Information processing device, information processing system, and information processing method
The use of homomorphic encryption in supply chain management systems addresses security vulnerabilities by managing item-related information without exchanging private keys, ensuring secure and confidential CFP value transmission.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- DENSO CORP
- Filing Date
- 2024-05-09
- Publication Date
- 2026-06-30
AI Technical Summary
Existing supply chain management systems face security vulnerabilities due to the need for exchanging private keys and decrypted values over networks, which can be intercepted by malicious hackers, and companies are reluctant to disclose carbon footprint (CFP) values due to them being trade secrets.
An information processing device and method using homomorphic encryption that manages item-related information without exchanging private keys or decrypted values over the network, employing a database with private and public keys linked to key names, allowing secure computations and data transmission using encrypted information.
This approach enhances security by preventing interception of decrypted data and maintaining confidentiality of CFP values, as only encrypted information is transmitted, thus protecting trade secrets and improving network security.
Abstract
Description
Cross-reference of related applications
[0001] This application is based on Japanese application number 2023-125000, filed on July 31, 2023, and its contents are incorporated herein by reference. [Technical Field]
[0002] The disclosures in this specification relate to information processing devices. [Background technology]
[0003] With consumers and users becoming increasingly aware of the environment, due diligence, and traceability, there is a growing trend towards demanding and mandating the disclosure of product raw materials, recycling rates, carbon footprint (CFP), and environmentally harmful substances. On the other hand, for companies that are required to disclose such information, disclosing raw materials, recycling rates, and CFP is equivalent to disclosing trade secrets, which are the source of their competitive advantage, and they are strongly resistant to doing so.
[0004] In particular, demands for CFP disclosure are increasing, exemplified by European battery regulations. While CFP may appear to be merely information about carbon dioxide emissions, for competitors, knowing the CFP value allows them to roughly estimate raw materials and processing methods, making it a trade secret in many cases. Furthermore, because CFP values directly influence purchasing decisions and can lead to price negotiations, many companies are reluctant to disclose them.
[0005] Patent Document 1 discloses a supply chain management method for managing transaction records between multiple traders in a supply chain that includes multiple traders.
[0006] Furthermore, Patent Document 2 discloses an encryption system that performs homomorphic operations on encrypted data encrypted with a user's public key, and decrypts the result of the homomorphic operation using a master secret key. [Prior art documents] [Patent Documents]
[0007] [Patent Document 1] International Publication No. 2021 / 002226 [Patent Document 2] Japanese Patent Publication No. 2018-36418 [Overview of the project]
[0008] However, simply using the standard encryption system disclosed in Patent Document 2 for supply chain information management would require the exchange of private keys and decrypted values over the network between regulatory authorities, supply chain management organizations, etc., and servers. Even if the security of the network itself is guaranteed, there is a possibility that malicious hackers could intercept the data and view the decrypted values using illegally obtained private keys, so further security enhancements are necessary.
[0009] This disclosure aims to provide an enhanced security information processing device, information processing system, and information processing method that does not involve any exchange of private keys or decrypted values over the network.
[0010] To achieve the above objective, one disclosed embodiment is an information processing device for managing item-related information concerning items handled by multiple traders constituting a supply chain, comprising: a database that stores multiple sets of private keys and corresponding public keys based on homomorphic encryption, each associated with a key name; an encrypted information acquisition unit that acquires encrypted information obtained by encrypting item-related information using a public key and the key name of the public key used to encrypt the item-related information from the trader's terminal; a key acquisition unit that acquires a private key corresponding to the key name from the database; a decryption information acquisition unit that acquires decrypted information by decrypting the encrypted information using the private key; an encryption processing unit that encrypts the decrypted information and acquires re-encrypted information; and a provisioning unit that provides the re-encrypted information encrypted by the encryption processing unit to the trader's terminal.
[0011] Another disclosed aspect is an information processing system comprising the above-mentioned information processing device and a trader's trading terminal.
[0012] Another disclosed aspect is an information processing method for managing item-related information concerning items handled by multiple traders constituting a supply chain, comprising the steps of: recording each of multiple sets of private keys and corresponding public keys based on homomorphic encryption in a database, linked to a key name; obtaining encrypted information obtained by encrypting item-related information using the public key, and the key name of the public key used to encrypt the item-related information, from the trader's terminal; obtaining a private key corresponding to the key name from the database; obtaining decrypted information by decrypting the encrypted information using the private key; obtaining re-encrypted information by encrypting the decrypted information; and providing the re-encrypted information to the trader's terminal.
[0013] In these embodiments, the encrypted information encrypted using a public key and the name of the key used for encryption are obtained from the trading terminal. The private key is then searched for using the obtained key name to decrypt the encrypted information, and re-encrypted information based on the decrypted information is provided to the trading terminal. As a result, by using the private key within the information processing device, there is no need to distribute the private key. Therefore, even if the security of the network itself is guaranteed, it is possible to prevent malicious hackers from intercepting the data and viewing the values decrypted with the illegally obtained private key, thereby improving security. Furthermore, since the information transmitted from the information processing device to the trading terminal is encrypted, even if it is intercepted by a hacker, the actual values will not be known, further improving security.
[0014] Furthermore, the reference numbers in parentheses above and in the claims are merely examples of correspondences with specific configurations in the embodiments described later, and do not in any way limit the technical scope. In addition, combinations of claims not explicitly stated in the claims are also possible, provided that they do not cause any particular problems with the combination. [Brief explanation of the drawing]
[0015] The purposes and other purposes, features and benefits of this disclosure will be further clarified by the following detailed description with reference to the attached drawings. Those drawings are: [Figure 1] Figure 1 is a diagram illustrating an example of a supply chain in an embodiment of the present disclosure. [Figure 2] Figure 2 is a diagram showing the overall structure of the supply chain management system. [Figure 3] Figure 3 is a block diagram showing the configuration of the trading terminal. [Figure 4] Figure 4 is a block diagram showing the configuration of the management server. [Figure 5] Figure 5 is a block diagram showing the configuration of the regulatory authority / CFP management organization server. [Figure 6] Figure 6 is a flowchart illustrating the details of arithmetic operations on numbers encrypted with different public keys. [Figure 7] Figure 7 is a flowchart showing the details of the bootstrapping process. [Figure 8] Figure 8 is a flowchart showing the details of the data disclosure request. [Figure 9] Figure 9 is a flowchart showing the details of private and public key generation. [Figure 10] Figure 10 is a flowchart showing the details of key name distribution. [Figure 11] Figure 11 is a flowchart showing the details of CFP calculation using homomorphic encryption during the additional / integration process when there is no preceding process. [Figure 12] Figure 12 is a flowchart showing the details of CFP calculation using homomorphic encryption during the additional / integration process when there is a preceding process. [Figure 13] Figure 13 is a flowchart showing the details of CFP calculation using homomorphic encryption during the branching process. [Figure 14]Figure 14 is a flowchart showing the details of CFP calculation using homomorphic encryption when the public keys from the previous step are different. [Figure 15] Figure 15 is a flowchart showing the details of CFP calculation using homomorphic encryption when the number of multiplication and division operations reaches the upper limit. [Figure 16] Figure 16 is a flowchart showing the details of CFP calculation using homomorphic encryption when you want to clear the number of multiplication and division operations. [Figure 17] Figure 17 is a flowchart showing the details of the process when a request for disclosure of CFP values is received from a supervisory authority or CFP management body. [Figure 18] Figure 18 is a flowchart detailing the process for handling requests for disclosure of CFP values from entities other than the supervisory authority or CFP management body. [Modes for carrying out the invention]
[0016] The embodiments of this disclosure will be described below with reference to the drawings. In the embodiments, the same reference numerals may be used for corresponding components to avoid redundant explanations.
[0017] Figure 1 shows an example of a supply chain in an embodiment of the present disclosure. The supply chain SC shown in Figure 1 is a network of traders for delivering industrial products, agricultural products, and marine products to end users. The supply chain SC is constructed by a large number of traders (see companies A-F in Figure 1). The final products supplied by the supply chain SC may be a variety of items, such as automobiles, batteries, semiconductors, fresh food, marine products, food products, flowers, pharmaceuticals, and chemicals.
