JP2003289300A - Response-collecting system, response-collecting method, server, program for operating computer as server, and computer-readable recording medium for recording the program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a response collecting system capable of preventing unau thorized response by a respondent and the contents of response, and tracing the respondent, while securing anonymity of the respondent. <P>SOLUTION: A response apparatus generates processed first data X, before signature by using a fictitious name N and random numbers r, and transmits the data to the server 1. The server 1 applies a signature to the data X with a blind signature to generate first data XS<SB>i</SB>with signature. The response apparatus extracts a password Ai for response from the data XS<SB>i</SB>and logs in the server by using the password Ai to make a response. Upon collecting the response, the server 1 issue an acknowledgement Bi to certify that the respondent has made a response. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

TECHNICAL FIELD The present invention relates to an answer collection system for collecting answers electronically, an answer collection method, a server device,
The present invention relates to a program that causes a computer to function as a server device, and a computer-readable recording medium that records the program.

[0002]

2. Description of the Related Art In recent years, with the advent of a rapidly developing networked society, it has been desired to realize an answer collection system that allows administrative agencies to collect opinions widely from the general public via the Internet.

By the way, in such an answer collection system, in order to ensure the reliability of the answer result, one answerer must answer more than once, or one who does not have the right to reply. It is preferable that the respondent be able to check whether his / her answer contents have been tampered with (the fraud prevention) by the answer collection side or a third party. Also,
In order for respondents to be able to assert their opinions with confidence,
In order to maintain the anonymity of the respondent, it is necessary that the side collecting the response cannot associate the respondent with the response by the respondent (anonymity). In addition, in order to increase the collection rate of answers, it is sufficient to give a privilege to those who answered, but in this case, the side that collects answers issues a certificate to the respondents that they have answered. , It is necessary to be able to track respondents (tracking respondents).

[0004]

However, the above-described request cannot be answered by the conventional answer collection system.

The present invention has been made to solve the above-mentioned problems, and while securing the anonymity of the respondents, prevents the respondents from making illegal responses, preventing the tampering of the response contents of the response collecting side, and collecting the responses. An object is to provide an answer collection system, which enables the side to track respondents, an answer collection method, a server device, a program for causing a computer to function as the server device, and a computer-readable recording medium for recording the program. To do.

[0006]

In order to solve the above-mentioned problems, the invention according to claim 1 is such that an answering device for accepting an answer from an answerer is communicably connected to the answering device, and is transmitted from the answering device. A response collecting system comprising a server device for collecting answers, wherein the answering device is
The name of the respondent for identifying the respondent by subjecting the pseudonym arbitrarily determined by the respondent to blind processing by a blind signature to generate the first signature preprocessing data, and using the generated first signature preprocessing data Along with transmitting to the server device, the server device refers to the respondent name list storage means in which the respondent names of the respondents who have the reply authority are registered in advance to determine whether the respondent has the reply authority. If the respondent has the reply authority, by referring to the signature storage means that stores whether or not the first signature preprocessing data corresponding to each respondent name has been signed for a plurality of respondent names. , If the received first signature preprocessing data is signed, and if the received first signature preprocessing data is unsigned, a blind signature is applied to the first signature preprocessing data. The first signature data is generated by applying the signature according to the above, and the fact that the first signature preprocessing data corresponding to the respondent's name has been signed is registered in the signature storage means to generate the first signature data. No. 1 signature data is transmitted to the answering device, the answering device performs unblinding processing on the received first signature data by a blind signature to extract a reply password, and a blind signature blinding on the answerer name. Processing is performed to generate second signature preprocessing data, and the generated second signature preprocessing data is transmitted to the server device together with the pseudonym and the answer password, and the server device adds the received pseudonym to the received pseudonym. If the received answer password and the calculated answer password match, the answer password is calculated by performing a predetermined calculation. By determining that the answer password is valid and further referring to the answer storage means that stores whether or not the answers by the respondents corresponding to each of the pseudonyms have been collected, the received pseudonym is received. It is determined whether or not the answer by the respondent corresponding to the above has been collected, and if the answer is not collected, the answer is collected and the answer of the respondent corresponding to the pseudonym is already collected in the answer storage means. A certain registration is performed, the received second signature preprocessing data is further signed with a blind signature to generate second signature data, and the generated second signature data is transmitted to the reply device, The answering apparatus is an answer collecting system characterized in that the received second signature data is unblinded by a blind signature to extract a receipt.

According to a sixth aspect of the present invention, there is provided a server device and a reply device communicatively connected to the server device,
A reply collecting method for collecting answers by receiving answers from respondents from the answering device and transmitting the answers to the server device, wherein the answering device blindly signs a pseudonym arbitrarily determined by the respondents. The first signature preprocessing data is generated by performing a blind process according to the above, and the generated first signature preprocessing data is transmitted to the server device together with the name of the respondent for identifying the respondent, and the server device , The presence or absence of the answer authority of the respondent is determined by referring to the answerer name list storage means in which the answerer names of the respondents who have the answer authority are registered in advance. The first signature received by referring to the signature storage means for storing whether or not the first signature preprocessing data corresponding to each respondent's name has been signed It is determined whether or not the processed data is signed, and if the received first signature preprocessing data is unsigned, a blind signature is applied to the first signature preprocessing data to obtain the first signature. Data is generated, and the fact that the first signature preprocessing data corresponding to the respondent name is signed is registered in the signature storage means,
The generated first signature data is transmitted to the reply device, and the reply device performs unblinding processing on the received first signature data by a blind signature to extract a reply password, and then the reply person name. The second signature preprocessing data is generated by performing a blind process with a blind signature on the second signature preprocessing data, and the generated second signature preprocessing data is transmitted to the server device together with the pseudonym and the answer password. , A predetermined operation is performed on the received kana to calculate an answer password, and when the received answer password and the calculated answer password match, it is determined that the received answer password is valid. , Further refer to an answer storage means for storing whether or not the answers by the respondents corresponding to each of the kana have been collected. In this way, it is determined whether or not the answer by the respondent corresponding to the received kana has been collected. If not, the answer is collected and the answer corresponding to the kana is stored in the answer storage means. Register that the person's answers have been collected, further apply a blind signature to the received second signature preprocessing data to generate second signature data, and generate the second signature data. The answer collecting method is characterized in that the answer collecting apparatus transmits the answer to the answering apparatus, and the answering apparatus performs unblinding processing on the received second signature data by a blind signature to extract a receipt.

According to these configurations, the respondent obtains the reply password by performing the unblinding process on the first signature data generated by the server device, but the server device does not have the reply authority. For those who do not have the reply authority and who have the reply authority but have already generated the first signature data, since the first signature data is not generated, the person who does not have the reply authority and the password for the reply has already been acquired. Cannot obtain the answer password. That is, one respondent cannot acquire multiple answer passwords. Therefore, duplicate answers by one respondent are prevented.

Further, since the server device generates the first signature data by the blind signature, the pseudonym cannot be specified when generating the first signature data.

Further, when collecting answers from the respondents, the server device uses the received pseudonyms and the reply passwords to determine whether the respondents have the reply authority. Yes, but you cannot associate respondent names with answers. As a result, the anonymity of the respondent can be maintained.

Further, when collecting the answers from the respondents, the server device refers to the answer storage means to determine whether the answers of the respondents who have sent the pseudonyms have not been collected. Since only the answers are collected, duplicate answers by one respondent can be prevented.

When collecting answers from the respondents, the server device generates second signature data for the respondents to obtain the receipt. The second signature data is generated by a blind signature. Therefore, the server device
The name of the respondent cannot be specified. On the other hand, the server device can identify the receipt if the answerer's name is known. Therefore, the respondent who obtains the receipt by performing the unblinding process on the second signature data sends the receipt to the server device 1 You can prove that you have answered by presenting to.

The invention according to claim 2 is the invention according to claim 1, wherein there are m types of the answers (m is a natural number:
m = 1, 2, 3, ...), and the first signature data is received from the response device using the type number Li (1 ≦ i ≦ m) corresponding to the type of response. The pre-signature processing data includes m pieces of first signature data corresponding to the type of answer obtained by applying a blind signature, and the reply password is blind to each of the received first signature data. The second signature preprocessing data including m answer passwords corresponding to the type of the answer extracted by performing the unblinding process with the signature is determined for each type of answer with respect to the respondent name. The second reply preprocessing data corresponding to the type of the reply generated by performing the blind process with the blind signature using the random number, and the reply device further includes the reply password,
When transmitting the second pre-signature processing data and the pseudonym, the type number is further transmitted, and the server device further performs a predetermined operation on the received pseudonym and the received type number Li to obtain the answer type. The answer password for each is calculated, if the received answer password and the calculated answer password match, it is determined that the received answer password is valid, further the answer storage means, For each kana, it stores for each type of answer whether or not answers by the respondent corresponding to the kana have been collected, and the server device corresponds to the answer password received by referring to the answer storage means. Is determined for each type of answer, and if the answer is collected, the answer corresponding to the type of answer is collected and the answer storage means Registration is performed to the effect that answers corresponding to the applicable type of answer have been collected, and the second signature data is obtained by applying a blind signature to each second signature preprocessing data. The answer includes m second signature data corresponding to the type, and the receipt is extracted by performing an unblind process on the received second signature data using a random number determined for each type of the answer. It is characterized by including m receipts corresponding to the types of.

According to this configuration, the server device 1 has the first
By generating the first signature data for each type of reply using the type number Li corresponding to each reply for the signature data of 1, the reply device performs the unblind process on the received first signature data. , Extract the answer password for each answer type. Therefore, when there are a plurality of types of answers, the respondent can obtain one answer password for each answer, so that it is possible to prevent the respondents from making duplicate answers for each type of answer.

Further, the reply device generates the second signature preprocessing data by using the random number selected for each kind of reply,
The server device applies a blind signature to each of the received second pre-signature processing data to generate second signature data, and the reply device unblinds each of the second signature data. Since the receipt is extracted by performing the process, the respondent can obtain the receipt for certifying that the answer has been given for each type of answer.
Therefore, the respondent can insist that he / she has answered for each type of answer.

According to a third aspect of the present invention, in the answer collecting system according to the first or second aspect, the first signature preprocessing data is a blind signature for a data obtained by subjecting a pseudonym to a hash process. It is characterized by being processed.

According to this configuration, since the first signature preprocessing data is generated using the hash value of the pseudonym, the server device may further specify the pseudonym when generating the first signature data. It will be difficult.

The invention according to claim 4 is the answer collecting system according to any one of claims 1 to 3, wherein the second signature preprocessing data is obtained by subjecting the respondent name to a predetermined hashing process. The data is blind-processed by a blind signature.

According to this structure, since the second signature preprocessing data is generated using the hash value of the respondent name, the server device specifies the respondent name when generating the second signature data. It becomes more difficult to do.

According to a fifth aspect of the present invention, in the answer collecting system according to any one of the first to fourth aspects, the server device includes a public board that can be browsed through a communication network, and the pseudonym and the pseudonym are used. It is stored in the public board in association with the answer from.

According to this configuration, the pseudonym and the answer of the respondent who owns the pseudonym are stored in the public board that can be browsed through the communication network. Therefore, the respondent can refer to this public board. Then, it is possible to confirm whether or not the own answer has been tampered with on the server device side.

According to a seventh aspect of the present invention, there is provided a server device that is communicatively connected to an answering device that receives an answer from an answerer and collects the answers transmitted from the answering device. First pre-processing data for signature and first respondent name for identifying the respondent
And a response for judging whether or not the respondent corresponding to the received respondent name has the reply authority by referring to the respondent name list storage means in which the respondent names of the respondents who have the reply authority are registered in advance. When it is determined that the authority determining means and the respondent corresponding to the answerer name received by the answering authority determiner have the answer authority, the first station corresponding to each respondent's name regarding a plurality of respondent names Signature information determining means for determining whether or not the first pre-signature processing data received by referring to a signature storing means for storing whether or not the name processing data has been signed; When the signature information determining unit determines that the received first pre-signature processing data is unsigned, the first signature pre-processing data is signed with a blind signature to generate first signature data. Then First signature means for registering in the signature storage means that the first signature preprocessing data corresponding to the respondent's name has been signed, and the generated first signature data for the reply device. And a reply password extracted by performing unblinding processing on the received first signature data by a blind signature by the reply device and a reply signature by the reply device. Second receiving means for receiving the second pre-signature processing data and the pseudonym generated by performing the blind process, and a predetermined operation for the received pseudonym to calculate an answer password and receive The answer password confirmation that determines whether the received answer password and the calculated answer password match, and determines whether the received answer password is valid. And a means for confirming the answer password, if the received answer password is judged to be valid, it stores whether or not the answers by a respondent corresponding to each kana have been collected for a plurality of kana. The answer collection confirmation means for determining whether or not the answer by the respondent corresponding to the received kana has been collected by referring to the answer storage means, and the answer collection confirmation means corresponds to the kana. When it is determined that the answer by the respondent has not been collected, the answer collecting means that collects the answer and also registers in the answer storage means that the answer of the respondent corresponding to the pseudonym has been collected. A second signature means for generating a second signature data by applying a blind signature to the received second signature preprocessing data, and the generated second signature. It is a server device comprising a second signature data transmitting means for transmitting name data to the answering device.

According to this configuration, a server device for realizing the answer collection system is provided.

The invention according to claim 8 is a computer,
It is a program for functioning as the server device according to claim 7.

According to a ninth aspect of the present invention, there is provided a computer,
According to these configurations, which are computer-readable recording media in which the program for functioning as the server device according to claim 7 is recorded, the program of the present invention can be stored in a computer such as a commercially available personal computer. The computer can be easily made to function as a server device by installing it in the.

[0026]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 is an overall configuration diagram of an embodiment of an answer collection system according to the present invention. This answer collection system accepts the answers from the server device 1 that collects the answers of the respondents and the respondents, and receives the accepted answers from the server device 1
And a reply device 2 for sending to The server device 1 and the answer device 2 are communicably connected via the Internet, LAN, or the like.

The answer in this embodiment is a lesson evaluation answer at a university, a plurality of students are assumed as the respondents, and the university collects the answers.
The student who is the respondent answers using the answering device 2.
The response device 2 receives the response from the student and transmits the response to the server device 1. When responding, the student responds by using the respondent name U, which is his real name for identifying himself, and the pseudonym N, which is a nickname freely decided by the student himself, apart from the respondent name U. This answer system uses the answer password registration phase (handle registration phase) for the answerer (student) to obtain the password A for replying from the server device (university side), and the answerer using the answer password. It is composed of two phases, namely, a reply phase in which the server device 1 (university side) issues a receipt B for replying and proving that it has answered. Further, in the present answer collection system, the answer exists for each course at the university, and the answer password A and the receipt B exist for each course. Each course has
Type number Li (1 ≤ i ≤ m) for specifying the course
Is added, and in the following description, when various data that appear are for each type number, for example, type number L
The reply password corresponding to 1 is B1, the password corresponding to the classification number L2 is B2, and so on, and the same subscript i is attached to the data to indicate the corresponding relationship.

FIG. 2 shows an example of a block diagram of the server device 1. The server device 1 is a central processing unit 10.
00, a storage device 1100, an input device, a display device, a communication device, and the like, and is a normal personal computer. By installing a program for causing the personal computer to function as a server device, I am trying. The storage device 1100 includes a respondent name list storage unit 1101, a signature storage unit 1102, a response storage unit 1103, and a public key storage unit 11.
04, private key storage unit 1105, type number storage unit 1106
And a public board 1107.

The respondent name list storage unit 1101 stores a list of persons who have the authority to reply to the answers. Specifically, as shown in FIG. 3, the respondent name list storage unit 1101
Is the respondent name U for identifying the respondent of the answer,
Depending on the respondent who owns the respondent name U, the respondent name U
The password P for authenticating whether or not is stored is stored.

As shown in FIG. 4, the signature storage unit 1102 stores a respondent name U and signature information indicating whether the pseudonym N corresponding to the respondent name U has been signed. Specifically, when the pseudonym N corresponding to the respondent name U is signed, the signature storage unit 1102 sets the signature information of the corresponding respondent name U to “finished”, while the respondent name If the pseudonym N corresponding to U has not been signed yet, the signature information of the corresponding respondent name U is set to “not yet”. In Figure 4,
Alice, Bob, Chris, etc. are stored as the respondent name U, and the respondent name Alice and Chris are stored.
, The corresponding pseudonym N is not signed, so the signature information is “not yet”. On the other hand, the respondent name B
Since ob is signed with the corresponding pseudonym N,
The signature information is "completed".

The answer storage unit 1103 stores the answer of the respondent corresponding to the pseudonym N. Specifically, the table as shown in FIG. 5 is stored. This table is a column of "Kana", "Answer information" that indicates whether the answers corresponding to each Kana have been collected for each type of answer, and "Answer contents" that stores the contents of each respondent's answer. It consists of
In the example of FIG. 5, as the “kana”, motor and disease
1 is stored. In addition, since the pseudonym motor has a reply password for replying to the classification numbers L1 to L3, and the answers corresponding to the classification numbers L1 and L3 have not been collected yet, the pseudonyms motor are classified into the classification numbers L1 and L3. The corresponding answer information is "not yet". Further, since the answer corresponding to L2 has already been collected, the answer information corresponding to the type number L2 is “completed”. The “response content” column stores the response as shown in FIG. As shown in FIG. 6, this answer includes an answer column in which the respondent describes the opinion in a free format.

