US-12621146-B2 - Program execution system, data processing apparatus, program execution method, and program

Abstract

A program execution system includes a data processing apparatus that performs secret calculation in a secure area. The data processing apparatus includes circuitry configured to calculate a result that is obtained by executing a program on data in the secure area, the program being obtained by decrypting a re-encrypted program with a first secret key, and the data being obtained by decrypting re-encrypted data with a second secret key.

Inventors

• Tetsuya Okuda
• Kenji UMAKOSHI

Assignees

• NTT, INC.

Dates

Publication Date

20260505

Application Date

20220302

Claims (8)

1. 1 . A program execution system comprising: a data holding device including first circuitry; a program providing device including second circuitry; and a data processing apparatus including third circuitry configured to perform secret calculation in a secure area, wherein: the second circuitry of the program providing device is configured to transmit, to the data processing apparatus, an encrypted program that is obtained by encrypting a program with a first public key, the first public key corresponding to a first role, the first circuitry of the data holding device is configured to transmit, to the data processing apparatus, encrypted data that is obtained by encrypting data with a second public key, the second public key corresponding to a second role, the third circuitry of the data processing apparatus is configured to confirm whether the program providing device belongs to the first role, and generate a re-encrypted program that is obtained by re-encrypting the encrypted program with a third public key for the program providing device, upon determining that the program providing device belongs to the first role, the second circuitry of the program providing device is configured to transmit, to the data processing apparatus, a first secret key encrypted with a first shared key, the first shared key being shared with the data processing apparatus, the third circuitry of the data processing apparatus is configured to confirm whether the data holding device belongs to the second role, and generate re-encrypted data that is obtained by re-encrypting the encrypted data with a fourth public key for the data holding device, upon determining that the data holding device belongs to the second role, the first circuitry of the data holding device is configured to transmit, to the data processing apparatus, a second secret key encrypted with a second shared key, the second shared key being shared with the data processing apparatus, and the third circuitry of the data processing apparatus is configured to calculate a result that is obtained by executing the program on the data in the secure area, the program being obtained by decrypting the re-encrypted program with the first secret key, and the data being obtained by decrypting the re-encrypted data with the second secret key.
2. 2 . The program execution system according to claim 1 , wherein the third circuitry of the data processing apparatus is configured to set, as the secure area, a first encrypted container whose owner is a user of the program providing device, and calculate the result obtained by executing the program on the data in a set secure area.
3. 3 . The program execution system according to claim 1 , wherein the third circuitry of the data processing apparatus is configured to set, as the secure area, a second encrypted container whose owner is a first user having a trusted relationship with a second user of the program providing device and a third user of the data holding device, and calculate the result obtained by executing the program on the data in a set secure area.
4. 4 . The program execution system according to claim 3 , wherein the third circuitry of the data processing apparatus is configured to transmit, to the program providing device and the data holding device, information indicating that a proposal of a policy for controlling access to the second encrypted container is received, and control, upon occurrence of a condition in which a permission for the policy is sent from each of the program providing device and the data holding device, the access to the second encrypted container according to the policy.
5. 5 . The program execution system according to claim 1 , wherein the third circuitry of the data processing apparatus is configured to confirm whether the program providing device belongs to the first role, on an encrypted container corresponding to the first role, generate the re-encrypted program obtained by re-encrypting the encrypted program with the first public key for the program providing device, upon determining that the program providing device belongs to the first role, confirm whether the data holding device belongs to the second role, on an encrypted container corresponding to the second role, and generate the re-encrypted data obtained by re-encrypting the encrypted data with the second public key for the data holding device, upon determining that the data holding device belongs to the second role.
6. 6 . A data processing apparatus in a program execution system including a data holding device, a program providing device, and the data processing apparatus configured to perform secret calculation in a secure area, the data processing apparatus comprising: circuitry configured to perform receiving, from the program providing device, an encrypted program obtained by encrypting a program with a first public key, the first public key corresponding to a first role; receiving, from the data holding device, encrypted data obtained by encrypting data with a second public key, the second public key corresponding to a second role; confirming whether the program providing device belongs to the first role, and generating a re-encrypted program obtained by re-encrypting the encrypted program with a third public key for the program providing device, upon determining that the program providing device belongs to the first role; receiving, from the program providing device, a first secret key encrypted with a first shared key, the first shared key being shared with the data processing apparatus; confirming whether the data holding device belongs to the second role, and generating re-encrypted data obtained by re-encrypting the encrypted data with a fourth public key for the data holding device, upon determining that the data holding device belongs to the second role; receiving, from the data holding device, a second secret key encrypted with a second shared key, the second shared key being shared with the data processing apparatus; and calculating a result that is obtained by of executing the program on the data in the secure area, the program being obtained by decrypting the re-encrypted program with the first secret key, and the data being obtained by decrypting the re-encrypted data with the second secret key.
7. 7 . A program execution method in a program execution system including a data holding device, a program providing device, and a data processing apparatus that performs secret calculation in a secure area, the program execution method comprising: transmitting, by the program providing device, an encrypted program obtained by encrypting a program with a first public key, the first public key corresponding to a first role, and the encrypted program being transmitted to the data processing apparatus; transmitting, by the data holding device, encrypted data that is obtained by encrypting data with a second public key, the second public key corresponding to a second role, and the encrypted data being transmitted to the data processing apparatus; confirming, by the data processing apparatus, whether the program providing device belongs to the first role, and generating a re-encrypted program obtained by re-encrypting the encrypted program with a third public key for the program providing device, upon determining that the program providing device belongs to the first role; transmitting, by the program providing device, a first secret key encrypted with a first shared key, the first shared key being shared with the data processing apparatus, and the first secret key being transmitted to the data processing apparatus; confirming, by the data processing apparatus, whether the data holding device belongs to the second role, and generating re-encrypted data that is obtained by re-encrypting the encrypted data with a fourth public key for the data holding device, upon determining that the data holding device belongs to the second role; transmitting, by the data holding device, a second secret key encrypted with a second shared key, the second shared key being shared with the data processing apparatus, and the second secret key being transmitted to the data processing apparatus; and calculating, by the data processing apparatus, a result that is obtained by executing the program on the data in the secure area, the program being obtained by decrypting the re-encrypted program with the first secret key, and the data being obtained by decrypting the re-encrypted data with the second secret key.
8. 8 . A non-transitory computer readable storage medium storing a program for causing a computer to execute the program execution method of claim 7 .

