DATA PROCESSING APPARATUS AND DATA STORAGE APPARATUS
First Claim
1. A data processing apparatus connected to a data storage apparatus that stores a plurality of encrypted data and tag data being related to each of the plurality of encrypted data and being collated when the plurality of encrypted data are searched, the data processing apparatus comprising:
- a keyword specification unit that specifies a keyword of storage target data being a target to be stored in the data storage apparatus, as a storage keyword;
an allowed bit position specification unit that specifies a bit position where disclosure of a bit value to the data storage apparatus is allowed, as an allowed bit position;
an index derive bit sequence generation unit that generates a bit sequence from the storage keyword by performing a generation procedure, as a storage index derive bit sequence; and
a concealing processing unit that performs concealing processing to disclose the bit value at the allowed bit position in the storage index derive bit sequence to the data storage apparatus, and to conceal bit values at other than the allowed bit position in the storage index derive bit sequence from the data storage apparatus, and that causes the data storage apparatus to derive a storage index value, which is to be attached to the tag data by the data storage apparatus when the tag data to be related to encrypted data of the storage target data is stored, from the bit value disclosed at the allowed bit position in the storage index derive bit sequence,wherein the concealing processing unit generates, for the respective allowed bit positions, a decryption key used for decrypting an encrypted bit at the allowed bit position, as an allowed bit decryption key,the data processing apparatus further comprising;
an allowed bit decryption key transmission unit that transmits the allowed bit decryption key to the data storage apparatus,wherein the concealing processing unit encrypts the storage index derive bit sequence by an encryption scheme in which the encrypted bit at the allowed bit position is decrypted with the allowed bit decryption key and encrypted bits at other than the allowed bit position are not decrypted with the allowed bit decryption key,the data processing apparatus further comprising;
a storage request transmission unit that transmits a storage request including the encrypted data of the storage target data, the tag data to be related to the encrypted data of the storage target data, and an encrypted storage index derive bit sequence to the data storage apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
An access terminal apparatus provides a group determination key being a decryption key to a data center apparatus previously, and then transmits grouping information generated from a keyword of storage target data and having been encrypted to the data center apparatus, with encrypted data of the storage target data and tag data of the encrypted data of the storage target data. The data center apparatus stores the encrypted data relating it to the tag data, decrypts a part of the grouping information with the group determination key, derives an index value from a bit value obtained by the decryption, and stores the derived index value and the tag data relating them with each other.
70 Citations
15 Claims
-
1. A data processing apparatus connected to a data storage apparatus that stores a plurality of encrypted data and tag data being related to each of the plurality of encrypted data and being collated when the plurality of encrypted data are searched, the data processing apparatus comprising:
-
a keyword specification unit that specifies a keyword of storage target data being a target to be stored in the data storage apparatus, as a storage keyword; an allowed bit position specification unit that specifies a bit position where disclosure of a bit value to the data storage apparatus is allowed, as an allowed bit position; an index derive bit sequence generation unit that generates a bit sequence from the storage keyword by performing a generation procedure, as a storage index derive bit sequence; and a concealing processing unit that performs concealing processing to disclose the bit value at the allowed bit position in the storage index derive bit sequence to the data storage apparatus, and to conceal bit values at other than the allowed bit position in the storage index derive bit sequence from the data storage apparatus, and that causes the data storage apparatus to derive a storage index value, which is to be attached to the tag data by the data storage apparatus when the tag data to be related to encrypted data of the storage target data is stored, from the bit value disclosed at the allowed bit position in the storage index derive bit sequence, wherein the concealing processing unit generates, for the respective allowed bit positions, a decryption key used for decrypting an encrypted bit at the allowed bit position, as an allowed bit decryption key, the data processing apparatus further comprising; an allowed bit decryption key transmission unit that transmits the allowed bit decryption key to the data storage apparatus, wherein the concealing processing unit encrypts the storage index derive bit sequence by an encryption scheme in which the encrypted bit at the allowed bit position is decrypted with the allowed bit decryption key and encrypted bits at other than the allowed bit position are not decrypted with the allowed bit decryption key, the data processing apparatus further comprising; a storage request transmission unit that transmits a storage request including the encrypted data of the storage target data, the tag data to be related to the encrypted data of the storage target data, and an encrypted storage index derive bit sequence to the data storage apparatus. - View Dependent Claims (2, 3, 5, 6, 7, 8)
-
-
4. (canceled)
-
9. A data storage apparatus that is connected to a data processing apparatus and stores encrypted data transmitted from the data processing apparatus, the data storage apparatus comprising:
-
an allowed bit decryption key management unit that stores, for respective allowed bit positions where decryption is allowed, an allowed bit decryption key used for decrypting an encrypted bit at an allowed bit position; a storage request reception unit that receives a storage request including encrypted data of storage target, tag data to be collated when the encrypted data is searched, and an encrypted bit sequence generated using a storage keyword specified for the encrypted data of storage target from the data processing apparatus; an encrypted data management unit that stores the encrypted data of storage target included in the storage request, relating the encrypted data of storage target to the tag data; and an index management unit that decrypts the encrypted bit at the allowed bit position in the encrypted bit sequence included in the storage request with the allowed bit decryption key, derives an index value from a bit value obtained by decryption, and stores the index value derived and the tag data included in the storage request, relating the index value and the tag data to each other. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification