Method and system for assuring an original

US 20040006692A1
Filed: 09/05/2002
Published: 01/08/2004
Est. Priority Date: 07/02/2002
Status: Active Grant

First Claim

Patent Images

1. An original assurance method for assuring validity of an original using a plurality of first signature servers and a second signature server supervising said plurality of first signature servers, wherein:

in generating signatures for assuring validity of the original;

(1) said plurality of first signature servers each perform;

a first log list registration step, in which, when the first signature server in question receives n-th (n≧

2) digital data as an original as an object of assurance, said first signature server generates a digital signature to the n-th digital data and an (n−

1)-th first chain signature registered in a first log list, and adds said digital signature as an n-th first chain signature to said first log list, associating said n-th first chain signature with said n-th digital data;

a first certificate of custody transmission step, in which the first signature server in question sends a first certificate of custody including said n-th first chain signature to a sender of the n-th digital data; and

a second certificate of custody reception step, in which the first signature server in question sends an m-th (m≧

2) first chain signature in said first log list to said second signature server, receives a second certificate of custody to the m-th first chain signature from said second signature server, and stores said second certificate of custody; and

(2) said second signature server performs;

a second log list registration step, in which, when the second signature server receives a j-th (j≧

2) first chain signature from one of said plurality of first signature servers, the second signature server generates a digital signature to the j-th first chain signature and a (j−

1)-th second chain signature registered in a second log list, and adds said digital signature as a j-th second chain signature to said second log list, associating said j-th second chain signature with the j-th first chain signature;

a first-type second certificate of custody transmission step, in which the second signature server sends a second certificate of custody including said j-th second chain signature to said one of said plurality of first signature servers; and

a transmission management step, in which the second signature server sends a k-th (k≧

2) second chain signature in said second log list to an external server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In using log lists of chain signatures to assure validity of an original, work of opening log lists to the public is reduced. A first signature server 2 generates a first chain signature to an original as an object of assurance, adds the generated first chain signature to a first log list, associating the first chain signature with the original, and sends a first certificate of custody including the first chain signature, to the sender of the original. Further, the first signature server 2 sends an arbitrary first chain signature in the log list to a second signature server 3, to receive a second certificate of custody. On the other hand, the second signature server 3 generates a second chain signature to the first chain signature received from the first signature server 2, adds the second chain signature to a second log list, associating the second chain signature with the first chain signature, and sends a second certificate of custody including the second chain signature, to the sender of the first chain signature. Further, the second signature server 3 sends an arbitrary second chain signature in the second log list to a public server 4.

31 Citations

View as Search Results

17 Claims

1. An original assurance method for assuring validity of an original using a plurality of first signature servers and a second signature server supervising said plurality of first signature servers, wherein:
- in generating signatures for assuring validity of the original;
  
  (1) said plurality of first signature servers each perform;
  
  a first log list registration step, in which, when the first signature server in question receives n-th (n≧
  
  2) digital data as an original as an object of assurance, said first signature server generates a digital signature to the n-th digital data and an (n−
  
  1)-th first chain signature registered in a first log list, and adds said digital signature as an n-th first chain signature to said first log list, associating said n-th first chain signature with said n-th digital data;
  
  a first certificate of custody transmission step, in which the first signature server in question sends a first certificate of custody including said n-th first chain signature to a sender of the n-th digital data; and
  
  a second certificate of custody reception step, in which the first signature server in question sends an m-th (m≧
  
  2) first chain signature in said first log list to said second signature server, receives a second certificate of custody to the m-th first chain signature from said second signature server, and stores said second certificate of custody; and
  
  (2) said second signature server performs;
  
  a second log list registration step, in which, when the second signature server receives a j-th (j≧
  
  2) first chain signature from one of said plurality of first signature servers, the second signature server generates a digital signature to the j-th first chain signature and a (j−
  
  1)-th second chain signature registered in a second log list, and adds said digital signature as a j-th second chain signature to said second log list, associating said j-th second chain signature with the j-th first chain signature;
  
  a first-type second certificate of custody transmission step, in which the second signature server sends a second certificate of custody including said j-th second chain signature to said one of said plurality of first signature servers; and
  
  a transmission management step, in which the second signature server sends a k-th (k≧
  
  2) second chain signature in said second log list to an external server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The original assurance method according to claim 1, wherein:
    - said external server holds the second chain signature received from said second signature server, in a state that a browser terminal can browse said second chain signature.
  - 3. The original assurance method according to claim 1, wherein:
    - in performing a verification of validity of the original;
      
      (3) said plurality of first signature servers each perform;
      
      a first log list verification step, in which, when the first signature server in question receives a first certificate of custody with respect to an original as an object of verification, then, said first signature server verifies each of first chain signatures ranging from an h-th (h≧
      
      1) first chain signature included in said first certificate of custody to an i-th (i>
      
      h) first chain signature that has sent to said second signature server, by verifying a d-th (h<
      
      d≦
      
      i) first chain signature in turn, using d-th and (d−
      
      1)-th first chain signatures included in said first log list;
      
      a second log list acquisition step, in which a second certificate of custody, which is received from said second signature server by sending the i-th first chain signature to said second signature server, is sent to said second signature server, to acquire a part of said second log list, said part including second chain signatures ranging from an e-th (e≧
      
      1) second chain signature included in said second certificate of custody to an f-th (f>
      
      e) second chain signature sent by the second signature server to said external server; and
      
      a second log list verification step, in which said first signature server verifies each of second chain signatures ranging from the e-th second chain signature to the f-th second chain signature, by verifying a c-th (e<
      
      c≦
      
      f) second chain signature in turn, using c-th and (c−
      
      1)-th second chain signatures included in said part of the second log list; and
      
      (4) said second signature server performs;
      
      a second log list transmission step, in which, when the second signature server receives the second certificate of custody from said first signature server, then, the second signature server reads said part of the second log list, which includes the second chain signatures ranging from the e-th second chain signature included in said second certificate of custody to the f-th second chain signature sent to said external server, from said second log list, to send said part to said first signature server.
  - 4. The original assurance method according to claim 3, wherein:
    - in performing said verification of validity of the original;
      
      said first signature server compares the h-th first chain signature included in the first certificate of custody to the original as the object of verification with the h-th first chain signature registered in said first log list, to verify said h-th first chain signature.
  - 5. The original assurance method according to claim 3, wherein:
    - in performing said verification of validity of the original;
      
      said first signature server compares the e-th second chain signature included in the second certificate of custody sent to said second signature server with the e-th second chain signature registered in said part of the second log list received from said second signature server, to verify said e-th second chain signature.
  - 6. The original assurance method according to claim 3, wherein:
    - in performing said verification of validity of the original;
      
      said first signature server acquires the f-th second chain signature sent by said second signature server to the external server, and compares the acquired f-th second chain signature with the f-th second chain signature registered in said part of the second log list received from said second signature server, to verify said f-th second chain signature.
  - 7. The original assurance method according to claim 1, wherein:
    - in performing a verification of validity of the original;
      
      (3) said plurality of first signature servers each perform;
      
      a first log list verification step, in which, when the first signature server in question receives a first certificate of custody with respect to an original as an object of verification, then, said first signature server verifies each of first chain signatures ranging from an h-th (h≧
      
      1) first chain signature included in said first certificate of custody to an i-th (i>
      
      h) first chain signature that has sent to said second signature server, by verifying a d-th (h<
      
      d≦
      
      i) first chain signature in turn, using d-th and (d−
      
      1)-th first chain signatures included in said first log list; and
      
      a second-type second certificate of custody transmission step, in which a second certificate of custody, which is received from said second signature server by sending the i-th first chain signature to said second signature server, is sent to said second signature server; and
      
      (4) said second signature server performs;
      
      a second log list verification step, in which, when the second signature server receives the second certificate of custody from said first signature server, then, the second signature server verifies each of second chain signatures ranging from an e-th (e≧
      
      1) second chain signature included in said second certificate of custody to an f-th second chain signature sent to said external server, by verifying a c-th (e<
      
      c≦
      
      f) second chain signature in turn, using c-th and (c−
      
      1)-th second chain signatures included in said second log list.
  - 8. The original assurance method according to claim 7, wherein:
    - in performing said verification of validity of the original;
      
      said first signature server compares the h-th first chain signature included in the first certificate of custody with respect to the original as the object of verification with the h-th first chain signature registered in said first log list, to verify said h-th first chain signature.
  - 9. The original assurance method according to claim 7, wherein:
    - in performing said verification of validity of the original;
      
      said second signature server compares the e-th second chain signature included in said second certificate of custody received from said first signature server with the e-th second chain signature registered in a part of said second log list, to verify said e-th second chain signature.
  - 10. The original assurance method according to claim 7, wherein:
    - in performing said verification of validity of the original;
      
      said second signature server acquires the f-th second chain signature that the second signature server has sent to said external server, and compares the acquired f-th second chain signature with the f-th second chain signature registered in a part of said second log list, to verify said f-th second chain signature.
  - 11. A program readable to a computer, wherein:
    - said program makes said computer execute each of the steps performed by said first signature server in the original assurance method according to claim 1.
  - 12. A program readable to a computer, wherein:
    - said program makes said computer execute each of the steps performed by said second signature server in the original assurance method according to claim 1.

13. An original assurance system that assures validity of an original, wherein:
- said system comprises a plurality of first signature servers and a second signature server supervising said plurality of first signature servers;
  
  said plurality of first signature servers each perform;
  
  processing, in which, when the first signature server in question receives n-th (n≧
  
  2) digital data as an original as an object of assurance, said first signature server generates a digital signature to the n-th digital data and an (n−
  
  1)-th first chain signature registered in a first log list, and adds said digital signature as an n-th first chain signature to said first log list, which is stored in a storage unit, associating said n-th first chain signature with said n-th digital data;
  
  processing, in which the first signature server in question sends a first certificate of custody including said n-th first chain signature to a sender of the n-th digital data; and
  
  processing, in which the first signature server in question sends an m-th (m≧
  
  2) first chain signature in said first log list to said second signature server, receives a second certificate of custody to the m-th first chain signature from said second signature server, and stores said second certificate of custody in the storage unit; and
  
  said second signature server performs;
  
  processing, in which, when the second signature server receives a j-th (j≧
  
  2) first chain signature from one of said plurality of first signature servers, the second signature server generates a digital signature to the j-th first chain signature and a (j−
  
  1)-th second chain signature registered in a second log list, and adds said digital signature as a j-th second chain signature to said second log list, which is stored in a storage unit, associating said j-th second chain signature with the j-th first chain signature;
  
  processing, in which the second signature server sends a second certificate of custody including said j-th second chain signature to said one of said plurality of first signature servers; and
  
  processing, in which the second signature server sends a k-th (k≧
  
  2) second chain signature in said second log list to an external server.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The original assurance system according to claim 13, wherein:
    - said plurality of first signature servers each further perform;
      
      processing, in which, when the first signature server in question receives a first certificate of custody with respect to an original as an object of verification, then, said first signature server verifies each of first chain signatures ranging from an h-th (h≧
      
      1) first chain signature included in said first certificate of custody to an i-th (i>
      
      h) first chain signature that has sent to said second signature server, by verifying a d-th (h<
      
      d≦
      
      i) first chain signature in turn, using d-th and (d−
      
      1)-th first chain signatures included in said first log list;
      
      processing, in which a second certificate of custody, which is received from said second signature server by sending the i-th first chain signature to said second signature server, is sent to said second signature server, to acquire a part of said second log list, said part including second chain signatures ranging from an e-th (e≧
      
      1) second chain signature included in said second certificate of custody to an f-th (f>
      
      e) second chain signature sent by the second signature server to said external server; and
      
      processing, in which said first signature server verifies each of second chain signatures ranging from the e-th second chain signature to the f-th second chain signature, by verifying a c-th (e<
      
      c≦
      
      f) second chain signature in turn, using c-th and (c−
      
      1)-th second chain signatures included in said part of the second log list; and
      
      said second signature server further performs;
      
      processing, in which, when the second signature server receives the second certificate of custody from said first signature server, then, the second signature server reads said part of the second log list, which includes the second chain signatures ranging from the e-th second chain signature included in said second certificate of custody to the f-th second chain signature sent to said external server, from said second log list, to send said part to said first signature server.
  - 15. The original assurance system according to claim 14, wherein:
    - said plurality of first signature servers each further perform;
      
      processing, in which, when the first signature server in question receives a first certificate of custody with respect to an original as an object of verification, then, said first signature server verifies each of first chain signatures ranging from an h-th (h≧
      
      1) first chain signature included in said first certificate of custody to an i-th (i>
      
      h) first chain signature that has sent to said second signature server, by verifying a d-th (h<
      
      d≦
      
      i) first chain signature in turn, using d-th and (d−
      
      1)-th first chain signatures included in said first log list; and
      
      processing, in which a second certificate of custody, which is received from said second signature server by sending the i-th first chain signature to said second signature server, is sent to said second signature server; and
      
      said second signature server further performs;
      
      processing, in which, when the second signature server receives the second certificate of custody from said first signature server, then, the second signature server verifies each of second chain signatures ranging from an e-th (e≧
      
      1) second chain signature included in said second certificate of custody to an f-th second chain signature sent to said external server, by verifying a c-th (e<
      
      c≦
      
      f) second chain signature in turn, using c-th and (c−
      
      1)-th second chain signatures included in said second log list.
  - 16. The first signature server used in the original assurance system according to claim 13.
  - 17. The second signature server used in the original assurance system according to claim 13.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Honda, Yoshinori, Kikuchi, Koji, Tanigawa, Yoshinobu

Granted Patent

US 7,249,258 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/50   using hash chains, e.g. blo...

Method and system for assuring an original

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for assuring an original

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links