WO2015156145A1 - Re-encryption method, re-encryption system, and re-encryption device - Google Patents

Re-encryption method, re-encryption system, and re-encryption device Download PDF

Info

Publication number
WO2015156145A1
WO2015156145A1 PCT/JP2015/059535 JP2015059535W WO2015156145A1 WO 2015156145 A1 WO2015156145 A1 WO 2015156145A1 JP 2015059535 W JP2015059535 W JP 2015059535W WO 2015156145 A1 WO2015156145 A1 WO 2015156145A1
Authority
WO
WIPO (PCT)
Prior art keywords
user terminal
message
network
key
encryption
Prior art date
Application number
PCT/JP2015/059535
Other languages
French (fr)
Japanese (ja)
Inventor
尚生 坂崎
木下 照己
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to CN201580011026.9A priority Critical patent/CN106031083A/en
Publication of WO2015156145A1 publication Critical patent/WO2015156145A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the present invention relates to a re-encryption method, a re-encryption system, and a re-encryption device that re-encrypt ciphertext.
  • a message can be sent safely by re-encrypting it into a ciphertext that can be decrypted with the private key of another user terminal without decrypting the ciphertext of a message addressed to a user terminal during transmission.
  • a technique called proxy re-encryption technique is known (for example, see Patent Document 1).
  • this proxy re-encryption technique has attracted attention as a technique that allows data to be shared more securely on a cloud service.
  • a certain citizen is notified only of a message regarding the tax field from the National Tax Agency or a local government, and does not want to notify a message from another message sender or a message in another field.
  • the ciphertext generated for the specific user device can be decrypted by all user devices having the re-encryption key, The browsing of messages by message recipients cannot be controlled by message sender and message field.
  • the agent may perform various processes on behalf of the principal, and if the data is encrypted for the principal, the agent may not be able to perform the act of proxy. Therefore, an encryption technology is also desired in which encrypted data addressed to the principal can be viewed by the representative of the principal.
  • a user device that sends a message is a device that is managed by the NTA and local government
  • a first user device is a device that is managed by a taxpayer
  • a second user device is a device that is managed by an agent such as a tax accountant.
  • the agent can decrypt all the ciphertext addressed to the taxpayer regardless of the contents.
  • the taxpayer has given the agent the authority to act on taxes
  • only the ciphertext sent to the taxpayer from the National Tax Agency or the ciphertext sent to the taxpayer from the local government is related to the tax field.
  • the present invention has been made in view of such circumstances, and a re-encryption method, a re-encryption system, and a re-encryption for controlling message viewing by a message receiver for each message sender and message field.
  • An object is to provide an apparatus.
  • the present invention is a re-encryption method in a re-encryption system including a plurality of user terminals and a re-encryption apparatus connected to the user terminals via a network.
  • the first user terminal includes a secret key of the first user terminal, information for identifying the second user terminal of the communication partner, and information for identifying the field of the message addressed to the second user terminal
  • An encryption key is generated, the message is encrypted using the encryption key, and the encrypted message is transmitted to the re-encryption device via the network.
  • the re-encryption device receives the encrypted message from the first user terminal via the network, and uses the first conversion key stored in the storage unit for the received encrypted message.
  • Re-encryption is performed, and the re-encrypted message is stored in the storage unit.
  • the second user terminal receives the re-encrypted message from the re-encryption device via the network, the second user terminal's private key, and the communication partner's first user terminal
  • a decryption key including information identifying the message and information identifying the field of the message is generated, and the re-encrypted message is decrypted using the decryption key to obtain the original message.
  • FIG. 10 is a sequence diagram showing a conversion key registration method used when the conversion server 20 re-encrypts the ciphertext relating to the message field ⁇ .
  • the user terminal 10-3 generates a message M related to the message field ⁇ addressed to the user terminal 10-1 and its ciphertext, transmits the generated ciphertext to the conversion server 20, and the conversion server 20 re-encrypts the ciphertext.
  • FIG. 10 is a sequence diagram showing a conversion key registration method used when the conversion server 20 re-encrypts the ciphertext relating to the message field ⁇ .
  • the user terminal 10-3 generates a message M related to the message field ⁇ addressed to the user terminal 10-1 and its ciphertext, transmits the generated ciphertext to the conversion server 20, and the conversion server 20 re-encrypts the ciphertext.
  • FIG. 6 is a sequence diagram showing a flow from decrypting a re-ciphertext by the user terminal 10-1 to obtaining a message M in the message field ⁇ .
  • 6 is a sequence diagram showing a flow until registration of a conversion key for proxy browsing of a message M in the conversion server 20.
  • FIG. FIG. 6 is a sequence diagram showing a flow from when a re-ciphertext is received as a proxy by the user terminal 10-2 to obtain a message M in the message field ⁇ . It is a figure for demonstrating the meaning of the operator used by this embodiment.
  • FIG. 1 is a diagram showing an example of the overall configuration of a re-encryption system according to an embodiment of the present invention and an example of the functional configuration of each computer constituting the re-encryption system.
  • a plurality of user terminals (10-1, 10-2, 10-3) and a conversion server (re-encryption device) 20 are mutually connected via a network 30 such as the Internet.
  • a computer network system configured to be connected.
  • the user terminal 10-3 encrypts data (hereinafter referred to as a message) addressed to the user terminal 10-1 of the user A regarding a specific field (hereinafter referred to as a message field ⁇ ), and the encrypted message (hereinafter referred to as a message).
  • a mechanism for the user terminal 10-2 of the user B who is permitted to browse to acquire the message will be described.
  • each user terminal (10-1, 10-2, 10-3) As shown in FIG. 1, each user terminal (10-1, 10-2, 10-3) generates a secret key managed by each user terminal (10-1, 10-2, 10-3).
  • Secret key generation unit 101 generates information for dynamically generating an encryption key / decryption key, etc., and registering an encryption key (hereinafter referred to as a conversion key) necessary for generating a re-encrypted text related to the message field ⁇ .
  • a key calculation unit 102 that performs communication, a public ID storage unit 103 that stores message attribute information such as an ID (identification) that identifies a communication partner terminal and an ID that identifies a message field ⁇ , and a secret generated by the secret key generation unit 101
  • a key storage unit 104 that securely manages a key; an information generation unit 105 that generates a message to a communication partner terminal; an encryption processing unit 106 that generates a ciphertext by encrypting a message using an encryption key; Send and receive ciphertext And parts 107, a primary storage device 108 using a semiconductor (also referred to as memory), can be configured from the information display unit 109 to display a message.
  • the ID for identifying the communication partner is not limited as long as it can identify the individual publicly, such as an e-mail address or identification number, and is assumed to be notified to the user in advance for each system to be used.
  • the ID for identifying the message field ⁇ is information for identifying the field to which the message belongs, such as the tax field and the social welfare field, and is notified to the user in advance for each system to be used.
  • Each user terminal (10-1, 10-2, 10-3) having such a function can be realized by a general computer.
  • the secret key generation unit 101, the key calculation unit 102, the information generation unit 105, the cryptographic processing unit 106, and the ciphertext transmission / reception unit 107 can be realized as a computer program executed by a control unit such as a CPU (Central Processing Unit).
  • the computer program can be distributed via a recording medium such as the network 30, a hard disk, or a flash memory device.
  • the public ID storage unit 103 and the key storage unit 104 can be realized as, for example, a hard disk or a flash memory device.
  • the information display unit 109 can be realized as a liquid crystal display device or an organic EL (Electro Luminescence) display, for example.
  • the conversion server 20 includes a ciphertext transmission / reception unit 201 that transmits and receives ciphertext, a ciphertext uploaded to the conversion server 20 from which user terminal to which user terminal, and which A sender / receiver control unit 202 that controls whether the message is in a message field, a conversion key storage unit 203 that manages a conversion key used for re-encryption, a re-ciphertext storage unit 204 that stores a re-ciphertext, and a conversion key From a key calculation unit 205 that generates information for registering a random number, a re-encryption processing unit 206 that performs re-encryption processing, and a primary storage device 207 (also referred to as a memory) using a semiconductor.
  • a ciphertext transmission / reception unit 201 that transmits and receives ciphertext
  • a ciphertext uploaded to the conversion server 20 from which user terminal to which user terminal and which A sender / receiver control unit 202
  • the conversion server 20 having such a function can be realized by a general computer.
  • the ciphertext transmission / reception unit 201, the sender / receiver control unit 202, the key calculation unit 205, and the re-encryption processing unit 206 can be realized as a computer program executed by a control unit such as a CPU.
  • This computer program can be distributed via a recording medium such as the network 30, a hard disk, or a flash memory device.
  • the conversion key storage unit 203 and the re-ciphertext storage unit 204 can be realized as, for example, a hard disk or a flash memory device.
  • FIG. 7 is a diagram for explaining the meaning of the operators used in this embodiment.
  • three operators of ⁇ (901), f (,) (902), and h (,,) (903) are used.
  • the operator ⁇ (901) is an operator for commutative mask processing. For example, performing mask processing of data A with data B is represented as B • A.
  • the mask process refers to a process in which data B is applied to data A and converted to another value.
  • the operator ⁇ (901) has the following properties.
  • Operator f (,) (902) is an encryption processing operator that is commutative with respect to the encryption key. For example, the encryption of data A with the encryption key K (f (K, A) ).
  • the operator f (,) (902) has the following properties.
  • the operator ⁇ (901) and the operator f (,) (902) may be used as operators for performing the same arithmetic processing, or may be used as operators for performing different arithmetic processing satisfying the above properties. Also good.
  • the data A can be decrypted by re-encrypting the ciphertext using the reciprocal number (also referred to as the inverse element) of the encryption key due to the property (c).
  • FIG. 2 is a sequence diagram showing a conversion key registration method used when the conversion server 20 re-encrypts the ciphertext relating to the message field ⁇ .
  • the user terminal 10-3 of the user C notifies the user terminal 10-1 of the user A of the content of the message related to the message field ⁇ .
  • An application for registration of a conversion key used when re-encrypting the ciphertext is made (step S001).
  • the conversion server 20 Upon receiving the conversion key registration application information, the conversion server 20 generates a random number p (step S002) and transmits the random number p to the user terminal 10-3 that is the conversion key registration application source (step S003).
  • the conversion server 20 has its own private key Kc managed by the key storage unit 104, IDa which is a public ID for identifying the user terminal 10-1 managed by the public ID storage unit 103, and hash value h by entering the ID [delta] identifies the hash function areas [delta] of the user terminal 10-1 addressed message (Kc, IDa, ID [delta]) were calculated, and generates an encryption key (step S004).
  • the user terminal 10-3 masks the reciprocal number h (Kc, IDa, ID ⁇ ) ⁇ 1 of the encryption key using the random number p received in step S003, and the value p ⁇ h (Kc, IDa, ID ⁇ ) ⁇ 1 is generated and transmitted to the user terminal 10-1 (step S005).
  • the operator f (,) to be used is described as an xor function, the reciprocal number of the encryption key is masked using the random number p.
