JP2012118571A - Information sharing system, method, virtual machine management server, and program thereof - Google Patents

Information sharing system, method, virtual machine management server, and program thereof Download PDF

Info

Publication number
JP2012118571A
JP2012118571A JP2010264736A JP2010264736A JP2012118571A JP 2012118571 A JP2012118571 A JP 2012118571A JP 2010264736 A JP2010264736 A JP 2010264736A JP 2010264736 A JP2010264736 A JP 2010264736A JP 2012118571 A JP2012118571 A JP 2012118571A
Authority
JP
Japan
Prior art keywords
virtual machine
file
information sharing
sharing system
management server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2010264736A
Other languages
Japanese (ja)
Other versions
JP5480786B2 (en
Inventor
Fumisato Hoshino
Tetsutaro Kobayashi
Akira Nagai
Takeshi Yamamoto
鉄太郎 小林
剛 山本
文学 星野
彰 永井
Original Assignee
Nippon Telegr & Teleph Corp <Ntt>
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegr & Teleph Corp <Ntt>, 日本電信電話株式会社 filed Critical Nippon Telegr & Teleph Corp <Ntt>
Priority to JP2010264736A priority Critical patent/JP5480786B2/en
Publication of JP2012118571A publication Critical patent/JP2012118571A/en
Application granted granted Critical
Publication of JP5480786B2 publication Critical patent/JP5480786B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Abstract

PROBLEM TO BE SOLVED: To provide a technology of sharing a file with other persons without secondary flow of the file itself.SOLUTION: An information sharing system comprises: a virtual machine management server 2 in which a virtual machine capable of viewing a file or viewing and editing a file runs; and a receiving device 3 that is capable of operating the virtual machine and that acquires screen information of the virtual machine. Instead of acquiring a file itself the receiving device 3 acquires the screen information of the virtual machine for viewing the file. Therefore, the file itself is not subject to secondary flow.

Description

  The present invention relates to a technique for sharing information via a network.

  In order for A to share a file that is electronic data with B, A stores the file in a portable recording medium such as a USB memory, a CD, or a DVD and hands the portable recording medium to B, or by e-mail, etc. There is a method in which A transmits a file to B via a network (for example, see Non-Patent Document 1 and Non-Patent Document 2).

Satoshi Oda, Tetaro Kobayashi, Yoshiaki Seki, "A Study on Storage Encryption", SCIS 2009 Yoshiaki Seki, Satoshi Oda, Tetaro Kobayashi, "Proposal of Virtual Private Device by Storage Encryption", FIT 2009

  However, if A passes the file itself to B by the above method, B may pass the file to C, a third party. That is, there is a possibility that the file secondarily leaks against A's will.

  An object of the present invention is to share a file with others without causing the file itself to be secondarily leaked.

  An information sharing system according to one aspect of the present invention includes a virtual machine management server on which a virtual machine that can view or edit a file and a virtual machine management server that can operate the virtual machine and receive the screen information of the virtual machine. And a device.

  The receiving apparatus acquires not the file itself but the screen information of the virtual machine that can view the file. Therefore, the file itself never leaks out.

The block diagram for demonstrating the structure of an information sharing system. The flowchart for demonstrating the process of the information sharing method of 1st embodiment to 3rd embodiment. The flowchart for demonstrating the process of the information sharing method of 4th embodiment. The figure for demonstrating the access to the virtual machine management server 2 using a browser.

  An embodiment of the present invention will be described below with reference to the drawings.

[First embodiment]
As shown in FIG. 1, the information sharing system according to the first embodiment includes a transmission device 1, a virtual machine management server 2, a reception device 3, and a file server 5, for example. The virtual machine management server 2 includes an authentication unit 21 and a virtual machine generation unit 22, for example. The file server 5 includes a storage unit 4, for example.

  The information sharing method of the first embodiment performs each process of FIG.

