Database apparatus, method, and program

The invention claimed is: 1. A database apparatus comprising: a first storage unit; a second storage unit; and a processor which executes a program and thereby comprises: a control unit configured to execute data access control on a database, the control unit receiving a database operation command from a user apparatus connected with the database apparatus through a network, and the control unit comprising, regarding data and/or metadata to be handled associated with the database operation command: a first unit configured to execute a database operation or computation on encrypted data and/or encrypted metadata while keeping the encrypted data and/or encrypted metadata as ciphertext; and a second unit configured to execute the database operation or computation on plaintext data and/or plaintext metadata; wherein the first storage unit stores: information on whether or not the metadata including table and column names stored in the database are encrypted, information on whether data stored in the database is encrypted, confidentiality information representing extent of data security, and encryption algorithm identification information corresponding ng to the confidentiality information; and wherein the second storage unit stores processing content of the database operation command, confidentiality information and encryption algorithm in association with each other, wherein the control unit sends a processing result of the database operation or computation to the user apparatus, wherein the control unit further comprises an encryption calculation unit performing au encryption at the database apparatus using a public key received from the user apparatus, wherein the control unit sends a composition result of partial computation of the computation of the database operation command in ciphertext to the user apparatus, the user apparatus, when finding that further partial computation needs to be executed on plaintext, decrypts the encrypted data to obtain plaintext data and executes partial computation on plaintext data, in the case wherein further partial computation to be executed in ciphertext remains in the computation of the database operation command, and the partial computation is allowed to be executed on ciphertext while keeping the encrypted data and/or encrypted metadata as ciphertext, the user apparatus sends ciphertext obtained by encrypting the plaintext result of the partial computation to the control unit, and using the ciphertext sent from the user apparatus, the control unit executes a remaining partial computation of the computation of the database operation command on encrypted data while keeping the encrypted data and/or encrypted metadata as ciphertext and sends the computation result of the partial computation in ciphertext to the user apparatus. 2. The database apparatus according to claim 1 , wherein, upon reception of the database operation command from the user apparatus, the control unit, when finding that such a condition is met that operation target data encrypted and stored in the database is one that acts encrypted with an encryption algorithm allowing operation or computation on encrypted data to be executed while keeping the encrypted data an of encrypted metadata ciphertext, and that the operation or computation of the database operation command is one that is allowed to be executed on ciphertext while keeping the encrypted data and/or encrypted metadata as ciphertext, performs the operation or computation on the operation target data encrypted, while keeping the encrypted data and/or encrypted metadata as ciphertext, outputs a processing result of the operation or computation in ciphertext to send the processing result to the user apparatus. 3. The database apparatus according to claim 1 , wherein at least one of the first and second storage units is the database, and the database stores the information stored in the first and/or second storage unit as a table. 4. The database apparatus according to claim 1 , wherein the control unit further comprises a cryptographic protocol processing execution unit that executes processing corresponding to the database operation command on data encrypted by an encryption algorithm corresponding to the confidentiality information, while keeping the encrypted data and/or encrypted metadata as ciphertext, based on cryptographic protocol identification information stored in the second storage unit. 5. The database apparatus according to claim 1 , wherein in a case wherein the computation operation corresponds to homomorphic computation and the encryption algorithm corresponds to homomorphic encryption, the control unit executes the computation operation on encrypted data stored in the database while keeping the encrypted data and/or encrypted metadata as ciphertext, and sends the computation result in ciphertext to the user apparatus. 6. The database apparatus according to claim 1 , wherein when finding that the operation target data encrypted and stored in the database in ciphertext is encrypted by an encryption algorithm not allowing the computation to be executed on encrypted data while keeping the encrypted data and/or encrypted metadata as ciphertext, the control unit sends the operation target data encrypted to the user apparatus, and the user apparatus decrypts the encrypted data into plaintext and executes the computation on the plaintext. 7. The database apparatus according to claim 1 , wherein the user apparatus, when encrypting column data in a table in the database, encrypts the column data using an encryption algorithm corresponding to confidentiality information set to the column data and sends the encrypted data to the control unit, and the control unit creates ciphertext table including set of a serial number and ciphertext of the column data, the database apparatus further comprising: a ciphertext table information table to manage the ciphertext table, the ciphertext table information table including a set of a table name, a column name, an encryption algorithm, and a ciphertext table name. 8. The database apparatus according to claim 1 , wherein when encrypting column data in a table in the database, encrypts the column data from the database, gets public key information from the user apparatus, and uses the encryption calculation unit to encrypt the column data, and the database apparatus creates a ciphertext table including a set of a serial number and ciphertext of the column data, and the database apparatus further comprises: a ciphertext table information table to manage the ciphertext table, the ciphertext table information table comprising a set of a table name, a column name, an encryption algorithm, and a ciphertext table name. 9. The database apparatus according to claim 7 , wherein upon reception of a database operation command to add column data from the user apparatus, the control unit adds a set of an updated serial number and ciphertext in the ciphertext table in the database. 10. The database apparatus according to claim 1 , wherein upon reception of an instruction to change confidentiality information about data stored in the database, the control unit sends encrypted data stored in the database to the nicer apparatus, the user apparatus decrypts the encrypted data into plaintext and encrypts the plaintext again using an encryption algorithm corresponding to the changed confidentiality information, and the control unit receives the re-encrypted data from the user apparatus and stores the re-encrypted data in the database. 11. A database control method, comprising: receiving a database operation command from a user apparatus, connected with a database apparatus through a