Re-encryption system, re-encryption apparatus, and program
First Claim
1. A re-encryption system comprising:
- a file sharing apparatus and a re-encryption apparatus which are communicable with a client apparatus operated by a member belonging to a group, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus,the file sharing apparatus comprisinga file storage device on a cloud which stores an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key, andcircuitry ofa first device which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the file storage device based on the file name included in the file request,a second device which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion,a third device which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, anda fourth device which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, andthe re-encryption apparatus comprisinga re-encryption key storage device which stores the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in association with the member ID and the re-encryption key, andcircuitry ofa device which acquires, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request,a device which performs re-encryption by re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key, anda device which transmits the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus,wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key.
3 Assignments
0 Petitions
Accused Products
Abstract
A re-encryption system according to this embodiment includes a file sharing apparatus and a re-encryption apparatus. Upon receiving a file request from the client apparatus, the file sharing apparatus acquires a first encrypted file based on the file request, and transmits a re-encryption request including the first encrypted file to the re-encryption apparatus. The re-encryption apparatus re-encrypts the first encrypted file included in the re-encryption request to the second encrypted file based on the re-encryption key, and transmits the second encrypted file to the file sharing apparatus. The file sharing apparatus transmits the second encrypted file to the client apparatus. The client apparatus obtains the file by decrypting the second encrypted file based on a private key corresponding to the public key of the member.
34 Citations
6 Claims
-
1. A re-encryption system comprising:
-
a file sharing apparatus and a re-encryption apparatus which are communicable with a client apparatus operated by a member belonging to a group, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus, the file sharing apparatus comprising a file storage device on a cloud which stores an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key, and circuitry of a first device which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the file storage device based on the file name included in the file request, a second device which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion, a third device which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, and a fourth device which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, and the re-encryption apparatus comprising a re-encryption key storage device which stores the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in association with the member ID and the re-encryption key, and circuitry of a device which acquires, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request, a device which performs re-encryption by re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key, and a device which transmits the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus, wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key. - View Dependent Claims (2)
-
-
3. A re-encryption apparatus comprising:
-
circuitry configured to communicate with a file sharing apparatus which is communicable with a client apparatus operated by a member belonging to a group, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus, wherein the file sharing apparatus further stores, in a memory on a cloud, an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key, executes first processing which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the memory based on the file name included in the file request, executes second processing which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion, executes third processing which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, and executes fourth processing which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, wherein the re-encryption apparatus further comprises; a re-encryption key storage device which stores the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in association with the member ID and the re-encryption key, and circuitry of a device which acquires, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request, a device which performs re-encryption by re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key, and a device which transmits the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus, wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key. - View Dependent Claims (4)
-
-
5. A non-transitory computer-readable storage medium having stored thereon computer-readable instructions which when executed by circuitry of a re-encryption apparatus including:
-
a re-encryption key storage device configured to communicate with a file sharing apparatus, wherein the re-encryption apparatus is distinct and separate from the client apparatus and the file sharing apparatus, and wherein the file sharing apparatus is communicable with the client apparatus operated by a member belonging to a group, stores on a cloud, in a memory, an encrypted file including a first encrypted symmetric key portion obtained by encrypting a symmetric key based on a public key of the group and an encrypted data portion obtained by encrypting data based on the symmetric key, executes first processing which acquires, upon receiving a file request including a member ID for identifying the member and a file name of the encrypted file from the client apparatus, the encrypted file from the memory based on the file name included in the file request, executes second processing which separates the acquired encrypted file into the first encrypted symmetric key portion and the encrypted data portion, executes third processing which transmits a re-encryption request including the first encrypted symmetric key portion and the member ID included in the file request to the re-encryption apparatus simultaneously with encrypted data transmission processing which transmits the separated encrypted data portion to the client apparatus, and executes fourth processing which transmits, upon receiving a second encrypted symmetric key portion obtained by encrypting the symmetric key based on a public key of the member ID from the re-encryption apparatus simultaneously with the encrypted data transmission processing, the second encrypted symmetric key portion to the client apparatus after the encrypted data transmission processing, and causes the circuitry to perform a method comprising; processing of writing the member ID for identifying the member and a re-encryption key for re-encrypting, without decrypting, the first encrypted symmetric key portion into the second encrypted symmetric key portion in the re-encryption key storage device in association with the member ID and the re-encryption key; acquiring, upon receiving the re-encryption request from the file sharing apparatus, the re-encryption key from the re-encryption key storage device based on the member ID included in the re-encryption request; performing re-encryption by executing processing of re-encrypting the first encrypted symmetric key portion included in the re-encryption request to the second encrypted symmetric key portion based on the acquired re-encryption key; and processing of transmitting the second encrypted symmetric key portion obtained by the re-encryption to the file sharing apparatus, and wherein the client apparatus obtains the data requested by the file request by obtaining the symmetric key by decrypting the second encrypted symmetric key portion from the file sharing apparatus based on a private key corresponding to a public key of the member, and decrypting the encrypted data portion from the file sharing apparatus based on the obtained symmetric key. - View Dependent Claims (6)
-
Specification