  The transmission device 1 authenticates the authentication unit 21 of the virtual machine management server 2 (step S1). For example, the transmission device 1 accesses the virtual machine management server 2 via a browser and transmits the ID and password input by the user to the virtual machine management server 2. The authentication unit 21 of the virtual machine management server 2 verifies whether or not the received ID and password are correct based on the information about the ID and password that are held in advance. In this way, authentication may be performed using the ID and password, or authentication may be performed using other methods. For example, authentication using a certificate may be performed. In this case, authentication is performed on the premise that the virtual machine management server 2 trusts the certificate authority that issued the certificate.

  After successful authentication, the transmission device 1 requests the virtual machine management server 2 to generate a virtual machine (step S2). This generation request is made, for example, when the transmission device 1 transmits virtual machine generation request information to the virtual machine management server 2. A virtual machine is sometimes abbreviated as VM by taking the initials of Virtual Machine.

  The virtual machine generation unit 22 of the virtual machine management server 2 generates a virtual machine on the virtual machine management server 2 (step S3). In this embodiment, the virtual machine generation unit 22 generates a virtual machine capable of browsing files to be described later.

  After the virtual machine is generated, the virtual machine management server 2 transmits a VM generation completion notification indicating that the generation of the virtual machine is completed to the transmission device 1 (step S4). The VM generation completion notification may include information necessary for login such as an IP address.

  After receiving the VM generation completion notification, the transmission device 1 logs in to the generated virtual machine (step S5). Login and operation to the virtual machine are performed via remote desktop software such as VNC (Virtual Network Computing) or a browser. After logging in, the transmission device 1 can perform a predetermined operation on the virtual machine.

  The transmission device 1 operates the virtual machine to store a file that is an information sharing target in the storage unit 4 (step S6). The file is, for example, transmitted from the transmission apparatus 1 to the virtual machine. Of course, the file may be created by the virtual machine management server 2 or created on the virtual machine. In this embodiment, the storage unit 4 is provided in the file server 5, but the storage unit 4 may be provided in a location other than the file server 5, for example, the virtual machine management server 2. The storage unit 4 may be a storage medium such as virtual storage or USB.

  The receiving device 3 authenticates the authentication unit 21 of the virtual machine management server 2 (step S7). For example, similarly to the authentication of the transmission device 1 and the virtual machine management server 2 described above, the authentication of the reception device 3 and the virtual machine management server 2 is performed using an ID and a password.

  After successful authentication, the receiving device 3 requests the virtual machine management server 2 to generate a virtual machine (step S8). This generation request is made, for example, when the transmission device 1 transmits virtual machine generation request information to the virtual machine management server 2.

  The virtual machine generation unit 22 of the virtual machine management server 2 generates a virtual machine on the virtual machine management server 2 (step S9). In this embodiment, the virtual machine generation unit 22 generates a virtual machine capable of browsing files to be described later.

  After the virtual machine is generated, the virtual machine management server 2 transmits a VM generation completion notification indicating that the generation of the virtual machine is completed to the receiving device 3 (step S10). The VM generation completion notification may include information necessary for login such as an IP address.

  After receiving the VM generation completion notification, the receiving device 3 logs in to the generated virtual machine (step S11). Login and operation to the virtual machine are performed via remote desktop software such as VNC (Virtual Network Computing) or a browser. After logging in, the receiving device 3 can perform a predetermined operation on the virtual machine.

  The receiving device 3 operates the virtual machine to read a file to be information shared from the storage unit 4 into the virtual machine (step S12). Since the virtual machine is started by the virtual machine management server 2, it can be said that the file is read by the virtual machine management server 2.

  The receiving device 3 browses the read file by operating the virtual machine (step S13). By this browsing, the receiving device 3 acquires screen information of the virtual machine browsing the file. In this way, the receiving device 3 shares information about the file.

  Since the receiving device 3 does not acquire the file itself, the file itself never flows out.

[Second Embodiment]
Although the virtual machine of the first embodiment can browse a file, the virtual machine may be capable of further editing the file. The first embodiment is different from the second embodiment in that the virtual machine of the second embodiment can further edit the file. Other parts are the same in the first embodiment and the second embodiment, and a duplicate description is omitted.

  When the virtual machine can edit the file, for example, after step S12 or step S13 in FIG. 2, the receiving device 3 may edit the file by operating the virtual machine. The receiving device 3 may be able to store the edited file in the storage unit 4 by operating the virtual machine.

