DATA PROCESSING APPARATUS AND DATA STORAGE APPARATUS

US 20130287210A1
Filed: 01/13/2011
Published: 10/31/2013
Est. Priority Date: 01/13/2011
Status: Active Grant

First Claim

Patent Images

1. A data processing apparatus connected to a data storage apparatus that stores a plurality of encrypted data and tag data being related to each of the plurality of encrypted data and being collated when the plurality of encrypted data are searched, the data processing apparatus comprising:

a keyword specification unit that specifies a keyword of storage target data being a target to be stored in the data storage apparatus, as a storage keyword;

an allowed bit position specification unit that specifies a bit position where disclosure of a bit value to the data storage apparatus is allowed, as an allowed bit position;

an index derive bit sequence generation unit that generates a bit sequence from the storage keyword by performing a generation procedure, as a storage index derive bit sequence; and

a concealing processing unit that performs concealing processing to disclose the bit value at the allowed bit position in the storage index derive bit sequence to the data storage apparatus, and to conceal bit values at other than the allowed bit position in the storage index derive bit sequence from the data storage apparatus, and that causes the data storage apparatus to derive a storage index value, which is to be attached to the tag data by the data storage apparatus when the tag data to be related to encrypted data of the storage target data is stored, from the bit value disclosed at the allowed bit position in the storage index derive bit sequence,wherein the concealing processing unit generates, for the respective allowed bit positions, a decryption key used for decrypting an encrypted bit at the allowed bit position, as an allowed bit decryption key,the data processing apparatus further comprising;

an allowed bit decryption key transmission unit that transmits the allowed bit decryption key to the data storage apparatus,wherein the concealing processing unit encrypts the storage index derive bit sequence by an encryption scheme in which the encrypted bit at the allowed bit position is decrypted with the allowed bit decryption key and encrypted bits at other than the allowed bit position are not decrypted with the allowed bit decryption key,the data processing apparatus further comprising;

a storage request transmission unit that transmits a storage request including the encrypted data of the storage target data, the tag data to be related to the encrypted data of the storage target data, and an encrypted storage index derive bit sequence to the data storage apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access terminal apparatus provides a group determination key being a decryption key to a data center apparatus previously, and then transmits grouping information generated from a keyword of storage target data and having been encrypted to the data center apparatus, with encrypted data of the storage target data and tag data of the encrypted data of the storage target data. The data center apparatus stores the encrypted data relating it to the tag data, decrypts a part of the grouping information with the group determination key, derives an index value from a bit value obtained by the decryption, and stores the derived index value and the tag data relating them with each other.

70 Citations

View as Search Results

15 Claims

1. A data processing apparatus connected to a data storage apparatus that stores a plurality of encrypted data and tag data being related to each of the plurality of encrypted data and being collated when the plurality of encrypted data are searched, the data processing apparatus comprising:
- a keyword specification unit that specifies a keyword of storage target data being a target to be stored in the data storage apparatus, as a storage keyword;
  
  an allowed bit position specification unit that specifies a bit position where disclosure of a bit value to the data storage apparatus is allowed, as an allowed bit position;
  
  an index derive bit sequence generation unit that generates a bit sequence from the storage keyword by performing a generation procedure, as a storage index derive bit sequence; and
  
  a concealing processing unit that performs concealing processing to disclose the bit value at the allowed bit position in the storage index derive bit sequence to the data storage apparatus, and to conceal bit values at other than the allowed bit position in the storage index derive bit sequence from the data storage apparatus, and that causes the data storage apparatus to derive a storage index value, which is to be attached to the tag data by the data storage apparatus when the tag data to be related to encrypted data of the storage target data is stored, from the bit value disclosed at the allowed bit position in the storage index derive bit sequence,wherein the concealing processing unit generates, for the respective allowed bit positions, a decryption key used for decrypting an encrypted bit at the allowed bit position, as an allowed bit decryption key,the data processing apparatus further comprising;
  
  an allowed bit decryption key transmission unit that transmits the allowed bit decryption key to the data storage apparatus,wherein the concealing processing unit encrypts the storage index derive bit sequence by an encryption scheme in which the encrypted bit at the allowed bit position is decrypted with the allowed bit decryption key and encrypted bits at other than the allowed bit position are not decrypted with the allowed bit decryption key,the data processing apparatus further comprising;
  
