WO2017221308A1 - Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche - Google Patents

Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche Download PDF

Info

Publication number
WO2017221308A1
WO2017221308A1 PCT/JP2016/068291 JP2016068291W WO2017221308A1 WO 2017221308 A1 WO2017221308 A1 WO 2017221308A1 JP 2016068291 W JP2016068291 W JP 2016068291W WO 2017221308 A1 WO2017221308 A1 WO 2017221308A1
Authority
WO
WIPO (PCT)
Prior art keywords
search
partial
condition
data
data management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2016/068291
Other languages
English (en)
Japanese (ja)
Inventor
伊藤 隆
松田 規
充洋 服部
陽一 柴田
拓海 森
貴人 平野
義博 小関
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Priority to PCT/JP2016/068291 priority Critical patent/WO2017221308A1/fr
Publication of WO2017221308A1 publication Critical patent/WO2017221308A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor

Definitions

  • This invention relates to a technique for efficiently performing a secret search.
  • Non-Patent Documents 1 and 2 There is a secret search system in which data managed by a data management device can be searched by a search device by specifying a keyword, and at that time, the data and the keyword are kept secret from the data management device.
  • the secret search system is expected to be applied to confidential data management outsourcing and filtering of encrypted mail in a mail data management apparatus.
  • a technique for achieving various safety requirements and a technique for reducing the storage usage, communication overhead, and computation overhead of the data management device and the search device are being studied.
  • Patent Literature 1 classifies search conditions into low-cost search conditions and high-cost search conditions, and reduces the search processing time by using different degrees of parallelism according to the cost. It is described.
  • search conditions can be classified into two groups of low cost and high cost, there are a plurality of search conditions to be a secret search as described above, and all are classified as high cost. In case, the search order could not be optimized.
  • An object of the present invention is to shorten the time until search processing is completed when there are a plurality of search conditions to be a secret search target.
  • the data management device is: When receiving an encrypted search condition including a plurality of partial conditions, an order determination unit that determines the execution order of the plurality of partial conditions according to priority information for the data type that each partial condition is a search target; A search unit that executes a search according to each of the partial conditions according to the execution order determined by the order determination unit.
  • the execution order of the partial conditions is determined according to the priority information for the data type to be searched by each partial condition.
  • FIG. 1 is a configuration diagram of a secret search system 10 according to Embodiment 1.
  • FIG. 1 is a configuration diagram of a data management apparatus 20 according to Embodiment 1.
  • FIG. 1 is a configuration diagram of a registration device 30 according to Embodiment 1.
  • FIG. 1 is a configuration diagram of a search device 40 according to Embodiment 1.
  • FIG. 4 is a diagram showing data stored in a data storage unit 221 according to the first embodiment.
  • FIG. 5 is a diagram showing data stored in a priority storage unit 222 according to the first embodiment.
  • FIG. 4 shows data stored in an encryption key storage unit 321 according to Embodiment 1.
  • FIG. 4 shows data stored in a search key storage unit 421 according to Embodiment 1.
  • FIG. 5 is a flowchart of (1) initial setting processing according to the first embodiment.
  • 10 is a flowchart of (2) data registration processing according to the first embodiment.
  • 10 is a flowchart of (3) data search processing according to the first embodiment.
  • FIG. 5 is a diagram showing data stored in a priority storage unit 222 according to the first embodiment.
  • the block diagram of the data management apparatus 20 which concerns on the modification 9.
  • FIG. The block diagram of the registration apparatus 30 which concerns on the modification 9.
  • FIG. FIG. 3 is a configuration diagram of a data management apparatus 20 according to a second embodiment.
  • FIG. 10 is a flowchart of (3) data search processing according to the second embodiment.
  • FIG. 10 is a flowchart of (3) data search processing according to the second embodiment. The figure which shows the data
  • Embodiment 1 FIG. *** Explanation of configuration *** With reference to FIG. 1, the structure of the confidential search system 10 which concerns on Embodiment 1 is demonstrated.
  • the secret search system 10 includes a data management device 20, a registration device 30, and a search device 40.
  • the data management device 20, the registration device 30, and the search device 40 are connected via a network 50.
  • the data management device 20 is a computer.
  • the data management device 20 includes hardware including a processor 21, a storage device 22, and a communication interface 23.
  • the processor 21 is connected to other hardware via the system bus and controls these other hardware.
  • the data management apparatus 20 includes a registration unit 211, an order determination unit 212, a search unit 213, and an update unit 214 as functional components.
  • the functions of the registration unit 211, the order determination unit 212, the search unit 213, and the update unit 214 are implemented by software.
