JP2002132996A - Server for authenticating existence of information, method therefor and control program for authenticating existence of information - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve reliability of information contents prepared in the past by proving existence of electronic data of a written contract or the like, at a specified point of time in the past. SOLUTION: A contract existence proving server 20 acquires the written contract and the certificates of respective users, prepared by exchanging data between a user terminal 30 and a user terminal 31. Then, signatures are confirmed, and the validity of the respective certificates is confirmed, etc. Then, a confirmation result, the date and time of confirmation, the written contract and the certificates are stored in a database. Thereafter, in the case that the acquisition of information is requested, an information existence certificate, including the information of the kept written contract and confirmation result, etc., is presented. Thus, the existence of the written contract at a specified point of time in the past is proved.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information existence proof server, an information existence proof method, and an information existence proof used for certifying that information such as a contract created as electronic information has existed in the past. It relates to a proof control program.

[0002]

2. Description of the Related Art In recent years, the number of users of the Internet has increased, and EDI (electronic data exchange) and the like on networks have been routinely performed. Therefore,
It is important to safely exchange information on a network, and various cryptographic communication technologies and electronic signature communication technologies have been devised and put into practical use. Examples of the encryption technology for realizing the encryption communication include DES,
RSA, FEAL, MISTY, ESIGN, and the like are widely known. In public key cryptosystems such as RSA and ESIGN, it is widely used that a certificate issued by a CA (certificate authority) is obtained and presented to perform identity verification on a network.

[0003]

The electronic information exchanged on the network includes various types of information.
It may also contain important information about the contract entered into between the parties. When a contract as electronic data is created, each party keeps the created contract as electronic data.

However, since electronic information can be easily falsified without leaving any evidence, the reliability of contracts stored between parties is not always high. Therefore, if the number of contracts concluded on the network increases in the future, there may be frequent conflicts over the authenticity of the contract.

[0005] The present invention solves the above-mentioned problems, and makes it possible to prove that electronic data such as a contract existed at a specific point in time in the past. The purpose is to improve the reliability of the contents and improve the security of contracts on the network.

[0006]

In order to solve the above-mentioned problems, an information existence certifying server of the present invention includes an information acquiring means for acquiring specific information such as contract contents and a certificate, and a discard list (for example). A validity checking means for checking the validity of the certificate using CRL), an information storage means for storing the obtained specific information in the information storage unit together with the result of the validity checking means, and an information acquisition It includes an information existence certifying means for presenting an information existence certificate including specific information stored in the information storage unit and a confirmation result when a request is made. The information acquisition means, the validity confirmation means, the information storage means, and the information existence proof means are provided in, for example, the contract existence proof server 20.

With the above configuration, it can be proved that specific information such as a contract has existed in the past, and the reliability of the information content of the specific information created in the past can be improved. be able to. Therefore, it is possible to improve security such as contracts on the network.

An authentication function provided by one or more certificate authorities (various functions of the certificate authority, for example, a directory server function for managing user information such as a certificate and a revocation list, a specific certificate being revoked) And a function of authenticating the user and issuing a certificate), and the validity checking means checks the validity of the certificate by the authentication function. You may do so. The authentication function may be shared with the certificate authority, or may be transferred from the certificate authority.

[0009] With the above configuration, the information existence proof server can confirm the validity of the certificate using the function of the certificate authority. In addition, when the configuration has a function of a plurality of certificate authorities, the user information held by each certificate authority can be centrally managed, and the certificate confirmation processing performed by each certificate authority can be performed. Can be executed collectively in one place. Therefore, the total operation cost can be reduced.

[0010] Further, the information storage means is configured to also store time information (for example, validity confirmation date and time and registration date and time of specific information) for specifying the time when the information was stored in the information storage unit. Preferably, the information existence certificate includes time information.

With the above configuration, it can be proved that specific information such as a contract existed at a specific time in the past, and the specific information effectively exists at any time in the past. You can prove whether or not.

[0012] Also, the information existence certifying method of the present invention includes a step of obtaining specific information and a certificate, a step of checking the validity of the certificate, and a step of combining the obtained specific information with a result of checking the validity. And storing the information in the information storage unit, and presenting an information existence certificate including the stored specific information and the confirmation result in response to the information acquisition request.

With the above configuration, it can be proved that specific information such as a contract has existed in the past, and the reliability of the information content of the specific information created in the past can be improved. be able to. Therefore, security such as contracts on the network can be improved.

Further, the recording medium storing the information existence proof control program of the present invention is a recording medium recording a control program for presenting an information existence certificate for certifying the existence of information. A step of obtaining specific information and a certificate; a step of checking the validity of the certificate; a step of storing the obtained specific information together with the result of the validity check in an information storage unit; And presenting an information existence certificate including the stored specific information and the confirmation result.

By using the control program having the above configuration, it is possible to prove that specific information such as a contract has existed in the past, and to trust the information content of the specific information created in the past. Performance can be improved. Therefore, security such as contracts on the network can be improved.

[0016]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described with reference to the drawings. In the following description, general techniques that are already widely used, such as public key cryptography (for example, RSA) and a method for obtaining a certificate issued by a certificate authority (CA), will be described in detail. Is omitted.

It is very difficult to prove that electronic data indicating specific information content existed at a specific time in the past because the electronic data may have been falsified or forged. is there. Therefore, if a contract is created using electronic data and important agreements are made, doubts may be raised about the reliability of the contract in the future. On the other hand, electronic data is easier to use than paper media, and it is expected that the act of creating contracts and the like using electronic data will increase in the future. In one embodiment of the present invention, it is assumed that the electronic data for any contract (eg, a commitment between the parties, such as a commission contract, a sales contract, a loan contract, etc.) did exist at a particular point in time in the past. A mechanism that can be proved has been realized.

FIG. 1 shows a contract existence proof system 10 of the present embodiment.
FIG. 3 is a block diagram showing an example of the configuration of FIG. The contract existence proof system 10 includes a contract existence proof server 20 and a user terminal 3
0, 31 and Certificate Authority (CA) servers 40, 41. Contract existence proof server 20, user terminals 30, 31
The certificate authority servers 40 and 41 are connected to a network (for example, the Internet, a dedicated line, a public line, or a wireless communication line) 50. Note that any number of user terminals and certificate authority servers may be provided. The contract proof system 10 determines the validity of the contract between the parties by accompanying information (for example, a signature or a certificate).
By confirming based on the above and storing the results and the like, the existence of a contract concluded in the past is proved.

In this example, the contract existence proof server 20
It has a function as a W server and has established a homepage for storing procedure information and the like. The contract existence proof server 20 has a database for storing and managing various information. The contract existence proof server 20 has a function of adding and storing predetermined information (for example, information on date and time) to data exchanged between the user terminal 30 and the user terminal 31, and managing the data. In addition to the above functions, the contract existence proof server 20 checks the validity of a certificate issued by a certificate authority, checks the signature of a contract or the like, and stores and manages the check results. It has various functions.

Each of the user terminals 30, 31 is constituted by an information processing device such as a personal computer.
The user terminals 30, 31 are managed by a user (user) of the present system who exchanges a contract via the network 50, creates a contract as electronic data, and concludes a contract. The user terminals 30 and 31 are equipped with, for example, a browser for browsing a homepage provided by the contract existence proof server 20, and a mailer for sending and receiving electronic mail. Further, the user terminals 30 and 31 have an environment in which various types of information can be transmitted and received via a network.

The certification authority servers 40 and 41 are WWW servers managed by an organization called, for example, a certification authority (CA) for issuing a certificate for certifying the existence of an individual, server, organization, or the like. is there. The certificate authority servers 40 and 41 function to issue a certificate for certifying the existence of an individual or a company in response to a request from an individual or a company registered in a certificate authority managing each server. It has various functions such as.

Next, the contract information storage processing by the contract existence proof system 10 of the present embodiment will be described with reference to FIG. FIG. 2 is a sequence diagram illustrating an example of a contract information storage process by the contract existence proof system 10 of the present example. In this example, a contract information storage process in the case where a user A who manages the user terminal 30 and a user B who manages the user terminal 31 make a contract is described.

In this example, first, the user A uses the user terminal 30 to access a homepage established by the contract existence proof server 20, and transmits contract application information to the contract existence proof server 20 (step). S201). The contract application information includes, for example, the e-mail address of the user B, the contract (including the signature of the user A), and the certificate authority registered by the user A (here, for example, a certificate authority that manages the certificate authority server 40. , A certificate authority C1) (hereinafter, referred to as a certificate A).