  a storage request transmission unit that transmits a storage request including the encrypted data of the storage target data, the tag data to be related to the encrypted data of the storage target data, and an encrypted storage index derive bit sequence to the data storage apparatus.
- View Dependent Claims (2, 3, 5, 6, 7, 8)
- - 2. The data processing apparatus according to claim 1,wherein the data processing apparatus is connected to the data storage apparatus that specifies tag data to be collated with an encrypted search keyword, when receiving a search request including the encrypted search keyword and a search index derive bit sequence from which an index value of the tag data to be collated with the encrypted search keyword is derived by disclosure of the bit value at the bit position where disclosure is allowed, based on the index value acquired by disclosure of a bit value in the search index derive bit sequence, and that performs searching of the plurality of encrypted data by collating specified tag data with the encrypted search keyword, andthe index derive bit sequence generation unit generates the storage index derive bit sequence from which the storage index value to be compared with the index value acquired from the search index derive bit sequence in the data storage apparatus is derived by disclosure of the bit value at the allowed bit position to the data storage apparatus by the concealing processing unit.
  - 3. The data processing apparatus according to claim 1,wherein the allowed bit position specification unit specifies a new allowed bit position sequentially, andthe concealing processing unit performs the concealing processing and increases a number of bits of the storage index value when the new allowed bit position is specified by the allowed bit position specification unit, the concealing processing disclosing a bit value at the new allowed bit position newly specified to the data storage apparatus in addition to the bit value at the allowed bit position currently existing in the storage index derive bit sequence.
  - 5. The data processing apparatus according to claim 1,wherein the concealing processing unit generates a decryption key to which user information on a user who is allowed to access the storage target data is reflected, as the allowed bit decryption key, andencrypts the storage index derive bit sequence by using an encryption key to which the user information on the user who is allowed to access the storage target data is reflected.
  - 6. The data processing apparatus according to claim 1,wherein the allowed bit position specification unit specifies a new allowed bit position sequentially,the concealing processing unit generates, when the new allowed bit position is specified by the allowed bit position specification unit, a new allowed bit decryption key used for decrypting an encrypted bit at the new allowed bit position specified, andthe allowed bit decryption key transmission unit transmits the new allowed bit decryption key generated by the concealing processing unit to the data storage apparatus.
  - 7. The data processing apparatus according to claim 6,wherein the data processing apparatus is connected to the data storage apparatus that specifies tag data to be collated with an encrypted search keyword, and performs searching of the plurality of encrypted data by collating specified tag data with the encrypted search keyword,the keyword specification unit specifies a search keyword which causes the data storage apparatus to perform searching of the plurality of encrypted data,the index derive bit sequence generation unit generates a bit sequence from the search keyword specified by the keyword specification unit based on a same generation procedure as that of the storage index derive bit sequence, as a search index derive bit sequence,the concealing processing unit encrypts the search index derive bit sequence by the encryption scheme in which the encrypted bit at the allowed bit position, where disclosure of the bit value to the data storage apparatus is allowed, is decrypted with the allowed bit decryption key held by the data storage apparatus, and the encrypted bits at other than the allowed bit position are not decrypted with the allowed bit decryption key, andcauses the data storage apparatus to derive a search index value, which is to be compared with the storage index value by the data storage apparatus when extracting the tag data to be collated with the encrypted search keyword, from the bit value at the allowed bit position which is to be disclosed to the data storage apparatus by decrypting the encrypted bit at the allowed bit position in an encrypted search index derive bit sequence,the data processing apparatus further comprising:
    - a search request transmission unit that transmits a search request including the encrypted search keyword and the encrypted search index derive bit sequence to the data storage apparatus.
  - 8. The data processing apparatus according to claim 7,wherein the concealing processing unit encrypts the search index derive bit sequence with an encryption key to which user information on a user of the data processing apparatus is reflected.

4. (canceled)