  • the storage device 22 stores a program that realizes the functions of the respective units of the data management device 20. This program is read and executed by the processor 21. Further, the storage device 22 realizes the functions of the data storage unit 221 and the priority storage unit 222.
  • the registration device 30 is a computer.
  • the registration device 30 includes hardware of a processor 31, a storage device 32, and a communication interface 33.
  • the processor 31 is connected to other hardware via the system bus and controls these other hardware.
  • the registration device 30 includes a registration data generation unit 311 and a communication unit 312 as functional components.
  • the functions of the registration data generation unit 311 and the communication unit 312 are realized by software.
  • the storage device 32 stores a program that realizes the functions of the respective units of the registration device 30. This program is read and executed by the processor 31.
  • the storage device 32 implements the function of the encryption key storage unit 321.
  • the search device 40 is a computer.
  • the search device 40 includes hardware of a processor 41, a storage device 42, and a communication interface 43.
  • the processor 41 is connected to other hardware via the system bus and controls these other hardware.
  • the search device 40 includes a search request generation unit 411, a communication unit 412, and a decryption unit 413 as functional components.
  • the functions of the search request generation unit 411, the communication unit 412, and the decryption unit 413 are realized by software.
  • the storage device 42 stores a program that realizes the functions of the respective units of the search device 40. This program is read and executed by the processor 41. Further, the storage device 42 realizes the function of the search key storage unit 421.
  • the processors 21, 31, and 41 are ICs (Integrated Circuits) that perform processing. Specific examples of the processors 21, 31, and 41 are a CPU, a DSP (Digital Signal Processor), and a GPU (Graphics Processing Unit).
  • the storage devices 22, 32, and 42 are a nonvolatile memory that can keep an execution program and data while the power is off, and a volatile memory that can move data at high speed while the power is on. Composed.
  • Specific examples of the nonvolatile memory include an HDD (Hard Disk Drive), an SSD (Solid State Drive), and a flash memory.
  • the non-volatile memory may be a portable storage medium such as an SD (Secure Digital) memory card, a CF (Compact Flash), a NAND flash, a flexible disk, an optical disk, a compact disk, a Blu-ray (registered trademark) disk, or a DVD.
  • Specific examples of the volatile memory include DDR2-SDRAM (Double-Data-Rate2 Synchronous Random Access Memory) and DDR3-SDRAM (Double-Data-Rate3 Synchronous Dynamic Memory).
  • the communication interfaces 23, 33, and 43 are devices for communicating with other devices via the network 50.
  • the communication interfaces 23, 33, and 43 are Ethernet (registered trademark), RS232C, USB (Universal Serial Bus), and IEEE1394 terminals.
  • the data management apparatus 20 may include a plurality of processors that replace the processor 21.
  • the plurality of processors share the execution of programs that realize the functions of the respective units of the data management apparatus 20.
  • Each processor is an IC that performs processing in the same manner as the processor 21.
  • FIGS. 3 to 4 only one processor 31, 41 is shown.
  • the registration device 30 and the search device 40 may include a plurality of processors that replace the processors 31 and 41, respectively.
  • the operation of the confidential search system 10 according to the first embodiment will be described with reference to FIGS.
  • the operation of the confidential search system 10 according to the first embodiment corresponds to the confidential search method according to the first embodiment.
  • the operation of the confidential search system 10 according to the first embodiment corresponds to the process of the confidential search program according to the first embodiment.
  • the data storage unit 221 stores the encrypted data obtained by encrypting the data by the registration device 30 and the encrypted keyword generated for the confidential search by the registration device 30 in association with each other.
  • a function F is a function for generating an encrypted keyword for secret search from a keyword
  • a function E is a function for encrypting data.
  • “Takahashi”, “Men” and “31” are encrypted for secret search as keywords for searching for encrypted data “Taro Takahashi, man, 31,... Has been remembered.
  • data types of “first name”, “sex”, and “age” are specified for ease of explanation, but these may be encrypted so that the data management device 20 does not know them.
  • the priority storage unit 222 stores priority information for determining the execution order of partial conditions when the search condition includes a plurality of partial conditions.
  • the hit rate when data stored in the data storage unit 221 is searched for the data type is stored as the priority information.
  • the hit rate is a partial condition in which the corresponding data type is a search target, and indicates a ratio of the number of data hits when the target data is searched in the past.
  • a hit rate is stored for each data type of last name, gender, and age.
  • the encryption key storage unit 321 stores an encryption key for generating encrypted data and an encryption key for generating encrypted keywords.
  • the encryption key for generating encrypted data is, as a specific example, an AES (Advanced Encryption Standard) key or an RSA public key.
