[go: nahoru, domu]

US20090193259A1 - Electronic document authenticity assurance method and electronic document disclosure system - Google Patents

Electronic document authenticity assurance method and electronic document disclosure system Download PDF

Info

Publication number
US20090193259A1
US20090193259A1 US12/416,402 US41640209A US2009193259A1 US 20090193259 A1 US20090193259 A1 US 20090193259A1 US 41640209 A US41640209 A US 41640209A US 2009193259 A1 US2009193259 A1 US 2009193259A1
Authority
US
United States
Prior art keywords
disclosure
document
constituent elements
electronic document
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/416,402
Inventor
Kunihiko Miyazaki
Mitsuru Iwamura
Tsutomu Matsumoto
Ryoichi Sasaki
Hiroshi Yoshiura
Hirokazu Aoshima
Hideo Noyama
Seiichi Susaki
Takeshi Matsuki
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Priority to US12/416,402 priority Critical patent/US20090193259A1/en
Publication of US20090193259A1 publication Critical patent/US20090193259A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present invention relates to electronic data authenticity assurance techniques.
  • Non-Patent Document 1 Electronic signature (also called digital signature) techniques have heretofore been known as techniques which perform authenticity assurance of electronic data such as electronic documents. (Refer to, for example, Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition, John Wiley & Sons, (Oct. 18, 1995), pp. 483-502 (hereinafter referred to as Non-Patent Document 1)).
  • Patent Document 1 Japanese Patent Laid-open Publication No. 2001-167086 ( FIG. 17 ) (hereinafter referred to as Patent Document 1)).
  • Non-Patent Document 2 There are also techniques which are capable of deleting a portion permitted by a signer different from an owner from a document owned by the owner to which a signature is previously affixed by the signer, and which are capable of verifying the validity of the signed document after deletion.
  • Non-Patent Document 2 Ron Steinfeld, Laurence Bull, Yuliang Zheng, Content Extraction Signatures, In International Conference on Information Security and Cryptology ICISC 2001, volume 2288 of LNCS, pp. 285-304, Berlin, 2001, Springer-Verlag, (2001) (hereinafter referred to as Non-Patent Document 2)).
  • Patent Document 1 discloses the technique of the data of each entity of a electronic document with electronic signature data, but does not disclose the technique of confirming the authenticity of the original document without altering the original electronic signature after the editing of an electronic document.
  • Non-Patent Document 2 discloses a technique capable of deleting a portion permitted by a signer from a document which is owned by an owner and has a signature affixed previously by the signer different from the owner, and also capable of confirming the validity of a signed document after deletion, but does not disclose an art suited to the information disclosure institution.
  • Non-Patent Document 2 does not disclose a technique which enables such a disclosure document creator to select whether to permit or prevent modifications by third parties.
  • the present invention provides electronic document authenticity assurance techniques and document management systems which allow approximate modifications to be applied to authenticity assurance object documents.
  • the present invention provides an electronic signature method which divides an electronic document into constituent elements and affixes an electronic signature to an arbitrary subset of a set including all the constituent elements.
  • the present invention provides an electronic signature method which divides an electronic document into constituent elements and affixes an electronic signature to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document.
  • the present invention provides an electronic signature method which divides an electronic document into constituent elements, calculates the hash values of the respective constituent elements by means of a cryptographic hash function, and affixes an electronic signature to data obtained by binding the calculated hash values together.
  • the present invention provides an electronic signature method which divides an electronic document into constituent elements, generates and binds random-numbers to the respective constituent elements, calculates the hash values of the respective random-numbered constituent elements by means of a cryptographic hash function, and affixes an electronic signature to data obtained by binding the calculated hash values together.
  • the hash function converts an arbitrary-length message into a fixed-length (short) data (called a hash value) .
  • a function having the following two natures is called a cryptographic hash function: (1) it is difficult to find an input message which provides an output having a given hash value (one-way); and (2) it is difficult to find two different input messages which provide the same hash value (collision resistant).
  • an electronic document disclosure system for information disclosure of administrative organs and the like.
  • an original document creator affixes an electronic signature to the created electronic document in accordance with an electronic signature method provided by one aspect of the present invention, and stores the obtained electronic document into a document management unit.
  • a disclosure document creator takes out a disclosure object document from the electronic documents stored in the document management unit, and creates a disclosure document in which information not to be disclosed is omitted in accordance with a method provided by one aspect of the present invention, such as personal information contained in the disclosure object document, and sends the disclosure document to a recipient unit for making the disclosure document published.
  • a recipient can verify the signature of the original document creator in accordance with a method provided by one aspect of the present invention.
  • FIG. 1 is a schematic configuration view of a network system which realizes each embodiment of the present invention.
  • FIG. 2 is a schematic configuration view of a computer which realizes an original document creator unit 102 in each embodiment of the present invention.
  • FIG. 3 is an explanatory view of the flow of creating and archiving an original document in each embodiment of the present invention.
  • FIG. 4 is an explanatory view of the flow of disclosing information in each embodiment of the present invention.
  • FIG. 5 is a view showing the flow of processing of a signature creation PG 222 according to a first embodiment.
  • FIG. 6 is a view showing the flow of processing of a disclosure document creation PG 230 according to the first embodiment.
  • FIG. 7 is a view showing the flow of processing of a disclosure document verification PG 233 according to the first embodiment.
  • FIG. 8 is a view showing the flow of processing of the signature creation PG 222 according to a second embodiment.
  • FIG. 9 is a view showing the flow of processing of the disclosure document creation PG 230 according to the second embodiment.
  • FIG. 10 is a view showing the flow of processing of the disclosure document verification PG 233 according to the second embodiment.
  • FIG. 11 is a view showing the flow of processing of the signature creation PG 222 according to a third embodiment.
  • FIG. 12 is a view showing the flow of processing of the disclosure document creation PG 230 according to the third embodiment.
  • FIG. 13 is a view showing the flow of processing of the disclosure document verification PG 233 according to the third embodiment.
  • FIG. 14 is a view showing the flow of processing of the signature creation PG 222 according to a fourth embodiment.
  • FIG. 15 is a view showing the flow of processing of the disclosure document creation PG 230 according to the fourth embodiment.
  • FIG. 16 is a view showing the flow of processing of the disclosure document verification PG 233 according to the fourth embodiment.
  • FIG. 17 is a schematic view showing the configurations of a signed original document 107 and a disclosure document 108 which are created according to the first embodiment.
  • FIG. 18 is a schematic view showing the configurations of the signed original document 107 and the disclosure document 108 which are created according to the second embodiment.
  • FIG. 19 is a schematic view showing the configurations of the signed original document 107 and the disclosure document 108 which are created according to the third embodiment.
  • FIG. 20 is a schematic view showing the configurations of the signed original document 107 and the disclosure document 108 which are created according to the fourth embodiment.
  • FIG. 21 is a view showing the flow of processing of the signature creation PG 222 according to a sixth embodiment.
  • FIG. 22 is a view showing the flow of processing of the disclosure document creation PG 230 according to the sixth embodiment.
  • FIG. 23 is a view showing the flow of processing of the disclosure document verification PG 233 according to the sixth embodiment.
  • FIG. 24 is a view showing the configuration of a public key certificate according to a seventh embodiment.
  • FIG. 1 is a schematic configuration view of a system for use in a plurality of embodiments in which the present invention is applied to an information disclosure system.
  • the present invention is applied to an information disclosure system.
  • reference will be made to an information disclosure system of an administrative organ by way of example, but the present invention can be similarly applied to information disclosure systems for organs other than administrative organs or individuals.
  • this system includes an original document creator unit 102 , a document management unit 103 , a disclosure document creator unit 104 , and a recipient unit 105 , all of which are connected to one another via a network 101 .
  • the original document creator unit 102 , the document management unit 103 and the disclosure document creator unit 104 are used by officials of an administrative organ who is on an information disclosure side, while the recipient unit 105 is used by ordinary citizens who are on an information disclosure request and verification side.
  • each of the embodiments is described taking an example where the original document creator unit 102 , the document management unit 103 and the disclosure document creator unit 104 , all of which are used by officials of an administrative organ, as well as the recipient unit 105 to be used by ordinary citizens are connected to the same network 101 .
  • the connection forms may be different from this example.
  • the original document creator unit 102 , the document management unit 103 and the disclosure document creator unit 104 which are used by officials of an administrative organ may be connected to a LAN (Local Area Network) of the administrative organ, and the LAN may be connected via a gateway server to the network 101 to which the recipient unit 105 to be used by ordinary citizens is connected.
  • This connection form is preferable in terms of information security, because the LAN of the administrative organ can be protected from attacks such as illegal access from the external network 101 , by means of a gateway server.
  • the original document creator unit 102 is used by an original document creator who is an official of the administrative organ, creates an administrative document as electronic data (an officially created document), affixes an electronic signature to the created administrative document, and after that, requests a signed administrative document to the document management unit 103 .
  • an administrative document to which an original document creator is to affix a signature is hereinafter referred to as an original document 106 .
  • the each of the following embodiments is described taking an example where the creation of the original document 106 and the affixture of a signature to the original document 106 are both performed in the original document creator unit 102 .
  • a unit used to create the original document 106 and an unit used to affix a signature to the original document 106 may be separated from each other and the original document 106 may be transferred between these units by means of the network 101 or a portable storage medium.
  • the document management unit 103 When the document management unit 103 accepts a request from the original document creator unit 102 , it archives a signed original document 107 created in the original document creator unit 102 . When the document management unit 103 accepts a request from the disclosure document creator unit 104 , it transmits to the original document creator unit 102 the signed original document 107 which is previously archived and is a disclosure object. In terms of information security, it is preferable that the document management unit 103 perform access control by performing appropriate user authentication processing and the like at the time of the acceptance of the archive request from the original document creator unit 102 and at the time of the acceptance of the disclosure object document transmission request.
  • the disclosure document creator unit 104 When the disclosure document creator unit 104 accepts an information disclosure request operated by an ordinary citizen who is a user of the recipient unit 105 , it retrieves a disclosure object document corresponding to the information disclosure request, and requests the document management unit 103 to transmit the signed original document 107 which is the disclosure object document. Next, the disclosure document creator unit 104 is operated by an operator to create a disclosure document 108 in which information which is inappropriate for disclosure in terms of protection of personal information and protection of information relative to national secrets is deleted from the information contained in the signed original document 107 received from the document management unit 103 , and the disclosure document creator unit 104 makes the created disclosure document 108 published to the recipient unit 105 .
  • the signature affixed to the original document 106 is a signature created by a related-art electronic signature technique, even in the case of “deletion of information inappropriate for disclosure”, the result is a failure in signature verification, as in the case where the original document 106 undergoes an illegal manipulation.
  • Each of the following embodiments uses a novel electronic signature technique capable of effecting signature verification even after the deletion of inappropriate information.
  • the method of disclosing the disclosure document 108 may be arbitrarily designed; for example, the disclosure document 108 may be transmitted by electronic mail or uploaded to a Web server managed by the administrative organ or another organ.
  • the method of uploading the disclosure document 108 to the Web server has the merit that not only the user of the recipient unit 105 who has made the information disclosure request, but also can read the disclosed information.
  • the disclosure document creator unit 104 carries out acceptance of an information disclosure request from an ordinary citizen, retrieval of a disclosure object document, a request to the document management unit 103 for the disclosure object document, creation of the disclosure document 108 , and disclosure of the disclosure document 108 .
  • different configurations may be adopted.
  • acceptance of an information disclosure request from an ordinary citizen, retrieval of a disclosure object document, and a request to the document management unit 103 for the disclosure object document may be carried out in a unit different from the disclosure document creator unit 104
  • creation of the disclosure document 108 and disclosure of the disclosure document 108 may be carried out in the disclosure document creator unit 104 .
  • the recipient unit 105 is used so that an ordinary citizen who is a user of the recipient unit 105 requests information disclosure from the administrative organ and verifies the authenticity of the disclosure document 108 disclosed according to the request.
  • the recipient unit 105 transmits the information necessary for identifying a disclosure object document to the disclosure document creator unit 104 and requests information disclosure.
  • the recipient unit 105 verifies whether the contents of the disclosure document 108 open to the ordinary citizen and the original document 106 are the same except a part omitted in terms of protection of information (an undisclosed part).
  • the recipient unit 105 displays or prints the disclosure document 108 open to the ordinary citizen in the state where the undisclosed part is covered with black color (hereinafter referred to as “blacked out”) so that the user is permitted to read the disclosure document 108 .
  • blacked out black color
  • each of the embodiments is described taking an example where an information disclosure request and verification of the authenticity of the disclosure document 108 are carried out in the same recipient unit 105 .
  • different configurations may be adopted.
  • an information disclosure request may be made in a unit different from the recipient unit 105
  • verification of the authenticity of the disclosure document 108 made open to the user may be carried out in the recipient unit 105 .
  • FIG. 2 is a view showing a schematic configuration of the original document creator unit 102 used in each of the following embodiments.
  • the original document creator unit 102 can be constructed with a computer 210 having a general configuration and including a CPU 201 , a RAM 202 which functions as a work area for the CPU 201 , an external storage unit 203 such as a hard disk drive unit, a reading unit 204 which reads data from a storage medium 205 having portability such as a CD-ROM and a FD, an input unit 206 such as a keyboard and a mouse, a display unit 207 such as a display, a communication unit 208 which performs communication with another unit via a network, and an interface 209 responsible for data transfer between the above-mentioned constituent elements.
  • a computer 210 having a general configuration and including a CPU 201 , a RAM 202 which functions as a work area for the CPU 201 , an external storage unit 203 such as a hard disk drive unit, a reading unit 204 which reads data from a storage medium 205 having portability such as a CD-ROM and a FD, an input unit
  • An original document creation PG (program) 221 , a signature creation PG (program) 222 and a document archive request PG (program) 223 are stored in the external storage unit 203 of the original document creator unit 102 .
  • These programs 221 , 222 and 223 are loaded into the RAM 202 , and are respectively embodied by the CPU 201 in the form of processes which are an original document creation unit 241 , a signature creation processing unit 242 and a document archive request processing unit 243 .
  • data (such as the original document 106 , the signed original document 107 and a signing secret key 211 ) which are inputs or outputs to or from these processing units 241 , 242 and 243 are stored in the external storage unit 203 .
  • the signing secret key 211 is required to be managed particularly strictly in terms of security. For this reason, the signing secret key 211 may also be stored in a unit which has tamper resistance and differs from the external storage unit 203 in which the other data are stored.
  • Each of the document management unit 103 , the disclosure document creator unit 104 and the recipient unit 105 also has the same configuration as the original document creator unit 102 .
  • a document archive PG (program) 224 and a requested document transmission PG (program) 225 as well as signed original documents requested to be archived are stored in an external storage unit of the document management unit 103 .
  • An information disclosure request acceptance PG (program) 226 , a requested document retrieval PG (program) 227 , a requested document transmission request PG (program) 228 , a disclosure portion determining PG (program) 229 , a disclosure document creation PG (program) 230 and a disclosure document opening PG (program) 231 are stored in an external storage unit of the disclosure document creator unit 104 .
  • An information disclosure request PG (program) 232 and a disclosure document verification PG (program) 233 are stored in an external storage unit of the recipient unit 105 .
  • each of the programs is stored in the external storage unit 203 in advance.
