JP2014078770A - Encryption device with access right, cryptographic system with access right, encryption method with access right and encryption program with access right - Google Patents

Abstract

PROBLEM TO BE SOLVED: To generate an encrypted file which includes one encrypted common key and can be decrypted by one or more decryption enabled persons.SOLUTION: A data encryption section 140 uses a random number as a common key to encrypt access limit data 111 in accordance with a common key cryptographic system. The data encryption section 140 encrypts the random number used as the common key in accordance with a cryptographic system with an access right while using a public key and access right information 112 indicating a decryption enabled condition. A data decryption section 150 uses a user private key 192 to decrypt an encrypted random number 119a of an encrypted file 119 into the random number. The data decryption section 150 uses the decrypted random number as a common key to decrypt encrypted data 119b of the encrypted file 119 into the access limit data 111 in accordance with the cryptographic system with the access right.

Description

  The present invention provides, for example, an encryption device with access right for setting access right and encrypting / decrypting data, a decryption device with access right, an encryption system with access right, an encryption method with access right, a decryption method with access right, and an access The present invention relates to an encryption program with a right and a decryption program with an access right.

A laptop PC (personal computer) or other mobile computer that is commonly used and easy to carry has a high risk of being stolen.
The theft of a laptop or other mobile computer is a secondary loss of corporate trust due to the leakage of personal and important confidential information stored inside the computer rather than a loss of the asset value of the computer itself. The impact of the damage is much greater.
For this reason, it is required to protect confidential data in a computer with an increase in incidents of confidential data leaking.

The most common means for protecting sensitive data stored in a computer is data encryption.
Even if a computer containing confidential data is in the hands of a malicious person, the information of the confidential data cannot be read without a decryption key for decrypting the confidential data.
However, existing encryption methods have the following problems.

For example, when all files stored in a certain file system are encrypted using the same encryption key, there are the following problems.
If the user loses the decryption key, all files cannot be decrypted. Further, if the lost decryption key is transferred to a malicious person, there is a risk that all files will be read.

  Further, when all files are encrypted with different encryption keys, the decryption process becomes complicated. Furthermore, when a decryptable user is added, it is necessary to newly encrypt the file so that the decryption can be performed using the decryption key of the added user. In addition, when a decryptable user is deleted, it is necessary to newly encrypt the file so that it cannot be decrypted using the deleted user's decryption key.

Patent Document 1 discloses that a file is encrypted using a random value generated by using a random number generator as a common key of a common key cryptosystem, and a public key cryptosystem using a public key of a user permitted to decrypt the file. The method of encrypting the common key is disclosed.
In this way, all files can be encrypted using different common keys. Also, when the decryptable user changes, the common key used for file encryption may be encrypted with a specific public key, and the file need not be re-encrypted.

However, when allowing a plurality of users to decrypt a file, it is necessary to encrypt the common key using the public keys of the plurality of users and add the plurality of encrypted common keys to the encrypted file.
Therefore, there is a problem that the public keys of each of a plurality of users must be collected, the common key encryption becomes complicated, and the data size of the encrypted file increases.

The specific example of the subject of the system which patent document 1 discloses is as follows.
For example, when permitting file access to “Employees who belong to the Human Resources Department and belong to the General Affairs Department”, identify the employees who belong to the Human Resources Department and the employees who belong to the General Affairs Department. It is necessary to determine the target employees who belong to both and obtain the public key (or certificate including the public key) for all the target employees. For this reason, work is very complicated.
In addition, if there are many target employees who are allowed to access the file, the "metadata obtained by encrypting the common key used to encrypt the file using the public key of the target employee" will be included in the encrypted file for the number of target employees. Must be added. That is, when 100 employees are allowed to access a file, 100 pieces of metadata are added to the encrypted file, and the data size of the encrypted file increases.

Japanese Patent No. 4593774

Dan Boneh Amit Sawai and Brent Waters “Functional encryption: Definitions and challenges” TCC 2011 LNCS 6597 pp. 253--273 2011.

  An object of the present invention is, for example, to enable generation of an encrypted file that includes one encrypted common key and can be decrypted by one or more decryptable persons.

The encryption device with access right of the present invention is:
An access restriction data generation unit that generates encrypted data as access restriction data;
A decodable condition information obtaining unit for obtaining decodable condition information indicating, as a decodable condition, a condition related to an attribute of a user permitted to decrypt the encrypted access restriction data;
An access restriction data encryption unit that encrypts the access restriction data generated by the access restriction data generation unit using a common key using a common key encryption method;
The common key used by the access restriction data encryption unit for encrypting the access restriction data can be decrypted by using a public key and the decodable condition information acquired by the decodable condition information acquisition unit. A common key encryption unit for encrypting with an encryption method with an access right for encrypting data so as to be decrypted using a secret key generated in association with an attribute satisfying a condition;
An encrypted file generation unit that generates an encrypted file including the access restriction data encrypted by the access restriction data encryption unit and the common key encrypted by the common key encryption unit; Prepare.

  According to the present invention, for example, an encrypted file that includes one encrypted common key and can be decrypted by one or more decryptable persons can be generated.

1 is a configuration diagram of a transparent encrypted file system 100 according to Embodiment 1. FIG. [Fig. 11] is a diagram showing an example of a user management file 199 in the first embodiment. 3 is a configuration diagram of a data encryption unit 140 according to Embodiment 1. FIG. FIG. 3 is a configuration diagram of an encrypted file generation unit 144 according to the first embodiment. FIG. 4 is a configuration diagram of an encrypted file 119 in the first embodiment. 4 is a flowchart showing transparent encryption processing in the first embodiment. 5 is a flowchart showing data encryption processing (S140) in the first embodiment. 5 is a flowchart showing encrypted file generation processing (S144) in the first embodiment. 2 is a configuration diagram of a data decoding unit 150 according to Embodiment 1. FIG. 4 is a flowchart showing transparent decoding processing in the first embodiment. 5 is a flowchart showing data decoding processing (S230) in the first embodiment. FIG. 3 is a diagram illustrating an example of hardware resources of the transparent encrypted file system 100 according to the first embodiment. 1 is a schematic diagram of a transparent encryption method of a transparent encrypted file system 100 according to Embodiment 1. FIG. 1 is a schematic diagram of a transparent encryption method of a transparent encrypted file system 100 according to Embodiment 1. FIG. 1 is a schematic diagram of a transparent encryption method of a transparent encrypted file system 100 according to Embodiment 1. FIG. 1 is a diagram illustrating a configuration example of a transparent encrypted file system 100 according to Embodiment 1. FIG. 1 is a diagram illustrating a configuration example of a transparent encrypted file system 100 according to Embodiment 1. FIG. The figure which shows an example of the encryption file memory | storage part 160 in Embodiment 2 (Example 1). The figure which shows an example of the encryption file memory | storage part 160 in Embodiment 2 (Example 2).

