JP6592301B2 - Anonymization device, search device, method and program - Google Patents

Description

  The present invention relates to an anonymization device, a search device, a method, and a program.

  In recent years, various services using computers have been provided. In many services, encryption is used to keep information secret. For example, documents that disclose the following encryption methods are known.

The encryption method of Patent Document 1 is called Format Preserving Encryption (FPE), and implements block cipher while maintaining the format of a given character string, such as a decimal number and a character string length.
The encryption method of Non-Patent Document 1 is called Attribute based Encryption (ABE), and enables only the authorized information to be deciphered according to the group to which the deciphering person belongs among the entire information.
The encryption method of Non-Patent Document 2 is called String Search Encryption (SSE), and encrypts a character string bit by bit with stream encryption.

US Pat. No. 7,864,952

Goyal, Vipul, et al. “Attributes-based encryption for fine-grained access control of encrypted data.” Proceedings of the 13th ACM conference on commuter and commuter. ACM, 2006. D. X. Song, D.C. Wagner, A.M. Perrig. “Practical Techniques for Searches on Encrypted Data” Security and Privacy, IEEE, 2000.

However, the encryption method of Patent Document 1 can perform decryption only for all information at once, and does not allow partial decryption. For this reason, when the same data is provided to different businesses, all businesses can decrypt the same content.
Since the encryption method of Non-Patent Document 1 performs multiple encryptions according to the number of groups to be disclosed in accordance with the disclosed range, it requires a large amount of calculation and takes time to decrypt.
Since the encryption method of Non-Patent Document 2 uses a random number called Initialization Vector (IV) for each byte at the time of encryption and decryption, IV is fixed to permit retrieval of encrypted data by a data user. When it is necessary to use it, it becomes easy for a third party to specify the IV and the key.

  An object of the present invention is to provide an anonymization device, a method, and a program that enable a search for a section with a different ID for each data user while concealing an ID included in data directly associated with an individual. To do.

Specifically, the following solutions are provided.
(1) An anonymizing device for anonymizing data, wherein the data is divided into a plurality of sections, and the plurality of sections are encrypted using mutually different encryption keys, and an encrypted search key An anonymizing device comprising: first encryption means for generating

The anonymization device (1) replaces the ID section with an encrypted search key using different encryption keys.
A data user provided with one of the encryption keys can search for a specific section of the ID while the ID is kept secret by encrypting the search key with the encryption key.
Therefore, the anonymization device makes it possible to search for a section having a different ID for each data user, while concealing the ID directly included in the data and directly associated with the individual.

  (2) Further comprising index creating means for creating an index in which the section is hierarchized, wherein the first encryption means replaces a node in the index hierarchy corresponding to the section with the encrypted search key. The anonymization device according to (1).

  Since the anonymization device (2) creates an index in which ID sections are hierarchized, it is possible to search a set of sections at high speed.

  (3) The anonymization device according to (1) or (2), wherein the first encryption unit encrypts data using a different encryption key for each data user to whom the data is provided.

  Since the anonymization device of (3) uses a different encryption key even if it is a data user permitted to search in the same section, the data including the encrypted ID provided to the data user uses another data Is not searched by the encryption key of the user.

  (4) The anonymization device according to any one of (1) to (3), wherein the first encryption unit performs irreversible encryption.

  Since the anonymization device (4) performs encryption that cannot be decrypted, confidentiality is improved.

  (5) A search device for searching for anonymized data by the anonymization device according to any one of (1) to (4), wherein a search key is used to search for at least one of the plurality of sections. The data is searched by the input means for receiving the input, the second encryption means for encrypting the search key with the encryption key of the corresponding section, and generating the encrypted search key, and the encrypted search key. And a search means.

  The search device of (5) can search for a specific section of the ID while the ID is kept secret by encrypting the received search key with the encryption key.

  (6) A method executed by the anonymization device according to (1), wherein the dividing unit divides the data into a plurality of sections, and the first encryption unit includes the plurality of sections. And a first encryption step of generating an encrypted search key by encrypting each using different encryption keys.