  • the encryption key for generating the encryption keyword is, as a specific example, an encryption key of the existing secret search technology described in Non-Patent Documents 1 and 2 and the like.
  • the search key storage unit 421 stores a data decryption encryption key and a trapdoor generation encryption key that is a search request.
  • the encryption key for data decryption is, as a specific example, an AES key or an RSA private key.
  • the trap door generation encryption key is an encryption key for trap door generation of the existing secret search technology described in Non-Patent Documents 1 and 2 and the like.
  • the encryption key for data decryption and the encryption key for generating encrypted data stored in the encryption key storage unit 321 are corresponding keys.
  • the encryption key for generating the trapdoor and the encryption key for generating the encryption keyword stored in the encryption key storage unit 321 are corresponding keys.
  • the operation of the confidential search system 10 according to the first embodiment will be described on the premise of the data stored in each of the above storage units.
  • the operation of the confidential search system 10 according to the first embodiment is broadly divided into three processes: (1) initial setting process, (2) data registration process, and (3) data search process.
  • initial setting process initial setting of the entire secret search system 10 is performed.
  • Step S11 Search key storage process
  • the decryption unit 413 of the search device 40 generates a pair of an encryption key for data decryption and an encryption key for generation of encrypted data, and writes the encryption key for data decryption in the search key storage unit 421.
  • the communication unit 412 discloses the encryption key for generating encrypted data corresponding to the encryption key for data decryption or transmits it to the registration device 30.
  • the search request generation unit 411 of the search device 40 generates a pair of an encryption key for generating a trap door and an encryption key for generating an encryption keyword, and stores the encryption key for generating a trap door as a search key storage unit 421. Write to.
  • the communication unit 412 discloses the encryption key for generating the encryption keyword corresponding to the encryption key for generating the trapdoor, or transmits it to the registration device 30.
  • the search key storage unit 421 stores an encryption key for data decryption and an encryption key for trap door generation.
  • the decryption unit 413 may acquire an externally generated pair instead of generating a pair of an encryption key for data decryption and an encryption key for generating encrypted data.
  • the search request generation unit 411 may acquire an externally generated pair instead of generating a pair of trap key generation encryption key and encryption keyword generation encryption key.
  • Step S12 encryption key storage process
  • the registration data generation unit 311 of the registration device 30 acquires the encryption key for generating encrypted data and the encryption key for generating the encryption keyword that have been released or transmitted in step S11, and the encryption key storage unit 321. Write to.
  • the encryption key storage unit 321 stores the encryption key for generating the encrypted data and the encryption key for generating the encryption keyword.
  • the data registration process is a process for storing the encryption keyword and the encrypted data in the data management apparatus 20.
  • data “Taro Takahashi, male, 31,...” Is registered so that it can be searched confidentially with keywords of the last name “Takahashi”, gender “male”, and age “31”.
  • Step S21 Data encryption processing
  • the registration data generation unit 311 of the registration apparatus 30 encrypts data using the encryption key for generating encrypted data stored in the encryption key storage unit 321 to generate encrypted data.
  • the registration data generation unit 311 encrypts the data “Taro Takahashi, male, 31,...” To generate encrypted data E (Taro Takahashi, male, 31,).
  • Step S22 Keyword encryption processing
  • the registration data generation unit 311 of the registration device 30 encrypts the keyword using the encryption key for encryption keyword generation stored in the encryption key storage unit 321 to generate an encryption keyword.
  • the registration data generation unit 311 encrypts the keywords “Takahashi”, “Men”, and “31”, and encrypts the keywords F (Takahashi), F (Men), and F (31). Is generated.
  • the encryption key for generating the encrypted keyword may be different for each data type such as last name, gender, and age, or may be the same regardless of the data type.
  • the registered data generation unit 311 uses an encryption key corresponding to each data type.
  • Step S23 Data transmission processing
  • the communication unit 312 of the registration device 30 transmits the encrypted data generated in step S21 and the encrypted keyword generated in step S22 to the data management device 20.
  • Step S24 Data storage process
  • the registration unit 211 of the data management device 20 writes the encrypted data and the encrypted keyword transmitted in step S23 in the data storage unit 221.
  • the data shown in the first line of FIG. 5 is written in the data storage unit 221.
  • the data search process is a process for performing a secret search on data stored in the data management device 20 with a keyword specified.
  • Step S31 Request generation processing
  • the search request generation unit 411 of the search device 40 receives input of search conditions. Then, the search request generation unit 411 uses the encryption key for trap door generation stored in the search key storage unit 421 to encrypt the received search condition and generates a search request.
  • the search request generation unit 411 receives the partial condition “gender“ male ”” and the partial condition “age“ 26 ”” as the search conditions in order to search for “26 years old male.”
  • the search request generation unit 411 The search condition “T (male) AND T (26)” in which the partial condition T (male) and the partial condition T (26) are combined with an AND condition using the encryption key for generating the trapdoor is used as a retrieval request. Generate.
  • T is a trapdoor generation function.
  • the search request generation unit 411 uses an encryption key corresponding to each data type.
  • the search request generation unit 411 allows the data management apparatus 20 to know the data type that each partial condition is a search target.
  • the search request generation unit 411 includes type information indicating a data type to be searched for by each partial condition in the search request. If the data type to be searched for by each partial condition can be specified by the data structure of the search request, the type information need not be included in the search request.
  • Step S32 Request transmission processing
  • the communication unit 412 of the search device 40 transmits the search request generated in step S31 to the data management device 20.
  • Step S33 Condition determination process
  • the order determination unit 212 of the data management device 20 determines whether or not the search condition indicated by the search request transmitted in step S32 includes a plurality of partial conditions.
  • the order determining unit 212 proceeds to step S34 when a plurality of partial conditions are included, and proceeds to step S35 when only one partial condition is included.
  • the search condition includes two conditions, a partial condition T (male) and a partial condition T (26). Therefore, the order determining unit 212 proceeds with the process to step S34.
  • Step S34 Order determination process
  • the order determination unit 212 of the data management device 20 refers to the priority information stored in the priority storage unit 222, and executes the execution order of the plurality of partial conditions included in the search condition indicated by the search request transmitted in step S32. To decide. Specifically, when receiving an encrypted search condition including a plurality of partial conditions, the order determining unit 212 receives hits stored in the priority storage unit 222 for the data types to be searched by each partial condition. The execution order of the plurality of partial conditions is determined according to the rate. The order determination unit 212 determines the execution order in ascending order of the hit rate when the partial conditions are combined with an AND condition. On the other hand, when the partial conditions are combined with the OR condition, the order determining unit 212 determines the execution order in descending order of the hit rate.
  • the order determination unit 212 determines the gender hit rate that is the data type to be searched by the partial condition T (male), and the age hit rate that is the data type to be searched by the partial condition T (26). Refer to If the priority information shown in FIG. 6 is stored in the priority storage unit 222, the gender hit rate is 50% and the age hit rate is 5%. Therefore, if the search order is the order of the partial condition T (male) and the partial condition T (26), the first confidential search is executed with the partial condition T (male) for all records. The second confidential search is executed under the partial condition T (26) for 50% of all records hit in the first confidential search.
  • the search order is the order of the partial condition T (26) and the partial condition T (male)
  • the first confidential search is executed with the partial condition T (26) for all records.
  • the second confidential search is executed under the partial condition T (male) for 5% of all records hit in the first confidential search. Therefore, it is recognized that the search processing time is shorter in the latter order, that is, the order of the partial condition T (26) and the partial condition T (male) in which the number of records to be targeted in the second secret search is small. Therefore, the order determination unit 212 determines the execution order in the order of the partial condition T (26) and the partial condition T (male).
  • the order determination unit 212 determines the execution order in the order searched in advance or the order selected at random.
  • Step S35 Search process
  • the search unit 213 of the data management device 20 stores data in the search condition according to the execution order determined in step S34.
  • a secret search is performed on the data stored in the unit 221.
  • the search unit 213 applies the data stored in the data storage unit 221 with one partial condition.
  • Perform a secret search As a specific example, the search unit 213 performs a secret search by executing an existing secret search process described in Non-Patent Documents 1 and 2.
  • the confidential search is executed with the partial condition T (26) for all records
  • the confidential search is executed with the partial condition T (male) for the hit record.
  • E Korean
  • Step S36 Update process