Embodiment 1 FIG.
A description will be given of a mode of generating an encrypted file that includes one encrypted common key and can be decrypted by one or more decryptable persons.

FIG. 1 is a configuration diagram of a transparent encrypted file system 100 according to the first embodiment.
The configuration of the transparent encrypted file system 100 according to Embodiment 1 will be described with reference to FIG.

  The transparent encrypted file system 100 is an example of an encryption device with access right, a decryption device with access right, and an encryption system with access right.

The transparent encrypted file system 100 is a system that encrypts and decrypts data even when a user and an application program are unaware of data encryption and decryption.
That is, the transparent encryption file system 100 transparently encrypts data when storing the data and transparently decrypts data when the data is used.

  The transparent encrypted file system 100 includes a login unit 101, an encryption key generation unit with access right 109, an application unit 110, a file system unit 120, a device control unit 130, a data encryption unit 140, a data decryption unit 150, an encrypted file. A storage unit 160 and a system storage unit 190 are provided.

  The login unit 101 executes login processing related to a user login to the transparent encrypted file system 100.

The encryption key generation unit with access right 109 executes a key generation algorithm of the encryption method with access right, and executes one public key (hereinafter referred to as “system public key 191”) and a private key for each user (hereinafter referred to as “user secret”). Key 192 ").
The encryption scheme with access right is an encryption scheme that encrypts data so that it is decrypted using a user private key 192 that is generated in association with an attribute that satisfies the decryptability condition. Here, the decipherable condition is a condition relating to an attribute of a decipherable person who is permitted to decipher encrypted data (belongs to a decodable group).
An example of an encryption method with access right is an encryption method called “functional encryption”. In functional encryption, a logical expression (for example, “attribute value a AND attribute value b”, “attribute value a OR attribute value b”, etc.) using an attribute value that represents an attribute of a decryptable person is designated as a decryptable condition. Can do. For functional encryption (an example of an encryption method with access right), see, for example, [Non-Patent Document 1].
Hereinafter, the data indicating the decryptable condition is referred to as “access right information 112”.

The application unit 110 (an example of an access restriction data generation unit) is an execution unit that executes an application program that generates and edits data such as a text file, a document file, an image file, and an audio file.
In the embodiment, the data generated by the application unit 110 is encrypted, and only the user (decryptable person) who satisfies the decryptability condition indicated by the access right information 112 can decrypt and use the data.
Hereinafter, the data generated by the application unit 110 is referred to as “access restriction data 111”. The access restriction data 111 is temporarily stored in a memory (an example of a storage unit) (not shown) by the application unit 110.

The file system unit 120 stores and manages the access restriction data 111.
For example, the file system unit 120 stores the access restriction data 111 in the encrypted file storage unit 160 via the device control unit 130.
In addition, the file system unit 120 acquires the access restriction data 111 from the encrypted file storage unit 160 via the device control unit 130.

The device control unit 130 controls the encrypted file storage unit 160.
For example, the device control unit 130 stores the access restriction data 111 encrypted by the data encryption unit 140 in the encrypted file storage unit 160 and stores the access restriction data 111 decrypted by the data decryption unit 150 in the encrypted file storage. From the unit 160.

The data encryption unit 140 (an example of a decryptable condition information acquisition unit, a common key encryption unit, and an encrypted file generation unit) encrypts the access restriction data 111 by an encryption method with an access right.
At this time, the data encryption unit 140 generates a random number, executes a common key encryption algorithm using the generated random number as a common key, and encrypts the access restriction data 111. Hereinafter, the encrypted access restriction data 111 is referred to as “encrypted data 119b”.
Further, the data encryption unit 140 executes an encryption algorithm with an access right encryption method using the access right information 112 and encrypts a random number (common key) used for encrypting the access restriction data 111. Hereinafter, the encrypted random number (common key) is referred to as “encrypted random number 119a”.
Then, the data encryption unit 140 generates an encrypted file 119 including the encrypted random number 119a and the encrypted data 119b.

The data decryption unit 150 (an example of a user identifier input unit, a user secret key acquisition unit, a common key decryption unit, and an access restriction data decryption unit) receives the access restriction data 111 from the encrypted file 119 by an encryption method with an access right. Decrypt.
At this time, the data decryption unit 150 executes the decryption algorithm of the encryption scheme with access right using the user secret key 192, and decrypts the encrypted random number 119a included in the encrypted file 119 into a random number (common key).
Further, the data decryption unit 150 executes a decryption algorithm of a common key cryptosystem using the decrypted random number as a common key, and decrypts the encrypted data 119b included in the encrypted file 119 into the access restriction data 111.

  The encrypted file storage unit 160 (an example of the encrypted file storage unit) stores the encrypted file 119.

The system storage unit 190 (an example of a secret key storage unit) stores various data used in the transparent encrypted file system 100.
For example, the system storage unit 190 stores a system public key 191 and a user management file 199. The user management file 199 is a file for setting the attributes of the user and the user secret key 192 assigned to the user for each user.

  The encrypted file storage unit 160 and the system storage unit 190 are configured by a storage device such as an HDD (hard disk drive) or an SSD (solid state drive).

  Next, the encryption key generation processing with access right executed by the encryption key generation unit with access right 109 will be described.

The encryption key generation unit with access right 109 executes a public key generation algorithm of an encryption system with access right, and generates one system public key 191.
The method for generating the system public key 191 is the same as the method for generating a public key in a normal public key cryptosystem. For example, the encryption key generation unit with access right 109 generates a random number, and generates a system public key 191 using the generated random number and predetermined parameters.
Since the system public key 191 is information that need not be concealed, the system public key 191 may be stored in an arbitrary location (for example, an external storage or a server on the Internet). In this case, the transparent encrypted file system 100 acquires the system public key 191 from the storage location when using the system public key 191.

  The encryption key generation unit with access right 109 generates a user secret key 192 for each user using the attribute of each user set in the user management file 199.

FIG. 2 is a diagram illustrating an example of the user management file 199 according to the first embodiment.
The user management file 199 according to the first embodiment will be described with reference to FIG.

The user management file 199 is a file for setting the attributes of the user and the user secret key 192 assigned to the user for each user.
The user management file 199 (excluding the user secret key 192) is generated in advance before generating the user secret key 192.

The user management file 199 associates attributes such as “user ID” and “affiliation” with “password” and “user secret key”.
“User ID” indicates an identifier for identifying a user.
“Affiliation” indicates an identifier (eg, name, department code) of a department to which the user belongs.
“Password” indicates a password used by the user to log in to the transparent encrypted file system 100.
The “user secret key” indicates the user secret key 192 assigned to the user according to the attribute possessed by the user.

  The user ID and affiliation are examples of attributes that the user has. Other attributes the user has include name, age, gender, address, title, year of employment, and the like.