The public key storage unit 1104 stores the first public key K1 (key e, modulus n) used when the first signature preprocessed data X is generated in the response device 2 and the second signature. The second public key K used when generating the name processing data Y
2 (key e ′, modulus n ′) is stored. The first and second public keys K1 and K2 are published by the server device 1 (university side), and the response device 2 (student side) uses the first and second public keys K1 and K2. Can be specified.

The private key storage unit 1105 has a first private key V1 used for generating the first signature data XSi.
The (key d, modulus n) and the second secret key V2 (key d ′, modulus n ′) used when generating the second signature data YSi are stored. Here, the first and second secret keys V1 and V2 are
The data corresponding to the first public keys K1 and K2 respectively, and the data encrypted with the first and second public keys K1 and K2 are
It can be decrypted using the first and second secret keys V1 and V2, respectively. The answer device 2 (respondent) cannot be specified by the first and second secret keys V1 and V2.

The type number storage unit 1106 stores a type number Li for discriminating the type of each answer.

The public board 1107 stores an answer public table in which a pseudonym N and an answer corresponding to the pseudonym N are described in association with each other. This answer disclosure table is created in a language that can be browsed by a WWW browser, for example, HTML. The public board 1107 is publicized on the communication network, and a third party can browse the answer public table.

The central processing unit 1000 includes a reply authority judging section 1001, a signature information judging section 1002, and a first signing section 10.
03, reply password confirmation unit 1004, reply collection confirmation unit 1005, reply collection unit 1006, second signature unit 100
7, a transmitter 1008 and a receiver 1009.

The answer authority judging unit 1001 determines, based on the answerer name U and the password P transmitted from the answering device 2,
It is determined whether the respondent who has sent the respondent name U has the authority to reply to the answer. For details, the name of the respondent U received
Is present in the respondent name list storage unit 1101, and if present, it is further determined whether or not the password P matches the password stored in association with the detected respondent name U, If they match, it is judged that the respondent has the authority to reply to the answer. On the other hand, if the received respondent name U does not exist in the respondent name list storage unit 1101, or the received respondent name U exists in the respondent name list storage unit 1101, it corresponds to the respondent name U. When the password stored additionally does not match the received password P, the respondent determines that he does not have the reply authority.

When the reply authority judging section 1001 judges that the respondent has the reply authority, the signature information judging section 1002 determines that the first signature preprocessing data X transmitted together with the respondent name U has been signed. Determine if there is. Here, the first signature preprocessing data X is data generated by the response device 2 to generate the response password, and is represented by Expression (1).

[0039]

[Equation 1]

In the equation (1), r is a random number determined by the answering device 2, and h is a hash function.
In addition, mod is, for example, α when expressed as α mod β.
Indicates the remainder divided by.

The signature information judging unit 1002 judges whether or not the respondent name U sent from the respondent is stored in the signature storage unit 1102, and if it is stored, further corresponds to the respondent name U. Refer to the signature information stored with
If the referred signature information is “not yet”, the first signature preprocessing data X is determined to be unsigned. On the other hand, if the signature information stored in association with the respondent name U is “Done”, the signature information determination unit 1002 determines that the first signature preprocessing data X has been signed.

When the signature information judgment unit 1002 judges that the first signature preprocessing data X is unsigned, the first signature unit 1003 signs the first signature preprocessing data X with a blind signature. Give. Specifically, each answer is handled by performing the calculation shown in Expression (2) using the first secret key V1 stored in the secret key storage unit 1105 and the type number Li stored in the type number storage unit 1106. To generate the first signature data XSi.

[0043]

[Equation 2]

The answer password confirmation unit 1004 determines whether the answer password Ai transmitted from the answering device 2 is valid. More specifically, by performing the calculation of Expression (3) using the type number Li, the pseudonym N, the hash function h, and the key d of the first secret key V1, the reply password Ai transmitted from the reply device 2 Determine whether it is legitimate.

[0045]

[Equation 3]

Here, the reply password Ai represented by the equation (3) is extracted by the reply device 2 which has received the first signature data XSi. The reply password confirmation unit 1004 determines whether or not the reply password Ai ′ calculated by the calculation of the equation (3) and the reply password Ai transmitted from the reply device 2 match. And
If the calculated answer password Ai 'matches the sent answer password Ai, it is determined that the answer password Ai is valid. On the other hand, the reply password confirmation unit 1004 determines that the calculated reply password Ai
If 'and the transmitted reply password Ai do not match, it is determined that the transmitted reply password is not valid. Since the answer password Ai exists for each type of answer, the answer password confirmation unit 1004
Calculates the answer password Ai ′ by the calculation of the equation (3) for each of the sent answer passwords Ai, and judges the validity of the answer password Ai ′.

The answer collection confirmation unit 1005 creates a second signature data YSi by applying a blind signature to the second signature preprocessing data Yi transmitted from the answer device 2. More specifically, the received signature preprocessed data Yi is subjected to the operation of Expression (4) using the type number Li and the second secret key V ′ (key d ′, modulo n ′) to obtain a signature with a blind signature. Then, the second signature data YSi is generated. Here, the second pre-signature processing data Yi is data generated by the respondent device 2 for the respondent to obtain the receipt Bi, and is represented by Expression (5).

[0048]

[Equation 4]

Upon receipt of the valid answer password Ai, the answer collection confirmation unit 1005 determines whether or not the answers from the respondents who have sent the answer password Ai have not been collected. Specifically, the answer storage unit 1103
In the above, the corresponding “response information” column is referred to from the received pseudonym N and the received classification number Li, and if “not yet” is described in the referred “response information” column, the received classification number Li It is determined that the answers corresponding to are not collected.
If the answer collection confirmation unit 1005 describes “Completed” in the column of the response information referred from the received pseudonym N and the received classification number Li, the response corresponding to the received classification number Li will be collected. Judged as already done.

The answer collection unit 1006 is the answer collection confirmation unit 1
When it is determined that the answer corresponding to the classification number Li received in 005 is not collected, the received answers are collected, and the collected answers are stored in the received pseudonym N and the received classification number Li of the answer storage unit 1103. It is stored in the corresponding answer content column. Here, since the answer collection unit 1006 collects the received answers only when the answers are not collected after the answer collection confirmation unit 1005 determines whether the answers are uncollected, the answers are duplicated. Answers are prevented.

The transmission unit 1008 transmits various data to the response device 2. The data to be transmitted includes the first signature data XSi and the second signature data YSi.

The receiving unit 1009 receives various data transmitted from the answering device 2. As the data to be received,
First signature preprocessing data X, respondent name U, password P, reply password Ai, second signature preprocessing data Y
i, etc. are included.

FIG. 7 shows an example of a block diagram of the answering device 2. The answer device 2 is the central processing device 200.
0, storage device 2100, input device 2300, display device,
The personal computer is an ordinary personal computer provided with a communication device and the like, and the personal computer is referred to as the response device 2 by installing a program for causing the computer to function as the response device.

The storage device 2100 has a respondent storage unit 210.
1, a random number storage unit 2102, a pseudonym storage unit 2103, and a public key storage unit 2104.

The respondent storage unit 2101 is a respondent name U for identifying the respondent himself / herself input by the respondent (for example, a third party can designate the respondent like the respondent's real name). Things).

The random number storage unit 2102 includes a random number selection unit 200.
The random number selected by 1 is stored. Kana storage unit 210
3 stores the pseudonym N determined by the respondent and input by the input device 2300. Here, the kana N is
It is like a nickname decided by the respondent, and only the respondent himself knows it, and the respondent himself cannot be specified by a third party.

The public key storage unit 2104 stores the public key published by the server. The public key includes a first public key K1 required when generating the first pre-signature processing data X and a second public key required when generating the second pre-signature processing data Y.
Public key K2 is included.

The central processing unit 2000 includes the random number selection unit 20.
01, first signature preprocessing data generation unit 2002, reply password extraction unit 2003, second signature preprocessing data generation unit 2004, receipt extraction unit 2005, transmission unit 2006
And a receiving unit 2007.

The random number selection unit 2001 selects the random number r used when generating the first signature preprocessed data X, and the random number Q used when generating the second signature preprocessed data Yi. Is selected. In the following description, as the random number Q, a random number of 1 is determined so as to correspond to each type of answer. Therefore, the random number corresponding to the classification number Li is Q.
Denote by i. Here, since the random number r is necessary when performing the unblinding process on the first signature data XS, the selected random number r is stored in the random number storage unit 2102.
The random number Qi is also stored in the random number storage unit 2102 because it is necessary when performing the unblinding process on the second signature data YSi.

First signature preprocessing data generation section 2002
Uses the hash value h (N) of the pseudonym N with the first public key K1 and the random number r to calculate the above equation (1) to generate the first pre-signature processing data X. Here, since the random number r is selected by the answering device 2, the server device 1 cannot specify the random number r used in Expression (1).
Therefore, when a signature is given to the first pre-signature processing data X in the server device 1, the server device 1
H (N) cannot be extracted even by using the secret key V1 of the above, and therefore the server device 1 cannot extract the pseudonym N.

The reply password extraction unit 2003 performs an unblind process by a blind signature on the received first signature data XSi using the random number r stored in the random number storage unit 2102, and is represented by the above equation (3). The answer password Ai is extracted. That is, the response device 2 uses the random number r selected by the random number selection unit 2001 as the random number storage unit 210.
Since it is stored in No. 2, it is possible to specify the random number r of the first signature preprocessing data X represented by the equation (1). Therefore, the answer password extraction unit 2003 can extract the answer password Ai represented by the above equation (3) from the first signature data XSi. Also, the server device 1
Can calculate this answer password Ai using the received pseudonym N, the hash function h, the received type number Li, and the first secret key V1. Therefore, the answer password transmitted from the answer device 2 The legitimacy of Ai can be judged.

Second signature preprocessing data generation section 2004
Is a random number Qi, a second public key K2 (key e ′, modulus n ′),
Using the hash value h (U) of the respondent name U, the second signature preprocessed data Yi is generated by performing the operation represented by the above equation (5). Here, since the server device 1 cannot specify the random number Qi, the second secret key Vi
Even if 2 is used, h (u) is obtained from the second signature preprocessing data Yi.
Cannot be extracted and therefore the server device 1
Cannot extract the kana N.

The receipt extracting unit 2005 adds the second signature data YSi sent from the server device 1 to the random number storage unit 2
The random number Qi stored in 102 is used to perform the unblinding process using the blind signature shown in Expression (6).

[0064]

[Equation 5]

Since the expression (6) is expanded as shown in the expression (7), the receipt extracting unit 2005 uses the second public key K2 to calculate the expression (8) from the second signature data YSi. )
The receipt Bi shown by can be extracted.

Further, the server device 1 uses the hash function h,
Since the private key V2 can be specified, the respondent name U,
When the classification number Li is presented, the receipt Bi ′ can be calculated using the formula (8). Therefore, when the respondent is presented with the receipt Bi and the respondent name U and the classification number Li, the server device 1 calculates the receipt Bi ′ calculated.
Whether or not the presented receipt Bi (transmitted from the response device 2) is valid can be determined by whether or not the presented receipt Bi matches.

The transmitting unit 2006 transmits various data to the receiving unit 1009 of the server device 1. In addition, the receiving unit 200
7 receives various data transmitted from the transmission unit 1008 of the server device.

Next, the processing procedure performed by the server device 1 and the reply device 2 in the reply password registration phase will be described with reference to the flowchart shown in FIG.

First, in the response device 2, the respondent name U entered by the respondent via the input device 2300,
The pseudonym N and password P are accepted (S101).
Next, the random number selection unit 2001 selects the random number r (S102). Next, the first signature preprocessing data generation unit 2002 generates the first signature preprocessing data X using the random number r (S103). Next, respondent name U, password P, pseudonym N, first signature preprocessing data X
Is transmitted to the server device 1 by the transmission unit 2006 (S104).

Next, in the server device 1, the answer authority determining unit 1001 uses the received answerer name U and password P to send the answerer name U and password P, and the answerer has the answer authority. It is determined whether or not (S
105), if the respondent has the reply authority (YES in S105), the signature information determination unit 1002 further determines whether or not the first signature preprocessing data X is unsigned (S106). In the case of signature (YES in S106),
The first signature unit 1003 signs the first signature preprocessing data X (S107), and generates the first signature data XSi. On the other hand, when the answer authority determining unit 1001 determines that the respondent does not have the answer authority (S105).
NO), data for notifying the respondent that the server device 1 cannot be logged in is transmitted to the answer device 2 (S1).
10). Next, the transmission unit 1008 transmits the first signature data XSi to the response device 2 (S108). On the other hand, when the signature information determination unit 1002 determines that the signature has been made (NO in S106), data notifying the respondent that it has been signed is transmitted to the response device 2 (S11).
1).

Next, in the reply device 2, the reply password extraction unit 2003 causes the first signature data XSi
The answer password Ai is extracted using a random number r (S109). Through the above processing procedure, the respondent acquires the answer password Ai.

Next, the processing procedure performed by the server device 1 and the response device 2 in the password registration phase will be described with reference to the flowchart shown in FIG. First, in the answer device 2, the answer password Ai, the pseudonym N, and the classification number Li are input by the respondent via the input device 2300, and these input data are transmitted to the server device 1 (S201). Next, the random number selection unit 2001 selects the random number Qi (S202). Then the second
The signature preprocessing data generation unit 2004 of
The second signature preprocessing data Yi is generated using the respondent name U and the second public key K2, and is transmitted to the server device 1 (S203).

Next, in the server device 1, the answer password Ai 'is calculated using the type number Li, the pseudonym N, and the second secret key V2 (S204). Next, the answer password confirmation unit 1004 determines whether or not the calculated answer password Ai ′ and the received answer password Ai match (S205). When the received reply password Ai and the calculated reply password match (YES in S205), the reply collection confirmation unit 10
With reference to 05, the received kana N and the classification number Li are used to determine whether or not the answers corresponding to the kana N and the classification number Li have been collected by referring to the answer information in the answer storage unit 1103 ( If it is determined that the answer is not collected (S206) (YES in S206), the answers are collected (S207).

On the other hand, when the reply password confirmation unit 1004 determines that the reply password Ai is not valid (NO in S205), the reply data indicating that the reply cannot be collected is returned. It is transmitted to the device 2 (S212). If the answer collection confirmation unit 1005 determines that the answers have been collected (N in S206).
O), the data notifying the respondent that the answers cannot be collected is transmitted to the answering device 2 (S213).

Next, the second signature unit 1007 applies a blind signature to the second signature preprocessed data Yi using the second secret key V2 (S208), and the second signature data YSi is obtained. Is generated. Next, the generated second signature data YSi is transmitted to the response device 2 (S209).

Next, in the response device 2, the second signature data YSi is subjected to the unblinding process using the random number Qi (S210), and the receipt Bi is extracted (S21).
1). In this way, the respondent obtains the receipt Bi.

As described above, according to the present answer collection system, since the answer password Ai cannot be given to the answerer who does not have the answer authority, only the answerer who has the answer authority can answer.

Even if the respondent has the reply authority, the first pre-signature processing data X is signed only when it is not signed. The answer password Ai cannot be obtained.
Therefore, it is possible to prevent double reply from one respondent.

The answer password Ai acquired by the respondent is extracted from the first signature data XSi generated by the server device 1. This first signature data XSi is blind-signed. Since the data is generated, the server device 1 uses the pseudonym N to the respondent name U
Cannot be identified. On the other hand, in the answer phase,
Since the respondent logs in to the server device 1 using the reply password Ai and the pseudonym N acquired in the reply password acquisition phase, the server device 1 can specify the relationship between the pseudonym N and the reply. However, the relationship between the respondent name U and the answer cannot be specified. Therefore, the anonymity of the respondent can be maintained. Further, since the blind signature is used also when the receipt Bi is issued, even if the respondent presents the receipt Bi to the server device 1 at a later date, the pseudonym N cannot be specified from the receipt Bi, so the respondent Cannot be specified.

Since the public board 1107 is provided, the respondent can browse the reply public table, and the public reply table has kana N and kana N.
Since the answer corresponding to is described in association with each other, the respondent who is the selector of the pseudonym N can confirm whether his / her answer has been tampered with.

The present invention can take the following aspects.

(1) In this embodiment, the case of collecting answers for m kinds of answers has been described, but the present invention is not limited to this, and answers for one kind of answer may be collected. In this case, since the type number Li is unnecessary, the first signature data represented by the equation (2) is represented by the equation (9).
It is represented by.

The answer password Ai expressed by the equation (3) is expressed by the equation (10).

Further, since it is not necessary to generate the random number Qi for each answer type, the second signature preprocessing data Yi represented by the equation (4) is represented by the equation (11).

Further, the second signature data YSi represented by the equation (5) and the receipt Bi represented by the equations (6) and (8)
Are respectively expressed by Equation (12), Equation (13) and Equation (14).

[0086]

[Equation 6]

(2) In the above embodiment, the answer collecting system according to the present invention is applied to the answer of the lesson evaluation of the university. However, the present invention is not limited to this. It may be applied to those who collect opinions from the general public through. In this case, since the anonymity of the respondents is maintained, the response rate is expected to increase. Moreover, you may apply this answer collection system to an electronic voting system.

[0088]

As described above, according to the present invention, a person who does not have the reply authority and a person who has the reply authority have the reply authority because the person who has already obtained the reply password does not have the reply password. It is possible to prevent duplicate answers from those who do not have the answers and those who have the authority to reply.

Further, when collecting the answers from the respondents, the server device uses the received pseudonyms and the reply passwords to judge whether the respondents have the reply authority, and the respondents have the reply authority. Only when the answers of the respondent are collected, the anonymity of the respondent can be maintained. Therefore, the response rate is expected to rise.

When collecting the answers from the respondents, the server device refers to the answer storage means to judge whether the answers of the respondents who have sent the pseudonyms have not been collected. Since only the answers of the respondents are collected, duplicate answers by one respondent can be prevented. Therefore, for example, a dishonest answer by a malicious respondent can be prevented.

When collecting answers, the server device
Although the respondent generates the second signature data for obtaining the receipt, since the second signature data is generated by the blind signature, the server device cannot specify the respondent name. On the other hand, the server device can identify the receipt if the name of the respondent is known. Therefore, the respondent who obtains the receipt by performing the unblind process on the second signature data sends the receipt to the server device. By presenting it, you can prove that you have answered. Therefore, it becomes possible for the side that collects the answers to give a privilege to the respondents on condition that the receipt is presented, and further increase in the response rate is expected.

[Brief description of drawings]

FIG. 1 is an overall configuration diagram of an embodiment of an answer collection system according to the present invention.

FIG. 2 is a diagram showing an example of a block configuration diagram of a server device according to the present invention.

FIG. 3 is a diagram showing a data structure of a respondent name list storage unit.

FIG. 4 is a diagram showing a data structure of a signature storage unit.

FIG. 5 is a diagram showing a data structure of an answer storage unit.

FIG. 6 is a diagram showing a response example of a response stored in a response storage unit.

FIG. 7 is a diagram showing an example of a block configuration diagram of a response device.

FIG. 8 is a flowchart showing a processing procedure performed by the server device and the reply device in the reply password registration phase.

FIG. 9 is a flowchart showing a processing procedure performed by the server device and the response device in the password registration phase.

[Explanation of symbols]

1 server device 2 Server device 1000 Central processing unit 1001 Answer authority judgment section 1002 Signature information judgment unit 1003 First signature section 1004 Answer password confirmation part 1005 Response Collection Confirmation Section 1006 Answer Collection Department 1007 Second signature section 1008 transmitter 1009 Receiver 1100 storage device 1101 Respondent name list storage unit 1102 signature storage unit 1103 Answer storage unit 1104 public key storage 1105 Private key storage unit 1106 Type number storage unit 1107 Hash function storage unit 2000 Central processing unit 2001 Random number selection unit 2002 First signature preprocessing data generation unit 2003 Answer password extractor 2004 Second signature preprocessing data generation unit 2005 Receipt extractor 2006 transmitter 2007 Receiver 2100 storage device 2101 Respondent storage 2102 random number storage

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04L 9/00 673A (72) Inventor Hirofumi Oka 8916-5 Takayama-cho, Ikoma-shi, Nara Nara Institute of Advanced Science and Technology University F-term (reference) 5B085 AA08 AE02 AE09 AE15 AE23 AE29 BA07 BG01 BG02 BG07 5J104 AA09 EA03 EA19 LA03 LA08 NA02 NA05 PA07

Claims (9)

[Claims] 1. An answer collection system comprising: an answering device that accepts answers from respondents; and a server device that is communicatively connected to the answering device and that collects answers sent from the answering device. The apparatus performs blind processing with a blind signature on a pseudonym arbitrarily determined by the respondent to generate first signature preprocessing data, and the generated first signature preprocessing data is used to identify the respondent. Whether or not the respondent has the reply authority by sending to the server apparatus together with the name of the respondent, and the server apparatus refers to the answerer name list storage means in which the answerer names of the respondents who have the reply authority are registered in advance. If the respondent has the reply authority, it is stored whether or not the first signature preprocessing data corresponding to each respondent name has been signed for a plurality of respondent names. By referring to the signature storage means, it is determined whether or not the received first pre-signature processing data is signed, and if the received first pre-signature processing data is not signed, the first The first signature data is generated by applying a blind signature to the signature preprocessing data of No. 1 and the first signature preprocessing data corresponding to the respondent name is signed in the signature storage means. The registration is performed, the generated first signature data is transmitted to the reply device, and the reply device performs an unblind process by a blind signature on the received first signature data to extract a reply password, The respondent name is blind-processed by a blind signature to generate second signature preprocessing data, and the generated second signature preprocessing data is used together with the pseudonym and the reply password. The server device performs a predetermined operation on the received pseudonym to calculate a reply password, and when the received reply password and the calculated reply password match, the server device receives the reply password. The answer password is judged to be valid and further received by referring to the answer storage means for storing whether or not the answers by the respondents corresponding to each of the kana have been collected for a plurality of kana. Determine whether the answers by the respondents corresponding to the pseudonym have been collected,
When not yet collected, the answers are collected and the reply storage means registers that the answers of the respondent corresponding to the pseudonym have been collected, and is blinded to the received second signature preprocessing data. A signature is applied to generate a second signature data, the generated second signature data is transmitted to the reply device, and the reply device performs an unblind process on the received second signature data by a blind signature. An answer collection system characterized by applying receipts and extracting receipts. 2. There are m types of answers (m is a natural number: m
= 1, 2, 3, ...), The first signature data is the first signature received from the reply device using a classification number Li (1 ≦ i ≦ m) corresponding to the type of reply. The name processing data includes m pieces of first signature data corresponding to the type of answer obtained by applying a blind signature to the name processing data, and the answer password includes a blind signature for each of the received first signature data. Including m answer passwords corresponding to the types of answers extracted by performing the unblind processing by the above, the second signature preprocessing data is determined for each type of answer for the respondent name. The answer device includes m second pieces of signature preprocessing data corresponding to the type of answer generated by performing blind processing by blind signature using a random number, and the answering device includes the answer password and the second answer.
When transmitting the signature pre-processed data and the pseudonym, the type number is further transmitted, and the server device further performs a predetermined operation on the received pseudonym and the received type number Li to perform the operation for each response type. An answer password is calculated, and when the received answer password and the calculated answer password match, it is determined that the received answer password is valid, and the answer storage means further relates to each pseudonym. For each type of answer, it stores whether or not the answers by the respondents corresponding to the kana have been collected, and the server device refers to the answer storage means to obtain the answer corresponding to the answer password. Whether or not it has been collected is determined for each type of answer, and if it has been collected, the answers corresponding to the type of the answer are collected and the answer storage means is applicable. Registered that the answers corresponding to the types of answers have been collected, and the second signature data is the type of answers obtained by applying a blind signature to each second signature preprocessing data. And m receipts of the second signature data corresponding to the received second signature data, and the received second signature data is subjected to an unblind process using a random number determined for each type of the response The answer collection system according to claim 1, characterized in that it includes m receipts corresponding to types. 3. The first signature preprocessing data is data obtained by subjecting a pseudonym to a hash process and subjecting the data to a blind process using a blind signature. Answer collection system. 4. The second pre-signature processing data is data obtained by subjecting an answerer name to a predetermined hash process and subjecting the data to a blind process using a blind signature. The answer collection system according to any one of Items 1 to 3. 5. The server device comprises a public board that can be browsed via a communication network, and stores the pseudonym and an answer by the pseudonym in the public board in association with each other. Answer collection system according to any one of 4. 6. A server device and an answering device communicatively connected to the server device. The answering device collects an answer by accepting an answer from an answerer and transmitting the answer to the server device. An answer collecting method, wherein the answering device performs a blind process by a blind signature on a pseudonym arbitrarily determined by a respondent to generate first signature preprocessing data, and the generated first signature preprocessing data To the server device together with the name of the respondent for identifying the respondent, the server device, the presence or absence of the answer authority of the respondent, the answer registered in advance the answerer name of the respondent who has the answer authority. When it is determined by referring to the person name list storage means and the respondent has the reply authority, the first signature preprocessing data corresponding to each respondent name is registered for a plurality of respondent names. By referring to the signature storage means for storing whether or not it has been completed, it is determined whether or not the received first signature preprocessing data is signed, and the received first signature preprocessing data Is not signed, the first signature preprocessing data is signed with a blind signature to generate first signature data, and the first signature data corresponding to the respondent's name is stored in the signature storage means. The processed data is registered to be signed, and the generated first signature data is transmitted to the reply device, and the reply device performs an unblind process by a blind signature on the received first signature data. After extracting the given answer password, the respondent name is blind-processed with a blind signature to generate second signature pre-processing data, and the generated second signature pre-processing data is changed to the temporary And the response password together with the reply password, the server device performs a predetermined operation on the received kana to calculate the reply password, and the received reply password and the calculated reply password are If they match,
It is judged that the received password for reply is valid,
Furthermore, by referring to the answer storage means that stores whether or not the answers by the respondents corresponding to each of the kana have been collected, the answers by the respondents corresponding to the received kana have been collected. If it is not collected, the answer is collected, the answer storage means registers that the answer of the respondent corresponding to the pseudonym has been collected, and the received first The signature preprocessing data of No. 2 is given a blind signature to generate second signature data, and the generated second signature data is transmitted to the reply device, and the reply device receives the second signature. An answer collection method characterized in that an unblinded process is applied to data to extract a receipt. 7. A server device that is communicatively connected to an answering device that accepts answers from respondents, and that collects answers sent from the answering device, before the first signature sent from the answering device. First receiving means for receiving the processed data and the name of the respondent for specifying the respondent, and the respondent of the respondent who has the response authority in advance as to whether or not the respondent corresponding to the received respondent name has the answer authority. When the answer authority judging means for judging by referring to the answerer name list storing means in which the name is registered, and the answerer corresponding to the answerer name received by the answer authority judging means is judged to have the answer authority , The first signature preprocessing data received by referring to a signature storage unit that stores whether or not the first signature preprocessing data corresponding to each respondent name for a plurality of respondent names is signed Signed If the signature information determining unit that determines whether or not the first signature preprocessing data received is not signed by the signature information determining unit, the first signature preprocessing data A first signature data is generated by applying a blind signature to the first signature data, and the first signature data is registered in the signature storage means to the effect that the first signature preprocessing data corresponding to the respondent name is signed. Signing means, a first signature data transmitting means for transmitting the generated first signature data to the answering device, and an unblinding process using a blind signature on the received first signature data by the answering device. The answer password extracted by the application, the second signature preprocessing data generated by performing the blind process by the blind signature on the respondent name, and the second receiving the pseudonym The receiving means performs a predetermined operation on the received kana to calculate an answer password, judges whether the received answer password and the calculated answer password match, and receives the answer. Answer password confirmation means for determining whether the password for validity is correct, and the response password confirmation means, when the received response password is determined to be valid, respond to each pseudonym with respect to a plurality of pseudonyms. Answer collection confirmation means for judging whether or not the answer by the respondent corresponding to the received pseudonym has been collected by referring to the answer storage means for storing whether or not the answer by the respondent has been collected When the answer collection confirmation means determines that the answers by the respondents corresponding to the kana have not been collected,
An answer collection unit that collects the answers and also registers in the answer storage unit that the answers of the respondents corresponding to the pseudonym have been collected; and a blind signature on the received second signature preprocessing data. A server, comprising: a second signature means for applying a signature to generate second signature data; and a second signature data transmission means for transmitting the generated second signature data to the answering device. apparatus. 8. A program for causing a computer to function as the server device according to claim 7. 9. A computer-readable recording medium in which a program for causing a computer to function as the server device according to claim 7 is recorded.