The contract includes various information such as a contract clause and a signature field of the contractor. The contract sent in step S201 is digitally signed by the user A. Note that the signature of the user A described in the predetermined signature section of the contract is transmitted to the contract existence proof server 20 in a state where the signature is encrypted by the secret key (personal key) of the user A. The certificate A is, for example, an X.400 standardized by ITU (International Communication Union) or the like. 509 version 3 certificate format is used.
The certificate A includes information such as the digital signature of the certificate authority that is the issuer and the value of the public key of the user A.

It should be noted that the contract existence proof server 20 prepares the format of various procedural documents including various contracts,
The user A may select and use the corresponding contract.

When the contract existence proof server 20 receives the contract application information (step S202), it notifies the user terminal 30 that the contract application information has been normally received in this example, and confirms the signature (the electronic signature of the contract is signed). Confirmation of the signature of the user A) and confirmation of the validity of the certificate A are performed (step S203).

In this example, the signature is confirmed by decrypting the encrypted signature with the public key of the user A.
The contract existence proof server 20 determines that the contract has been signed by the user A when the contract is successfully decrypted by the public key of the user A.

The validity of the certificate A can be confirmed by, for example, decrypting the encrypted signature of the certificate authority C1 with the public key of the certificate authority C1 and, for example, using OCSP (Online).
Certificate Status Protocol
ol), for example, by confirming the CRL (discard list) held by the certificate authority server 40 almost in real time. In this example, the contract existence proof server 20 determines that the certificate A is valid if it can be normally decrypted by the public key of the certificate authority C1 and the certificate A is not included in the revocation list. Although not described in detail, the contract existence proof server 20 checks the validity of the certificate by, for example, checking the expiration date of the certificate or checking whether the message digest matches. Is also performed (the same applies hereinafter).

After confirming the signature and the validity of the certificate A, the contract existence proof server 20 stores the contract application information related data in the contract application information related data storage area of its own database (step S204). ). The contract application information related data includes, for example, a contract, a confirmation result of the signature of the user A, a confirmation date and time of the signature of the user A, a certificate A, a confirmation result of the validity of the certificate A, and a validity result of the certificate A. It includes information such as the date and time of confirmation, the date and time of receiving contract application information, and the date and time of registration in the contract application information related data storage area (see FIG. 3).
The contract existence proof server 20 assigns a management number and associates it with the stored information in order to identifiably store a series of information stored in association with each procedure (see FIG. 3).

When the contract application information related data is saved, the contract existence proof server 20 notifies the user terminal 30 that the saving of the contract application information related data has been completed and the predetermined information such as the validity determination result and the management number. Notice. Also,
The contract existence proof server 20 transmits the contract application information and the management number to the user terminal 31 (step S20).
5) Notify the user terminal 30 that the contract application information and the like have been transmitted to the contract partner (user B in this example). In this embodiment, when the user terminal 31 receives the information such as the contract, the user terminal 31
Notify that information such as a contract has been received.

Upon receiving the contract application information and the management number, the user B operates the user terminal 31 to check the contents of the received certificate A, etc.
If a contract is made, a signature is entered in the signature field of the contract (step S206). The user B's signature written in a predetermined signature section of the contract is encrypted with the user B's private key (personal key). Here, the contractor is user A
And the user B, the contract is completed when the user B signs. If there is another contractor, for example, a process similar to Step 201 to Step S205 may be executed to further transmit a contract, a certificate, or the like to another prospective contractor.

When the contract is completed, the user B accesses the homepage established by the contract existence proof server 20 using the user terminal 31, specifies the management number, and transmits the contract information to the contract existence proof server 20. And transmit it (step S207). The contract information includes a contract in which signatures of the user A and the user B are written, a certificate A, and a certificate for certifying the user B (hereinafter, referred to as a certificate B). The certificate B is, for example, X. standardized by ITU (International Telecommunication Union) or the like. 509 version 3 certificate format is used. The certificate B includes information such as the digital signature of the certificate authority that is the issuer (here, for example, a certificate authority that manages the certificate authority server 41; hereinafter, referred to as a certificate authority C2), the value of the public key of the user B, and the like. It is.

Upon receiving the contract information (step S208), the contract existence proof server 20 notifies the user terminal 31 of the normal reception, and checks the signature and the validity of the certificate (step S209). .

In this example, the signatures are confirmed by decrypting the signatures of the users A and B in the contract using the public keys of the respective users. The contract existence proof server 20 determines that the signature in the signature column of the user B is signed by the user A if the signature in the signature column of the user A can be normally decrypted by the public key of the user A, and If the signature can be successfully decrypted using the public key of the user B, it is determined that the signature has been signed by the user B.

The validity of the certificate A and the certificate B can be checked, for example, by checking the encrypted certificate authority C, respectively.
1 and C2 are decrypted with the public keys of the certificate authorities C1 and C2, and, for example, by using a communication procedure according to the OCSP, for example, the CRs held by the respective certificate authorities C1 and C2 are stored.
This is performed by confirming L. Contract existence proof server 20
In this example, if the signature of the certificate authority C1 can be normally decrypted by the public key of the certificate authority C1 that issued the certificate A, and if the certificate A is not included in the revocation list, It is determined that letter A is valid. Further, in this example, the contract existence proof server 20 can normally decrypt the signature of the certificate authority C2 using the public key of the certificate authority C2 that issued the certificate B, and the certificate B is included in the revocation list. If not included, it is determined that the certificate B is valid.

After confirming the signature and confirming the validity, the contract existence proof server 20 confirms the acquired contract information, the date and time of receiving the contract information, the result of confirming the signature, the date and time of confirming the signature, and the validity of the certificate. As a result, contract information related data including various information such as the date and time of confirmation of the validity of the certificate and the date and time of registration in the database is stored in the database (step S21).
0). When storing the contract information-related data in the database, the contract existence proof server 20 stores the data in association with the management number described above (see FIG. 3).
Further, in this example, when the contract existence proof server 20 stores the contract information-related data in the database, the contract presence proof server 20 stores information (such as an organization name) relating to the certificate authority that has authenticated the certificate, and the credibility of the certificate (for example, Authentication level) is also saved.

FIG. 3 is an explanatory diagram showing an example of the state of information stored in the database of the contract existence proof server 20. FIG.
In this embodiment, as shown in FIG.
A plurality of pieces of contract procedure information in which contract application information related data and contract information related data are associated with a management number are stored. In order to prove the existence of the contract, it is sufficient to save the contract information related data, so that the contract application information related data may not be stored. However, if the contract application information related data is also stored, it is possible to clarify the circumstances leading up to the contract, for example.

After saving the contract information related data, the contract existence proof server 20 notifies the user terminals 30 and 31 that the contract information related data has been saved (step S211). Not only the save notification but also a part or all of the saved information may be transmitted. In the present example, the user terminal 30 and the user terminal 31 that have received the storage end notification respectively notify that the notification has been normally received. When the notification in step S211 ends, the contract information storage processing in the contract existence proof system 10 of this example ends.

Next, the contract existence certificate acquisition processing in the contract existence certification system 10 of this embodiment will be described with reference to FIG. Here, a process in the case where the user A acquires the information regarding the contract with the user B previously stored by the above-described contract information storing process using the contract existence proof system 10 will be described.

First, the user A accesses the contract existence proof server 20 by using the user terminal 30, transmits a certificate acquired in advance from the certificate authority C1, for example, and makes a request to acquire information on the contract ( Step S401). Note that, in this example, the contract existence proof server 20 is configured to allow disclosure of information on the contract when presenting a valid certificate and requesting information acquisition. However, the conditions under which the contract existence proof server 20 accepts an information acquisition request may be set in any manner. For example, only access from persons (parties, agents) related to the contract may be permitted. Alternatively, for example, access may be allowed only from a person involved in the contract and a predetermined government agency. In this case, the contract existence proof server 2
0 may be provided with an access control function that allows only a specific user to access, for example, by using an electronic signature.

When the contract existence proof server 20 receives the contract information acquisition request, it checks the validity of the certificate (step S402). To check the validity of the certificate, for example, as described above, the encrypted signature of the certificate authority C1 is decrypted with the public key of the certificate authority C1,
This is performed, for example, by confirming the CRL held by each certificate authority C1 by a communication procedure according to the CSP. In this example, the contract existence proof server 20 can normally decrypt the signature of the certificate authority C1 using the public key of the certificate authority C1 that has issued the certificate, and the certificate A is included in the revocation list. If not, it is determined that the certificate A is valid. If the certificate is valid, the contract existence proof server 20 requests the user terminal 30 to input a management number in this example (step S403).

When a request for inputting the management number is received, the user A
Transmits the management number using the user terminal 30 (step S404). Upon receiving the management number, the contract existence certificate server 20 transmits a contract existence certificate including part or all of the information associated with the management number to the user terminal 30 (step S405). The contract existence certificate is displayed on the display of the user terminal 30, for example, as shown in FIG.
Is displayed as shown. As shown in FIG. 5, for example, the contract existence certificate includes a contract, a certificate used at the time of the contract, a result of confirming the validity of the certificate, a date and time when the contract exists (specifically, Contains information on the date and time when the validity of the certificate was confirmed or the date and time when the contract information was registered in the server. Accordingly, the contract existence certificate is a certificate that proves that the contract indicated in the contract has been exchanged by the person who presented the valid certificate (here, the user A and the user B) at a specific date and time in the past. Play a role. In addition,
The contract existence certificate may include other information such as contract application information related data, for example, according to the request of the user A to be obtained.

The user terminal 30 via the network 50
When the contract existence certificate is transmitted toward, the contract existence certificate acquisition process ends. Therefore, by presenting the contract existence certificate to another person (for example, a contract partner), the user A can prove that the contract was concluded at a specific time in the past.

As described above, the electronic information relating to the contract is stored in the database of the contract existence proof server 20 together with the result of confirming the validity of the certificate used at the time of the contract. Even when a trouble relating to the contract occurs, it is possible to prove that the contract existed in the past by extracting the contract existence certificate from the contract existence proof server 20.

Further, as described above, at the initial stage (before the conclusion of the contract), various kinds of information exchanged between the parties are also acquired, and the validity judgment and the judgment result of the validity are stored together with the various kinds of information. By extracting the necessary information from the database of the contract existence proof server 20, it is possible to grasp the circumstances leading up to the contract, and if a trouble occurs during the contract procedure (for example, if the procedure is delayed) ) Will be able to clarify responsibilities.

Further, as described above, the name of the certificate authority that issued the certificate and the authentication level are also registered in the database. By including such information in the contract existence certificate, for example, The performance of the certificate authority at that time and the number of accidents at that certification level (class) at the time of the contract can be used as a basis for judging the reliability of the certificate at the time of the contract.

In the above-described embodiment, in the contract information storage process, the contract exchange certificate server 20 is also involved in the information exchanged in the process until the contract is concluded. After that, the contract existence proof server 20 may be involved. FIG. 6 is a sequence diagram showing another example of the contract information storing process by the contract existence proof system 10. The contract information storing process shown in FIG. 6 is a process in a case where the contract existence proof server 20 is involved after the contract is concluded. Note that, in the contract information storing process shown in FIG. 6, similar to the above-described contract information storing process shown in FIG. 2, a process when the user A and the user B negotiate some kind of contract is shown.

In the other embodiment, first, the user A
Transmits the contract application information to the user terminal 31 using the user terminal 30 (step S601). The contract application information includes, for example, a contract (including the signature of the user A) and a certificate A obtained in advance from the certificate authority C1 registered by the user A.

Upon receiving the contract application information (step S602), the user terminal 31 notifies the user terminal 30 of the normal reception. Further, the user B makes a contract by using the user terminal 31 to confirm the signature (confirm whether the electronic signature in the contract is the signature of the user A), the validity of the certificate A, and the like. If so, a contract is created by, for example, signing the signature field of the contract (step S603). Here, since the contractor is two users A and B, the contract is completed by signing by the user B. If there are other contractors, a contract, a certificate, and the like may be further transmitted to another prospective contractor.

When the contract is completed, the user B accesses the homepage established by the contract existence proof server 20 using the user terminal 31, specifies the management number, and transmits the contract information to the contract existence proof server 20. The transmission is performed (step S604). The contract information includes a contract in which the signatures of the user A and the user B are written, a certificate A, and a certificate B.

Upon receiving the contract information (step S605), the contract existence proof server 20 notifies the user terminal 31 that the contract information has been normally received, and also notifies the user terminal 30 that the contract information has been received. . Next, the contract existence proof server 20 checks the signature and the validity of the certificate (step S606).

In this example, the signature is confirmed by decrypting the signature of the user A and the user B in the contract using the public key of each user. The contract existence proof server 20 determines that the signature in the signature column of the user B is signed by the user A if the signature in the signature column of the user A can be normally decrypted by the public key of the user A, and If the signature can be successfully decrypted using the public key of the user B, it is determined that the signature has been signed by the user B.

The validity of the certificate A and the certificate B can be checked, for example, by checking the encrypted certificate authority C, respectively.
1 and C2 are decrypted with the public keys of the certificate authorities C1 and C2, and, for example, by using a communication procedure according to the OCSP, for example, the CRs held by the respective certificate authorities C1 and C2 are stored.
This is performed by confirming L. Contract existence proof server 20
In this example, if the signature of the certificate authority C1 can be normally decrypted by the public key of the certificate authority C1 that issued the certificate A, and if the certificate A is not included in the revocation list, It is determined that letter A is valid. Further, in this example, the contract existence proof server 20 can normally decrypt the signature of the certificate authority C2 using the public key of the certificate authority C2 that issued the certificate B, and the certificate B is included in the revocation list. If not included, it is determined that the certificate B is valid.

After confirming the signature and confirming the validity, the contract existence certifying server 20 confirms the acquired contract information, the date and time of receiving the contract information, the result of confirming the signature, the date and time of confirming the signature, and the validity of the certificate. As a result, the contract information related data including various information such as the date and time of confirmation of the validity of the certificate and the date and time of registration in the database is stored in the database (step S60).
7). When storing the contract information-related data in the database, the contract existence proof server 20 assigns a management number according to the contract information-related data, and stores the data in association with the management number. When saving the contract information-related data in the database, the contract existence proof server 20 stores information (such as the name of the organization) of the certificate authority that has authenticated the certificate and the credibility of the certificate (for example, the authentication level of any class). May be stored.

After saving the contract information related data, the contract existence proof server 20 notifies the user terminal 30 and the user terminal 31 that the contract information related data has been saved (step S608). When the notification is completed, the contract information storage processing in the contract existence proof system 10 of this example ends.

Even in the case where the server is involved after the contract is concluded in this way, the electronic information on the contract is
It can be stored in the database of the contract existence proof server 20 together with the result of confirming the validity of the certificate used at the time of the contract, and even if a trouble concerning the contract occurs later, the contract By extracting the existence certificate from the contract existence proof server, it can be proved that the contract existed in the past.

Further, in the above-described embodiment, in the contract information storing process, the user A and the user B are configured to separately perform the processing for the contract existence proof server 20 temporally. The work area of the same server may be accessed at the appropriate time, various kinds of information may be exchanged in real time, and the contract procedure may be performed at the same time. In this case, for example, the contract existence proof server 20 allows access only to the party who has made the reservation registration (may include an agent) and provides a work area for performing the contract procedure for a predetermined period of time, for example. do it. Then, the contract existence proof server 20 checks the validity of the certificate used at the time of the contract procedure in the provided work area, and the contract information such as the contents of the concluded contract, the result of the validity determination, and the determination date and time. May be stored in a database.

As described above, even when a contract is concluded by exchanging information in real time, the electronic information on the contract is stored together with the result of confirming the validity of the certificate used at the time of the contract. The contract existence certificate can be stored in the database of the certification server 20, and even if troubles concerning the contract occur later, the contract existence certificate can be retrieved from the contract existence certification server 20 so that the contract exists in the past. You can prove that you did.

Further, in the above-described embodiment, the configuration is such that data relating to the contract when the contract is created as electronic data is stored. However, any electronic data such as a pledge may be used. . In addition, the present invention can be applied to electronic data such as technical literature as long as there is a possibility that it is possible to prove that the electronic data already exists at a specific time in the past. In addition, instead of electronic data (for example, a contract) signed by a plurality of persons, electronic data that can be registered by a single person may be used.

Further, in the above-described embodiment, the contract existence proof server 20 uses the OCSP to make an inquiry about the CRL to the certificate authority which has issued the certificate for verifying the validity and obtain a response. However, a configuration may also be provided that also has a function as a directory server that distributes and stores the CRL. In this case, the operator of the contract existence proof server 20 may contract with, for example, a specified number of certificate authorities to receive the latest information of the CRL regarding the issued certificate. With this configuration, a certificate used by a user who uses a specified number of certificate authorities can be verified in real time. In addition, since the directory server is operated collectively, the operation cost is reduced overall. It should be noted that not only a function as a directory server but also other functions of the certificate authority such as issuing and managing certificates may be provided.

In the above-described embodiment, the information of the parties is stored in the database of the contract existence proof server 20. However, signatures of persons other than the parties to the contract, such as intermediaries, guarantors, and agents, are used. Information such as a certificate and a certificate may be stored. In this case, first, an intermediary, a guarantor, or the like obtains information on the contract from a party to the contract via the contract existence proof server 20 or without passing through the contract existence proof server 20. Next, the intermediary or the guarantor operates its own terminal device or one of the terminals of the party, and obtains contract information on the intermediary or the guarantor (eg, a signature, a certificate, documents related to the intermediation contract, etc.). Prepare (acquire, create, etc.). The intermediary, the guarantor, and the like are used, for example, in step S207 in FIG.
In the process corresponding to step S604, the user operates his / her own terminal device or one of the terminals of the party to transmit information on the contract of the party and also information on the intermediary to the contract existence proof server 20, and transmits the contract. What is necessary is just to register in the database of the existence certification server 20. Furthermore, the contract existence proof server 20 that has acquired the information about the intermediary or the like is configured to check the signature included in the acquired information about the intermediary or the like and to confirm the validity of the certificate. Therefore, in the database of the contract existence proof server 20, for example, as shown in FIG. 7, in addition to the information on the parties, the identity of the sender of the contract information (intermediary, guarantor, agent, etc.) is confirmed. Information (for example, a signature, a signature confirmation result, a certificate, a certificate validity confirmation result) and time data such as the date and time of performing each process are stored. With this configuration, if an intermediary or a guarantor intervenes in the contract, if the information stored in the database of the contract existence proof server 20 is checked, the identity of the intermediary of the contract can be confirmed. (For example, confirmation of who registered the contract information) can be used as a material for determining the reliability of a contract created in the past.

Although not specifically mentioned in the above-described embodiment, for example, SSL (Secure Sock)
It is preferable that electronic data such as a contract document be encrypted and communicated using an encryption technology such as an Es Layer. In this case, the contract existence proof server 20 determines that the received data has not been falsified if the electronic data such as the received contract can be normally decrypted, and stores the determination result in the database. It should be kept. Furthermore, if the name and version of the used encryption technology are stored in the database, in addition to the above determination results, information such as the name and version of the encryption technology may be used to determine the reliability of the contract. Can be used as a source of judgment.

Further, a configuration may be employed in which a recording medium on which a control program for performing each process executed by the contract existence proof server 20 in the above-described embodiment is mounted. In this case, the contract existence proof server 20 is loaded with a recording medium storing a control program for executing each processing such as determination of validity of a certificate, storage of contract information, presentation of a contract existence certificate, and the like. What is necessary is just to perform each process according to a program. Also, as mentioned above,
-In addition to storing and distributing the control program in a recording medium such as a ROM, the control program may be distributed via a network and recorded on, for example, a fixed disk of the contract existence proof server 20.

[0064]

As described above, according to the information presence certification server of the present invention, information acquisition means for acquiring specific information and a certificate, validity confirmation means for confirming the validity of a certificate, The information storage unit that stores the specific information obtained in the information storage unit together with the result of the validation by the validity confirmation unit, and the specific information stored in the information storage unit and the confirmation result when there is a request to obtain information. And information existence certifying means for presenting an information existence certificate that includes information such as a contract, so that it is possible to prove that specific information such as a contract existed in the past, and specific information created in the past. Can improve the reliability of the information content. Therefore, the security of transactions on the network can be improved.

[0065] In addition, when one or more certificate authorities have an authentication function, the validity checking means checks the validity of the certificate by the authentication function. Can be confirmed. In addition, when the configuration has a function of a plurality of certificate authorities, the user information held by each certificate authority can be centrally managed, and the certificate confirmation processing performed by each certificate authority can be performed. Can be executed collectively in one place. Therefore, the total operation cost can be reduced.

In the case where the validity confirmation means confirms the validity of the certificate using the revocation list, it is possible to easily confirm the validity of the certificate of the registration requester of the specific information. it can.

Further, the information storage means is configured to also store time information for specifying the time when the information was stored in the information storage unit. If the information presence certificate includes the time information, Can prove that certain information, such as contracts, existed at a particular point in the past, and at what point in the past the particular information was valid. it can.

If the specific information is information relating to some kind of contract such as a sales contract or a commission contract, it can be proved that a predetermined contract has existed in the past. The reliability of the information content of the created contract can be improved.

According to the information existence certifying method of the present invention, a step of acquiring specific information and a certificate, a step of confirming validity of the certificate, and a step of confirming validity of the acquired specific information are performed. The method includes a step of storing the information in the information storage unit together with the result, and a step of presenting an information existence certificate including the specific information stored and the confirmation result in response to the information acquisition request. It can be proved that the specific information has existed in the past, and the reliability of the information content of the specific information created in the past can be improved. Therefore, the security of transactions on the network can be improved.

Further, according to the information existence proof control program of the present invention, the control program presents an information existence certificate for certifying the existence of information, and the control program acquires specific information and a certificate. Steps to
A step of confirming the validity of the certificate, a step of storing the obtained specific information in the information storage unit together with the result of the validity check, and a step of storing the specific information stored in response to the information acquisition request. Presenting an information existence certificate including the confirmation result, it is possible to prove that specific information such as a contract existed in the past, and to verify the specific information created in the past. The reliability of information content can be improved. Therefore, the security of transactions on the network can be improved.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating an example of a configuration of a contract existence proof system according to an embodiment of the present invention.

FIG. 2 is a sequence diagram illustrating an example of a contract information storage process of the contract existence proof system according to the embodiment of the present invention;

FIG. 3 is an explanatory diagram showing an example of a storage state of a database of a contract existence proof server according to an embodiment of the present invention.

FIG. 4 is a sequence diagram illustrating an example of a contract existence certificate acquisition process of the contract existence certification system according to the embodiment of the present invention.

FIG. 5 is an explanatory diagram showing an example of information included in a contract existence certificate according to an embodiment of the present invention.

FIG. 6 is a sequence diagram showing an example of a contract information storage process of a contract existence proof system according to another embodiment of the present invention.

FIG. 7 is an explanatory diagram showing an example of a storage state of a database of a contract existence proof server according to another embodiment of the present invention.

[Explanation of symbols]

 10 Contract Existence Proof System 20 Contract Existence Proof Server 30, 31 User Terminal 40, 41 CA (Certification Authority) Server 50 Network

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI theme coat ゛ (Reference) H04L 9/32 H04L 9/00 675D F-term (Reference) 5B049 AA05 CC31 DD05 EE09 FF03 FF04 FF09 GG04 GG07 GG10 5J104 AA09 EA05 LA03 LA05 LA06 MA01 NA02

Claims (6)

[Claims] An information acquisition unit for acquiring specific information and a certificate; a validity confirmation unit for confirming the validity of the certificate; and a confirmation result of the validity confirmation unit for the acquired specific information. And an information storage means for storing the information in the information storage unit, and when there is an information acquisition request, presenting an information existence certificate including the specific information and the confirmation result stored in the information storage unit. An information presence proof server including information existence proof means. 2. The information existence proof system according to claim 1, further comprising an authentication function provided in at least one certificate authority, wherein the validity checking means checks the validity of the certificate by the authentication function. 3. The information storage means is configured to also store time information for specifying a time when the information is stored in the information storage unit, and the information presence certificate includes the time information.
Or the information existence proof system according to claim 2. 4. The information existence proof system according to claim 1, wherein the specific information is information on a contract. 5. A step of obtaining specific information and a certificate, a step of checking the validity of the certificate, and storing the obtained specific information together with a result of checking the validity in an information storage unit. And a step of presenting an information existence certificate including the stored specific information and the confirmation result in response to an information acquisition request. 6. A control program for presenting an information presence certificate for certifying the existence of information, the control program comprising: a step of acquiring specific information and a certificate; Confirming, and acquiring the specific information, together with a result of validity confirmation, storing the information in an information storage unit, and responding to an information acquisition request, storing the specific information and the confirmation result. And a step of presenting an information presence certificate including the following.