[0018] In the example in Figure 1, company C purchases product A from company A and product B from company B, and manufactures the final product C. Company C delivers product C to the consumer (user), and the user sells product C to company D as a recycled item. Company D repairs product C and manufactures product D, and delivers parts of product D to companies E and F respectively, and companies E and F manufacture product E and product F, respectively.
[0019] Figure 2 shows an overview of the supply chain management system 1. In the embodiment of this disclosure, the supply chain management system 1 manages transaction records of items traded between each trading party in the supply chain SC as information linked to each trading party. The transaction records are historical information that realizes the traceability (hereinafter sometimes referred to as "traceability") of items traded between trading parties, and include a large amount of information indicating the time and place where the transaction occurred.
[0020] In addition to transaction records, the supply chain management system 1 further manages item-related information related to the items being traded. For example, information related to raw materials, information related to processing and assembly, and information related to distribution are managed as item-related information. Furthermore, as part of the item-related information, the supply chain management system 1 collects and stores information related to greenhouse gas emissions (hereinafter referred to as carbon footprint) (CFP) emitted during each stage of the manufacturing and distribution of the items.
[0021] The supply chain management system 1 can obtain the CFP value of each trader and present it to users, regulatory authorities, and CFP management organizations. The CFP may include the amount of carbon release in processes such as the mining and recycling of raw materials for items, as well as the amount of carbon release in processes related to the disposal of items such as incineration and landfill.
[0022] Furthermore, the greenhouse gas whose emissions are recorded may consist solely of carbon dioxide, or it may include other greenhouse gases, specifically methane, nitrous oxide, hydrofluorocarbons, perfluorocarbons, and sulfur hexafluoride, as appropriate. In this case, the emissions of greenhouse gases other than carbon dioxide will be converted to carbon dioxide emissions and included in the presented carbon footprint value.
[0023] Here, CFP values are often trade secrets within each trader's TR. This is because the general raw materials and processing methods can be inferred from the CFP value. Therefore, many companies do not want to disclose their CFP values to other traders and consumers. Against this backdrop, the supply chain management system 1 performs confidential calculations over the network without exchanging any private keys or numerical values obtained by deciphering each trader's CFP value. The details of the supply chain management system 1 will be explained below based on Figures 2 to 5.
[0024] The supply chain management system 1 consists of numerous trader terminals 100, a management server 200, an application distribution server 200a, and a regulatory authority / CFP management organization server 300. Each element constituting the supply chain management system 1 is connected to the network as a single node and is capable of communicating with one another.
[0025] <Trader Terminal 100> Figure 3 is a block diagram showing the configuration of the trader terminal 100. The trader terminal 100 is an information processing device operated by individual traders. For example, smartphones, tablet devices, and personal computers can be used as trader terminals 100. Each trader terminal 100 is associated with individual companies A to F (see Figure 1). The trader terminal 100 is used by each trader to collect and store transaction records and item-related information. The trader terminal 100 records delivery information, such as from which traders raw materials or parts are purchased and when they were acquired, as well as shipping information, such as to which traders and when they were shipped, as transaction records. Furthermore, the trader terminal 100 records at least cost-related information and CFP values as item-related information.
[0026] The trader terminal 100 has a configuration mainly consisting of a processing circuit 100c. The processing circuit 100c includes a processor 101, RAM (Random Access Memory) 102, a storage unit 103, an input / output interface, and a bus connecting these, and functions as a computer that performs arithmetic processing. The processor 101 is hardware for arithmetic processing coupled with the RAM 102. The storage unit 103 stores an application program (information management application APT) for causing the processing circuit 100c to execute the information processing method according to this disclosure. A display, a code reader (or camera), and a printer are electrically connected to the input / output interface. The display, code reader, and printer may be integrated with the trader terminal 100, or they may be electrically connected to the trader terminal 100 by wire or wireless.
[0027] The trader terminal 100 has functional units such as a key name management unit 112, a UID reading unit 114, an information acquisition unit 116, an information calculation unit 118, an information transmission unit 120, a dedicated key generation unit 122, a transmission request transmission unit 124, and a code generation unit 126, which are executed by the processor 101 on the information management application APT stored in the memory unit 103.
[0028] The key name management unit 112 manages the key names of a set of private and public keys based on homomorphic encryption. In the trader terminal 100 of this embodiment, only the key names are managed, and the set of private and public keys is not managed. The private and public keys are used for encrypting and decrypting item-related information corresponding to trade secrets. Homomorphic encryption is an encryption method that allows data to be processed while it is encrypted, without decrypting the encrypted data. As one type of homomorphic encryption, for example, fully homomorphic encryption such as FHE (Fully Homomorphic Encryption) is used. Fully homomorphic encryption allows addition, subtraction, multiplication, and division while the data is encrypted. Instead of fully homomorphic encryption, multiplicative homomorphic encryption such as RSA encryption and EIGamal encryption, and additive homomorphic encryption such as Goldwasser-Micali encryption and Paillier encryption can be used depending on the processing content of the secret calculation described later.
[0029] The UID reading unit 114 is a code reader that reads codes such as one-dimensional codes or two-dimensional codes (for example, QR Code®) attached to items. The code contains a unique identification ID (hereinafter referred to as UID) generated from transaction records and item-related information.
[0030] The information acquisition unit 116 takes the UID read by the UID reading unit 114 as an argument and requests information including the item's transaction record, item-related information, and key name (hereinafter referred to as traceability information) from the management server 200. The information acquisition unit 116 then obtains the traceability information corresponding to the read UID from the management server 200. The item-related information includes information related to the actions taken by the trader on the item (e.g., processing, assembly, transportation, and storage), as well as the CFP value information mentioned above.
[0031] The information acquisition unit 116 stores the traceability information in the traceability database DBT1, linked to each UID of the item. The information acquisition unit 116 uses the UID as a search key to extract the traceability information corresponding to the UID from the data stored in the traceability database DBT1. The traceability database DBT1 may be a local storage device located at the trader's location, or it may be cloud storage.
[0032] The information processing unit 118 performs various calculations related to traceability information. The specific processing performed by the information processing unit 118 will be described later.
[0033] The information transmission unit 120 transmits the traceability information collected by the trader terminal 100 to the management server 200. The information transmission unit 120 transmits the traceability information to the management server 200, linked to the UID generated by the code generation unit 126.
[0034] The dedicated key generation unit 122 generates a set of private and public keys specifically for the trader handling the trader terminal 100. The set of private and public keys specifically for the trader is not included in the key database DBK of the management server 200. The generated set of private and public keys specifically for the trader is recorded in the dedicated key database DBSK1.
[0035] The data transfer request transmission unit 124 sends various data transfer requests to the management server 200.
[0036] The code generation unit 126 is connected to a printer. The code generation unit 126 causes the printer to output labels on which 2D codes, etc., are printed. The labels are attached to the shipped items and distributed to the next stage of the process along with the shipped items. Alternatively, the 2D code may be laser-engraved or printed directly onto the items. In this case, a laser marker or inkjet printer can be used as the output device instead of a printer.
[0037] <Management Server 200> Figure 4 is a block diagram showing the configuration of the management server 200. The management server 200 and the application distribution server 200a are server devices operated by the administrator of the supply chain SC. The administrator is, for example, an agent entrusted with management operations by the provider of the final product supplied by the supply chain SC (finished product manufacturer). The administrator may also be an agency entrusted with management and auditing operations by a supervisory authority that has supervisory authority over the category to which the final product belongs. The management server 200 and the application distribution server 200a may be an on-premise configuration physically managed by the administrator or a system supplier, etc., or they may be a virtual server configuration located on the cloud.
