-CCA security, and show how to obtain IND-CCA secure PKE schemes by instantiating ROs in IND-INS-CCA secure PKE schemes. Furthermore, we introduce another new notion, a strong pseudorandom function (PRF) family associated with a trapdoor one-way permutation generator (briefly, -SPRF family), which can be regarded as an enhanced PRF family, so that the resulting PKE scheme becomes quite practical.

The processor-sharing (PS) rule arises as a natural paradigm in a variety of practical situations, including time-shared computer systems. Although there has been much work on Poisson-input queueing analysis for the PS rule, there have been few results for renewal-input GI/G/1 (PS) systems. We consider the GI/G/1 (PS) system to provide develop a two-moment approximation for the mean performance measures. We derive the relationship between the mean unfinished work and the conditional mean sojourn time for the GI/G/1 (PS) system. Using this relationship, we derive approximate formulas for the mean conditional sojourn time, mean sojourn time, and the mean number of customers in the GI/G/1 (PS) system. Numerical examples are presented to compare the approximation with exact and simulated results. We show that the proposed approximate formulas have good accuracy.

We propose an on-line writer verification method to improve the reliability of verifying a specific system user. Most of the recent research focus on signature verification especially in the field of on-line writer verification. However, signature verification has a serious problem in that it will accept forged handwriting. To overcome this problem, we have introduced a text-indicated writer verification method. In this method, a different text including ordinary characters is used on every occasion of verification. This text can be selected automatically by the verification system so as to reflect the specific writer's personal features. A specific writer is accepted only when the same text as indicated by the verification system is inputted, and the system can verify the writer's personal features from the inputted text. Moreover, the characters used in the verification process can be different from those in the enrolment process. This method makes it more difficult to get away with forged handwriting than the previous methods using only signatures. We also discuss the reliability of the proposed method with some simulation results using handwriting data. From these simulation results, it is clear that this method keeps high reliability without the use of signatures.

Canetti et al. [5] showed that there exist signature and encryption schemes that are secure in the random oracle (RO) model, but for which any implementation of the RO (by a single function or a function ensemble) results in insecure schemes. Their result greatly motivates the design of cryptographic schemes that are secure in the standard computational model. This paper gives some new results on the RO methodology. First, we give the necessary and sufficient condition for the existence of a signature scheme that is secure in the RO model but where, for any implementation of the RO, the resulting scheme is insecure. Next, we show that this condition induces a signature scheme that is insecure in the RO model, but that there is an implementation of the RO that makes the scheme secure.