JP2013145420A - High-speed similarity retrieval processing system of encrypted data - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a retrieval processing system for executing similarity retrieval at a high speed while encrypting data in order to block a fraudulent operation from a cloud system manager in a processing form of making a cloud system retrieve the data.SOLUTION: A retrieval agent encrypts data for which a plaintext reference stored in a storage unit is divided in units of blocks and prepares a primary encrypted reference and a secondary encrypted reference. Also, the retrieval agent encrypts data for which a plaintext read stored in the storage unit is divided in units of blocks and prepares a primary encrypted read and a secondary encrypted read. According to scores by the right and wrong of a retrieval result of the primary encrypted reference and the primary encrypted read and a retrieval result of the secondary encrypted reference and the secondary encrypted read by a management server, the management server determines that the secondary encrypted reference of a high score is similar to the secondary encrypted read.

Description

  The present invention relates to a search processing system that can entrust high-speed similarity search of encrypted data to a server without decrypting the encrypted data stored in the server.

  In recent years, in the bioinformatics field, genome analysis has progressed dramatically with the spread of analyzers. In the analysis, it is necessary to determine to which part of the accumulated genome data a certain piece of genomic information is similar, but there are standard algorithms for that purpose. However, a large amount of computational resources are required to store a large amount of genome data and execute the determination process, and therefore it is desired to provide a similar search service on the cloud.

  On the other hand, in the cloud system, the organization that manages the information system is different from the organization that uses the information system. Therefore, measures to prevent information leakage, investigation of the cause after the occurrence of an accident, measures to prevent recurrence, etc. can be established only by the organization itself. Hateful. Therefore, it is necessary to ensure the confidentiality of data in advance by using encryption technology as a preventive measure against illegal data leakage.

  Therefore, research has been conducted on encryption technology that deposits encrypted data in a cloud system and allows the cloud system to search the data while it is encrypted. For example, Non-Patent Document 1 and Non-Patent Document 2 describe a search processing method for searching encrypted data without decryption.

Masayuki Yoshino, Ken Naganuma, Naoyoshi Sato. Study of searchable encryption for DB (2), Inproceedings of The 2011 Symposium on Cryptography and Information Security (2011). Dan Boneh, Brent Waters: Conjunctive, Subset, and Range Queries on Encrypted Data.TCC, volume 4392 of Lecture Notes in Computer Science, pages 535-554 (2007).

  Non-Patent Document 1 is based on common key cryptography and is fast, but only complete match search is possible and similarity search is not possible. For example, when searching for data “abcd”, “abcd” cannot be searched by a search lead for “ab” that is the partial character string. On the other hand, the technique of Non-Patent Document 2 is capable of partial match search, but is slow because it uses pairing with a complex number bilinear group with heavy arithmetic processing. For this reason, there is a need for a processing method that analyzes the similarity between the search keyword and the data to be searched together at a high speed.

  In order to solve the above-described problems, the present invention provides a search agent that stores a program related to data encryption processing and decryption processing in a storage unit, and a management server that stores a program related to encrypted data match search processing in the storage unit. A search processing system that cooperates via a network, the search agent stores a program for realizing encryption and decryption of data such as Non-Patent Document 1 and Non-Patent Document 2 in a storage unit, and the management server is non-patent A program that realizes a coincidence search of encrypted data such as Document 1 and Non-Patent Document 2 is stored in the storage unit, and the search agent encrypts the data obtained by dividing the plaintext reference stored in the storage unit into block units, and 1 The secondary encryption reference and secondary encryption reference are created, and the search agent is stored in the storage unit. The primary encryption read and the secondary encryption read are created by encrypting the data obtained by dividing the plaintext read stored in the storage unit into block units, and the primary encryption reference and primary encryption by the management server. According to the search result of the lead and the score of the secondary encryption reference by the management server and the search result of the secondary encryption lead, the secondary encryption reference with a high score is similar to the secondary encryption lead. judge.

  The search agent can perform a process of causing the management server to detect the searched data similar to the search keyword while encrypting both the search keyword and the searched data.

In a first embodiment, it is a figure which illustrates the outline of a search processing consignment system. FIG. 3 is a diagram illustrating an outline of a function of a search agent in the first embodiment. In 1st embodiment, it is a figure which illustrates the outline of the function of a management server. It is a figure which illustrates schematic structure of a computer. 4 is a diagram illustrating a processing flow of a registration process of a primary encryption reference and a secondary encryption reference, which is performed by a search agent and a management server via a network 100 in the first embodiment. FIG. It is a figure which illustrates the plaintext reference stored in the data storage part of a search agent in 1st embodiment. FIG. 4 is a diagram illustrating a primary encryption reference and a secondary encryption reference stored in a data storage unit of the management server in the first embodiment. FIG. 3 is a diagram illustrating a processing flow of a secondary encryption reference search process performed by the search agent and the management server via the network 100 in the first embodiment. FIG. 10 is a diagram illustrating a processing flow in which a registration agent creates a primary encryption reference in the first embodiment. FIG. 9 is a diagram illustrating a processing flow in which a registration agent creates a secondary encryption reference in the first embodiment. FIG. 7 is a diagram illustrating a processing flow in which a search agent searches for a secondary encryption reference corresponding to a primary encryption lead in the first embodiment. FIG. 6 is a diagram illustrating a processing flow in which a registration agent creates a secondary encrypted lead in the first embodiment. FIG. 10 is a diagram illustrating a processing flow in which the management server searches for a secondary encryption reference corresponding to a secondary encryption read in the first embodiment. FIG. 10 is a view showing an example of search results displayed on the output unit by the overall processing unit 211 of the search agent 200.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that, in the embodiment, the same members are, in principle, given the same reference numerals, and repeated description is omitted.
(Embodiment 1)
FIG. 1 is a schematic diagram of a search processing system according to the first embodiment of the present invention. As shown in the figure, the search processing system includes a search agent 200 and a management server 300, and the search agent 200 and the management server 300 are designed to be able to transmit and receive information to and from each other via a network 100.