[0038] The management server 200 is an information processing device primarily composed of a processing circuit 200c. The processing circuit 200c includes a processor 201, RAM 202, storage unit 203, input / output interfaces, and buses connecting them, and functions as a computer that performs arithmetic processing. The processor 201 is hardware for arithmetic processing coupled with RAM 202 and executes programs stored in the storage unit 203.
[0039] The management server 200 is an administrator-side information processing device that manages item-related information concerning items handled by multiple traders constituting the supply chain SC. The storage unit 203 stores an application program (information management app APS) for causing the processing circuit 200c to implement the information processing method described herein. The management server 200 has functional units such as an information transmission unit 212, an encrypted information acquisition unit 214, a key acquisition unit 216, a decryption information acquisition unit 218, an encryption processing unit 229, a provision unit 222, a public key modification unit 224, a key generation unit 226, and a key name disclosure unit 228, through the execution of the information management app APS by the processor 201. The management server 200 includes a key database DBK that stores multiple sets of private keys and corresponding public keys based on homomorphic encryption, each associated with a key name.
[0040] The information transmission unit 212 extracts the traceability information requested by the trader terminal 100 from the traceability database DBT2 and transmits it to the trader terminal 100.
[0041] The encrypted information acquisition unit 214 acquires encrypted information from the trader terminal 100, which is item-related information encrypted using a public key, and the key name of the public key used to encrypt the item-related information. The encrypted information acquisition unit 214 also functions as an information acquisition unit that acquires traceability information from the trader terminal 100. The traceability information acquired by the encrypted information acquisition unit 214 is recorded in the traceability database DBT2, linked to the UID.
[0042] The key acquisition unit 216 acquires the private key corresponding to the key name from the key database DBK.
[0043] The decryption information acquisition unit 218 acquires decryption information by decrypting encrypted information, which is item-related information, using a secret key.
[0044] The encryption processing unit 220 encrypts the decryption information and obtains the re-encrypted information.
[0045] The data provisioning unit 222 is encrypted by the encryption processing unit 220 and the re-encrypted information is provided to the trader terminal 100.
[0046] The public key change unit 224 changes the encrypted information encrypted with public key A to encrypted information encrypted with public key B, which is different from public key A.
[0047] The key generation unit 226 generates a set of private and public keys requested by the supervisory authority / CFP management body.
[0048] The key name disclosure unit 228 discloses the key names of the created private and public key set. For example, the key name disclosure unit 228 discloses the key names of the created keys to the supervisory authority or CFP management body that requested the creation of the keys.
[0049] <Supervisory Authority / CFP Management Organization Server 300> Figure 5 is a block diagram showing the configuration of the supervisory authority / CFP management organization server 300. The supervisory authority / CFP management organization server 300 is a server device operated by the supervisory authority or CFP management organization. The supervisory authority / CFP management organization server 300 may be an on-premises configuration physically managed by the supervisory authority or CFP management organization, or it may be a virtual server configuration located in the cloud.
[0050] The regulatory authority / CFP management organization server 300 is an information processing device primarily composed of a processing circuit 300c. The processing circuit 300c includes a processor 301, RAM 302, storage unit 303, input / output interfaces, and buses connecting them, and functions as a computer that performs arithmetic processing. The processor 301 is hardware for arithmetic processing coupled with RAM 302 and executes programs stored in the storage unit 303.
[0051] The supervisory authority / CFP management organization server 300 is an information processing device for a supervisory authority or CFP management organization. The memory unit 203 stores an application program (information management app APR) for causing the processing circuit 300c to implement the information processing method according to this disclosure. The supervisory authority / CFP management organization server 300 has functional units such as a UID reading unit 312, an information acquisition unit 314, an information calculation unit 316, a key generation request unit 318, a dedicated key generation unit 320, and a transmission request transmission unit 322, through the execution of the information management app APR by the processor 301.
[0052] The UID reading unit 312 is a code reader that reads codes such as one-dimensional or two-dimensional codes (e.g., QR Code®) attached to items. The code contains a unique UID generated from transaction records and item-related information.
[0053] The information acquisition unit 314 requests traceability information from the management server 200 using the UID read by the UID reading unit 312 as an argument, and obtains the traceability information corresponding to the read UID from the management server 200.
[0054] The information processing unit 316 performs various calculations related to traceability information. The specific processing performed by the information processing unit 316 will be described later.
[0055] The key generation request unit 318 requests the management server 200 to generate a set of private and public keys.
[0056] The dedicated key generation unit 320 generates a set of private and public keys specifically for the supervisory authority or CFP management organization handled by the supervisory authority / CFP management organization server 300. The set of private and public keys specific to the supervisory authority or CFP management organization is not included in the key database DBK of the management server 200. The generated set of private and public keys specific to the supervisory authority or CFP management organization is recorded in the dedicated key database DBSK2.
[0057] Next, we will describe the processing using homomorphic encryption performed in the supply chain management system 1 of this embodiment. Exchanging the actual values of the secret key and unencrypted item-related information over the network poses security problems. Therefore, in this embodiment, we utilize the property of homomorphic encryption that allows us to add the numerical values of plaintext information even without the encryption key, as long as we have the encrypted numerical values.
[0058] However, homomorphic encryption has the following limitations: Constraint 1: To add two encrypted numbers together, they must be encrypted with the same encryption key. Constraint 2: Multiplication and division have a limited number of operations, and bootstrapping (decrypting and then re-encrypting) is necessary to prevent the accumulation of calculation errors. However, a private key is required for the decryption necessary during the bootstrapping process. Constraint 3: A secret key is required to know the actual value of the encrypted number.
[0059] The solution to constraints 2 and 3 requires the secret key K. prv Adm A private key K is required, but prv AdmIt is impossible to communicate on the network. Therefore, the processing using the secret key K can be performed on one management server (management server 200 of the present embodiment). prv Adm should be sufficient.
[0060] Regarding Constraint 3, if decryption is performed on one management server, in order to send the actual value obtained by decryption to other servers, it becomes necessary to communicate the actual value obtained by decryption on the network. To avoid this, the terminal that requests decryption creates a set of the secret key K prv and the public key K pub , encrypts the value of 0 with the public key K pub (Enc(0, K pub )), and sends the encrypted data Enc(0, K pub ) of 0 and the encrypted data to be decrypted (Enc(x1, K pub Adm )) to the management server. Then, on the management server side, after decrypting Enc(x1, K pub Adm ) to obtain x1, it adds it to Enc(0, K pub ) and sends Enc(0 + x1, K pub ) to the terminal that requested decryption. The terminal that requested decryption decrypts Enc(0 + x1, K prv ) with its own secret key K pub .
[0061] Regarding the bootstrapping process of Constraint 2, similar to the above idea, Enc(x1, K pub Adm ) is sent to the management server, and the management server decrypts it using the secret key K prv Adm , encrypts the decrypted value again with the public key K pub Adm , and then returns it to the terminal that requested the bootstrapping process.
[0062] Regarding Constraint 1, in order to add encrypted values using different encryption keys, all encrypted numerical values (Enc(x1, K pub Adm1 ), Enc(x2, K pubAdm2 Send the private key K to the management server. prv Adm1 and private key K prv Adm2 After deciphering each and obtaining x1 and x2, x1 + x2 is K pub Adm3 Then encrypt again and Enc(x1+x2,K pub Adm3 ) is returned to the requesting terminal that requested the calculation of the encrypted information.
[0063] The following describes in detail the processing of the supply chain management system 1 to resolve constraints 1 to 3 above without exchanging the actual values of the secret key and unencrypted item-related information over the network, using Figures 6 to 8. The symbols used for explanation are defined below. Note that "industry" refers to a classification of trading companies. K prv Adm1 : The secret key used as the basis for encryption in industry No. 1 K pub Adm1 : Public key used in industry No. 1 N Adm1 Key names used in industry No. 1 K prv Adm2 : The secret key used as the basis for encryption in the industry. K pub Adm2 Public keys used in industry 2 N Adm2 :Key names used in industry 2 K prv Adm3 : The secret key used as the basis for encryption in industry 3 K pub Adm3 Public keys used in industry 3 N Adm3 Key names used in industry 3 x1: Numerical value (Example: The CFP value required to create a product that is the best in the industry) x2: Numerical value (Example: The CFP value required to produce a product in industry 2) x3: Numerical value (Example: The CFP value required to produce a product that is industry standard 3) Enc(x,K pub Adm1 ): The numerical value x is encrypted using the public key used in industry 1. Enc(x,K pub Adm2 ): The numerical value x is encrypted using a public key used in industry 2. Enc(x,K pub Adm3 ): The numerical value x is encrypted using a public key used in industry 3.