The encryption key generator 109 with access right acquires one attribute value (for example, user ID) or a plurality of attribute values (for example, user ID and affiliation) from the user management file 199 for each user.
The encryption key generation unit with access right 109 executes, for each user, a secret key generation algorithm of an encryption method with access right by using one or more attribute values acquired from the user management file 199 as input parameters. Thereby, for each user, a user secret key 192 in which information on one or more attribute values of the user is embedded is generated.
The encryption key generation unit with access right 109 sets, for each user, the generated user secret key 192 in the user management file 199 in association with the user ID.

Next, the configuration of the data encryption unit 140 that generates the encrypted file 119 using the system public key 191 generated by the access right encryption key generation unit 109 will be described with reference to FIG.
FIG. 3 is a configuration diagram of the data encryption unit 140 according to the first embodiment.

  The data encryption unit 140 includes a public key input unit 141, an access right information input unit 142, a data input unit 143, an encrypted file generation unit 144, and an encrypted file output unit 145.

The public key input unit 141 acquires the system public key 191 from the system storage unit 190.
The access right information input unit 142 (an example of a decryptable condition information acquisition unit) acquires the access right information 112. For example, the access right information 112 is designated by a user who requests the application unit 110 to generate the access restriction data 111, or is preset in a directory (also referred to as a folder) in which the encrypted file 119 is stored.
The data input unit 143 inputs the access restriction data 111 generated by the application unit 110 from the device control unit 130.
The encrypted file generation unit 144 (an example of an access restriction data encryption unit, a common key encryption unit, and an encrypted file generation unit) includes a system public key 191 acquired by the public key input unit 141, and an access right information input unit 142. The encrypted file 119 is generated using the access right information 112 acquired by the user and the access restriction data 111 input by the data input unit 143.
The encrypted file output unit 145 outputs the encrypted file 119 generated by the encrypted file generation unit 144 to the device control unit 130.

Next, the configuration of the encrypted file generation unit 144 will be described with reference to FIG.
FIG. 4 is a configuration diagram of the encrypted file generation unit 144 according to the first embodiment.

  The encrypted file generation unit 144 includes a random number generation unit 144A, a common key encryption unit 144B, an encryption unit with access right 144C, and an encrypted file configuration unit 144D.

The random number generation unit 144A generates a random number 144a used as a common key for encrypting / decrypting the access restriction data 111.
The common key encryption unit 144B (an example of an access restriction data encryption unit) executes a common key encryption algorithm using the random number 144a generated by the random number generation unit 144A as a common key, and the access restriction data 111 Is encrypted.
The encryption unit with access right 144C (an example of the common key encryption unit) executes the encryption algorithm of the encryption method with access right using the system public key 191 and the access right information 112 as input parameters, and generates a random number 144a. Encrypt.
The encrypted file configuration unit 144D (an example of the encrypted file generation unit) is encrypted by the random number 144a (encrypted random number 119a) encrypted by the encryption unit with access right 144C and the common key encryption unit 144B. An encrypted file 119 including the access restriction data 111 (encrypted data 119b) is generated.

FIG. 5 is a configuration diagram of the encrypted file 119 according to the first embodiment.
As shown in FIG. 5, the encrypted file 119 has a metadata field 119A and a data field 119B.
The data field 119B is an area for setting user data (for example, encrypted data 119b).
The metadata field 119A is an area for setting metadata (for example, an encrypted random number 119a) including information on user data.

  The encrypted file configuration unit 144D sets the encrypted random number 119a in the metadata field 119A of the encrypted file 119, and sets the encrypted data 119b in the data field 119B of the encrypted file 119.

Next, transparent encryption processing when generating the encrypted file 119 will be described with reference to FIG.
FIG. 6 is a flowchart showing the transparent encryption process in the first embodiment.

  Here, it is assumed that the system public key 191 and the user management file 199 (including the user secret key 192) are generated in advance.

In S <b> 101, the user who wants to generate the access restriction data 111 logs into the transparent encrypted file system 100.
At this time, the user inputs the user ID and password to the transparent encrypted file system 100 using an input device such as a keyboard or a mouse.
The login unit 101 determines whether the same user ID as the input user ID is set in the user management file 199 (see FIG. 2). If the same user ID as the input user ID is not set in the user management file 199, the login unit 101 does not permit login.
When the same user ID as the input user ID is set in the user management file 199, the login unit 101 acquires the password associated with the user ID from the user management file 199.
The login unit 101 determines whether the acquired password is the same as the input password. If the acquired password is different from the input password, the login unit 101 does not permit login.
If the acquired password is the same as the input password, the login unit 101 permits login. Hereinafter, a user permitted to log in is referred to as a “login user”.
If login is permitted, the process proceeds to S110.

In S110, the login user uses the input device to request the application unit 110 to generate the access restriction data 111 and specify the access right information 112 of the access restriction data 111.
However, as described in the second embodiment, the access right information 112 may be preset in a directory in which the encrypted file 119 of the access restriction data 111 is stored.

For example, when the access restriction data 111 is to be used only by employees belonging to the personnel department, the login user designates the attribute value “HR department” as the access restriction data 111.
When the access restriction data 111 is desired to be used by an employee belonging to at least one of the personnel department and the general affairs department, the login user designates the attribute value logical expression “HR department OR general administration department” as the access restriction data 111.
When only the employees belonging to both the personnel department and the general affairs department want to use the access restriction data 111, the login user designates the attribute value logical expression “HR department AND general affairs department” as the access restriction data 111.

The application unit 110 executes an application program such as a text editor, a word processor, an image editing program, or a voice editing program, and generates access restriction data 111. The generated access restriction data 111 is temporarily stored in a memory (an example of a storage unit) by the application unit 110.
The application unit 110 outputs the generated access restriction data 111 and the specified access right information 112 to the file system unit 120.
After S110, the process proceeds to S120.

In S 120, the file system unit 120 inputs the access restriction data 111 and the access right information 112 output from the application unit 110.
The file system unit 120 outputs the access restriction data 111 and the access right information 112 to the device control unit 130 in order to store the access restriction data 111 so that only users who satisfy the conditions indicated by the access right information 112 can access. .
After S120, the process proceeds to S130.

In S <b> 130, the device control unit 130 inputs the access restriction data 111 and the access right information 112 output from the file system unit 120.
The device control unit 130 sends the access restriction data 111 and the access right information 112 to the data encryption unit 140 in order to encrypt the access restriction data 111 so that only users who satisfy the conditions indicated by the access right information 112 can decrypt the data. Output.
After S130, the process proceeds to S140.

In S140, the data encryption unit 140 receives the access restriction data 111 and the access right information 112 output from the device control unit 130.
The data encryption unit 140 executes an encryption algorithm with an access right encryption method using the access right information 112, and generates an encrypted file 119 including encrypted data 119b obtained by encrypting the access restriction data 111.
The data encryption unit 140 outputs the generated encrypted file 119 to the device control unit 130.
Details of the data encryption process (S140) will be described later.
After S140, the process proceeds to S150.

