JP2006332735A - Encryption conversion apparatus, and encryption conversion method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption conversion apparatus and an encryption conversion method and program capable of preventing the protection strength required by a content owner from being degraded in the case of conversion of encryption systems when organizations share information. <P>SOLUTION: The encryption conversion apparatus 50 carrying out encryption conversion for using a second encryption method to encrypt again data encrypted by a first encryption method includes a conversion means for carrying out the encryption conversion so that the protection strength of the data encrypted by the first encryption method is equal to or more than the protection strength of the data encrypted by the second encryption method. In this case, the conversion means utilizes a computational complexity required for decrypting the encryption to perform the encryption conversion so that the protection strength of the data encrypted by the first encryption method is equal to or more than the protection strength of the data encrypted by the second encryption method. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a cipher conversion device, a cipher conversion method, and a program for encrypting electronic content for secure use.

  Conventionally, a security administrator or the like for each organization decides the encryption system and key length independently, and forces users belonging to each organization to use these preset encryption systems and key lengths. It was. For this reason, when information is shared between organizations, it is necessary to convert the encryption system.

A method for changing the key length at the time of cryptographic system conversion by adding a random number to the key used before the conversion has been proposed (see Patent Document 1).
JP 2000-049770 A

  However, when the encryption system is converted when information is shared between organizations, the encryption system and the key length are uniquely and fixedly set in each organization. There was no guarantee realized after conversion. In other words, when electronic content with copyrights is shared by multiple different organizations, the encryption method used for copyright protection differs from organization to organization, and as a result, content sharing may be prevented. is there. At this time, in order to use the electronic content encrypted by the encryption method of organization A in another organization B, it is necessary to re-encrypt the electronic content using the encryption method used in organization B. . However, at this time, there is a problem that the protection strength realized in the original organization A cannot be guaranteed in the organization B because of differences in encryption methods, key lengths, and the like between the organizations.

  In addition, when the technique of Patent Document 1 is used, a specific solution to the problem of how to set the key length is separately required to make the protection strength the same before and after the conversion.

  The prior art as described above lacks a method for associating the protection strength realized in each organization with the protection strength realized in other organizations. For this reason, the protection strength realized in the encryption system before the conversion is not guaranteed in the encryption system after the conversion, and the protection strength required by the content owner is not realized in the conversion of the encryption system.

  Therefore, the present invention has been made in view of the above problems, and when information is shared between organizations, the protection strength required by the owner of the content can be prevented from being lost against encryption conversion. An object of the present invention is to provide a cryptographic conversion device, a cryptographic conversion method, and a program.

  In order to solve the above problem, the cryptographic conversion apparatus of the present invention is a cryptographic conversion apparatus that performs cryptographic conversion for re-encrypting data encrypted by the first encryption technique using the second encryption technique, Conversion means for performing the cryptographic conversion so that the protection strength of the data encrypted by the first encryption method and the protection strength of the data encrypted by the second encryption method are equal to or greater than It has. According to the present invention, when performing encryption conversion in order to share encrypted content between a plurality of organizations using different encryption systems, the same content shared between the plurality of organizations is applied. The protection strength can be the same in each organization. As a result, when information is shared between organizations, the protection strength required by the content owner against encryption conversion can be prevented from being impaired.

  The conversion means uses a calculation amount necessary for decryption to protect the strength of the data encrypted by the first encryption method and the protection of the data encrypted by the second encryption method. The cryptographic conversion is performed so that the strength is equal to or higher. Thus, using the amount of computation required for decryption, the protection strength of the data encrypted by the first encryption method is equivalent to the protection strength of the data encrypted by the second encryption method. The encryption system can be converted as described above.

  The converting means designates the protection strength of the data encrypted by the second encryption method using the length of the encryption key used for encrypting the data. The converting means depends on at least one of the value of the data, the data protection period, the data distribution route information, the data using device information, the user profile information, and a combination thereof, and the second encryption. The protection strength of data encrypted by the encryption method is determined. The cipher conversion device is constituted by a conversion server that is neutral to each organization for performing cryptographic conversion.