[Third embodiment]
The third embodiment differs from the first embodiment in that the file stored in the storage unit 4 is encrypted with an encryption key. Hereinafter, the description will focus on the parts that are different from the first embodiment, and redundant description of the same parts as in the first embodiment will be omitted.

  The virtual machine of the third embodiment can encrypt a file. After step S5, that is, after logging in to the virtual machine, the transmission apparatus 1 encrypts the file using the encryption key on the virtual machine (step S51, see FIG. 2). The encrypted file is stored in the storage unit 4 in step S6.

  If the file can be encrypted on the virtual machine instead of the transmission device 1, there is an advantage that it is not necessary to prepare special software for encryption in the transmission device 1.

  The receiving device 3 operates the virtual machine, reads the file encrypted in step S12 on the virtual machine, decrypts the encrypted file using the decryption key, and generates a file ( Step S121).

  The encryption key used for encryption and the decryption key used for decryption by the virtual machine depend on the encryption format adopted by the information sharing system. These encryption key and decryption key are generated by the key generation unit 6 provided in the virtual machine management server 2 as necessary.

  When the information sharing system adopts a common key encryption method such as Camellia, the encryption key and the decryption key match. In this case, since it is necessary to change the key for each file, the key generation unit 6 needs to manage the correspondence between the file and the key.

  When the information sharing system employs a public key cryptosystem such as elliptic curve cryptography or ID-based cryptography, the public key becomes an encryption key and the secret key becomes a decryption key. When employing ID-based encryption, it is not necessary to create an encryption key and a decryption key in advance, and an encryption key and a decryption key may be created according to a specified condition (ID). See Reference 1 and Reference 3 for ID-based encryption.

[Reference 1] Okamoto, Shiraishi, Kawaoka, “Secure User Authentication with Single Management Information”, IEICE Technical Report, IN83-92, pp.43-48, 1984.
[Reference 2] Kobayashi, Yamamoto, Suzuki, Hirata, "Application of ID-based encryption and keyword search encryption", NTT Technical Journal, 22 (2), pp.17-20, 2010.
[Reference 3] CRYPTREC ID-based encryption research WG, research report on ID-based encryption, CRYPTREC report. 2009. , [Online], [November 18, 2010 search], Internet <URL: http://www.cryptrec.go.jp/report/c08 idb2008.pdf>
Furthermore, the information sharing system can employ other encryption methods, for example, encryption methods such as so-called hybrid encryption, predicate encryption, and function encryption.

  When the hybrid encryption method is adopted, for example, a file is encrypted using a key that is a generated random number. Then, the key is encrypted with the public key in the public key cryptosystem, and the encrypted file and the encrypted key are stored in the storage unit 4. Then, the encrypted key read from the storage unit 4 is decrypted with the secret key corresponding to the public key to generate a key, and the encrypted file is decrypted using the key to generate the file. .

  Alternatively, the key may be distributed by a secret sharing method such as the Shamir secret sharing method described in Reference 4.

[Reference 4] Hiroshi Yamamoto, “Secret Sharing Method and its Variations”, Research Institute of Mathematical Analysis, Volume 1361, pp.19-31, 2004.
Predicate encryption makes it possible to incorporate AND and OR conditions as decryption key conditions, and function encryption makes it possible to incorporate NOT conditions as decryption key conditions in addition to condition AND and OR conditions. Conditional expressions can be used as decoding conditions. For predicate encryption and function encryption, see Reference 5 and Reference 6, respectively.

[Reference 5] T. Okamoto, K. Takashima, “Hierarchical Predicate Encryption for Inner-Products”, ASIACRYPT 2009, Tokyo, Jap an, pp.213-231, 2009-12-06 / 10.
[Reference 6] T. Okamoto, K. Takashima, "Fully Secure Functional Encryption
with General Relations from the Decisional Linear Assumption ", CRYPTO 2010, SantaBarbara, California, USA, pp.191-208, 2010-8-15 / 19.
In the above example, the file is encrypted on the virtual machine. However, the transmission apparatus may encrypt the file and store the encrypted file in the storage unit 4 via the virtual machine in step S6. .