  The search agent 200 in the present embodiment functions as a transmission / reception device that transmits data and a reference for search (hereinafter referred to as a reference) to the management server 300 and receives a reception result from the management server 300, and for search processing consignment Of the server (hereinafter referred to as “lead”) to the management server 300 and functions as a transmission / reception device that receives the search result from the management server 300. The management server 300 stores the reference and uses the received lead. It functions as a transmission / reception device for searching for a reference.

<Figure 2>
FIG. 2 is a functional schematic diagram of the search agent 200. As illustrated, the registration agent 200 includes a control unit 210, a storage unit 220, an input unit 201, an output unit 202, and a communication unit 203.

  The storage unit 220 includes a data storage unit 230, a program storage unit 260, and a temporary information storage unit 280.

  The data storage unit 230 stores information about a reference before encryption (hereinafter referred to as a plaintext reference 231), which is data to be transmitted to the management server 300. In the present embodiment, the information regarding the received plaintext reference 231, the information regarding the pre-encryption lead (hereinafter, plaintext lead 233) used for the search process, and the management server 300 (after encryption) via the input unit 201. ) Information related to the plaintext reference 231 to be registered and information related to the public parameter 237 are stored. In addition, information related to the primary encryption reference and the secondary encryption reference output from the reference encryption unit 213 and information related to the primary encryption read and the secondary encryption read output from the read encryption unit 217 are also stored. . In addition, information on the secret key 251 that should be secretly managed by the registration agent 200 from the viewpoint of security is also stored.

  The program storage unit 260 includes a program for primary encryption reference and secondary encryption reference registration processing, including primary encryption reference and secondary encryption reference, including encryption processing such as key generation, encryption, and decryption. Stores a program related to search processing using a computerized lead. The registration process of the primary encryption reference and the secondary encryption reference will be described in detail later using FIG. Further, the secondary encryption reference search processing by the primary encryption read will be described in detail later using FIG. The search processing of the secondary encryption reference by the secondary encryption read will be described in detail later using FIG.

  The temporary information storage unit 280 stores information necessary for processing by the control unit 210 and the like.

  The control unit 210 includes an overall processing unit 211, a key generation unit 212, a reference encryption unit 213, a reference decryption unit 215, and a read encryption unit 217.

  The overall processing unit 211 loads a program related to the registration processing of the primary encryption reference and the secondary encryption reference from the program storage unit 260, performs control between the modules in the search agent 200, and further performs simple arithmetic processing. carry out.

  For example, the overall processing unit 211 performs processing for storing the information received through the input unit 201 as the plaintext reference 231 in the data storage unit 230. In the present embodiment, the overall processing unit 211 performs processing for displaying the plaintext reference 231 on the output unit 202.

  In this embodiment, the overall processing unit 211 reads the plaintext reference 231 stored in the data storage unit 230, inputs the plaintext reference 231 to the reference encryption unit 213, and outputs the output data to the data storage unit 230 in the primary encryption. The process of storing as an encryption reference or a secondary encryption reference is performed.

  Further, in this embodiment, the overall processing unit 211 reads the plaintext read 233 stored in the data storage unit 230, inputs it to the read encryption unit 217, and outputs the output data to the data storage unit 230 as a primary encryption. To store as an encrypted read or secondary encrypted read.

  In this embodiment, the overall processing unit 211 transmits the primary encryption reference, the secondary encryption reference, the primary encryption read, and the secondary encryption lead to the management server 300 via the communication unit 203. The reception result is received from the management server 300.

  In this embodiment, the overall processing unit 211 transmits the primary encryption lead and the secondary encryption lead to the management server 300 via the communication unit 203, and manages the search result of the secondary encryption reference. Processing to receive from the server 300 is performed.

  Further, in the present embodiment, the overall processing unit 211 stores the secondary encryption reference received from the management server 300 via the communication unit 203 in the temporary information storage unit 280 and displays it on the output unit 202. Process.

  The key generation unit 212 performs processing for generating the secret key 251 and the public parameter 237. For example, in the present embodiment, the overall processing unit 211 inputs the public parameter 237, and the key generation unit 212 performs a process of outputting the secret key 251. The overall processing unit 211 may load the public parameter 237 stored as a part of the public parameter 237, or may input the public parameter 237 to the key generation unit 212 via the input unit 201.

  The method for realizing the secret key 251 can be realized by implementing a key generation algorithm (AES cipher, DES cipher, searchable cipher, etc.) of each encryption method, and thus detailed description thereof will be omitted.

  The method of realizing the secret key 251 and the public parameter 237 used by the reference encryption unit 213 (and the read encryption unit 217 of the search agent 200) depends on the implementation of the key generation method (searchable encryption, etc.) of each encryption method. Since it is feasible, the detailed description is omitted.

  The reference encryption unit 213 performs a process of encrypting the plaintext reference 231 in cooperation with the overall processing unit 211. The plaintext reference 231 is digital data composed of letters, numbers, and symbols. FIG. 6 (a) shows an example of plaintext reference 231 which is digital data composed of letters (A: adenine, G: guanine, C: cytosine, T: thymine) meaning the base sequence of DNA. .