  • the reciprocal number of the encryption key is not necessarily required. If the operator f (,) to be used is different, the value generated from the encryption key may be masked using the random number p as necessary.
  • the user terminal 10-1 Upon receiving the value p-1h (Kc, IDa, ID ⁇ ) ⁇ 1 obtained by masking the value generated from the encryption key using the random number p, the user terminal 10-1 manages it in the key storage unit 104. Own secret key Ka, IDc which is a public ID for identifying the user terminal 10-3 managed by the public ID storage unit 103, and ID ⁇ for identifying the message field ⁇ are input to the hash function. A hash value h (Ka, IDc, ID ⁇ ) is calculated and a decryption key is generated (step S006).
  • the user terminal 10-1 masks the value h (Ka, IDc, ID) obtained by masking ph (Kc, IDa, ID ⁇ ) ⁇ 1 received from the user terminal 10-3 using the decryption key.
  • ⁇ ) ⁇ p ⁇ h (Kc, IDa, ID ⁇ ) ⁇ 1 is generated and transmitted to the conversion server 20 (step S007).
  • the conversion server 20 sends the conversion key h (Ka, IDc, ID ⁇ ) ⁇ h (Kc, IDa, ID ⁇ ) ⁇ 1 to the field of the message addressed to the user terminal 10-1 from the user terminal 10-3.
  • the conversion key relating to ⁇ is registered in the conversion key storage unit 203 (step S009).
  • the conversion key registration method described above it is possible to prevent the secret key Ka managed by the user terminal 10-1 and the secret key Kc managed by the user terminal 10-3 from leaking to the conversion server 20. Thereby, it is possible to prevent the content of the message from leaking to a third party.
  • the conversion server 20 receives the conversion key deletion application from the user terminal 10-1 or the user terminal 10-3, the conversion server 20 deletes the corresponding conversion key from the conversion key storage unit 203.
  • the message M related to the message field ⁇ addressed to the user terminal 10-1 and its ciphertext are generated by the user terminal 10-3, the generated ciphertext is transmitted to the conversion server 20, and the conversion server 20 It is a sequence diagram which shows the flow of a process until it re-encrypts a ciphertext.
  • the user terminal 10-3 generates a message M related to the message field ⁇ addressed to the user terminal 10-1 (step S201).
  • the user terminal 10-3 has its own private key Kc managed by the key storage unit 104 and a public ID for identifying the user terminal 10-1 managed by the public ID storage unit 103.
  • there IDa and message M hash value h by entering the ID [delta] identifies the hash function message field [delta] of (Kc, IDa, ID [delta]) were calculated, and generates an encryption key (step S202).
  • the user terminal 10-3 encrypts the message M using the generated encryption key h (Kc, IDa, ID ⁇ ), and generates a ciphertext f (h (Kc, IDa, ID ⁇ ), M). (Step S203). Next, the user terminal 10-3 transmits the ciphertext relating to the message field ⁇ addressed to the user terminal 10-1 to the conversion server 20 (step S204).
  • the conversion server 20 When the conversion server 20 receives the ciphertext f (h (Kc, IDa, ID ⁇ ), M), the conversion server 20 sends the field of the message addressed to the user terminal 10-1 from the user terminal 10-3 from the conversion key storage unit 203.
  • a conversion key h (Ka, IDc, ID ⁇ ) ⁇ h (Kc, IDa, ID ⁇ ) ⁇ 1 for ⁇ is acquired (step S205), and ciphertext f (h (Kc, IDa, ID ⁇ ), M) is re-encrypted (step S206).
  • the re-ciphertext generated at this time is as follows due to the nature of each operator.
  • the conversion server 20 After generating the re-ciphertext, the conversion server 20 stores the re-ciphertext in the re-ciphertext storage unit 204.
  • FIG. 4 shows a flow from the user terminal 10-1 to decrypting the re-ciphertext including the message in the message field ⁇ addressed to the user terminal 10-1 from the user terminal 10-3 and acquiring the message M.
  • the user terminal 10-1 checks whether or not a new arrival message exists in the conversion server 20 (step S301). If there is a new message, the user terminal 10-1 acquires the re-ciphertext f (h (Ka, IDc, ID ⁇ ), M) from the re-ciphertext storage unit 204 of the conversion server 20 (step S302). This ciphertext includes the message M in the message field ⁇ addressed from the user terminal 10-3 to the user terminal 10-1.
  • the user terminal 10-1 generates a decryption key for decrypting the re-ciphertext (step S303). Specifically, the user terminal 10-1 identifies its own secret key Ka managed by the key storage unit 104 and the user terminal 10-3 managed by the public ID storage unit 103.
  • a decryption key is generated by calculating a hash value h (Ka, IDc, ID ⁇ ) obtained by inputting IDc, which is a public ID, and ID ⁇ identifying the message field into a hash function.
  • the user terminal 10-1 decrypts the reciphered text f (h (Ka, IDc, ID ⁇ ), M) using the reciprocal h (Ka, IDc, ID ⁇ ) ⁇ 1 of the generated decryption key.
  • the message M is acquired (step S304).
  • the re-ciphertext decryption process is as follows.
  • the user terminal 10-3 identifies the secret key Kc of the user terminal 10-3 and the user terminal 10-1 that is the communication partner. to IDa and the user generates an encryption key and a ID [delta] identifies the message field [delta] of the terminal 101 addressed message M, encrypts the message M using the encryption key, the conversion server 20 and the ciphertext Send to.
  • the conversion server 20 re-encrypts the ciphertext using the conversion key generated in advance, and stores the re-ciphertext in the re-ciphertext storage unit 204.
  • the user terminal 10-1 When the user terminal 10-1 confirms the existence of the new message M addressed to the user terminal 10-1 at the conversion server 20, the user terminal 10-1 acquires the ciphertext from the re-ciphertext storage unit 204 of the conversion server 20. The user terminal 10-1 then transmits the secret key Ka of the user terminal 10-1, the IDc for identifying the user terminal 10-3 that is the communication partner, and the message field ⁇ of the message M addressed to the user terminal 10-1. A decryption key including ID ⁇ for identifying is generated, and the re-ciphertext is decrypted using this decryption key to obtain the original message M.
  • the user terminal 10-3 of the user C encrypts the message M addressed to the user terminal 10-1 of the user A related to the specific message field ⁇ , and the ciphertext is re-encrypted by the conversion server 20.
  • the mechanism for acquiring the message M by decrypting the re-ciphertext at the user terminal 10-1 has been described. By such a mechanism, only the message M related to the specific message field ⁇ addressed to the user terminal 10-1 among the messages generated by the user terminal 10-3 is not leaked to a third party. It can be acquired at the user terminal 10-1. *
  • FIG. 5 is a sequence diagram showing a flow until registration of the conversion key for proxy browsing of the message M in the conversion server 20.
  • the user terminal 10-1 of the user A gives the conversion server 20 the authority to proxy-receive the message M in the message field ⁇ from the user terminal 10-3 to the user terminal 10-2 of the user B.
  • An agent registration application is sent to inform the effect (step S401).
  • the conversion server 20 Upon receiving the agent registration application information, the conversion server 20 generates a random number p ′ (step S402) and transmits the random number p ′ to the user terminal 10-1 (step S403).
  • the user terminal 10-1 When the user terminal 10-1 receives the random number p ′, the user terminal 10-1 stores its own private key Ka managed by the key storage unit 104 and the user terminal 10-3 managed by the public ID storage unit 103. a public ID identifying IDc and message fields hash value by inputting the ID [delta] identifies the hash function [delta] h calculated (Ka, IDc, ID [delta]), and generates an encryption key (step S404). Next, the user terminal 10-1 uses the random number p ′ received from the conversion server 20 to generate a value p ′ ⁇ h (Ka, IDc, ID ⁇ ) ⁇ 1 by masking the reciprocal of the decryption key, This is transmitted to the user terminal 10-2 (step S405).
  • a hash value h (Kb, IDa, ID ⁇ ) is calculated by inputting IDa, which is a public ID that identifies the managed user terminal 10-1, and ID ⁇ , which identifies the message field ⁇ , into a hash function, and decryption A key is generated (step S406).
  • the user terminal 10-2 masks the value p ′ ⁇ h (Ka, IDc, ID ⁇ ) ⁇ 1 received from the user terminal 10-1 using the decryption key h (Kb, IDa). , ID ⁇ ) • p ′ • h (Ka, IDc, ID ⁇ ) ⁇ 1 is generated and transmitted to the conversion server 20 (step S407).
  • the conversion server 20 deletes the corresponding conversion key from the conversion key storage unit 203 when receiving the application for deleting the conversion key for proxy browsing of the message M from the user terminal 10-1 or the user terminal 10-3.
  • FIG. 6 is a sequence diagram showing a flow from when the user terminal 10-2 receives the re-ciphertext including the message M in the message field ⁇ addressed to the user terminal 10-1 as a proxy and acquires the message M. .
  • the user terminal 10-2 confirms whether or not a new message M regarding the message field ⁇ addressed to the user terminal 10-1 from the user terminal 10-3 exists in the conversion server 20 (application for proxy browsing). (Step S501).
  • the conversion server 20 converts the conversion key h (Kb, IDa, ID ⁇ ) ⁇ h (Ka, IDc, ID ⁇ ) ⁇ 1 for proxy browsing of the message M from the conversion key storage unit 203. (Step S502), and using this conversion key, the re-ciphertext relating to the message field ⁇ addressed to the user terminal 10-1 generated in step S207 of FIG. Re-encryption is performed again to generate a ciphertext (step S503).
  • the re-ciphertext generated at this time is as follows due to the nature of each operator.
  • the user terminal 10-2 After confirming the new arrival message M, the user terminal 10-2 acquires the ciphertext f (h (Kb, IDa, ID ⁇ ), M) again from the conversion server 20 (step S504).
  • the user terminal 10-2 has its own private key Kb managed by the key storage unit 104 and a public ID for identifying the user terminal 10-1 managed by the public ID storage unit 103.
  • hash enter the ID [delta] identifies the hash function IDa and message fields [delta] value h (Kb, IDa, ID [delta]) were calculated, and generates the decryption key (step S505).
  • the user terminal 10-2 decrypts the ciphertext again using the reciprocal h (Kb, IDa, ID ⁇ ) ⁇ 1 of the decryption key, and obtains the message M (step S506).
  • the ciphertext of the message M addressed to the user terminal 10-1 from the user terminal 10-3 is re-encrypted by the conversion server 20, and the re-ciphertext is sent from the user terminal 10-2.
  • the encrypted message is re-encrypted to generate a re-encrypted text
  • the user terminal 10-2 decrypts the re-encrypted text without using the private key of the user terminal 10-1, and the original message M Can be obtained.
  • the ciphertext of the message M addressed to the user terminal 10-1 is not decrypted in the middle of transmission, so that information is prevented from being leaked due to third party fraud. it can.
  • the mechanism in which the user terminal 10-2 receives the re-ciphertext including the message M in the message field ⁇ addressed to the user terminal 10-1 as a proxy and acquires the message M has been described.
  • the user terminal of the message generating source when encrypting the generated message, does not encrypt the message only with the encryption key of the own user terminal, but instead of encrypting the generated message.
  • Data including an encryption key, information for identifying a communication partner terminal, and information for identifying a message field is generated as an encryption key, and the message is encrypted using the encryption key.
  • the decryption key of the own terminal information for identifying the user terminal of the message generation source that is the communication partner terminal, and information for identifying the message field are included. Necessary. Therefore, the message receiving terminal and its proxy terminal cannot decrypt the ciphertext if the communication partner and the message field are different.
  • each user terminal since each user terminal only needs to manage its own secret key, it becomes easy to manage the secret key.
  • the ID for identifying the communication partner and the message field are used as the identifier ID, but other IDs indicating the validity period of the message are also used.
  • a user terminal that performs proxy browsing of messages by using a plurality of IDs that identify message attributes may be used to finely control the range in which proxy browsing is possible.
  • the key generation process may be dynamically generated at the time of message encryption / decryption, or may be generated in advance and managed by each user terminal.
  • the above embodiment can also be applied to the My Portal system in the social security / tax number system that the Japanese government is considering.
  • the function of the conversion server 20 according to the present embodiment may be constructed on the same physical device as one function of My Portal, or physically separated from My Portal.
  • the portal may construct the function of the conversion server 20 according to the present embodiment on another device only by bridging data.
  • the above embodiment can also be applied to a system for sharing data on a cloud service.