[Fourth embodiment]
In the fourth embodiment, a virtual machine image file for generating a virtual machine includes a file for information sharing. About another part, it is the same as that of 1st embodiment. Below, it demonstrates centering on a different part from 1st embodiment, and duplication description is abbreviate | omitted about the same part.

  The virtual machine management server 2 of the fourth embodiment includes a virtual machine image file generation unit 23 indicated by a broken line in FIG.

  The virtual machine management server 2 of the fourth embodiment performs each process of FIG.

  After successful authentication in step S1, the transmission apparatus 1 requests the virtual machine management server 2 to generate a virtual machine image file including the file (step S11 ', FIG. 3).

  The virtual machine image file generation unit 23 generates a virtual machine image file using the file (step S12 '). This file is, for example, transmitted from the transmission device 1 to the virtual machine, as in the first embodiment. Of course, the file may be created by the virtual machine management server 2. In addition, this file may be encrypted with a predetermined encryption key in the same manner as in the third embodiment.

  The virtual machine management server 2 stores the generated virtual machine image file in the storage unit 4 (step S13 ').

  After receiving the virtual machine generation request from the receiving device 3 in step S8, the virtual machine generation unit 22 reads the virtual machine image file from the storage unit 4 (step S81), and the virtual machine image file is based on the read virtual machine image file. Is generated (step S9).

  The generated virtual machine contains files. For example, the file is stored in a predetermined folder of the virtual machine. Therefore, the receiving device 3 can browse the file that is the target of information immediately after logging in to the virtual machine without referring to the storage unit 4.

  If the file is encrypted, the receiving device 3 operates the virtual machine to decrypt the encrypted file using a predetermined decryption key in the same manner as in the third embodiment (step S121). Generate a file that is the target of information.

  Of course, this virtual machine may be capable of further editing the file in the same manner as in the second embodiment.

[Other variations]
Considering that browsers are installed in many computers in advance, authentication to a virtual machine management server, login to a virtual machine, and operation of a virtual machine to be described later are performed via the browser as illustrated in FIG. In this case, there is an advantage that information can be shared even if the transmitting device 1 and the receiving device 3 do not have special devices or software.

  In this case, as illustrated in FIG. 4, the virtual machine management server 2 is implemented with a common gateway interface (CGI), and based on data transmitted to and received from the browser, files and virtual machines are dynamically added. An image file can be generated. FIG. 4 is an image diagram in the case where the processes of steps S1 and S11 'of the fourth embodiment are performed via a browser.

  The transmission device 1 may be able to set the access authority to the file of the reception device 3. For example, the transmitting device 1 can accept a file to be shared by a receiving device or user, or an operation that the receiving device or user can perform on the file (for example, browsing only, not only browsing but also editing). Can be specified). Based on this designation, the virtual machine generator 22 of the virtual machine management server 2 creates a virtual machine that complies with this designation. This virtual machine permits the receiving device 3 only operations permitted by the access right of the receiving device 3 to the file.

  It is possible to set the software to be installed in the virtual machine and create a virtual machine image file that reflects this setting. After that, if you start up with a virtual machine based on this virtual machine image file, you can have a customized OS (virtual machine) there. Since it is possible to execute only a specific command (operation), for example, if a command for downloading a file is disabled, the download cannot be performed.

  The setting of the access authority to the file of the receiving device 3 may be automatically performed by the virtual machine management server 2 based on shared information regarding the file. This shared information includes, for example, information about the transmitting device 1 (for example, information about whether it is an individual or an organization), information about the receiving device 3 (for example, information about whether it is an individual or an organization), information about a file (for example, At least one of the importance and confidentiality of the file.

  The virtual machine management server 2 that has received the shared information has access control rules (who (individuals, organizations, etc.) stored in advance and what information (sensitivity, importance, etc.) and what access (viewing, editing). The operation that can be performed on the file is designated from the rule for permitting at least one or more such as sharing with others) and the shared information.