In S150, the device control unit 130 inputs the encrypted file 119 output from the data encryption unit 140, and stores the input encrypted file 119 in the encrypted file storage unit 160.
For example, the device control unit 130 stores the encrypted file 119 and the data name of the access restriction data 111 in association with each other in the encrypted file storage unit 160.
After S150, the transparent encryption process ends.

FIG. 7 is a flowchart showing the data encryption process (S140) in the first embodiment.
Data encryption processing (S140) executed by the data encryption unit 140 (see FIG. 3) will be described with reference to FIG.

In S <b> 141, the public key input unit 141 inputs the system public key 191 from the system storage unit 190.
After S141, the process proceeds to S142.

In S <b> 142, the access right information input unit 142 inputs the access right information 112 output from the device control unit 130.
After S142, the process proceeds to S143.

In S143, the data input unit 143 inputs the access restriction data 111 output from the device control unit 130.
After S143, the process proceeds to S144.

  However, the order from S141 to S143 may be changed.

In S144, the encrypted file generation unit 144 uses the system public key 191 and the access right information 112 to generate the encrypted file 119 including the encrypted data 119b obtained by encrypting the access restriction data 111.
Details of the encrypted file generation process (S144) will be described later.
After S144, the process proceeds to S145.

In S145, the encrypted file output unit 145 outputs the encrypted file 119 generated by the encrypted file generation unit 144 to the device control unit 130.
After S145, the data encryption process (S140) ends.

FIG. 8 is a flowchart showing the encrypted file generation process (S144) in the first embodiment.
The encrypted file generation process (S144) executed by the encrypted file generation unit 144 (see FIG. 4) will be described with reference to FIG.

In S144A, the random number generation unit 144A generates a random number 144a to be used as a common key for encrypting the access restriction data 111.
After S144A, the process proceeds to S144B.

In S144B, the common key encryption unit 144B executes a common key encryption algorithm using the random number 144a generated by the random number generation unit 144A as a common key, and encrypts the access restriction data 111.
After S144B, the process proceeds to S144C.

In S144C, the encryption unit with access right 144C executes the encryption algorithm of the encryption method with access right using the system public key 191 and the access right information 112, and encrypts the random number 144a.
Thereby, information regarding the access right information 112 is embedded in the encrypted random number 144a (encrypted random number 119a). The encrypted random number 144a is decrypted only when the user secret key 192 assigned to the user who satisfies the condition indicated by the access right information 112 is used.
After S144C, the process proceeds to S144D.

  However, the order of S144B and S144C may be switched.

In S144D, the encrypted file configuration unit 144D determines that the encrypted file 119 (see FIG. 5) includes the encrypted access restriction data 111 (encrypted data 119b) and the encrypted random number 144a (encrypted random number 119a). ) Is generated.
After S144D, the encrypted file generation process (S144) ends.

Next, the configuration of the data decryption unit 150 that decrypts the encrypted file 119 will be described with reference to FIG.
FIG. 9 is a configuration diagram of the data decoding unit 150 according to the first embodiment.

  The data decryption unit 150 includes an encrypted file decomposition unit 151, a decryption unit with access right 152, and a common key method decryption unit 153.

The encrypted file decomposition unit 151 acquires the encrypted random number 119a and the encrypted data 119b from the encrypted file 119.
The decryption unit with access right 152 (an example of a user identifier input unit, a user private key acquisition unit, and a common key decryption unit) executes the decryption algorithm of the encryption method with access right using the user private key 192 and encrypts it. The random number 119a is decrypted.
The common key method decryption unit 153 (an example of an access restriction data decryption unit) executes a common key encryption method decryption algorithm using the random number 144a obtained by decrypting the encrypted random number 119a, and decrypts the encrypted data 119b. To do. The access restriction data 111 is obtained by decrypting the encrypted data 119b.

Next, a transparent decryption process when decrypting the encrypted file 119 into the access restriction data 111 will be described with reference to FIG.
FIG. 10 is a flowchart showing the transparent decoding process in the first embodiment.

In step S201, a user who wants to use the access restriction data 111 inputs a user ID and a password to the transparent encrypted file system 100 and logs in, and the login unit 101 processes the user's login. The login processing method is the same as S101 in the transparent encryption process (FIG. 6).
If login is permitted, the process proceeds to S210.

In S210, the login user who has logged in in S201 requests the application unit 110 to read the access restriction data 111 using the input device.
Upon receiving the request, the application unit 110 requests the access restriction data 111 from the file system unit 120.
Upon receiving the request, the file system unit 120 requests the device control unit 130 for the access restriction data 111.
After S210, the process proceeds to S220.

In S <b> 220, the device control unit 130 acquires the encrypted file 119 including the encrypted data 119 b obtained by encrypting the requested access restriction data 111 from the encrypted file storage unit 160.
For example, the device control unit 130 acquires the encrypted file 119 associated with the data name of the access restriction data 111 from the encrypted file storage unit 160.
It progresses to S230 after S220.

In S230, the device control unit 130 outputs the acquired encrypted file 119 to the data decryption unit 150.
The data decryption unit 150 executes the decryption algorithm of the encryption method with the access right using the user secret key 192 of the login user, and decrypts the access restriction data 111 from the encrypted file 119.
However, when the login user is not a user who is permitted to use the access restriction data 111 (belonging to a group), the access restriction data 111 cannot be decrypted from the encrypted file 119 using the user secret key 192 of the login user. .
In that case, the application unit 110 displays a read error of the access restriction data 111 on the display, and the transparent decoding process (FIG. 10) ends (not shown).

When the access restriction data 111 can be decrypted from the encrypted file 119, the data decryption unit 150 outputs the access restriction data 111 obtained by the decryption to the device control unit 130.
Details of the data decoding process (S230) will be described later.
It progresses to S240 after S230.

In S <b> 240, the device control unit 130 inputs the access restriction data 111 output from the data decoding unit 150, and outputs the input access restriction data 111 to the file system unit 120.
The file system unit 120 receives the access restriction data 111 output from the device control unit 130 and outputs the input access restriction data 111 to the application unit 110.
The application unit 110 outputs access restriction data 111. For example, the application unit 110 displays the access restriction data 111 on the display.
After S240, the transparent decoding process (FIG. 10) ends.

FIG. 11 is a flowchart showing the data decoding process (S230) in the first embodiment.
The data decoding process (S230) executed by the data decoding unit 150 (see FIG. 9) will be described with reference to FIG.

In S231, the encrypted file decomposition unit 151 acquires the encrypted random number 119a from the metadata field 119A of the encrypted file 119 (see FIG. 5), and acquires the encrypted data 119b from the data field 119B of the encrypted file 119. .
After S231, the process proceeds to S232.