  The read encryption unit 217 cooperates with the overall processing unit 211 to perform processing for encrypting the plaintext lead 233. The plaintext lead 233 is digital data composed of letters, numbers, and symbols, like the plaintext reference 231.

  In this embodiment, the overall processing unit 211 inputs the plaintext reference 231 and the secret key 251 to the reference encryption unit 213, and the reference encryption unit 213 performs a process of outputting the primary encryption reference and the secondary encryption reference. Do. A method for creating the primary encryption reference will be described later in detail with reference to FIG. A method for creating the secondary encryption reference will be described later in detail with reference to FIG.

  In this embodiment, the overall processing unit 211 inputs the plaintext lead 233 and the secret key 251 to the read encryption unit 217, and the read encryption unit 217 performs a process of outputting the primary encryption read and the secondary encryption read. . The method for creating the primary encrypted lead will be described later in detail with reference to FIG. The method for creating the secondary encrypted lead will be described in detail later with reference to FIG.

<Figure 3>
FIG. 3 is a functional schematic diagram of the management server 300. As illustrated, the management server 300 includes a control unit 310, a storage unit 320, an input unit 301, an output unit 302, and a communication unit 303.

  The storage unit 320 includes a program storage unit 360, a data storage unit 330, and a temporary information storage unit 380.

  Information relating to data received from the registration agent 200 via the communication unit 303 is stored in the data storage unit 330. In the present embodiment, information regarding the primary encryption reference 331 and the secondary encryption reference 332 received via the communication unit 303 is stored. In addition, information related to the public parameter 337 is stored. In addition, information related to data received from the search agent 200 via the communication unit 303 is stored. In the present embodiment, information regarding the received primary encryption lead and secondary encryption lead is temporarily stored via the communication unit 303.

  The program storage unit 360 stores a program related to the search process for the secondary encryption reference 332. The search processing of the secondary encryption reference 332 will be described in detail later using FIG. 10 and FIG.

  The temporary information storage unit 380 stores information necessary for processing in the control unit 310.

  The control unit 310 includes an overall processing unit 311 and a search unit 312.

  The overall processing unit 311 loads a program related to the search processing of the secondary encryption reference 332 from the program storage unit 360, performs control between the modules in the management server 300, and performs simpler arithmetic processing.

  For example, the overall processing unit 311 receives the primary encryption reference 331, the secondary encryption reference 332, the primary encryption lead, and the secondary encryption lead from the registration agent 200 via the communication unit 303, and the data Processing to be stored in the storage unit 330 is performed. The storage method of the primary encryption reference 331 and the secondary encryption reference 332 will be described in detail later using FIG. 6 (a) and FIG. 6 (b).

  In the present embodiment, the overall processing unit 311 receives the primary encryption lead and the secondary encryption lead from the search agent 200 via the communication unit 303, and stores the data in the data storage unit 330. Do.

  In the present embodiment, the overall processing unit 311 inputs the primary encryption lead and the primary encryption reference 331 to the search unit 312 or the secondary encryption lead and the secondary encryption reference 332 as the search unit 312. The data received by the search unit 312 is received.

  Furthermore, the overall processing unit 311 performs processing for storing information related to data received from the search agent 200 or the registration agent 200 via the communication unit 303 in the temporary information storage unit 380 and processing for displaying the information on the output unit 302. .

<Figure 4>
The search agent 200 and the management server 300 described above are, for example, a CPU 501, a memory 502, an external storage device 503 such as an HDD, a CD, a DVD, etc. as shown in FIG. 4 (schematic diagram of a computer). A reading device 507 for reading / writing information from / to a portable storage medium 508, an input device 506 such as a keyboard and a mouse, an output device 505 such as a display, and a communication device 504 such as a NIC for connecting to a communication network; It can be realized by a general computer provided with an internal communication line (referred to as a system bus) such as a system bus for connecting them.

  For example, the storage units 220 and 320 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and each processing unit included in the control units 210 and 310 is stored in the external storage device 503. It can be realized by loading a predetermined program into the memory 502 and executed by the CPU 501, the input units 201 and 301 can be realized by using the input device 506 by the CPU 501, and the output units 202 and 302 are This can be realized by using the output device 505 by the CPU 501, and the communication units 203 and 303 can be realized by using the communication device 504 by the CPU 501.

  The predetermined program is stored (downloaded) in the external storage device 503 from the storage medium 508 via the reading device 507 or from the network 100 via the communication device 504, and then loaded onto the memory 502, It may be executed by the CPU 501. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 508 via the reading device 507 or from the network 100 via the communication device 504 and executed by the CPU 501.

<FIG. 5: Registration Process of Primary Encryption Reference 331 and Secondary Encryption Reference 332>
FIG. 5 is a sequence diagram illustrating processing in which the management server 300 registers the primary encryption reference and the secondary encryption reference transmitted by the search agent 200 via the network 100 in the storage unit 320 in the present embodiment. It is.

  The entire processing unit 211 of the search agent 200 loads the plaintext reference 231 and inputs it to the reference encryption unit 213 (S601).

  The reference encryption unit 213 of the search agent 200 loads the secret key 251 and the public parameter 237 stored in the storage unit 220, and converts the plaintext reference 231 into a primary encryption reference and a secondary encryption reference. The conversion method will be described in detail later with reference to FIGS. 8 and 9 (S602).

  The communication unit 203 of the search agent 200 performs processing of transmitting the primary encryption reference and the secondary encryption reference output from the reference encryption unit 213 to the management server 300 via the network 100 (S603).

