Event-ordering certification method
First Claim
1. An event-ordering certification method for an event-ordering certification system having a user apparatus performing an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information, a certification apparatus for drafting a certificate for the event-ordering request of the user apparatus, an audit apparatus for auditing authenticity of the certificate and a communication network for connecting the user apparatus, the certification apparatus and the audit apparatus with each other, the method comprising:
- an event-ordering request receiving step where the certification apparatus receives the event-ordering request from the user apparatus;
a sequentially assigned data-item calculating step where the certification apparatus drafts a sequentially assigned data-item from the digital information included in the event-ordering request in accordance with a predetermined procedure;
an event-ordering request aggregating step where, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, the certification apparatus calculates assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected;
a certificate drafting step where the certification apparatus drafts a certificate containing the sequentially assigned data-item and a first sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto;
a certificate sending step where the certification apparatus sends the certificate to the user apparatus;
assuming that;
a leaf of the sequential aggregation tree to which the event-ordering request is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the certificate; and
in the complementary information, a complementary information acquirable at a point of assigning the event-ordering request to the sequential aggregation tree is defined as an immediate complementary information,an audit certificate drafting step where after assigning the event-ordering request to the sequential aggregation tree, the certification apparatus assigns a first audit request to the sequential aggregation tree thereby drafting a first audit certificate in the same way as drafting the certificate, acquires a first immediate complementary information for audit at the point of assigning the first audit request to the sequential aggregation tree, from the sequential aggregation tree and incorporates the first immediate complementary information into the first audit certificate;
an audit certificate sending step where the certification apparatus sends the first audit certificate to the audit apparatus;
a complementary information request receiving step where after assigning the first audit request to the sequential aggregation tree, the certification apparatus receives a request of the complementary information of the certificate from the user apparatus;
a late complementary information drafting step where the certification apparatus acquires a second sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the request of the complementary information assigned thereto and a complementary information acquirable at the point of assigning the request of the complementary information, from the sequential aggregation tree, thereby forming a late complementary information; and
a late complementary information sending step where the certification apparatus sends the late complementary information about the certificate to the user apparatus.
2 Assignments
0 Petitions
Accused Products
Abstract
An event-ordering certification system 100 includes a certification apparatus 1, a plurality of user apparatuses 2i (i=a, b, . . . , n), an audit apparatus 3 for performing an audit of an event-ordering receipt published by the certification apparatus 1 and a network 4 for connecting these elements with each other. In response to an event-ordering request from one user apparatus 2i, the certification apparatus 1 publishes the event-ordering receipt and sends it to the user apparatus 2i. If a mistrust is produced in the event-ordering receipt, the user apparatus 2i verifies the event-ordering receipt with the use of data published by the certification apparatus 1 and an audit result by the audit apparatus 3.
-
Citations
73 Claims
-
1. An event-ordering certification method for an event-ordering certification system having a user apparatus performing an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information, a certification apparatus for drafting a certificate for the event-ordering request of the user apparatus, an audit apparatus for auditing authenticity of the certificate and a communication network for connecting the user apparatus, the certification apparatus and the audit apparatus with each other, the method comprising:
-
an event-ordering request receiving step where the certification apparatus receives the event-ordering request from the user apparatus; a sequentially assigned data-item calculating step where the certification apparatus drafts a sequentially assigned data-item from the digital information included in the event-ordering request in accordance with a predetermined procedure; an event-ordering request aggregating step where, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, the certification apparatus calculates assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; a certificate drafting step where the certification apparatus drafts a certificate containing the sequentially assigned data-item and a first sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto; a certificate sending step where the certification apparatus sends the certificate to the user apparatus; assuming that;
a leaf of the sequential aggregation tree to which the event-ordering request is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the certificate; and