  The cryptographic conversion apparatus according to the present invention further includes a generating unit that generates an electronic ticket for the terminal that receives the data. As a result, copyright protection and the like can be further realized. The encryption conversion apparatus according to the present invention achieves the protection strength applied to the data by using a tamper resistant technique. The cryptographic conversion apparatus of the present invention proves the use qualification of the data by using at least one of an electronic certificate, a smart card, and an IC card. As a result, the user's content usage qualification can be proved.

  The encryption conversion method of the present invention is an encryption conversion method for performing encryption conversion for re-encrypting data encrypted by the first encryption method using the second encryption method, A conversion step of performing the encryption conversion so that the protection strength of the encrypted data and the protection strength of the data encrypted by the second encryption method are equal to or higher than each other. According to the present invention, when performing encryption conversion in order to share encrypted content between a plurality of organizations using different encryption systems, the same content shared between the plurality of organizations is applied. The protection strength can be the same in each organization. As a result, when information is shared between organizations, the protection strength required by the content owner against encryption conversion can be prevented from being impaired.

  The conversion step uses a calculation amount necessary for decryption to protect the strength of the data encrypted by the first encryption method and the protection of the data encrypted by the second encryption method. The cryptographic conversion is performed so that the strength is equal to or higher. Thus, using the amount of computation required for decryption, the protection strength of the data encrypted by the first encryption method is equivalent to the protection strength of the data encrypted by the second encryption method. The encryption system can be converted as described above.

  The program of the present invention causes a computer to execute the above-described encryption / cipher conversion method.

  According to the present invention, it is possible to provide a cryptographic conversion apparatus, a cryptographic conversion method, and a program capable of preventing the protection strength required by the content owner from being compromised against cryptographic conversion when information is shared between organizations. it can.

  Hereinafter, the best mode for carrying out the present invention will be described. In this embodiment, a case where confidential information is shared between two different organizations will be described.

  First, details of the system configuration of this embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating a relationship between a person, a server, and the like related to content distribution / browsing. FIG. 2 is a block diagram for realizing an embodiment according to the present invention. In the present embodiment, sharing of customer information between company A and company B having a partnership relationship will be described. Here, it is assumed that company A uses RSA encryption to protect confidential files, while company B uses elliptic curve encryption. Further, it is assumed that customer information of millions of people is described in the confidential file. If information related to a large number of customers is leaked, there is a concern that both companies' social credibility will be greatly lost, and a large amount of damages may occur. For this reason, it is necessary to ensure sufficient security for the management of confidential files in which customer information is described.

  Company A and Company B possess information management servers 20 and 30 for managing confidential information, respectively. The information management servers 20 and 30 store confidential files that describe their confidential information. Information management servers 20 and 30 execute authentication of users belonging to companies A and B, user inquiries to other servers, issuance of electronic tickets, storage of confidential files, and transmission of confidential files to users or other servers, respectively. To do. Furthermore, the information management servers 20 and 30 have a function of identifying users of other companies that are accessed via other servers and limiting the use range of confidential information based on the qualifications the users have. A conversion server 50 for converting the encryption method applied to the confidential file exists on the Internet.

  The user-owned information terminals 10 belonging to the companies A and B are provided with user qualification means 11, encrypted file / electronic ticket receiving means 12, file decryption means 13, and file display means 14. It is assumed that the user-owned information terminal 40 has the same configuration as the user-owned information terminal 10. The user-owned information terminal 10 is provided with a confidential file viewer having a software tamper resistance function (reference: “software tamper resistance technology”, information processing June 2003 issue) in order to realize security for confidential files. It is installed. In this embodiment, it is assumed that an electronic ticket method (reference: Japanese Patent Laid-Open No. 10-164051, “User Authentication Device and Method”) is used. In the electronic ticket method assumed here, the user registers information unique to the user possession information terminals 10 and 40 owned by the user in the information management servers 20 and 30 of the organization to which the user belongs.

  The user qualification means 11 uses an electronic certificate or the like to prove to the information management server 20 that it is the user J, and after performing the certification, obtains a confidential file describing the customer information of the company B. Requests to the information management server 20. The encrypted file / electronic ticket receiving means 12 functions as an interface for receiving the encrypted file / electronic ticket, and registers the acquired electronic ticket and the encrypted confidential file in the file decrypting means 13 which is a viewer. The file decryption means 13 decrypts the encrypted common key attached to the encrypted confidential file using the electronic ticket and the device specific information, and further uses the decrypted common key to decrypt the encrypted confidential file. Decrypt. The file display unit 14 performs display processing of the decrypted file.