[0064] Figure 6 is a flowchart detailing the arithmetic operations on numbers encrypted with different public keys. Using Figure 6, we will explain the arithmetic operations on numbers encrypted with different public keys corresponding to constraint 1. The process begins when a trader terminal 100 of a trader in industry 3 logs in to the management server 200, and the management server 200 authenticates the login.
[0065] In S601, the UID reading unit 114 reads the UIDs attached to the products delivered by the traders in Industry 1 and Industry 2, respectively. In Figure 6, the delivery from the trader terminal 100 of the trader in Industry 1 and the trader terminal 100 of the trader in Industry 2 to the trader terminal 100 of the trader in Industry 3 is shown with dotted lines because the delivery of products represents the movement of physical products, not the exchange of signals.
[0066] In S602, the transmission request unit 124 sends a request to the management server 200 to send traceability information, using the UID read from the server as an argument.
[0067] In S603, the information transmission unit 212 of the management server 200 transmits the traceability information corresponding to the read UID to the trader terminal 100.
[0068] In S604, the information processing unit 118 performs Enc(x1,K) in the acquired traceability information. pub Adm1 ), N Adm1 , Enc(x2,Kpub Adm2 ) and N Adm2 and N Adm3 together with Enc(x1, K pub Adm1 ) and the request for the addition of Enc(x2, K pub Adm2 ) are sent to the encryption information acquisition unit 214 of the management server 200.
[0069] In S605, the key acquisition unit 216 searches for the sets of secret keys and public keys ((K Adm1 , N Adm2 , N Adm3 ) corresponding to N prv Adm1 , K pub Adm1 ), (K prv Adm2 , K pub Adm2 ), (K prv Adm3 , K pub Adm3 )) from the key database DBK and obtains the sets of secret keys and public keys ((K prv Adm1 , K pub Adm1 ), (K prv Adm2 , K pub Adm2 ), (K prv Adm3 , K pub Adm3 )). Further, the decryption information acquisition unit 218 decrypts Enc(x1, K prv Adm1 ), Enc(x2, prv Adm2 ) with the obtained secret keys K pub Adm1 ) to obtain x1 and x2. Further, the encryption processing unit 220 uses x1, x2, and K Kpub Adm2 to calculate the encrypted information Enc(x1 + x2, K pub [[ID=7)) Adm3 pub Adm3 Adm3 ).
[0070] In S606, the supply unit 222 provides encrypted information Enc(x1+x2,K) to the trader terminal 100 of the trader in the industry 3. pub Adm3 Send ).
[0071] In S607, the information processing unit 118 calculates the encrypted information Enc(x1+x2,K pub Adm3 A secret computation is performed to add x3 to ), and the encrypted information is Enc(x1+x2+x3,K pub Adm3 ) is obtained. In this way, the information processing unit 118 functions as a secure computation unit that generates encrypted information by secure computation using the plaintext information of encrypted information and item-related information.
[0072] Through the above process, arithmetic operations on numbers encrypted with different public keys can be performed on a single management server 200. The only information exchanged over the network is the key name and the encrypted information; the private key and the actual decrypted numbers are not exchanged over the network, thus improving security. Furthermore, while public keys may be distributed, in this embodiment, there is no need to distribute even the public key, as the set of private and public keys is managed in the key database DBK of a single management server 200.
[0073] Figure 7 is a flowchart detailing the bootstrapping process. Using Figure 7, we will explain the bootstrapping process corresponding to constraint 2. The process begins when a trader terminal 100 of a trader in industry 3 logs in to the management server 200, and the management server 200 authenticates the login.
[0074] In S701, the information processing unit 118 performs Enc(x3,K pub Adm3 ) and N Adm3 Prepare it.
[0075] In S702, the information transmission unit 120 performs Enc(x3,K pub Adm3 ) and N Adm3 Along with, Enc(x3,Kpub Adm3 A request for the bootstrapping process is sent to the management server 200.
[0076] In S703, the key acquisition unit 216 receives the key name N obtained by the cryptographic information acquisition unit 214. Adm3 The corresponding set of private and public keys (K prv Adm3 , K pub Adm3 ) searches for the set of private and public keys (K) from the key database DBK. prv Adm3 , K pub Adm3 The decryption information acquisition unit 218 obtains the acquired private key K. prv Adm3 Then Enc(x3,K pub Adm3 The encryption processing unit 220 decrypts ) and obtains x3. Furthermore, the encryption processing unit 220 then decrypts x3 and K pub Adm3 Enc(x3,K) is used to encrypt information. pub Adm3 ) is calculated (bootstrapping process).
[0077] In S704, the supply unit 222 provides encrypted information Enc(x3,K) to the trader terminal 100 of the trader in the industry 3. pub Adm3 Send ).
[0078] In S705, the information processing unit 118 updates the number of multiplication and division operations (M Adm3 =0) and the encrypted information Enc(x3,K pub Adm3 Perform multiplication and division on ).
[0079] Through the above process, the bootstrapping process can be performed on a single management server 200. The only information exchanged over the network is the key name and encrypted information; the private key and the actual decrypted numerical value are not exchanged over the network, thus improving security.
[0080] Figure 8 is a flowchart detailing the data disclosure request. Using Figure 8, we will explain the data disclosure request corresponding to constraint 3. The process begins when a trader terminal 100 of a trader in industry 3 logs in to the management server 200, and the management server 200 authenticates the login.
[0081] In S801, the information processing unit 118 calculates the encrypted information to be decrypted: Enc(x3,K pub Adm3 ) and N Adm3 Prepare it.
[0082] In S802, the dedicated key generation unit 122 generates a dedicated secret key K prv and public key K pub Create and prepare the set.
[0083] In S803, the information processing unit 118 processes the public key K pub The numerical value 0 is encrypted using Enc(0,K pub ) calculate.
[0084] In S804, the information transmission unit 120 performs Enc(x3,K pub Adm3 ), N Adm3 and Enc(0,K pub ) together with Enc(x3,K pub Adm3 A data disclosure request is sent to the management server 200.
[0085] In S805, the key acquisition unit 216 retrieves the acquired key name N Adm3 The corresponding set of private and public keys (K prv Adm3 , K pub Adm3 ) searches for the set of private and public keys (K) from the key database DBK. prv Adm3 , K pub Adm3 The decryption information acquisition unit 218 obtains the acquired private key K. prv Adm3 Then Enc(x3,K pubAdm3 The encryption processing unit 220 decrypts ) and obtains x3. Furthermore, the encryption processing unit 220 converts x3 to Enc(0,K pub By a secret computation that adds ) the encrypted information Enc(x3,K pub ) calculate.
[0086] In S806, the supply unit 222 provides encrypted information Enc(x3,K) to the trader terminal 100 of the trader in the industry 3. pub Send ).
[0087] In S807, the information processing unit 118 calculates the encrypted information Enc(x3,K pub ) with a dedicated private key K prv Decode it using this method and obtain x3.
[0088] Through the above process, data disclosure requests can be made on a single management server 200. The only information exchanged over the network is the key name and encrypted information; the private key and the actual decrypted numerical value are not exchanged over the network, thus improving security. In S804, the trader terminal 100 receives the encrypted information Enc(0,K) for the numerical value 0. pub ) is sent to the management server 200, but encrypted information of a predetermined value that is not 0 may also be sent to the management server 200. In this case, the trader should keep track of the predetermined value and subtract it from the value obtained by decrypting the encrypted information sent from the management server 200 in S806.