  • the update unit 214 of the data management device 20 updates the priority information stored in the priority storage unit 222 based on the result of the confidential search performed by the search unit 213 in step S35. Specifically, based on the result of the confidential search performed by the search unit 213 in step S35, the update unit 214 hits the data type that the partial condition included in the search condition transmitted in step S32 is the search target. Update rate. For example, the update unit 214 updates the hit rate stored in the priority storage unit 222 with the average value of the hit rate stored in the priority storage unit 222 and the hit rate as a result of executing the confidential search. . Alternatively, as shown in FIG.
  • the priority storage unit 222 may store the number of search trial records and the number of search hit records for each data type. Then, the update unit 214 adds the number of target records when the secret search is executed to the number of search trial records, adds the number of records hit by the secret search to the number of search hit records, and the number of search trial records after the addition
  • the hit rate may be updated from the number of search hit records. Note that the update unit 214 updates the hit rate only when the secret search is executed under the search condition including only one partial condition and the hit rate for all records is obtained, and the subsequent hit rate is updated. You may not make it.
  • Step S37 Result transmission processing
  • the search unit 213 of the data management device 20 transmits the data hit in step S35 to the search device 40.
  • E Karl Fischer Sato, male, 26,...) Is transmitted.
  • Step S38 Decoding process
  • the decryption unit 413 of the search device 40 decrypts the data transmitted in step S37 using the encryption key for data decryption stored in the search key storage unit 421.
  • E Korean
  • Kazuo Sato, male, 26, Is decoded to obtain data of Kazuo Sato, male, 26,.
  • Embodiment 1 Effects of Embodiment 1 ***
  • the execution order of partial conditions is determined according to the priority information for the data type that each partial condition is a search target. Thereby, the partial conditions can be executed in an appropriate order, and the search processing time can be shortened.
  • the data storage unit 221 stores encrypted keywords and encrypted data, and the search execution order cannot be simply optimized.
  • the confidential search system 10 according to Embodiment 1 can determine an appropriate execution order by using the priority information.
  • each processing time may be stored as priority information, and the execution order may be determined in consideration of this.
  • the processing time is the time taken for a match determination of one record in the secret search.
  • ⁇ Modification 2> In the first embodiment, an example in which a confidential search is performed using a search condition including a plurality of partial conditions has been described. However, as a second modification, a search condition for performing a secret search and a search condition for performing a search without encryption may be mixed.
  • the priority information is updated based on the search result executed by the data management device 20.
  • modification 3 when priority information such as hit rate can be estimated from the beginning, appropriate information may be stored in the priority storage unit 222 in (1) initial setting processing.
  • the encrypted data and the encrypted keyword are stored in the data storage unit 221 in an integrated manner.
  • the encrypted data and the encrypted keyword may be associated with each other by interposing a data ID, and the encrypted data and the encrypted keyword may be stored separately.
  • the encrypted data and the encrypted keyword may be stored in different devices.
  • the registration device 30 and the search device 40 are separate devices.
  • the registration device 30 and the search device 40 may be combined into one device.
  • the secret search system can be operated without giving extra information to the attacker.
  • the encryption key is stored in the encryption key storage unit 321 of the registration device 30 and the search key storage unit 421 of the search device 40.
  • the encryption key may be acquired from the outside when necessary.
  • the encryption key may be acquired from an IC card, or the encryption key may be automatically generated from a password or biometric information.
  • ⁇ Modification 8> In the first embodiment, only one registration device 30 and search device 40 are used. However, as a modified example 8, a plurality of registration devices 30 and a plurality of search devices 40 may be used so that each of data registration and search can be executed. In this case, the same search result can be obtained from different devices by sharing the encryption key for trapdoor generation among the plurality of search devices 40. On the other hand, if it is desired to change the search result for each device even with the same search keyword, the trap door generation encryption key may be changed for each device.
  • ⁇ Modification 9> the functions of the respective units of the data management device 20, the registration device 30, and the search device 40 are realized by software.
  • the functions of the respective units of each device may be realized by hardware. In the modification 9, differences from the first embodiment will be described.
  • each device includes processing circuits 24, 34, and 44 instead of the processors 21, 31, and 41 and the storage devices 22, 32, and 42.
  • the processing circuits 24, 34, and 44 are dedicated electronic circuits that realize the functions of the respective units of each device and the functions of the storage device 22.