9. A data storage apparatus that is connected to a data processing apparatus and stores encrypted data transmitted from the data processing apparatus, the data storage apparatus comprising:
- an allowed bit decryption key management unit that stores, for respective allowed bit positions where decryption is allowed, an allowed bit decryption key used for decrypting an encrypted bit at an allowed bit position;
  
  a storage request reception unit that receives a storage request including encrypted data of storage target, tag data to be collated when the encrypted data is searched, and an encrypted bit sequence generated using a storage keyword specified for the encrypted data of storage target from the data processing apparatus;
  
  an encrypted data management unit that stores the encrypted data of storage target included in the storage request, relating the encrypted data of storage target to the tag data; and
  
  an index management unit that decrypts the encrypted bit at the allowed bit position in the encrypted bit sequence included in the storage request with the allowed bit decryption key, derives an index value from a bit value obtained by decryption, and stores the index value derived and the tag data included in the storage request, relating the index value and the tag data to each other.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The data storage apparatus according to claim 9,wherein the allowed bit decryption key management unit stores the allowed bit decryption key, relating the allowed bit decryption key to user information,the storage request reception unit receives the storage request including user information on a user who is allowed to access the encrypted data of storage target, andthe index management unit decrypts the encrypted bit at the allowed bit position in the encrypted bit sequence included in the storage request, with the allowed bit decryption key corresponding to user information which is identical to the user information included in the storage request, and derives an index value.
  - 11. The data storage apparatus according to claim 10,wherein the allowed bit decryption key management unit stores the allowed bit decryption key to which user information is reflected, relating the allowed bit decryption key to the user information, andthe storage request reception unit receives the storage request including the encrypted bit sequence encrypted with an encryption key to which the user information on the user who is allowed to access the encrypted data of storage target is reflected.
  - 12. The data storage apparatus according to claim 10,wherein the index management unit derives an index value by combining bit values acquired by decrypting the encrypted bit sequence included in the storage request, andstores the index value derived, the tag data included in the storage request, and undecrypted bits in the encrypted bit sequence, relating the index value, the tag data and the undecrypted bits to the user information included in the storage request,the allowed bit decryption key management unit acquires, when a new allowed bit position is specified, a new allowed bit decryption key to be used for decrypting an encrypted bit at the new allowed bit position, and user information related to the new allowed bit decryption key, andthe index management unit extracts encrypted bits related to user information identical to the user information acquired by the allowed bit decryption key management unit, decrypts an encrypted bit related to the new allowed bit position in extracted encrypted bits with the new allowed bit decryption key, and derives a new index value by adding a bit value obtained by decryption to an index value corresponding to common user information.
  - 13. The data storage apparatus according to claim 10,wherein the data storage apparatus is connected to a plurality of data processing apparatuses,the data storage apparatus further comprising:
    - a search request reception unit that receives, from a search request data processing apparatus that requests to search the encrypted data in the plurality of data processing apparatuses, a search request including an encrypted search keyword, an encrypted bit sequence generated by using a search keyword before being encrypted, and user information on a user of the search request data processing apparatus,the index management unit decrypts the encrypted bit at the allowed bit position in the encrypted bit sequence included in the search request by using the allowed bit decryption key related to user information identical to the user information included in the search request, derives an index value from a bit value at the allowed bit position obtained by decryption, and extracts tag data related to a same index value as the index value derived,the data storage apparatus further comprising;
      
      a search processing unit that collates the tag data extracted by the index management unit with the encrypted search keyword included in the search request, specifies tag data generated from a same keyword as the search keyword in the tag data extracted by the index management unit, and acquires encrypted data related to the tag data specified from the encrypted data management unit.
  - 14. The data storage apparatus according to claim 13,wherein the allowed bit decryption key management unit stores the allowed bit decryption key, to which user information is reflected, relating the allowed bit decryption key to the user information, andthe search request reception unit receives the search request including the bit sequence encrypted with an encryption key to which the user information on the user of the search request data processing apparatus is reflected.
  - 15. The data storage apparatus according to claim 13,wherein the index management unit stores the index value derived and the tag data included in the storage request, relating the index value and the tag data to the user information included in the storage request,when the search request is received by the search request reception unit, decrypts the encrypted bit at the allowed bit position in the encrypted bit sequence included in the search request by using the allowed bit decryption key related to user information identical to the user information included in the search request, derives an index value from the bit value at the allowed bit position obtained by decryption, and extracts tag data related to the same index value as the index value derived, from tag data related to user information identical to the user information included in the search request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitsubishi Electric Corporation
Original Assignee
Mitsubishi Electric Corporation
Inventors
Matsuda, Nori, Ito, Takashi, Hattori, Mitsuhiro, Mori, Takumi, Hirano, Takato

Granted Patent

US 9,111,106 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6272   by registering files or doc...

G06F 2221/2107   File encryption

H04L 9/0894   Escrow, recovery or storing...

DATA PROCESSING APPARATUS AND DATA STORAGE APPARATUS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROCESSING APPARATUS AND DATA STORAGE APPARATUS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links