Method of managing digital signature, apparatus for processing digital signature, and a computer readable medium for recording program of managing digital signature
First Claim
1. A method of managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, comprising the steps of:
- generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in a signature log file of a user which is prepared in a memory;
generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and registering the generated user'"'"'s signature log entry information in the signature log file;
generating, when a message with a different user'"'"'s digital signature is received from an external device, a different user'"'"'s digital signature log entry information using the received message, the received different user'"'"'s digital signature, and data to verify the received different user'"'"'s digital signature, and registering the different user'"'"'s digital signature log entry information in the signature log file;
registering, in a user search file prepared in the memory, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature and registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each signature log entry information;
identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file;
transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verify the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file;
verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified;
determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file;
judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging step, determining whether or not continuity is maintained up to a signature log entry associated with the digital signature to be verified;
transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and
receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file,wherein said step of generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file,wherein said step of generating and registering the different user'"'"'s signature log entry information comprises;
generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and
adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, andwherein said step of generating the user'"'"'s digital signature comprises generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, the hash value of signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of managing digital signature includes the steps of preparing a signature log file storing signature log entry information, generating a new digital signature for a transmission message by reflecting, in the new digital signature, signature log entry information registered to the signature log file in the past; generating signature log entry information associated with the new digital signature and registering the signature log entry information to the signature log file; and preparing a user search file in addition to the signature log file; registering, to the user search file, user identifier information indicating a transmission destination of the transmitted digital signature and a transmission source of the received digital signature, with a correspondence established between the information, the user identifier information, and each signature log entry information in the signature log file.
26 Citations
10 Claims
-
1. A method of managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, comprising the steps of:
-
generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in a signature log file of a user which is prepared in a memory; generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and registering the generated user'"'"'s signature log entry information in the signature log file; generating, when a message with a different user'"'"'s digital signature is received from an external device, a different user'"'"'s digital signature log entry information using the received message, the received different user'"'"'s digital signature, and data to verify the received different user'"'"'s digital signature, and registering the different user'"'"'s digital signature log entry information in the signature log file; registering, in a user search file prepared in the memory, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature and registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each signature log entry information; identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file; transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verify the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file; verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified; determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file; judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging step, determining whether or not continuity is maintained up to a signature log entry associated with the digital signature to be verified; transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file, wherein said step of generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file, wherein said step of generating and registering the different user'"'"'s signature log entry information comprises; generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, and wherein said step of generating the user'"'"'s digital signature comprises generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, the hash value of signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, comprising:
-
a memory having stored a signature log file of a user in which signature log entry information associated with a user'"'"'s digital signature is to be registered and a user search file; means for generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in the signature log file which is prepared in the memory; means for generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and for registering the generated user'"'"'s signature log entry information in the signature log file; means for generating a different user'"'"'s signature log entry information associated with a received message, the received message including the different user'"'"'s digital signature and data to verify the received different user'"'"'s digital signature, and for registering the different user'"'"'s generated signature log entry information in the signature log file; and means for registering, in the user search file, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature and for registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each previous signature log entry information; means for identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file; means for transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verity the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file; means for verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified; means for determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file; means for judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging, determining whether or not continuity is maintained up to a signature log entry associated with the digital signature to be verified; means for transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and means for receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file, wherein the means for generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises means for adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file, wherein the means for generating and registering the different user'"'"'s signature log entry information comprises means for; generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, and wherein the means for generating the user'"'"'s digital signature comprises means for generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, a hash value of the signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key. - View Dependent Claims (8)
-
-
9. A computer readable medium having stored a program of managing a digital signature in a digital signature system in which the digital signature is attached to a message to prove validity of the message, the program comprising instructions facilitating the computer to perform the steps of:
-
generating a user'"'"'s digital signature to be transmitted together with a user'"'"'s message by using signature log entry information previously registered in a signature log file of a user which is prepared in a memory; generating a user'"'"'s signature log entry information associated with the user'"'"'s digital signature using data used to generate the user'"'"'s digital signature, and registering the generated user'"'"'s signature log entry information in the signature log file; generating a different user'"'"'s signature log entry information associated with a received message, the received message including the different user'"'"'s digital signature, verifying the received different user'"'"'s digital signature, and registering the different user'"'"'s generated signature log entry information in the signature log file; and registering, in a user search file prepared in the memory, information indicating whether each signature log entry information in the signature log file relates to either the transmitted user'"'"'s digital signature or to the received different user'"'"'s digital signature, and registering user identifier information indicating either a transmission destination of the transmitted user'"'"'s digital signature or a transmission source of the received different user'"'"'s digital signature for each previous signature log entry information, identifying, according to the user identifier information registered in the user search file, the different user'"'"'s signature log entry information associated with the received different user'"'"'s digital signature registered in the signature log file or the user'"'"'s signature log entry information associated with the transmitted user'"'"'s digital signature registered in the signature log file and conducting verification using a log chain crossing using the user'"'"'s or different user'"'"'s signature log entry information identified in the signature log file; transmitting, at transmission of the user'"'"'s message, data to verify the user'"'"'s digital signature to be transmitted, the data to verify the user'"'"'s digital signature including the generated user'"'"'s digital signature and first identifier information to identify the user'"'"'s signature log entry information associated with the user'"'"'s digital signature, and a hash value of signature log entry information previously registered in the signature log file; verifying validity of a digital signature attached to a previously generated user'"'"'s or different user'"'"'s message, using a public key paired with a secret key used to generate the digital signature to be verified; determining whether or not signature log entry information associated with the digital signature to be verified has been registered in the signature log file; judging whether or not authorized signature log entry information which is newer than a signature log entry associated with the digital signature to be verified and which has been confirmed as authorized information is properly chained with signature log entry information registered immediately before the authorized signature log entry information, and by repeatedly conducting said judging step, determining whether or not continuity is maintained up to the signature log entry associated with the digital signature to be verified; transmitting at least part of the user'"'"'s signature log entry information registered in the signature log file with or without the user'"'"'s message to a different user; and receiving at least part of the different user'"'"'s signature log entry information which is transmitted from the different user together with the different user'"'"'s digital signature, verifying the different user'"'"'s digital signature, and adding the received different user'"'"'s signature log entry information to the signature log file, wherein said step of generating the user'"'"'s signature log entry information and registering the user'"'"'s signature log entry information in the signature log file comprises adding new user'"'"'s signature log entry information to the signature log file, the new user'"'"'s signature log entry information including the first identifier information to identify the user'"'"'s signature log entry information, the generated user'"'"'s digital signature, and a hash value of the signature log entry information previously registered in the signature log file, wherein said step of generating and registering the different user'"'"'s signature log entry information comprises; generating different user'"'"'s signature data based on second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message and a hash value of user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file; and adding the generated different user'"'"'s signature log entry information to the signature log file, said added different user'"'"'s signature log entry information including the second identifier information to identify the different user'"'"'s signature log entry information of the received different user'"'"'s digital signature corresponding to the received message, the hash value of the user'"'"'s or different user'"'"'s signature log entry information previously registered in the signature log file, and the generated different user'"'"'s signature data, and wherein said step of generating the user'"'"'s digital signature comprises generating data by combining with each other the user'"'"'s message or a hash value of the user'"'"'s message, a hash value of the signature log entry information previously registered in the signature log file, and the first identifier information to identify the user'"'"'s signature log entry information of the user'"'"'s digital signature to be generated, and generating a new digital signature using the combined generated data and a predetermined secret key. - View Dependent Claims (10)
-
Specification