Method of managing digital signature, apparatus for processing digital signature, and a computer readable medium for recording program of managing digital signature

US 7,574,605 B2
Filed: 05/17/2002
Issued: 08/11/2009
Est. Priority Date: 03/22/2002
Status: Active Grant

First Claim

Patent Images

1. A method of managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, comprising the steps of:

generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in a signature log file of a user which is prepared in a memory;

generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and registering the generated user'"'"'s signature log entry information in the signature log file;

generating, when a message with a different user'"'"'s digital signature is received from an external device, a different user'"'"'s digital signature log entry information using the received message, the received different user'"'"'s digital signature, and data to verify the received different user'"'"'s digital signature, and registering the different user'"'"'s digital signature log entry information in the signature log file;

registering, in a user search file prepared in the memory, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature and registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each signature log entry information;

identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file;

transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verify the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file;

verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified;

determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file;

judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging step, determining whether or not continuity is maintained up to a signature log entry associated with the digital signature to be verified;

transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and

receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file,wherein said step of generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file,wherein said step of generating and registering the different user'"'"'s signature log entry information comprises;

generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and

adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, andwherein said step of generating the user'"'"'s digital signature comprises generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, the hash value of signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of managing digital signature includes the steps of preparing a signature log file storing signature log entry information, generating a new digital signature for a transmission message by reflecting, in the new digital signature, signature log entry information registered to the signature log file in the past; generating signature log entry information associated with the new digital signature and registering the signature log entry information to the signature log file; and preparing a user search file in addition to the signature log file; registering, to the user search file, user identifier information indicating a transmission destination of the transmitted digital signature and a transmission source of the received digital signature, with a correspondence established between the information, the user identifier information, and each signature log entry information in the signature log file.

26 Citations

View as Search Results

10 Claims

1. A method of managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, comprising the steps of:
- generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in a signature log file of a user which is prepared in a memory;
  
  generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and registering the generated user'"'"'s signature log entry information in the signature log file;
  
  generating, when a message with a different user'"'"'s digital signature is received from an external device, a different user'"'"'s digital signature log entry information using the received message, the received different user'"'"'s digital signature, and data to verify the received different user'"'"'s digital signature, and registering the different user'"'"'s digital signature log entry information in the signature log file;
  
  registering, in a user search file prepared in the memory, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature and registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each signature log entry information;
  
  identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file;
  
  transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verify the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file;
  
  verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified;
  
  determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file;
  
  judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging step, determining whether or not continuity is maintained up to a signature log entry associated with the digital signature to be verified;
  
  transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and
  
  receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file,wherein said step of generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file,wherein said step of generating and registering the different user'"'"'s signature log entry information comprises;
  
  generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and
  
  adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, andwherein said step of generating the user'"'"'s digital signature comprises generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, the hash value of signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A digital signature managing method according to claim 1, further comprising the steps of:
    - identifying, in the judging of the chain of the signature log entry information associated with the digital signature to be verified, if desired signature log entry information required for the judging of the chain has not been registered in the signature log file, the different user according to user identifier information in the user search file, said different user possessing a signature log file to which the desired signature log entry information has been registered;
      
      transmitting third identifier information identifying the desired signature log entry information to said different user thus identified and thereby requesting said different user to provide the desired signature log entry information; and
      
      judging of the chain using the desired signature log entry information provided from said different user according to the request.
  - 3. A digital signature managing method according to claim 2, wherein in a side of said different user having received the request for the desired signature log entry information, corresponding identifier information on said different user side identifying the desired signature log entry information registered to the user search file on said different user side is obtained according to the third identifier information identifying the desired signature log entry information thus received, the desired signature log entry information is selected from the user search file on said different user side according to the corresponding identifier information on said different user side, and the desired signature log entry information is transmitted to the user having transmitted the request for the desired signature log entry information.
  - 4. A digital signature managing method according to claim 1, further comprising the step of submitting, when a user requests an arbitrating organization to verify validity of a message, a signature log file and a user search file respectively associated with the message to be verified, whereinthe arbitrating organization verifies the message using one or more signature log files and the user search file thus submitted.
  - 5. A digital signature managing method according to claim 1, further comprising the step of transmitting signature log entry information registered to the signature log file to a publication organization periodically or at an interval of a predetermined period, whereinthe publication organization examines and opens the signature log entry information to the public.
  - 6. A digital signature managing method according to claim 1, wherein the signature log file of the user is stored in the memory of a user'"'"'s computer terminal.

