阅读说明：本技术 检索装置、标签生成装置、查询生成装置、隐匿检索系统、检索程序、标签生成程序以及查询生成程序 (Search device, tag generation device, query generation device, confidential search system, search program, tag generation program, and query generation program ) 是由 川合丰 小关义博 于 2017-05-18 设计创作，主要内容包括：检索装置(60)判定在存储于辅助标签存储部(632)的变换检索词而得到的辅助标签AT中是否存在与变换关键词而得到的辅助查询AQ对应的辅助标签AT。在判定为存在与辅助查询AQ对应的辅助标签AT的情况下,检索装置(60)在存储于加密标签存储部(633)的设定有表示能够访问的属性的访问条件v和检索词的加密标签ET中,确定与设定有表示用户的属性的属性信息x和关键词的检索查询SQ对应的加密标签ET。(A search device (60) determines whether or not an auxiliary tag AT corresponding to an auxiliary query AQ obtained by converting a keyword exists in auxiliary tags AT obtained by converting a search word stored in an auxiliary tag storage unit (632). When it is determined that there is an auxiliary tag AT corresponding to an auxiliary query AQ, a search device (60) specifies an encrypted tag ET corresponding to a search query SQ in which attribute information x indicating an attribute of a user and a keyword are set, from among encrypted tags ET in which access conditions v indicating accessible attributes and search words are set and which are stored in an encrypted tag storage unit (633).)

1. A search device is provided with:

an auxiliary checking unit that determines whether or not an auxiliary tag corresponding to an auxiliary query obtained by converting the keyword exists in auxiliary tags obtained by converting the search term stored in the auxiliary tag storage unit; and

and a main checkup unit that specifies an encrypted tag corresponding to the search query in which attribute information indicating an attribute of the user and the keyword are set, among the encrypted tags in which the access condition indicating an accessible attribute and the search word are set, which are stored in the encrypted tag storage unit, when the auxiliary checkup unit determines that the auxiliary tag corresponding to the auxiliary query exists.

2. The retrieval device of claim 1,

the auxiliary checking unit counts a corresponding number of auxiliary tags corresponding to an auxiliary query obtained by converting a keyword among the auxiliary tags stored in the auxiliary tag storage unit,

the main collating portion specifies the encrypted tag corresponding to the search query among the encrypted tags stored in the encrypted tag storage portion until the number of specified encrypted tags reaches the corresponding number counted by the auxiliary collating portion.

3. The retrieval device according to claim 1 or 2, wherein,

the auxiliary tag is generated by inputting an auxiliary key and the search word in an object mode as a public key encryption or hash function and transforming the search word,

the auxiliary query is generated by inputting the auxiliary key and the keyword to the object mode and transforming the keyword.

4. The retrieval device according to any one of claims 1 to 3,

the main matching unit specifies the encryption tag corresponding to the search query by performing a pairing operation.

5. A tag generation device is provided with:

an auxiliary tag generation unit that generates an auxiliary tag by converting the search term;

an encrypted tag generation unit that generates an encrypted tag in which an access condition indicating an accessible attribute and the search term are set; and

and a tag transmission unit that transmits the auxiliary tag generated by the auxiliary tag generation unit and the encrypted tag generated by the encrypted tag generation unit as a tag for search.

6. The label generation apparatus according to claim 5,

the auxiliary tag generation unit inputs an auxiliary key and the search term to a public key encryption or a hash function, and generates the auxiliary tag by converting the search term.

7. A query generation apparatus, the query generation apparatus comprising:

an auxiliary query generation unit that generates an auxiliary query by converting the keyword;

a search query generation unit that generates a search query in which attribute information indicating an attribute of a user and the keyword are set; and

and a query transmitting unit that transmits the auxiliary query generated by the auxiliary query generating unit and the search query generated by the search query generating unit as a query for search.

8. The query generation apparatus as claimed in claim 7,

the auxiliary query generation unit inputs an auxiliary key and the keyword to a public key encryption or a hash function, and generates the auxiliary query by converting the keyword.

9. A confidential search system comprising a label generation device, a query generation device, and a search device,

the tag generation device is provided with:

an auxiliary tag generation unit that generates an auxiliary tag by converting the search term; and

an encrypted tag generating unit that generates an encrypted tag by setting an access condition indicating an accessible attribute and the search term,

the query generation device is provided with:

an auxiliary query generation unit that generates an auxiliary query by converting the keyword; and

a search query generation unit that generates a search query by setting attribute information indicating an attribute of a user and the keyword,

the search device is provided with:

an auxiliary checking unit that determines whether or not the auxiliary tag corresponding to the auxiliary query generated by the auxiliary query generating unit exists among the auxiliary tags generated by the auxiliary tag generating unit; and

and a main checkup section that specifies the encrypted tag corresponding to the search query generated by the search query generation section among the encrypted tags generated by the encrypted tag generation section, when the auxiliary checkup section determines that the auxiliary tag corresponding to the auxiliary query exists.