[0089] Next, the basic flow of implementing the supply chain management system 1 of this embodiment will be explained using Figures 9 to 18. The symbols used for explanation are defined below. K prv AdmY (n): The nth secret key used as the basis for encryption in industry Y. K pub AdmY (n): The nth public key used in industry Y. N AdmY (n): Key name of the nth key used in industry Y M AdmY(n): Current number of multiplication and division operations for the nth key used in industry Y n: Number of key issuances per industry (when indicating different numbers, use n1, n2, ...) Y: A unique designation assigned to each industry (Y1, Y2, ... are used to indicate different industries) K prv Adm (n): The nth secret key used for encryption (if there is no need to discuss by industry) K pub Adm (n): The nth public key used for encryption (when there is no need to discuss by industry) N Adm (n): The name of the nth key used for encryption (when there is no need to discuss by industry) K prv A private key (disposable) created by a company within a certain industry. K pub :K prv Corresponding public key (disposable) x m : Numerical value (Example: CFP value at company m) x: numerical value (e.g., CFP value for a company when it is not necessary to discuss the matter separately for each company) Enc(x,K pub Adm Y (n): The numerical value x is encrypted with the nth public key used in industry Y. Enc(x,K pub Adm (n): The value x encrypted with the nth public key (if there is no need to discuss by industry) Enc(x,K pub ): A numerical value x encrypted with a public key created by a company within a certain industry. R: Branching ratio
[0090] Figure 9 is a flowchart detailing the generation of private and public keys. Using Figure 9, the process flow for generating a set of private and public keys will be explained. The process begins when the supervisory authority / CFP management organization server 300 logs in to the management server 200, and the management server 200 authenticates the login.
[0091] In S901, the key generation request unit 318 sends a key creation request to the key generation unit 226 of the management server 200, with industry information Y as an argument.
[0092] In S902, the key generation unit 226 sets the number of requests n for creating a key for industry information Y, and sets a private key and a public key (K prv AdmY (n), K pub AdmY (n)) and the key names N of these keys AdmY Generate (n).
[0093] In S903, the key generation unit 226 generates a set of private and public keys (K) including industry information Y and the number of creation requests n. prv AdmY (n), K pub AdmY (n)) and the key name N of these keys AdmY (n) is recorded in the key database DBK.
[0094] In S904, the key name disclosure unit 228 discloses the key name N to the supervisory authority / CFP management organization server 300. AdmY Send (n).
[0095] Through the process described above, a set of private and public keys (K) for each industry is stored in the key database DBK within the management server 200. prv AdmY (n), K pub AdmY (n)) and the key names N of these keys AdmY (n) is recorded.
[0096] Figure 10 is a flowchart detailing the distribution of key names. The process flow for distributing key names will be explained using Figure 10. There are two ways to distribute key names. In the method shown in Figure 10(a), the supervisory authority / CFP management organization server 300 directly discloses the key names to the trader terminal 100. For example, the supervisory authority / CFP management organization posts the key names on a homepage created on the supervisory authority / CFP management organization server 300, and administrators using the trader terminal 100 can find and obtain the key name for their industry from the homepage. In the method shown in Figure 10(b), the trader terminal 100 directly obtains the key name from the management server 200. This will be explained in detail below. First, the trader terminal 100 logs in to the management server 200, and the management server 200 authenticates the login. In S1001, the send request transmission unit 124 of the trader terminal 100 sends a key name transmission request to the management server 200 with industry information Y and issuance count n as arguments. In S1002, the key acquisition unit 216 retrieves the key name N from the key database DBK. AdmY Search for and retrieve (n). In S1003, the key name disclosure unit 228 retrieves the key name N. AdmY (n) is sent to the trader terminal 100. This allows the administrator using the trader terminal 100 to obtain the key name of the industry to which they belong.
[0097] Figure 11 is a flowchart detailing the CFP calculation using homomorphic encryption during the addition / integration process when there is no prior step. Using Figure 11, we will explain the CFP calculation using homomorphic encryption during the addition / integration process when there is no prior step. Key name N AdmY The transaction is initiated when the trading terminal 100 of (n) logs in to the management server 200 and the management server 200 authenticates the login.
[0098] In S1101, the send request transmission unit 124 of the trader terminal 100 sends its own key name N AdmYA request to send 0CFP is sent to the management server 200 with (n) as the argument. Here, a request to send 0CFP is encrypted information encrypted with a CFP value of 0. Note that the argument is the key name N. AdmY Instead of (n), you may specify industry information Y and the number of issues n.
[0099] In S1102, the key acquisition unit 216 retrieves the key name N from the key database DBK. AdmY Using (n), the public key K pub AdmY Search for and retrieve (n).
[0100] In S1103, the encryption processing unit 220 obtains the public key K pub AdmY Encrypted information obtained by encrypting the number 0 using (n) (0CFP encryption) Enc(0,K pub AdmY Calculate (n).
[0101] In S1104, the providing unit 222 provides the encrypted information Enc(0,K pub AdmY (n)) is sent to the trader terminal 100.
[0102] In S1105, the information processing unit 118 converts the measured CFP value x1 related to the company's product into encrypted information Enc(0,K pub AdmY Perform a secret computation on (n) and add it to the encrypted information Enc(x1,K pub AdmY Get (n).
[0103] In S1106, the trader terminal 100 has UID, CFP value x1, key name N AdmY (n), encrypted CFP(Enc(x1,K pub AdmY (n))), Number of multiplication and division operations M AdmY Traceability information including (n)=0 is recorded in the traceability database DBT1.
[0104] In S1107, the information transmission unit 120 transmits the traceability information recorded in the traceability database DBT1 to the management server 200. Subsequently, the product with the UID is delivered to the next company in the process.
[0105] In S1108, the management server 200 records the traceability information transmitted from the trader terminal 100 in the traceability database DBT2.
[0106] Figure 12 is a flowchart detailing the CFP calculation using homomorphic encryption during the addition / integration process when there is a preceding process. Using Figure 12, we will explain the CFP calculation using homomorphic encryption when there is a preceding process during the addition / integration process. Key name N AdmY The trading terminal 100 of the current process company (n) logs in to the management server 200, and the process starts when the management server 200 authenticates the login.
[0107] In S1201, the UID reading unit 114 of the trader terminal 100 at the current process company reads the UID attached to the product delivered from the previous process company.
[0108] In S1202, the information acquisition unit 116 sends a request to the management server 200 to send traceability information, with the UID read from the unit as an argument.
[0109] In S1203, the information transmission unit 212 transmits the traceability information corresponding to the read UID to the information acquisition unit 116 of the trader terminal 100.
[0110] In S1204, the information processing unit 118 calculates the key name N of the upstream company in the acquired traceability information. AdmY (n) and the company's key name N AdmY Compare with (n) and confirm that the key names of both companies match.
[0111] In S1205, the information processing unit 118 calculates the encrypted information Enc(x1,K) within the acquired traceability information. pub AdmYA secret computation is performed by adding the CFP value x2 for the company's product to (n), and the encrypted information is Enc(x1+x2,K pub AdmY Get (n).
[0112] In S1206, the trader terminal 100 has UID, CFP value x2, key name N AdmY (n), encrypted CFP(Enc(x2,K pub AdmY (n)), Enc(x1+x2,K pub AdmY (n))), Number of multiplication and division operations M AdmY The traceability information including (n) is recorded in the traceability database DBT1.
[0113] In S1207, the information transmission unit 120 transmits the traceability information recorded in the traceability database DBT1 to the management server 200. Subsequently, the product with the UID is delivered to the next company in the process.
[0114] In S1208, the management server 200 records the traceability information transmitted from the trader terminal 100 in the traceability database DBT2.
[0115] Figure 13 is a flowchart detailing the CFP calculation using homomorphic encryption during the branching process. Figure 13 will be used to explain the CFP calculation using homomorphic encryption during the branching process. Key name N AdmY The trading terminal 100 of the current process company (n) logs in to the management server 200, and the process starts when the management server 200 authenticates the login.
[0116] In S1301, the UID reading unit 114 of the trading terminal 100 at the current process company reads the UID attached to the product delivered from the previous process company.
[0117] In S1302, the information acquisition unit 116 sends a request to the management server 200 to send traceability information, with the UID read from the unit as an argument.
[0118] In S1303, the information transmission unit 212 transmits the traceability information corresponding to the read UID to the information acquisition unit 116 of the trader terminal 100.
[0119] In S1304, the information processing unit 118 calculates the key name N of the upstream company in the acquired traceability information. AdmY (n) and the company's key name N AdmY Compare with (n) and confirm that the key names of both companies match.
[0120] In S1305, the information processing unit 118 calculates the encrypted information Enc(x1,K) within the acquired traceability information. pub AdmY A secret computation is performed by adding the CFP value x2 for the company's product to (n), and the encrypted information is Enc(x1+x2,K pub AdmY (n)) is obtained. Furthermore, the information processing unit 118 obtains the encrypted information Enc(x1+x2,K pub AdmY Multiply (n) by the branching ratio R, and the number of multiplication and division operations M AdmY Add 1 to (n). Note that multiplying by the branching ratio R is the calculation process when delivering a portion of the product corresponding to the branching ratio R to the next processing company.
[0121] In S1306, the trader terminal 100 has UID, CFP value x2, key name N AdmY (n), encrypted CFP(Enc(x2,K pub AdmY (n)), Enc(x1+x2,K pub AdmY (n))), Number of multiplication and division operations M AdmY The traceability information including (n) is recorded in the traceability database DBT1.
[0122] In S1307, the information transmission unit 120 transmits the traceability information recorded in the traceability database DBT1 to the management server 200. Subsequently, the product with the UID is delivered to the next company in the process.
[0123] In S1308, the management server 200 records the traceability information transmitted from the trader terminal 100 in the traceability database DBT2.
[0124] Figure 14 is a flowchart detailing CFP calculation using homomorphic encryption when the public keys of the preceding process are different. Using Figure 14, we will explain CFP calculation using homomorphic encryption when the public keys of the preceding company and the current company are different. Key name N AdmY2 The trading terminal 100 of the current process company (n2) logs in to the management server 200, and the process starts when the management server 200 authenticates the login.
[0125] In S1401, the UID reading unit 114 of the trading terminal 100 at the current process company reads the UID attached to the product delivered from the previous process company.
[0126] In S1402, the information acquisition unit 116 sends a request to the management server 200 to send traceability information, with the UID read from the unit as an argument.
[0127] In S1403, the information transmission unit 212 transmits the traceability information corresponding to the read UID to the information acquisition unit 116 of the trader server 100.
[0128] In S1404, the information processing unit 118 calculates the key name N of the upstream company in the acquired traceability information. AdmY1 (n1) and the company's key name N AdmY2 Compare this with (n2) and confirm that the key names of the two companies do not match.
[0129] If the key names of the two companies do not match, in S1405, the information processing unit 118 calculates the encryption information of the previous process company Enc(x1,K pub AdmY1 (n1)) public key K pub AdmY1 Send a change request for (n1). At this time, the argument is N AdmY1 (n1), Enc(x1,K pub AdmY1(n1)), N AdmY2 (n2) is specified.
[0130] In S1406, the key acquisition unit 216 uses the key name N within the change request AdmY1 to search for and obtain the secret key K corresponding to (n1) prv AdmY1 (n1) and the key name N AdmY2 to search for and obtain the public key K corresponding to (n2) from the key database DBK. Further, the decryption information acquisition unit 218 decrypts Enc(x1, K pub AdmY2 (n1)) with the obtained secret key K(n1) to obtain x1. Further, the encryption processing unit 220 calculates the encrypted information Enc(x1, K prv AdmY1 (n1)) using x1 and K(n2). pub AdmY1 (n1)) to obtain x1. Further, the encryption processing unit 220 uses x1 and K pub AdmY2 (n2) to calculate the encrypted information Enc(x1, K pub AdmY2 (n2)).
[0131] In S1407, the providing unit 222 transmits the encrypted information Enc(x1, K pub AdmY2 (n2)) to the trader terminal 100.
[0132] In S1408, the information operation unit 118 performs a secret calculation of adding the measured CFP value x2 of the company's own product to the obtained encrypted information Enc(x1, K pub AdmY2 (n2)) to obtain the encrypted information Enc(x1 + x2, K pub AdmY2 (n2)), and updates the multiplication / division count M AdmY2 (n2) to 0.
[0133] In S1409, the trader terminal 100 transmits the UID, CFP value x2, key name N AdmY2 (n2), encrypted CFP (Enc(x2, K pub AdmY2 (n2)), Enc(x1 + x2, K pub AdmY2 (n2))), and multiplication / division count M AdmY2Record the traceability information including (n2) in the traceability database DBT1.
[0134] In S1410, the information transmission unit 120 transmits the traceability information recorded in the traceability database DBT1 to the management server 200. After that, the product with the UID is delivered to the company in the next process.
[0135] In S1411, the management server 200 records the traceability information transmitted from the trader terminal 100 in the traceability database DBT2.
[0136] Figure 15 is a flowchart showing the details of the CFP calculation using the homomorphic encryption when the number of multiplication / division operations reaches the upper limit. Using Figure 15, the CFP calculation using the homomorphic encryption when the number of multiplication / division operations reaches the upper limit will be described. Note that the process of Figure 15 can be used in combination with the processes described in Figures 11 to 14. The trader terminal 100 of the current process company logs in to the management server 200, and the management server 200 performs login authentication to start the process.
[0137] In S1501, the UID reading unit 114 of the trader terminal 100 in the current process company reads the UID attached to the product delivered from the previous process company.
[0138] In S1502, the information acquisition unit 116 transmits a request for sending traceability information with the read UID as an argument to the management server 200.
[0139] In S1503, the information transmission unit 212 transmits the traceability information corresponding to the read UID to the information acquisition unit 116 of the trader terminal 100.
[0140] In S1504, the information calculation unit 118 checks whether the number of multiplication / division operations M AdmY (n) in the acquired traceability information exceeds the upper limit. Note that the upper limit can be specified in advance from the outside.
[0141] Number of multiplication and division operations: M AdmY If (n) exceeds the upper limit, in S1505, the information processing unit 118 of the trading terminal 100 sends the encrypted information of the upstream company Enc(x1,K pub AdmY Send a bootstrapping request for (n). At this time, the argument is N AdmY (n), Enc(x1,K pub AdmY Specify (n).
[0142] In S1506, the key acquisition unit 216 retrieves the key name N in the bootstrapping request. AdmY (n) The corresponding private key K prv AdmY (n) and public key K pub AdmY (n) is retrieved by searching the key database DBK. Furthermore, the decryption information acquisition unit 218 retrieves the private key K prv AdmY (n) Enc(x1,K pub AdmY (n)) is decrypted to obtain x1. Furthermore, the encryption processing unit 220 uses x1 and K pub AdmY Enc(x1,K) using (n) to obtain encrypted information pub AdmY Calculate (n).
[0143] In S1507, the providing unit 222 provides encrypted information Enc(x1,K pub AdmY Send (n).
[0144] In S1508, the information processing unit 118 obtains the encrypted information Enc(x1,K pub AdmY A secret computation is performed by adding the measured CFP value x2 for the company's product to (n), and the encrypted information Enc(x1+x2,K pub AdmY (n)) is obtained, and the number of multiplication and division operations M AdmY Update (n) to 0.
[0145] In S1509, the trader terminal 100 has UID, CFP value x2, key name N AdmY (n), encrypted CFP(Enc(x2,K pub AdmY (n)), Enc(x1+x2,K pub AdmY (n))), Number of multiplication and division operations M AdmY The traceability information including (n) is recorded in the traceability database DBT1.
[0146] In S1510, the information transmission unit 120 transmits the traceability information recorded in the traceability database DBT1 to the management server 200. Subsequently, the product with the UID is delivered to the next company in the process.
[0147] In S1511, the management server 200 records the traceability information transmitted from the trader terminal 100 in the traceability database DBT2.
[0148] Figure 16 is a flowchart detailing the CFP calculation using homomorphic encryption when the number of multiplication and division operations needs to be cleared. Figure 16 will be used to explain the CFP calculation using homomorphic encryption when the number of multiplication and division operations needs to be cleared. Note that the process in Figure 16 can be used in conjunction with the processes described in Figures 11 to 14. The process begins when the trading terminal 100 of the current process company logs in to the management server 200, and the management server 200 authenticates the login.
[0149] In S1601, the UID reading unit 114 of the trader terminal 100 at the current process company reads the UID attached to the product delivered from the previous process company.
[0150] In S1602, the information acquisition unit 116 sends a request to the management server 200 to send traceability information, with the UID read from the unit as an argument.
[0151] In S1603, the information transmission unit 212 transmits the traceability information corresponding to the read UID to the information acquisition unit 116 of the trader terminal 100.
[0152] In S1604, the trader of the trader terminal 100 inputs a clear request to clear the multiplication / division count M AdmY (n) in the acquired tracer information into the trader terminal 100.
[0153] In S1605, the information calculation unit 118 of the trader terminal 100 sends a bootstrapping request for the encryption information Enc(x1, K pub AdmY (n)) of the previous process company to the management server 200 based on the clear request. At this time, as arguments, N AdmY (n), Enc(x1, K pub AdmY (n)) are specified.
[0154] In S1606, the key acquisition unit 216 searches for and acquires the secret key K AdmY (n) and the public key K prv AdmY (n) corresponding to the key name N pub AdmY (n) in the bootstrapping request from the key database DBK. Further, the decryption information acquisition unit 218 decrypts Enc(x1, K prv AdmY (n)) with the acquired secret key K pub AdmY (n) to obtain x1. Further, the encryption processing unit 220 calculates the encryption information Enc(x1, K pub AdmY (n)) using x1 and K pub AdmY (n).
[0155] In S1607, the providing unit 222 sends the encryption information Enc(x1, K pub AdmY (n)) to the trader terminal 100.
[0156] In S1608, the information calculation unit 118 performs a secret calculation of adding the CFP value x2 regarding its own product measured to the acquired encryption information Enc(x1, K pub AdmY (n)), and the encryption information Enc(x1 + x2, Kpub AdmY (n)) is obtained, and the number of multiplication and division operations M AdmY Update (n) to 0.
[0157] In S1609, the trader terminal 100 contains ID, CFP value x2, and key name N. AdmY (n), encrypted CFP(Enc(x2,K pub AdmY (n)), Enc(x1+x2,K pub AdmY (n))), Number of multiplication and division operations M AdmY The traceability information including (n) is recorded in the traceability database DBT1.
[0158] In S1610, the information transmission unit 120 transmits the traceability information recorded in the traceability database DBT1 to the management server 200. Subsequently, the product with the UID is delivered to the next company in the process.
[0159] In S1611, the management server 200 records the traceability information transmitted from the trader terminal 100 in the traceability database DBT2.
[0160] Figure 17 is a flowchart detailing the processing procedures when a request for disclosure of CFP values is received from a supervisory authority or CFP management organization. Using Figure 17, we will explain the processing procedures when a request for disclosure of actual CFP values is received from a supervisory authority or CFP management organization. The process begins when the supervisory authority / CFP management organization server 300 logs in to the management server 200, and the management server 200 authenticates the login.
[0161] In S1701, the UID reading unit 312 of the supervisory authority / CFP management organization server 300 reads the UIDs assigned to products that are subject to disclosure of CFP values.
[0162] In S1702, the information acquisition unit 314 sends a request to the management server 200 to send traceability information, with the UID read from the unit as an argument.
[0163] In S1703, the information transmission unit 212 transmits the traceability information corresponding to the read UID to the information acquisition unit 314 of the supervisory authority / CFP management organization server 300.
[0164] In S1704, the dedicated key generation unit 320 of the supervisory authority / CFP management organization server 300 generates a dedicated private key K prv and public key K pub The set is created and prepared. Furthermore, the information processing unit 316 generates a dedicated public key K pub The numerical value 0 is encrypted using Enc(0,K pub ) calculate.
[0165] In S1705, the transmission request unit 322 sends a request to the management server 200 to disclose the actual value of the CFP. At this time, N is used as an argument. Adm (n), Enc(x,K pub Adm (n)), Enc(0,K pub Specify ). Note that Enc(x,K pub Adm (n)) is the encrypted CFP value to be disclosed in the retrieved traceability information.
[0166] In S1706, the key acquisition unit 216 retrieves the key name N specified as an argument. Adm (n) The corresponding private key K prv Adm (n) is retrieved by searching the key database DBK. Furthermore, the decryption information acquisition unit 218 retrieves the private key K prv Adm (n) Enc(x,K pub Adm (n)) is decrypted to obtain x. Furthermore, the encryption processing unit 220 converts x to Enc(0,K pub By a secure computation that adds ) the encrypted information Enc(x,K pub ) calculate.
[0167] In S1707, the providing unit 222 sends encrypted information Enc(x,K) to the supervisory authority / CFP management organization server 300. pub Send ).
[0168] In S1708, the information processing unit 316 calculates the encrypted information Enc(x,K pub ) with a dedicated private key K prv We use this to decode and obtain x.
[0169] Figure 18 is a flowchart detailing the processing of requests for disclosure of CFP values from entities other than regulatory authorities and CFP management organizations. Using Figure 18, we will explain the processing of requests for disclosure of actual CFP values from disclosure requesters other than regulatory authorities and CFP management organizations. Disclosure requesters other than regulatory authorities and CFP management organizations (hereinafter referred to as CFP disclosure requesters) include, for example, consumers and company employees. Processing begins when the CFP disclosure requester logs in to the management server 200 using their own terminal, and the management server 200 authenticates the login. Here, the terminal used by the CFP disclosure requester is, for example, an information processing device such as a smartphone, tablet terminal, and personal computer, and has the same configuration as the trader terminal 100. Therefore, in the following explanation, the terminal used by the CFP disclosure requester will be described as the trader server 100.
[0170] In S1801, the UID reading unit 114 of the trader terminal 100 reads the UID attached to the product whose CFP value is subject to disclosure.
[0171] In S1802, the information acquisition unit 116 sends a request to the management server 200 to send traceability information, with the UID read from the unit as an argument.
[0172] In S1803, the information transmission unit 120 transmits the traceability information corresponding to the read UID to the information acquisition unit 116 of the trader terminal 100.
[0173] In S1804, the dedicated key generation unit 122 of the trading terminal 100 generates a dedicated private key K prv and public key K pub The set is created and prepared. Furthermore, the information processing unit 118 generates a dedicated public key K pub The numerical value 0 is encrypted using Enc(0,K pub) calculate.
[0174] In S1805, the transmission request unit 124 sends a request to the management server 200 to disclose the actual value of the CFP. At this time, N is used as an argument. Adm (n), Enc(x,K pub Adm (n)), Enc(0,K pub Specify ). Note that Enc(x,K pub Adm (n)) is the encrypted CFP value to be disclosed in the retrieved traceability information.
[0175] In S1806, the management server 200 sends a message to the supervisory authority / CFP management organization server 300 informing it that a request for disclosure of CFP values has been received from the CFP disclosure requestor and asking for confirmation whether disclosure is permitted.
[0176] In S1807, the supervisory authority / CFP management organization server 300 approves or denies the disclosure request. If the disclosure request is denied, the supervisory authority / CFP management organization server 300 sends a denial message to the trader terminal 100. If the disclosure request is approved, the supervisory authority / CFP management organization server 300 sends an approval notification to the management server 200, and the flow proceeds to S1808.
[0177] In S1808, the key acquisition unit 216 retrieves the key name N specified as an argument. Adm (n) The corresponding private key K prv Adm (n) is retrieved by searching the key database DBK. Furthermore, the decryption information acquisition unit 218 retrieves the private key K prv Adm (n) Enc(x,K pub Adm (n)) is decrypted to obtain x. Furthermore, the encryption processing unit 220 converts x to Enc(0,K pub By a secure computation that adds ) the encrypted information Enc(x,K pub ) calculate.
[0178] In S1809, the providing unit 222 provides encrypted information Enc(x,K) to the trading terminal 100. pub Send ).
[0179] In S1810, the information processing unit 118 calculates the encrypted information Enc(x,K pub ) with a dedicated private key K prv Decode it using this method and obtain x.
[0180] (Other embodiments) Although several embodiments of this disclosure have been described above, this disclosure is not to be construed as being limited to the embodiments described above, and can be applied to various embodiments and combinations without departing from the spirit of this disclosure.
[0181] In the above embodiment, CFP values for each process were used as item-related information, but information on the amount of electricity or energy resources used in relation to the processing performed on the item in each process may also be used as item-related information. For example, the electricity usage information may be linked to type information indicating the power generation method, such as hydroelectric, thermal, wind, geothermal, nuclear, and solar power. Similarly, the energy resource usage information may be linked to information indicating the type of fuel, such as crude oil, coal, natural gas, and hydrogen. In addition, the amount of rare metals used or the amount of specific hazardous substances subject to regulation may also be used as item-related information.
[0182] As illustrated by the above examples, the supply chain management system 1 described herein is particularly suitable for information that is legally required to be recorded.
[0183] In the above embodiment, the functions provided by the trader terminal 100, the management server 200, and the supervisory authority / CFP management organization server 300 can also be provided by software and the hardware that executes it, software only, hardware only, or a combination thereof. When such functions are provided by electronic circuits as hardware, each function can also be provided by digital circuits including a large number of logic circuits, or by analog circuits.
[0184] This disclosure is described in accordance with the embodiments, but it is understood that this disclosure is not limited to such embodiments or structures. This disclosure also includes various modifications and variations within the equivalence. In addition, various combinations and forms, as well as other combinations and forms that include only one, more, or fewer of those elements, fall within the scope and concept of this disclosure.
Claims
1. An information processing device (200) that manages item-related information concerning items handled by multiple traders that constitute a supply chain (SC), A database (DBK) that stores multiple sets of private keys and corresponding public keys based on homomorphic encryption, each associated with a key name, An encrypted information acquisition unit (214) acquires encrypted information obtained by encrypting item-related information using a public key, and the key name of the public key used to encrypt the item-related information, from the trader's trader terminal (100). A key acquisition unit (216) that obtains a private key corresponding to the aforementioned key name from the database, A decryption information acquisition unit (218) acquires decryption information by decrypting the encrypted information using the secret key, An encryption processing unit (220) that encrypts the decrypted information and obtains re-encrypted information, It has a providing unit (222) that provides the deencrypted information encrypted by the encryption processing unit to the trader terminal, The cryptographic information acquisition unit further acquires cryptographic information from the trader's terminal, which is encrypted using a public key based on homomorphic encryption and different from the public key managed in the database. The encryption processing unit is an information processing device that acquires the re-encrypted information by secure computation using the encrypted information and the decrypted information.
2. The cryptographic information acquisition unit acquires from the trader terminal the first cryptographic information obtained by encrypting the first item-related information using the first public key and the first key name of the first public key used to encrypt the first item-related information, and the second cryptographic information obtained by encrypting the second item-related information using the second public key and the second key name of the second public key used to encrypt the second item-related information. The key acquisition unit acquires a first secret key corresponding to the first key name and a second secret key corresponding to the second key name from the database. The decryption information acquisition unit acquires first decryption information by decrypting the first encrypted information using the first secret key, and acquires second decryption information by decrypting the second encrypted information using the second secret key. The information processing apparatus according to claim 1, wherein the encryption processing unit encrypts the calculation result obtained using the first decryption information and the second decryption information to obtain the re-encrypted information.
3. The cryptographic information acquisition unit further acquires a third key name from the trader's terminal, which is different from both the first key name and the second key name. The key acquisition unit acquires the public key corresponding to the third key name from the database. The information processing apparatus according to claim 2, wherein the encryption processing unit encrypts the calculation result using a public key corresponding to the third key name to obtain the re-encrypted information.
4. The encrypted information acquisition unit acquires, from the trader's trader terminal, first encrypted information obtained by encrypting first item-related information using a first public key, the first key name of the first public key used to encrypt the first item-related information, and a third key name different from the first key name. The key acquisition unit acquires the first secret key corresponding to the first key name from the database, The decryption information acquisition unit acquires the first decryption information by decrypting the first encrypted information using the first secret key. The information processing apparatus according to claim 1, wherein the encryption processing unit encrypts the first decryption information with a public key corresponding to the third key name to obtain the re-encrypted information.
5. The key acquisition unit acquires the public key corresponding to the key name from the database, The information processing apparatus according to claim 1, wherein the encryption processing unit encrypts the decryption information using the public key to obtain the re-encrypted information.
6. The information processing apparatus according to claim 1, wherein the item-related information includes greenhouse gas emission information.
7. The information processing apparatus according to claim 1, wherein the item-related information includes usage information for each type of electricity or energy resource.
8. An information processing device (200) for managing item-related information concerning items handled by multiple traders constituting a supply chain (SC), An information processing system comprising the aforementioned trader's trader terminal (100), The aforementioned information processing device is A database (DBK) that stores multiple sets of private keys and corresponding public keys based on homomorphic encryption, each associated with a key name, An encrypted information acquisition unit (214) acquires encrypted information obtained by encrypting item-related information using a public key, and the key name of the public key used to encrypt the item-related information, from the trader's trader terminal (100). A key acquisition unit (216) that obtains a private key corresponding to the aforementioned key name from the database, A decryption information acquisition unit (218) acquires decryption information by decrypting the encrypted information using the secret key, An encryption processing unit (220) that encrypts the decrypted information and obtains re-encrypted information, It has a providing unit (222) that provides the deencrypted information encrypted by the encryption processing unit to the trader terminal, The aforementioned trader terminal is an information processing system (1) having a secure computation unit (118) that generates encrypted information by performing a secure computation using the plaintext information of the re-encrypted information and item-related information provided by the provision unit.
9. The information processing system according to claim 8, wherein the trading terminal has a code generation unit (126) that generates a code indicating the encrypted information generated by the secure computation.
10. The aforementioned trading terminal has a transmission request unit (124) that transmits a request to send encrypted information of a predetermined value to the information processing device, The aforementioned information processing device is The encryption processing unit encrypts the predetermined value to generate encrypted predetermined value information. The information processing system according to claim 8, wherein the providing unit provides the encrypted predetermined value information to the trader terminal.
11. The information processing system according to claim 10, wherein the secure calculation unit of the trader terminal generates encrypted information by secure calculation using the encrypted predetermined value information and the plaintext information of item-related information.
12. The information processing system according to claim 11, wherein the trading terminal further comprises a code generation unit (126) that generates a code indicating encrypted information obtained by the secure computation.
13. An information processing method for managing item-related information concerning items handled by multiple traders that constitute a supply chain, The steps include recording each of the private key and the corresponding public key based on homomorphic encryption in a database, associated with the key name, and The steps include obtaining encrypted information obtained by encrypting item-related information using a public key, and the key name of the public key used to encrypt the item-related information, from the trader's trader terminal, The steps include obtaining a private key corresponding to the aforementioned key name from the database, The steps include obtaining decrypted information by decrypting the encrypted information using the private key, The steps include: encrypting the decrypted information to obtain re-encrypted information, The step of providing the re-encrypted information to the trader terminal, In the step of obtaining the aforementioned encrypted information, further encrypted information is obtained from the trader's terminal, using a public key based on homomorphic encryption that is different from the public key managed in the database. The step of obtaining the re-encrypted information is an information processing method in which the re-encrypted information is obtained by secure computation using the encrypted information and the decrypted information.