  • the processing circuits 24, 34, and 44 are a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, a logic IC, a GA (Gate Array), an ASIC (Application Specific Integrated Circuit), and an FPGA (Field-Programmable Gate). Array) is assumed.
  • Each apparatus may include a plurality of processing circuits that replace the processing circuits 24, 34, and 44. The function of each unit is realized as a whole by the plurality of processing circuits.
  • Each processing circuit is a dedicated electronic circuit, like the processing circuits 24, 34, 44.
  • ⁇ Modification 10> As a tenth modification, some functions may be realized by hardware, and other functions may be realized by software. That is, some functions of each unit of each device may be realized by hardware, and other functions may be realized by software.
  • processors 21, 31, 41, the storage devices 22, 32, 42 and the processing circuits 24, 34, 44 are collectively referred to as “processing circuits”. That is, the function of each part is realized by a processing circuit.
  • the first embodiment does not mention protection of communication between devices.
  • communication may be protected using an existing encryption technology such as TLS (Transport Layer Security).
  • Embodiment 2 is different from the first embodiment in that the search device 40 manages priority information and the search device 40 determines the execution order, not the data management device 20. In the second embodiment, this different point will be described.
  • the configuration of the data management apparatus 20 according to the second embodiment will be described with reference to FIG. 2 in that the order determination unit 212, the update unit 214, and the priority storage unit 222 are not provided as functional components.
  • the search device 40 is different from the search device 40 shown in FIG. 4 in that it includes an order determination unit 414, an update unit 415, and a priority storage unit 422 as functional components.
  • the order determination unit 414 and the update unit 415 are implemented by software, as with the search request generation unit 411, the communication unit 412, and the decryption unit 413.
  • the priority storage unit 422 is realized by the storage device 42.
  • the operation of the secret search system 10 according to the second embodiment corresponds to the secret search method according to the second embodiment.
  • the operation of the confidential search system 10 according to the second embodiment corresponds to the process of the confidential search program according to the second embodiment.
  • the priority storage unit 422 determines the execution order of partial conditions when the search condition includes a plurality of partial conditions. Priority information is stored.
  • the hit rate when the data stored in the data storage unit 221 is searched for the data type is stored as the priority information.
  • Step S41 Condition determination process
  • the search request generation unit 411 of the search device 40 receives input of search conditions.
  • the order determination unit 414 determines whether an input of search conditions including a plurality of partial conditions has been received.
  • the order determination unit 414 advances the process to step S42 when a search condition including a plurality of partial conditions is received, and advances the process to step S43 when a search condition including only one partial condition is received.
  • the search request generation unit 411 accepts the partial condition “gender“ male ”” and the partial condition “age“ 26 ”” in order to search for “26-year-old male.” Therefore, the order determination unit 414 performs the processing step. Proceed to S42.
  • Step S42 Order determination process
  • the order determination unit 414 of the search device 40 refers to the priority information stored in the priority storage unit 422, as in step S34 of FIG. 11, and includes a plurality of parts included in the search condition received in step S41. Determine the execution order of conditions. As a result, the order determining unit 414 determines the execution order in the order of the partial condition “age“ 26 ”” and the partial condition “gender“ male ””.
  • Step S43 Request generation processing
  • the search request generation unit 411 uses the encryption key for trapdoor generation stored in the search key storage unit 421 to encrypt the received search condition and generates a search request.
  • the search request generation unit 411 uses the encryption key for trapdoor generation, and the search condition “T (male) AND in which the partial condition T (male) and the partial condition T (26) are combined with an AND condition. T (26) "is generated as a search request.
  • the search request generation unit 411 generates a search request to indicate that the partial condition T (26) and the partial condition T (male) are executed in this order.
  • the search request generation unit 411 uses an encryption key corresponding to each data type.
  • Step S44 Request transmission processing
  • the communication unit 412 of the search device 40 transmits the search request generated in step S43 to the data management device 20.
  • Step S45 Search process
  • the search unit 213 of the data management device 20 performs a secret search on the data stored in the data storage unit 221 under the search condition indicated by the search request transmitted in step S44.
  • the search unit 213 executes the existing confidential search process described in Non-Patent Documents 1 and 2.
  • the confidential search is executed with the partial condition T (26) for all records
  • the confidential search is executed with the partial condition T (male) for the hit record.