in the complementary information, a complementary information acquirable at a point of assigning the event-ordering request to the sequential aggregation tree is defined as an immediate complementary information,an audit certificate drafting step where after assigning the event-ordering request to the sequential aggregation tree, the certification apparatus assigns a first audit request to the sequential aggregation tree thereby drafting a first audit certificate in the same way as drafting the certificate, acquires a first immediate complementary information for audit at the point of assigning the first audit request to the sequential aggregation tree, from the sequential aggregation tree and incorporates the first immediate complementary information into the first audit certificate; an audit certificate sending step where the certification apparatus sends the first audit certificate to the audit apparatus; a complementary information request receiving step where after assigning the first audit request to the sequential aggregation tree, the certification apparatus receives a request of the complementary information of the certificate from the user apparatus; a late complementary information drafting step where the certification apparatus acquires a second sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the request of the complementary information assigned thereto and a complementary information acquirable at the point of assigning the request of the complementary information, from the sequential aggregation tree, thereby forming a late complementary information; and a late complementary information sending step where the certification apparatus sends the late complementary information about the certificate to the user apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An event-ordering certification audit method for an event-ordering certification system having at least one user apparatus performing an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information, a certification apparatus for drafting a certificate for the event-ordering request of the user apparatus, an audit apparatus for auditing authenticity of the certificate and a communication network for connecting the user apparatus, the certification apparatus and the audit apparatus with each other, the method comprising:
-
an event-ordering request receiving step where the certification apparatus receives a first event-ordering request from the user apparatus; a sequentially assigned data-item calculating step where the certification apparatus drafts a sequentially assigned data-item from a digital information included in the first event-ordering request in accordance with a predetermined procedure; an event-ordering request aggregating step where, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, the certification apparatus calculates assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; a certificate drafting step where the certification apparatus drafts a first certificate containing the sequentially assigned data-item and a first sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto; a certificate sending step where the certification apparatus sends the first certificate to the user apparatus; assuming that;
a leaf of the sequential aggregation tree to which the first event-ordering request is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the first certificate; and
in the complementary information, a complementary information acquirable at a point of assigning the first event-ordering request to the sequential aggregation tree is defined as an immediate complementary information,an audit certificate drafting step where the certification apparatus assigns a plurality of audit requests to the sequential aggregation tree thereby drafting a plurality of audit certificates in the same way as drafting the certificate, acquires immediate complementary information for audit at the point of assigning the respective audit requests to the sequential aggregation tree, from the sequential aggregation tree and incorporates the immediate complementary information for audit into the respective audit certificates; an audit certificate sending step where the certification apparatus sends the audit certificates to the audit apparatus; a complementary information request receiving step where after sending the first certificate to the user apparatus, the certification apparatus receives a request of the complementary information of the first certificate from the user apparatus; a late complementary information drafting step where the certification apparatus acquires a second sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the request of the complementary information assigned thereto and a complementary information acquirable at the point of assigning the request of the complementary information, from the sequential aggregation tree, thereby forming a late complementary information; a late complementary information sending step where the certification apparatus sends the late complementary information about the first certificate to the user apparatus; an audit certificate receiving step where the audit apparatus receives the audit certificates from the certification apparatus; an audit request receiving step where the audit apparatus receives an audit request for the first certificate from the user apparatus, the audit request containing the first certificate and the late complementary information about the first certificate; a first audit certificate selecting step where the audit apparatus selects an audit certificate from the audit certificates on a basis of the first and second sequential aggregation tree specifying information in the audit request for the first certificate, the one audit certificate being generated after the first certificate and before the late complementary information in chronological sequence; a first certificate audit step where the audit apparatus audits validity of the first certificate by verifying, for a specified node in the sequential aggregation tree, whether an assigned value for the specified node contained in the audit certificate selected at the first audit certificate selecting step coincides with an assigned value for the specified node calculated from the audit request for the first certificate or not and, where the audit apparatus further certifies a temporal context between a receipt time of the event-ordering request for the first certificate and a receipt time of the audit request for the audit certificate selected at the first audit certificate selecting step; and an audit result sending step where the audit apparatus sends an audit result of the first certificate to the user apparatus. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. An event-ordering certification apparatus connected to both a user apparatus performing an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information thereby promoting the event-ordering certification apparatus to draft a certificate and an audit apparatus for auditing authenticity of the certificate through a communication network mutually, for drafting the certificate, for the event-ordering request of the user apparatus, the event-ordering certification apparatus comprising:
-
event-ordering request receiving means configured to receive the event-ordering request from the user apparatus; sequentially assigned data-item calculating means configured to draft a sequentially assigned data-item from a digital information included in the event-ordering request in accordance with a predetermined procedure; event-ordering request aggregating means configured, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, to calculate assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; certificate drafting means configured to draft a certificate containing the sequentially assigned data-item and a first sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto; certificate sending means configured to send the certificate to the user apparatus; assuming that;
a leaf of the sequential aggregation tree to which the event-ordering request is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the certificate; and
in the complementary information, a complementary information acquirable at a point of assigning the event-ordering request to the sequential aggregation tree is defined as an immediate complementary information, audit certificate drafting means configured, after assigning the event-ordering request to the sequential aggregation tree, to assign a first audit request to the sequential aggregation tree thereby drafting a first audit certificate in the same way as drafting the certificate, acquire a first immediate complementary information for audit at the point of assigning the first audit request to the sequential aggregation tree, from the sequential aggregation tree and incorporate the first immediate complementary information into the first audit certificate;audit certificate sending means configured to send the first audit certificate to the audit apparatus; complementary information request receiving means configured, after assigning the first audit request to the sequential aggregation tree, to receive a request of the complementary information of the certificate from the user apparatus; late complementary information drafting means configured to acquire a second sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the request of the complementary information assigned thereto and a complementary information acquirable at the point of assigning the request of the complementary information, from the sequential aggregation tree, thereby forming a late complementary information; and complementary information sending means configured to send the late complementary information about the certificate to the user apparatus. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. An event-ordering certification audit apparatus connected to both at least one user apparatus performing an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information and a certification apparatus for drafting a certificate for the event-ordering request of the user apparatus, through a communication network, for auditing authenticity of the certificate, wherein the certification apparatus comprises:
-
event-ordering request receiving means configured to receive a first event-ordering request from the user apparatus; sequentially assigned data-item calculating means configured to draft a sequentially assigned data-item from a digital information included in the first event-ordering request in accordance with a predetermined procedure; event-ordering request aggregating means configured, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, to calculate assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; certificate drafting means configured to draft a first certificate containing the sequentially assigned data-item and a first sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto; certificate sending means configured to send the first certificate to the user apparatus; assuming that;
a leaf of the sequential aggregation tree to which the first event-ordering request is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the first certificate; and
in the complementary information, a complementary information acquirable at a point of assigning the first event-ordering request to the sequential aggregation tree is defined as an immediate complementary information,audit certificate drafting means configured to assign a plurality of audit requests to the sequential aggregation tree thereby drafting a plurality of audit certificates in the same way as drafting the certificate, acquire immediate complementary information for audit at the point of assigning the respective audit requests to the sequential aggregation tree from the sequential aggregation tree and incorporate the immediate complementary information for audit into the respective audit certificates; audit certificate sending means configured to send the audit certificates to the audit apparatus; complementary information request receiving means configured, after sending the first certificate to the user apparatus, to receive a request of the complementary information of the first certificate from the user apparatus; late complementary information drafting means configured to acquire a second sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the request of the complementary information assigned thereto and a complementary information acquirable at the point of assigning the request of the complementary information, from the sequential aggregation tree, thereby forming a late complementary information; and late complementary information sending means configured to send the late complementary information about the first certificate to the user apparatus, and wherein the event-ordering certification audit apparatus comprises; audit certificate receiving means configured to receive the audit certificates from the certification apparatus; audit request receiving means configured to receive an audit request for the first certificate from the user apparatus, the audit request containing the first certificate and the late complementary information about the first certificate; first audit certificate selecting means configured to select an audit certificate from the audit certificates on a basis of the first and second sequential aggregation tree specifying information in the audit request for the first certificate, the audit certificate being generated after the first certificate and before the late complementary information in chronological sequence; first certificate audit means configured to audit validity of the first certificate by verifying, for a specified node in the sequential aggregation tree, whether an assigned value for the specified node contained in the audit certificate selected by the first audit certificate selecting means coincides with an assigned value for the specified node calculated from the audit request for the first certificate or not and, also configured to frirther certify a temporal context between a receipt time of the event-ordering request for the first certificate and a receipt time of the audit request for the audit certificate selected by the first audit certificate selecting means; and audit result sending means configured to send an audit result of the first certificate to the user apparatus. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54)
-
-
55. A computer-executable program embodied in a computer-readable recording medium for validation of event-ordering certificates for a user apparatus in an event-ordering certification audit system where at least one user apparatus performing an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information, a certification apparatus for drafting a certificate for the event-ordering request of the user apparatus and an audit apparatus for auditing authenticity of the certificate are connected with each other through a communication network,
wherein the certification apparatus comprises: -
event-ordering request receiving means configured to receive a first event-ordering request from the user apparatus; sequentially assigned data-item calculating means configured to draft a sequentially assigned data-item from a digital information included in the first event-ordering request in accordance with a predetermined procedure; event-ordering request aggregating means configured, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, to calculate assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; certificate drafting means configured to draft a first certificate containing the sequentially assigned data-item and a first sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto; certificate sending means configured to send the first certificate to the user apparatus; assuming that;
a leaf of the sequential aggregation tree to which the first event-ordering request is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the first certificate; and
in the complementary information, a complementary information acquirable at a point of assigning the first event-ordering request to the sequential aggregation tree is defined as an immediate complementary information,audit certificate drafting means configured to assign a plurality of audit requests to the sequential aggregation tree thereby drafting a plurality of audit certificates in the same way as drafting the certificate, acquire immediate complementary information for audit at the point of assigning the respective audit requests to the sequential aggregation tree from the sequential aggregation tree and incorporate the immediate complementary information for audit into the respective audit certificates; audit certificate sending means configured to send the audit certificates to the audit apparatus; complementary information request receiving means configured, after sending the first certificate to the user apparatus, to receive a request of the complementary information of the first certificate from the user apparatus; late complementary information drafting means configured to acquire a second sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the request of the complementary information assigned thereto and a complementary information acquirable at the point of assigning the request of the complementary information, from the sequential aggregation tree, thereby forming a late complementary information; and late complementary information sending means configured to send the late complementary information about the first certificate to the user apparatus, and wherein the audit apparatus comprises; audit certificate receiving means configured to receive the audit certificates from the certification apparatus; audit request receiving means configured to receive an audit request for the first certificate from the user apparatus, the audit request containing the first certificate and the late complementary information about the first certificate; first audit certificate selecting means configured to select an audit certificate from the audit certificates on a basis of the first and second sequential aggregation tree specifying information in the audit request for the first certificate, the audit certificate being generated after the first certificate and before the late complementary information in chronological sequence; first certificate audit means configured to audit validity of the first certificate by verifying, for a specified node in the sequential aggregation tree, whether an assigned value for the specified node contained in the audit certificate selected by the first audit certificate selecting means coincides with an assigned value for the specified node calculated from the audit request for the first certificate or not and, also configured to further certify a temporal context between a receipt time of the event-ordering request for the first certificate and a receipt time of the audit request for the audit certificate selected by the first audit certificate selecting means; and audit result sending means configured to send an audit result of the first certificate to the user apparatus, and wherein the event-ordering certification program allows the user apparatus to perform; an event-ordering request sending step of sending the first event-ordering request to the certification apparatus; a certificate receiving step of receiving first event-ordering request from the certification apparatus a complementary information request sending step of sending the request of the complementary information of the first certificate to the certification apparatus; a complementary information receiving step of receiving the complementary information of the first certificate from the certification apparatus; an audit request sending step of sending the audit request to the audit apparatus; and an audit result receiving step of receiving the audit result for the first certificate. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. A computer-executable program embodied in a computer readable recording medium for validation of event-ordering certificates for allowing a computer to verify authenticity of certificates, the computer being connected to first and second user apparatuses, each of which performs an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information, and an event-ordering certification apparatus for drafting the certificates for a plurality of event-ordering requests of the first and second user apparatuses through a communication network,
wherein the event-ordering certification apparatus comprises: -
event-ordering request receiving means configured to receive the event-ordering requests from the first and second user apparatuses; sequentially assigned data-item calculating means configured to draft sequentially assigned data-items from digital information included in the event-ordering requests in accordance with a predetermined procedure; event-ordering request aggregating means configured, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, to calculate assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; sequential aggregation tree storing means configured to store an information about the sequential aggregation trees produced by the event-ordering request aggregating means; assuming that;
a leaf of the sequential aggregation tree to which the sequentially-assigned data-item drafted from each of the event-ordering requests is assigned is defined as a registration point;
an information about nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the registration point;
in the complementary information, a complementary information acquirable at a point of assigning each of the sequentially assigned data-item to the sequential aggregation tree is defined as an immediate complementary information, while a complementary information acquirable after the point of assigning each of the sequentially assigned data-item to the sequential aggregation tree is defined as a late complementary information;
the late complementary information of a leaf a1 determined at a point of completing an assignation for a leaf a2 on the right of the leaf a1 in the sequential aggregation tree is defined as “
late complementary information of the leaf a1 at the leaf a2”
; and
further a leaf of the sequential aggregation tree to which the sequential assigned data-item drafted by a new event-ordering request is defined as a new registration point,registration point storing means configured to store an information about the registration points of the event-ordering requests with respect to each of the user apparatuses; certificate drafting means configured to integrate, from the information stored in the respective storing means, a sequentially assigned data-item for the new registration point, a sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto, an immediate complementary information about the new registration point and a late complementary information of all past registration points of each of the user apparatuses, thereby drafting a certificate for the new registration point; and certificate sending means configured to send the certificates to the user apparatuses; wherein each of the user apparatuses comprises; event-ordering request sending means configured to send the event-ordering requests to the event-ordering certification apparatus; certificate receiving means configured to receive the certificates for the event-ordering requests from the event-ordering certification apparatus; certificate storing means configured to store the certificates received; validation request sending means configured to send a certificate for validation to the computer; and validation result receiving means configured to receive a validation result of the certificate for validation from the computer; wherein the program for validation of event-ordering certificates allows the computer to perform; a certificate receiving step of receiving two certificates for validation from the first and second user apparatuses respectively or two certificates for validation from the first user apparatus; assuming that one of the two certificates judged as being temporally former in publishing order is a first certificate, while the other of the two certificates judged as being temporally latter in publishing order is a second certificate, based on the sequential aggregation tree specifying information of the two certificates received, a sequential aggregation tree specifying information sending step of sending the sequential aggregation tree specifying information in the second certificate to the user apparatus receiving the first certificate; a late complementary information receiving step of receiving the late complementary information about the first certificate at a registration point after publishing the second certificate, from the user apparatus receiving the first certificate; a validation step of verifying, for a specified node in the sequential aggregation tree, whether an assigned value for the specified node contained in the second certificate coincides with an assigned value for the specified node calculated from the first certificate and the late complementary information or not, thereby certifying validity of the first and second certificates and that the registration point of the first certificate is temporally ahead of the registration point of the second certificate, based on a validation result; and a validation result sending step of sending the validation result to both or either of the first and second user apparatuses. - View Dependent Claims (65)
-
-
66. A computer-executable program for validation of event-ordering certificates for allowing a computer to verify authenticity of certificates, the computer being connected to first and second user apparatuses, each of which performs an event-ordering request for certifying a chronological sequence of a certain event in time-series events generating a designated digital information, and an event-ordering certification apparatus for drafting the certificates for a plurality of event-ordering requests of the first and second user apparatuses through a communication network,
wherein the event-ordering certification apparatus comprises: -