  • each of the programs may also be introduced into the external storage unit 203 or the RAM 202 via the external interface 209 through a storage medium such as an FD or a CD-ROM, or through a network such as the Internet which is a communications medium, or through a carrier wave which propagates through the network.
  • FIG. 3 is a flowchart showing an outline of the processing of creating an administrative document which is an original document and archiving the administrative document in the document management unit in each of the following embodiments.
  • an original document is created and archived
  • the titles of programs which are respectively given in parentheses in individual steps represent programs which execute the processing of the corresponding steps.
  • An original document is created (the original document creation PG 221 ).
  • a signature is generated for the created original document (the signature creation PG 222 ).
  • the signed original document is transmitted to the document management unit 103 and the document management unit 103 is requested to register the signed original document (the document archive request PG 223 ) (the processing of the document management unit 103 ).
  • the received signed original document is registered (the document archive PG 224 ).
  • FIG. 4 is a flowchart showing an outline of the processing of accepting an information disclosure request from an ordinary citizen and performing information disclosure in each of the following embodiments.
  • the titles of programs which are respectively given in parentheses in individual steps represent programs which execute the processing of the corresponding steps.
  • Information capable of specifying the range of information desired to be disclosed is transmitted in order to request the disclosure document creator unit 104 to perform information disclosure (the information disclosure request PG 232 ) (the processing of the disclosure document creator unit 104 ).
  • the signed original document requested to be disclosed is transmitted to the disclosure document creator unit 104 (the requested document transmission PG 225 ) (the processing of the disclosure document creator unit 104 ).
  • the content of the received signed original document is confirmed in accordance with a predetermined information disclosure policy to determine a portion appropriate for disclosure (the disclosure document creation PG 229 ), and a disclosure document subjected to undisclosure processing which prevents leakage of information inappropriate for disclosure such as information concerning personal information or national secrets is created (the disclosure document creation PG 230 ) , and the disclosure document is transmitted to the recipient unit 105 (the disclosure document opening PG 231 ) (the processing of the recipient unit 105 ).
  • disclosure documents are necessarily the same as original documents
  • a recipient can confirm the authenticity of a disclosure document (having the same data as the original document) by applying a known electronic signature verification technique.
  • an original document and a disclosure document are not necessarily the same.
  • original documents contain information inappropriate for disclosure (for example, information concerning the privacy of individuals or information not to be disclosed in terms of national security) , and there is a need to omit (i.e., black out) the inappropriate information from the original document to make the information undisclosed.
  • blackout i.e., blackout
  • known electronic signature techniques can only provide an “unverifiable” result, as in the case where the original document undergoes a manipulation by a third party with malicious intent.
  • the nature 2 is a condition for discriminating between an allowable appropriate modification (i.e., blackout) and other modifications.
  • the nature 3 means that information does not leak from an undisclosed portion (blacked-out portion).
  • a method which makes a disclosure document published with the information of an undisclosed portion hidden by cryptographic technology or the like (as a cryptogram) it is necessary to design the method so that the cryptogram cannot be easily deciphered.
  • the nature 4 means that even if an undisclosed portion (blacked-out portion) is inferred, the inference can be denied.
  • an original document contains the expression “the suspect “A” denied having committed the crime
  • a disclosure document contains the expression “the suspect “****” denied having committed the crime” (namely, the name of “A” which is personal information is not disclosed by an disclosure document creator) .
  • an attacker or a recipient who has seen this disclosure document infers from the context or other information that “****” means “A”, and tries verification by applying the name of A to the “****” portion. If this verification succeeds, the disclosure document is likely to be used as information which assures the inference that “****” is “A”. This is because “A” is difficult to deny in a signature method in which the probability that it is possible to find out character strings which can be successfully verifiably applied to “****” except “A” is negligibly small in practical terms.
  • the following embodiments disclose a plurality of methods which can be used as electronic document authenticity assurance techniques which satisfy the above-mentioned natures.
  • FIG. 5 is a view showing the flow of processing of the signature creation PG 222 according to the first embodiment.
  • An original document is divided into constituent elements (hereinafter referred to as blocks).
  • the original document may be defined as constituent elements on a byte-by-byte basis in order from its front, or in the case of a structured document like a document described by XML (extensible Markup Language) , its minimum constituent elements may also be used.
  • the original document is hereinafter regarded as a string of N blocks.
  • Signatures are generated for all substrings of the string of N blocks which is the original document, by using the secret key of the original document creator (2 to the N-th power of signatures are generated).
  • Data including the original document and the 2 to the N-th power of signatures corresponding to the substrings of the original document are designated as a signed original document.
  • FIG. 6 is a view showing the flow of processing of the disclosure document creation PG 230 according to the first embodiment.
  • Blocks containing information inappropriate for disclosure are retrieved from the signed original document which is the disclosure object document.
  • Data including the substrings and the signatures corresponding to the respective substrings are designated as a disclosure document.
  • the processing is brought to an end.
  • FIG. 7 is a view showing the flow of processing of the disclosure document verification PG 233 according to the first embodiment.
  • the disclosure document (including certain substrings of the original document and the signatures corresponding to the respective substrings) is verified by using a public key of the original document creator, and the result of verification is outputted.
  • the public key of the original document creator which is used for verification may be sent from the disclosure document creator unit 104 together with the disclosure document, or may be acquired as required from the original document creator unit 102 .
  • the public key can be desirably used together with a public-key credential which is issued by means of known PKI (Public-Key Infrastructure) techniques and makes it possible to reliably confirm the original document creator.
  • the processing is brought to an end.
  • the above-mentioned electronic document authenticity assurance technique (the first embodiment) satisfies the nature 1, the nature 2, the nature 3 and the nature 4.
  • the disclosure document includes the substrings of the original document and the signatures of the original document creator corresponding to the respective substrings. Accordingly, it is possible to confirm the authenticity of the disclosure document by using existing electronic signature verification techniques.
  • the nature 1 and the nature 2 are, therefore, satisfied.
  • the disclosure document does not include the blocks containing the information inappropriate for disclosure, and therefore, the nature 3 is satisfied.
  • the signature information affixed to the disclosure document is unrelated to the blocks containing the information inappropriate for disclosure; that is to say, when the signatures affixed to the disclosure document are to be generated, the blocks containing the information inappropriate for disclosure are not used, so that the nature 4 is also satisfied.
  • the first embodiment satisfies the natures desired in each of the embodiments of the present invention, but has a problem in terms of efficiency.
  • it is necessary to generate 2 to the N-th power of signatures for an original document including N blocks.
  • a far more efficient method is desired.
  • a second embodiment which is improved in efficiency will be described below. To describe how the second embodiment is realized, a detailed description will be given in connection with the signature creation PG 222 operating in the original document creator unit 102 , the disclosure document creation PG 230 operating in the disclosure document creator unit 104 , and the disclosure document verification PG 233 operating in the recipient unit 105 .
  • FIG. 8 is a view showing the flow of processing of the signature creation PG 222 according to the second embodiment.
  • Step 802 The same as Step 502 .
  • Signatures are generated for data (called blocks with position information) in which the data of each of the blocks is bound to position information indicating where each of the blocks is positioned in the original document.
  • Data including the (N-number of) data of the blocks with position information and the (N-number of) signatures for the respective blocks are designated as a signed original document.
  • the reason why the position information is bound to the data of each of the blocks is to prevent the illegal act of changing the order of the blocks.
  • the position information may make use of, for example, consecutive numbers each indicating what number block the corresponding block is, as counted from the first block. If the original document is divided into blocks on a byte-by-byte basis in order from its front, each of the consecutive numbers indicates what number byte the corresponding byte is. If the original document is a structured document described by XML (extensible Markup Language) or the like, far more appropriate information which reflects its structure may also be used as position information.
  • XML extensible Markup Language
  • FIG. 9 is a view showing the flow of processing of the disclosure document creation PG 230 according to the second embodiment.
  • Step 902 The same as Step 602 (provided that each of the blocks is a block with position information).
  • Data which include the blocks with position information except the retrieved blocks (i.e., undisclosed blocks) and signatures corresponding to the respective blocks with position information (the number of the signatures coincides with the number of the disclosed blocks) are designated as a signed original document.
  • FIG. 10 is a view showing the flow of processing of the disclosure document verification PG 233 according to the second embodiment.
  • the disclosure document (including one or a plurality of blocks with position information and signatures corresponding to the respective blocks) is verified on a block-by-block basis by using the public key of the original document creator, and when verification of all the blocks succeeds, the message “verification has succeeded” outputted; otherwise, the message “verification has failed” is outputted.
  • the disclosure document includes the substrings of the original document and the signatures of the original document creator corresponding to the respective blocks constituting the substrings. Accordingly, it is possible to confirm the authenticity of the disclosure document by repeatedly executing an existing electronic signature verification technique by the number of the blocks. The nature 1 and the nature 2 are, therefore, satisfied. In addition, the disclosure document does not include the blocks containing the information inappropriate for disclosure, and therefore, the nature 3 is satisfied. Furthermore, the signature information affixed to the disclosure document is unrelated to the blocks containing the information inappropriate for disclosure; that is to say, when the signatures affixed to the disclosure document are to be generated, the blocks containing the information inappropriate for disclosure are not used as input information, so that the nature 4 is also satisfied.
  • the second embodiment satisfies the natures desired in each of the embodiments.
  • the first embodiment needs to generate 2 to the N-th power of signatures for an original document made of N blocks, whereas the second embodiment needs only to generate N-number of signatures.
  • the third embodiment is a method to be applied to information disclosure systems which do not need the nature 4.
  • the signature creation PG 222 operating in the original document creator unit 102
  • the disclosure document creation PG 230 operating in the disclosure document creator unit 104
  • the disclosure document verification PG 233 operating in the recipient unit 105 .
  • the third embodiment makes use of a cryptographic hash function (hereinafter referred to simply as the hash function).
  • the hash function receives arbitrary-length data as its input and outputs fixed-length data, and has the characteristics that: (1) it is impossible to calculate the original input from the output (one-way) ; and (2) it is impossible to find two inputs giving the same output (collision resistant)
  • Specific known examples are SHA- 1 and MD 5 .
  • FIG. 11 is a view showing the flow of processing of the signature creation PG 222 according to the third embodiment.
  • Step 502 The same as Step 502 .
  • the hash values of the data of the respective blocks are calculated, and a signature (one signature) is generated for data obtained by binding together the calculated N hash values.
  • Step 1104 Data which include the (one) signature generated in Step 1103 and the original document are designated as a signed original document.
  • FIG. 12 is a view showing the flow of processing of the disclosure document creation PG 230 according to the third embodiment.
  • Step 602 The same as Step 602 .
  • Data which include the hash values of the respective retrieved blocks, the remaining blocks except the blocks, and the signature are designated as a disclosed document (i.e., as to the retrieved blocks (corresponding to undisclosed blocks), not the blocks themselves but their hash values are used, and as to the remaining blocks (corresponding to disclosed blocks), the blocks themselves are used).
  • the processing is brought to an end.
  • FIG. 13 is a view showing the flow of processing of the disclosure document verification PG 233 according to the third embodiment.
  • the hash values of blocks are calculated to which the original data themselves (not hash values) are given in the disclosure document (which includes the hash value or values of one or a plurality of blocks, the one or the plurality of blocks, and a signature).
  • Step 1303 Data obtained by binding together the hash values (a total of N hash values) calculated in Step 1302 or contained in the disclosure document are verified by using a public key of the original document creator, and the result of verification is outputted.
  • position information which specifies the position of each of the block may be used as in the case of the second embodiment. If position information is used, it becomes easy to determine the order in which the hash values are bound together in Step 1303 .
  • the disclosure document includes blocks themselves which are disclosable blocks of the original document, the hash value of a block which is a block inappropriate for disclosure, and the signature of the original document creator that is affixed to data obtained by binding together the hash values of the respective blocks of the original document. Accordingly, if a recipient calculates the hash values of the blocks which are disclosed themselves, binds these hash values to the disclosed hash values of the blocks whose hash values are disclosed, and performs signature verification by using this bound value as signature object data, the recipient can confirm the authenticity of the disclosure document. The nature 1 is, therefore, satisfied.
  • the third embodiment satisfies the nature 1 and the nature 3 but not the nature 4, among the above-mentioned desired natures.
  • the third embodiment is superior to the second embodiment because one signature needs only to be generated for the original document including N blocks.
  • a fourth embodiment which incorporates the third embodiment improved to satisfy the nature 4 will be described below. A detailed description will be given in connection with the signature creation PG 222 operating in the original document creator unit 102 , the disclosure document creation PG 230 operating in the disclosure document creator unit 104 , and the disclosure document verification PG 233 operating in the recipient unit 105 .
  • FIG. 14 is a view showing the flow of processing of the signature creation PG 222 according to the fourth embodiment.
  • Step 1402 The same as Step 502 .
  • Random numbers are generated for the respective blocks (a total of N random numbers are generated).
  • Data (called random-numbered blocks) in which the data of the respective N blocks and the random numbers generated for the respective N blocks are bound together are generated for the respective N blocks.
  • the hash values of the respective random-numbered blocks are calculated and a signature (one signature) is generated for data obtained by binding together the calculated N hash values.
  • Step 1406 Data which include the (one) signature generated in Step 1405 and the N random-numbered blocks are designated as a signed original document.
  • FIG. 15 is a view showing the flow of processing of the disclosure document creation PG 230 according to the fourth embodiment.
  • Step 1502 The same as Step 602 (provided that each of the blocks is a random-numbered block).
  • Data which include the hash values of the retrieved random-numbered blocks, the remaining random-numbered blocks except the retrieved ones, and the signature are designated as a disclosure document (i.e., as to the retrieved random-numbered blocks (corresponding to undisclosed blocks), not the random-numbered blocks themselves but the hash values are used, while as to the remaining random-numbered blocks (corresponding to disclosed blocks), the random-numbered blocks themselves are used).
  • the processing is brought to an end.
  • FIG. 16 is a view showing the flow of processing of the disclosure document verification PG 233 according to the fourth embodiment.
  • Step 1602 The same as Step 1302 (provided that each of the blocks is a random-numbered block).
  • Step 1603 The same as Step 1303 .
  • position information which specifies the position of each of the blocks may be used as in the case of the second embodiment. If position information is used, it becomes easy to determine the order in which the hash values are bound together in Step 1603 .
  • the above-mentioned electronic document authenticity assurance technique (the fourth embodiment) is described, which satisfies the nature 1, the nature 3 and the nature 4.
  • the fourth embodiment is similar to the third embodiment.
  • an attacker who has inferred a block inappropriate for disclosure from the context or the like cannot easily find examine whether his/her inference is correct, by comparing the hash values. This is because even if the information of the inferred block is correct, the hash values do not coincide if random numbers to be bound together are not correct.
  • the fourth embodiment since the random numbers are generated independently of the context, the inference of the random numbers is extremely difficult, and is impossible in practical terms. Accordingly, the fourth embodiment also satisfies the nature 4.
  • the fourth embodiment satisfies the desired natures.
  • the first embodiment needs to generate 2 to the N-th power of signatures and the second embodiment needs to generate N-number of signatures, whereas the fourth embodiment needs only to generate one signature. Accordingly, the fourth embodiment is superior to the first and second embodiments.
  • a function called a message commitment scheme may be used instead of the hash function used in the above-mentioned fourth embodiment.
  • the message commitment scheme is a function which calculates a value called a commit with respect to a message and which has two natures: hiding (it is remarkably difficult to acquire information on the original message from commit) and binding (it is remarkably difficult to find out a message different from the original inputted message coincident with a given commit) (when the original message is given, it is possible to easily confirm whether the original message corresponds to commit).
  • One example of the message commitment scheme is disclosed in S. Halevi and S. Micali, “Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing”, In CRYPTO′ 96, LNCS 1109, Springer-Verlag, Berlin, 1996.
  • the message commitment scheme disclosed in the above-mentioned document is configured by a combination of hash functions, so that as compared with the case where a hash function is used independently, the message commitment scheme requires a large processing load but is superior in that the information of the original message is information theoretically hidden.
  • FIGS. 17 to 20 are, respectively, schematic views of the structures of the signed original documents 107 and the disclosure documents 108 which are created in accordance with the respective first to fourth embodiments (in each example, the number of blocks is five and the third block is an undisclosed block).
  • the disclosure documents created according to the respective second to fourth embodiments can be subjected to additional blackout.
  • a recipient or another entity that has acquired the disclosure document can additionally black out blocks except the blocks deleted (blacked out) by the disclosure document creator that are contained in the disclosure document. This nature is in some cases considered undesirable in particular situations.
  • a dishonest person can delete, i.e., additionally blacks out, information inconvenient for the dishonest person, which is contained in the disclosure document, and send the altered document to the recipient unit 105 .
  • the recipient cannot discriminate between the original disclosure document and the disclosure document additionally blacked out by the dishonest person (i.e., the recipient can confirm that either of the disclosure documents is part of the original document) , so that, from the recipient, it cannot be said that the above-mentioned nature is desirable for the original purpose of information disclosure.
  • nature 5 A new nature desired to be incorporated into electronic document authenticity assurance techniques is hereinafter referred to as nature 5 (it is possible to prevent additional blackout of a disclosure document), and a fifth embodiment which is improved to satisfy this nature 5 as well will be described below.
  • the fifth embodiment is described taking an example based on the electronic document authenticity assurance technique described above as the fourth embodiment.
  • the fifth embodiment is not limited to this configuration, and may also have a configuration based on other electronic document authenticity assurance techniques.
  • a signing secret key of a disclosure document creator is previously stored in the external storage device of the disclosure document creator unit 104 .
  • a signature verifying public key which is paired with the signing secret key can be acquired by a recipient, for example, on a Web server.
  • the processing performed in the original document creator unit 102 is basically the same as the fourth embodiment.
  • Step 1503 described previously in the flow of processing, shown in FIG. 15 , of the disclosure document creation PG 230 according to the fourth embodiment is modified as follows.
  • the signature of the disclosure document creator is affixed to data which include the hash values of the retrieved random-numbered blocks, the remaining random-numbered blocks except the retrieved ones, and the signature, by using the signing secret key of the disclosure document creator, and the signed disclosure document is designated as a disclosure document (i.e., a disclosure document which includes the disclosure document created in the fourth embodiment and the signature affixed thereto by the disclosure document creator is designated as a disclosure document according to the fifth embodiment).
  • Step 1602 described previously in the flow of processing, shown in FIG. 16 , of the disclosure document verification PG 233 according to the fourth embodiment is modified as follows.
  • Step 1602 (modified): The signature of the disclosure document creator which has been affixed to the disclosure document is verified by using a public key which verifies the signature of the disclosure document creator. When verification succeeds, the same processing as Step 1302 (provided that each of the blocks is a random-numbered block) is performed, whereas when verification fails, the disclosure document is regarded as illegal, and the processing is brought to an end.
  • the signature of the disclosure document creator is affixed to the disclosure document created in the disclosure document creator unit 104 . Accordingly, if any user other than the disclosure document creator additionally blacks out the disclosure document, the fifth embodiment fails in verifying the signature of the disclosure document creator, whereby it is possible to prevent additional blackout.
  • nature 6 Another new nature which provides another countermeasure against additional blackout is hereinafter referred to as nature 6 (a disclosure document creator can select whether to allow or prevent additional blackout of a disclosure document), and a sixth embodiment which is improved to satisfy this nature 6 as well will be described below.
  • the fifth embodiment is intended to prevent additional blackout from being applied to the entire disclosure document, but there are considered to be situations where the disclosure document creator of a disclosure document desires to prevent additional blackout of a certain portion of the disclosure document, but desires to allow additional blackout of another certain portion of the same.
  • the sixth embodiment there is an electronic document authenticity assurance technique which enables a disclosure document creator to select whether to allow or prevent this additional blackout.
  • the nature 6 is satisfied, the nature 5 is also satisfied, because a disclosure document creator can prevent additional blackout from being applied to the disclosure document, by setting the sixth embodiment to prevent additional blackout from being applied to the entire disclosure document.
  • FIG. 21 is a view showing the flow of processing of the signature creation PG 222 according to the sixth embodiment.
  • Step 502 The same as Step 502 .
  • Random numbers are generated for the respective blocks. These blocks are called “black blocks”. (A total of N black numbers are generated).
  • Step 2104 The same as Step 1403 (provided that the random numbers generated in Step 2104 are generated independently of the random numbers generated as the black blocks in Step 2103 ).
  • Step 1404 The same as Step 1404 .
  • Two pieces of data relative to each of the N blocks i.e., the corresponding one of the random-numbered blocks created in Step 2105 and the corresponding one of the black blocks created in Step 2103 , are inputted into a signing two-input one-way function, and the output data from the signing two-input one-way function are acquired.
  • a signature one signature is generated for data in which the output data (N pieces) are bound together.
  • the signing two-input one-way function is a function which satisfies the following conditions and is known to the entire system. Namely, the signing two-input one-way function is a function which outputs one value (C) with respect to two input values (A and B) , and satisfies the following conditions:
  • Step 2107 Data which include the (one) signature generated in Step 2106 , the N random-numbered blocks and the N black blocks are designated as a signed original document.
  • FIG. 22 is a view showing the flow of processing of the disclosure document creation PG 230 according to the sixth embodiment.
  • Blocks containing information inappropriate for disclosure are retrieved from the signed original document which is the disclosure object document.
  • Data are designated as a disclosure document, which include data configured by using black blocks as blocks inappropriate for disclosure, random-numbered blocks as blocks to be disclosed and to be prevented from being additionally blacked out, and black blocks and random-numbered blocks as blocks to be disclosed and to be allowed to be additionally blacked out, as well as the signature.
  • FIG. 23 is a view showing the flow of processing of the disclosure document verification PG 233 according to the sixth embodiment.
  • Each of the blocks contained in the disclosure document (including the black blocks, the random-numbered blocks and the signature) is inputted to a verifying function corresponding to the signing two-input one-way function, and an output is provided from the verifying function.
  • a verifying function corresponding to the signing two-input one-way function
  • an output is provided from the verifying function.
  • Step 2302 Data obtained by binding together the output data (N pieces) calculated in Step 2302 are verified by using the public key of the original document creator, and the result of verification is outputted.
  • the recipient who has received the disclosure document created in accordance with the disclosure document creation PG 230 cannot black out the blocks that have been determined, by the original document creator, to be prevented from being additionally blacked out. This is because the recipient cannot acquire black blocks corresponding to those blocks.
  • Inputs are the input value A′ or B′ and an auxiliary input P′ .
  • a straight light L passing through two points (1, h(A′)) or (2, h(B′)) and (3, P′) is found. Then, a point (0, Q′ ) whose x coordinate on the straight line L is 0 is found, and Q′ and P′ are outputted.
  • the values of the x coordinate may differ from 0, 1, 2 and 3 if they are values common to the system.
  • h(A) and h(B) are found, and data obtained by binding together these hash values are outputted (h is a hash function).
  • h(A) and h(B) are used for verification, h(A) and h(B) are incorporated into the disclosure document as auxiliary data in Step 2107 .
  • Inputs are the input value A′ or B′ and auxiliary inputs h(A′) and h(B′). If A′ is inputted, h(A′) is calculated, and h(A′) and h(B′) are outputted. If B′ is inputted, h(B′) is calculated, and h(B′) and h(A′) are outputted.
  • the sixth embodiment is particularly effective in the case where a plurality of disclosure document creator units 104 are connected to the network 101 and documents are circulated among the disclosure document creator units 104 .
  • a plurality of disclosure document creator units 104 are connected to the network 101 and documents are circulated among the disclosure document creator units 104 .
  • an original document creator X desires to make a decision as to whether to allow disclosure of the information in the area A
  • an original document creator Y desires to make a decision as to whether to allow disclosure of the information in the area B.
  • the disclosure document creator X who has received the original document determines whether to allow disclosure of each block contained in the area A, and sets a portion to be disclosed, as a block to be disclosed and to be prevented from being additionally blacked out, and blacks out a portion not to be disclosed.
  • the disclosure document creator X sets each block contained in the area B as a block to be disclosed and to be allowed to be additionally blacked out.
  • the disclosure document creator Y who has received the disclosure document which is set in this manner (disclosed to Y by X) determines whether each block contained in the area B is allowed to be disclosed, and sets a portion to be disclosed, as a block to be disclosed and to be prevented from being additionally blacked out, and blacks out a portion not to be disclosed. This document is designated as a final disclosure document (to be disclosed to a recipient). At this time, since each block contained in the area A is set to be prevented from being additionally blacked out, the disclosure document creator Y cannot perform any act that is beyond the limits of his/her original authority, such as (unduly) blacking out the information of the area A.
  • the disclosure document creator Y may take measures such as interrupting the processing or demanding that the disclosure document creator X again perform the processing of creating the disclosure document.
  • FIG. 24 is a view schematically showing the structure of a public key certificate to be issued in the PKI (Public-key Infrastructure).
  • the public key certificate is data to be made widely open to the public for the purpose of making the owner of the public key clear, and includes a basic field 2410 , an extension field 2420 and a signature 2430 of an authority.
  • the basic field 2410 includes information such as version information 2411 , a serial number 2412 , a signature algorithm 2413 , a validity period 2414 , an issuer 2415 , an owner 2416 , and a public key 2417 .
  • the extension field 2420 includes, for example, a family name 2421 , a personal name 2422 , a date of birth 2423 , sex 2424 , an address 2425 , and certificate policy information 2426 .
  • the public key certificate may include information related to privacy.
  • the family name 2421 , the personal name 2422 , the date of birth 2423 , the sex 2424 and the address 2425 included in the extension field 2420 may be information related to privacy.
  • the fact that these items of information are included in the public key certificate has the advantage that it is possible to explain to a third party that the information (for example, the data of birth 2423 ) is correct.
  • the public key certificate it is possible to issue the public key certificate while hiding any of the items of information included in the extension field 2420 (the family name 2421 , the personal name 2422 , the date of birth 2423 , the sex 2424 and the address 2425 ).
  • the authority When the authority is to affix the signature to the public key certificate, the authority divides the public key certificate into six blocks, i.e., the basic field 2410 , the family name 2421 , the personal name 2422 , the date of birth 2423 , the sex 2424 and the address 2425 , and generates the electronic signature of the authority in accordance with any of the flows of processing of the signature creation PG 222 mentioned above in the descriptions of the first to sixth embodiments.
  • the resultant data corresponding to any of the original documents according to the first to sixth embodiments is designated as the public key certificate.
  • the owner who has acquired the issued public key certificate desires to show the validity of the public key while hiding, for example, the date of birth
  • the owner needs only to black out the block of the date of birth 2423 in accordance with any of the flows of processing of the disclosure document creation PG 230 mentioned above in the descriptions of the first to sixth embodiments.
  • the processing of the authority for example, confirmation of identity
  • the processing of the authority for example, distribution of public key certificates
  • the processing of the authority for example, distribution of public key certificates
  • the present invention can also be applied to the issue of a single public key certificate corresponding to a plurality of public keys. This method will be described below as an eighth embodiment.
  • a public key certificate can be issued to a plurality of public keys at a time, processing, such as confirmation of identity, which is executed by an authority can be efficiently performed at a time.
  • the issue of a single public key certificate corresponding to a plurality of public keys may be performed as follows.
  • the authority first provides N fields (each corresponding to the public key 2417 ) in which to fill in the respective public keys, and divides the public key certificate into a total of N+1 blocks for the N fields for public keys and another field, and generates an electronic signature of the authority in accordance with any of the flows of processing of the signature creation PG 222 mentioned above in the descriptions of the first to sixth embodiments.
  • the owner who has acquired the issued public key certificate blacks out the N public keys except, for example, the first public key in accordance with any of the flows of processing of the disclosure document creation PG 230 mentioned above in the descriptions of the first to sixth embodiments, and obtains data corresponding to a disclosure document according to any of the first to sixth embodiments, as a public key certificate for the first public key.
  • the owner desires to update his/her public key (namely, when the owner desires to use another public key as his/her public key)
  • the owner may select one public key which has never been used, and black out the other public keys (including the public key which has so far been used) .
  • the authority does not need to newly issue a public key certificate.
  • a public key certificate is divided into a total of N+1 blocks for N fields for public keys and another field, but different configurations may also be adopted.
  • the other field may also be subdivided into a plurality of blocks.
  • the eighth embodiment may also be combined with the sixth embodiment.
  • Each of the first to eighth embodiments is described taking examples in which electronic document authenticity assurance techniques are configured on the basis of electronic signature techniques, but different configurations may also be adopted.
  • an original document creator may deposit an original document (or its hash values or the like) in a unit of the third-party organ in advance, and a recipient may inquire the unit of the third-party organ about the authenticity of a disclosure document.
  • a signature object namely, the data of a signed original document except a signature
  • each of the methods of the first to fourth embodiments may be deposited in the unit of the third-party organ.
  • each of the first to eighth embodiments is described taking the case in which an original document has a configuration in which blocks as constituent elements are arranged sequentially, but different configurations may also be adopted.
  • a hierarchical relationship can be considered to exist between each element. Namely, in the case where the area defined between the start tag and the end tag of an element name “B” is contained in the area between the start tag and the end tag of an element name “A”, “A” can be regarded as a common element of “B”.
  • electronic document authenticity assurance techniques may be designed according to the hierarchical structure.
  • serial numbers are assigned to individual blocks as position information indicating the positions of the respective blocks in the document, but unlike this method, information indicating positions in a hierarchical structure may also be used.
  • information indicating positions in a hierarchical structure may also be used.
  • position information may be expressed by the elements of a set whose appropriate partial order is defined.
  • Each of the first to eighth embodiments is described taking an example in which an original document is divided into constituent elements having no mutually common portions (Step 502 ) to perform signal generation, but the original document may also be divided into constituent elements having mutually common portions. Even in this case, it is possible to apply any of the above-mentioned first to fourth embodiments.
  • each of the first to sixth embodiments states that an undisclosed portion is blacked out, that is to say, disclosed in a state covered with black color, undisclosure processing may also be performed with other methods.
  • the invention can also be applied not only to electronic documents, but more generally to digital data such as image data, video data and audio data.
  • digital data such as image data, video data and audio data.
  • the setting of blocks may be appropriately performed according to the structure of digital data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Document Processing Apparatus (AREA)
  • Collating Specific Patterns (AREA)

Abstract

An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together.

Description

    INCORPORATION BY REFERENCE
  • This application claims priority based on Japanese patent applications, No. 2004-007458 filed on Jan. 15, 2004 and No. 2003-196860 filed on Jul. 15, 2003, the entire contents of which are incorporated herein by reference.
  • BACKGROUND OF THE INVENTION
  • The present invention relates to electronic data authenticity assurance techniques.
  • Electronic signature (also called digital signature) techniques have heretofore been known as techniques which perform authenticity assurance of electronic data such as electronic documents. (Refer to, for example, Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition, John Wiley & Sons, (Oct. 18, 1995), pp. 483-502 (hereinafter referred to as Non-Patent Document 1)).
  • There are also techniques which take out individual entities of a structured electronic document as accessible and editable structured documents. (Refer to, for example, Japanese Patent Laid-open Publication No. 2001-167086 (FIG. 17) (hereinafter referred to as Patent Document 1)).
  • There are also techniques which are capable of deleting a portion permitted by a signer different from an owner from a document owned by the owner to which a signature is previously affixed by the signer, and which are capable of verifying the validity of the signed document after deletion. (Refer to, for example, Ron Steinfeld, Laurence Bull, Yuliang Zheng, Content Extraction Signatures, In International Conference on Information Security and Cryptology ICISC 2001, volume 2288 of LNCS, pp. 285-304, Berlin, 2001, Springer-Verlag, (2001) (hereinafter referred to as Non-Patent Document 2)).
  • SUMMARY OF THE INVENTION
  • The current electronic signature techniques which are important techniques supporting the security of electronic documents are designed to detect even 1-bit modifications to electronic documents. This nature is very useful in the sense of protection of electronic documents from modifications by dishonest persons. However, from the point of view of effective use of electronic documents, the nature is an obstacle because no modification at all is permitted.
  • A situation which plainly shows this problem is information disclosure in administrative organs and the like. For example, the following form of use of electronic signatures can be supposed.
  • Namely, in administrative organs, documents officially created by officials (administrative documents) are archived with electronic signatures affixed in order to make creators clear and to prevent alterations. When those documents are to be disclosed on the basis of the Freedom of Information Law, the personal information and the national security information described in the documents to be disclosed are made partially undisclosed by processing such as deletion or blackout.
  • However, none of the relate-art electronic signature techniques is capable of confirming the authenticity of a document disclosed in accordance with the above-mentioned series of procedures, namely, who the document creator is and whether the disclosed document is the same as the original created document. This is because part of the document is deleted in the process of information disclosure. From the point of view that a certain modification is applied to the document, it makes no difference whether the deletion is merely a malicious alteration or personal information is duly deleted for protection of privacy information. In consequence, two important security requirements, i.e., “authenticity assurance of disclosed document” and “protection of privacy information”, cannot be compatibly realized with the use of the related-art electronic signature techniques, so that either of them must be abandoned.
  • When it is considered that an information disclosure institution is for establishing accountability of administrative organs, it is desirable that the identity of a disclosure document to the original administrative document can be verified even from a disclosure document in which personal information or the like is deleted from the original document.
  • The art described in Patent Document 1 discloses the technique of the data of each entity of a electronic document with electronic signature data, but does not disclose the technique of confirming the authenticity of the original document without altering the original electronic signature after the editing of an electronic document.
  • Therefore, it has been desired to develop electronic document authenticity assurance techniques which allow appropriate modifications to be applied to authenticity assurance object documents, that is to say, techniques which are capable of confirming the authenticity of the original document without altering the original electronic signature after the editing of an electronic document.
  • The art described in Non-Patent Document 2 discloses a technique capable of deleting a portion permitted by a signer from a document which is owned by an owner and has a signature affixed previously by the signer different from the owner, and also capable of confirming the validity of a signed document after deletion, but does not disclose an art suited to the information disclosure institution.
  • For example, in the case of information disclosure, it is desired that a disclosure document creator different from a signer determine a disclosure portion of an original document which has been created by the signer or whose content has been confirmed by the signer, and delete information as to a portion inappropriate for disclosure. Furthermore, as to a portion to be disclosed, it is desired that the disclosure document creator disclose its information in the state where further deletions by third parties can be allowed or prevented, according to the content of the portion to be disclosed. However, Non-Patent Document 2 does not disclose a technique which enables such a disclosure document creator to select whether to permit or prevent modifications by third parties.
  • Therefore, it is desired to develop information disclosure methods and information disclosure systems which meet the requirements and the form of use of documents which are authenticity assurance object documents subjected to appropriate modifications.
  • The present invention provides electronic document authenticity assurance techniques and document management systems which allow approximate modifications to be applied to authenticity assurance object documents.
  • In one aspect, the present invention provides an electronic signature method which divides an electronic document into constituent elements and affixes an electronic signature to an arbitrary subset of a set including all the constituent elements.
  • In another aspect, the present invention provides an electronic signature method which divides an electronic document into constituent elements and affixes an electronic signature to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document.
  • In another aspect, the present invention provides an electronic signature method which divides an electronic document into constituent elements, calculates the hash values of the respective constituent elements by means of a cryptographic hash function, and affixes an electronic signature to data obtained by binding the calculated hash values together.
  • In another aspect, the present invention provides an electronic signature method which divides an electronic document into constituent elements, generates and binds random-numbers to the respective constituent elements, calculates the hash values of the respective random-numbered constituent elements by means of a cryptographic hash function, and affixes an electronic signature to data obtained by binding the calculated hash values together. Incidentally, the hash function converts an arbitrary-length message into a fixed-length (short) data (called a hash value) . Among hash functions, a function having the following two natures is called a cryptographic hash function: (1) it is difficult to find an input message which provides an output having a given hash value (one-way); and (2) it is difficult to find two different input messages which provide the same hash value (collision resistant).
  • According to one aspect of the present invention, there is provided an electronic document disclosure system for information disclosure of administrative organs and the like. At the time of creation of an original electronic document, an original document creator affixes an electronic signature to the created electronic document in accordance with an electronic signature method provided by one aspect of the present invention, and stores the obtained electronic document into a document management unit. At the time of acceptance of an information disclosure request, a disclosure document creator takes out a disclosure object document from the electronic documents stored in the document management unit, and creates a disclosure document in which information not to be disclosed is omitted in accordance with a method provided by one aspect of the present invention, such as personal information contained in the disclosure object document, and sends the disclosure document to a recipient unit for making the disclosure document published. At the time of reception of the disclosure document which has been published, a recipient can verify the signature of the original document creator in accordance with a method provided by one aspect of the present invention.
  • According to the present invention, there is provided authenticity assurance of electronic documents which enables the authenticity of electronic documents to be verified even after partial information has been deleted. In addition, there is provided an information disclosure system capable of assuring the secrecy of important information such as personal information and the authenticity of disclosure documents.
  • These and other benefits are described throughout the present specification. A further understanding of the nature and advantages of the invention may be realized by reference to the remaining portions of the specification and the attached drawings.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a schematic configuration view of a network system which realizes each embodiment of the present invention.
  • FIG. 2 is a schematic configuration view of a computer which realizes an original document creator unit 102 in each embodiment of the present invention.
  • FIG. 3 is an explanatory view of the flow of creating and archiving an original document in each embodiment of the present invention.
  • FIG. 4 is an explanatory view of the flow of disclosing information in each embodiment of the present invention.
  • FIG. 5 is a view showing the flow of processing of a signature creation PG 222 according to a first embodiment.
  • FIG. 6 is a view showing the flow of processing of a disclosure document creation PG 230 according to the first embodiment.
  • FIG. 7 is a view showing the flow of processing of a disclosure document verification PG 233 according to the first embodiment.
  • FIG. 8 is a view showing the flow of processing of the signature creation PG 222 according to a second embodiment.
  • FIG. 9 is a view showing the flow of processing of the disclosure document creation PG 230 according to the second embodiment.
  • FIG. 10 is a view showing the flow of processing of the disclosure document verification PG 233 according to the second embodiment.
  • FIG. 11 is a view showing the flow of processing of the signature creation PG 222 according to a third embodiment.
  • FIG. 12 is a view showing the flow of processing of the disclosure document creation PG 230 according to the third embodiment.
  • FIG. 13 is a view showing the flow of processing of the disclosure document verification PG 233 according to the third embodiment.
  • FIG. 14 is a view showing the flow of processing of the signature creation PG 222 according to a fourth embodiment.
  • FIG. 15 is a view showing the flow of processing of the disclosure document creation PG 230 according to the fourth embodiment.
  • FIG. 16 is a view showing the flow of processing of the disclosure document verification PG 233 according to the fourth embodiment.
  • FIG. 17 is a schematic view showing the configurations of a signed original document 107 and a disclosure document 108 which are created according to the first embodiment.
  • FIG. 18 is a schematic view showing the configurations of the signed original document 107 and the disclosure document 108 which are created according to the second embodiment.
  • FIG. 19 is a schematic view showing the configurations of the signed original document 107 and the disclosure document 108 which are created according to the third embodiment.
  • FIG. 20 is a schematic view showing the configurations of the signed original document 107 and the disclosure document 108 which are created according to the fourth embodiment.
  • FIG. 21 is a view showing the flow of processing of the signature creation PG 222 according to a sixth embodiment.
  • FIG. 22 is a view showing the flow of processing of the disclosure document creation PG 230 according to the sixth embodiment.
  • FIG. 23 is a view showing the flow of processing of the disclosure document verification PG 233 according to the sixth embodiment.
  • FIG. 24 is a view showing the configuration of a public key certificate according to a seventh embodiment.
  • DETAILED DESCRIPTION OF THE EMBODIMENTS
  • FIG. 1 is a schematic configuration view of a system for use in a plurality of embodiments in which the present invention is applied to an information disclosure system. In the following description, reference will be made to an information disclosure system of an administrative organ by way of example, but the present invention can be similarly applied to information disclosure systems for organs other than administrative organs or individuals.
  • As shown in the figure, this system includes an original document creator unit 102, a document management unit 103, a disclosure document creator unit 104, and a recipient unit 105, all of which are connected to one another via a network 101. The original document creator unit 102, the document management unit 103 and the disclosure document creator unit 104 are used by officials of an administrative organ who is on an information disclosure side, while the recipient unit 105 is used by ordinary citizens who are on an information disclosure request and verification side.
  • In the following description, each of the embodiments is described taking an example where the original document creator unit 102, the document management unit 103 and the disclosure document creator unit 104, all of which are used by officials of an administrative organ, as well as the recipient unit 105 to be used by ordinary citizens are connected to the same network 101. However, the connection forms may be different from this example. For example, the original document creator unit 102, the document management unit 103 and the disclosure document creator unit 104 which are used by officials of an administrative organ may be connected to a LAN (Local Area Network) of the administrative organ, and the LAN may be connected via a gateway server to the network 101 to which the recipient unit 105 to be used by ordinary citizens is connected. This connection form is preferable in terms of information security, because the LAN of the administrative organ can be protected from attacks such as illegal access from the external network 101, by means of a gateway server.
  • The original document creator unit 102 is used by an original document creator who is an official of the administrative organ, creates an administrative document as electronic data (an officially created document), affixes an electronic signature to the created administrative document, and after that, requests a signed administrative document to the document management unit 103. In the following description of each of the embodiments, an administrative document to which an original document creator is to affix a signature is hereinafter referred to as an original document 106. In addition, the each of the following embodiments is described taking an example where the creation of the original document 106 and the affixture of a signature to the original document 106 are both performed in the original document creator unit 102. Unlike this example, a unit used to create the original document 106 and an unit used to affix a signature to the original document 106 may be separated from each other and the original document 106 may be transferred between these units by means of the network 101 or a portable storage medium.
  • When the document management unit 103 accepts a request from the original document creator unit 102, it archives a signed original document 107 created in the original document creator unit 102. When the document management unit 103 accepts a request from the disclosure document creator unit 104, it transmits to the original document creator unit 102 the signed original document 107 which is previously archived and is a disclosure object. In terms of information security, it is preferable that the document management unit 103 perform access control by performing appropriate user authentication processing and the like at the time of the acceptance of the archive request from the original document creator unit 102 and at the time of the acceptance of the disclosure object document transmission request.
  • When the disclosure document creator unit 104 accepts an information disclosure request operated by an ordinary citizen who is a user of the recipient unit 105, it retrieves a disclosure object document corresponding to the information disclosure request, and requests the document management unit 103 to transmit the signed original document 107 which is the disclosure object document. Next, the disclosure document creator unit 104 is operated by an operator to create a disclosure document 108 in which information which is inappropriate for disclosure in terms of protection of personal information and protection of information relative to national secrets is deleted from the information contained in the signed original document 107 received from the document management unit 103, and the disclosure document creator unit 104 makes the created disclosure document 108 published to the recipient unit 105.
  • At this time, if the signature affixed to the original document 106 is a signature created by a related-art electronic signature technique, even in the case of “deletion of information inappropriate for disclosure”, the result is a failure in signature verification, as in the case where the original document 106 undergoes an illegal manipulation. Each of the following embodiments uses a novel electronic signature technique capable of effecting signature verification even after the deletion of inappropriate information.
  • The method of disclosing the disclosure document 108 may be arbitrarily designed; for example, the disclosure document 108 may be transmitted by electronic mail or uploaded to a Web server managed by the administrative organ or another organ. The method of uploading the disclosure document 108 to the Web server has the merit that not only the user of the recipient unit 105 who has made the information disclosure request, but also can read the disclosed information.
  • Each of the embodiments is described taking an example where the disclosure document creator unit 104 carries out acceptance of an information disclosure request from an ordinary citizen, retrieval of a disclosure object document, a request to the document management unit 103 for the disclosure object document, creation of the disclosure document 108, and disclosure of the disclosure document 108. However, different configurations may be adopted. For example, acceptance of an information disclosure request from an ordinary citizen, retrieval of a disclosure object document, and a request to the document management unit 103 for the disclosure object document may be carried out in a unit different from the disclosure document creator unit 104, while creation of the disclosure document 108 and disclosure of the disclosure document 108 may be carried out in the disclosure document creator unit 104.
  • The recipient unit 105 is used so that an ordinary citizen who is a user of the recipient unit 105 requests information disclosure from the administrative organ and verifies the authenticity of the disclosure document 108 disclosed according to the request. The recipient unit 105 transmits the information necessary for identifying a disclosure object document to the disclosure document creator unit 104 and requests information disclosure. In addition, the recipient unit 105 verifies whether the contents of the disclosure document 108 open to the ordinary citizen and the original document 106 are the same except a part omitted in terms of protection of information (an undisclosed part).
  • The recipient unit 105 displays or prints the disclosure document 108 open to the ordinary citizen in the state where the undisclosed part is covered with black color (hereinafter referred to as “blacked out”) so that the user is permitted to read the disclosure document 108.
  • Each of the embodiments is described taking an example where an information disclosure request and verification of the authenticity of the disclosure document 108 are carried out in the same recipient unit 105. However, different configurations may be adopted. For example, an information disclosure request may be made in a unit different from the recipient unit 105, and verification of the authenticity of the disclosure document 108 made open to the user may be carried out in the recipient unit 105.
  • FIG. 2 is a view showing a schematic configuration of the original document creator unit 102 used in each of the following embodiments.
  • The original document creator unit 102 can be constructed with a computer 210 having a general configuration and including a CPU 201, a RAM 202 which functions as a work area for the CPU 201, an external storage unit 203 such as a hard disk drive unit, a reading unit 204 which reads data from a storage medium 205 having portability such as a CD-ROM and a FD, an input unit 206 such as a keyboard and a mouse, a display unit 207 such as a display, a communication unit 208 which performs communication with another unit via a network, and an interface 209 responsible for data transfer between the above-mentioned constituent elements.
  • An original document creation PG (program) 221, a signature creation PG (program) 222 and a document archive request PG (program) 223 are stored in the external storage unit 203 of the original document creator unit 102. These programs 221, 222 and 223 are loaded into the RAM 202, and are respectively embodied by the CPU 201 in the form of processes which are an original document creation unit 241, a signature creation processing unit 242 and a document archive request processing unit 243. In addition, data (such as the original document 106, the signed original document 107 and a signing secret key 211) which are inputs or outputs to or from these processing units 241, 242 and 243 are stored in the external storage unit 203. The signing secret key 211 is required to be managed particularly strictly in terms of security. For this reason, the signing secret key 211 may also be stored in a unit which has tamper resistance and differs from the external storage unit 203 in which the other data are stored.
  • Each of the document management unit 103, the disclosure document creator unit 104 and the recipient unit 105 also has the same configuration as the original document creator unit 102. However, a document archive PG (program) 224 and a requested document transmission PG (program) 225 as well as signed original documents requested to be archived are stored in an external storage unit of the document management unit 103. An information disclosure request acceptance PG (program) 226, a requested document retrieval PG (program) 227, a requested document transmission request PG (program) 228, a disclosure portion determining PG (program) 229, a disclosure document creation PG (program) 230 and a disclosure document opening PG (program) 231 are stored in an external storage unit of the disclosure document creator unit 104. An information disclosure request PG (program) 232 and a disclosure document verification PG (program) 233 are stored in an external storage unit of the recipient unit 105.
  • In the following description of each of the embodiments, it is assumed that each of the programs is stored in the external storage unit 203 in advance. However, when necessary, each of the programs may also be introduced into the external storage unit 203 or the RAM 202 via the external interface 209 through a storage medium such as an FD or a CD-ROM, or through a network such as the Internet which is a communications medium, or through a carrier wave which propagates through the network.
  • FIG. 3 is a flowchart showing an outline of the processing of creating an administrative document which is an original document and archiving the administrative document in the document management unit in each of the following embodiments. At the time when an original document is created and archived, it is not necessarily possible to determine which portion of the document archived in the document management unit contains information to be disclosed or not to be disclosed when the document management unit accepts an information disclosure request in the future. In general, it seems, in many cases, impossible to determine which portion of the archived document is to be disclosed. Incidentally, in the following flowchart, the titles of programs which are respectively given in parentheses in individual steps represent programs which execute the processing of the corresponding steps.
  • Original Document Creation and Archive Flow (Processing of Original Document Creator Unit 102)
  • 301: The processing is started.
  • 302: An original document is created (the original document creation PG 221).
  • 303: A signature is generated for the created original document (the signature creation PG 222).
  • 304: The signed original document is transmitted to the document management unit 103 and the document management unit 103 is requested to register the signed original document (the document archive request PG 223) (the processing of the document management unit 103).
  • 305: The received signed original document is registered (the document archive PG 224).
  • 306: The processing is brought to an end.
  • FIG. 4 is a flowchart showing an outline of the processing of accepting an information disclosure request from an ordinary citizen and performing information disclosure in each of the following embodiments. Incidentally, in the following flowchart, the titles of programs which are respectively given in parentheses in individual steps represent programs which execute the processing of the corresponding steps.
  • Information Disclosure Flow (Processing of Recipient Unit 105)
  • 401: The processing is started.
  • 402: Information capable of specifying the range of information desired to be disclosed is transmitted in order to request the disclosure document creator unit 104 to perform information disclosure (the information disclosure request PG 232) (the processing of the disclosure document creator unit 104).
  • 403: When the information which specifies the range of information desired to be disclosed is received (the information disclosure request acceptance PG 226) a document to be disclosed is retrieved on the basis of the information which specifies the range (the requested document retrieval PG 227), and the document is requested from the document management unit 103 (the requested document transmission request PG 228) (the processing of the document management unit 103).
  • 404: The signed original document requested to be disclosed is transmitted to the disclosure document creator unit 104 (the requested document transmission PG 225) (the processing of the disclosure document creator unit 104).
  • 405: The content of the received signed original document is confirmed in accordance with a predetermined information disclosure policy to determine a portion appropriate for disclosure (the disclosure document creation PG 229), and a disclosure document subjected to undisclosure processing which prevents leakage of information inappropriate for disclosure such as information concerning personal information or national secrets is created (the disclosure document creation PG 230) , and the disclosure document is transmitted to the recipient unit 105 (the disclosure document opening PG 231) (the processing of the recipient unit 105).
  • 406: The authenticity of the received disclosure document is verified (the disclosure document verification PG 233).
  • 407: The processing is brought to an end.
  • In the information disclosure system whose outline has been described above, it is particularly noticeable that it is necessary to compatibly realize the assurance of the authenticity of a disclosure document and the deletion of information inappropriate for disclosure need to be made compatible.
  • In a service form in which disclosure documents are necessarily the same as original documents, if an original document creator applies a known electronic signature technique to affix a signature to an original document, a recipient can confirm the authenticity of a disclosure document (having the same data as the original document) by applying a known electronic signature verification technique.
  • However, in an information disclosure system of the embodiments of the present invention, an original document and a disclosure document are not necessarily the same. This is because there is a possibility that, at the time of information disclosure, original documents contain information inappropriate for disclosure (for example, information concerning the privacy of individuals or information not to be disclosed in terms of national security) , and there is a need to omit (i.e., black out) the inappropriate information from the original document to make the information undisclosed. In this case, even if the original document is subjected to a modification, such as blackout, which seems appropriate or indispensable in terms of information disclosure, known electronic signature techniques can only provide an “unverifiable” result, as in the case where the original document undergoes a manipulation by a third party with malicious intent.
  • Accordingly, there is a demand for novel authenticity assurance techniques for electronic documents which are capable of compatibly realizing both the assurance of the authenticity of original documents and the deletion of information inappropriate for disclosure.
  • The desired natures of electronic document authenticity assurance techniques according to the following embodiments are as follows.
  • (Nature 1) It is possible to verify even a disclosure document containing an undisclosed portion, and if there is no modification except an undisclosed portion, verification succeeds.
  • (Nature 2) If a disclosure document contains a modification except the blackout of an original document, verification fails.
  • (Nature 3) Information containing an undisclosed portion cannot be inferred from a disclosure document.
  • (Nature 4) An attacker who tries to infer information of an undisclosed portion of a disclosure document cannot use the disclosure document as information which assures the correctness of the result of the inference.
  • The nature 1, which cannot be achieved by any known electronic signature technique, is a required condition which becomes necessary in the case where any (appropriate) modification may occur in an original document after the formation thereof, as in the case of information disclosure.
  • The nature 2 is a condition for discriminating between an allowable appropriate modification (i.e., blackout) and other modifications.
  • The nature 3 means that information does not leak from an undisclosed portion (blacked-out portion). For example, in the case of a method which makes a disclosure document published with the information of an undisclosed portion hidden by cryptographic technology or the like (as a cryptogram) , it is necessary to design the method so that the cryptogram cannot be easily deciphered.
  • The nature 4 means that even if an undisclosed portion (blacked-out portion) is inferred, the inference can be denied. For example, it is assumed that an original document contains the expression “the suspect “A” denied having committed the crime, while a disclosure document contains the expression “the suspect “****” denied having committed the crime” (namely, the name of “A” which is personal information is not disclosed by an disclosure document creator) . In addition, it is assumed that an attacker (or a recipient) who has seen this disclosure document infers from the context or other information that “****” means “A”, and tries verification by applying the name of A to the “****” portion. If this verification succeeds, the disclosure document is likely to be used as information which assures the inference that “****” is “A”. This is because “A” is difficult to deny in a signature method in which the probability that it is possible to find out character strings which can be successfully verifiably applied to “****” except “A” is negligibly small in practical terms.
  • The following embodiments disclose a plurality of methods which can be used as electronic document authenticity assurance techniques which satisfy the above-mentioned natures.
  • First, a first embodiment will be described below. To describe how the first embodiment is realized, a detailed description will be given in connection with the signature creation PG 222 operating in the original document creator unit 102, the disclosure document creation PG 230 operating in the disclosure document creator unit 104, and the disclosure document verification PG 233 operating in the recipient unit 105.
  • FIG. 5 is a view showing the flow of processing of the signature creation PG 222 according to the first embodiment.
  • 501: The processing is started.
  • 502: An original document is divided into constituent elements (hereinafter referred to as blocks). As to the method of defining the constituent elements, for example, the original document may be defined as constituent elements on a byte-by-byte basis in order from its front, or in the case of a structured document like a document described by XML (extensible Markup Language) , its minimum constituent elements may also be used. The original document is hereinafter regarded as a string of N blocks.
  • 503: Signatures are generated for all substrings of the string of N blocks which is the original document, by using the secret key of the original document creator (2 to the N-th power of signatures are generated).
  • 504: Data including the original document and the 2 to the N-th power of signatures corresponding to the substrings of the original document are designated as a signed original document.
  • 505: The processing is brought to an end.
  • FIG. 6 is a view showing the flow of processing of the disclosure document creation PG 230 according to the first embodiment.
  • 601: The processing is started.
  • 602: Blocks containing information inappropriate for disclosure are retrieved from the signed original document which is the disclosure object document.
  • 603: Substrings of the original document which include the remaining blocks except the retrieved blocks are generated.
  • 604: Data including the substrings and the signatures corresponding to the respective substrings are designated as a disclosure document.
  • 605: The processing is brought to an end.
  • FIG. 7 is a view showing the flow of processing of the disclosure document verification PG 233 according to the first embodiment.
  • 701: The processing is started.
  • 702: The disclosure document (including certain substrings of the original document and the signatures corresponding to the respective substrings) is verified by using a public key of the original document creator, and the result of verification is outputted. The public key of the original document creator which is used for verification, for example, may be sent from the disclosure document creator unit 104 together with the disclosure document, or may be acquired as required from the original document creator unit 102. The public key can be desirably used together with a public-key credential which is issued by means of known PKI (Public-Key Infrastructure) techniques and makes it possible to reliably confirm the original document creator.
  • 703: The processing is brought to an end.
  • As will be described below, the above-mentioned electronic document authenticity assurance technique (the first embodiment) satisfies the nature 1, the nature 2, the nature 3 and the nature 4.
  • In the first embodiment, the disclosure document includes the substrings of the original document and the signatures of the original document creator corresponding to the respective substrings. Accordingly, it is possible to confirm the authenticity of the disclosure document by using existing electronic signature verification techniques. The nature 1 and the nature 2 are, therefore, satisfied. In addition, the disclosure document does not include the blocks containing the information inappropriate for disclosure, and therefore, the nature 3 is satisfied. Furthermore, the signature information affixed to the disclosure document is unrelated to the blocks containing the information inappropriate for disclosure; that is to say, when the signatures affixed to the disclosure document are to be generated, the blocks containing the information inappropriate for disclosure are not used, so that the nature 4 is also satisfied.
  • As described above, the first embodiment satisfies the natures desired in each of the embodiments of the present invention, but has a problem in terms of efficiency. In the first embodiment, it is necessary to generate 2 to the N-th power of signatures for an original document including N blocks. However, a far more efficient method is desired.
  • A second embodiment which is improved in efficiency will be described below. To describe how the second embodiment is realized, a detailed description will be given in connection with the signature creation PG 222 operating in the original document creator unit 102, the disclosure document creation PG 230 operating in the disclosure document creator unit 104, and the disclosure document verification PG 233 operating in the recipient unit 105.
  • FIG. 8 is a view showing the flow of processing of the signature creation PG 222 according to the second embodiment.
  • 801: The processing is started.
  • 802: The same as Step 502.
  • 803: Signatures (N signatures) are generated for data (called blocks with position information) in which the data of each of the blocks is bound to position information indicating where each of the blocks is positioned in the original document.
  • 804: Data including the (N-number of) data of the blocks with position information and the (N-number of) signatures for the respective blocks are designated as a signed original document.
  • 805: The processing is brought to an end.
  • In the above-mentioned flow, the reason why the position information is bound to the data of each of the blocks is to prevent the illegal act of changing the order of the blocks. The position information may make use of, for example, consecutive numbers each indicating what number block the corresponding block is, as counted from the first block. If the original document is divided into blocks on a byte-by-byte basis in order from its front, each of the consecutive numbers indicates what number byte the corresponding byte is. If the original document is a structured document described by XML (extensible Markup Language) or the like, far more appropriate information which reflects its structure may also be used as position information.
  • FIG. 9 is a view showing the flow of processing of the disclosure document creation PG 230 according to the second embodiment.
  • 901: The processing is started.
  • 902: The same as Step 602 (provided that each of the blocks is a block with position information).
  • 903: Data which include the blocks with position information except the retrieved blocks (i.e., undisclosed blocks) and signatures corresponding to the respective blocks with position information (the number of the signatures coincides with the number of the disclosed blocks) are designated as a signed original document.
  • 904: The processing is brought to an end.
  • FIG. 10 is a view showing the flow of processing of the disclosure document verification PG 233 according to the second embodiment.
  • 1001: The processing is started.
  • 1002: The disclosure document (including one or a plurality of blocks with position information and signatures corresponding to the respective blocks) is verified on a block-by-block basis by using the public key of the original document creator, and when verification of all the blocks succeeds, the message “verification has succeeded” outputted; otherwise, the message “verification has failed” is outputted.
  • 1003: The processing is brought to an end.
  • In the following description, reference is made to the fact that the above-mentioned electronic document authenticity assurance technique (the second embodiment) satisfies the nature 1, the nature 2, the nature 3 and the nature 4.
  • In the second embodiment, the disclosure document includes the substrings of the original document and the signatures of the original document creator corresponding to the respective blocks constituting the substrings. Accordingly, it is possible to confirm the authenticity of the disclosure document by repeatedly executing an existing electronic signature verification technique by the number of the blocks. The nature 1 and the nature 2 are, therefore, satisfied. In addition, the disclosure document does not include the blocks containing the information inappropriate for disclosure, and therefore, the nature 3 is satisfied. Furthermore, the signature information affixed to the disclosure document is unrelated to the blocks containing the information inappropriate for disclosure; that is to say, when the signatures affixed to the disclosure document are to be generated, the blocks containing the information inappropriate for disclosure are not used as input information, so that the nature 4 is also satisfied.
  • As described above, the second embodiment satisfies the natures desired in each of the embodiments. In addition, as viewed from the point of view of efficiency, the first embodiment needs to generate 2 to the N-th power of signatures for an original document made of N blocks, whereas the second embodiment needs only to generate N-number of signatures.
  • A third embodiment which is improved in efficiency to a further extent will be described below. As will be described later, the third embodiment does not satisfy the nature 4. Accordingly, the third embodiment is a method to be applied to information disclosure systems which do not need the nature 4. To describe how the third embodiment is realized, a detailed description will be given in connection with the signature creation PG 222 operating in the original document creator unit 102, the disclosure document creation PG 230 operating in the disclosure document creator unit 104, and the disclosure document verification PG 233 operating in the recipient unit 105.
  • The third embodiment makes use of a cryptographic hash function (hereinafter referred to simply as the hash function). The hash function receives arbitrary-length data as its input and outputs fixed-length data, and has the characteristics that: (1) it is impossible to calculate the original input from the output (one-way) ; and (2) it is impossible to find two inputs giving the same output (collision resistant) Specific known examples are SHA-1 and MD5.
  • FIG. 11 is a view showing the flow of processing of the signature creation PG 222 according to the third embodiment.
  • 1101: The processing is started.
  • 1102: The same as Step 502.
  • 1103: The hash values of the data of the respective blocks are calculated, and a signature (one signature) is generated for data obtained by binding together the calculated N hash values.
  • 1104: Data which include the (one) signature generated in Step 1103 and the original document are designated as a signed original document.
  • FIG. 12 is a view showing the flow of processing of the disclosure document creation PG 230 according to the third embodiment.
  • 1201: The processing is started.
  • 1202: The same as Step 602.
  • 1203: Data which include the hash values of the respective retrieved blocks, the remaining blocks except the blocks, and the signature are designated as a disclosed document (i.e., as to the retrieved blocks (corresponding to undisclosed blocks), not the blocks themselves but their hash values are used, and as to the remaining blocks (corresponding to disclosed blocks), the blocks themselves are used).
  • 1204: The processing is brought to an end.
  • FIG. 13 is a view showing the flow of processing of the disclosure document verification PG 233 according to the third embodiment.
  • 1301: The processing is started.
  • 1302: The hash values of blocks are calculated to which the original data themselves (not hash values) are given in the disclosure document (which includes the hash value or values of one or a plurality of blocks, the one or the plurality of blocks, and a signature).
  • 1303: Data obtained by binding together the hash values (a total of N hash values) calculated in Step 1302 or contained in the disclosure document are verified by using a public key of the original document creator, and the result of verification is outputted.
  • 1304: The processing is brought to an end.
  • In the third embodiment as well, position information which specifies the position of each of the block may be used as in the case of the second embodiment. If position information is used, it becomes easy to determine the order in which the hash values are bound together in Step 1303.
  • The above-mentioned electronic document authenticity assurance technique (the third embodiment) is described below, which satisfies the nature 1 and the nature 3 but not the nature 4.
  • In the third embodiment, the disclosure document includes blocks themselves which are disclosable blocks of the original document, the hash value of a block which is a block inappropriate for disclosure, and the signature of the original document creator that is affixed to data obtained by binding together the hash values of the respective blocks of the original document. Accordingly, if a recipient calculates the hash values of the blocks which are disclosed themselves, binds these hash values to the disclosed hash values of the blocks whose hash values are disclosed, and performs signature verification by using this bound value as signature object data, the recipient can confirm the authenticity of the disclosure document. The nature 1 is, therefore, satisfied. In addition, owing to the collision resistance of the hash function, it is difficult to apply any manipulation other than the substitution of the hash-value blocks for the original-document blocks, and therefore, the nature 2 is also satisfied. Information depending on the information inappropriate for disclosure, that is contained in the disclosure document, is the hash value of the block inappropriate for disclosure and the signature generated depending on the hash value. It can be seen, therefore, that the nature 3 is satisfied owing to the one-way characteristic of the hash function. On the other hand, an attacker who has inferred the block inappropriate for disclosure from the context can confirm whether his/her inference is correct, by calculating the hash value of the inferred block and examining whether the calculated hash value coincides with any of the disclosed hash values. If his/her inference is correct, the inference can be used as information which assures the correctness of the result of the inference, so that the third embodiment does not satisfy the nature 4.
  • As described above, the third embodiment satisfies the nature 1 and the nature 3 but not the nature 4, among the above-mentioned desired natures. However, in terms of efficiency, the third embodiment is superior to the second embodiment because one signature needs only to be generated for the original document including N blocks.
  • A fourth embodiment which incorporates the third embodiment improved to satisfy the nature 4 will be described below. A detailed description will be given in connection with the signature creation PG 222 operating in the original document creator unit 102, the disclosure document creation PG 230 operating in the disclosure document creator unit 104, and the disclosure document verification PG 233 operating in the recipient unit 105.
  • FIG. 14 is a view showing the flow of processing of the signature creation PG 222 according to the fourth embodiment.
  • 1401: The processing is started.
  • 1402: The same as Step 502.
  • 1403: Random numbers are generated for the respective blocks (a total of N random numbers are generated).
  • 1404: Data (called random-numbered blocks) in which the data of the respective N blocks and the random numbers generated for the respective N blocks are bound together are generated for the respective N blocks.
  • 1405: The hash values of the respective random-numbered blocks are calculated and a signature (one signature) is generated for data obtained by binding together the calculated N hash values.
  • 1406: Data which include the (one) signature generated in Step 1405 and the N random-numbered blocks are designated as a signed original document.
  • 1407: The processing is brought to an end.
  • FIG. 15 is a view showing the flow of processing of the disclosure document creation PG 230 according to the fourth embodiment.
  • 1501: The processing is started.
  • 1502: The same as Step 602 (provided that each of the blocks is a random-numbered block).
  • 1503: Data which include the hash values of the retrieved random-numbered blocks, the remaining random-numbered blocks except the retrieved ones, and the signature are designated as a disclosure document (i.e., as to the retrieved random-numbered blocks (corresponding to undisclosed blocks), not the random-numbered blocks themselves but the hash values are used, while as to the remaining random-numbered blocks (corresponding to disclosed blocks), the random-numbered blocks themselves are used).
  • 1504: The processing is brought to an end.
  • FIG. 16 is a view showing the flow of processing of the disclosure document verification PG 233 according to the fourth embodiment.
  • 1601: The processing is started.
  • 1602: The same as Step 1302 (provided that each of the blocks is a random-numbered block).
  • 1603: The same as Step 1303.
  • 1604: The processing is brought to an end.
  • In the fourth embodiment as well, position information which specifies the position of each of the blocks may be used as in the case of the second embodiment. If position information is used, it becomes easy to determine the order in which the hash values are bound together in Step 1603.
  • The above-mentioned electronic document authenticity assurance technique (the fourth embodiment) is described, which satisfies the nature 1, the nature 3 and the nature 4. As to the natures 1, 2 and 3, the fourth embodiment is similar to the third embodiment. In the following description, reference is made to the fact that the fourth embodiment also satisfies the nature 4. In the case of the fourth embodiment, an attacker who has inferred a block inappropriate for disclosure from the context or the like cannot easily find examine whether his/her inference is correct, by comparing the hash values. This is because even if the information of the inferred block is correct, the hash values do not coincide if random numbers to be bound together are not correct. In addition, since the random numbers are generated independently of the context, the inference of the random numbers is extremely difficult, and is impossible in practical terms. Accordingly, the fourth embodiment also satisfies the nature 4.
  • As described above, the fourth embodiment satisfies the desired natures. In addition, from the point of view of efficiency, for an original document made of N blocks, the first embodiment needs to generate 2 to the N-th power of signatures and the second embodiment needs to generate N-number of signatures, whereas the fourth embodiment needs only to generate one signature. Accordingly, the fourth embodiment is superior to the first and second embodiments.
  • A function called a message commitment scheme may be used instead of the hash function used in the above-mentioned fourth embodiment. The message commitment scheme is a function which calculates a value called a commit with respect to a message and which has two natures: hiding (it is remarkably difficult to acquire information on the original message from commit) and binding (it is remarkably difficult to find out a message different from the original inputted message coincident with a given commit) (when the original message is given, it is possible to easily confirm whether the original message corresponds to commit). One example of the message commitment scheme is disclosed in S. Halevi and S. Micali, “Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing”, In CRYPTO′ 96, LNCS 1109, Springer-Verlag, Berlin, 1996.
  • The message commitment scheme disclosed in the above-mentioned document is configured by a combination of hash functions, so that as compared with the case where a hash function is used independently, the message commitment scheme requires a large processing load but is superior in that the information of the original message is information theoretically hidden.
  • FIGS. 17 to 20 are, respectively, schematic views of the structures of the signed original documents 107 and the disclosure documents 108 which are created in accordance with the respective first to fourth embodiments (in each example, the number of blocks is five and the third block is an undisclosed block).
  • The disclosure documents created according to the respective second to fourth embodiments can be subjected to additional blackout. Namely, a recipient or another entity that has acquired the disclosure document can additionally black out blocks except the blocks deleted (blacked out) by the disclosure document creator that are contained in the disclosure document. This nature is in some cases considered undesirable in particular situations.
  • For example, in the case where the information disclosure system shown in FIG. 1 has the risk that a disclosure document which is being sent from the disclosure document creator unit 104 to the recipient unit 105 is altered on the network 101, a dishonest person can delete, i.e., additionally blacks out, information inconvenient for the dishonest person, which is contained in the disclosure document, and send the altered document to the recipient unit 105. In this case, the recipient cannot discriminate between the original disclosure document and the disclosure document additionally blacked out by the dishonest person (i.e., the recipient can confirm that either of the disclosure documents is part of the original document) , so that, from the recipient, it cannot be said that the above-mentioned nature is desirable for the original purpose of information disclosure.
  • A new nature desired to be incorporated into electronic document authenticity assurance techniques is hereinafter referred to as nature 5 (it is possible to prevent additional blackout of a disclosure document), and a fifth embodiment which is improved to satisfy this nature 5 as well will be described below.
  • The fifth embodiment is described taking an example based on the electronic document authenticity assurance technique described above as the fourth embodiment. However, the fifth embodiment is not limited to this configuration, and may also have a configuration based on other electronic document authenticity assurance techniques.
  • In the fifth embodiment, a signing secret key of a disclosure document creator is previously stored in the external storage device of the disclosure document creator unit 104. A signature verifying public key which is paired with the signing secret key can be acquired by a recipient, for example, on a Web server. Incidentally, the processing performed in the original document creator unit 102 is basically the same as the fourth embodiment.
  • Step 1503 described previously in the flow of processing, shown in FIG. 15, of the disclosure document creation PG 230 according to the fourth embodiment is modified as follows.
  • 1503 (modified): The signature of the disclosure document creator is affixed to data which include the hash values of the retrieved random-numbered blocks, the remaining random-numbered blocks except the retrieved ones, and the signature, by using the signing secret key of the disclosure document creator, and the signed disclosure document is designated as a disclosure document (i.e., a disclosure document which includes the disclosure document created in the fourth embodiment and the signature affixed thereto by the disclosure document creator is designated as a disclosure document according to the fifth embodiment).
  • Step 1602 described previously in the flow of processing, shown in FIG. 16, of the disclosure document verification PG 233 according to the fourth embodiment is modified as follows.
  • 1602 (modified): The signature of the disclosure document creator which has been affixed to the disclosure document is verified by using a public key which verifies the signature of the disclosure document creator. When verification succeeds, the same processing as Step 1302 (provided that each of the blocks is a random-numbered block) is performed, whereas when verification fails, the disclosure document is regarded as illegal, and the processing is brought to an end.
  • According to the fifth embodiment, the signature of the disclosure document creator is affixed to the disclosure document created in the disclosure document creator unit 104. Accordingly, if any user other than the disclosure document creator additionally blacks out the disclosure document, the fifth embodiment fails in verifying the signature of the disclosure document creator, whereby it is possible to prevent additional blackout.
  • Another new nature which provides another countermeasure against additional blackout is hereinafter referred to as nature 6 (a disclosure document creator can select whether to allow or prevent additional blackout of a disclosure document), and a sixth embodiment which is improved to satisfy this nature 6 as well will be described below.
  • The fifth embodiment is intended to prevent additional blackout from being applied to the entire disclosure document, but there are considered to be situations where the disclosure document creator of a disclosure document desires to prevent additional blackout of a certain portion of the disclosure document, but desires to allow additional blackout of another certain portion of the same. According to the sixth embodiment, there is an electronic document authenticity assurance technique which enables a disclosure document creator to select whether to allow or prevent this additional blackout.
  • If the nature 6 is satisfied, the nature 5 is also satisfied, because a disclosure document creator can prevent additional blackout from being applied to the disclosure document, by setting the sixth embodiment to prevent additional blackout from being applied to the entire disclosure document.
  • FIG. 21 is a view showing the flow of processing of the signature creation PG 222 according to the sixth embodiment.
  • 2101: The processing is started.
  • 2102: The same as Step 502.
  • 2103: Random numbers are generated for the respective blocks. These blocks are called “black blocks”. (A total of N black numbers are generated).
  • 2104: The same as Step 1403 (provided that the random numbers generated in Step 2104 are generated independently of the random numbers generated as the black blocks in Step 2103).
  • 2105: The same as Step 1404.
  • 2106: Two pieces of data relative to each of the N blocks, i.e., the corresponding one of the random-numbered blocks created in Step 2105 and the corresponding one of the black blocks created in Step 2103, are inputted into a signing two-input one-way function, and the output data from the signing two-input one-way function are acquired. A signature (one signature) is generated for data in which the output data (N pieces) are bound together. It is assumed here that the signing two-input one-way function is a function which satisfies the following conditions and is known to the entire system. Namely, the signing two-input one-way function is a function which outputs one value (C) with respect to two input values (A and B) , and satisfies the following conditions:
  • (1) when A′ and B′ are inputted, C′ which is C′≠C is outputted except a negligible probability if A′≠A and B′≠B;
  • (2) even if A and C are known, B cannot be inferred, except a negligible probability; and
  • (3) even if B and C are known, A cannot be inferred, except a negligible probability.
  • A specific example of a configuration method according to the sixth embodiment will be described later.
  • 2107: Data which include the (one) signature generated in Step 2106, the N random-numbered blocks and the N black blocks are designated as a signed original document.
  • 2108: The processing is brought to an end.
  • FIG. 22 is a view showing the flow of processing of the disclosure document creation PG 230 according to the sixth embodiment.
  • 2201: The processing is started.
  • 2202: Blocks containing information inappropriate for disclosure are retrieved from the signed original document which is the disclosure object document.
  • 2203: It is determined whether to allow or prevent additional blackout, as to each of the remaining blocks except the retrieved blocks.
  • 2204: Data are designated as a disclosure document, which include data configured by using black blocks as blocks inappropriate for disclosure, random-numbered blocks as blocks to be disclosed and to be prevented from being additionally blacked out, and black blocks and random-numbered blocks as blocks to be disclosed and to be allowed to be additionally blacked out, as well as the signature.
  • 2205: The processing is brought to an end.
  • FIG. 23 is a view showing the flow of processing of the disclosure document verification PG 233 according to the sixth embodiment.
  • 2301: The processing is started.
  • 2302: Each of the blocks contained in the disclosure document (including the black blocks, the random-numbered blocks and the signature) is inputted to a verifying function corresponding to the signing two-input one-way function, and an output is provided from the verifying function. A specific example of a method which configures the verifying function will be described later.
  • 2303: Data obtained by binding together the output data (N pieces) calculated in Step 2302 are verified by using the public key of the original document creator, and the result of verification is outputted.
  • 2304: The processing is brought to an end.
  • The recipient who has received the disclosure document created in accordance with the disclosure document creation PG 230 cannot black out the blocks that have been determined, by the original document creator, to be prevented from being additionally blacked out. This is because the recipient cannot acquire black blocks corresponding to those blocks.
  • A specific example of the configuration of the verifying function corresponding to the signing two-input one-way function is as follows.
  • For Generation of Signature
  • With respect to the input values A and B, a straight line L passing through two points (1, h(A) ) and (2, h(B) is found (h is a hash function). Then, points (0, Q) and (3, P) whose respective x coordinates on the straight line L are 0 and 3 are found, and Q and P are outputted. Incidentally, since P is used for verification, P is incorporated into the disclosure document as auxiliary data in Step 2107.
  • For Verification of Signature
  • Inputs are the input value A′ or B′ and an auxiliary input P′ . A straight light L passing through two points (1, h(A′)) or (2, h(B′)) and (3, P′) is found. Then, a point (0, Q′ ) whose x coordinate on the straight line L is 0 is found, and Q′ and P′ are outputted.
  • In the above-mentioned configuration, the values of the x coordinate may differ from 0, 1, 2 and 3 if they are values common to the system.
  • Another specific example of the configuration of the verifying function corresponding to the signing two-input one-way function may be as follows.
  • For Generation of Signature
  • With respect to the input values A and B, h(A) and h(B) are found, and data obtained by binding together these hash values are outputted (h is a hash function). Incidentally, since h(A) and h(B) are used for verification, h(A) and h(B) are incorporated into the disclosure document as auxiliary data in Step 2107.
  • For Verification of Signature
  • Inputs are the input value A′ or B′ and auxiliary inputs h(A′) and h(B′). If A′ is inputted, h(A′) is calculated, and h(A′) and h(B′) are outputted. If B′ is inputted, h(B′) is calculated, and h(B′) and h(A′) are outputted.
  • The sixth embodiment is particularly effective in the case where a plurality of disclosure document creator units 104 are connected to the network 101 and documents are circulated among the disclosure document creator units 104. For example, it is assumed that two areas A and B exist in one original document and an original document creator X desires to make a decision as to whether to allow disclosure of the information in the area A, while an original document creator Y desires to make a decision as to whether to allow disclosure of the information in the area B. At this time, according to the sixth embodiment, it is possible to prevent the original document creator Y from performing any act that is beyond the limits of his/her original authority, such as (unduly) blacking out the information in the area A.
  • Specifically, the disclosure document creator X who has received the original document determines whether to allow disclosure of each block contained in the area A, and sets a portion to be disclosed, as a block to be disclosed and to be prevented from being additionally blacked out, and blacks out a portion not to be disclosed. The disclosure document creator X sets each block contained in the area B as a block to be disclosed and to be allowed to be additionally blacked out.
  • The disclosure document creator Y who has received the disclosure document which is set in this manner (disclosed to Y by X) determines whether each block contained in the area B is allowed to be disclosed, and sets a portion to be disclosed, as a block to be disclosed and to be prevented from being additionally blacked out, and blacks out a portion not to be disclosed. This document is designated as a final disclosure document (to be disclosed to a recipient). At this time, since each block contained in the area A is set to be prevented from being additionally blacked out, the disclosure document creator Y cannot perform any act that is beyond the limits of his/her original authority, such as (unduly) blacking out the information of the area A.
  • Incidentally, even if the disclosure document creator X who has first received the original document blacks out information contained in the area B, beyond the limits of his/her original authority, the fact that the disclosure document creator X has exceeded his/her authority is revealed when the disclosure document creator Y receives the disclosure document disclosed to Y by X. At this time, the disclosure document creator Y may take measures such as interrupting the processing or demanding that the disclosure document creator X again perform the processing of creating the disclosure document.
  • In the above description of each of the first to sixth embodiments, an information disclosure institution has been taking an example, but the present invention is not limited to this example. As another example to which the invention can be applied, a seventh embodiment in which the present invention is applied to the issue of a public key certificate in a PKI (Public-key Infrastructure) will be described below.
  • FIG. 24 is a view schematically showing the structure of a public key certificate to be issued in the PKI (Public-key Infrastructure).
  • The public key certificate is data to be made widely open to the public for the purpose of making the owner of the public key clear, and includes a basic field 2410, an extension field 2420 and a signature 2430 of an authority. The basic field 2410 includes information such as version information 2411, a serial number 2412, a signature algorithm 2413, a validity period 2414, an issuer 2415, an owner 2416, and a public key 2417. The extension field 2420 includes, for example, a family name 2421, a personal name 2422, a date of birth 2423, sex 2424, an address 2425, and certificate policy information 2426.
  • There is a possibility that the public key certificate may include information related to privacy. For example, in the case of the public key certificate shown in FIG. 23, the family name 2421, the personal name 2422, the date of birth 2423, the sex 2424 and the address 2425 included in the extension field 2420 may be information related to privacy. The fact that these items of information are included in the public key certificate has the advantage that it is possible to explain to a third party that the information (for example, the data of birth 2423) is correct. However, in the case where these kinds of information are included in the public key certificate, even when the owner does not desire to disclose the information (for example, the date of birth 2423), the owner must disclose in order to show the validity of the public key (namely, in order to confirm an electronic signature which is affixed to the public key certificate by the authority).
  • By applying the present invention to the issue of the public key certificate, it is possible for the owner to show the validity of the public key while hiding the date of birth 2423. Contrarily, if the owner desires to explain the correctness of the date of birth 2423, the owner can also disclose the date of birth 2423.
  • For example, by using the following method, it is possible to issue the public key certificate while hiding any of the items of information included in the extension field 2420 (the family name 2421, the personal name 2422, the date of birth 2423, the sex 2424 and the address 2425).
  • When the authority is to affix the signature to the public key certificate, the authority divides the public key certificate into six blocks, i.e., the basic field 2410, the family name 2421, the personal name 2422, the date of birth 2423, the sex 2424 and the address 2425, and generates the electronic signature of the authority in accordance with any of the flows of processing of the signature creation PG 222 mentioned above in the descriptions of the first to sixth embodiments. The resultant data corresponding to any of the original documents according to the first to sixth embodiments is designated as the public key certificate.
  • If the owner who has acquired the issued public key certificate desires to show the validity of the public key while hiding, for example, the date of birth, the owner needs only to black out the block of the date of birth 2423 in accordance with any of the flows of processing of the disclosure document creation PG 230 mentioned above in the descriptions of the first to sixth embodiments.
  • Incidentally, the processing of the authority (for example, confirmation of identity) which is executed before the signature is affixed to the public key certificate and the processing of the authority (for example, distribution of public key certificates) which is executed after the affixture of the signature may be performed similarly to known processing of the authority.
  • As another form in which the present invention is applied to the issue of a public key certificate, the invention can also be applied to the issue of a single public key certificate corresponding to a plurality of public keys. This method will be described below as an eighth embodiment.
  • According to the eighth embodiment, since a public key certificate can be issued to a plurality of public keys at a time, processing, such as confirmation of identity, which is executed by an authority can be efficiently performed at a time.
  • The issue of a single public key certificate corresponding to a plurality of public keys may be performed as follows. When an authority is to affix its signature to a public key certificate (including N public keys), the authority first provides N fields (each corresponding to the public key 2417) in which to fill in the respective public keys, and divides the public key certificate into a total of N+1 blocks for the N fields for public keys and another field, and generates an electronic signature of the authority in accordance with any of the flows of processing of the signature creation PG 222 mentioned above in the descriptions of the first to sixth embodiments.
  • The owner who has acquired the issued public key certificate blacks out the N public keys except, for example, the first public key in accordance with any of the flows of processing of the disclosure document creation PG 230 mentioned above in the descriptions of the first to sixth embodiments, and obtains data corresponding to a disclosure document according to any of the first to sixth embodiments, as a public key certificate for the first public key.
  • When the owner desires to update his/her public key (namely, when the owner desires to use another public key as his/her public key), the owner may select one public key which has never been used, and black out the other public keys (including the public key which has so far been used) . At this time, the authority does not need to newly issue a public key certificate.
  • In the eighth embodiment, a public key certificate is divided into a total of N+1 blocks for N fields for public keys and another field, but different configurations may also be adopted. For example, the other field may also be subdivided into a plurality of blocks. Furthermore, the eighth embodiment may also be combined with the sixth embodiment.
  • Each of the first to eighth embodiments is described taking examples in which electronic document authenticity assurance techniques are configured on the basis of electronic signature techniques, but different configurations may also be adopted. For example, if a reliable third-party organ exists, an original document creator may deposit an original document (or its hash values or the like) in a unit of the third-party organ in advance, and a recipient may inquire the unit of the third-party organ about the authenticity of a disclosure document. Even in this case, it is possible to apply the first to fourth embodiments described hereinabove. For example, data designated as a signature object (namely, the data of a signed original document except a signature) in each of the methods of the first to fourth embodiments may be deposited in the unit of the third-party organ.
  • Each of the first to eighth embodiments is described taking the case in which an original document has a configuration in which blocks as constituent elements are arranged sequentially, but different configurations may also be adopted. For example, in the case where an original document is described in a structured document format, such as XML (extensible Markup Language), a hierarchical relationship can be considered to exist between each element. Namely, in the case where the area defined between the start tag and the end tag of an element name “B” is contained in the area between the start tag and the end tag of an element name “A”, “A” can be regarded as a common element of “B”. In the case where this hierarchical structure exists, electronic document authenticity assurance techniques may be designed according to the hierarchical structure.
  • For example, in the second embodiment, as described previously, serial numbers are assigned to individual blocks as position information indicating the positions of the respective blocks in the document, but unlike this method, information indicating positions in a hierarchical structure may also be used. Specifically, for example, in an ordinary document having a hierarchical structure, information corresponding to “Chapter X, Section Y, Paragraph Z”, which are used for identifying positions in the document, may also be used as position information (on the other hand, the case where serial numbers assigned from the front like page numbers in ordinary documents are used as position information corresponds to the above description of the second embodiment) . Otherwise, more generally, position information may be expressed by the elements of a set whose appropriate partial order is defined.
  • Each of the first to eighth embodiments is described taking an example in which an original document is divided into constituent elements having no mutually common portions (Step 502) to perform signal generation, but the original document may also be divided into constituent elements having mutually common portions. Even in this case, it is possible to apply any of the above-mentioned first to fourth embodiments.
  • Although the description of each of the first to sixth embodiments states that an undisclosed portion is blacked out, that is to say, disclosed in a state covered with black color, undisclosure processing may also be performed with other methods.
  • Although each of the above-mentioned first to sixth embodiments has been applied to administrative documents, the above description is not limitative. The invention can be applied to various electronic documents whose signature object portions are desired to be appropriately modified after the affixture of signatures.
  • The invention can also be applied not only to electronic documents, but more generally to digital data such as image data, video data and audio data. In this case, the setting of blocks may be appropriately performed according to the structure of digital data.
  • The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense. It will, however, be evident that various modifications and changes may be made thereto without departing from the spirit and scope of the invention as set forth in the claims.

Claims (4)

1-15. (canceled)
16. An electronic document creation system in which a computer creates an electronic document whose authenticity is able to be verified by an authenticity assurance data from an original electronic document including a plurality of constituent elements,
wherein:
the computer, by executing a first program, conducts the steps of:
dividing an original electronic document into the plurality of constituent elements;
calculating hash values on the plurality of constituent elements respectively by inputting the constituent elements to a cryptographic hash function;
creating hash value bound data in which hash values respectively calculated on the plurality of constituent elements are bound and generating one electronic signature corresponding to the hash value bound data;
generating the authenticity assurance data including the one electronic signature and position information indicating respective position of the constituent elements in the original electronic document; and
creating the electronic document whose authenticity is able to be verified including the original electronic document and the authenticity assurance data.
17. A disclosure electronic document system in which a computer creates a disclosure electronic document from an electronic document whose authenticity is able to be verified that is created by the electronic document creation system according to claim 16,
wherein:
the computer, by executing a second program, conducts the steps of;
specifying undisclosure constituent elements not to be disclosed among the constituent elements including the electronic document whose authenticity is able to be verified;
calculating hash values on the plurality of the undisclosure constituent elements respectively by inputting the undisclosure constituent elements to a cryptographic hash function;
updating the authenticity assurance data by adding hash values calculated according to the disclosure constituent elements to the authenticity assurance data, and
creating a disclosure electronic document which does not include the specified undisclosure constituent elements, and includes one or more disclosure constituent elements which are the constituent elements not to be the undisclosure constituent elements and the updated authenticity assurance data.
18. An authenticity verification system of a disclosure electronic document in which a computer verifies an authenticity of a disclosure electronic document created by the disclosure electronic document creation system according to claim 17,
wherein:
the computer, by executing a third program, conducts the steps of;
calculating hash values on the respective disclosure constituent elements included in the disclosure electronic document by inputting the disclosure constituent elements to the cryptographic hash function;
binding the calculated hash value according to the disclosure constituent elements and a hash value calculated according to the undisclosure constituent elements included in the updated authenticity assurance data in a order based on position information of the constituent elements included in the updated authenticity assurance data; and
verifying an assurance of the disclosure electronic document by verifying the electronic signature included in the updated authenticity assurance data with the use of the bound hash value.
US12/416,402 2003-07-15 2009-04-01 Electronic document authenticity assurance method and electronic document disclosure system Abandoned US20090193259A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/416,402 US20090193259A1 (en) 2003-07-15 2009-04-01 Electronic document authenticity assurance method and electronic document disclosure system

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
JP2003-196860 2003-07-15
JP2003196860 2003-07-15
JP2004-007458 2004-01-15
JP2004007458A JP2005051734A (en) 2003-07-15 2004-01-15 Electronic document authenticity assurance method and electronic document disclosure system
US10/787,262 US7526645B2 (en) 2003-07-15 2004-02-27 Electronic document authenticity assurance method and electronic document disclosure system
US12/416,402 US20090193259A1 (en) 2003-07-15 2009-04-01 Electronic document authenticity assurance method and electronic document disclosure system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/787,262 Continuation US7526645B2 (en) 2003-07-15 2004-02-27 Electronic document authenticity assurance method and electronic document disclosure system

Publications (1)

Publication Number Publication Date
US20090193259A1 true US20090193259A1 (en) 2009-07-30

Family

ID=33479014

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/787,262 Expired - Fee Related US7526645B2 (en) 2003-07-15 2004-02-27 Electronic document authenticity assurance method and electronic document disclosure system
US12/416,402 Abandoned US20090193259A1 (en) 2003-07-15 2009-04-01 Electronic document authenticity assurance method and electronic document disclosure system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/787,262 Expired - Fee Related US7526645B2 (en) 2003-07-15 2004-02-27 Electronic document authenticity assurance method and electronic document disclosure system

Country Status (3)

Country Link
US (2) US7526645B2 (en)
EP (1) EP1498799A3 (en)
JP (1) JP2005051734A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090144200A1 (en) * 2007-12-04 2009-06-04 Fujitsu Limited Medical care record management system, medical care record management program, and medical care record management method
US20100312908A1 (en) * 2008-02-19 2010-12-09 Fujitsu Limited Stream data management program, method and system
CN106547648A (en) * 2016-10-21 2017-03-29 杭州嘉楠耘智信息科技有限公司 Backup data processing method and device
USRE46915E1 (en) * 2008-08-22 2018-06-26 Telit Automotive Solutions Nv Verification of process integrity
EP3543891A1 (en) 2018-03-23 2019-09-25 Telefonica Digital España, S.L.U. A computer implemented method and a system for tracking of certified documents lifecycle and computer programs thereof
US11121879B2 (en) 2017-03-24 2021-09-14 Telefonica Cybersecurity & Cloud Tech S.L. Computer implemented method for automatically certifying documents with integrity and authenticity guarantees and computer programs thereof

