Re-encryption system, re-encryption apparatus, and program

US 9,635,001 B2
Filed: 05/09/2014
Issued: 04/25/2017
Est. Priority Date: 11/09/2011
Status: Active Grant

First Claim

Patent Images

1. A re-encryption system comprising:

a file sharing apparatus and a re-encryption apparatus which are communicable with a client apparatus operated by a member belonging to a group, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus,the file sharing apparatus comprisinga file storage device on a cloud which stores an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key, andcircuitry ofa first device which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the file storage device based on the file name included in the file request,a second device which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion,a third device which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, anda fourth device which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, andthe re-encryption apparatus comprisinga re-encryption key storage device which stores the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in association with the member ID and the re-encryption key, andcircuitry ofa device which acquires, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request,a device which performs re-encryption by re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key, anda device which transmits the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus,wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A re-encryption system according to this embodiment includes a file sharing apparatus and a re-encryption apparatus. Upon receiving a file request from the client apparatus, the file sharing apparatus acquires a first encrypted file based on the file request, and transmits a re-encryption request including the first encrypted file to the re-encryption apparatus. The re-encryption apparatus re-encrypts the first encrypted file included in the re-encryption request to the second encrypted file based on the re-encryption key, and transmits the second encrypted file to the file sharing apparatus. The file sharing apparatus transmits the second encrypted file to the client apparatus. The client apparatus obtains the file by decrypting the second encrypted file based on a private key corresponding to the public key of the member.

34 Citations

View as Search Results

6 Claims

1. A re-encryption system comprising:
- a file sharing apparatus and a re-encryption apparatus which are communicable with a client apparatus operated by a member belonging to a group, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus,the file sharing apparatus comprisinga file storage device on a cloud which stores an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key, andcircuitry ofa first device which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the file storage device based on the file name included in the file request,a second device which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion,a third device which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, anda fourth device which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, andthe re-encryption apparatus comprisinga re-encryption key storage device which stores the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in association with the member ID and the re-encryption key, andcircuitry ofa device which acquires, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request,a device which performs re-encryption by re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key, anda device which transmits the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus,wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key.
- View Dependent Claims (2)
- - 2. The re-encryption system according to claim 1, wherein the first device, the second device, the third device, and the fourth device are implemented using a filter function which adds predetermined processing.

3. A re-encryption apparatus comprising:
- circuitry configured to communicate with a file sharing apparatus which is communicable with a client apparatus operated by a member belonging to a group, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus, wherein the file sharing apparatus furtherstores, in a memory on a cloud, an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key,executes first processing which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the memory based on the file name included in the file request,executes second processing which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion,executes third processing which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, andexecutes fourth processing which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing,wherein the re-encryption apparatus further comprises;
  
  a re-encryption key storage device which stores the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in association with the member ID and the re-encryption key, andcircuitry ofa device which acquires, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request,a device which performs re-encryption by re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key, anda device which transmits the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus,wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key.
- View Dependent Claims (4)
- - 4. The re-encryption apparatus according to claim 3, wherein the first processing, the second processing, the third processing, the encrypted data transmission processing, and fourth processing are executed by using a filter function which adds predetermined processing.

5. A non-transitory computer-readable storage medium having stored thereon computer-readable instructions which when executed by circuitry of a re-encryption apparatus including:
- a re-encryption key storage device configured to communicate with a file sharing apparatus, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus, and wherein the file sharing apparatus iscommunicable with the client apparatus operated by a member belonging to a group,stores on a cloud, in a memory, an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key,executes first processing which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the memory based on the file name included in the file request,executes second processing which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion,executes third processing which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, andexecutes fourth processing which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, andcauses the circuitry to perform a method comprising;
  
  processing of writing the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in the re-encryption key storage device in association with the member ID and the re-encryption key;
  
  acquiring, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request;
  
  performing re-encryption by executing processing of re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key; and
  
  processing of transmitting the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus, andwherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key.
- View Dependent Claims (6)
- - 6. The non-transitory computer-readable storage medium according to claim 5, wherein the first processing, the second processing, the third processing, the encrypted data transmission processing, and fourth processing are executed by using a filter function which adds predetermined processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Digital Solutions Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Inventors
Kaseda, Yuki, Yoshida, Takuya, Fujii, Yoshihiro, Abe, Shingo, Yamada, Masataka
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
LYNCH, SHARON S

Application Number

US14/274,234
Publication Number

US 20160119292A1
Time in Patent Office

1,082 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/045   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/14   using a plurality of keys o...

Re-encryption system, re-encryption apparatus, and program

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Re-encryption system, re-encryption apparatus, and program

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links