event-ordering request receiving means configured to receive the event-ordering requests from the first and second user apparatuses; sequentially assigned data-item calculating means configured to draft sequentially assigned data-items from digital information included in the event-ordering requests in accordance with a predetermined procedure; event-ordering request aggregating means configured, in sequential aggregation trees each of which is completed at regular time intervals by sequentially assigning a series of sequentially assigned data-items to leaves of a directed tree from left thereof, to calculate assigned values for calculable nodes and a root value to be assigned for a root of each sequential aggregation tree after completion of each regular time interval, in accordance with a calculating method of establishing, as an assigned value for a parent, a result value obtained by applying a designated collision-resistant hash function on a juncture value to which respective assigned values assigned to a plurality of nodes having a parent in common are connected; sequential aggregation tree storing means configured to store an information about the sequential aggregation trees produced by the event-ordering request aggregating means; assuming that;
a leaf of the sequential aggregation tree to which the sequentially-assigned data-item drafted from each of the event-ordering requests is assigned is defined as a registration point;
an information about other nodes necessary to calculate a root value of the sequential aggregation tree from the registration point is defined as a complementary information of the registration point;
in the complementary information, a complementary information acquirable at a point of assigning each of the sequentially assigned data-item to the sequential aggregation tree is defined as an immediate complementary information, while a complementary information acquirable after the point of assigning each of the sequentially assigned data-item to the sequential aggregation tree is defined as a late complementary information;
the late complementary information of a leaf a1 determined at a point of completing an assignation for a leaf a2 on the right of the leaf a1 in the sequential aggregation tree is defined as “
late complementary information of the leaf a1 at the leaf a2”
; and
further a leaf of the sequential aggregation tree to which the sequential assigned data-item drafted by a new event-ordering request is defined as a new registration point,registration point storing means configured to store an information about an immediately preceding registration point with respect to each of the user apparatuses; certificate drafting means configured to integrate, from the information stored in the respective storing means, a sequentially assigned data-item for the new registration point, a sequential aggregation tree specifying information for specifying the sequential aggregation tree and a leaf thereof both having the sequentially assigned data-item assigned thereto, an immediate complementary information about the new registration point and a late complementary information about the immediately preceding registration point of each of the user apparatuses at the new registration point, thereby drafting a certificate for the new registration point; and certificate sending means configured to send the certificates to the user apparatuses; defining that a rightmost registration point of the respective registration points of each of the user apparatuses is referred to as a provisional terminal point and that to calculate all of the complementary information about a designated registration point acquirable at a point of completing an assignment for the provisional terminal point is referred to as an incremental completion for a certificate of the designated registration point, wherein each of the user apparatuses comprises; event-ordering request sending means configured to send the event-ordering requests to the event-ordering certification apparatus; certificate receiving means configured to receive the certificates for the event-ordering requests from the event-ordering certification apparatus; certificate storing means configured to store the certificates received; incremental completion means configured to perform the incremental completion to a certificate for validation of the plural certificates received and stored; validation request sending means configured to send a certificate for validation to the computer; and validation result receiving means configured to receive a validation result of the certificate for validation from the computer; wherein the program for validation of event-ordering certificates allows the computer to perform; a certificate receiving step of receiving two certificates for validation from the first and second user apparatuses respectively or two certificates for validation from the first user apparatus; assuming that one of the two certificates judged as being temporally former in publishing order is a first certificate, while the other of the two certificates judged as being temporally latter in publishing order is a second certificate, based on the sequential aggregation tree specifying information of the two certificates received, a sequential aggregation tree specifying information sending step of sending the sequential aggregation tree specifying information in the second certificate to the user apparatus receiving the first certificate; a late complementary information receiving step of receiving the late complementary information about the first certificate at a registration point after publishing the second certificate, from the user apparatus receiving the first certificate; a validation step of verifying, for a specified node in the sequential aggregation tree, whether an assigned value for the specified node contained in the second certificate coincides with an assigned value for the specified node calculated from the first certificate and the late complementary information or not, thereby certifying validity of the first and second certificates and that the registration point of the first certificate is temporally ahead of the registration point of the second certificate, based on a validation result; and a validation result sending step of sending the validation result to both or either of the first and second user apparatuses. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73)
-
Specification