  The information management server 20 includes user authentication means 21, terminal specific information / user information sending means 22, encrypted file / electronic ticket receiving means 23, and encrypted file / electronic ticket sending means 24. The user authentication means 21 performs user authentication. After receiving the confidential file acquisition request, the terminal specific information / user information sending means 22 accesses the information management server 30 of the company B, transmits the use request of the confidential file by the user J, and converts the terminal specific information L into the conversion server. Send to 50. The encrypted file / electronic ticket receiving means 23 functions as an interface for receiving the encrypted file and the electronic ticket. The encrypted file / electronic ticket sending means 24 functions as an interface for sending the encrypted file and the electronic ticket.

  The information management server 30 includes user information receiving means 31, content usage range restriction means 32, content encryption means 33, electronic ticket generation means 34, and encrypted content / electronic ticket sending means 35. The user information receiving means 31 functions as an interface for receiving user information. The content usage range limiting means 32 limits customer information related to the joint business of companies A and B, and records only limited customer information in one file.

  The content encryption means 33 encrypts this confidential file using the elliptic curve encryption used in the company B. The content encryption unit 33 generates a 160-bit random number, uses this as an encryption key for common key encryption used for encryption of the confidential file, and encrypts the confidential file using this encryption key. Furthermore, this common key is encrypted using the public key of the elliptic curve encryption, and this is attached to the encrypted confidential file. The key length of the elliptic curve encryption used at this time is determined according to information such as security guidelines. The electronic ticket generation unit 34 generates an electronic ticket for the conversion server 50 using the unique information I of the conversion server 50 and the elliptic curve key generated previously. The encrypted content / electronic ticket sending means 35 sends to the conversion server 50 an encrypted confidential file associated with the electronic ticket and the encrypted common key.

  The conversion server 50 includes an encrypted file / electronic ticket receiving unit 51, a content decrypting unit 52, a key length determining unit 53, a content encrypting unit 54, an electronic ticket generating unit 55, and an encrypted content / electronic ticket sending unit 56.

  The conversion server 50 is neutral with respect to the companies A and B that are organizations for performing cryptographic conversion. The conversion server 50 converts the encryption method applied to the confidential file so that users belonging to the companies A and B can share the confidential file in accordance with the file conversion request from the information management servers 20 and 30. When a user belonging to the company A requests a confidential file of the information management server 30, the conversion server 50 converts the confidential file (data) encrypted by the RSA encryption (first encryption method) into an elliptic curve encryption (second Encryption conversion that is re-encrypted with the encryption method of At this time, the conversion server 50 designates the protection strength of the confidential file encrypted by the second encryption method using the length of the encryption key used for data encryption.

  In addition, when the conversion server 50 performs encryption conversion in order to share encrypted content among a plurality of organizations using different encryption systems, the conversion server 50 applies the same content shared between the plurality of organizations. The processing is performed so that the protection strength is almost the same in each organization. At this time, the conversion server 50 ensures that the protection strength of the confidential file encrypted by the first encryption method is equal to or greater than the protection strength of the confidential file encrypted by the second encryption method. Perform cryptographic conversion.

  Moreover, the conversion server 50 implement | achieves the protection intensity | strength given to a confidential file by utilizing a tamper-proof technique. Further, the conversion server 50 may prove the use qualification of the confidential file by using at least one of an electronic certificate, a smart card, and an IC card.

  The encrypted file / electronic ticket receiving means 51 functions as an interface for receiving the encrypted file and the electronic ticket. The content decryption means 52 generates a plaintext confidential file from the received confidential file and electronic ticket.

  The key length determination means 53 determines the key length so that the amount of calculation required for decryption is almost the same in the encryption system used in each organization in order to make the protection strength realized in each organization the same. . At this time, the key length determination unit 53 uses the amount of calculation necessary for decryption to protect the protection strength of the confidential file encrypted with the RSA encryption (first encryption method) and the elliptic curve encryption (second The key length for performing the cryptographic conversion is determined so that the protection strength of the confidential file encrypted by the encryption method is equal to or higher than that. Specifically, the key length determination means 53 evaluates the protection strength realized using the original organization B's encryption method and key length with the amount of calculation necessary for the decryption of the cryptographic system using these, In another organization A, the protection strength is expressed by a calculation amount necessary for decryption, and the key length in the organization A is set so that both the calculation amounts are equal.

