DATA STORAGE APPARATUS, DATA UPDATING SYSTEM, DATA PROCESSING METHOD, AND COMPUTER READABLE MEDIUM
1 Assignment
0 Petitions
Accused Products
Abstract
A data storage unit (202) stores encrypted data while remaining in an encrypted state, and stores decryption conditions to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data. In a case wherein revocation information to indicate a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing arrives, a revocation information removing unit (206) removes the revocation information from the decryption condition while the encrypted data remains in the encrypted state. Further, the revocation information removing unit (206) transmits the encrypted data and the decryption conditions from which the revocation information has been removed to a re-encryption apparatus that performs re-encryption in a proxy re-encryption scheme, and receives, from the re-encryption apparatus, the encrypted data that has be re-encrypted in the proxy re-encryption scheme using the decryption condition from which the revocation information has been removed. A refresh processing unit (205) updates the encrypted data that has been re-encrypted and the decryption condition from which the revocation information has been removed.
9 Citations
20 Claims
-
1-10. -10. (canceled)
-
11. A data storage apparatus comprising
processing circuitry to: -
store encrypted data that has been encrypted, while remaining in an encrypted state, and to store a decryption condition, whereby a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is defined; remove, in a case wherein revocation information which indicates a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing to update the encrypted data and the decryption condition arrives, the revocation information from the decryption condition while the encrypted data remains in an encrypted state, to transmit the encrypted data and the decryption condition from which the revocation information has been removed, to a re-encryption apparatus that performs re-encryption in a proxy re-encryption scheme, and to receive from the re-encryption apparatus, the encrypted data that has been re-encrypted in the proxy re-encryption scheme using the decryption condition from which the revocation information has been removed; and update the encrypted data that has been re-encrypted and received, and the decryption condition from which the revocation information has been removed. - View Dependent Claims (12, 13)
-
-
14. A data updating system comprising:
-
a data storage apparatus including; first processing circuitry to store encrypted data which has been encrypted, while remaining in an encrypted state, and to store a decryption condition, whereby a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is defined, determine, when update timing to update the encrypted data and the decryption condition arrives, whether revocation information that indicates a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition, and in a case wherein the revocation information has been added to the decryption condition, to remove the revocation information from the decryption condition while the encrypted data remains in an encrypted state, to transmit the encrypted data and the decryption condition from which the revocation information has been removed, to a re-encryption apparatus that performs re-encryption in a proxy re-encryption scheme, and to receive from the re-encryption apparatus, the encrypted data that has been re-encrypted in the proxy re-encryption scheme using the decryption condition from which the revocation information has been removed, and update the encrypted data that has been re-encrypted and received, and the decryption condition from which the revocation information has been removed; and a key update apparatus including second processing circuitry to update a decryption key used for decryption of the encrypted data when the update timing arrives. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A data processing method, comprising
by a computer that stores encrypted data that has been encrypted, while remaining in an encrypted state, and stores a decryption condition, whereby a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is defined, removing, in a case wherein revocation information which indicates a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing to update the encrypted data and the decryption condition arrives, the revocation information from the decryption condition while the encrypted data remains in an encrypted state, transmitting the encrypted data and the decryption condition from which the revocation information has been removed, to a re-encryption apparatus that performs re-encryption in a proxy re-encryption scheme, receiving from the re-encryption apparatus, the encrypted data that has been re-encrypted in the proxy re-encryption scheme using the decryption condition from which the revocation information has been removed, and updating the encrypted data that has been re-encrypted and received, and the decryption condition from which the revocation information has been removed.
-
20. A non-transitory computer readable medium storing a data processing program that causes a computer that stores encrypted data that has been encrypted while remaining in an encrypted state, and stores a decryption condition, whereby a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is defined execute:
-
a revocation information removing processing to remove, in a case wherein revocation information which indicates a user attribute of a revoked user who is no longer the decryption-permission user has been added to the decryption condition when update timing to update the encrypted data and the decryption condition arrives, the revocation information from the decryption condition while the encrypted data remains in an encrypted state, to transmit the encrypted data and the decryption condition from which the revocation information has been removed, to a re-encryption apparatus that performs re-encryption in a proxy re-encryption scheme, and to receive from the re-encryption apparatus, the encrypted data that has been re-encrypted in the proxy re-encryption scheme using the decryption condition from which the revocation information has been removed; and a refresh processing to update the encrypted data that has been re-encrypted and received by the revocation information removing processing, and the decryption condition from which the revocation information has been removed.
-
Specification