Abstract

For each message sender and for each field of message, viewing of a message by a message receiver is controlled. In a user terminal (10-3) of a user C as a message sender, a secret key of a user terminal (10-1) of a user A as a message receiver and an encryption key including an ID for identifying the user terminal (10-1) as a communication partner of the user terminal (10-3) and an ID for identifying a message field (δ) are used to encrypt a message. In the user terminal (10-1) that receives the message, an encryption message generated by using a conversion key by a conversion server (20) is decrypted with the secret key of the user terminal (10-1) and a decryption key including an ID for identifying the user terminal (10-3) as the communication partner of the user terminal (10-1) and the ID for identifying the message field (δ), and an original message is extracted.

Description

再暗号化方法,再暗号化システム及び再暗号化装置Re-encryption method, re-encryption system, and re-encryption device
 本発明は,暗号文を再暗号化する再暗号化方法,再暗号化システム及び再暗号化装置に関する。 The present invention relates to a re-encryption method, a re-encryption system, and a re-encryption device that re-encrypt ciphertext.
 従来,ある利用者端末宛てメッセージ等の暗号文を送信途中で復号することなく,別の利用者端末の秘密鍵で復号可能な暗号文に再暗号化することで,メッセージ等を安全に送信できるプロキシ再暗号化技術と呼ばれる技術が知られている(例えば,特許文献1参照)。近年、このプロキシ再暗号化技術は、クラウドサービス上でより安全にデータを共有できる技術として注目されている。 Conventionally, a message can be sent safely by re-encrypting it into a ciphertext that can be decrypted with the private key of another user terminal without decrypting the ciphertext of a message addressed to a user terminal during transmission. A technique called proxy re-encryption technique is known (for example, see Patent Document 1). In recent years, this proxy re-encryption technique has attracted attention as a technique that allows data to be shared more securely on a cloud service.
WO2012/147869号公報WO2012 / 147869
 メッセージ送信者及びメッセージの分野ごとに,メッセージ受信者によるメッセージの閲覧を制御したい場合がある。具体例を挙げると,例えばある国民には,国税庁または地方自治体からの税分野に関するメッセージのみを通知し,その他のメッセージ送信者からのメッセージやその他の分野のメッセージは通知したくない場合がある。しかしながら,上記従来技術では,ユーザ装置単位で再暗号鍵をサーバに登録しているため,特定のユーザ装置向けに生成された暗号文が,再暗号鍵を持つ全てのユーザ装置によって復号可能となり,メッセージ送信者及びメッセージの分野ごとに,メッセージ受信者によるメッセージの閲覧を制御することができない。 ∙ You may want to control message browsing by message recipients for each message sender and message field. As a specific example, for example, there may be a case where a certain citizen is notified only of a message regarding the tax field from the National Tax Agency or a local government, and does not want to notify a message from another message sender or a message in another field. However, in the above prior art, since the re-encryption key is registered in the server for each user device, the ciphertext generated for the specific user device can be decrypted by all user devices having the re-encryption key, The browsing of messages by message recipients cannot be controlled by message sender and message field.
 また,実業務では,代理人が本人に代わって様々な処理を行う場合があり,もし本人宛てにデータが暗号化されていると,代理人が代理行為を行えなくなるケースが存在する。それ故,本人宛の暗号化データを本人の代理人が代理閲覧可能な暗号化技術も望まれている。 Also, in actual business, the agent may perform various processes on behalf of the principal, and if the data is encrypted for the principal, the agent may not be able to perform the act of proxy. Therefore, an encryption technology is also desired in which encrypted data addressed to the principal can be viewed by the representative of the principal.
 しかしながら,上記従来技術では,ユーザ装置単位で再暗号鍵をサーバに登録しているため,第一のユーザ装置宛ての全ての暗号文を第二のユーザ装置にて復号可能となり,第一のユーザ装置宛ての暗号文のうち,特定のユーザ装置からの暗号文のみ第二のユーザ装置に復号を許可させるなどの制御を行うことができない。また,第一のユーザ装置宛ての暗号文のうち,同じ分野に関する暗号文のみ第二のユーザ装置に復号を許可させるなどの制御を行うことができない。 However, in the above prior art, since the re-encryption key is registered in the server for each user device, all the ciphertext addressed to the first user device can be decrypted by the second user device, and the first user Of the ciphertext addressed to the device, control such as allowing the second user device to permit only the ciphertext from a specific user device cannot be performed. Also, it is not possible to perform control such as allowing the second user device to permit decryption of only ciphertexts related to the same field among ciphertexts destined for the first user device.
 より具体的にこの課題の状況を一例を用いて説明する。例えば,メッセージを送信するユーザ装置を国税庁および地方自治体が管理する装置とし,第一のユーザ装置を納税者が管理する装置とし,第二のユーザ装置を税理士等の代理人が管理する装置とした場合を想定する。この場合,従来技術では,代理人は納税者宛の暗号文をその内容に関わらず全て復号することができてしまう。本来,納税者が代理人に税に関する代理権限を与えた場合,国税庁から納税者宛てに送信された暗号文または地方自治体から納税者宛に送られた暗号文のうち,税分野に関する暗号文のみ代理人に復号を許可させ代理行為をさせたいとの要求がある。 More specifically, the situation of this problem will be explained using an example. For example, a user device that sends a message is a device that is managed by the NTA and local government, a first user device is a device that is managed by a taxpayer, and a second user device is a device that is managed by an agent such as a tax accountant. Assume a case. In this case, in the prior art, the agent can decrypt all the ciphertext addressed to the taxpayer regardless of the contents. Originally, when the taxpayer has given the agent the authority to act on taxes, only the ciphertext sent to the taxpayer from the National Tax Agency or the ciphertext sent to the taxpayer from the local government is related to the tax field. There is a request to allow an agent to perform decryption and act as an agent.
 本発明は,このような事情に鑑みてなされたものであり,メッセージ送信者及びメッセージの分野ごとに,メッセージ受信者によるメッセージの閲覧を制御する再暗号化方法,再暗号化システム及び再暗号化装置を提供することを目的とする。 The present invention has been made in view of such circumstances, and a re-encryption method, a re-encryption system, and a re-encryption for controlling message viewing by a message receiver for each message sender and message field. An object is to provide an apparatus.
 本発明の代表的な一例は次の通りである。すなわち,本発明は,複数の利用者端末と,該利用者端末とネットワークを介して接続された再暗号化装置と,から構成される再暗号化システムにおける再暗号化方法である。第一の利用者端末は,該第一の利用者端末の秘密鍵,通信相手の第二の利用者端末を識別する情報及び前記第二の利用者端末宛てメッセージの分野を識別する情報を含む暗号鍵を生成し,該暗号鍵を用いて前記メッセージを暗号化し,該暗号化メッセージを前記ネットワークを介して前記再暗号化装置に送信する。前記再暗号化装置は,前記第一の利用者端末から前記暗号化メッセージを前記ネットワークを介して受信し,該受信した暗号化メッセージを記憶部に記憶されている第一の変換鍵を用いて再暗号化し,該再暗号化メッセージを前記記憶部に格納する。前記第二の利用者端末は,前記再暗号化装置から前記再暗号化メッセージを前記ネットワークを介して受信し,該第二の利用者端末の秘密鍵,通信相手の前記第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む復号鍵を生成し,該復号鍵を用いて前記再暗号化メッセージを復号し元の前記メッセージを取得する。 A typical example of the present invention is as follows. That is, the present invention is a re-encryption method in a re-encryption system including a plurality of user terminals and a re-encryption apparatus connected to the user terminals via a network. The first user terminal includes a secret key of the first user terminal, information for identifying the second user terminal of the communication partner, and information for identifying the field of the message addressed to the second user terminal An encryption key is generated, the message is encrypted using the encryption key, and the encrypted message is transmitted to the re-encryption device via the network. The re-encryption device receives the encrypted message from the first user terminal via the network, and uses the first conversion key stored in the storage unit for the received encrypted message. Re-encryption is performed, and the re-encrypted message is stored in the storage unit. The second user terminal receives the re-encrypted message from the re-encryption device via the network, the second user terminal's private key, and the communication partner's first user terminal A decryption key including information identifying the message and information identifying the field of the message is generated, and the re-encrypted message is decrypted using the decryption key to obtain the original message.
 本発明によれば,メッセージ送信者及びメッセージの分野ごとに,メッセージ受信者によるメッセージの閲覧を制御することができる。 According to the present invention, it is possible to control browsing of messages by message receivers for each message sender and message field.
本発明の一実施形態に係る再暗号化システム全体構成例および再暗号化システムを構成する各コンピュータの機能構成例を示す図である。It is a figure which shows the function structural example of each computer which comprises the re-encryption system whole structure example and re-encryption system which concern on one Embodiment of this invention. 変換サーバ20にてメッセージ分野δに関する暗号文を再暗号化する際に用いる変換鍵の登録方法を示すシーケンス図である。FIG. 10 is a sequence diagram showing a conversion key registration method used when the conversion server 20 re-encrypts the ciphertext relating to the message field δ. 利用者端末10-3により利用者端末10-1宛ての,メッセージ分野δに関するメッセージM及びその暗号文を生成し,生成した暗号文を変換サーバ20に送信し,変換サーバ20により暗号文を再暗号化するまでの処理の流れを示すシーケンス図である。The user terminal 10-3 generates a message M related to the message field δ addressed to the user terminal 10-1 and its ciphertext, transmits the generated ciphertext to the conversion server 20, and the conversion server 20 re-encrypts the ciphertext. It is a sequence diagram which shows the flow of a process until it encrypts. 利用者端末10-1により再暗号文を復号し,メッセージ分野δのメッセージMを取得するまでの流れを示すシーケンス図である。FIG. 6 is a sequence diagram showing a flow from decrypting a re-ciphertext by the user terminal 10-1 to obtaining a message M in the message field δ. メッセージMの代理閲覧用の変換鍵を変換サーバ20に登録するまでの流れを示すシーケンス図である。6 is a sequence diagram showing a flow until registration of a conversion key for proxy browsing of a message M in the conversion server 20. FIG. 再暗号文を,利用者端末10-2が代理として受信し,メッセージ分野δのメッセージMを取得するまでの流れを示すシーケンス図である。FIG. 6 is a sequence diagram showing a flow from when a re-ciphertext is received as a proxy by the user terminal 10-2 to obtain a message M in the message field δ. 本実施形態で用いる演算子の意味を説明するための図である。It is a figure for demonstrating the meaning of the operator used by this embodiment.
 以下,本発明の一実施形態について,図面を用いて詳細に説明する。尚,これにより本発明が限定されるものではない。 Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings. However, this does not limit the present invention.
 図1は,本発明の一実施形態に係る再暗号化システム全体構成例および再暗号化システムを構成する各コンピュータの機能構成例を示す図である。 FIG. 1 is a diagram showing an example of the overall configuration of a re-encryption system according to an embodiment of the present invention and an example of the functional configuration of each computer constituting the re-encryption system.
 本実施形態に係る再暗号化システムは,複数の利用者端末(10-1,10-2,10-3)と変換サーバ(再暗号化装置)20とがインターネットなどのネットワーク30を介して互いに接続されて構成されるコンピュータネットワークシステムである。以下では,先ず,各利用者端末(10-1,10-2,10-3)及び変換サーバ20の機能構成と本実施形態で用いる演算子の意味を説明し,次に,利用者Cの利用者端末10―3が特定の分野(以下,メッセージ分野δと記す)に関する利用者Aの利用者端末10―1宛てのデータ(以下,メッセージという)を暗号化し,その暗号化メッセージ(以下,暗号文という)を,変換サーバ20にて再暗号化し,その再暗号文を,利用者端末10-1にて復号して上記メッセージを取得するための仕組みと,利用者Aにより上記メッセージの代理閲覧を許可された利用者Bの利用者端末10-2が上記メッセージを取得するための仕組みを説明する。 In the re-encryption system according to the present embodiment, a plurality of user terminals (10-1, 10-2, 10-3) and a conversion server (re-encryption device) 20 are mutually connected via a network 30 such as the Internet. A computer network system configured to be connected. In the following, first, the functional configuration of each user terminal (10-1, 10-2, 10-3) and the conversion server 20 and the meaning of the operator used in this embodiment will be described. The user terminal 10-3 encrypts data (hereinafter referred to as a message) addressed to the user terminal 10-1 of the user A regarding a specific field (hereinafter referred to as a message field δ), and the encrypted message (hereinafter referred to as a message). A mechanism for re-encrypting the ciphertext in the conversion server 20, decrypting the re-ciphertext in the user terminal 10-1 and obtaining the message, and proxying the message by the user A A mechanism for the user terminal 10-2 of the user B who is permitted to browse to acquire the message will be described.