  The key length determination means 53 depends on at least one of the value of the confidential file, the protection period of the confidential file, the distribution path information of the confidential file, the device usage information of the confidential file, the user profile information, and a combination thereof. Then, the protection strength of the confidential file encrypted with the RSA encryption may be determined. These pieces of information are stored in storage means (not shown) of the conversion server.

  The content encryption unit 54 newly encrypts the confidential file using the setting by the key length determination unit 53 and the RSA encryption. Thereby, the protection strength realized in the organization A is also realized in the organization B. Therefore, the protection strength required by the owner of the confidential file can be prevented from being lost during the conversion of the encryption system.

  The electronic ticket generation means 55 generates an electronic ticket for a terminal that receives an electronic file. This electronic ticket generation means 55 receives terminal-specific information from the information management server 20, and generates an electronic ticket for the user using difference information between this and the encryption key used for confidential file protection. The encrypted content / electronic ticket sending means 56 functions as an interface for sending the encrypted confidential file / electronic ticket.

  Here, the terminal-specific information is linked to the software tamper resistance function provided in the user-owned information terminal 10, and the electronic ticket issued to the user-owned information terminal 10 is the software tamper-resistant property of the user-owned information terminal 10. This electronic ticket cannot be used with the software tamper resistant function of other terminals. The registration of the terminal-specific information described above is based on the fact that a program protected by the tamper-proof function of the information terminal uses a secure route such as VPN (Virtual Private Network) for communication with the server based on a user instruction. After the creation, it is carried out without leaking terminal-specific information to users and third parties.

  In addition, the terminal-specific information, the decrypted confidential file, and the common key used for encrypting the confidential file are always protected by the software tamper resistance function. Taking out these pieces of information from the information terminal is prevented. The software tamper resistance function is also installed in the conversion server 50 in order to safely execute encryption / decryption at the time of encryption system conversion.

  The conversion server 50 has a software tamper resistance function F for realizing conversion for making confidential information of company A available to company B, and also makes confidential information of company B available to company A. Two software tamper resistant functions G for realizing the conversion are installed. The information management server 20 holds the unique information H of the conversion server 50 associated with the function F, and the information management server 30 retains the unique information I of the conversion server 50 associated with the function G. The information management servers 20 and 30 send the encrypted confidential file and the electronic ticket for decryption of the confidential file to the conversion server 50 for the conversion of the confidential file. When generating the electronic ticket to be given to the conversion server 50, the information management servers 20 and 30 use the unique information H and I, respectively.

  In the electronic ticket method, by utilizing computational difficulty such as prime factorization or discrete logarithm problem, the user himself / herself and a third party are used to protect the information terminal specific information or confidential file of the user from the difference information. It is difficult to calculate the encryption key information in terms of calculation amount, and the leakage of the confidential file and the accompanying confidential information is effectively prevented.

  Hereinafter, sharing of confidential files by the user J belonging to the company A and the user K belonging to the company B will be described. Although users J and K belong to different companies, a secret file describing customer information of both users is shared with the implementation of the joint project of both users. In addition, it is assumed that the users J and K use information terminals that respectively hold the terminal specific information M and L.

  FIG. 3 is a diagram illustrating a procedure performed when a user of the organization (company) A uses a confidential file owned by the organization (company) B. FIG. 4 is a diagram showing a procedure performed by the information management server 20 of the organization A to which the user belongs. FIG. 5 is a diagram illustrating a procedure performed by the information management server 30 of the organization B that does not belong to the user but owns information that the user intends to use. FIG. 6 is a diagram showing an implementation procedure of the conversion server 50 which has a neutral relationship with the above two organizations and performs encryption conversion performed on a file.