  A process of receiving the primary encryption reference and the secondary encryption reference transmitted by the registration agent 200 from the communication unit 303 of the management server 300 via the network 100 is performed (S604).

The overall processing unit 311 of the management server 300 stores the primary encryption reference 331 and the secondary encryption reference 332 in the storage unit 320 (S605).
When the management server 300 finishes storing the primary encryption reference 331 and the secondary encryption reference 332 in the storage unit 320, the management server 300 sets “registration success”, and transmits the “registration” from the communication unit 303 via the network 100. A process of transmitting data indicating “success” to the search agent 200 is performed. In addition, if the storage process cannot be completed due to the limitation of the storage amount, etc., “registration failure” is determined, and data indicating “registration failure” is transmitted from the communication unit 303 via the network 100 to the search agent 200. (S606).

  A process of receiving data indicating “registration success” or “registration failure” transmitted from the management server 300 via the network 100 from the communication unit 203 of the search agent 200 is performed (S607).

  Through the above processing (S601 to S607), the search agent 200 encrypts the plaintext reference 231 to the management server 300 via the network 100, instructs the management server 300 to store it in the storage unit 320, and displays the processing result. I can confirm.

  Note that the above processing procedure is not fixed, and the processing procedure may be changed. For example, the search agent 200 may change S602 and S603 to create and transmit the secondary encryption reference 332 after creating and transmitting the primary encryption reference. In addition, the management server 300 may separately perform reception and storage processing of the primary encryption reference and the secondary encryption reference. Similarly, other processing contents may be changed.

<FIG. 6: Plaintext Reference 231 and Primary Encryption Reference 331 and Secondary Encryption Reference 332>
FIG. 6A illustrates the plaintext reference 231 in the data storage unit 230 in the storage unit 220 of the search agent 200. In the example of FIG. 6 (a), the plaintext reference 231 is expressed as m-character data (expressed in byte code or the like) using alphabets and symbols (terminal characters etc.) that can be divided into characters.

  FIG. 6B illustrates the primary encryption reference 331 and the secondary encryption reference 332 in the data storage unit 330 in the storage unit 320 of the management server 300. In the example of FIG. 6B, in the primary encryption reference 331, the plaintext reference 231 is encrypted for every fixed number of character strings (for example, every 11 characters). Using the example of FIG. 6 (a), the B1 block consists of a character string of 11 characters GCTATACTGCT, and Es (B1) obtained by encrypting this is stored as one ciphertext. Similarly, the B2 block is composed of a CTATACTGCTA character string obtained by shifting the B1 block by one character, and Es (B2) obtained by encrypting this is stored in the same manner as Es (B1). Further, the secondary encryption reference 332 concatenates a certain encrypted index and one character of the plaintext reference 231, and this is encrypted and stored. Similarly, other character strings are also encrypted, and the primary encryption reference 331 is composed of (m-10) ciphertexts. In the example of FIG. 6 (b), E (1) in which index 1 is encrypted and G which is the first character of plaintext reference 231 are concatenated as (G || E (1)) (where || Es (G || E (1)) obtained by encrypting this is stored as one ciphertext. Similarly, E (2) in which index 2 is encrypted and C which is the first character of plaintext reference 231 are concatenated as (C || E (2)), and Es (C || E ( 2)) is stored in the same way as Es (G || E (1)). Similarly, other characters are also encrypted, and the secondary encryption reference 332 is composed of m ciphertexts.

<FIGS. 7 and 13: Search processing of primary encryption reference and secondary encryption reference>
FIG. 7 shows that in this embodiment, the management server 300 uses the encrypted read transmitted by the search agent 200 via the network 100 and the primary encryption reference 331 registered in the storage unit 320 and the secondary encryption. FIG. 38 is a sequence diagram showing processing for finding a partial secondary encryption reference related to an encryption read from reference 332;

  The entire processing unit 211 of the search agent 200 loads the plaintext lead 233 and inputs it to the read encryption unit 217 (S801).

  The read encryption unit 217 of the search agent 200 loads the secret key 251 and the public parameter 237 stored in the storage unit 220, and converts the plaintext lead 233 into the primary encryption lead 213. The conversion method will be described in detail in each processing from S1101 to S1108 (S802).

  The communication unit 203 of the search agent 200 performs processing of transmitting the primary encrypted lead output from the read encryption unit 217 to the management server 300 via the network 100 (S803).

  From the communication unit 303 of the management server 300, a process of receiving the primary encryption read transmitted by the registration agent 200 via the network 100 is performed (S804).

  The overall processing unit 311 of the management server 300 extracts partial data of the secondary encryption reference 332 corresponding to the primary encryption read from the secondary encryption reference 332 stored in the storage unit 320. This extraction will be described in detail later using FIG. 10 (S805).

  The management server 300 performs a process of transmitting the extracted partial data of the secondary encryption reference 332 from the communication unit 303 via the network 100 to the search agent 200 (S806).

  The search agent 200 performs processing for receiving, from the communication unit 203, the partial data of the secondary encryption reference transmitted by the management server 300 via the network 100 (S807).

  The search agent 200 loads the secret key 251 and the public parameter 237 stored in the storage unit 220, and uses the reference decryption unit 215 to decrypt the secondary encryption reference partial data into plaintext reference partial data (S808). ).

  The search agent 200 uses the partial data of the plaintext reference, and the read encryption unit 217 creates the secondary encrypted lead 213. The method for creating the secondary encrypted lead will be described later in detail with reference to FIG. 11 (S809).

