1. Field of the Invention
This invention relates to encryption devices that determine encryption strengths when information is encrypted, encryption methods and programs, and information protection systems that employ the encryption devices.
2. Description of the Related Art
Generally, the encryption strength for protecting contents (information) is predetermined by the scale of the system or a company's security policy. The encryption strength is shown as a length of key used for the encryption or the like. For example, Internet Explorer® 4.x International of Microsoft employs three lengths (strengths) of RSA (Rivest-Samir-Adleman) keys, 512, 768, and 1024 bits, as public key cryptosystem. The user is able to select one of the above-mentioned keys based on the scale of the system or the security polity to encrypt and protect the content.
Conventionally, the content delivery system has been proposed in, for example, Japanese Patent Application Publication No. 2003-78751. This conventional content delivery system stores protection policy information in a database of a content delivery server in association with each content. The protection policy information denotes conditions in protection, which is determined according to the protection strength required by the owner of the content. When the content delivery server receives a content delivery request from a client terminal, the content delivery server encrypts the content with the use of the protection policy information stored in the database in association with the requested content, and then delivers the encrypted content to the client terminal over the network.
With the above-mentioned system, the protection (encryption) is applied to each content, according to the protection strength required by the owner of the content. The content protection is not standardized in every content. The content protection becomes possible according to the owner's requirement.
According to the above-mentioned conventional system, however, it is not proposed how the owner of the content decides the protection strength of the content thereof, that is to say, how the protection policy is applied to every content. In the case where the information on the key used for the encryption is included in the protection policy information, an appropriate length of the key is selected from the limited number of the keys, for example, three keys, according to the above-mentioned common method.
With the conventional system described above, the protection strength of information (contents), namely, the encryption strength, is decided by the owner of the content or someone else subjectively. The decided protection strength (encryption strength) is not always reasonable or practicable for the information or the users who use the information. For instance, in the case where the information on a number of customers (customer information) is encrypted, it is not necessarily reasonable to set the same encryption strength in the server, which stores all the information of a number of customers and in a terminal such as PDA or the like, on which a small portion of the customer information is used, in view of the performances of the server and the PDA.