  The user J first accesses the information management server 20 of the company A to which the user J belongs by using the user-owned information terminal 10 of the user J in order to acquire the confidential file describing the customer information of the company B (S101). At this time, the user qualification means 11 of the user-owned information terminal 10 uses the electronic certificate or the like to prove to the information management server 20 that it is the user J (S102, S201), and performs the certification. Thereafter, the information management server 20 is requested to acquire a confidential file describing the customer information of the company B. After receiving the request, the terminal specific information / user information sending means 22 of the information management server 20 accesses the information management server 30 of the company B, and transmits the use request of the confidential file by the user J (S202). Further, the information management server 20 sends the terminal specific information L to the conversion server 50 (S203).

  The content use range limiting means 32 of the information management server 30 limits customer information related to the joint business of the companies A and B (S301, S302), and records only the limited customer information in one file (S303). . After that, the content encryption means 33 encrypts this confidential file using the elliptic curve encryption used in the company B (S304). The content encryption unit 33 performs encryption of the confidential file as follows.

  First, the content encryption unit 33 generates a 160-bit random number, uses this as an encryption key for common key encryption used for encryption of the confidential file, and encrypts the confidential file using this encryption key. Furthermore, this common key is encrypted using the public key of the elliptic curve encryption, and this is attached to the encrypted confidential file. The key length of the elliptic curve cryptography used at this time is determined according to information such as security guidelines, and here the key length is assumed to be N bits. The electronic ticket generation means 34 of the information management server 30 generates an electronic ticket for the conversion server 50 using the unique information I of the conversion server 50 and the previously generated elliptic curve key (S304).

  Then, the encrypted content / electronic ticket sending means 35 of the information management server 30 sends the encrypted confidential file accompanied by the electronic ticket and the encrypted common key to the conversion server 50 (S305). The content decryption means 52 of the conversion server 50 generates a plaintext confidential file from the received confidential file and the electronic ticket (S401, S402, S403), and the content encryption means 54 uses the plaintext for the RSA used in the company A. Encrypt using cryptography. At this time, the key length determination means 53 determines the length of the encryption key when performing encryption using RSA encryption as follows (S404). First, the key length determination means 53 determines the strength CE (N) of elliptic curve cryptography having a key length of N bits using the following equation (1).

(1) CE (N) = exp ((1 + o (1)) (log n) ^ (1/2)), n = 2 ^ N.

  Next, the key length determination means 53 determines the length K of the RSA encryption key used for protection using the above equation (1) according to the following equation (2).

(2) K = lg {min {l | C (l)> CE (N)}}, C (l) = v (log v),
v = Min {w | wΨ (x, y)> xy / log y, x = 2d (l ^ (2 / d)) (w ^ ((d + 1) / 2)), y> 0, d: Positive odd number}.

  In the above, lg represents a logarithm with base 2. In the above formula, Ψ (x, y) represents the number of positive integers less than or equal to x whose prime factor does not exceed y. Refer to [1] Math. Comp., 66, p.1729-1741, 1997. [2] Math. Comp., 73, p.1013-1022, 2004 etc. for the calculation method of Ψ (x, y). I want to be. CE (N) and C (l) represent the amount of calculation required for decryption of elliptic curve cryptography and RSA cryptography. Therefore, since the amount of calculation required for the decryption of both is equalized by determining the key length using equations (1) and (2), when the protection strength is evaluated by the amount of decryption calculation, the confidentiality in both encryption systems before and after the conversion The protection level of the file is equivalent.

  Next, the content encryption means 54 of the conversion server 50 generates a 160-bit random number, uses this as an encryption key for the common key encryption used for encryption of the confidential file, and uses this encryption key for confidentiality. Encrypt the file. Further, the content encryption means 54 encrypts this common key using the public key of the previous RSA encryption, and attaches it to the encrypted confidential file. The electronic ticket generation means 55 of the conversion server 50 acquires the terminal specific information L of the information terminal used by the user J from the information management server 20, and uses this and the RSA encryption key generated earlier, the electronic ticket for the user J Is generated (S405).

  Then, the encrypted content / electronic ticket sending means 56 of the conversion server 50 sends the encrypted confidential file associated with the electronic ticket and the encrypted common key to the information management server 20 (S406). The information management server 20 transfers these two to the user J (S204, S205). All of the encryption / decryption processing in the above-described encryption conversion is performed while keeping all confidential information in the tamper-resistant area by using the tamper-proof function. Thereby, the illegal act by the information management server 20, the information management server 30, and the conversion server 50 is prevented.