In S232, the decryption unit with access right 152 acquires the user secret key 192 associated with the user ID of the login user from the user management file 199 (see FIG. 2).
The decryption unit with access right 152 executes the decryption algorithm of the encryption method with access right using the acquired user private key 192, and decrypts the encrypted random number 119a into the random number 144a.
However, if the login user is not a user who is permitted to use the access restriction data 111 (belongs to a group), the encrypted random number 119a cannot be decrypted into the random number 144a using the user secret key 192 of the login user.
In that case, the decryption unit with access right 152 notifies the device control unit 130 of a decryption error, and the data decryption process (FIG. 11) ends (not shown).
Thereafter, the device control unit 130 notifies the application unit 110 of a read error of the access restriction data 111 via the file system unit 120, and the application unit 110 displays the read error of the access restriction data 111 on the display.

  If the encrypted random number 119a can be decrypted into the random number 144a, the process proceeds to S233.

In S233, the common key method decryption unit 153 executes a common key encryption method decryption algorithm using the random number 144a as a common key, and decrypts the encrypted data 119b into the access restriction data 111.
The common key method decryption unit 153 outputs the access restriction data 111 obtained by the decryption to the device control unit 130.
After S233, the data decoding process (FIG. 11) ends.

FIG. 12 is a diagram illustrating an example of hardware resources of the transparent encrypted file system 100 according to the first embodiment.
In FIG. 12, a transparent encrypted file system 100 (an example of a computer) includes a CPU 901 (Central Processing Unit). The CPU 901 is connected to hardware devices such as a ROM 903, a RAM 904, a communication board 905 (communication device), a display 911 (display device), a keyboard 912, a mouse 913, a drive 914, and a magnetic disk device 920 via a bus 902. Control hardware devices. The drive 914 is a device that reads and writes storage media such as an FD (Flexible Disk), a CD (Compact Disc), and a DVD (Digital Versatile Disc).
The ROM 903, the RAM 904, the magnetic disk device 920, and the drive 914 are examples of storage devices. A keyboard 912, a mouse 913, and a communication board 905 are examples of input devices. The display 911 and the communication board 905 are examples of output devices.

  The communication board 905 is wired or wirelessly connected to a communication network such as a LAN (Local Area Network), the Internet, or a telephone line.

  The magnetic disk device 920 stores an OS 921 (operating system), a program group 922, and a file group 923.

  The program group 922 includes programs that execute the functions described as “units” in the embodiments. A program (for example, an encryption program with access right and a decryption program with access right) is read and executed by the CPU 901. That is, the program causes the computer to function as “to part”, and causes the computer to execute the procedures and methods of “to part”.

  The file group 923 includes various data (input, output, determination result, calculation result, processing result, etc.) used in “˜part” described in the embodiment.

In the embodiment, arrows included in the configuration diagrams and flowcharts mainly indicate input and output of data and signals.
The processing of the embodiment described based on the flowchart and the like is executed using hardware such as the CPU 901, a storage device, an input device, and an output device.

  In the embodiment, what is described as “to part” may be “to circuit”, “to apparatus”, and “to device”, and “to step”, “to procedure”, and “to processing”. May be. That is, what is described as “to part” may be implemented by any of firmware, software, hardware, or a combination thereof.

FIGS. 13, 14 and 15 are schematic diagrams of the transparent encryption method of the transparent encrypted file system 100 according to the first embodiment.
An overview of the transparent encryption method of the transparent encrypted file system 100 according to the first embodiment will be described with reference to FIGS.

In FIG. 13, user secret keys 192 a and 192 b in which information of an attribute value “HR” indicating the affiliation destination is embedded are assigned to the users 201 a and 201 b belonging to the personnel department 200 </ b> A.
Further, the user secret keys 192c and 192d in which the attribute value “sales department” information indicating the affiliation is embedded are assigned to the users 201c and 201d belonging to the sales department 200B.
On the other hand, the encrypted file 119 is an encrypted random number obtained by encrypting encrypted data 119b obtained by encrypting the access restriction data 111 and a random number 144a used as a common key for decrypting the encrypted data 119b. 119a. The encrypted random number 119a is embedded with information relating to a logical expression “HR department OR general affairs department” indicating a decryptable condition.
In this case, the users 201a and 201b belonging to the personnel department 200A can decrypt the access restriction data 111 from the encrypted file 119 using the user secret keys 192a and 192b assigned to him / her. This is because information of the attribute value “HR” that satisfies the decryption condition for decrypting the encrypted random number 119a is embedded in the user secret key 192a / 192b.
However, the users 201c and 201d belonging to the sales department 200B cannot decrypt the access restriction data 111 from the encrypted file 119 using the user secret keys 192c and 192d assigned to the user. This is because the information of the attribute value “HR” that satisfies the decryption condition for decrypting the encrypted random number 119a is not embedded in the user secret key 192c / 192d.
As a result, the transparent encrypted file system 100 allows the access restriction data 111 to be used only by employees belonging to the personnel department 200A or the general affairs department to employees belonging to other departments (for example, the sales department 200B). Can be concealed.

In FIG. 14, when the affiliation of the user 201b is changed from the personnel department 200A to the sales department 200B, the transparent encrypted file system 100 discards the original user secret key 192b assigned to the user 201b.
Then, the transparent encrypted file system 100 generates the user secret key 192b in which the attribute value “sales department” indicating the new affiliation is embedded, and newly assigns the generated user secret key 192b to the user 201b.
As a result, the user 201b belonging to the sales department 200B cannot decrypt the access restriction data 111 from the encrypted file 119 using the newly assigned user private key 192b. That is, the access restriction data 111 can be kept secret from the user 201b who has moved to the sales department 200B.
As described above, it is not necessary to newly generate the encrypted file 119 even when the group to which the user belongs is changed.

In FIG. 15, when the user 201e is newly assigned to the personnel department 200A, the transparent encrypted file system 100 generates a user secret key 192e in which the attribute value “personnel department” information indicating the affiliation destination is embedded. The generated user secret key 192e is assigned to the user 201e.
Thereby, the user 201e who belongs to the personnel department 200A can decrypt the access restriction data 111 from the encrypted file 119 using the user 201e assigned to him / her.
As described above, it is not necessary to newly generate the encrypted file 119 even when a user is newly added.

In the first embodiment, the transparent encrypted file system 100 that transparently encrypts and decrypts data has been described.
The transparent encrypted file system 100 may be composed of one computer or a plurality of computers.
For example, the transparent encrypted file system 100 may be composed of two computers: an encryption device with access right 210 that encrypts data, and a decryption device 211 with access right that decrypts data (see FIG. 16, see FIG.

16 and 17 are diagrams showing a configuration example of the transparent encrypted file system 100 according to the first embodiment.
As shown in FIG. 16, the encryption device with access right 210 includes a data encryption unit 140 and other configurations, and as shown in FIG. 17, the decryption device with access right 211 includes a data decryption unit 150 and other configurations.
The encryption device with access right 210 and the decryption device with access right 211 communicate via the network 219.

  For example, the encryption device with access right 210 and the decryption device with access right 211 operate as follows.

