Digital signature assurance system, method, program and apparatus
First Claim
1. An digital signature assurance system for generating an digital signature from a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the system comprising:
- a key management device configured to manage the digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
a user authentication device configured to execute user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
an digital signature generation device configured to generate the digital signature by using the corresponding digital signature generation key in the key management device when a result of the user authentication indicates validity;
an assertion generation device configured to generate the assertion for asserting the key management system and the user authentication system;
means for applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
an output device configured to output the digital signature, the assertion, and the conversion value.
1 Assignment
0 Petitions
Accused Products
Abstract
According to respective embodiments of the present invention, it is possible to verify a security environment of an digital signature and assure validity of the digital signature. For example, in the case of generating the digital signature, the assertion for asserting a key management system and a user authentication system is generated, the conversion processing is applied to both of the digital signature and the assertion, and the acquired digital signature, assertion, and conversion value are outputted. Therefore, it is possible to verify validity of the assertion on the basis of the conversion value and verify the security environment of the digital signature on the basis of the key management system and the user authentication system included in the assertion. Accordingly, the validity of the digital signature can be assured.
89 Citations
13 Claims
-
1. An digital signature assurance system for generating an digital signature from a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the system comprising:
-
a key management device configured to manage the digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
a user authentication device configured to execute user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
an digital signature generation device configured to generate the digital signature by using the corresponding digital signature generation key in the key management device when a result of the user authentication indicates validity;
an assertion generation device configured to generate the assertion for asserting the key management system and the user authentication system;
means for applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
an output device configured to output the digital signature, the assertion, and the conversion value. - View Dependent Claims (2, 3, 4)
-
-
5. An digital signature assurance method for generating an digital signature from digital information of a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the method comprising:
-
managing the digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
executing user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
generating the digital signature by using the corresponding digital signature generation key in the digital signature generation key to be managed when a result of the user authentication indicates validity;
generating assertion for asserting the key management system and the user authentication system;
applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
outputting the digital signature, the assertion, and the conversion value.
-
-
6. A program stored in a computer readable storage media for use in an digital signature assurance system for generating an digital signature from digital information of a signature target by using an digital signature generation key upon receipt of a generation request of the digital signature and assuring validity of the digital signature, the program comprising:
-
a first program code for making the computer to execute the processing of managing the digital signature generation key stored in a memory in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
a second program code for making the computer to execute the processing of executing user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of the generation request of the digital signature;
a third program code for making the computer to execute the processing of generating the digital signature by using the corresponding digital signature generation key in the memory when a result of the user authentication indicates validity;
a fourth program code for making the computer to execute the processing of generating assertion for asserting the key management system and the user authentication system;
a fifth program code for making the computer to execute the processing of applying the conversion processing to both of the digital signature and the assertion and relating the digital signature and the assertion each other by the acquired conversion value; and
a sixth program code for making the computer to execute the processing of outputting the digital signature, the assertion, and the conversion value. - View Dependent Claims (7, 8, 9)
-
-
10. A user authentication apparatus for executing user authentication, which is provided so as to be communicated to an digital signature generating apparatus, the apparatus comprising:
-
a user authentication device configured to execute user authentication of the generation request source of the digital signature in accordance with a user authentication system that has been set in advance upon receipt of a user authentication request from the digital signature generating apparatus that receives the generation request of the digital signature;
a first assertion generation device configured to generate the first assertion for asserting the user authentication system when a result of this user authentication indicates validity; and
an output device configured to output the result of the user authentication and the first assertion to the digital signature generating apparatus.
-
-
11. An digital signature generating apparatus, which is provided so as to be communicated to the user authentication apparatus for executing a user authentication in accordance with a user authentication system that has been set in advance upon receipt of a request of the user authentication;
- generating the first assertion for asserting the user authentication system when a result of this user authentication indicates validity; and
outputting the result of the user authentication and the first assertion, the apparatus comprising;
a key management device configured to manage an digital signature generation key in accordance with a key management system that has been set in advance for each generation request source of the digital signature;
an authentication request transmission device configured to transmit a user authentication request for the generation request source of the digital signature to the user authentication apparatus upon receipt of the generation request of the digital signature;
an digital signature generation device configured to generate the digital signature by using the corresponding digital signature generation key in the key management device when a result of this user authentication received from the user authentication apparatus indicates validity;
a second assertion generation device configured to generate the second assertion for asserting the key management system;
means for applying the conversion processing to the digital signature and the first and second assertion and relating the digital signature and the first and second assertion each other by the acquired conversion value; and
an output device configured to output the digital signature, the first and second assertion, and the conversion value. - View Dependent Claims (12, 13)
- generating the first assertion for asserting the user authentication system when a result of this user authentication indicates validity; and
Specification