  Next, browsing of the encrypted confidential file by the user J will be described. As described above, the user J browses the encrypted confidential file using the viewer protected by the tamper resistant function. Therefore, the encrypted file / electronic ticket receiving means 12 of the user-owned information terminal 10 of the user J registers the acquired electronic ticket and the encrypted confidential file in the viewer (S103, S104). The viewer uses the electronic ticket and device specific information to decrypt the encrypted common key attached to the encrypted confidential file. Further, the encrypted confidential file is decrypted using the decrypted common key and displayed to the user (S105, S106).

  However, all of these processes are performed while keeping all confidential information in the tamper-resistant area of the viewer using the tamper-resistant function. The user cannot know the common key or device-specific information, but once the electronic ticket is acquired, it is encrypted even in an external mobile environment where the server cannot be accessed for the expiration date. Information in the confidential file can be browsed using a viewer.

  Although the use of the confidential file owned by the company B by the user J has been described above, the same applies to the case of the use of the confidential file owned by the company A by the user K. However, in this case, conversion from the RSA cipher to the elliptic curve cipher by the conversion server 50 is required, and the key length of the elliptic curve cipher required at that time is determined as follows. Here, it is assumed that the confidential file before conversion is encrypted with an M-bit RSA encryption key. The strength CR (M) of the RSA encryption having an M-bit key length is given by the following equation (3).

(3) CR (M) = v (log v),
v = min {w | wΨ (x, y)> xy / log y, x = 2d (m ^ (2 / d)) (w ^ ((d + 1) / 2)), y> 0, d: Positive odd number}, m = 2 ^ M.

  Using the above equation (3), the key length K ′ of the elliptic curve used for protection is determined by the following equation (4).

(4) K '= lg {min {l | CE (l)> CR (M)}}, CE (l) = exp ((1/2 + o (1)) (log l) ^ (1/2 )).

  Further, the unique information H of the conversion server 50 is used to generate an electronic ticket for the conversion server 50 created by the information management server 20. Furthermore, when creating an electronic ticket for the user K, the conversion server 50 uses the terminal specific information M.

In the above embodiment, elliptic curve cryptography and RSA cryptography are used particularly for content protection. However, even when ElGamal cryptography or other public key cryptography such as NTRU is used, the amount of calculation required for decryption is reduced. By making it the same before and after the conversion, it is possible to make the protection strength the same before and after the conversion. As a result, the same effect as described above can be obtained even when using an encryption system other than the elliptic curve encryption and the RSA encryption. Further, as a calculation formula for setting the optimum key length K, instead of the formula (2),
K = lg {min {l | CN (l)> CE (N)}},
CN (l) = Exp ((1.92 + o (1)) * ((log l) ^ (1/3)) * ((log log l) ^ (2/3))),
Alternatively, a correction of the above equation may be used.

In the above, CN (l) is the computational complexity of the number field sieving method which is the best attack method for cryptographic systems that depend on the difficulty of prime factorization such as RSA (reference documents: AK Lenstra, HW Lenstra (eds.), The development of the number field sieve, Lecture Notes in Mathematics, vol. 1554, Springer-Verlag, Berlin and Heidelberg, Germany, 1993.). In addition, when converting cryptography, it is corrected to the decryption calculation amount calculated when determining the key length depending on the route information, device information used, user profile information, etc. related to the distribution of content (confidential file). You may adjust the protection intensity | strength provided to a content by adding. For example, instead of equation (2),
K = lg {min {l | C (l)> CE (N) + B}}, C (l) = v (log v), B> 0
, And the value of the protection strength to be increased corresponding to the route information or the like is substituted into B in the above formula.

  As a result, content protection can be implemented more appropriately when content usage in a more dangerous environment than before conversion is assumed. Furthermore, for the purpose of constructing a stronger copyright protection system, the electronic ticket system and a smart card, an IC card, or the like may be linked in an information terminal used by a user.