 先ず,各利用者端末(10-1,10-2,10-3)の機能構成を説明する。図1に示すように各利用者端末(10-1,10-2,10-3)は,各利用者端末(10-1,10-2,10-3)で管理する秘密鍵を生成する秘密鍵生成部101と,動的に暗号鍵・復号鍵等を生成したり,メッセージ分野δに関する再暗号文の生成に必要な暗号鍵(以下,変換鍵という)を登録するための情報を生成する鍵演算部102と,通信相手端末を識別するID(identification)やメッセージ分野δを識別するIDなどメッセージの属性情報を記憶する公開ID記憶部103と,秘密鍵生成部101で生成された秘密鍵を安全に管理する鍵記憶部104と,通信相手端末へのメッセージを生成する情報生成部105と,暗号鍵を用いてメッセージを暗号化し暗号文を生成する暗号処理部106と,暗号文を送受信する暗号文送受信部107と,半導体を用いた一次記憶装置108(メモリともいう)と,メッセージを表示する情報表示部109とから構成することができる。尚
,通信相手を識別するIDは,メールアドレスや身分証明書番号等,公に個人を特定できるものであればよく,利用するシステム毎に予め利用者に通知されているものとする。また,メッセージ分野δを識別するIDは,税分野,社会福祉分野などメッセージが属する分野等を識別する情報であり,利用するシステム毎に予め利用者に通知されているものとする。このような機能を有する各利用者端末(10-1,10-2,10-3)は,一般的なコンピュータにより実現できる。例えば,秘密鍵生成部101,鍵演算部102,情報生成部105,暗号処理部106,暗号文送受信部107は,CPU(Central Processing Unit)等の制御部により実行されるコンピュータプログラムとして実現できる。このコンピュータプログラムは,例えば,ネットワーク30やハードディスク,フラッシュメモリデバイスのような記録媒体を介して配布することができる。公開ID記憶部103,鍵記憶部104は,例えば,ハードディスクやフラッシュメモリデバイスとして実現できる。また,情報表示部109は,例えば液晶表示装置や有機EL(Electro Luminescence)ディスプレイとして実現できる。 First, the functional configuration of each user terminal (10-1, 10-2, 10-3) will be described. As shown in FIG. 1, each user terminal (10-1, 10-2, 10-3) generates a secret key managed by each user terminal (10-1, 10-2, 10-3). Secret key generation unit 101 generates information for dynamically generating an encryption key / decryption key, etc., and registering an encryption key (hereinafter referred to as a conversion key) necessary for generating a re-encrypted text related to the message field δ. A key calculation unit 102 that performs communication, a public ID storage unit 103 that stores message attribute information such as an ID (identification) that identifies a communication partner terminal and an ID that identifies a message field δ, and a secret generated by the secret key generation unit 101 A key storage unit 104 that securely manages a key; an information generation unit 105 that generates a message to a communication partner terminal; an encryption processing unit 106 that generates a ciphertext by encrypting a message using an encryption key; Send and receive ciphertext And parts 107, a primary storage device 108 using a semiconductor (also referred to as memory), can be configured from the information display unit 109 to display a message. The ID for identifying the communication partner is not limited as long as it can identify the individual publicly, such as an e-mail address or identification number, and is assumed to be notified to the user in advance for each system to be used. The ID for identifying the message field δ is information for identifying the field to which the message belongs, such as the tax field and the social welfare field, and is notified to the user in advance for each system to be used. Each user terminal (10-1, 10-2, 10-3) having such a function can be realized by a general computer. For example, the secret key generation unit 101, the key calculation unit 102, the information generation unit 105, the cryptographic processing unit 106, and the ciphertext transmission / reception unit 107 can be realized as a computer program executed by a control unit such as a CPU (Central Processing Unit). The computer program can be distributed via a recording medium such as the network 30, a hard disk, or a flash memory device. The public ID storage unit 103 and the key storage unit 104 can be realized as, for example, a hard disk or a flash memory device. The information display unit 109 can be realized as a liquid crystal display device or an organic EL (Electro Luminescence) display, for example.
 次に,変換サーバ20の機能構成を説明する。図1に示すように,変換サーバ20は,暗号文を送受信する暗号文送受信部201と,変換サーバ20にアップロードされた暗号文がどの利用者端末からどの利用者端末へのメッセージであり,どのメッセージ分野のメッセージであるかを制御する送受信者制御部202と,再暗号化に用いる変換鍵を管理する変換鍵記憶部203と,再暗号文を記憶する再暗号文記憶部204と,変換鍵を登録するための情報を計算したり,乱数を生成する鍵演算部205と,再暗号化処理を行う再暗号化処理部206と,半導体を用いた一次記憶装置207(メモリともいう)とから構成することができる。このような機能を有する変換サーバ20は,一般的なコンピュータにより実現できる。例えば,暗号文送受信部201,送受信者制御部202,鍵演算部205,再暗号化処理部206は,CPU等の制御部により実行されるコンピュータプログラムとして実現できる。このコンピュータプログラムは,例えばネットワーク30やハードディスク,フラッシュメモリデバイスのような記録媒体を介して配布することができる。変換鍵記憶部203,再暗号文記憶部204は,例えば,ハードディスクやフラッシュメモリデバイスとして実現できる。 Next, the functional configuration of the conversion server 20 will be described. As shown in FIG. 1, the conversion server 20 includes a ciphertext transmission / reception unit 201 that transmits and receives ciphertext, a ciphertext uploaded to the conversion server 20 from which user terminal to which user terminal, and which A sender / receiver control unit 202 that controls whether the message is in a message field, a conversion key storage unit 203 that manages a conversion key used for re-encryption, a re-ciphertext storage unit 204 that stores a re-ciphertext, and a conversion key From a key calculation unit 205 that generates information for registering a random number, a re-encryption processing unit 206 that performs re-encryption processing, and a primary storage device 207 (also referred to as a memory) using a semiconductor. Can be configured. The conversion server 20 having such a function can be realized by a general computer. For example, the ciphertext transmission / reception unit 201, the sender / receiver control unit 202, the key calculation unit 205, and the re-encryption processing unit 206 can be realized as a computer program executed by a control unit such as a CPU. This computer program can be distributed via a recording medium such as the network 30, a hard disk, or a flash memory device. The conversion key storage unit 203 and the re-ciphertext storage unit 204 can be realized as, for example, a hard disk or a flash memory device.
 次に,本実施形態で用いる演算子の意味を説明する。図7は,本実施形態で用いる演算子の意味を説明するための図である。図7に示すように,本実施形態では,●(901)とf(,)(902)とh(,,)(903)の三つの演算子を用いる。演算子●(901)は,可換性のあるマスク処理用の演算子であり,例えば,データAをデータBでマスク処理を行うことをB●Aと表す。ここでいうマスク処理とは,データAにデータBを作用させ,別の値に変換させる処理をいう。また,演算子●(901)は,以下の性質を持つ。 Next, the meaning of the operators used in this embodiment will be described. FIG. 7 is a diagram for explaining the meaning of the operators used in this embodiment. As shown in FIG. 7, in the present embodiment, three operators of ● (901), f (,) (902), and h (,,) (903) are used. The operator ● (901) is an operator for commutative mask processing. For example, performing mask processing of data A with data B is represented as B • A. Here, the mask process refers to a process in which data B is applied to data A and converted to another value. Further, the operator ● (901) has the following properties.
 (ア)B●A=A●B
 (イ)C●(B●A)=(C●B)●A
 (ウ)A-1●A=1 (但し,“1”は単位元)
 この様な性質を持つ演算子として,例えば,xorがある。 (A) B ● A = A ● B
(I) C ● (B ● A) = (C ● B) ● A
(C) A -1 ● A = 1 (However, "1" is the unit element)
An example of an operator having such a property is xor.
 ,演算子f(,)(902)は,暗号鍵に関して可換性のある暗号処理演算子であり,例えば,データAを暗号化鍵Kで暗号化を行うことを(f(K, A))と表す。また,演算子f(,)(902)は,以下の性質を持つ。 , Operator f (,) (902) is an encryption processing operator that is commutative with respect to the encryption key. For example, the encryption of data A with the encryption key K (f (K, A) ). The operator f (,) (902) has the following properties.
 (ア)f(K1, f(K2,A))=f((K1●K2), A)=f((K2●K1), A) =f(K2, f(K1, A))
 (イ)f(K1●K2, f(K3, A)) = f(K1●K2●K3, A) = f(K1, f(K2●K3, A)
 (ウ)f(K-1, f(K, A))=f(K-1●K, A) = f(1, A) = A この様な性質を持つ演算子として,例えば,xorがある。尚,演算子●(901)と演算子f(,)(902)は,同じ演算処理を行う演算子として用いても良いし,夫々上記性質を満たす別々の演算処理を行う演算子として用いても良い。尚,復号化処理に関しては,性質(ウ)により,暗号化鍵の逆数(逆元ともいう)を用いて暗号文を再暗号化することにより,データAを復号することができる。 (A) f (K1, f (K2, A)) = f ((K1 ● K2), A) = f ((K2 ● K1), A) = f (K2, f (K1, A))
(A) f (K1 ● K2, f (K3, A)) = f (K1 ● K2 ● K3, A) = f (K1, f (K2 ● K3, A)
(C) f (K −1 , f (K, A)) = f (K −1 ● K, A) = f (1, A) = A As an operator having such a property, for example, xor is is there. The operator ● (901) and the operator f (,) (902) may be used as operators for performing the same arithmetic processing, or may be used as operators for performing different arithmetic processing satisfying the above properties. Also good. Regarding the decryption process, the data A can be decrypted by re-encrypting the ciphertext using the reciprocal number (also referred to as the inverse element) of the encryption key due to the property (c).
 演算子h(,,)(903)は,複数のデータを入力とするハッシュ関数を表す演算子であり,例えば,データAとデータBとデータCとのハッシュ値を生成することを(h(A,B,C))と表す。例えば,データAとデータBとデータCとをxorした値に対するハッシュ値を出力する場合,h(A,B,C)=H((A xor Bxor C))となる。但し,H()は1つのデータを入力とするハッシュ関数であり,例えばSHA256がある。尚,h()に入力するデータが増えた場合,同様に入力値を更にxorで計算しH()に入力する(h(A,B,C,D)=H((A xor B xor Cxor D)))。 An operator h (,,) (903) is an operator representing a hash function that receives a plurality of data as input, and for example, generating a hash value of data A, data B, and data C (h ( A, B, C)). For example, when a hash value for a value obtained by xoring data A, data B, and data C is output, h (A, B, C) = H ((A xor Bxor C)). However, H () is a hash function that receives one piece of data, for example, SHA256. If the data to be input to h () increases, the input value is further calculated by xor and input to H () (h (A, B, C, D) = H ((A (xor B xor Cxor D))).
 尚,これらの演算子は,その性質を満たしていれば良く,必ずしも例に挙げたxor等を用いなくてもよい。 It should be noted that these operators need only satisfy their properties, and it is not always necessary to use the example xor.
 次に,利用者端末10-3がメッセージ分野δに関する利用者端末10-1宛てのメッセージを暗号化し,その暗号文を,変換サーバ20にて再暗号化し,その再暗号文を,利用者端末10-1にて復号して上記メッセージを取得するための仕組みを説明する。図2は,変換サーバ20にてメッセージ分野δに関する暗号文を再暗号化する際に用いる変換鍵の登録方法を示すシーケンス図である。 Next, the user terminal 10-3 encrypts the message addressed to the user terminal 10-1 regarding the message field δ, re-encrypts the ciphertext in the conversion server 20, and converts the re-ciphertext into the user terminal. A mechanism for obtaining the message by decoding in 10-1 will be described. FIG. 2 is a sequence diagram showing a conversion key registration method used when the conversion server 20 re-encrypts the ciphertext relating to the message field δ.
 先ず利用者Cの利用者端末10-3は,利用者Aの利用者端末10-1へメッセージ分野δに関するメッセージの内容を通知するために,利用者端末10-3は,変換サーバ20にてその暗号文を再暗号化する際に用いる変換鍵の登録申請を行う(ステップS001)。 First, the user terminal 10-3 of the user C notifies the user terminal 10-1 of the user A of the content of the message related to the message field δ. An application for registration of a conversion key used when re-encrypting the ciphertext is made (step S001).
 変換サーバ20は,変換鍵登録申請情報を受信すると,乱数pを生成し(ステップS002),その乱数pを変換鍵登録申請元の利用者端末10-3に送信する(ステップS003)。 Upon receiving the conversion key registration application information, the conversion server 20 generates a random number p (step S002) and transmits the random number p to the user terminal 10-3 that is the conversion key registration application source (step S003).
 次に変換サーバ20は,鍵記憶部104にて管理している自身の秘密鍵Kcと,公開ID記憶部103にて管理している利用者端末10-1を識別する公開IDであるIDa及び利用者端末10-1宛てメッセージの分野δを識別するIDδをハッシュ関数に入力してハッシュ値h(Kc,IDa,IDδ)を計算し,暗号鍵を生成する(ステップS004)。次に利用者端末10-3は,ステップS003で受信した乱数pを用いて,暗号鍵の逆数h(Kc,IDa,IDδ-1をマスク処理した値p●h(Kc,IDa,IDδ-1を生成し,これを利用者端末10-1へ送信する(ステップS005)。尚,本実施形態では,使用する演算子f(,)をxor関数として説明しているため,暗号鍵の逆数を乱数pを用いてマスク処理をしたが,必ずしも暗号鍵の逆数である必要はなく,使用する演算子f(,)が異なれば,必要に応じて,暗号鍵から生成される値等を乱数pを用いてマスク処理を行っても良い。 Next, the conversion server 20 has its own private key Kc managed by the key storage unit 104, IDa which is a public ID for identifying the user terminal 10-1 managed by the public ID storage unit 103, and hash value h by entering the ID [delta] identifies the hash function areas [delta] of the user terminal 10-1 addressed message (Kc, IDa, ID [delta]) were calculated, and generates an encryption key (step S004). Next, the user terminal 10-3 masks the reciprocal number h (Kc, IDa, ID δ ) −1 of the encryption key using the random number p received in step S003, and the value p ● h (Kc, IDa, ID δ ) −1 is generated and transmitted to the user terminal 10-1 (step S005). In this embodiment, since the operator f (,) to be used is described as an xor function, the reciprocal number of the encryption key is masked using the random number p. However, the reciprocal number of the encryption key is not necessarily required. If the operator f (,) to be used is different, the value generated from the encryption key may be masked using the random number p as necessary.
