公开(公告)号：US20170308580A1

公开(公告)日：2017-10-26

申请号：US15509972

申请日：2015-01-26

Applicant: Hitachi, Ltd.

Inventor： Ken NAGANUMA ,  Masayuki YOSHINO ,  Yoshinori SATOU ,  Hisayoshi SATO

IPC: G06F17/30 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08 ,  H04L9/06 ,  H04L29/06 ,  H04L9/00

CPC classification number: G06F16/24566 ,  G06F16/2455 ,  H04L9/008 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/30 ,  H04L63/0428 ,  H04L63/06

Abstract: This data aggregation/analysis system includes a user terminal and a database server. The user terminal comprises, a private key generation unit, an encrypted tabulated data generation unit which encrypts cells of tabulated data, an encrypted analysis query generation unit which generates an encrypted analysis query by encrypting item names of an analysis subject using a private key, and a transmission unit which transmits encrypted tabulated data, etc. The database server comprises: a storage unit which stores encrypted tabulated data, etc.; a tokenization unit which, upon reception of an encrypted analysis query, performs a search process using a searchable code matching function and receiving the encrypted analysis query and encrypted tabulated data as input, and tokenizes each found cell of encrypted tabulated data into a character string, thereby generating partially-tokenized encrypted tabulated data; a data analysis processing unit which receives the partially-tokenized encrypted tabulated data as input and generates a data analysis result; and a transmission unit which transmits the data analysis result to the user terminal.

公开(公告)号：US20180082078A1

公开(公告)日：2018-03-22

申请号：US15558501

申请日：2016-03-15

Applicant: Hitachi, Ltd.

Inventor： Takayuki SUZUKI ,  Go KOJIMA ,  Yoshinori SATOU ,  Keisei FUJIWARA

IPC: G06F21/62 ,  G06F21/60 ,  H04L29/06 ,  G06F17/30

CPC classification number: G06F21/6227 ,  G06F16/21 ,  G06F16/258 ,  G06F21/602 ,  G06F21/62 ,  G06F2221/2107 ,  G06F2221/2125 ,  H04L9/16 ,  H04L63/0428 ,  H04L63/06

Abstract: Encryption methods allowing encrypted data to be stored in a database and processed in the encrypted state have been proposed. However, since it is necessary for an application to use plaintext data, usage is only possible where security is assured. When an application for processing encrypted data stored in a database is used from a user system, the application is launched from the user system via an application extension unit. When the application processes the encrypted data stored in the database, the application extension unit performs a process in which, if an encryption SQL function enabling the encrypted data stored in the database to be processed is registered, the SQL function enabling the function for processing plaintext is replaced with the encryption SQL function, and, if a substitution process is registered, the SQL function is replaced with a substitution process function enabling the substitution process to be performed. It is thereby made possible to process data, without decryption, in a location at which security is not assured.

公开(公告)号：US20170322977A1

公开(公告)日：2017-11-09

申请号：US15524145

申请日：2014-11-07

Applicant: HITACHI, LTD.

Inventor： Ken NAGANUMA ,  Yoshinori SATOU ,  Hisayoshi SATO ,  Masayuki YOSHINO ,  Kunihiko KIDO

IPC: G06F17/30 ,  G06F21/62

CPC classification number: G06F16/24553 ,  G06F16/9024 ,  G06F21/6227 ,  G09C1/00

Abstract: A system for retrieving an encrypted graph, in which a first computer generates an encrypted graph, and a second computer retrieves the encrypted graph, wherein: the first computer generates a secret key, encrypts a graph that includes a start point, an edge, and an end point to generate an encrypted graph, generates an encryption query, transmits encrypted graph data in which the encrypted graph and the encryption query are correlated for each edge and a searchable encryption matching function to the second computer, generates an encrypted graph retrieval query in which a graph to be retrieved is encrypted by the retrievable cryptogram query function, and transmits the generated retrieval query to the second computer; and the second computer, accepts the received encrypted graph retrieval query and encrypted graph data as inputs, and executes a retrieval process using the searchable encryption matching function.