The device control unit 130 of the encryption device with access right 210 transmits the user secret key 192 generated by the encryption key generation unit 109 with access right to the decryption device 211 with access right together with the user ID.
The device control unit 130 of the decryption apparatus with access right 211 receives the user secret key 192 and the user ID, and sets the received user secret key 192 in the user management file 199 in association with the received user ID.

The device control unit 130 of the decryption apparatus with access right 211 requests the encryption apparatus 210 with access right for the encrypted file 119 of the access restriction data 111 requested to be accessed.
The device control unit 130 of the encryption device with access right 210 transmits the requested encrypted file 119 to the decryption device 211 with access right.
The device control unit 130 of the encryption apparatus with access right 210 receives the encrypted file 119, and the data decryption unit 150 decrypts the encrypted file 119.

In the first embodiment, the encryption method with access right is the following encryption method.
The encryption method with access right is an encryption method (for example, functional encryption) that can specify a decryptable person by a logical expression (predicate).
Unlike the conventional RSA encryption (RSA is a registered trademark), it is not only one user corresponding to the public key used for encryption that can decrypt the encrypted file. That is, the encrypted file can be decrypted if the user private key matches the predicate specified at the time of encryption.
By using such a cipher, for example, when creating an encrypted file that can be decrypted by three users, it is not necessary to perform encryption using the public keys of each of the three users, which is efficient. .
In addition, instead of the user, a user attribute (for example, job title or affiliation) can be used as a predicate specified at the time of encryption.
Furthermore, when a user attribute is specified by a predicate, re-encryption is not necessary even if a user having the attribute is newly added (a user secret key is newly issued).

According to the first embodiment, for example, the following effects can be obtained.
The transparent encrypted file system 100 encrypts the access restriction data 111 by an encryption method with an access right using the access right information 112 as an input parameter, thereby storing the access restriction data 111 safely in a transparent and efficient manner. be able to.
Even when a complicated access right expressed by a logical expression (also referred to as a predicate logical expression) including an attribute value representing a user's affiliation or job title is set in the access restriction data 111, the transparent encrypted file system 100 The access restriction data 111 is encrypted by an access right encryption method using the access right information 112 indicating a logical expression as an input parameter, thereby suppressing an increase in the size of the encrypted file 119. This is because the number of encrypted random numbers 119a set in the encrypted file 119 is sufficient by using the encryption method with access right.
Even when the user attribute (for example, affiliation) is changed, the transparent encrypted file system 100 re-issues the access restriction data 111 only by reissuing the user private key 192 associated with the user. It does not have to be encrypted.
Even when a new user is added to a user group (attribute), the transparent encrypted file system 100 has a user secret in which information of the user group (attribute) is embedded for the newly added user. It is not necessary to re-encrypt the access restriction data 111 simply by issuing the key 192.

In the first embodiment, for example, the following encryption device with access right, decryption device with access right, and encryption system with access right (100) have been described. Reference numerals or names used in the embodiments are shown in parentheses.
The encryption device with access right includes an access restriction data generation unit, a decryptable condition information acquisition unit, an access restriction data encryption unit, a common key encryption unit, and an encrypted file generation unit.
The access restriction data generation unit (110) generates data to be encrypted as access restriction data (111).
The decodable condition information acquisition unit (142) acquires decodable condition information (112) indicating, as a decodable condition, a condition relating to an attribute of a user permitted to decrypt the encrypted access restriction data. To do.
The access restriction data encryption unit (144B) encrypts the access restriction data generated by the access restriction data generation unit using a common key (144a) by a common key encryption method.
The common key encryption unit (144C) is acquired by the public key (191) and the decipherable condition information acquisition unit as the common key used by the access restriction data encryption unit to encrypt the access restriction data. Using the decryptable condition information, encryption is performed by an encryption method with an access right. The encryption scheme with access right is an encryption scheme that encrypts data so that it is decrypted using a secret key (192) generated in association with an attribute that satisfies the decryption condition.
The encrypted file generation unit (144D) encrypts the access restriction data encrypted by the access restriction data encryption unit and the common key encrypted by the common key encryption unit. A file (119) is generated.

The decryption device with access right includes an encrypted file storage unit, a secret key storage unit, a user identifier input unit, a user secret key acquisition unit, a common key decryption unit, and an access restriction data decryption unit.
The encrypted file storage unit (160) stores an encrypted file (119).
The secret key storage unit (190, 199) associates, for each user, an identifier (user ID) for identifying the user and a secret key (192) generated in association with the attribute of the user. And remember.
The user identifier input unit (152) inputs a user identifier for identifying a user.
The user secret key acquisition unit (152) is a secret key associated with the same identifier as the user identifier input to the user identifier input unit among the secret keys stored in the secret key storage unit As a user private key.
The common key decryption unit (152) has acquired the encrypted common key (119a) included in the encrypted file stored in the encrypted file storage unit by the user secret key acquisition unit Using the user secret key, decryption is performed by the encryption method with access right.
The access restriction data decryption unit (153) encrypts the access restriction encrypted in the encrypted file stored in the encrypted file storage unit when the common key is decrypted by the common key decryption unit. Data (119b) is decrypted by the common key encryption method using the common key decrypted by the common key decryption unit.

Embodiment 2. FIG.
A description will be given of a mode in which the access right information 112 is set in advance in a directory in which the encrypted file 119 is stored, and the encrypted file 119 is generated using the access right information 112 set in the directory in advance.
Hereinafter, items different from the first embodiment will be mainly described. The matters whose explanation is omitted are the same as those in the first embodiment.

The configuration of the transparent encrypted file system 100 is the same as that of the first embodiment (see FIG. 1).
However, the encrypted file storage unit 160 has a directory in which the access right information 112 is preset.
A directory is used in a general file system, and is also called a “folder”.
For example, the directory is a combination of a storage area for storing the encrypted file 119, information about a storage area for storing the encrypted file 119, or a combination of both.

<Example 1>
FIG. 18 is a diagram illustrating an example of the encrypted file storage unit 160 according to the second embodiment (Example 1).
The encrypted file storage unit 160 in the second embodiment (Example 1) will be described with reference to FIG.

The encrypted file storage unit 160 includes two directories 220A and 220B for storing the encrypted file 119.
The directory 220A is for storing the encrypted file 119 for the personnel department, and the attribute value “HR department” is set as the access right information 112a in the directory 220A.
The directory 220B is for storing the encrypted file 119 for the sales department, and the attribute value “sales department” is set as the access right information 112b in the directory 220B.

Next, a method of using the access right information 112a and 112b set in the directories 220A and 220B will be described based on the flowchart described in the first embodiment.
In S110 of FIG. 6, instead of specifying the access right information 112, the login user specifies a directory in which the encrypted file 119 of the access restriction data 111 is stored.
For example, when the access restriction data 111 for the personnel department is generated, the login user designates the directory 220A for the personnel department as the storage destination.
In S140 of FIG. 6, the data encryption unit 140 generates an encrypted file 119 using the access right information 112a set in the directory 220A designated by the login user. Therefore, the access right information input unit 142 of the data encryption unit 140 acquires the access right information 112a from the directory 220A (see S142 in FIG. 7).
In S150 of FIG. 6, the device control unit 130 stores the encrypted file 119 in the directory 220A designated by the login user.
Other processes of the transparent encryption process (see FIG. 6) are the same as those in the first embodiment. The transparent decoding process (see FIG. 10) is the same as that in the first embodiment.