  According to the present invention, by using the equations (1) to (4), it is possible to equalize the amount of security applied to the confidential file in different organizations by equalizing the amount of calculation required for the decryption of the cryptographic system. It becomes possible. In addition, a neutral conversion server 50 for performing encryption conversion is introduced, encryption / decryption necessary for conversion is executed only on the conversion server, and an electronic ticket system based on a software tamper resistant function is used. This makes it possible to safely manage a confidential file operated on a server or user terminal belonging to a different organization while retaining the copyright of the owner of the confidential file.

  The conversion server 50 corresponds to the encryption conversion device of the present invention. The conversion server 50 is realized using, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and the program is stored in a hard disk device, a CD-ROM, a DVD, a flexible disk, or the like. Each step of the encryption conversion method is realized by installing from a portable storage medium or the like or downloading from a communication circuit and the CPU executing this program.

  Although the preferred embodiments of the present invention have been described in detail above, the present invention is not limited to the specific embodiments, and various modifications, within the scope of the gist of the present invention described in the claims, It can be changed.

When a user J uses information held by a server D, FIG. It is a block diagram in connection with embodiment of this invention. It is a figure which shows the procedure which a user should implement. It is a figure which shows the procedure which the information management server 20 should implement. It is a figure which shows the procedure which the information management server 30 should implement. It is a figure which shows the procedure which the conversion server 20 should implement.

Explanation of symbols

1 System 10, 40 User-owned information terminal 11 User credential means 12 Encrypted file / electronic ticket receiving means 13 File decryption means 14 File display means 20 Information management server 21 User authentication means 22 Terminal specific information / user information sending means 23 Encryption Encrypted file / electronic ticket receiving means 24 Encrypted file / electronic ticket sending means 30 Information management server 31 User information receiving means 32 Content usage range restricting means 33 Content encrypting means 34 Electronic ticket generating means 50 Conversion server 51 Encrypted file / electronic Ticket receiving means 52 Content decrypting means 53 Key length determining means 54 Content encrypting means 55 Electronic ticket generating means 56 Encrypted content / electronic ticket sending means

Claims (11)

A cryptographic conversion device that performs cryptographic conversion for re-encrypting data encrypted by a first encryption method using a second encryption method,
Conversion means for performing the cryptographic conversion so that the protection strength of the data encrypted by the first encryption method and the protection strength of the data encrypted by the second encryption method are equal to or greater than A cryptographic conversion apparatus. The conversion means uses a calculation amount necessary for decryption to protect the strength of the data encrypted by the first encryption method and the protection of the data encrypted by the second encryption method. The cipher conversion apparatus according to claim 1, wherein the cipher conversion is performed so that the strength is equal to or higher. The encryption conversion apparatus according to claim 1, wherein the conversion unit specifies a protection strength of data encrypted by the second encryption method using a length of an encryption key used for encrypting the data. The converting means depends on at least one of the value of the data, the data protection period, the data distribution route information, the data using device information, the user profile information, and a combination thereof, and the second encryption. The encryption conversion device according to claim 1, wherein the protection strength of data encrypted by the encryption method is determined. The cryptographic conversion apparatus according to any one of claims 1 to 4, wherein the cryptographic conversion apparatus includes a conversion server that is neutral with respect to each organization for performing cryptographic conversion. The encryption conversion apparatus according to claim 1, further comprising a generation unit that generates an electronic ticket for the terminal that receives the data. The cryptographic conversion apparatus according to any one of claims 1 to 6, wherein a protection strength applied to the data is realized by using a tamper resistant technique. The cryptographic conversion apparatus according to any one of claims 1 to 7, wherein the data use qualification is proved by using at least one of an electronic certificate, a smart card, and an IC card. An encryption conversion method for performing encryption conversion for re-encrypting data encrypted by a first encryption method using a second encryption method,
A conversion step for performing the cryptographic conversion so that the protection strength of the data encrypted by the first encryption method and the protection strength of the data encrypted by the second encryption method are equal to or greater than A cryptographic conversion method. The conversion step uses a calculation amount necessary for decryption to protect the strength of the data encrypted by the first encryption method and the protection of the data encrypted by the second encryption method. The encryption conversion method according to claim 9, wherein the encryption conversion is performed so that the strength is equal to or greater than that. A program for causing a computer to execute the cryptographic encryption conversion method according to claim 9 or 10.

Images