 利用者端末10-1は,暗号鍵から生成される値を乱数pを用いてマスク処理した値p●h(Kc,IDa,IDδ-1を受信すると,鍵記憶部104にて管理している自身の秘密鍵Kaと,公開ID記憶部103にて管理している利用者端末10-3を識別する公開IDであるIDc及びメッセージ分野δを識別するIDδをハッシュ関数に入力してハッシュ値h(Ka,IDc,IDδ)を計算し,復号鍵を生成する(ステップS006)。次に利用者端末10-1は,利用者端末10-3から受信したp●h(Kc,IDa,IDδ-1を,復号鍵を用いてマスク処理した値h(Ka,IDc,IDδ)●p●h(Kc,IDa,IDδ-1を生成し,これを変換サーバ20へ送信する(ステップS007)。 Upon receiving the value p-1h (Kc, IDa, ID δ ) −1 obtained by masking the value generated from the encryption key using the random number p, the user terminal 10-1 manages it in the key storage unit 104. Own secret key Ka, IDc which is a public ID for identifying the user terminal 10-3 managed by the public ID storage unit 103, and ID δ for identifying the message field δ are input to the hash function. A hash value h (Ka, IDc, ID δ ) is calculated and a decryption key is generated (step S006). Next, the user terminal 10-1 masks the value h (Ka, IDc, ID) obtained by masking ph (Kc, IDa, ID δ ) −1 received from the user terminal 10-3 using the decryption key. δ ) ● p ● h (Kc, IDa, ID δ ) −1 is generated and transmitted to the conversion server 20 (step S007).
 変換サーバ20は,利用者端末10-1からh(Ka,IDc,IDδ)●p●h(Kc,IDa,IDδ-1を受信すると,この値を乱数pの逆数を用いてマスク処理し,変換鍵p-1●h(Ka,IDc,IDδ)●p●h(Kc,IDa,IDδ-1=h(Ka,IDc,IDδ)●h(Kc,IDa,IDδ-1を計算する(ステップS008)。次に変換サーバ20は,変換鍵h(Ka, IDc,IDδ)●h(Kc,IDa,IDδ-1を,利用者端末10-3から利用者端末10-1宛てのメッセージの分野δに関する変換鍵として,変換鍵記憶部203に登録する(ステップS009)。 When the conversion server 20 receives h (Ka, IDc, ID δ ) • p • h (Kc, IDa, ID δ ) −1 from the user terminal 10-1, this value is masked using the inverse of the random number p. Processed and converted key p −1 ● h (Ka, IDc, ID δ ) ● p ● h (Kc, IDa, ID δ ) −1 = h (Ka, IDc, ID δ ) ● h (Kc, IDa, ID δ ) −1 is calculated (step S008). Next, the conversion server 20 sends the conversion key h (Ka, IDc, ID δ ) ● h (Kc, IDa, ID δ ) −1 to the field of the message addressed to the user terminal 10-1 from the user terminal 10-3. The conversion key relating to δ is registered in the conversion key storage unit 203 (step S009).
 以上説明した変換鍵登録方法により,利用者端末10-1にて管理する秘密鍵Kaと,利用者端末10-3にて管理する秘密鍵Kcが変換サーバ20に漏洩することを防止できる。これにより,第三者にメッセージの内容が漏洩することを防止できる。尚,変換サーバ20は,利用者端末10-1又は利用者端末10-3から変換鍵の削除申請を受信すると,変換鍵記憶部203から該当変換鍵を削除する。 By the conversion key registration method described above, it is possible to prevent the secret key Ka managed by the user terminal 10-1 and the secret key Kc managed by the user terminal 10-3 from leaking to the conversion server 20. Thereby, it is possible to prevent the content of the message from leaking to a third party. When the conversion server 20 receives the conversion key deletion application from the user terminal 10-1 or the user terminal 10-3, the conversion server 20 deletes the corresponding conversion key from the conversion key storage unit 203.
 図3は,利用者端末10-3により利用者端末10-1宛ての,メッセージ分野δに関するメッセージM及びその暗号文を生成し,生成した暗号文を変換サーバ20に送信し,変換サーバ20により暗号文を再暗号化するまでの処理の流れを示すシーケンス図である。 In FIG. 3, the message M related to the message field δ addressed to the user terminal 10-1 and its ciphertext are generated by the user terminal 10-3, the generated ciphertext is transmitted to the conversion server 20, and the conversion server 20 It is a sequence diagram which shows the flow of a process until it re-encrypts a ciphertext.
 先ず利用者端末10-3は,利用者端末10-1宛ての,メッセージ分野δに関するメッセージMを生成する(ステップS201)。次に利用者端末10-3は,鍵記憶部104にて管理している自身の秘密鍵Kcと,公開ID記憶部103にて管理している利用者端末10-1を識別する公開IDであるIDa及びメッセージMのメッセージ分野δを識別するIDδをハッシュ関数に入力してハッシュ値h(Kc,IDa,IDδ)を計算し,暗号鍵を生成する(ステップS202)。次に利用者端末10-3は,生成した暗号鍵h(Kc,IDa,IDδ)を用いてメッセージMを暗号化し,暗号文f(h(Kc,IDa,IDδ),M)を生成する(ステップS203)。次に利用者端末10-3は,この利用者端末10-1宛ての,メッセージ分野δに関する暗号文を変換サーバ20に送信する(ステップS204)。 First, the user terminal 10-3 generates a message M related to the message field δ addressed to the user terminal 10-1 (step S201). Next, the user terminal 10-3 has its own private key Kc managed by the key storage unit 104 and a public ID for identifying the user terminal 10-1 managed by the public ID storage unit 103. there IDa and message M hash value h by entering the ID [delta] identifies the hash function message field [delta] of (Kc, IDa, ID [delta]) were calculated, and generates an encryption key (step S202). Next, the user terminal 10-3 encrypts the message M using the generated encryption key h (Kc, IDa, ID δ ), and generates a ciphertext f (h (Kc, IDa, ID δ ), M). (Step S203). Next, the user terminal 10-3 transmits the ciphertext relating to the message field δ addressed to the user terminal 10-1 to the conversion server 20 (step S204).
 変換サーバ20は,暗号文f(h(Kc,IDa,IDδ),M)を受信すると,変換鍵記憶部203から,利用者端末10-3から利用者端末10-1宛てのメッセージの分野δに関する変換鍵h(Ka, IDc,IDδ)●h(Kc, IDa,IDδ-1を取得し(ステップS205),この変換鍵を用いて,暗号文f(h(Kc,IDa,IDδ),M)を再暗号化する(ステップS206)。この時生成せれる再暗号文は,各演算子の性質より,以下の様になる。f(h(Ka,IDc,IDδ)●h(Kc,IDa,IDδ-1, f(h(Kc,IDa,IDδ),M))=f(((h(Ka,IDc,IDδ)●h(Kc,IDa,IDδ-1)●h(Kc,IDa,IDδ)),M)=f(h(Ka, IDc,IDδ),M)。変換サーバ20は,再暗号文を生成後,その再暗号文を再暗号文記憶部204に格納する。 When the conversion server 20 receives the ciphertext f (h (Kc, IDa, ID δ ), M), the conversion server 20 sends the field of the message addressed to the user terminal 10-1 from the user terminal 10-3 from the conversion key storage unit 203. A conversion key h (Ka, IDc, ID δ ) ● h (Kc, IDa, ID δ ) −1 for δ is acquired (step S205), and ciphertext f (h (Kc, IDa, ID δ ), M) is re-encrypted (step S206). The re-ciphertext generated at this time is as follows due to the nature of each operator. f (h (Ka, IDc, ID δ )) h (Kc, IDa, ID δ ) −1 , f (h (Kc, IDa, ID δ ), M)) = f ((((h (Ka, IDc, ID [ delta] ) h (Kc, IDa, ID [ delta] ) -1 ) h (Kc, IDa, ID [ delta] )), M) = f (h (Ka, IDc, ID [ delta] ), M). After generating the re-ciphertext, the conversion server 20 stores the re-ciphertext in the re-ciphertext storage unit 204.
 図4は,利用者端末10-1により,利用者端末10-3から利用者端末10-1宛てのメッセージ分野δのメッセージを含む再暗号文を復号し,メッセージMを取得するまでの流れを示すシーケンス図である。 FIG. 4 shows a flow from the user terminal 10-1 to decrypting the re-ciphertext including the message in the message field δ addressed to the user terminal 10-1 from the user terminal 10-3 and acquiring the message M. FIG.
 先ず利用者端末10-1は,変換サーバ20に,新着メッセージが存在するか否かを確認する(ステップS301)。新着メッセージが存在する場合,利用者端末10-1は,その再暗号文f(h(Ka, IDc,IDδ),M)を,変換サーバ20の再暗号文記憶部204から取得する(ステップS302)。この暗号文は,利用者端末10-3から利用者端末10-1宛てのメッセージ分野δのメッセージMを含む。次に利用者端末10-1は,再暗号文を復号するための復号鍵を生成する(ステップS303)。具体的には,利用者端末10-1は,鍵記憶部104にて管理している自身の秘密鍵Kaと,公開ID記憶部103にて管理している利用者端末10-3を識別する公開IDであるIDcと,メッセージ分野を識別するIDδをハッシュ関数に入力したハッシュ値h(Ka,IDc,IDδ)を計算することで,復号鍵を生成する。次に利用者端末10-1は,生成した復号鍵の逆数h(Ka,IDc,IDδ-1を用いて,再暗号文f(h(Ka, IDc,IDδ),M)を復号し,メッセージMを取得する(ステップS304)。この時,再暗号文の復号処理は以下の様になる。f(h(Ka,IDc,IDδ-1, f(h(Ka,IDc,IDδ), M))=f(h(Ka,IDc,IDδ-1●h(Ka,IDc,IDδ)), M)=f(1,M)=M。 First, the user terminal 10-1 checks whether or not a new arrival message exists in the conversion server 20 (step S301). If there is a new message, the user terminal 10-1 acquires the re-ciphertext f (h (Ka, IDc, ID δ ), M) from the re-ciphertext storage unit 204 of the conversion server 20 (step S302). This ciphertext includes the message M in the message field δ addressed from the user terminal 10-3 to the user terminal 10-1. Next, the user terminal 10-1 generates a decryption key for decrypting the re-ciphertext (step S303). Specifically, the user terminal 10-1 identifies its own secret key Ka managed by the key storage unit 104 and the user terminal 10-3 managed by the public ID storage unit 103. A decryption key is generated by calculating a hash value h (Ka, IDc, ID δ ) obtained by inputting IDc, which is a public ID, and ID δ identifying the message field into a hash function. Next, the user terminal 10-1 decrypts the reciphered text f (h (Ka, IDc, ID δ ), M) using the reciprocal h (Ka, IDc, ID δ ) −1 of the generated decryption key. Then, the message M is acquired (step S304). At this time, the re-ciphertext decryption process is as follows. f (h (Ka, IDc, ID δ ) −1 , f (h (Ka, IDc, ID δ ), M)) = f (h (Ka, IDc, ID δ ) −1 ● h (Ka, IDc, ID δ )), M) = f (1, M) = M.
 図2~図4を用いて説明したように,本実施形態では,利用者端末10-3が,利用者端末10-3の秘密鍵Kcと,通信相手である利用者端末10-1を識別するIDaと,利用者端末10-1宛てメッセージMのメッセージ分野δを識別するIDδとを含む暗号鍵を生成し,この暗号鍵を用いてメッセージMを暗号化し,その暗号文を変換サーバ20に送信する。変換サーバ20は,事前に生成した変換鍵を用いて,暗号文を再暗号化し,その再暗号文を再暗号文記憶部204に格納する。利用者端末10-1は,変換サーバ20にて自利用者端末10-1宛て新着メッセージMの存在を確認すると,その暗号文を変換サーバ20の再暗号文記憶部204から取得する。そして利用者端末10-1は,利用者端末10-1の秘密鍵Kaと,通信相手である利用者端末10-3を識別するIDcと,利用者端末10-1宛てメッセージMのメッセージ分野δを識別するIDδとを含む復号鍵を生成し,この復号鍵を用いて再暗号文を復号し元のメッセージMを取得する。 As described with reference to FIGS. 2 to 4, in this embodiment, the user terminal 10-3 identifies the secret key Kc of the user terminal 10-3 and the user terminal 10-1 that is the communication partner. to IDa and the user generates an encryption key and a ID [delta] identifies the message field [delta] of the terminal 101 addressed message M, encrypts the message M using the encryption key, the conversion server 20 and the ciphertext Send to. The conversion server 20 re-encrypts the ciphertext using the conversion key generated in advance, and stores the re-ciphertext in the re-ciphertext storage unit 204. When the user terminal 10-1 confirms the existence of the new message M addressed to the user terminal 10-1 at the conversion server 20, the user terminal 10-1 acquires the ciphertext from the re-ciphertext storage unit 204 of the conversion server 20. The user terminal 10-1 then transmits the secret key Ka of the user terminal 10-1, the IDc for identifying the user terminal 10-3 that is the communication partner, and the message field δ of the message M addressed to the user terminal 10-1. A decryption key including ID δ for identifying is generated, and the re-ciphertext is decrypted using this decryption key to obtain the original message M.
 以上,利用者Cの利用者端末10―3が特定のメッセージ分野δに関する利用者Aの利用者端末10―1宛てのメッセージMを暗号化し,その暗号文を,変換サーバ20にて再暗号化し,その再暗号文を,利用者端末10-1にて復号してメッセージMを取得するための仕組みを説明した。このような仕組みにより,利用者端末10-3にて生成されるメッセージのうち,利用者端末10-1宛ての特定のメッセージ分野δに関するメッセージMのみを,第三者に漏洩されることなく,利用者端末10-1で取得することができる。  The user terminal 10-3 of the user C encrypts the message M addressed to the user terminal 10-1 of the user A related to the specific message field δ, and the ciphertext is re-encrypted by the conversion server 20. The mechanism for acquiring the message M by decrypting the re-ciphertext at the user terminal 10-1 has been described. By such a mechanism, only the message M related to the specific message field δ addressed to the user terminal 10-1 among the messages generated by the user terminal 10-3 is not leaked to a third party. It can be acquired at the user terminal 10-1. *
 次に,図5と図6を用いて,利用者AによりメッセージMの代理閲覧を許可された利用者Bの利用者端末10-2がメッセージMを取得するための仕組みを説明する。 Next, a mechanism for the user terminal 10-2 of the user B who is permitted to perform proxy browsing of the message M by the user A to acquire the message M will be described with reference to FIGS.
 図5は,メッセージMの代理閲覧用の変換鍵を変換サーバ20に登録するまでの流れを示すシーケンス図である。 FIG. 5 is a sequence diagram showing a flow until registration of the conversion key for proxy browsing of the message M in the conversion server 20.
 先ず利用者Aの利用者端末10-1は,変換サーバ20に,利用者Bの利用者端末10-2に利用者端末10-3からのメッセージ分野δのメッセージMを代理受信できる権限を与える旨を伝える代理人登録申請を行う(ステップS401)。 First, the user terminal 10-1 of the user A gives the conversion server 20 the authority to proxy-receive the message M in the message field δ from the user terminal 10-3 to the user terminal 10-2 of the user B. An agent registration application is sent to inform the effect (step S401).
 変換サーバ20は,代理人登録申請情報を受信すると,乱数p'を生成し(ステップS402),この乱数p'を利用者端末10-1に送信する(ステップS403)。 Upon receiving the agent registration application information, the conversion server 20 generates a random number p ′ (step S402) and transmits the random number p ′ to the user terminal 10-1 (step S403).
 利用者端末10-1は,乱数p'を受信すると,鍵記憶部104にて管理している自身の秘密鍵Kaと,公開ID記憶部103にて管理している利用者端末10-3を識別する公開IDであるIDc及びメッセージ分野δを識別するIDδをハッシュ関数に入力してハッシュ値h(Ka,IDc,IDδ)を計算し,暗号鍵を生成する(ステップS404)。次に利用者端末10-1は,変換サーバ20から受信した乱数p'を用いて上記復号鍵の逆数をマスク処理した値p'●h(Ka, IDc,IDδ-1を生成し,これを利用者端末10-2へ送信する(ステップS405)。 When the user terminal 10-1 receives the random number p ′, the user terminal 10-1 stores its own private key Ka managed by the key storage unit 104 and the user terminal 10-3 managed by the public ID storage unit 103. a public ID identifying IDc and message fields hash value by inputting the ID [delta] identifies the hash function [delta] h calculated (Ka, IDc, ID [delta]), and generates an encryption key (step S404). Next, the user terminal 10-1 uses the random number p ′ received from the conversion server 20 to generate a value p ′ · h (Ka, IDc, ID δ ) −1 by masking the reciprocal of the decryption key, This is transmitted to the user terminal 10-2 (step S405).
 利用者端末10-2は,p'●h(Ka, IDc,IDδ-1を受信すると,鍵記憶部104にて管理している自身の秘密鍵Kbと,公開ID記憶部103にて管理している利用者端末10-1を識別する公開IDであるIDaとメッセージ分野δを識別するIDδをハッシュ関数に入力してハッシュ値h(Kb,IDa,IDδ)を計算し,復号鍵を生成する(ステップS406)。次に利用者端末10-2は,利用者端末10-1から受信した値p'●h(Ka, IDc,IDδ-1を上記復号鍵を用いてマスク処理した値h(Kb,IDa,IDδ)●p'●h(Ka,IDc,IDδ-1を生成し,これを変換サーバ20へ送信する(ステップS407)。 When the user terminal 10-2 receives p ′ • h (Ka, IDc, ID δ ) −1 , the user terminal 10-2 receives its own private key Kb managed by the key storage unit 104 and the public ID storage unit 103. A hash value h (Kb, IDa, ID δ ) is calculated by inputting IDa, which is a public ID that identifies the managed user terminal 10-1, and ID δ , which identifies the message field δ, into a hash function, and decryption A key is generated (step S406). Next, the user terminal 10-2 masks the value p ′ ● h (Ka, IDc, ID δ ) −1 received from the user terminal 10-1 using the decryption key h (Kb, IDa). , ID δ ) • p ′ • h (Ka, IDc, ID δ ) −1 is generated and transmitted to the conversion server 20 (step S407).
 変換サーバ20は,h(Kb,IDa,IDδ)●p'●h(Ka,IDc,IDδ-1を受信すると,乱数p'の逆数を用いてh(Kb,IDa,IDδ)●p'●h(Ka,IDc,IDδ-1をマスク処理し,変換鍵p'-1●h(Kb,IDa,IDδ)●p'●h(Ka,IDc,IDδ-1=h(Kb,IDa,IDδ)●h(Ka,IDc,IDδ-1を計算し(ステップS408),変換鍵記憶部203に登録する(ステップS409)。尚,変換サーバ20は,利用者端末10-1又は利用者端末10-3からメッセージMの代理閲覧用の変換鍵の削除申請を受信すると,変換鍵記憶部203から該当変換鍵を削除する。 When the conversion server 20 receives h (Kb, IDa, ID δ ) • p ′ • h (Ka, IDc, ID δ ) −1 , h (Kb, IDa, ID δ ) is used using the reciprocal of the random number p ′. ● p ′ ● h (Ka, IDc, ID δ ) −1 is masked and the conversion key p ′ −1 ● h (Kb, IDa, ID δ ) ● p ′ ● h (Ka, IDc, ID δ ) − 1 = h (Kb, IDa, ID δ ) ● h (Ka, IDc, ID δ ) −1 is calculated (step S408) and registered in the conversion key storage unit 203 (step S409). Note that the conversion server 20 deletes the corresponding conversion key from the conversion key storage unit 203 when receiving the application for deleting the conversion key for proxy browsing of the message M from the user terminal 10-1 or the user terminal 10-3.
 図6は,利用者端末10-1宛てのメッセージ分野δのメッセージMを含む再暗号文を,利用者端末10-2が代理として受信しメッセージMを取得するまでの流れを示すシーケンス図である。 FIG. 6 is a sequence diagram showing a flow from when the user terminal 10-2 receives the re-ciphertext including the message M in the message field δ addressed to the user terminal 10-1 as a proxy and acquires the message M. .
 先ず利用者端末10-2は,変換サーバ20に,利用者端末10-3からの利用者端末10-1宛てのメッセージ分野δに関する新着メッセージMが存在するか否かを確認(代理閲覧申請)する(ステップS501)。 First, the user terminal 10-2 confirms whether or not a new message M regarding the message field δ addressed to the user terminal 10-1 from the user terminal 10-3 exists in the conversion server 20 (application for proxy browsing). (Step S501).
 新着メッセージMが存在する場合,変換サーバ20は,変換鍵記憶部203から,メッセージMの代理閲覧用の変換鍵h(Kb,IDa,IDδ)●h(Ka,IDc,IDδ-1を取得し(ステップS502),この変換鍵を用いて,図3のステップS207で生成し,再暗号文記憶部204に格納した利用者端末10-1宛てのメッセージ分野δに関する再暗号文を更に再暗号化し,再々暗号文を生成する(ステップS503)。この時生成される再々暗号文は,各演算子の性質より,以下の様になる。f(h(Kb,IDa,IDδ)●h(Ka,IDc,IDδ-1, f(h(Ka,IDc,IDδ),M))=f(((h(Kb,IDa,IDδ)●h(Ka,IDc,IDδ-1)●h(Ka,IDc,IDδ)),M)=f(h(Kb,IDa,IDδ),M)。 When there is a new message M, the conversion server 20 converts the conversion key h (Kb, IDa, ID δ ) 代理 h (Ka, IDc, ID δ ) −1 for proxy browsing of the message M from the conversion key storage unit 203. (Step S502), and using this conversion key, the re-ciphertext relating to the message field δ addressed to the user terminal 10-1 generated in step S207 of FIG. Re-encryption is performed again to generate a ciphertext (step S503). The re-ciphertext generated at this time is as follows due to the nature of each operator. f (h (Kb, IDa, ID δ )) h (Ka, IDc, ID δ ) −1 , f (h (Ka, IDc, ID δ ), M)) = f ((((h (Kb, IDa, ID [ delta] ) h (Ka, IDc, ID [ delta] ) -1 ) h (Ka, IDc, ID [ delta] )), M) = f (h (Kb, IDa, ID [ delta] ), M).
 利用者端末10-2は,新着メッセージMの確認後,変換サーバ20から再々暗号文f(h(Kb,IDa,IDδ),M)を取得する(ステップS504)。次に利用者端末10-2は鍵記憶部104にて管理されている自身の秘密鍵Kbと,公開ID記憶部103にて管理している利用者端末10-1を識別する公開IDであるIDa及びメッセージ分野δを識別するIDδをハッシュ関数に入力してハッシュ値h(Kb,IDa,IDδ)を計算し,復号鍵を生成する(ステップS505)。次に利用者端末10-2は,復号鍵の逆数h(Kb,IDa,IDδ-1を用いて,再々暗号文を復号し,メッセージMを取得する(ステップS506)。この時,復号処理は以下の様になる。f(h(Kb,IDa,IDδ-1, f(h(Kb,IDa,IDδ),M))=f(h(Kb,IDa,IDδ-1●h(Kb,IDa,IDδ)),M)=f(1,M)=M。 After confirming the new arrival message M, the user terminal 10-2 acquires the ciphertext f (h (Kb, IDa, ID δ ), M) again from the conversion server 20 (step S504). Next, the user terminal 10-2 has its own private key Kb managed by the key storage unit 104 and a public ID for identifying the user terminal 10-1 managed by the public ID storage unit 103. hash enter the ID [delta] identifies the hash function IDa and message fields [delta] value h (Kb, IDa, ID [delta]) were calculated, and generates the decryption key (step S505). Next, the user terminal 10-2 decrypts the ciphertext again using the reciprocal h (Kb, IDa, ID δ ) −1 of the decryption key, and obtains the message M (step S506). At this time, the decoding process is as follows. f (h (Kb, IDa, ID δ ) −1 , f (h (Kb, IDa, ID δ ), M)) = f (h (Kb, IDa, ID δ ) −1 ● h (Kb, IDa, ID δ )), M) = f (1, M) = M.
 このように,利用者端末10-3から利用者端末10-1宛てのメッセージMの暗号文を,変換サーバ20にて,再暗号化し,その再暗号文を,利用者端末10-2からの代理閲覧申請を受けて更に再暗号化して再々暗号文を生成し,利用者端末10-2にて利用者端末10-1の秘密鍵を用いることなく再々暗号文を復号して元のメッセージMを取得できる。また,このような方法を用いることで,利用者端末10-1宛てのメッセージMの暗号文が送信途中で復号されることはないので,第三者の不正行為によって情報が漏洩することを防止できる。 Thus, the ciphertext of the message M addressed to the user terminal 10-1 from the user terminal 10-3 is re-encrypted by the conversion server 20, and the re-ciphertext is sent from the user terminal 10-2. In response to the proxy browsing application, the encrypted message is re-encrypted to generate a re-encrypted text, and the user terminal 10-2 decrypts the re-encrypted text without using the private key of the user terminal 10-1, and the original message M Can be obtained. Also, by using such a method, the ciphertext of the message M addressed to the user terminal 10-1 is not decrypted in the middle of transmission, so that information is prevented from being leaked due to third party fraud. it can.
 以上,利用者端末10-1宛てのメッセージ分野δのメッセージMを含む再暗号文を,利用者端末10-2が代理として受信しメッセージMを取得する仕組みを説明した。 In the foregoing, the mechanism in which the user terminal 10-2 receives the re-ciphertext including the message M in the message field δ addressed to the user terminal 10-1 as a proxy and acquires the message M has been described.
 図5と図6に示した本実施形態によれば,利用者Cの利用者端末10-3にて生成されるメッセージのうち,利用者Aの利用者端末10-1宛ての特定のメッセージ分野δに関するメッセージMのみを,第三者に漏洩することなく,利用者Aの代理人である利用者Bの利用者端末10-2で取得することができる。 According to the present embodiment shown in FIGS. 5 and 6, a specific message field addressed to the user terminal 10-1 of the user A among the messages generated by the user terminal 10-3 of the user C. Only the message M relating to δ can be acquired at the user terminal 10-2 of the user B who is the agent of the user A without leaking to a third party.
 以上説明した実施形態によれば,メッセージ生成元の利用者端末は,生成メッセージを暗号化する際,そのメッセージを自利用者端末の暗号鍵のみで暗号化するのではなく,自利用者端末の暗号鍵と,通信相手端末を識別する情報と,メッセージ分野を識別する情報を含むデータを暗号鍵として生成し,この暗号鍵を用いてメッセージを暗号化する。これにより,通信相手端末でその暗号文を復号するには,自端末の復号鍵と,通信相手端末である上記メッセージ生成元の利用者端末を識別する情報と,上記メッセージ分野を識別する情報が必要となる。よって,メッセージ受信端末及びその代理端末は,通信相手やメッセージ分野が異なれば,上記暗号文を復号できなくなる。 According to the embodiment described above, when encrypting the generated message, the user terminal of the message generating source does not encrypt the message only with the encryption key of the own user terminal, but instead of encrypting the generated message. Data including an encryption key, information for identifying a communication partner terminal, and information for identifying a message field is generated as an encryption key, and the message is encrypted using the encryption key. Thus, in order to decrypt the ciphertext at the communication partner terminal, the decryption key of the own terminal, information for identifying the user terminal of the message generation source that is the communication partner terminal, and information for identifying the message field are included. Necessary. Therefore, the message receiving terminal and its proxy terminal cannot decrypt the ciphertext if the communication partner and the message field are different.
 また,各利用者端末は,自身の秘密鍵のみ管理すれば良いので,秘密鍵の管理が容易となる。 Moreover, since each user terminal only needs to manage its own secret key, it becomes easy to manage the secret key.
 以上,本発明の実施形態を具体的に説明したが,本発明はこれに限定されるものでなく,その趣旨を逸脱しない範囲において種々変更可能である。 The embodiment of the present invention has been specifically described above. However, the present invention is not limited to this, and various modifications can be made without departing from the spirit of the present invention.
 例えば,上記実施形態では,暗号化鍵および復号化鍵を生成する際,通信相手を識別するIDとメッセージ分野を識別IDの2つを識別子として利用したが,その他,メッセージの有効期間を示すIDなど,メッセージの属性を識別するIDを複数用いてメッセージを代理閲覧する利用者端末が代理閲覧できる範囲を細かく制御できるようにしても良い。  For example, in the above embodiment, when generating the encryption key and the decryption key, the ID for identifying the communication partner and the message field are used as the identifier ID, but other IDs indicating the validity period of the message are also used. For example, a user terminal that performs proxy browsing of messages by using a plurality of IDs that identify message attributes may be used to finely control the range in which proxy browsing is possible. *
 また,鍵生成処理は,メッセージの暗号化・復号化の際に動的に生成しても良いし,予め生成して各利用者端末で管理するようにしても良い。 In addition, the key generation process may be dynamically generated at the time of message encryption / decryption, or may be generated in advance and managed by each user terminal.
 また,上記実施形態は,日本政府が検討している社会保障・税番号制度におけるマイ・ポータルシステムへの適用も可能である。マイ・ポータルへの適用の際,本実施形態に係る変換サーバ20の機能をマイ・ポータルの一機能として物理的に同一の機器上に構築しても良いし,物理的には切り離してマイ・ポータルはデータを橋渡しするだけで,本実施形態に係る変換サーバ20の機能を別機器上に構築しても良い。 The above embodiment can also be applied to the My Portal system in the social security / tax number system that the Japanese government is considering. When applying to My Portal, the function of the conversion server 20 according to the present embodiment may be constructed on the same physical device as one function of My Portal, or physically separated from My Portal. The portal may construct the function of the conversion server 20 according to the present embodiment on another device only by bridging data.
 また,上記実施形態は,クラウドサービス上でデータを共有するシステムにも適用できる。 The above embodiment can also be applied to a system for sharing data on a cloud service.
10-1,10-2,10-3・・・利用者端末,20・・・変換サーバ(再暗号化装置),30・・・ネットワーク。 10-1, 10-2, 10-3 ... user terminal, 20 ... conversion server (re-encryption device), 30 ... network.

Claims (12)

  1.  複数の利用者端末と,該利用者端末とネットワークを介して接続された再暗号化装置と,から構成される再暗号化システムにおける再暗号化方法であって,
     第一の利用者端末により,該第一の利用者端末の秘密鍵,通信相手の第二の利用者端末を識別する情報及び前記第二の利用者端末宛てメッセージの分野を識別する情報を含む暗号鍵を生成し,該暗号鍵を用いて前記メッセージを暗号化し,該暗号化メッセージを前記ネットワークを介して前記再暗号化装置に送信し,
     前記再暗号化装置により,前記第一の利用者端末から前記暗号化メッセージを前記ネットワークを介して受信し,該暗号化メッセージを記憶部に記憶されている第一の変換鍵を用いて再暗号化し,該再暗号化メッセージを前記記憶部に格納し,
     前記第二の利用者端末は,前記再暗号化装置から前記再暗号化メッセージを前記ネットワークを介して受信し,該第二の利用者端末の秘密鍵,通信相手の前記第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む復号鍵を生成し,該復号鍵を用いて前記再暗号化メッセージを復号し元の前記メッセージを取得する,
     ことを特徴とする再暗号化方法。     A re-encryption method in a re-encryption system comprising a plurality of user terminals and a re-encryption device connected to the user terminals via a network,
    The first user terminal includes a secret key of the first user terminal, information for identifying the second user terminal of the communication partner, and information for identifying the field of the message addressed to the second user terminal. Generating an encryption key, encrypting the message using the encryption key, and transmitting the encrypted message to the re-encryption device via the network;
    The re-encryption device receives the encrypted message from the first user terminal via the network, and re-encrypts the encrypted message using the first conversion key stored in the storage unit. Storing the re-encrypted message in the storage unit;
    The second user terminal receives the re-encrypted message from the re-encryption device via the network, the second user terminal's private key, and the communication partner's first user terminal Generating a decryption key including information identifying the message and information identifying the field of the message, and decrypting the re-encrypted message using the decryption key to obtain the original message,
    A re-encryption method characterized by the above.
  2.  前記第一の利用者端末により,前記第一の変換鍵の登録申請情報を前記ネットワークを介して前記再暗号化装置に送信し,前記再暗号化装置から第一の乱数を前記ネットワークを介して受信し,前記第一の乱数を用いて前記暗号鍵の逆元をマスク処理した第一の演算結果を前記ネットワークを介して前記第二の利用者端末に送信し,
     前記第二の利用者端末により,前記第一の利用者端末から前記第一の演算結果を前記ネットワークを介して受信し,前記復号鍵を生成し,該復号鍵を用いて前記第一の演算結果をマスク処理した第二の演算結果を前記ネットワークを介して前記再暗号化装置に送信し,
     前記再暗号化装置により,前記第一の利用者端末から前記第一の変換鍵の登録申請情報を前記ネットワークを介して受信し,前記第一の乱数を生成し,該第一の乱数を前記ネットワークを介して前記第一の利用者端末に送信し,前記第二の利用者端末から前記第二の演算結果を前記ネットワークを介して受信し,前記第一の乱数の逆元を用いて前記第二の演算結果をマスク処理した第三の演算結果を前記第一の変換鍵として前記記憶部に格納する,
     ことを特徴とする請求項1に記載の再暗号化方法。     The first user terminal transmits registration application information for the first conversion key to the re-encryption device via the network, and a first random number is transmitted from the re-encryption device via the network. Receiving the first calculation result obtained by masking the inverse element of the encryption key using the first random number and transmitting the second user terminal via the network;
    The second user terminal receives the first calculation result from the first user terminal via the network, generates the decryption key, and uses the decryption key to perform the first calculation. A second operation result obtained by masking the result is transmitted to the re-encryption device via the network;
    The re-encryption device receives the first conversion key registration application information from the first user terminal via the network, generates the first random number, and generates the first random number Transmitting to the first user terminal via the network, receiving the second calculation result from the second user terminal via the network, and using the inverse of the first random number Storing the third calculation result obtained by masking the second calculation result in the storage unit as the first conversion key;
    The re-encryption method according to claim 1.
  3.  前記第二の利用者端末により,前記第一の利用者端末利用者の代理人の登録申請情報を前記ネットワークを介して前記再暗号化装置に送信し,前記再暗号化装置から第二の乱数を前記ネットワークを介して受信し,該第二の利用者端末の秘密鍵,前記第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む暗号鍵を生成し,該暗号鍵の逆元を前記第二の乱数を用いてマスク処理した第四の演算結果を前記ネットワークを介して前記代理人の利用者端末である第三の利用者端末に送信し,
     前記第三の利用者端末により,前記第二の利用者端末から前記第四の演算結果を前記ネットワークを介して受信し,該第三の利用者端末の秘密鍵,前記第二の利用者端末を識別する情報及び前記メッセージの分野を識別する復号鍵を生成し,該復号鍵を用いて前記第三の演算結果をマスク処理した第五の演算結果を前記ネットワークを介して前記再暗号化装置に送信し,
     前記再暗号化装置により,前記第二の利用者端末から前記代理人の登録申請情報を前記ネットワークを介して受信し,前記第二の乱数を生成し,該第二の乱数を前記ネットワークを介して前記第二の利用者端末に送信し,前記第三の利用者端末から前記第五の演算結果を前記ネットワークを介して受信し,前記第二の乱数の逆元を用いて前記第五の演算結果をマスク処理した第六の演算結果を第二の変換鍵として前記記憶部に格納する,
     ことを特徴とする請求項2に記載の再暗号化方法。     The second user terminal transmits registration application information of the first user terminal user's agent to the re-encryption device via the network, and the re-encryption device sends a second random number. And generating a cryptographic key including a secret key of the second user terminal, information for identifying the first user terminal, and information for identifying the field of the message, A fourth computation result obtained by masking the inverse element of the key using the second random number is transmitted to the third user terminal, which is the user terminal of the agent, via the network;
    The third user terminal receives the fourth calculation result from the second user terminal via the network, and receives the secret key of the third user terminal, the second user terminal And a decryption key for identifying the field of the message, and using the decryption key, the fifth operation result obtained by masking the third operation result is transmitted via the network to the re-encryption device. To
    The re-encryption device receives the proxy registration application information from the second user terminal via the network, generates the second random number, and transmits the second random number via the network. To the second user terminal, receive the fifth calculation result from the third user terminal via the network, and use the inverse of the second random number to A sixth calculation result obtained by masking the calculation result is stored in the storage unit as a second conversion key;
    The re-encryption method according to claim 2.
  4.  前記再暗号化装置により,前記第三の利用者端末から前記メッセージの代理閲覧申請情報を前記ネットワークを介して受信し,前記記憶部から前記第二の変換鍵と前記再暗号化メッセージを取得し,前記第二の変換鍵を用いて前記再暗号化メッセージを更に再暗号化し,該再々暗号化メッセージを前記ネットワークを介して前記第三の利用者端末に送信し,
     前記第三の利用者端末により,前記再暗号化装置から前記再々暗号化メッセージを前記ネットワークを介して受信し,該第三の利用者端末の秘密鍵,前記第二の利用者端末を識別する情報及び前記メッセージの分野を識別する復号鍵を生成し,該復号鍵を用いて前記再々暗号化メッセージを復号し元の前記メッセージを取得する,
     ことを特徴とする請求項3に記載の再暗号化方法。     The re-encryption device receives proxy browsing application information of the message from the third user terminal via the network, and acquires the second conversion key and the re-encrypted message from the storage unit. , Further re-encrypting the re-encrypted message using the second conversion key, and transmitting the re-encrypted message to the third user terminal via the network,
    The third user terminal receives the re-encrypted message from the re-encryption device via the network, and identifies the secret key of the third user terminal and the second user terminal Generating a decryption key for identifying information and the field of the message, and decrypting the encrypted message again using the decryption key to obtain the original message;
    The re-encryption method according to claim 3.
  5.  複数の利用者端末と,該利用者端末とネットワークを介して接続された再暗号化装置と,から構成される再暗号化システムであって,
     第一の利用者端末は,該第一の利用者端末の秘密鍵,通信相手の第二の利用者端末を識別する情報及び前記第二の利用者端末宛てメッセージの分野を識別する情報を含む暗号鍵を生成し,該暗号鍵を用いて前記メッセージを暗号化し,該暗号化メッセージを前記ネットワークを介して前記再暗号化装置に送信し,
     前記再暗号化装置は,前記第一の利用者端末から前記暗号化メッセージを前記ネットワークを介して受信し,該暗号化メッセージを記憶部に記憶されている第一の変換鍵を用いて再暗号化し,該再暗号化メッセージを前記記憶部に格納し,
     前記第二の利用者端末は,前記再暗号化装置から前記再暗号化メッセージを前記ネットワークを介して受信し,該第二の利用者端末の秘密鍵,通信相手の前記第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む復号鍵を生成し,該復号鍵を用いて前記再暗号化メッセージを復号し元の前記メッセージを取得する,
     ことを特徴とする再暗号化システム。     A re-encryption system comprising a plurality of user terminals and a re-encryption device connected to the user terminals via a network,
    The first user terminal includes a secret key of the first user terminal, information for identifying the second user terminal of the communication partner, and information for identifying the field of the message addressed to the second user terminal Generating an encryption key, encrypting the message using the encryption key, and transmitting the encrypted message to the re-encryption device via the network;
    The re-encryption device receives the encrypted message from the first user terminal via the network, and re-encrypts the encrypted message using a first conversion key stored in a storage unit. Storing the re-encrypted message in the storage unit;
    The second user terminal receives the re-encrypted message from the re-encryption device via the network, the second user terminal's private key, and the communication partner's first user terminal Generating a decryption key including information identifying the message and information identifying the field of the message, and decrypting the re-encrypted message using the decryption key to obtain the original message,
    A re-encryption system characterized by that.
  6.  前記第一の利用者端末は,前記第一の変換鍵の登録申請情報を前記ネットワークを介して前記再暗号化装置に送信し,前記再暗号化装置から第一の乱数を前記ネットワークを介して受信し,前記第一の乱数を用いて前記暗号鍵の逆元をマスク処理した第一の演算結果を前記ネットワークを介して前記第二の利用者端末に送信し,
     前記第二の利用者端末は,前記第一の利用者端末から前記第一の演算結果を前記ネットワークを介して受信し,前記復号鍵を生成し,該復号鍵を用いて前記第一の演算結果をマスク処理した第二の演算結果を前記ネットワークを介して前記再暗号化装置に送信し,
     前記再暗号化装置は,前記第一の利用者端末から前記第一の変換鍵の登録申請情報を前記ネットワークを介して受信し,前記第一の乱数を生成し,該第一の乱数を前記ネットワークを介して前記第一の利用者端末に送信し,前記第二の利用者端末から前記第二の演算結果を前記ネットワークを介して受信し,前記第一の乱数の逆元を用いて前記第二の演算結果をマスク処理した第三の演算結果を前記第一の変換鍵として前記記憶部に格納する, ことを特徴とする請求項5に記載の再暗号化システム。     The first user terminal transmits registration application information of the first conversion key to the re-encryption device via the network, and a first random number is transmitted from the re-encryption device via the network. Receiving the first calculation result obtained by masking the inverse element of the encryption key using the first random number and transmitting the second user terminal via the network;
    The second user terminal receives the first calculation result from the first user terminal via the network, generates the decryption key, and uses the decryption key to perform the first calculation. A second operation result obtained by masking the result is transmitted to the re-encryption device via the network;
    The re-encryption device receives registration application information of the first conversion key from the first user terminal via the network, generates the first random number, and generates the first random number. Transmitting to the first user terminal via the network, receiving the second calculation result from the second user terminal via the network, and using the inverse of the first random number The re-encryption system according to claim 5, wherein a third calculation result obtained by masking the second calculation result is stored in the storage unit as the first conversion key.
  7.  前記第二の利用者端末は,前記第一の利用者端末利用者の代理人の登録申請情報を前記ネットワークを介して前記再暗号化装置に送信し,前記再暗号化装置から第二の乱数を前記ネットワークを介して受信し,該第二の利用者端末の秘密鍵,通信相手の前記第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む暗号鍵を生成し,該暗号鍵の逆元を前記第二の乱数を用いてマスク処理した第四の演算結果を前記ネットワークを介して前記代理人の利用者端末である第三の利用者端末に送信し,
     前記第三の利用者端末は,前記第二の利用者端末から前記第四の演算結果を前記ネットワークを介して受信し,該第三の利用者端末の秘密鍵,前記第二の利用者端末を識別する情報及び前記メッセージの分野を識別する復号鍵を生成し,該復号鍵を用いて前記第三の演算結果をマスク処理した第五の演算結果を前記ネットワークを介して前記再暗号化装置に送信し,
     前記再暗号化装置は,前記第二の利用者端末から前記代理人の登録申請情報を前記ネットワークを介して受信し,前記第二の乱数を生成し,該第二の乱数を前記ネットワークを介して前記第二の利用者端末に送信し,前記第三の利用者端末から前記第五の演算結果を前記ネットワークを介して受信し,前記第二の乱数の逆元を用いて前記第五の演算結果をマスク処理した第六の演算結果を第二の変換鍵として前記記憶部に格納する,
     ことを特徴とする請求項6に記載の再暗号化システム。     The second user terminal transmits registration application information of the proxy of the first user terminal user to the re-encryption device via the network, and the second random number is transmitted from the re-encryption device. And generating a cryptographic key including a secret key of the second user terminal, information for identifying the first user terminal of the communication partner, and information for identifying the field of the message , Transmitting the fourth calculation result obtained by masking the inverse element of the encryption key using the second random number to the third user terminal which is the user terminal of the agent via the network,
    The third user terminal receives the fourth calculation result from the second user terminal via the network, and receives the secret key of the third user terminal, the second user terminal And a decryption key for identifying the field of the message, and using the decryption key, the fifth operation result obtained by masking the third operation result is transmitted via the network to the re-encryption device. To
    The re-encryption device receives the proxy registration application information from the second user terminal via the network, generates the second random number, and transmits the second random number via the network. To the second user terminal, receive the fifth calculation result from the third user terminal via the network, and use the inverse of the second random number to A sixth calculation result obtained by masking the calculation result is stored in the storage unit as a second conversion key;
    The re-encryption system according to claim 6.
  8.  前記再暗号化装置は,前記第三の利用者端末から前記メッセージの代理閲覧申請情報を前記ネットワークを介して受信し,前記記憶部から前記第二の変換鍵と前記再暗号化メッセージを取得し,前記第二の変換鍵を用いて前記再暗号化メッセージを更に再暗号化し,該再々暗号化メッセージを前記ネットワークを介して前記第三の利用者端末に送信し,
     前記第三の利用者端末は,前記再暗号化装置から前記再々暗号化メッセージを前記ネットワークを介して受信し,該第三の利用者端末の秘密鍵,前記第二の利用者端末を識別する情報及び前記メッセージの分野を識別する復号鍵を生成し,該復号鍵を用いて前記再々暗号化メッセージを復号し元の前記メッセージを取得する,
     ことを特徴とする請求項7に記載の再暗号化システム。     The re-encryption device receives the proxy browsing application information of the message from the third user terminal via the network, and acquires the second conversion key and the re-encrypted message from the storage unit. , Further re-encrypting the re-encrypted message using the second conversion key, and transmitting the re-encrypted message to the third user terminal via the network,
    The third user terminal receives the re-encrypted message from the re-encryption device via the network, and identifies the secret key of the third user terminal and the second user terminal Generating a decryption key for identifying information and the field of the message, and decrypting the encrypted message again using the decryption key to obtain the original message;
    The re-encryption system according to claim 7.
  9.  複数の利用者端末とネットワークを介して接続された再暗号化装置であって,
     演算処理部と記憶部を具備し,
     前記演算処理部は,
     第一の利用者端末から,該第一の利用者端末の秘密鍵,通信相手の第二の利用者端末を識別する情報及び前記第二の利用者端末宛てメッセージの分野を識別する情報を含む暗号化メッセージを前記ネットワークを介して受信し,
     前記受信した暗号化メッセージを前記記憶部に記憶されている第一の変換鍵を用いて再暗号化し,
     前記再暗号化メッセージを前記記憶部に格納し,
     前記第二の利用者端末からの要求に応じて,前記記憶部から前記再暗号化メッセージを取得し,
     前記取得した再暗号化メッセージを前記ネットワークを介して前記第二の利用者端末に送信する,
     ことを特徴とする再暗号化装置。     A re-encryption device connected to a plurality of user terminals via a network,
    An arithmetic processing unit and a storage unit;
    The arithmetic processing unit is
    From the first user terminal, including the secret key of the first user terminal, information for identifying the second user terminal of the communication partner, and information for identifying the field of the message addressed to the second user terminal Receiving an encrypted message over the network;
    Re-encrypting the received encrypted message using the first conversion key stored in the storage unit;
    Storing the re-encrypted message in the storage unit;
    In response to a request from the second user terminal, obtain the re-encrypted message from the storage unit,
    Sending the acquired re-encrypted message to the second user terminal via the network;
    A re-encryption device.
  10.  前記演算処理部は,第一の乱数を生成して前記第一の利用者端末に前記ネットワークを介して送信し,前記第一の利用者端末の秘密鍵,通信相手の第二の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む暗号鍵の逆元を前記第一の乱数を用いてマスク処理した第一の演算結果に対して,前記第二の利用者端末の秘密鍵,通信相手の第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む復号鍵を用いて更にマスク処理した第二の演算結果を,前記第二の利用者端末から前記ネットワークを介して受信し,該第二の演算結果を前記第一の乱数の逆元を用いてマスク処理した第三の演算結果を前記第一の変換鍵として前記記憶部に格納する,
     ことを特徴とする請求項9に記載の再暗号化装置。     The arithmetic processing unit generates a first random number and transmits the first random number to the first user terminal via the network, the secret key of the first user terminal, the second user terminal of the communication partner And a secret of the second user terminal with respect to the first calculation result obtained by masking the inverse element of the encryption key including the information identifying the message field and the information identifying the field of the message using the first random number. From the second user terminal, a second calculation result further masked using a decryption key including a key, information identifying the first user terminal of the communication partner, and information identifying the field of the message is sent from the second user terminal. A third operation result received through the network and masked using the inverse of the first random number is stored in the storage unit as the first conversion key;
    The re-encryption apparatus according to claim 9.
  11.  前記演算処理部は,第二の乱数を生成して前記第二の利用者端末に前記ネットワークを介して送信し,前記第二の利用者端末の秘密鍵,前記第一の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む暗号鍵の逆元を前記第二の乱数を用いてマスク処理した第四の演算結果に対して,前記第二の利用者端末利用者の代理人の第三の利用者端末の秘密鍵,前記第二の利用者端末を識別する情報及び前記メッセージの分野を識別する情報を含む復号鍵を用いて更にマスク処理した第五の演算結果を,前記第三の利用者端末から前記ネットワークを介して受信し,該第五の演算結果を前記第二の乱数の逆元を用いてマスク処理した第六の演算結果を第二の変換鍵として前記記憶部に格納する,
     ことを特徴とする請求項10に記載の再暗号化装置。     The arithmetic processing unit generates a second random number and transmits the second random number to the second user terminal via the network, and identifies the secret key of the second user terminal and the first user terminal Proxy for the second user terminal user for the fourth calculation result obtained by masking the inverse element of the encryption key including the information to identify and the information identifying the field of the message using the second random number. A fifth calculation result further masked using a decryption key including a secret key of the third user terminal of the person, information identifying the second user terminal, and information identifying the field of the message, The sixth calculation result received from the third user terminal via the network and masked using the inverse of the second random number as the fifth calculation result is used as the second conversion key. Store in storage,
    The re-encryption apparatus according to claim 10.
  12.  前記演算処理部は,前記第三の利用者端末から前記メッセージの代理閲覧申請情報を前記ネットワークを介して受信し,前記記憶部から前記第二の変換鍵と前記再暗号化メッセージを取得し,前記第二の変換鍵を用いて前記再暗号化メッセージを更に再暗号化し,該再々暗号化メッセージを前記ネットワークを介して前記第三の利用者端末に送信する,
     ことを特徴とする請求項11に記載の再暗号化装置。     The arithmetic processing unit receives the proxy browsing application information of the message from the third user terminal via the network, acquires the second conversion key and the re-encrypted message from the storage unit, Re-encrypting the re-encrypted message with the second conversion key and transmitting the re-encrypted message to the third user terminal via the network;
    The re-encryption device according to claim 11.
PCT/JP2015/059535 2014-04-09 2015-03-27 Re-encryption method, re-encryption system, and re-encryption device WO2015156145A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201580011026.9A CN106031083A (en) 2014-04-09 2015-03-27 Re-encryption method, re-encryption system, and re-encryption device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014079832A JP2015201773A (en) 2014-04-09 2014-04-09 Re-encryption method, re-encryption system, and re-encryption device
JP2014-079832 2014-04-09