  • E Karl Sus Sato, male, 26, ...) hits.
  • Step S46 Result transmission processing
  • the search unit 213 of the data management device 20 transmits the data hit in step S45 to the search device 40.
  • E Korean
  • the search unit 213 also transmits data indicating the hit rate for each partial condition or data indicating the number of search trial records and the number of search hit records to the search device 40.
  • data indicating the hit rate for each partial condition or data indicating the number of search trial records and the number of search hit records to the search device 40.
  • Information such as “hit” is transmitted.
  • Step S47 Decoding process
  • the decryption unit 413 of the search device 40 decrypts the data transmitted in step S46 using the encryption key for data decryption stored in the search key storage unit 421.
  • E Korean
  • Step S48 Update process
  • the update unit 415 of the search device 40 updates the priority information stored in the priority storage unit 422 in the same manner as the process of updating the priority information stored in the priority storage unit 222 in step S36 of FIG. .
  • the search device 40 manages priority information, and the search device 40 determines the execution order. If the data management device 20 stores the priority information permanently as in the confidential search system 10 according to the first embodiment, when the information stored in the data management device 20 is leaked due to an accident or the like, the priority information May become a clue to analyze the encrypted data and the encrypted keyword. However, in the secret search system 10 according to the second embodiment, the search device 40 manages priority information, and it is not necessary for the data management device 20 to manage priority information. Therefore, it is possible to prevent the encrypted data and the encrypted keyword from being analyzed using the priority information.
  • the priority storage unit 422 stores the same information as the priority storage unit 222 according to the first embodiment. However, as modification 12, detailed information may be stored in the priority storage unit 422. Specifically, as illustrated in FIG. 19, the priority storage unit 422 may store a hit rate that is priority information for each data type and keyword. In FIG. 19, for example, the data type “Last Name” is stored such that the hit rate is 1.6% for the keyword “Sato” and the hit rate is 1.4% for the keyword “Suzuki”. Then, in step S42 in FIG. 18, the order determination unit 414 sets the hit rate for the data type to be searched by each partial condition stored in the priority storage unit 422 and the value specified as the condition (keyword). Accordingly, the execution order of the plurality of partial conditions is determined. In step S48 in FIG. 18, the hit rate, which is priority information corresponding to the data type that the partial condition is a search target and the value set as the condition in the partial condition, is updated.
  • the order determination unit 414 determines the male hit rate that is the value set as the sex and the data type that the partial condition T (male) is the search target, and the partial condition T (26) is the search target.
  • the age that is the data type and the 26 hit rate that is the value set as the condition are referred to. If the priority information shown in FIG. 19 is stored in the priority storage unit 422, the sex and male hit rate is 60%, and the age and 26 hit rates are 6%. Therefore, the order determination unit 414 determines the execution order in the order of the partial condition T (26) and the partial condition T (male).
  • 10 confidential search system 20 data management device, 21 processor, 22 storage device, 23 communication interface, 24 processing circuit, 211 registration unit, 212 order determination unit, 213 search unit, 214 update unit, 221 data storage unit, 222 priority Storage unit, 30 registration device, 31 processor, 32 storage device, 33 communication interface, 34 processing circuit, 311 registration data generation unit, 312 communication unit, 321 encryption key storage unit, 40 search device, 41 processor, 42 storage device, 43 Communication interface, 44 processing circuit, 411 search request generation unit, 412 communication unit, 413 decryption unit, 414 order determination unit, 415 update unit, 421 search key storage unit, 422 priority storage unit, 50 network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un dispositif de gestion de données (20) ou un dispositif de recherche (40) qui détermine, lors de l'acceptation d'une condition de recherche comprenant une pluralité de conditions partielles, un ordre d'exécution indiquant la séquence suivant laquelle la pluralité de conditions partielles incluses dans la condition de recherche est exécutée, conformément à des informations de priorité telles qu'un taux de succès pour un type de données constituant un objet de recherche prévu par chaque condition partielle comprise dans la condition de recherche acceptée. Le dispositif de gestion de données (20) exécute une recherche sécurisée en utilisant chaque condition partielle contenue dans une condition de recherche cryptée, conformément à la séquence d'exécution déterminée.
PCT/JP2016/068291 2016-06-20 2016-06-20 Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche Ceased WO2017221308A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2016/068291 WO2017221308A1 (fr) 2016-06-20 2016-06-20 Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2016/068291 WO2017221308A1 (fr) 2016-06-20 2016-06-20 Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche

Publications (1)

Publication Number Publication Date
WO2017221308A1 true WO2017221308A1 (fr) 2017-12-28

Family

ID=60784263

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/068291 Ceased WO2017221308A1 (fr) 2016-06-20 2016-06-20 Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche

Country Status (1)

Country Link
WO (1) WO2017221308A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6462968B1 (ja) * 2018-01-17 2019-01-30 三菱電機株式会社 データ管理装置、データ管理方法及びデータ管理プログラム

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0259964A (ja) * 1988-08-26 1990-02-28 Sony Corp データベース検索方法
JPH06131392A (ja) * 1989-12-23 1994-05-13 Stc Internatl Computers Ltd データベースシステム
JPH08221446A (ja) * 1995-02-20 1996-08-30 Omron Corp データ分布推論装置およびデータ分布推論装置を有するリレーショナルデータベースシステム
WO2013111284A1 (fr) * 2012-01-25 2013-08-01 三菱電機株式会社 Dispositif, procédé et programme de recherche de données, dispositif, procédé et programme d'enregistrement de données et dispositif de traitement d'informations
JP2013152512A (ja) * 2012-01-24 2013-08-08 Mitsubishi Electric Corp 情報処理装置及び情報処理方法及びプログラム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0259964A (ja) * 1988-08-26 1990-02-28 Sony Corp データベース検索方法
JPH06131392A (ja) * 1989-12-23 1994-05-13 Stc Internatl Computers Ltd データベースシステム
JPH08221446A (ja) * 1995-02-20 1996-08-30 Omron Corp データ分布推論装置およびデータ分布推論装置を有するリレーショナルデータベースシステム
JP2013152512A (ja) * 2012-01-24 2013-08-08 Mitsubishi Electric Corp 情報処理装置及び情報処理方法及びプログラム
WO2013111284A1 (fr) * 2012-01-25 2013-08-01 三菱電機株式会社 Dispositif, procédé et programme de recherche de données, dispositif, procédé et programme d'enregistrement de données et dispositif de traitement d'informations

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6462968B1 (ja) * 2018-01-17 2019-01-30 三菱電機株式会社 データ管理装置、データ管理方法及びデータ管理プログラム
WO2019142265A1 (fr) * 2018-01-17 2019-07-25 三菱電機株式会社 Dispositif de gestion de données, dispositif de recherche, dispositif d'enregistrement, procédé de gestion de données et programme de gestion de données
CN111602127A (zh) * 2018-01-17 2020-08-28 三菱电机株式会社 数据管理装置、检索装置、登记装置、数据管理方法和数据管理程序
CN111602127B (zh) * 2018-01-17 2023-05-16 三菱电机株式会社 数据管理装置、数据管理方法和计算机能读取的存储介质

Similar Documents

Publication Publication Date Title
US10140370B1 (en) Systems and methods for maintaining encrypted search indexes on third-party storage systems
KR101608510B1 (ko) 글로벌 플랫폼 규격을 사용하는 발행자 보안 도메인에 대한 키 관리 시스템 및 방법
US9548866B2 (en) Deletion of content in digital storage systems
US9773118B1 (en) Data deduplication with encryption
EP2960808A1 (fr) Dispositif serveur, programme de recherche privée, support d'enregistrement et système de recherche privée
WO2017019201A2 (fr) Assurances cryptographiques d'intégrité des données pour des données traversant des frontières de confiance
US20150078550A1 (en) Security processing unit with configurable access control
US9202074B1 (en) Protection of shared data
WO2017122326A1 (fr) Système, procédé et programme de recherche confidentielle
JP6632780B2 (ja) データ処理装置、データ処理方法及びデータ処理プログラム
JP6289768B2 (ja) 暗号化装置、暗号化プログラム及び暗号化方法
CN111066076B (zh) 登记终端、密钥服务器、检索系统和计算机能读取的存储介质
US9973482B2 (en) Recording data and using the recorded data
JP6672451B2 (ja) 暗号化検索インデックスマージサーバ、暗号化検索インデックスマージシステム、及び暗号化検索インデックスマージ方法
JP6381861B2 (ja) 登録先決定装置、登録装置、秘匿検索システム、登録先決定方法及び登録先決定プログラム
WO2017221308A1 (fr) Dispositif de gestion de données, procédé de gestion de données, programme de gestion de données, dispositif de recherche, procédé de recherche et programme de recherche
JP6462968B1 (ja) データ管理装置、データ管理方法及びデータ管理プログラム
KR102515367B1 (ko) 블록체인 기반 데이터 공유 방법
CN118339597A (zh) 隐匿检索系统、隐匿检索方法以及隐匿检索程序
JP2011248124A (ja) データ暗号化装置およびその制御方法
WO2021044578A1 (fr) Dispositif, procédé et programme de traitement d'informations

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16906227

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16906227

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP