Digital signature assurance system, method, program and apparatus

US 20050235153A1
Filed: 03/16/2005
Published: 10/20/2005
Est. Priority Date: 03/18/2004
Status: Abandoned Application

First Claim

Patent Images

1. An digital signature assurance system for generating an digital signature from a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the system comprising:

a key management device configured to manage the digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;

a user authentication device configured to execute user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;

an digital signature generation device configured to generate the digital signature by using the corresponding digital signature generation key in the key management device when a result of the user authentication indicates validity;

an assertion generation device configured to generate the assertion for asserting the key management system and the user authentication system;

means for applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and

an output device configured to output the digital signature, the assertion, and the conversion value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to respective embodiments of the present invention, it is possible to verify a security environment of an digital signature and assure validity of the digital signature. For example, in the case of generating the digital signature, the assertion for asserting a key management system and a user authentication system is generated, the conversion processing is applied to both of the digital signature and the assertion, and the acquired digital signature, assertion, and conversion value are outputted. Therefore, it is possible to verify validity of the assertion on the basis of the conversion value and verify the security environment of the digital signature on the basis of the key management system and the user authentication system included in the assertion. Accordingly, the validity of the digital signature can be assured.

89 Citations

View as Search Results

13 Claims

1. An digital signature assurance system for generating an digital signature from a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the system comprising:
- a key management device configured to manage the digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
  
  a user authentication device configured to execute user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
  
  an digital signature generation device configured to generate the digital signature by using the corresponding digital signature generation key in the key management device when a result of the user authentication indicates validity;
  
  an assertion generation device configured to generate the assertion for asserting the key management system and the user authentication system;
  
  means for applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
  
  an output device configured to output the digital signature, the assertion, and the conversion value.
- View Dependent Claims (2, 3, 4)
- - 2. The digital signature assurance system according to claim 1, wherein the conversion processing is arithmetic processing of a hash function, the conversion value is a hash value.
  - 3. The digital signature assurance system according to claim 1, wherein the conversion processing is signature processing using a private key specific to the digital signature generation device, the conversion value is a second digital signature.
  - 4. The digital signature assurance system according to claim 1, comprising an IC chip having tamper proof.

5. An digital signature assurance method for generating an digital signature from digital information of a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the method comprising:
- managing the digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
  
  executing user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
  
  generating the digital signature by using the corresponding digital signature generation key in the digital signature generation key to be managed when a result of the user authentication indicates validity;
  
  generating assertion for asserting the key management system and the user authentication system;
  
  applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
  
  outputting the digital signature, the assertion, and the conversion value.

6. A program stored in a computer readable storage media for use in an digital signature assurance system for generating an digital signature from digital information of a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the program comprising:
- a first program code for making the computer to execute the processing of managing the digital signature generation key stored in a memory in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
  
  a second program code for making the computer to execute the processing of executing user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
  
  a third program code for making the computer to execute the processing of generating the digital signature by using the corresponding digital signature generation key in the memory when a result of the user authentication indicates validity;
  
  a fourth program code for making the computer to execute the processing of generating assertion for asserting the key management system and the user authentication system;
  
  a fifth program code for making the computer to execute the processing of applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
  
  a sixth program code for making the computer to execute the processing of outputting the digital signature, the assertion, and the conversion value.
- View Dependent Claims (7, 8, 9)
- - 7. The program according to claim 6, wherein the conversion processing is an arithmetic processing of a hash function, the conversion value is the hash value.
  - 8. The program according to claim 6, wherein the conversion processing is signature processing using a private key specific to the third program code with related to the digital signature generation processing, the conversion value is a second digital signature.
  - 9. The program according to claim 6, wherein the fourth program code causes the computer to execute the processing for generating the assertion so as to include the assertion for declaring or transmitting the key management system and the user authentication information.

10. A user authentication apparatus for executing user authentication, which is provided so as to be communicated to an digital signature generating apparatus, the apparatus comprising:
- a user authentication device configured to execute user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of a user authentication request from the digital signature generating apparatus that receives the generation request of the digital signature;
  
  a first assertion generation device configured to generate the first assertion for asserting the user authentication system when a result of this user authentication indicates validity; and
  
  an output device configured to output the result of the user authentication and the first assertion to the digital signature generating apparatus.

11. An digital signature generating apparatus, which is provided so as to be communicated to the user authentication apparatus for executing a user authentication in accordance with a user authentication system that has been set in advance upon receipt of a request of the user authentication;
- generating the first assertion for asserting the user authentication system when a result of this user authentication indicates validity; and
  
  outputting the result of the user authentication and the first assertion, the apparatus comprising;
  
  a key management device configured to manage an digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
  
  an authentication request transmission device configured to transmit a user authentication request for the generation request source of the digital signature to the user authentication apparatus upon receipt of the generation request of the digital signature;
  
  an digital signature generation device configured to generate the digital signature by using the corresponding digital signature generation key in the key management device when a result of this user authentication received from the user authentication apparatus indicates validity;
  
  a second assertion generation device configured to generate the second assertion for asserting the key management system;
  
  means for applying the conversion processing to the digital signature and the first and second assertion and relating the digital signature and the first and second assertion each other by the acquired conversion value; and
  
  an output device configured to output the digital signature, the first and second assertion, and the conversion value.
- View Dependent Claims (12, 13)
- - 12. The digital signature generating apparatus according to claim 11, wherein the conversion processing is an arithmetic processing of the hash function, the conversion value is a hash value.
  - 13. The digital signature generating apparatus according to claim 11, wherein the conversion processing is the signature processing using a private key specific to the digital signature generating device, the conversion value is a second digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Inventors
Ikeda, Tatsuro

Application Number

US11/080,824
Publication Number

US 20050235153A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/68   Special signature format, e...

H04L 63/062   for key distribution, e.g. ...

H04L 63/12   Applying verification of th...

H04L 9/3247   involving digital signatures

Digital signature assurance system, method, program and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Digital signature assurance system, method, program and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links