Publications (1)

Publication Number Publication Date
WO2015156145A1 true WO2015156145A1 (en) 2015-10-15

Family

ID=54287722

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/059535 WO2015156145A1 (en) 2014-04-09 2015-03-27 Re-encryption method, re-encryption system, and re-encryption device

Country Status (3)

Country Link
JP (1) JP2015201773A (en)
CN (1) CN106031083A (en)
WO (1) WO2015156145A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112889240A (en) * 2018-10-24 2021-06-01 日本电信电话株式会社 Server device, communication terminal, communication system, and program
CN116028979A (en) * 2023-03-22 2023-04-28 新兴际华集团财务有限公司 Key security management method, device, electronic equipment and computer readable medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6385721B2 (en) * 2014-06-04 2018-09-05 株式会社日立製作所 Re-encryption key generation method, re-encryption method, re-encryption key generation system, and re-encryption system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060215839A1 (en) * 2004-12-22 2006-09-28 Oliver Augenstein Method for handling data
JP2010114682A (en) * 2008-11-06 2010-05-20 Japan Science & Technology Agency Re-encryption system for storage nodes, and method
JP2014027413A (en) * 2012-07-25 2014-02-06 Toshiba Tec Corp Code generation device and code decryption device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2704354B1 (en) * 2011-04-27 2021-04-07 Kabushiki Kaisha Toshiba Re-encryption key generator, re-encryption apparatus, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060215839A1 (en) * 2004-12-22 2006-09-28 Oliver Augenstein Method for handling data
JP2010114682A (en) * 2008-11-06 2010-05-20 Japan Science & Technology Agency Re-encryption system for storage nodes, and method
JP2014027413A (en) * 2012-07-25 2014-02-06 Toshiba Tec Corp Code generation device and code decryption device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
EIJI OKAMOTO: "Cryptogram technology for realization of a bright information society 5. Distribution management of a cipher key", BIT, vol. 23, no. 12, 1 November 1991 (1991-11-01), pages 51 - 59 *
HISAO SAKAZAKI ET AL.: "Kyotsu Kagi Ango Base no Saiango Hoshiki no Kento", 2014 NEN SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY SCIS2014, vol. 2D4-1, 21 January 2014 (2014-01-21), pages 1 - 8 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112889240A (en) * 2018-10-24 2021-06-01 日本电信电话株式会社 Server device, communication terminal, communication system, and program
CN116028979A (en) * 2023-03-22 2023-04-28 新兴际华集团财务有限公司 Key security management method, device, electronic equipment and computer readable medium

Also Published As

Publication number Publication date
JP2015201773A (en) 2015-11-12
CN106031083A (en) 2016-10-12

Similar Documents

Publication Publication Date Title
US11146391B2 (en) Orthogonal access control for groups via multi-hop transform encryption
US8948391B2 (en) Secure communication method
US10177909B1 (en) Managing private key access in multiple nodes
US20150365382A1 (en) Method and apparatus for enforcing storage encryption for data stored in a cloud
WO2016136024A1 (en) Key replacement direction control system, and key replacement direction control method
KR101648364B1 (en) Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption
CN106790037A (en) The instant communication method and system of a kind of User space encryption
JP6302851B2 (en) Re-encryption method, re-encryption system, and re-encryption device
JP6058514B2 (en) Cryptographic processing method, cryptographic system, and server
CN113300999A (en) Information processing method, electronic device, and readable storage medium
WO2015156145A1 (en) Re-encryption method, re-encryption system, and re-encryption device
Reshma et al. Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications
KR101695361B1 (en) Terminology encryption method using paring calculation and secret key
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
JP5491713B2 (en) ENCRYPTION DEVICE, ENCRYPTION PROGRAM, AND METHOD
KR102526114B1 (en) Apparatus and method for encryption and decryption
US11177949B2 (en) Data sharing method, data sharing system, data sharing server, communication terminal and program
CN111953480A (en) Key generation device and method, and operation key generation device and method
JP6385721B2 (en) Re-encryption key generation method, re-encryption method, re-encryption key generation system, and re-encryption system
KR102507864B1 (en) Secure instant messaging method and apparatus thereof
JP7254296B2 (en) Key exchange system, information processing device, key exchange method and program
JP6723908B2 (en) Encrypted data distribution system and method
CN115426331A (en) Mail transmission method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15777167

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15777167

Country of ref document: EP

Kind code of ref document: A1