10. A search program that causes a computer to execute:

an auxiliary matching process for determining whether or not an auxiliary tag corresponding to an auxiliary query obtained by converting the keyword exists in auxiliary tags obtained by converting the search term stored in the auxiliary tag storage unit; and

and a main matching process of, when it is determined by the auxiliary matching process that the auxiliary tag corresponding to the auxiliary query exists, specifying an encrypted tag corresponding to the search query in which attribute information indicating an attribute of the user and the keyword are set, among the encrypted tags in which the access condition indicating an accessible attribute and the search word are set and which are stored in the encrypted tag storage unit.

11. A tag generation program that causes a computer to execute:

an auxiliary tag generation process of converting the search term to generate an auxiliary tag;

an encrypted tag generation process of setting an access condition indicating an accessible attribute and the search term to generate an encrypted tag; and

and a tag transmission process of transmitting the auxiliary tag generated by the auxiliary tag generation process and the encrypted tag generated by the encrypted tag generation process as tags for retrieval.

12. A query generation program that causes a computer to execute processing of:

an auxiliary query generation process of converting the keyword to generate an auxiliary query;

a search query generation process of setting attribute information indicating an attribute of a user and the keyword to generate a search query; and

query transmission processing of transmitting the auxiliary query generated by the auxiliary query generation processing and the search query generated by the search query generation processing as a query for search.

Technical Field

The present invention relates to a secure search technique capable of executing search processing in a state where data is encrypted.

Background

In recent years, there is a cloud computing technology that executes and provides various services using computational resources in a network, particularly the internet. As these services, the following services can be considered: various data are stored on a network, and only a searcher who is permitted to use the data downloads and uses the data.

However, data stored on the network may include data that needs to be hidden so as not to be leaked to a third party, such as personal information of a user. Such data can be concealed by encryption such as secret key encryption and public key encryption.

By placing the encrypted data on the network in this way, both the concealment of the data and the utilization of cloud computing can be achieved. However, there is a problem that data cannot be searched because it is encrypted. As a technique for solving this problem, there is a hidden search technique. In the confidential search technology, data in an encrypted state can be searched by using a special encryption method.

In the confidential search technology, it is important that a user who searches can access only information that can be searched.

Patent document 1 and non-patent document 1 describe a confidential search technique that can perform access control by using a public key encryption technique such as ID-based encryption and inner product predicate encryption. Non-patent document 2 describes a secret search technique using a public key.

Disclosure of Invention

Problems to be solved by the invention

In the case of the concealed search techniques described in patent literature 1 and non-patent literature 1, it is known that a long search processing time is required. In the case of the confidential search technique described in non-patent document 2, although the search process is faster than the confidential search techniques described in patent document 1 and non-patent document 1, it is impossible to perform encrypted access control.

The purpose of the present invention is to shorten the processing time required for search while achieving flexible access control.

Means for solving the problems

The search device of the present invention includes:

an auxiliary checking unit that determines whether or not an auxiliary tag corresponding to an auxiliary query obtained by converting the keyword exists in auxiliary tags obtained by converting the search term stored in the auxiliary tag storage unit; and

and a main checkup unit that specifies the encrypted tag corresponding to the search query in which the attribute information indicating the attribute of the user and the keyword are set, among the encrypted tags in which the access condition indicating the accessible attribute and the search word are set, which are stored in the encrypted tag storage unit, when the auxiliary checkup unit determines that the auxiliary tag corresponding to the auxiliary query exists.

Effects of the invention

In the present invention, before retrieving an encrypted tag corresponding to a search query, it is determined whether an auxiliary tag corresponding to an auxiliary query exists. Thus, when there is no auxiliary tag corresponding to the auxiliary query, it is not necessary to execute a process of searching for an encrypted tag corresponding to the search query, which requires a long processing time, and the processing time required for the search can be shortened. In addition, flexible access control can be performed for the encrypted tag corresponding to the search query.

Drawings

Fig. 1 is a configuration diagram of a hidden search system 1 according to embodiment 1.

Fig. 2 is a configuration diagram of the common parameter generation apparatus 10 according to embodiment 1.

Fig. 3 is a configuration diagram of the auxiliary key generation device 20 according to embodiment 1.

Fig. 4 is a configuration diagram of the user key generation device 30 according to embodiment 1.

Fig. 5 is a configuration diagram of a label creation device 40 according to embodiment 1.

Fig. 6 is a configuration diagram of the query generation device 50 according to embodiment 1.

Fig. 7 is a configuration diagram of the search device 60 according to embodiment 1.

Fig. 8 is a flowchart of the common parameter generation processing in embodiment 1.

Fig. 9 is a flowchart of the assist key generation process according to embodiment 1.

Fig. 10 is a flowchart of the user key generation process according to embodiment 1.

Fig. 11 is a flowchart of the tag generation processing in embodiment 1.

Fig. 12 is a flowchart of the query generation processing in embodiment 1.

Fig. 13 is a flowchart of the search processing in embodiment 1.

Fig. 14 is a configuration diagram of the common parameter generation apparatus 10 according to modification 2.

Fig. 15 is a configuration diagram of an auxiliary key generation apparatus 20 according to modification 2.

Fig. 16 is a configuration diagram of a user key generation device 30 according to modification 2.

Fig. 17 is a configuration diagram of a label creation device 40 according to modification 2.

Fig. 18 is a configuration diagram of the query generation device 50 according to modification 2.

Fig. 19 is a configuration diagram of a search device 60 according to modification 2.

Detailed Description