  Similar to (1), the method (6) enables to search for sections with different IDs for each data user, while concealing IDs directly associated with individuals included in the data.

  (7) A program for causing a computer to execute each step described in (6).

  The program of (7) allows the computer to function so as to enable searching for sections with different IDs for each data user, while concealing IDs included in the data and directly linked to individuals.

  According to the present invention, it is possible to search for a section having a different ID for each data user, while concealing the ID directly included in the data and directly associated with the individual.

It is a block diagram which shows the structure of the anonymization apparatus which concerns on one Embodiment of this invention. It is a figure which shows the example of the index produced by the anonymization apparatus which concerns on one Embodiment of this invention. It is a flowchart which shows the example of the encryption process of the anonymization apparatus which concerns on one Embodiment of this invention. It is a block diagram which shows the structure of the search device which concerns on one Embodiment of this invention. It is a flowchart which shows the example of the search process of the search device which concerns on one Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[Anonymization device]
FIG. 1 is a block diagram showing a configuration of an anonymization device 10 according to an embodiment of the present invention.
The anonymization device 10 includes a dividing unit 11, an index creating unit 12, and a first encryption unit 13, and anonymizes data.
The data may be, for example, movement data including latitude and longitude measured by GPS (Global Positioning System) collected from vehicles and portable devices, purchase history data on the web, and the like.
Such data collected from an individual includes an ID that identifies the individual, such as a vehicle identification number or a credit card number.
The ID may have an arbitrary hierarchical structure. For example, the vehicle identification number is composed of a vehicle type, generation, manufacturing number, and the like, and the credit card number includes information on the issuing company in the first four digits.

  The dividing unit 11 divides the ID included in the data into a plurality of sections based on the hierarchical structure of the ID. For example, the vehicle identification number is divided into sections such as a vehicle type, a generation, and a manufacturing number that can serve as a search key.

  The first encryption unit 13 encrypts the plurality of sections using mutually different encryption keys, and replaces the sections with encrypted search keys.

Specifically, when the ID is composed of the section A and the section B, the dividing unit 11 divides the ID into the section A and the section B, and the first encryption unit 13 encrypts the section A. An encrypted search key EKA is generated using the key KA, and an encrypted search key EKB is generated in the section B using an encryption key KB different from the encryption key KA. The first encryption unit 13 may associate the encryption key with the section.
The first encryption unit 13 encrypts data using a different encryption key for each data user to whom data is provided. For example, in the above case, the first encryption unit 13 uses the encryption key KA1 and the encryption key KB1 for the data provided to the data user U1, and uses the encryption key KA1 and the encryption key KB1 for the data provided to the data user U2. KA2 and encryption key KB2 are used.

The encryption method may be a general one, for example, RC (Rivest Cipher) 5 if 64 bits, and AES (Advanced Encryption Standard) if 128 bits. The 1st encryption means 13 performs the encryption by a different encryption key for every area based on block cipher.
The encryption method may be irreversible encryption. The first encryption unit 13 may generate a hash value for a plurality of sections by a keyed hash function using different keys.

  The index creating means 12 creates an index in which the sections divided by the dividing means 11 are hierarchized. Specifically, the index creating means 12 creates the trie tree 100 (see FIG. 2) based on the hierarchical structure of the ID. The first encryption unit 13 replaces nodes in the hierarchy of the trie tree 100 corresponding to a plurality of sections with the encrypted search key.

  FIG. 2 is a diagram illustrating an example of an index created by the anonymization device 10 according to an embodiment of the present invention. The example shown in FIG. 2 is an example in which an index is created by the trie tree 100 so that a large amount of data can be searched at high speed. In this example, the given ID is divided into character units, and a character unit index is constructed. In FIG. 2, “o” of the root node 101 which is the highest node represents an empty character string, and “§” represents a leaf node.

  Assume that five IDs “APPLE”, “APRON”, “BAT”, “BAG”, and “BIG” are given as IDs. As shown in FIG. 2, the anonymization device 10 divides “APPLE” into “A”, “P”, “P”, “L”, and “E”, and sets “APRON” as “ Similarly, the other IDs are divided into character units for “A”, “P”, “R”, “O”, and “N”. In this example, since the start of the character string is either “A” or “B”, “A” and “B” are registered as nodes in the hierarchy HA immediately below the root node 101 of the index. .

Next, since the second character of the ID is only “P” when the first character is “A”, and “A” or “I” when the first character is “B”, the anonymization device 10 , “P” under “A”, “A” and “I” under “B” are registered in the hierarchy HB as the next nodes. Thereafter, the anonymization device 10 repeats the registration of the node in the lower hierarchy (hierarchy HC, hierarchy HD, hierarchy HE,...) Until all characters of the ID are processed.
In this processing method, when the character string is long, a tree having a length corresponding to the length of the character string is formed, and processing efficiency is deteriorated. Therefore, for example, the anonymization device 10 may be a single node for portions where no other branch exists, such as “PLE” and “RON” in the example of FIG. That is, the anonymization device 10 may change the node hierarchy of A->P->P->L-> E to the node hierarchy of A->P-> PLE.

  Finally, the anonymization device 10 regards nodes in the same hierarchy as the same section, and associates each hierarchy with each section. That is, the anonymization device 10 associates the hierarchy HA including “A” and “B” immediately below the root node 101 with the section A, and adds the next hierarchy HB including “P”, “A”, and “I”. Correspond to section B. Similarly, the anonymization apparatus 10 associates the next hierarchy HC with the section C, associates the next hierarchy HD with the section D, associates the next hierarchy HE with the section E, and converts the hierarchy HE from the hierarchy HA to the hierarchy HE. Correspond to section A to section E. The anonymization device 10 creates such a trie tree 100.

  The anonymization device 10 encrypts each node from the hierarchy HA to the hierarchy HE using a different encryption key for each hierarchy. That is, the anonymization device 10 generates encrypted search keys EA1 and EB1 by encrypting the layer HA with the encryption key KA, and encrypts the layer HB by encrypting with the encryption key KB. Generated search keys EP2, EA2, and EI2 and replace the value of each node.

  At this time, 1 of the encrypted search key EA1 and 2 of the encrypted search key EP2 represent the number of hierarchies from the highest hierarchy because the ID has a hierarchical structure. The anonymization device 10 records and stores the encryption keys used for encryption in the hierarchical order.

  The anonymization device 10 encrypts the same data with different encryption keys when passing the same data to a plurality of data users. That is, when the anonymization device 10 provides the same data to two data users in the example of FIG. 2, the anonymization device 10 encrypts two columns of five encryption keys using a total of ten encryption keys. .

After encryption, the data including the encrypted ID is provided to the data user. At this time, when the anonymization device 10 allows the data user to search the entire section of the ID included in the data, the anonymization device 10 provides the encryption key of the entire section so that only a part of the ID can be searched. In such a case, only the encryption keys corresponding to some sections are provided. For example, in the example of FIG. 2, the anonymization device 10 provides the encryption key KA to the encryption key KE when searching for all the delimiters for the delimiter | A | B | C | D | E | , The encryption key KA, the encryption key KB, and the encryption key KC are provided when it is desired to permit the search only in the section C.
As described above, the anonymization device 10 limits the range in which the data user can be searched by limiting the provision of the encryption key.

  FIG. 3 is a flowchart showing an example of the encryption process of the anonymization device 10 according to an embodiment of the present invention. The anonymization device 10 includes hardware included in a computer and its peripheral devices, and software that controls the hardware. The following processing is executed by the control unit (for example, CPU) according to predetermined software under the OS. It is processing to do.

  In step S101, the CPU (dividing unit 11) acquires data including an ID for identifying an individual.

  In step S102, the CPU (dividing unit 11) divides the ID included in the data into n locations from section 1 to section n based on the hierarchical structure.

  In step S103, the CPU (index creation means 12) generates a trie tree 100 from hierarchy 1 to hierarchy n corresponding to the sections 1 to n divided in step S102.

  In step S104, the CPU (first encryption unit 13) encrypts the nodes in each hierarchy of the trie tree 100 generated in step S103 with n encryption keys and replaces the encrypted search key with the encryption search key. More specifically, the CPU encrypts the nodes of each hierarchy of the trie tree 100 using the encryption keys 1 to n different from each other and the corresponding hierarchy 1 to hierarchy n, and uses the encrypted search key as the node. A trie tree 100 is generated. Thereafter, the CPU ends the process.

[Search device]
The search device 20 provided with data anonymized by the anonymization device 10 will be described.

FIG. 4 is a block diagram showing the configuration of the search device 20 according to an embodiment of the present invention.
The search device 20 includes an input unit 21, a second encryption unit 22, and a search unit 23, and searches for anonymized data by the anonymization device 10.

  The input means 21 receives an input of a search key to search for at least one of a plurality of sections. Specifically, the input unit 21 receives a character string corresponding to each of a plurality of sections constituting the ID as a search key.

  The second encryption unit 22 encrypts the search key with the encryption key of the corresponding section, and generates an encrypted search key. Specifically, the second encryption unit 22 is an encryption key provided from the anonymization device 10, and uses the encryption key used in the section corresponding to the search key received by the input unit 21, as a search key. Is encrypted and an encrypted search key is generated.

The search means 23 searches for data using the encrypted search key. Specifically, the search unit 23 corresponds to the encryption key in the section constituting the encrypted ID included in the provided data by the encrypted search key generated by the second encryption unit 22. Search for an interval.
The search means 23 may search only the section corresponding to the search key without searching from the first section of the sections constituting the ID.
The search unit 23 may search using a hierarchical index (for example, the trie tree 100) created by the anonymization device 10. When the anonymization device 10 searches using the trie tree 100, the anonymization device 10 searches for a hierarchy corresponding to the ID section.

For example, in the example of FIG. 2, the search device 20 accepts a search key “BAG” as a query, and sequentially encrypts with the encryption key corresponding to the hierarchy among the provided encryption keys.
That is, the search device 20 encrypts “B” with the encryption key KA, “A” with the encryption key KB, and “G” with the encryption key KC, and creates the trie tree created by the anonymization device 10 with the encrypted search key. Search for 100 (see FIG. 2).
Next, the search device 20 detects that the hierarchy HA matches “B”, the hierarchy HB “A”, and the hierarchy HC “G”, and returns the search result to the data user. The search device 20 returns TRUE / FALSE (FALSE) when searching for whether or not there exists (Boolean), and returns the number of the corresponding part in the case of the number of cases.

  FIG. 5 is a flowchart showing an example of search processing of the search device 20 according to an embodiment of the present invention. The search device 20 is configured by hardware included in a computer and its peripheral devices and software that controls the hardware, and the following processing is executed by the control unit (for example, CPU) according to predetermined software under the OS. It is processing.

  In step S201, the CPU (input means 21) accepts a search key. More specifically, the CPU accepts a character string corresponding to each of a plurality of sections constituting the ID as a search key.

  In step S202, the CPU (second encryption unit 22) encrypts the search key received in step S201 with the encryption key to generate an encrypted search key. More specifically, the CPU encrypts the search key with the provided encryption key and the encryption key used for the section corresponding to the search key.

  In step S203, the CPU (search means 23) searches the trie tree 100 using the encrypted search key generated in step S202. More specifically, the CPU searches the hierarchy corresponding to the section constituting the encrypted ID by using the generated encrypted search key.

  In step S204, the CPU (search means 23) determines whether or not the search has been completed. If this determination is YES, the CPU moves the process to step S205, and if this determination is NO, the CPU moves the process to step S206.

  In step S205, the CPU (search means 23) outputs true (TRUE) indicating that the search was successful. Thereafter, the CPU ends the process.

  In step S206, the CPU (search means 23) outputs false (FALSE) indicating that the search could not be performed. Thereafter, the CPU ends the process.