  The communication unit 203 of the search agent 200 performs processing for transmitting the secondary encrypted lead output from the read encryption unit 217 to the management server 300 via the network 100 (S810).

  From the communication unit 303 of the management server 300, a process of receiving the primary encryption read transmitted by the registration agent 200 via the network 100 is performed (S811).

The overall processing unit 311 of the management server 300 extracts partial data of the secondary encryption reference 332 corresponding to the secondary encryption read from the secondary encryption reference 332 stored in the storage unit 320. This extraction will be described in detail later using FIG. 12 (S812)
The management server 300 performs processing for transmitting the extracted partial data of the secondary encryption reference from the communication unit 303 via the network 100 to the search agent 200 (S813).

  The search agent 200 performs processing for receiving, from the communication unit 203, the partial data of the secondary encryption reference transmitted by the management server 300 via the network 100 (S814).

  The entire processing unit 211 of the search agent 200 loads the secret key 251 and the public parameter 237 stored in the storage unit 220, and uses the reference decryption unit 215 to convert the partial data of the secondary encryption reference into the part of the plaintext reference 231. The data is decrypted (S815).

  The entire processing unit 211 of the search agent 200 changes the plaintext reference partial data so that the edit distance between the plaintext reference partial data and the plaintext lead 233 is the shortest (S816).

  Through the above processing (S801 to S816), the search agent 200 can obtain the primary encryption read from the primary encryption reference 331 and the secondary encryption reference registered in the storage unit 320 of the management server 300 via the network 100. And partial data of secondary encryption reference similar to secondary encryption lead.

  FIG. 13 illustrates search results displayed on the output unit by the overall processing unit 211 of the search agent 200. The match rate on the first line refers to the rate at which the search results of the secondary encryption query and the secondary encryption reference are the same. The score on the second row will be described later in detail with reference to FIG. From the third line onward, similar secondary encryption queries and secondary encryption reference decryption results are displayed.

  Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed. For example, the search agent 200 creates a primary encryption lead and a secondary encryption lead (S808), and then transmits a primary encryption lead (S804) and a secondary encryption lead (S808). May be. Similarly, other processing contents may be changed.

<Figure 8: Primary encryption reference creation process>
FIG. 8 is a sequence diagram illustrating processing in which the search agent 200 converts the plaintext reference into the primary encryption reference in (S602) of the present embodiment.

  The overall processing unit 211 of the search agent 200 inputs the loaded secret key 251, public parameter 237, and plaintext reference to the reference encryption unit 213 (S 901).

The overall processing unit 211 of the search agent 200 sets a block length w that means a reference division unit (S902). (In the example of FIG. 6B, the block length w of the primary encryption reference is 11 characters.)
The overall processing unit 211 of the search agent 200 sets the value of the index i to the initial value 1 (i ← 1) and sets the end value (S903). Thereafter, following the example of FIG. 6B, the end value is set to the number of characters m.

  The overall processing unit 211 of the search agent 200 extracts the w + (i−1) th character from the i-th character in the plaintext reference, and inputs this as a block Bi to the reference encryption unit 213 (therefore, one block is (consisting of w character strings) (S904).

  The reference encryption unit 213 of the search agent 200 encrypts the block Bi and creates a ciphertext Es (Bi) (S905).

  The overall processing unit 211 of the search agent 200 increments the index i by 1 (i ← i + 1) (S906).

  The overall processing unit 211 of the search agent 200 determines whether the index i exceeds the end value (i> m?) (S907). If not, return to S904. If it exceeds, go to S908.

  The entire processing unit 211 of the search agent 200 stores Es (B1) to Es (Bm) sequentially generated in S905 in the storage unit 220 as the primary encryption reference (S908).

  Through the above processing (S901 to S908), the search agent 200 can create a primary encryption reference 331 in which the plaintext reference is divided for each word length and is encrypted by the reference encryption unit.

  Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed. For example, the search agent 200 may extract a plurality of blocks (S904), encrypt them (S905), and increase the number of increments (S906). Similarly, other processing contents may be changed.

<Figure 9: Processing for creating secondary encryption reference>
FIG. 9 is a sequence diagram illustrating processing in which the search agent 200 converts the plaintext reference into the secondary encryption reference in (S602) of the present embodiment.

  The secret key 251 loaded by the overall processing unit 211, the public parameter 237, and the plaintext reference are input to the reference encryption unit 213 of the search agent 200 (S1001).

The overall processing unit 211 of the search agent 200 sets a block length w that means a reference division unit (S1002). (In the example of FIG. 6B, the block length w of the secondary encryption reference is 1 character.)
The overall processing unit 211 of the search agent 200 sets the value of the index i to the initial value 1 (i ← 1) and sets the end value (S1003). Thereafter, following the example of FIG. 6B, the end value is set to the number of characters m.

  The overall processing unit 211 of the search agent 200 encrypts the index i and creates a ciphertext E (i) (S1004).

  The overall processing unit 211 of the search agent 200 extracts the w + (i−1) th character from the i-th character in the plaintext reference and sets it as a block Ci (thus, one block consists of w character strings). (S1005).

  The overall processing unit 211 of the search agent 200 concatenates the extracted block Ci and the encrypted index E (i), and inputs them to the reference encryption unit 213, where the ciphertext Es (Ci || E (i)) Is created (S1006). However, || means concatenation of data (S1006).

  The overall processing unit 211 of the search agent 200 increments the index i by 1 (i ← i + 1) (S1007).

  The overall processing unit 211 of the search agent 200 determines whether the index i exceeds the end value (i> m?) (S1008). If not, return to S1005. If it exceeds, go to S1009.

  The entire processing unit 211 of the search agent 200 stores Es (C1 || E (1)) to Es (Cm || E (m)), which are sequentially created in S1005, as a secondary encryption reference. Store in 220 (S1009).

  Through the above processing (S1001 to S1009), the search agent 200 can create the secondary encryption reference 332 in which the plaintext reference is divided for each word length and the index concatenated data is encrypted by the reference encryption unit.

  Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed. For example, the search agent 200 may extract a plurality of blocks (S1005), encrypt them (S1006), and increase the number of increments of the index i (S1006). Similarly, other processing contents may be changed.

<No figure: Creation of primary encryption lead>
In (S802) of the present embodiment, a process in which the search agent 200 converts the plaintext lead 233 into a primary encrypted lead is shown.

  The secret key 251, the public parameter 237, and the plaintext lead 233 loaded by the overall processing unit 211 are input to the read encryption unit 217 of the search agent 200 (S 1101).

The overall processing unit 211 of the search agent 200 sets a block length w that means a reference division unit (S1102). (In the example of FIG. 6B, the block length w of the primary encryption read is 11 characters.)
The overall processing unit 211 of the search agent 200 sets the value of the index i to the initial value 1 (i ← 1) and sets the end value (S1103). Thereafter, the read end value is set to n.

  The entire processing unit 211 of the search agent 200 extracts the w + (i−1) th character from the i-th character in the plaintext lead 233, and inputs this as a block Bi to the read encryption unit 217 (accordingly, one block). Consists of w character strings) (S1104).

  The read encryption unit 217 of the search agent 200 encrypts the block Bi and creates a ciphertext E (Bi) (S1105).

  The overall processing unit 211 of the search agent 200 increments the index i by 1 (i ← i + 1) (S1106).

  The overall processing unit 211 of the search agent 200 determines whether the index i exceeds the end value (i> n?) (S1107). If not, the process returns to S1104. If so, the process proceeds to S1108.

  The entire processing unit 211 of the search agent 200 stores the E (B1) to E (Bn) sequentially generated in S1105 in the storage unit 220 as the primary encryption read (S1108).

  Through the above processing (S901 to S908), the search agent 200 can create a primary encrypted lead obtained by encrypting the plaintext read by the read encryption unit.

  Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed. For example, the search agent 200 may extract a plurality of blocks (S1105), encrypt them (S1106), and increase the number of increments (S1107). Similarly, other processing contents may be changed.

<Figure 10: Secondary encryption lead extraction process>
FIG. 10 is a sequence diagram illustrating processing in which the management server 300 extracts the secondary encryption reference 332 in (S805) of the present embodiment.

  The public parameter 337 loaded by the overall processing unit 311 is input to the inspection unit 312 of the management server 300 (S1201).

The overall processing unit 311 of the management server 300 sets the block length w (S1202). (In the example of FIG. 6B, the block length w of the primary encryption reference 331 is assumed to be 11.)
The overall processing unit 311 of the management server 300 sets the value of the index i to the initial value and sets the end value (S1203). Thereafter, following S908, it is assumed that E (B1) to E (Bn) are received as the primary encryption read, the initial value is set to 1 (i ← 1), and the end value is set to n.

  The overall processing unit 311 of the management server 300 extracts the ciphertext E (Bi) from the primary encrypted read (S1204).

  The overall processing unit 311 of the management server 300 sets the value of the index j as an initial value and sets an end value (S1205). In the following, it is assumed that Es (B1) to Es (B (m−w + 1)) are stored as the primary encryption reference 331 according to FIG. 6B, and the initial value is 1 (i ← 1 ), And the end value is set to (m-w + 1).

  The overall processing unit 311 of the management server 300 extracts the ciphertext Es (Bi) from the primary encryption reference 331 (S1206).

  The overall processing unit 311 of the management server 300 inputs the ciphertext E (Bi) extracted in S1204 and the ciphertext Es (Bi) extracted in S1205 to the search unit. The inspection unit 312 determines whether or not the ciphertext E (Bi) and the ciphertext Es (Bi) have the same plaintext value before encryption, and returns 1 if they are equal and 0 if they are not equal (S1207). If the search unit outputs 1, the process proceeds to S1208, and if 0 is output, the process proceeds to S1209.

  The overall processing unit 311 of the management server 300 includes a secondary encryption reference Es (Ci) having the same index i as the ciphertext Es (Bi), Es (Ci + 1), Es (Ci + 2),. , Es (Ci + w−1) is extracted and stored in the storage unit 220 (S1208). However, if the same ciphertext is already extracted, the ciphertext is not extracted.

  The overall processing unit 311 of the management server 300 increments the index j by 1 (j ← j + 1) (S1209).

  The overall processing unit 311 of the management server 300 determines whether the index j exceeds the end value (j> m−w + 1?) (S1210). If not, the process returns to S1206. If it exceeds, go to S1211.

  The overall processing unit 311 of the management server 300 increments the index i by 1 (i ← i + 1) (S1211).

The overall processing unit 311 of the management server 300 determines whether the index i exceeds the end value (i> n?) (S1212). If not, the process returns to S1205. If it exceeds, go to S1212.
Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed. For example, the search agent 200 may extract a plurality of blocks (S1206), search for them (S1207), and increase the number of updates of the index j (S1209). Similarly, other processing contents may be changed.

<Figure 11: Secondary encryption lead creation process>
FIG. 10 is a sequence diagram showing processing in which the search agent 200 converts the plaintext lead 233 into the secondary encrypted lead in (S808) and (S809) of the present embodiment.

  The search agent 200 performs a process of receiving the secondary encryption read via the communication unit 203 (S1301).

  The overall processing unit 211 of the search agent 200 inputs the loaded secret key 251, public parameter 237, and secondary encryption reference to the reference decryption unit 215 and the read encryption unit 217 (S 1302).

  The overall processing unit 211 of the search agent 200 sets a block length w that means a reference division unit (S1303). Hereinafter, the block length w of the secondary encryption reference is 1 character.

  The overall processing unit 211 of the search agent 200 sets the value of the index i to the initial value 1 (i ← 1) and sets the end value (S1304). Thereafter, following the example of FIG. 6B, the end value is set to the number of characters n.

  The overall processing unit 211 of the search agent 200 extracts the i-th character in the secondary encryption reference, regards this as the block E (Ci || E (i)), and inputs it to the reference decryption unit 215 (S1305). .

  The overall processing unit 211 of the search agent 200 extracts E (i) from Ci || E (i) output from the reference decoding unit 215, and inputs it again to the reference decoding unit 215 (S1306).

  The overall processing unit 211 of the search agent 200 acquires i output from the reference decoding unit 215 (S1307).

  The overall processing unit 211 of the search agent 200 increments the index i by 1 (i ← i + 1) (S1308).

  The overall processing unit 211 of the search agent 200 determines whether the index i exceeds the end value (i> m?) (S1309). If not, the process returns to S1305. If it exceeds, go to S1310.

  Through the processes from S1301 to S1309, indexes i, i + 1,..., I + n−1 embedded in the secondary encryption reference are acquired.

  The overall processing unit 211 of the search agent 200 sets the target range length v (S1310).

  The overall processing unit 211 of the search agent 200 sets the value of the index j to the initial value i-V and sets i-1 as the end value (S1311). However, when i-V which is an initial value is 0 or less (i-V <= 0), the initial value is set to 1. If the end value i-1 is 0 or less (i-1 <= 0), the processing from S1311 to S1315 is skipped, and the process proceeds to S1316.

  The read encryption unit 217 of the search agent 200 encrypts the index j and creates a ciphertext E (j) (S1312).

  The overall processing unit 211 of the search agent 200 concatenates the extracted block Cj and the encrypted index E (j), encrypts it, and creates a ciphertext E (Ci || E (i)) (S1313). . However, || means concatenation of data.

  The overall processing unit 211 of the search agent 200 increments the index j by one (j ← j + 1) (S1314).

  The overall processing unit 211 of the search agent 200 determines whether the index i exceeds the end value (j> i−1?) (S1315). If not, the process returns to S1312. If it exceeds, go to S1316.

  The overall processing unit 211 of the search agent 200 resets the target range length v (S1316).

  The entire processing unit 211 of the search agent 200 sets the value of the index j to the initial value i + n and sets i + n + v−1 as the end value (S1317). However, if i + n, which is the initial value, is greater than or equal to m (i−V <0), the process from S1317 to S1311 is skipped, and the process proceeds to S1312. If i + n + v−1, which is the end value, is greater than or equal to m (i−1 <0), the end value is also set to m (S1317).

  The read encryption unit 217 of the search agent 200 encrypts the index j and creates a ciphertext E (j) (S1318).

  The overall processing unit 211 of the search agent 200 concatenates the extracted block Cj and the encrypted index E (j), encrypts it, and creates a ciphertext E (Ci || E (i)) (S1319) . However, || means concatenation of data.

  The overall processing unit 211 of the search agent 200 increments the index j by one (j ← j + 1) (S1320).

  The overall processing unit 211 of the search agent 200 determines whether the index i exceeds the end value (j> i−1?) (S1321). If not, the process returns to S1318. If so, the process proceeds to S1322.

  The entire processing unit 211 of the search agent 200 stores the ciphertexts sequentially generated in S1313 and S1319 in the storage unit 220 as a secondary encryption read (S1322).

By the processes from S1310 to S1322, the secondary encrypted read corresponding to the indexes i, i + 1,..., I + n−1 extracted by the processes from S1301 to S1309 can be created.
Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed.

<Figure 12: Secondary Encryption Reference Search Processing>
FIG. 12 is a sequence diagram illustrating processing in which the management server 300 extracts the secondary encryption reference 332 in (S812) of the present embodiment.

  The overall processing unit 311 of the management server 300 sets initial values of the total score S, score A, deduction B, maximum value M, threshold value T, index L, index R, and Boolean value b. For example, the initial values of S, A, B, M, T, L, R, and b are 0, 5, 4, 0, -50, 0, 0, and 0, respectively (S1401). Hereinafter, the Boolean value b is used for setting the search order of the secondary encryption lead (descending order or ascending order).

  The public parameter 237 loaded by the overall processing unit 311 is input to the inspection unit 312 of the management server 300 (S1402).

The overall processing unit 311 of the management server 300 sets the block length w (S1403). (Following the example of FIG. 6B, the block length w of the secondary encryption reference 332 is assumed to be 1.)
The overall processing unit 311 of the management server 300 sets the value of the index k as an initial value and sets an end value (S1404). In the following, it is assumed that v secondary encryption leads E (C (iv)) to E (C (i-1)) are received, the initial value of index k is i, and the end value is i-v + 1. Shall be set to

  The overall processing unit 311 of the management server 300 extracts the ciphertext E (Ck) from the secondary encrypted read (S1405).

  The overall processing unit 311 of the management server 300 extracts the ciphertext Es (Ck) from the secondary encryption reference 332 (S1406).