Description

TECHNICAL FIELD The present invention relates to a concealment processing technology in an information and communication field. BACKGROUND ART As conventional technologies that perform calculation while concealing data and programs from cloud business operators, for example, there are confidential computing (Non-Patent Literature 1), a confidential VM (Non Patent Literature 2), and the like. By these technologies, for example, it is possible to isolate and keep highly confidential data secret while the data is processed in a cloud. However, in these conventional technologies, in a case where different users hold different data and programs, the risk of such data and programs being leaked to each other is not considered. In addition, there is no concept of performing an access control according to a role, and there is also a problem that a file uploaded to a cloud according to the role, to which a user belongs, cannot be shared among users. CITATION LIST Non-Patent Literature Non-Patent Literature 1: Microsoft Azure Confidential Computing, official website, https://docs.microsoft.com/ja-jp/azure/confidential-computing/overview Non-Patent Literature 2: Google Confidential VM, official website, https://cloud.google.com/compute/confidential-vm/docs?hl=ja SUMMARY OF THE INVENTION Technical Problem The present invention has been made in view of the above aspects, and an object of the present invention is to provide a technology for preventing data leakage to a program provider and program leakage to a data holder and for implementing an access control according to a role, in a case where data held by the data holder is processed by a program provided by the program provider through a data processing device including a secure computing mechanism. Solution to Problem According to the disclosed technology, there is provided a program execution system including: a data holding device; a program providing device; and a data processing device including a mechanism that performs secret calculation in a secure area, in which:the program providing device transmits an encrypted program obtained by encrypting a program P with a public key PKr1 corresponding to a first role to the data processing device;the data holding device transmits encrypted data obtained by encrypting data D with a public key PKr2 corresponding to a second role to the data processing device;the data processing device confirms whether or not the program providing device belongs to the first role, and generates a re-encrypted program obtained by re-encrypting the encrypted program with a public key PKp1 of the program providing device in a case where it is confirmed that the program providing device belongs to the first role;the program providing device transmits a secret key SKp1 encrypted with a shared key Kp1 shared with the data processing device to the data processing device;the data processing device confirms whether or not the data holding device belongs to the second role, and generates re-encrypted data obtained by re-encrypting the encrypted data with a public key PKd2 of the data holding device in a case where it is confirmed that the data holding device belongs to the second role;the data holding device transmits a secret key SKd2 encrypted with a shared key Kd2 shared with the data processing device to the data processing device; and the data processing device calculates a result P(D) of executing the program P obtained by decrypting the re-encrypted program with the secret key SKp1 on the data D obtained by decrypting the re-encrypted data with the secret key SKd2, in the secure area. Advantageous Effects of the Invention According to the disclosed technology, there is provided a technology for preventing data leakage to a program provider and program leakage to a data holder, and for implementing an access control according to a role, in a case where data held by the data holder is processed by a program provided by the program provider through a data processing device including a secure computing mechanism. BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a diagram illustrating a system configuration example in an embodiment of the present invention. FIG. 2 is a diagram illustrating a functional configuration example of a data processing device. FIG. 3 is a diagram illustrating a state in which processing is performed in a secure area. FIG. 4 is a sequence diagram (1/2) of processing in Example 1. FIG. 5 is a sequence diagram (2/2) of the processing in Example 1. FIG. 6 is a sequence diagram (1/2) of processing in Example 2. FIG. 7 is a sequence diagram (2/2) of the processing in Example 2. FIG. 8 is a sequence diagram (1/2) of processing in Example 3. FIG. 9 is a sequence diagram (2/2) of the processing in Example 3. FIG. 10 is a diagram illustrating a hardware configuration example of a device. DESCRIPTION OF EMBODIMENTS An embodiment of the present invention (present embodiment) will be described below with reference to the drawings. The embodi