  The virtual machine may be generated in advance. For example, each of a plurality of virtual machines of a plurality of patterns, such as browsing and decoding only, browsing, decoding and decoding, and the like is generated in advance, each time the transmission device 1 and the reception device 3 access, These generated virtual machines may be appropriately assigned. Further, these virtual machines may be reusable as necessary. In addition, when including user-specific information in the virtual machine, the virtual machine management server 2 generates the information every time the transmission device 1 and the reception device 3 access, and the use of the transmission device 1 and the reception device 3 ends. You may discard it every time.

  Further, for example, the authentication and login described in steps S1, S5, S7, and S11 are not necessarily essential.

  When the virtual machine management server 2 is realized by a computer, the processing content of each part of the virtual machine management server 2 is described by a program. Then, by executing this program on a computer, the processing functions of the respective units of the virtual machine management server 2 are realized on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. As the computer-readable recording medium, for example, any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.

  The present invention is not limited to the above embodiments and modifications. For example, the various processes described above are not only executed in time series according to the description, but may also be executed in parallel or individually as required by the processing capability of the apparatus that executes the processes.

  Moreover, you may combine said embodiment and a modification. Needless to say, other modifications are possible without departing from the spirit of the present invention.

DESCRIPTION OF SYMBOLS 1 Transmission apparatus 2 Virtual machine management server 21 Authentication part 22 Virtual machine generation part 23 Virtual machine image file generation part 3 Reception apparatus 4 Storage part 5 File server 6 Key generation part

Claims (10)

  1. A virtual machine management server on which a virtual machine that can view or edit files can be viewed, and
    A receiver that can operate the virtual machine and obtain screen information of the virtual machine,
    Information sharing system.
  2. The information sharing system according to claim 1,
    The receiving device can operate the virtual machine via a browser.
    Information sharing system.
  3. In the information sharing system according to claim 1 or 2,
    The above file is encrypted with an encryption key,
    The virtual machine can decrypt the file with a decryption key corresponding to the encryption key.
    Information sharing system.
  4. In the information sharing system in any one of Claim 1 to 3,
    The above file is included in the virtual machine image file for creating a virtual machine.
    Information sharing system.
  5. In the information sharing system in any one of Claim 1 to 3,
    A storage unit for storing the file;
    The virtual machine can further store a file in the storage unit,
    Further including a transmission device capable of operating the virtual machine and storing the file in the storage unit;
    Information sharing system.
  6. The information sharing system according to claim 5,
    The transmitting device can set the access authority to the file of the receiving device,
    The virtual machine management server permits the receiving device only operations permitted by the access right to the file of the receiving device.
    Information sharing system.
  7. The information sharing system according to claim 5,
    The transmission device transmits shared information regarding the file to the virtual machine,
    The virtual machine management server sets access authority to the file of the receiving device based on the shared information.
    Information sharing system.
  8. A step in which a virtual machine management server moves a virtual machine that can view or edit files;
    A receiving device operating the virtual machine to obtain screen information of the virtual machine;
    Information sharing method.
  9.   A virtual machine management server in which a virtual machine capable of browsing or viewing and editing a file moves, the virtual machine is operable by a receiving device, and screen information of the virtual machine is transmitted to the receiving device.
  10.   A program for causing a computer to function as the virtual machine management server according to claim 9.
JP2010264736A 2010-11-29 2010-11-29 Information sharing system, method, virtual machine management server and program thereof Active JP5480786B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010264736A JP5480786B2 (en) 2010-11-29 2010-11-29 Information sharing system, method, virtual machine management server and program thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010264736A JP5480786B2 (en) 2010-11-29 2010-11-29 Information sharing system, method, virtual machine management server and program thereof

Publications (2)

Publication Number Publication Date
JP2012118571A true JP2012118571A (en) 2012-06-21
JP5480786B2 JP5480786B2 (en) 2014-04-23

Family

ID=46501360

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010264736A Active JP5480786B2 (en) 2010-11-29 2010-11-29 Information sharing system, method, virtual machine management server and program thereof

Country Status (1)

Country Link
JP (1) JP5480786B2 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003280906A (en) * 2002-03-20 2003-10-03 Nec Corp Server system, its processing method, and server
JP2004171412A (en) * 2002-11-21 2004-06-17 Ntt Data Corp Virtual pc rental device, program for execution by computer, and virtual pc rental system
JP2006107185A (en) * 2004-10-06 2006-04-20 Hitachi Ltd Computer system with terminal allowing off-line work
JP2007288771A (en) * 2006-03-23 2007-11-01 Canon Inc Image processor, display screen transmission method, control program, and storage medium
JP2007310508A (en) * 2006-05-16 2007-11-29 Nippon Telegraph & Telephone East Corp Thin client system and program for thin client terminal
WO2008111448A1 (en) * 2007-03-09 2008-09-18 Nec Corporation Server function switching device, method and program, and thin client system and server device
JP2009503647A (en) * 2005-07-22 2009-01-29 マイクロソフト コーポレーション Secure hardware desktop buffer configuration

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003280906A (en) * 2002-03-20 2003-10-03 Nec Corp Server system, its processing method, and server
JP2004171412A (en) * 2002-11-21 2004-06-17 Ntt Data Corp Virtual pc rental device, program for execution by computer, and virtual pc rental system
JP2006107185A (en) * 2004-10-06 2006-04-20 Hitachi Ltd Computer system with terminal allowing off-line work
JP2009503647A (en) * 2005-07-22 2009-01-29 マイクロソフト コーポレーション Secure hardware desktop buffer configuration
JP2007288771A (en) * 2006-03-23 2007-11-01 Canon Inc Image processor, display screen transmission method, control program, and storage medium
JP2007310508A (en) * 2006-05-16 2007-11-29 Nippon Telegraph & Telephone East Corp Thin client system and program for thin client terminal
WO2008111448A1 (en) * 2007-03-09 2008-09-18 Nec Corporation Server function switching device, method and program, and thin client system and server device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CSND201000645011; 加藤 慶信: '最新クラウド徹底解説 Chapter 1 DaaS仮想デスクトップサービス' みてわかるクラウドマガジン Vol.2 第2巻, 20101010, p.68-p.73, 日経BP社 *
JPN6013056406; 加藤 慶信: '最新クラウド徹底解説 Chapter 1 DaaS仮想デスクトップサービス' みてわかるクラウドマガジン Vol.2 第2巻, 20101010, p.68-p.73, 日経BP社 *

Also Published As

Publication number Publication date
JP5480786B2 (en) 2014-04-23

Similar Documents

Publication Publication Date Title
EP2396921B1 (en) Trusted cloud computing and services framework
EP2396922B1 (en) Trusted cloud computing and services framework
JP5754655B2 (en) Non-container data for trusted computing and data services
JP2013513889A (en) Confirmable trust for data through the wrapper complex
US8924720B2 (en) Method and system to securely migrate and provision virtual machine images and content
CN105027107B (en) Migrate the computer implemented method and computing system of computing resource
US20140019753A1 (en) Cloud key management
TWI532355B (en) Trustworthy extensible markup language for trustworthy computing and data services
EP2249511A1 (en) Information security device and information security system
TWI571765B (en) A system and method to protect user privacy in multimedia uploaded to internet sites
US20150161410A1 (en) Method for secure storing of a data file via a computer communication network
US20110276490A1 (en) Security service level agreements with publicly verifiable proofs of compliance
US8966287B2 (en) Systems and methods for secure third-party data storage
US9137222B2 (en) Crypto proxy for cloud storage services
US20130254536A1 (en) Secure server side encryption for online file sharing and collaboration
JP5296365B2 (en) System, method, and computer program for encryption key management and automatic generation
ES2575112T3 (en) Method and system to obtain identification information on a mobile device
US9070112B2 (en) Method and system for securing documents on a remote shared storage resource
JP2015233269A (en) Network node and method of operating the same
Thilakanathan et al. Secure data sharing in the cloud
US8745416B2 (en) Systems and methods for secure third-party data storage
KR101010040B1 (en) File encryption/decryption method, device, program, and computer-readable recording medium containing the program
US10037428B2 (en) Data security using request-supplied keys
US8489889B1 (en) Method and apparatus for restricting access to encrypted data
US8910297B2 (en) Securing user data in cloud computing environments

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20121225

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20131016

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20131119

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20140120

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20140204

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20140214

R150 Certificate of patent or registration of utility model

Ref document number: 5480786

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150