<Example 2>
FIG. 19 is a diagram illustrating an example of the encrypted file storage unit 160 according to the second embodiment (Example 2).
The encrypted file storage unit 160 in the second embodiment (Example 2) will be described with reference to FIG.

The encrypted file storage unit 160 includes a personnel department directory 220A and a sales department directory 220B.
The personnel department directory 220A includes a subdirectory 221A. The access right information 112 is not set in the subdirectory 221A. For this reason, the subdirectory 221A inherits the access right information 112 set in the parent directory 220A.
The sales department directory 220B includes a sales department manager subdirectory 221B. The attribute value “Sales Manager” is set as the access right information 112c in the subdirectory 221B.

Next, a method of using the subdirectory 221A will be described based on the flowchart described in the first embodiment.
In S110 of FIG. 6, instead of specifying the access right information 112, the login user specifies a subdirectory in which the encrypted file 119 of the access restriction data 111 is stored.
For example, when the access restriction data 111 for the personnel department is generated, the login user designates the subdirectory 221A in the directory 220A for the personnel department as the storage destination.
In S140 of FIG. 6, since the access right information 112 is not set in the subdirectory 221A designated as the login user, the data encryption unit 140 sets the access right set in the parent directory 220A of the subdirectory 221A. Using the information 112a, an encrypted file 119 is generated. Therefore, the access right information input unit 142 of the data encryption unit 140 acquires the access right information 112a from the directory 220A (see S142 in FIG. 7).
In S150 of FIG. 6, the device control unit 130 stores the encrypted file 119 in the subdirectory 221A designated by the login user.

Next, a method of using the subdirectory 221B will be described based on the flowchart described in the first embodiment.
In S110 of FIG. 6, instead of specifying the access right information 112, the login user specifies a subdirectory in which the encrypted file 119 of the access restriction data 111 is stored.
For example, when the access restriction data 111 for the sales manager is generated, the login user designates the sales manager's subdirectory 221B as the storage destination.
In S140 of FIG. 6, the data encryption unit 140 generates the encrypted file 119 using the access right information 112c set in the subdirectory 221B designated by the login user. Therefore, the access right information input unit 142 of the data encryption unit 140 acquires the access right information 112c from the subdirectory 221B (see S142 in FIG. 7).
In S150 of FIG. 6, the device control unit 130 stores the encrypted file 119 in the subdirectory 221B designated by the login user.

Next, another method using the subdirectory 221B will be described based on the flowchart described in the first embodiment.
In S110 of FIG. 6, it is assumed that the logged-in user designates the subdirectory 221B for the sales manager.
In S140 of FIG. 6, the data encryption unit 140 sets the access right information 112c set in the subdirectory 221B designated by the login user and the access right information 112b set in the parent directory 220B of the subdirectory 221B. Are used to generate the encrypted file 119. Therefore, the access right information input unit 142 of the data encryption unit 140 acquires the access right information 112c from the subdirectory 221B and also acquires the access right information 112b from the parent directory 220B.
For example, the data encryption unit 140 generates the encrypted file 119 using the logical product “sales department AND sales department manager” of the access right information 112c and the access right information 112b as a decryptable condition. However, the data encryption unit 140 may use another type of logical expression such as a logical sum “sales department OR sales manager” or an exclusive OR “sales department NOR sales manager” as a decryptable condition. In this case, information specifying what kind of logical expression is generated by combining a plurality of access right information 112 may be set in the directory 220B, the subdirectory 221B, or the access right information 112c.
In S150 of FIG. 6, the device control unit 130 stores the encrypted file 119 in the subdirectory 221B designated by the login user.

  Other processes of the transparent encryption process (see FIG. 6) are the same as those in the first embodiment. The transparent decoding process (see FIG. 10) is the same as that in the first embodiment.

According to the second embodiment, for example, the following effects can be obtained.
The transparent encrypted file system 100 can automatically acquire the access right information 112 from the directory in which the encrypted file 119 is stored.
The transparent encrypted file system 100 encrypts the access restriction data 111 by an encryption method with an access right using the access right information 112 acquired automatically as an input parameter, thereby transparently and efficiently storing the access restriction data 111. It can be stored safely.

In the second embodiment, for example, the following encryption device with access right (100) has been described. Reference numerals or names used in the embodiments are shown in parentheses.
The encrypted file storage unit (160) is one or more directories for storing the encrypted file (119) and one or more directories (220) in which the decryptable condition information (112) is preset. ).
The directory designation information acquisition unit (142) acquires directory designation information for designating any directory in which the encrypted file is set among one or more directories included in the encrypted file storage unit.
The decipherable condition information acquisition unit (142) is the directory designation information acquired by the directory designation information acquisition unit among the decodable condition information set in each of one or more directories included in the encrypted file storage unit. The decodable condition information set in the directory specified by is acquired.

  100 transparent encrypted file system, 101 login unit, 109 encryption key generation unit with access right, 110 application unit, 111 access restriction data, 112 access right information, 119 encrypted file, 119A metadata field, 119B data field, 119a Encrypted random number, 119b Encrypted data, 120 File system unit, 130 Device control unit, 140 Data encryption unit, 141 Public key input unit, 142 Access right information input unit, 143 Data input unit, 144 Encrypted file generation unit, 144A random number generation unit, 144B common key encryption unit, 144C encryption unit with access right, 144D encrypted file configuration unit, 144a random number, 145 encrypted file output unit, 150 data decryption unit, 151 encryption file File decomposition unit, 152 decryption unit with access right, 153 common key method decryption unit, 160 encrypted file storage unit, 190 system storage unit, 191 system public key, 192 user secret key, 193 system common key, 199 user management file, 200A Human Resources Department, 200B Sales Department, 201a, 201b, 201c, 201d, 201e User, 210 Access Right Encryption Device, 211 Access Right Decryption Device, 219 Network, 220A, 220B Directory, 221A, 221B Subdirectory, 901 CPU , 902 bus, 903 ROM, 904 RAM, 905 communication board, 911 display, 912 keyboard, 913 mouse, 914 drive, 920 magnetic disk unit, 921 OS, 922 pro Lamb group, 923 files.