According to the present embodiment, the anonymization device 10 replaces the ID section with an encrypted search key using different encryption keys. A data user provided with one of the encryption keys can search for a specific section of the ID while the ID is kept secret by encrypting the search key with the encryption key. Therefore, the anonymization device 10 enables a search for a section having a different ID for each data user, while concealing an ID directly included in the data and directly associated with an individual.
Furthermore, since the anonymization device 10 creates an index in which the ID sections are hierarchized, the set of sections can be searched at high speed.
Furthermore, since the anonymization device 10 uses a different encryption key even if it is a data user who is permitted to search in the same section, the data including the encrypted ID provided to the data user is different from the data user. It is not searched by the encryption key.
Furthermore, since the anonymization device 10 performs encryption that cannot be decrypted, confidentiality is improved.
The search device 20 can search for a specific section of the ID while the ID is kept secret by encrypting the received search key with the encryption key.

Furthermore, the anonymization device 10 provides, for example, an encryption key for only a certain fixed section to a certain data user, and allows all data sections to be searched for another data user. Control access of data users by providing encryption keys.
Further, the search device 20 can quickly search for the presence or absence of an ID to be searched with O (l) using the trie tree 100 created by the anonymization device 10 (O is a Landau symbol, and l is a character string of a search key). length).

  As mentioned above, although embodiment of this invention was described, this invention is not restricted to embodiment mentioned above. The effects described in the embodiments of the present invention are only the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

  For example, in the present embodiment, the vehicle identification number or credit card number is used as the ID, but the present invention is not limited to this. For example, when data such as purchase history data includes a store code and time, the store code and time may be concatenated and regarded as an ID. The anonymization device 10 enables a data user to search for a store or search for a time while keeping an individual specified by a store code and a time secret.

  A series of processing by the anonymization device 10 can also be performed by software. When a series of processing is performed by software, a program constituting the software is installed in a general-purpose computer or the like. The program may be recorded on a computer-readable recording medium (for example, a removable medium such as a CD-ROM) and distributed to the user, or may be downloaded to the user's computer via a network. May be distributed.

DESCRIPTION OF SYMBOLS 10 Anonymization apparatus 11 Dividing means 12 Index preparation means 13 1st encryption means 20 Search apparatus 21 Input means 22 2nd encryption means 23 Search means

Claims (7)

An anonymization device that anonymizes data by encryption ,
Dividing means for dividing an ID included in the data into a plurality of sections based on a hierarchical structure constituting the ID ;
First encryption means for encrypting the plurality of sections using mutually different encryption keys and generating an encrypted search key for a data user to search ,
The encryption key for generating the encrypted search key that is permitted for each data user from the data user, wherein the ID is replaced with a plurality of the encrypted search keys to conceal the data. anonymizing device that provides with a combination of. Index creation means for creating an index in which the section is hierarchized based on the hierarchical structure ;
The first encryption means replaces a node of the index hierarchy corresponding to the section with the encrypted search key;
The anonymization device according to claim 1. The first encryption means encrypts using a different encryption key for each data user to whom the data is provided.
The anonymization apparatus of Claim 1 or 2.   The anonymization device according to claim 1, wherein the first encryption unit performs irreversible encryption. A search device that searches for anonymized data by the anonymization device according to any one of claims 1 to 4,
Input means for receiving an input of a search key to search for at least one of the plurality of sections;
A second encryption means for encrypting the search key with an encryption key of a corresponding section and generating the encrypted search key;
Search means for searching for the data by the encrypted search key;
A search device comprising: A method executed by the anonymization device according to claim 1,
A dividing step in which the dividing unit divides an ID included in the data into a plurality of sections based on a hierarchical structure constituting the ID ;
A first encryption step in which the first encryption means encrypts the plurality of sections using mutually different encryption keys to generate an encrypted search key for a data user to search ;
Equipped with a,
The encryption key for generating the encrypted search key that is permitted for each data user from the data user, wherein the ID is replaced with a plurality of the encrypted search keys to conceal the data. how to provide along with the combination of. The program for making a computer perform each step of Claim 6.

Images