  The overall processing unit 311 of the management server 300 inputs the ciphertext E (Ck) extracted in S1404 and the ciphertext Es (Ck) extracted in S1406 to the search unit. The inspection unit 312 determines whether the ciphertext E (Ck) and the ciphertext Es (Ck) have the same plaintext value before encryption, and returns 1 if they are equal and returns 0 if they are not equal (S1407).

  The overall processing unit 311 of the management server 300 inputs the ciphertext E (Ck) extracted in S1404 and the ciphertext Es (Ck) extracted in S1406 to the search unit. The inspection unit 312 determines whether the ciphertext E (Ck) and the ciphertext Es (Ck) have the same plaintext value before encryption, and returns 1 if they are equal and returns 0 if they are not equal (S1407).

  The overall processing unit 311 of the management server 300 updates the score S and the maximum value (S1408). When the inspection unit 312 outputs 1 in S1407, S is added by the point A (S ← S + A), and when the inspection unit 312 outputs 0, S is decreased by the deduction point B (S ← S−B ).

  The overall processing unit 311 of the management server 300 compares the score S with the threshold value T. If the score S is equal to or less than the threshold value (S <= T), the process proceeds to S1414; otherwise, the process proceeds to S1410. .

  When the maximum value M is lower than the score S, the overall processing unit 311 of the management server 300 increases the threshold T by the difference (S−M) (T ← T + S−M) (S1410).

When the maximum value M is lower than the score S (M <S), the overall processing unit 311 of the management server 300 copies the value of the score S to the value of the maximum value M (M ← S). If the maximum value is updated and the Boolean value b is 0, the value of k is copied to the index L (L ← kif (b == 0 && M <S)). When the maximum value is updated and the Boolean value b is 1, the value of k is copied to the index R (R ← kif (b == 1 && M <S)). (S1411)
The overall processing unit 311 of the management server 300 increments the index k by 1 when the Boolean value b is 0 (k ← k−1), and increments the index k by 1 when the Boolean value b is 1. Increment (k ← k + 1), (S1412).

  The overall processing unit 311 of the management server 300 determines whether the index k exceeds the end value (k> i + v−1?) (S1413). If not, the process returns to S1405. If it exceeds, go to S1413.

  The overall processing unit 311 of the management server 300 determines whether the index k exceeds i + n (k> i + n?) (S1414). If not, the process proceeds to S1414. If it exceeds, go to S1415.

  The overall processing unit 311 of the management server 300 sets the value of the index k as an initial value and sets an end value (S1415). In the following, it is assumed that E (C (i + n + v-1)) is received from E (C (i + n)) as the secondary encryption read, the initial value of index k is i + n, and the end value Is set to i + n + v-1.

  The overall processing unit 311 of the management server 300 transmits the ciphertext E (C (L)), ..., E (C () in the secondary encryption reference from the initial value (i-1) set in S1404 to the index L. i-1)) is extracted. However, if the index L is 0, this process is omitted. Similarly, the ciphertext E (C (i + n)), ..., E (C (R)) in the secondary encryption reference from the initial value (i + n) set in S1415 to the index R Extract. However, if the index R is 0, this process is omitted (S1416).

By the above processing, the similarity search between the encrypted reference and the encrypted lead can be performed using the exact match search of the encrypted data for each character.
Note that the above processing procedure is not fixed, and the processing procedure and processing content may be changed and executed.

100: network, 200: search agent, 300: management server,
500: Computer, 201, 301: Input unit, 202, 302: Output unit, 203, 303: Communication unit, 210, 310: Control unit, 211, 311: Overall processing unit, 212: Key generation unit, 213: Reference cipher 215: reference decryption unit, 217: read encryption unit, 312: search unit, 220, 320: storage unit, 230, 330: data storage unit, 231: plaintext reference, 233: plaintext read, 237, 337 : Public parameter, 331: primary encryption reference, 332: secondary encryption reference, 251: secret key, 260, 360: program storage unit, 280, 380: temporary information storage unit, 501: CPU (Central Processing Unit) 502: Memory, 503: External storage device, 508: Storage medium, 507: Reading device, 506: Input device, 5 5: Output device 504: communication device, 509: internal communication line

Claims (3)

A search processing system in which a search agent that stores a program related to data encryption processing and decryption processing in a storage unit and a management server that stores a program related to encrypted data match search processing in the storage unit cooperate via a network. ,
The search agent creates a primary encryption reference and a secondary encryption reference from the plaintext reference,
The search agent creates a primary encryption lead and a secondary encryption lead from the plaintext lead,
The similarity between the plaintext reference and the plaintext read is determined based on the search result of the primary encryption reference and the primary encryption lead by the management server and the search result of the secondary encryption reference and the secondary encryption lead by the management server. ,
A search processing system characterized by this. The search processing system according to claim 1,
The primary encryption reference is created by encrypting a plaintext reference divided into blocks,
The secondary encryption reference is created by encrypting data obtained by concatenating a plaintext reference divided into blocks and an index,
The primary encryption read is created by encrypting a plaintext read divided into the same block units as the primary encryption reference,
The secondary encryption read is created by encrypting data obtained by concatenating a plaintext read and an index divided into the same block units as the primary encryption reference,
A search processing system characterized by this. The search processing system according to claim 1,
The search result of the secondary encryption reference and secondary encryption lead by the management server is scored using the points added and subtracted depending on whether the secondary encryption reference and secondary encryption lead are judged. Determining that the secondary encryption reference is similar to the secondary encryption lead,
A search processing system characterized by this.

Images