Claims (10)

An access restriction data generation unit that generates encrypted data as access restriction data;
A decodable condition information obtaining unit for obtaining decodable condition information indicating, as a decodable condition, a condition related to an attribute of a user permitted to decrypt the encrypted access restriction data;
An access restriction data encryption unit that encrypts the access restriction data generated by the access restriction data generation unit using a common key using a common key encryption method;
The common key used by the access restriction data encryption unit for encrypting the access restriction data can be decrypted by using a public key and the decodable condition information acquired by the decodable condition information acquisition unit. A common key encryption unit for encrypting with an encryption method with an access right for encrypting data so as to be decrypted using a secret key generated in association with an attribute satisfying a condition;
An encrypted file generation unit that generates an encrypted file including the access restriction data encrypted by the access restriction data encryption unit and the common key encrypted by the common key encryption unit; An encryption device with access rights, comprising: An encrypted file storage unit having one or more directories for storing the encrypted file and having one or more directories in which the decryptable condition information is preset;
A directory designation information obtaining unit for obtaining directory designation information for designating any directory for setting the encrypted file among one or more directories included in the encrypted file storage unit;
The decipherable condition information acquisition unit is designated by directory designation information acquired by the directory designation information acquisition unit among the decodable condition information set in each of one or more directories included in the encrypted file storage unit 2. The encryption apparatus with access right according to claim 1, wherein the decryptable condition information set in the directory to be acquired is acquired. At least one of the one or more directories included in the encrypted file storage unit includes a subdirectory,
When the directory designation information acquisition unit acquires information specifying the subdirectory as the directory specification information, the decryptable condition information acquisition unit is set for each of one or more directories included in the encrypted file storage unit. 3. The encryption apparatus with access right according to claim 2, wherein the decryptable condition information set in a directory including the subdirectory among the decryptable conditions is acquired. Data encrypted by a common key cryptosystem using a common key is included as access restriction data, and is generated in association with an attribute of a user who is permitted to decrypt the encrypted access restriction data An encrypted file storage unit for storing an encrypted file, including the common key encrypted by an encryption method with an access right for encrypting data so as to be decrypted using a secret key;
For each user, a secret key storage unit that stores an identifier for identifying the user and a secret key that is generated in association with the attribute of the user in association with each other;
A user identifier input unit for inputting a user identifier for identifying a user;
A user secret key that acquires, as a user secret key, a secret key associated with the same identifier as the user identifier input to the user identifier input unit among the secret keys stored in the secret key storage unit An acquisition unit;
The encrypted common key included in the encrypted file stored in the encrypted file storage unit is added with the access right using the user secret key acquired by the user secret key acquisition unit. A common key decryption unit for decrypting with an encryption method;
When the common key is decrypted by the common key decryption unit, the encrypted access restriction data included in the encrypted file stored in the encrypted file storage unit is decrypted by the common key decryption unit. And an access-restricted data decrypting unit for decrypting by the common key encryption method using the common key. An encryption device with access right according to any one of claims 1 to 3,
An encryption system with access right, comprising: the decryption apparatus with access right according to claim 4. An access restriction data generation unit that generates encrypted data as access restriction data;
A decodable condition information obtaining unit for obtaining decodable condition information indicating, as a decodable condition, a condition related to an attribute of a user permitted to decrypt the encrypted access restriction data;
An access restriction data encryption unit that encrypts the access restriction data generated by the access restriction data generation unit using a common key using a common key encryption method;
The common key used by the access restriction data encryption unit for encrypting the access restriction data can be decrypted by using a public key and the decodable condition information acquired by the decodable condition information acquisition unit. A common key encryption unit for encrypting with an encryption method with an access right for encrypting data so as to be decrypted using a secret key generated in association with an attribute satisfying a condition;
An encrypted file generation unit that generates an encrypted file including the access restriction data encrypted by the access restriction data encryption unit and the common key encrypted by the common key encryption unit;
An encrypted file storage unit for storing the encrypted file generated by the encrypted file generation unit;
For each user, a secret key storage unit that stores an identifier for identifying the user and a secret key that is generated in association with the attribute of the user in association with each other;
A user identifier input unit for inputting a user identifier for identifying a user;
A user secret key that acquires, as a user secret key, a secret key associated with the same identifier as the user identifier input to the user identifier input unit among the secret keys stored in the secret key storage unit An acquisition unit;
The encrypted common key included in the encrypted file stored in the encrypted file storage unit is added with the access right using the user secret key acquired by the user secret key acquisition unit. A common key decryption unit for decrypting with an encryption method;
When the common key is decrypted by the common key decryption unit, the encrypted access restriction data included in the encrypted file stored in the encrypted file storage unit is decrypted by the common key decryption unit. An access-restricted encryption system comprising: an access restriction data decryption unit that decrypts the common key using the common key encryption method. An encryption method with access right using a computer comprising an access restriction data generation unit, a decryptable condition information acquisition unit, an access restriction data encryption unit, a common key encryption unit, and an encrypted file generation unit ,
The access restriction data generation unit generates encrypted data as access restriction data,
The decipherable condition information acquisition unit acquires decodable condition information indicating, as a decodable condition, a condition related to an attribute of a user permitted to decrypt the encrypted access restriction data;
The access restriction data encryption unit encrypts the access restriction data generated by the access restriction data generation unit using a common key by a common key encryption method,
The common key encryption unit uses the public key and the decryptable condition information obtained by the decryptable condition information obtaining unit as the common key used by the access restricted data encryption unit to encrypt the access restricted data. And using an encryption method with an access right for encrypting data so as to be decrypted using a secret key generated in association with the attribute satisfying the decryptability condition,
The encrypted file generation unit generates an encrypted file including the access restriction data encrypted by the access restriction data encryption unit and the common key encrypted by the common key encryption unit. An encryption method with access rights, characterized by: Decryption method with access right using a computer comprising an encrypted file storage unit, a secret key storage unit, a user identifier input unit, a user secret key acquisition unit, a common key decryption unit, and an access restriction data decryption unit Because
The encrypted file storage unit includes, as access restriction data, data encrypted by a common key encryption method using a common key, and a user who is permitted to decrypt the encrypted access restriction data. A storage unit for storing an encrypted file including the common key encrypted by an encryption method with an access right for encrypting data so as to be decrypted using a secret key generated in association with an attribute having;
The secret key storage unit is a storage unit that stores, for each user, an identifier for identifying the user and a secret key generated in association with an attribute of the user in association with each other,
The user identifier input unit inputs a user identifier for identifying a user,
The user secret key acquisition unit uses a secret key associated with the same identifier as the user identifier input to the user identifier input unit among the secret keys stored in the secret key storage unit. As a private key,
The common key decryption unit uses the encrypted common key included in the encrypted file stored in the encrypted file storage unit as the user secret key acquired by the user secret key acquisition unit. And decrypting with the encryption method with the access right,
When the access restriction data decryption unit decrypts the common key by the common key decryption unit, the encrypted access restriction data included in the encrypted file stored in the encrypted file storage unit, A decryption method with an access right, wherein the decryption is performed by the common key encryption method using the common key decrypted by the common key decryption unit.   8. An encryption program with access right for causing a computer to execute the encryption method with access right according to claim 7.   9. A decryption program with access right for causing a computer to execute the decryption method with access right according to claim 8.

Images