7. An apparatus for managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, comprising:
- a memory having stored a signature log file of a user in which signature log entry information associated with a user'"'"'s digital signature is to be registered and a user search file;
  
  means for generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in the signature log file which is prepared in the memory;
  
  means for generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and for registering the generated user'"'"'s signature log entry information in the signature log file;
  
  means for generating a different user'"'"'s signature log entry information associated with a received message, the received message including the different user'"'"'s digital signature and data to verify the received different user'"'"'s digital signature, and for registering the different user'"'"'s generated signature log entry information in the signature log file; and
  
  means for registering, in the user search file, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature and for registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each previous signature log entry information;
  
  means for identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file;
  
  means for transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verity the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file;
  
  means for verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified;
  
  means for determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file;
  
  means for judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging, determining whether or not continuity is maintained up to a signature log entry associated with the digital signature to be verified;
  
  means for transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and
  
  means for receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file,wherein the means for generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises means for adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file,wherein the means for generating and registering the different user'"'"'s signature log entry information comprises means for;
  
  generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and
  
  adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, andwherein the means for generating the user'"'"'s digital signature comprises means for generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, a hash value of the signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key.
- View Dependent Claims (8)
- - 8. A digital signature managing apparatus according to claim 7, wherein the apparatus includes a user'"'"'s computer terminal and at least the memory is in the user'"'"'s computer terminal.

9. A computer readable medium having stored a program of managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, the program comprising instructions facilitating the computer to perform the steps of:
- generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in a signature log file of a user which is prepared in a memory;
  
  generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and registering the generated user'"'"'s signature log entry information in the signature log file;
  
  generating a different user'"'"'s signature log entry information associated with a received message, the received message including the different user'"'"'s digital signature, verifying the received different user'"'"'s digital signature, and registering the different user'"'"'s generated signature log entry information in the signature log file; and
  
  registering, in a user search file prepared in the memory, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature, and registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each previous signature log entry information,identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file;
  
  transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verify the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file;
  
  verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified;
  
  determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file;
  
  judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging step, determining whether or not continuity is maintained up to the signature log entry associated with the digital signature to be verified;
  
  transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and
  
  receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file,wherein said step of generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises adding new user'"'"'s signature log entry information to the signature log file,the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file,wherein said step of generating and registering the different user'"'"'s signature log entry information comprises;
  
  generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and
  
  adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, andwherein said step of generating the user'"'"'s digital signature comprises generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, a hash value of the signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key.
- View Dependent Claims (10)
- - 10. A computer readable medium according to claim 9, wherein the signature log file of the user is stored in the memory of a user'"'"'s computer terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Itoh, Shinji, Tanimoto, Kouichi, Nishioka, Katsuko, Omoto, Narihiro, Miyazaki, Kunihiko
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Davis; Zachary A

Application Number

US10/147,359
Publication Number

US 20030182552A1
Time in Patent Office

2,643 Days
Field of Search

713/168, 713/170, 713/176, 713/177, 713/180, 713/181
US Class Current

713/177
CPC Class Codes

H04L 9/3247 involving digital signatures

H04L 9/3265 using certificate chains, t...

Method of managing digital signature, apparatus for processing digital signature, and a computer readable medium for recording program of managing digital signature

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method of managing digital signature, apparatus for processing digital signature, and a computer readable medium for recording program of managing digital signature

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links