Families Citing this family (80)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7708189B1 (en) 2002-05-17 2010-05-04 Cipriano Joseph J Identification verification system and method
US7079986B2 (en) * 2003-12-31 2006-07-18 Sieracki Jeffrey M Greedy adaptive signature discrimination system and method
US8478539B2 (en) 2003-12-31 2013-07-02 Jeffrey M. Sieracki System and method for neurological activity signature determination, discrimination, and detection
US8271200B2 (en) * 2003-12-31 2012-09-18 Sieracki Jeffrey M System and method for acoustic signature extraction, detection, discrimination, and localization
US7860318B2 (en) 2004-11-09 2010-12-28 Intelli-Check, Inc System and method for comparing documents
US8533479B2 (en) * 2004-11-22 2013-09-10 Liaison Technologies, Inc. Translating information between computing devices having different security management
JP4728104B2 (en) * 2004-11-29 2011-07-20 株式会社日立製作所 Electronic image authenticity guarantee method and electronic data disclosure system
JP2006254403A (en) * 2005-02-14 2006-09-21 Nippon Telegr & Teleph Corp <Ntt> Signature information protective method and system thereof
JP4664107B2 (en) * 2005-03-31 2011-04-06 株式会社日立製作所 Company-side device, user-side device, personal information browsing / updating system, and personal information browsing / updating method
US7934098B1 (en) * 2005-04-11 2011-04-26 Alliedbarton Security Services LLC System and method for capturing and applying a legal signature to documents over a network
US7703006B2 (en) * 2005-06-02 2010-04-20 Lsi Corporation System and method of accelerating document processing
EP1890451A1 (en) 2005-06-10 2008-02-20 Matsushita Electric Industrial Co., Ltd. Authentication system, authentication device, terminal, and verifying device
JP4788212B2 (en) * 2005-07-13 2011-10-05 富士ゼロックス株式会社 Digital signature program and digital signature system
JP4788213B2 (en) * 2005-07-13 2011-10-05 富士ゼロックス株式会社 Time stamp verification program and time stamp verification system
JP4722599B2 (en) * 2005-07-13 2011-07-13 富士通株式会社 Electronic image data verification program, electronic image data verification system, and electronic image data verification method
CA2617060A1 (en) * 2005-07-29 2007-08-09 Cataphora, Inc. An improved method and apparatus for sociological data analysis
US8560853B2 (en) 2005-09-09 2013-10-15 Microsoft Corporation Digital signing policy
JP4993674B2 (en) * 2005-09-09 2012-08-08 キヤノン株式会社 Information processing apparatus, verification processing apparatus, control method thereof, computer program, and storage medium
JP4901164B2 (en) * 2005-09-14 2012-03-21 ソニー株式会社 Information processing apparatus, information recording medium, method, and computer program
US7996679B2 (en) * 2005-10-05 2011-08-09 International Business Machines Corporation System and method for performing a trust-preserving migration of data objects from a source to a target
JP4622811B2 (en) * 2005-11-04 2011-02-02 株式会社日立製作所 Electronic document authenticity guarantee system
JP2007148544A (en) * 2005-11-24 2007-06-14 Murata Mach Ltd Document management device
JP4739000B2 (en) * 2005-12-07 2011-08-03 富士通株式会社 Electronic document management program, electronic document management system, and electronic document management method
JP4718321B2 (en) * 2005-12-26 2011-07-06 日本電信電話株式会社 Log audit system and log audit method
US20070162417A1 (en) * 2006-01-10 2007-07-12 Kabushiki Kaisha Toshiba System and method for selective access to restricted electronic documents
JP4718335B2 (en) * 2006-01-13 2011-07-06 日本電信電話株式会社 Distributed data holding system capable of data holding authentication, data holding authentication method, apparatus, and program
JP4861704B2 (en) * 2006-01-16 2012-01-25 株式会社日立製作所 Electronic evidence data disclosure method and system
JP4856433B2 (en) 2006-01-27 2012-01-18 株式会社リコー Measuring device, measurement data editing device and measurement time verification device
EP1986366A4 (en) * 2006-02-14 2010-06-02 Fujitsu Ltd Electronic bidding/bidding opening program, electronic bidding/bidding opening system, and electronic bidding/bidding opening method
US9292619B2 (en) * 2006-06-29 2016-03-22 International Business Machines Corporation Method and system for detecting movement of a signed element in a structured document
JP2008027089A (en) * 2006-07-20 2008-02-07 Hitachi Ltd Method and system for disclosing electronic data
WO2008015740A1 (en) * 2006-08-01 2008-02-07 Fujitsu Limited Document verifying program, recording medium, document verifying method, and document verifying device
US20090210715A1 (en) * 2006-08-01 2009-08-20 Fujitsu Limited Document verification apparatus, document verification method, and computer product
WO2008015755A1 (en) * 2006-08-04 2008-02-07 Fujitsu Limited Electronic document management program, method, and device
JP4256415B2 (en) * 2006-09-04 2009-04-22 株式会社日立製作所 ENCRYPTION DEVICE, DECRYPTION DEVICE, INFORMATION SYSTEM, ENCRYPTION METHOD, DECRYPTION METHOD, AND PROGRAM
KR100826250B1 (en) 2006-09-25 2008-04-29 주식회사 비티웍스 Apparatus and Method for Management of Electronic Filing Document
US8225096B2 (en) 2006-10-27 2012-07-17 International Business Machines Corporation System, apparatus, method, and program product for authenticating communication partner using electronic certificate containing personal information
JP4659721B2 (en) * 2006-11-09 2011-03-30 キヤノン株式会社 Content editing apparatus and content verification apparatus
JP4270276B2 (en) 2006-12-27 2009-05-27 株式会社日立製作所 Electronic data authenticity guarantee method and program
JP4893751B2 (en) * 2007-01-12 2012-03-07 富士通株式会社 Document verification program, recording medium, document verification method, and document verification apparatus
JP4901499B2 (en) * 2007-01-22 2012-03-21 日本電信電話株式会社 Data verification system, method thereof, identifier generation device, data verification device, program and recording medium
JP5147733B2 (en) * 2007-02-07 2013-02-20 パナソニック株式会社 RECORDING DEVICE, SERVER DEVICE, RECORDING METHOD, RECORDING MEDIUM RECORDING COMPUTER PROGRAM, AND INTEGRATED CIRCUIT
JP4842863B2 (en) * 2007-03-15 2011-12-21 日本電信電話株式会社 Screening equipment
JP2008294596A (en) 2007-05-23 2008-12-04 Hitachi Ltd Authenticity assurance system for spreadsheet data
US20080307308A1 (en) * 2007-06-08 2008-12-11 Apple Inc. Creating Web Clips
JP4456137B2 (en) * 2007-07-11 2010-04-28 富士通株式会社 Electronic document management program, recording medium recording the program, electronic document management apparatus, and electronic document management method
JP2009200595A (en) * 2008-02-19 2009-09-03 Fujitsu Ltd Signature management program, signature management method and signature management apparatus
US8245038B2 (en) 2008-03-26 2012-08-14 Palo Alto Research Center Incorporated Method and apparatus for verifying integrity of redacted documents
JP4597219B2 (en) * 2008-05-22 2010-12-15 富士通株式会社 Electronic document management program, recording medium recording the program, electronic document management apparatus, and electronic document management method
JP5239849B2 (en) * 2008-12-26 2013-07-17 富士通株式会社 Electronic signature method, electronic signature program, and electronic signature device
JP5332635B2 (en) * 2009-01-19 2013-11-06 富士通株式会社 Electronic signature method, electronic signature program, and electronic signature device
JP4834742B2 (en) * 2009-01-21 2011-12-14 株式会社エヌ・ティ・ティ・データ Signature data generation device and verification device
US8953189B1 (en) * 2009-08-11 2015-02-10 Symantec Corporation Method and apparatus for verifying print jobs to prevent confidential data loss
JP5548419B2 (en) * 2009-09-30 2014-07-16 富士通株式会社 Signature generation device, signature verification device, signature generation method, signature verification method, signature generation program, and signature verification program
JP5069759B2 (en) * 2010-01-08 2012-11-07 株式会社エヌ・ティ・ティ・ドコモ Structured document adaptation device
US8805083B1 (en) 2010-03-21 2014-08-12 Jeffrey M. Sieracki System and method for discriminating constituents of image by complex spectral signature extraction
JP4905578B2 (en) 2010-04-22 2012-03-28 株式会社デンソー Communication system, transmitter, receiver, transceiver
JP4905577B2 (en) 2010-04-22 2012-03-28 株式会社デンソー Communication system, transmitter, receiver, transceiver
JP2011232604A (en) * 2010-04-28 2011-11-17 Nec Corp Encryption device and encryption method
US9558762B1 (en) 2011-07-03 2017-01-31 Reality Analytics, Inc. System and method for distinguishing source from unconstrained acoustic signals emitted thereby in context agnostic manner
US9691395B1 (en) 2011-12-31 2017-06-27 Reality Analytics, Inc. System and method for taxonomically distinguishing unconstrained signal data segments
US9886945B1 (en) 2011-07-03 2018-02-06 Reality Analytics, Inc. System and method for taxonomically distinguishing sample data captured from biota sources
GB2523331A (en) 2014-02-20 2015-08-26 Ibm Attribute-based access control
US9906367B2 (en) * 2014-08-05 2018-02-27 Sap Se End-to-end tamper protection in presence of cloud integration
US10373409B2 (en) * 2014-10-31 2019-08-06 Intellicheck, Inc. Identification scan in compliance with jurisdictional or other rules
US9866393B1 (en) 2014-12-22 2018-01-09 Amazon Technologies, Inc. Device for creating reliable trusted signatures
US10110385B1 (en) * 2014-12-22 2018-10-23 Amazon Technologies, Inc. Duress signatures
JP6759818B2 (en) * 2016-03-14 2020-09-23 株式会社リコー Data generators, data recording systems and programs
JP2017169184A (en) * 2016-03-14 2017-09-21 株式会社リコー Data processing device, data processing system, and program
DE102016215914A1 (en) * 2016-08-24 2018-03-01 Siemens Aktiengesellschaft Securing a device usage information of a device
JP2018054841A (en) * 2016-09-28 2018-04-05 株式会社リコー Data generation device, data generation method, program and data recording system
JP2019047331A (en) * 2017-09-01 2019-03-22 株式会社リコー Data generation device, data generation method and program, and data recording system
US11055674B1 (en) * 2018-01-18 2021-07-06 Wells Fargo Bank, N.A. Systems and methods for check masking and interdiction
US10715338B2 (en) * 2018-02-21 2020-07-14 Microsoft Technology Licensing, Llc Management of public key certificates within a distributed architecture
WO2020049754A1 (en) 2018-09-05 2020-03-12 コネクトフリー株式会社 Information processing method, information processing program, information processing apparatus, and information processing system
US11151236B2 (en) * 2018-12-20 2021-10-19 International Business Machines Corporation File verification database system
US11139960B2 (en) * 2018-12-20 2021-10-05 International Business Machines Corporation File redaction database system
JP7272436B2 (en) * 2019-06-25 2023-05-12 富士通株式会社 Verification method, verification system and certification program
JP7162634B2 (en) * 2019-12-12 2022-10-28 株式会社bitFlyer Blockchain Apparatus, method and program for making certificate data digitally available
JP7526604B2 (en) 2020-07-10 2024-08-01 富士通株式会社 GENERATION PROGRAM, GENERATION METHOD, AND GENERATION DEVICE

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5912974A (en) * 1994-04-05 1999-06-15 International Business Machines Corporation Apparatus and method for authentication of printed documents
US6021202A (en) * 1996-12-20 2000-02-01 Financial Services Technology Consortium Method and system for processing electronic documents
US20030056102A1 (en) * 2001-09-20 2003-03-20 International Business Machines Corporation Method and apparatus for protecting ongoing system integrity of a software product using digital signatures
US20030145197A1 (en) * 2001-12-28 2003-07-31 Lee Jae Seung Apparatus and method for detecting illegitimate change of web resources
US6671805B1 (en) * 1999-06-17 2003-12-30 Ilumin Corporation System and method for document-driven processing of digitally-signed electronic documents
US20040255116A1 (en) * 2003-06-06 2004-12-16 Shingo Hane Electronic document management system with the use of signature technique capable of masking
US6963971B1 (en) * 1999-12-18 2005-11-08 George Bush Method for authenticating electronic documents
US7069443B2 (en) * 2000-06-06 2006-06-27 Ingeo Systems, Inc. Creating and verifying electronic documents
US7174460B2 (en) * 2001-02-22 2007-02-06 Nippon Telegraph And Telephone Corporation Distributed digital signature generation method and digitally signed digital document generation method and apparatus
US7257712B2 (en) * 2003-05-30 2007-08-14 Microsoft Corporation Runtime digital signatures

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2246006A1 (en) 1998-09-25 2000-03-25 Silanis Technology Inc. Remote template approvals in a distributed network environment
AU6620000A (en) * 1999-08-06 2001-03-05 Frank W Sudia Blocked tree authorization and status systems
JP3868171B2 (en) 1999-12-07 2007-01-17 株式会社日立製作所 Document digital signature management method and document management apparatus

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5912974A (en) * 1994-04-05 1999-06-15 International Business Machines Corporation Apparatus and method for authentication of printed documents
US6021202A (en) * 1996-12-20 2000-02-01 Financial Services Technology Consortium Method and system for processing electronic documents
US6209095B1 (en) * 1996-12-20 2001-03-27 Financial Services Technology Consortium Method and system for processing electronic documents
US6671805B1 (en) * 1999-06-17 2003-12-30 Ilumin Corporation System and method for document-driven processing of digitally-signed electronic documents
US6963971B1 (en) * 1999-12-18 2005-11-08 George Bush Method for authenticating electronic documents
US7069443B2 (en) * 2000-06-06 2006-06-27 Ingeo Systems, Inc. Creating and verifying electronic documents
US7174460B2 (en) * 2001-02-22 2007-02-06 Nippon Telegraph And Telephone Corporation Distributed digital signature generation method and digitally signed digital document generation method and apparatus
US20030056102A1 (en) * 2001-09-20 2003-03-20 International Business Machines Corporation Method and apparatus for protecting ongoing system integrity of a software product using digital signatures
US20030145197A1 (en) * 2001-12-28 2003-07-31 Lee Jae Seung Apparatus and method for detecting illegitimate change of web resources
US7257712B2 (en) * 2003-05-30 2007-08-14 Microsoft Corporation Runtime digital signatures
US20040255116A1 (en) * 2003-06-06 2004-12-16 Shingo Hane Electronic document management system with the use of signature technique capable of masking

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090144200A1 (en) * 2007-12-04 2009-06-04 Fujitsu Limited Medical care record management system, medical care record management program, and medical care record management method
US20100312908A1 (en) * 2008-02-19 2010-12-09 Fujitsu Limited Stream data management program, method and system
US9253530B2 (en) 2008-02-19 2016-02-02 Fujitsu Limited Stream data management program, method and system
USRE46915E1 (en) * 2008-08-22 2018-06-26 Telit Automotive Solutions Nv Verification of process integrity
CN106547648A (en) * 2016-10-21 2017-03-29 杭州嘉楠耘智信息科技有限公司 Backup data processing method and device
US11121879B2 (en) 2017-03-24 2021-09-14 Telefonica Cybersecurity & Cloud Tech S.L. Computer implemented method for automatically certifying documents with integrity and authenticity guarantees and computer programs thereof
EP3543891A1 (en) 2018-03-23 2019-09-25 Telefonica Digital España, S.L.U. A computer implemented method and a system for tracking of certified documents lifecycle and computer programs thereof

Also Published As

Publication number Publication date
JP2005051734A (en) 2005-02-24
EP1498799A2 (en) 2005-01-19
US7526645B2 (en) 2009-04-28
EP1498799A3 (en) 2006-07-26
US20050015600A1 (en) 2005-01-20

Similar Documents

Publication Publication Date Title
US7526645B2 (en) Electronic document authenticity assurance method and electronic document disclosure system
EP3361408B1 (en) Verifiable version control on authenticated and/or encrypted electronic documents
JP4622811B2 (en) Electronic document authenticity guarantee system
KR101006322B1 (en) Method and system for linking certificates to signed files
RU2351078C2 (en) Efficient control of generation of cryptographic keys
US20030093678A1 (en) Server-side digital signature system
US20070136599A1 (en) Information processing apparatus and control method thereof
US20050228999A1 (en) Audit records for digitally signed documents
US8369521B2 (en) Smart card based encryption key and password generation and management
US20130061035A1 (en) Method and system for sharing encrypted content
CN1961523A (en) Token provision
JP4765482B2 (en) Document management system, document management program, and document management method
US20080165970A1 (en) runtime mechanism for flexible messaging security protocols
Lax et al. Digital document signing: Vulnerabilities and solutions
US11997075B1 (en) Signcrypted envelope message
JP2006060722A (en) Certification method for authenticity of electronic document and publication system thereof
US20230107805A1 (en) Security System
Rai et al. Digital Signature for Content Authentication
Housley Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages
JP2007158984A (en) Electronic document authenticity assurance method, and electronic document disclosure system
JP4144645B2 (en) Non-disclosure processing system for electronic documents
ZHANG Cryptographic Techniques in Digital Media Security: Current Practices and Future Directions.
Jaganathan et al. CIADS: a framework for secured storage of patients medical data in cloud
JP2011142678A (en) Electronic data authenticity assurance method and electronic data disclosure method
JP2008054355A (en) Electronic data authenticity assurance method, electronic data disclosure method, and electronic data disclosure system

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION