JP3449941B2 - Mail access control method, communication system, and storage medium storing mail access control program - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention hides an identifier in a communication network of a called party in a communication network and controls communication connection from another user who hides the identifier in the communication network to control transmission / reception of mail. The present invention relates to a mail access connection control method, a communication system, and a recording medium recording a mail access control program.

[0002]

2. Description of the Related Art With the spread of the Internet, SPAM using email and harassment are rapidly increasing. SPA
M is a general term for emails or news that are sent unilaterally without considering the recipient's time, financial and mental burden. SPAM by email is UBE (Unsolicited Bul)
k Email) or UCE (Unsolicited Commercial Email)
Also called.

Since the SPAM is transmitted indiscriminately without considering the age, sex, taste, etc. of the receiver, the contents are often uninteresting or unpleasant for the receiver. The time and financial burden required for reception is not small. For business users, important emails are buried in SPAM and are difficult to find, which may lead to a drop in business efficiency. Also, since it is sent to a large number of users, network resources are wasted, and in the worst case, overload is caused.
As a result, emails important to the user may be lost. In addition, since it is sent anonymously or by impersonating another person, human resources must be secured for dealing with complaints.

[0004] On the other hand, harassment is an act of continuously sending e-mails of unpleasant contents for a user in order to cause a particular user a mental distress or an economic and time burden. Similar to SPAM, it is extremely difficult to identify the sender because it is transmitted by impersonating a real or fictitious third party. In addition, a large amount of mail can be sent or a large amount of mail can be sent in a short time, which may cause a system down.

The mail system must satisfy the following requirements for SPAM and harassment.

Security It is necessary to detect the impersonation of the sender and reject the delivery.

[Robustness] In order to avoid system down due to large-volume mail,
It is necessary to limit the mail capacity. In addition, it is necessary to limit the number of transmissions in order to avoid system down due to a large amount of transmissions.

Compatibility It is necessary that the implementation of the existing mail system is not changed significantly.

Operability It is necessary not to significantly change the operability of the existing mail system.

MTA (Message Tran such as sendmail, qmail, etc.
sfer Agent) detects the forgery of the envelope information and the header information and refuses the delivery. Also, it refers to so-called blacklists such as MAPS RBL and rejects the reception from the mail server that is the source of SPAM. Also, PG
By confirming the signature using P, S / MIME, TLS, etc., the transmission that tricks the other person's real mail address is detected and the delivery is refused. Also, the message length is limited by partially deleting the body.

[0011]

The actual mail address in the conventional mail system has the following problems.

The identity can be guessed Since the real mail address contains information useful for guessing the identity, it is possible to select the harassment partner. For example, it is possible to specify the work place from the real domain. Further, it is possible to infer the gender and name from the user name.

Presumable from identity Since the real mail address is unified in the form of user name @ domain name, even if the real mail address is not known, it can be guessed if the identity is known. For example, if the name is known, the user name candidates can be narrowed down. Further, if the organization to which the user belongs is known, it is possible to narrow down the candidates for the domain name.
Even if the user name is given as a character string irrelevant to the real name, it can be guessed by trial and error transmission if the naming rule of the user name is known.

Since the transferable real mail address can be transferred from person to person, it can be sent without the owner's direct instruction. There are the following cases of relocation via email. If the real mail address of another person is specified in the cc: line, it can be transferred to all the recipients specified in the To: line. Also, specify the actual email address of the third party in the Reply-To: line, and To:
If you forward the email containing the actual email address of the recipient specified in the line, you can transfer the actual email address to a third party.

Difficulty in canceling Not only spam and harassment but also important mail cannot be read, so it is difficult to cancel the actual mail address.

Cypherpunk remailers and Mixmaster remailers called anonymous remailers
s encrypts the sender's real email address and real domain before delivery. This method is called reply block. Since the public and private keys of the anonymous remailer are used for encryption and decryption of the reply block, it is difficult for any user other than the sender to specify the sender's real mail address and real domain.

Since it is difficult for the anonymous remailer to specify the real mail address, it is also difficult to transfer the real mail address. However, since the reply block is transferable, users other than the recipient can reply to the sender.

AS-Node called a pseudonymous server and nym.alias.net send and receive mail using a pseudonym account uniquely corresponding to the real mail address of the user. Since the pseudonym account can be arbitrarily created by the user side, the user can have a pseudonym account whose real email address is difficult to guess. In addition, replyb
By using lock, it is possible to hide the user's real mail address and real domain from the pseudonym server. By combining these means, it becomes difficult for any user other than the sender to specify the sender's real mail address and real domain. In addition, since the pseudonym account can be canceled, there is no need to cancel the real email address.

Since it is difficult for the pseudonym server to specify the real mail address, it is also difficult to transfer the real mail address. However, since the pseudonym account can be transferred, it can be sent by users other than the recipient.

Further, in order to protect the recipient from SPAM and harassment, it is necessary to reject the connection request from the sender who performs these acts. Therefore, the communication system also needs to be able to uniquely identify the identity of the caller.

For these reasons, the communication system is required to be able to uniquely identify the identity of the user while hiding the real mail address of the user (that is, while guaranteeing the anonymity of the user). In a conventional communication system, it has been difficult to realize both of them at the same time.

In order to identify the user's identity in the mail system, the real mail address of the user is required. On the other hand, the anonymous remailer encrypts or deletes the sender's real mail address to guarantee the sender's anonymity before delivery.

In this condition, in order to identify the sender's identity, it is necessary to trace the mail delivery route by traffic analysis. However, the anonymous remailer delays the delivery of mail and changes the delivery order. Mixmaster remailers also splits mail into blocks before delivering. For this reason, it is difficult to trace the delivery route by traffic analysis, and it is also difficult to identify the sender.

Since the pseudonym server also uses an anonymous remailer in mail delivery, it is possible to guarantee the anonymity of the sender, but it is difficult to uniquely identify the sender's identity.

On the other hand, the German electronic signature method permits the entry of a pseudonym in addition to the real name for a digital certificate for generating a digital signature used in communication services. Since the digital certificate is uniquely given to the user, the identity of the user can be uniquely specified even if the pseudonym is described. Since the user has the right to name the pseudonym, it is possible to enter a pseudonym whose real name is difficult to guess.

The present invention has been made in view of the above,
It is an object of the invention to provide a mail access control method in a communication network that solves the problem of the real mail address that causes SPAM and harassment.

Another object of the present invention is to provide a mail access control system that can uniquely identify the user's identity while hiding the user's identifier.

[0028]

According to the present invention, a mail access control method using an individualized access ticket is used in order to solve the problem of transfer and cancellation of a real mail address. In order to solve the transfer problem, a personalized access ticket (PAT) containing both the sender's real email address and the recipient's real email address.
Specify the destination using ess ticket). In addition, in order to solve the cancellation problem, an expiration date is set in the PAT by a trusted third party. Then, the delivery of the mail from the sender who presented the PAT whose expiration date has passed is rejected. Also, instead of canceling the real email address, PA
Register T in a secure storage device managed by the secure communication service.

That is, in the present invention, the connection is controlled in units of a pair of the real mail address of the sender and the real mail address of the receiver. Therefore, even if the real mail address is transferred, it is not necessary to receive the mail from the transfer destination user unless the transfer destination user obtains the PAT.

Further, according to the present invention, the PA whose expiration date has passed
T or P registered in the database by the recipient
Since the mail from the sender who presented the AT is not delivered, the reception can be rejected without canceling the real mail address.

Further, according to the present invention, since the reception is restarted by deleting the PAT from the storage device, the reception can be restarted without reacquiring the actual mail address.

Further, according to the present invention, since the server side refuses to send the mail, the time and financial burden required for receiving and downloading on the user side can be reduced.

Further, in the present invention, a mail access control method using a personal identifier and a role identifier is used in order to identify the user while guaranteeing the anonymity of the user.

In the present invention, in order to uniquely identify a user, a certificate signed with a private key of a trusted third party is added to personal information. Hereinafter, this certificate will be referred to as an individual identification (OID). Also,
In order to ensure the anonymity of the user and to identify the user, a certificate that includes fragmentary information of the personal identifier is given as the user identifier on the communication network. Hereinafter, this certificate will be referred to as a role identifier (AID: Anonymous Identification).

Further, in the present invention, in order to identify the identity, the OID is reconstructed while judging the identity of a plurality of AIDs. In order to solve the problem of AID transfer and revocation, the AID is included in the PAT and the PAT is verified in the secure communication service SCS.

Further, according to the present invention, AIDs are managed in a directory that can be searched from an unspecified number to meet the demand of users who request access from an unspecified number without revealing their identities, and the AID is included as a destination. Output PAT.

As a result, in the present invention, the AID contains the OID only in pieces, so that the identity can be concealed when sending and receiving a mail. Further, even if the AID is registered in a directory service that can be browsed by an unspecified number, the identity can be hidden from the unspecified number.

In the present invention, the identity can be stochastically identified by reconstructing the OID while determining the identity of a plurality of AIDs. For this reason, S who does not reveal his identity
It is possible to take measures against PAM and harassment.

Further, in the present invention, the AID is managed in the directory instead of the actual mail address, and the AID is used as the destination.
By outputting the PAT including "," it is possible to accept access from an unspecified number without revealing the identity.

More specifically, the present invention is presented by a caller who wishes to send a mail to a callee, and specifies the callee as a mail destination, and includes a caller identifier and a callee identifier in association with each other. Receiving a personalized access ticket in a secure communication service that connects the communication between the sender and the recipient, and in the secure communication service, based on the personalized access ticket, And a step of controlling access between a caller and a callee by verifying an access right, and a mail access control method.

Further, in the present invention, in the controlling step, the secure communication service authenticates the personalized access ticket presented by the sender, and the personalized access ticket presented by the sender is tampered with. If it is, the delivery of the mail is rejected.

Further, in the present invention, the personalized access ticket is signed by the secret key of the secure computing device that issued the personalized access ticket, and in the controlling step, the secure communication service is The personalized access ticket is authenticated by verifying the signature of the secure computing device in the personalized access ticket with the public key of the secure computing device.

Further, in the present invention, in the receiving step, the secure communication service also receives a caller identifier presented by the caller together with the personalized access ticket, and in the controlling step, the secure communication service is received. The service checks whether the caller identifier presented by the caller is included in the personalized access ticket presented by the caller, and the caller identifier presented by the caller is presented by the caller. The delivery of the mail is rejected when it is not included in the personalized access ticket.

In the present invention, the personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and in the controlling step, the secure communication service is presented by a sender. The expiration date included in the personalized access ticket is checked, and the delivery of the mail is refused when the personalized access ticket presented by the sender includes the expired expiration date. To do.

The present invention is also characterized in that the expiration date of the personalized access ticket is set by a reliable third party.

Further, in the present invention, an identifier of each registrant and
In a directory service that manages public information that is less confidential than personal information so that it can be searched by an unspecified number of people, the registrant of public information that meets the search conditions according to the search conditions specified by the sender. Is used as the callee identifier, and the caller identifier specified by the caller together with the search condition is used to issue the personalized access ticket to the caller.

Further, according to the present invention, the identifier of a specific user whose delivery of mail from the user to the specific registrant should be rejected is included as a sender identifier, and the identifier of the specific registrant is the recipient identifier. Further including the step of pre-registering the personalized access ticket included in the secure communication service in the secure communication service, wherein the secure communication service includes the personalized access ticket presented by the sender. It is characterized in that the delivery of the mail is rejected when the mail is registered in advance.

In the present invention, the step of deleting the personalized access ticket registered in the secure communication service in response to a request from the specific registrant who registered the personalized access ticket in the step of registering , And further having.

In the present invention, the personalized access ticket also includes a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service, and the personalized access ticket is included in the personalized access ticket in the controlling step. The secure communication service authenticates the caller identifier presented by the caller when the transfer control flag provided indicates that the caller should be authenticated, and if the caller identifier authentication fails, then the secure communication service authenticates the caller identifier. It is characterized by rejecting mail delivery.

Further, in the present invention, the authentication of the sender identifier is realized by challenge / response authentication between the sender and the secure communication service.

The present invention is also characterized in that the transfer control flag of the personalized access ticket is set by a reliable third party.

Further, the present invention is characterized in that the sender identifier and the receiver identifier in the personalized access ticket are given by the real mail addresses of the sender and the receiver.

Further, in the present invention, the caller identifier and the callee identifier in the personalized access ticket are given by the role identifiers of the caller and the callee, and the role identifier of each user is thereby determined by the certificate authority. Is characterized by including at least one fragment of a personal identifier of each user capable of being uniquely identified.

Further, in the present invention, the role identifier of each user is information in which at least one fragment of the personal identifier of each user is included in the information, and the certificate authority signs the information with the private key of the certificate authority. It is characterized by being.

Further, in the present invention, the personal identifier of each user is a character string uniquely given to each user by the certification authority and the public key of each user. It is characterized by being signed by.

Further, in the present invention, the identity of the plurality of role identifiers of the sender included in the plurality of personalized access tickets used by the sender is determined, and the personal identifier of the sender is re-established. It is characterized by further comprising a step of stochastically identifying the identity of the caller.

Further, in the present invention, the role identifier of each user including at least one fragment of the personal identifier of each user by which the certificate authority can uniquely identify each user, and thereby each role identifier is made unique. Link information of each identifiable role identifier is defined, and the caller identifier and the callee identifier in the personalized access ticket are given by the link information of the caller's role identifier and the link information of the callee's role identifier. Is characterized by.

Further, in the present invention, the link information of each role identifier is an identifier uniquely given to each role identifier by the certificate authority.

Also, in the present invention, the identity of the role identifiers of the sender corresponding to the link information included in the personalized access tickets used by the sender is determined, and the sender is identified. The method further comprises the step of probabilistically identifying the identity of the sender by reconstructing the personal identifier of.

Further, according to the present invention, the personalized access ticket includes one calling party identifier and one called party identifier in a one-to-one correspondence.

Further, according to the present invention, the personalized access ticket includes one sender identifier and a plurality of recipient identifiers in a one-to-N correspondence (N is an integer larger than 1).

Further, in the present invention, one of the one caller identifier and the plurality of callee identifiers is an owner identifier for specifying an owner of the personalized access ticket, and the one caller identifier And another identifier of the plurality of callee identifiers is a member identifier that identifies a member of the group to which the owner belongs.

Further, in the present invention, an identifier of each user,
Enable for each user's identifier that indicates the right to change the personalized access ticket that includes each user's identifier as the owner identifier
The r is issued to each user at the certificate authority, and both the owner identifier included in the personalized access ticket and the Enabler corresponding to the owner identifier are presented to the secure computing device. It is characterized by further comprising a step of enabling a predetermined calculation to the personalized access ticket in the calculation device.

In the present invention, the certificate authority is
It is characterized in that the information indicating the enabler and the substance of the identifier of each user are issued as the enabler of the identifier of each user, which is signed by the private key of the certification authority.

Further, in the present invention, the predetermined operations are: creation of a personalized access ticket, merging of a plurality of personalized access tickets, division of one personalized access ticket into a plurality of personalized access tickets, and personalized access ticket. Is changed, the expiration date of the personalized access ticket is changed, and the transfer control flag of the personalized access ticket is changed.

Further, according to the present invention, a special identifier known to all users and a special identifier corresponding to the special identifier.
The enabler is defined so that the personalized access ticket is newly generated and the owner of the personalized access ticket is changed by the owner of the personalized access ticket using the special identifier and the special enabler. En
The feature is that it can be done without using an abler.

Further, in the present invention, the special identifier is
It is characterized in that it is defined so that it can be used only as the owner identifier of the personalized access ticket.

Further, the present invention is characterized in that a special identifier known to all users is defined so that the read-only attribute can be set in the personalized access ticket by using the special identifier. .

Further, in the present invention, in the controlling step, when the access right of the caller to the callee is verified based on the personalized access ticket,
The secure communication service extracts a recipient identifier from the personalized access ticket by using a sender identifier presented by the sender, and actually uses the extracted recipient identifier to deliver the mail. Convert to a format that can be interpreted by the mail transfer function to do,
It is characterized in that the personalized access ticket is attached to the converted mail and passed to the mail transfer function.

Further, the present invention defines a personal identifier of each user by which the certificate authority can uniquely identify each user, and a role identifier including at least one fragment of the personal identifier of each user, and communication is performed. There is provided a mail access control method characterized in that each user is identified by a role identifier of each user in communication of mail on a network.

Further, in the present invention, the role identifier of each user is information in which at least one fragment of the individual identifier of each user is included in the information, and the certificate authority signs the information with the private key of the certificate authority. It is characterized by being.

Further, in the present invention, the personal identifier of each user is a character string uniquely given to each user by the certification authority and the public key of each user. It is characterized by being signed by.

Further, according to the present invention, a caller desiring to send a mail to a recipient is presented to specify the recipient as a destination of the mail, and the role identifier of the sender and the role identifier of the recipient are associated with each other. A step of receiving a personalized access ticket including the personalized access ticket in a secure communication service for connecting communication between the caller and the callee; and, in the secure communication service, a callee of the caller based on the personalized access ticket Controlling access between the caller and the callee by verifying the access right to.

Further, in the present invention, the identity of the plurality of role identifiers of the sender included in the plurality of personalized access tickets used by the sender is determined, and the personal identifier of the sender is re-established. It is characterized by further comprising a step of stochastically identifying the identity of the caller.

In the present invention, the step of defining also defines link information of each role identifier by which each role identifier can be uniquely identified, and each role identifier also includes link information of each role identifier. Characterize.

Further, in the present invention, the link information of each role identifier is an identifier uniquely given to each role identifier by the certificate authority.

Further, according to the present invention, a caller who wishes to send a mail to the recipient is presented to specify the recipient as the destination of the mail, and the link information of the role identifier of the sender and the role identifier of the recipient are provided. Receiving a personalized access ticket including link information in a secure communication service for connecting communication between a sender and a receiver, and in the secure communication service, based on the personalized access ticket Controlling the access between the caller and the callee by verifying the access right of the caller to the callee.

Further, in the present invention, the identity of the plurality of role identifiers of the sender corresponding to the link information included in the plurality of personalized access tickets used by the sender is determined, and the sender is identified. The method further comprises the step of probabilistically identifying the identity of the sender by reconstructing the personal identifier of.

Further, the present invention is presented by a communication network to which a plurality of user terminals are connected, and a caller who wants to send a mail to the callee, in order to specify the callee as a mail destination, and a caller identifier. It receives an individualized access ticket that includes the recipient and the called party identifier, and controls the access between the calling party and the called party by verifying the access right of the calling party to the called party based on the individualized access ticket. A secure communication service device for connecting communication between a sender and a receiver on the communication network is provided, and a communication system realizing mail access control is provided.

In the present invention, the secure communication service device authenticates the personalized access ticket presented by the sender, and when the personalized access ticket presented by the sender is tampered with, The delivery of the mail is rejected.

Further, in the present invention, the secure communication service device further has a secure arithmetic device that issues the personalized access ticket by signing with the private key of itself, and the secure communication service device is a public key of the secure arithmetic device. The personalized access ticket is authenticated by verifying the signature of the secure computing device in the personalized access ticket.

Further, in the present invention, the secure communication service device also receives the caller identifier presented by the caller together with the personalized access ticket, and the caller identifier presented by the caller is presented by the caller. Whether the personalized access ticket presented by the sender is not included in the personalized access ticket presented by the sender. Is characterized by rejecting.

Further, in the present invention, the personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and the secure communication service apparatus presents the personalized access ticket presented by the sender. It is characterized in that the expiration date included in the access ticket is checked, and the delivery of the mail is rejected when the personalized access ticket presented by the sender includes the expired expiration date.

Further, the present invention is characterized by further comprising a reliable third party organization for setting an expiration date of the personalized access ticket.

Further, in the present invention, an identifier of each registrant and
It manages public information that is less confidential than personal information so that it can be searched by an unspecified number of people, and receives the identifier of the registrant of the public information that meets the search conditions according to the search conditions specified by the sender. It is characterized by further comprising a directory service device for issuing the personalized access ticket to the sender using the sender identifier specified by the sender together with the search condition as the sender identifier.

Further, in the present invention, the secure communication service apparatus includes, as a sender identifier, an identifier of a specific user whose delivery of mail from the user to a specific registrant should be rejected, The personalized access ticket including the registrant's identifier as a recipient identifier is registered in advance, and the delivery of the mail is rejected when the personalized access ticket presented by the sender is registered in advance. It is characterized by

Further, according to the present invention, the secure communication service device is requested by the specific registrant who has registered the personalized access ticket,
It is characterized in that the personalized access ticket registered there is deleted.

Further, in the present invention, the personalized access ticket also includes a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service device, and the transfer control flag included in the personalized access ticket is When indicating that the caller should be authenticated, the secure communication service device authenticates the caller identifier presented by the caller, and delivers the mail when the authentication of the caller identifier fails. Characterized by refusing.

Further, in the present invention, the authentication of the sender identifier is realized by challenge / response authentication between the sender and the secure communication service device.

Further, the present invention is characterized by further including a reliable third-party organization that sets the transfer control flag of the personalized access ticket.

The present invention is also characterized in that the caller identifier and the callee identifier in the personalized access ticket are given by the real mail addresses of the caller and the callee.

Further, the present invention further comprises a certificate authority device which issues each user's role identifier including at least one fragment of each user's personal identifier by which the user can uniquely identify each user, The caller identifier and the callee identifier in the personalized access ticket are given by caller and callee role identifiers.

Further, in the present invention, the role identifier of each user signs the information including at least one fragment of the individual identifier of each user by the certification authority device by using the private key of the certification authority device. It is characterized by being a thing.

In the present invention, the personal identifier of each user is a character string uniquely given to each user by the certificate authority and the public key of each user It is characterized by being signed with a private key.

Further, in the present invention, the secure communication service device determines the identity of the role identifiers of the sender included in the personalized access tickets used by the sender. , The identity of the sender is stochastically specified by reconstructing the personal identifier of the sender.

Further, according to the present invention, the role identifier of each user including at least one fragment of the personal identifier of each user by which the user can uniquely identify it, and thereby the role identifier is uniquely identified. It further comprises a certificate authority device that issues link information of each possible role identifier, and the sender identifier and the recipient identifier in the personalized access ticket are the link information of the sender role identifier and the role identifier of the recipient. It is characterized by being given by link information.

Further, in the present invention, the link information of each role identifier is an identifier uniquely given to each role identifier by the certification authority device.

Further, in the present invention, the secure communication service device has the same role identifier of a plurality of callers corresponding to link information included in a plurality of personalized access tickets used by the caller. It is characterized in that the identity of the sender is stochastically specified by determining the sex and reconstructing the personal identifier of the sender.

Further, in the present invention, the personalized access ticket includes one sender identifier and one recipient identifier in a one-to-one correspondence.

Further, according to the present invention, the personalized access ticket includes one caller identifier and a plurality of callee identifiers in a one-to-N correspondence (N is an integer greater than 1).

Further, in the present invention, one of the one caller identifier and the plurality of callee identifiers is an owner identifier for specifying an owner of the personalized access ticket, and the one caller identifier And another identifier of the plurality of callee identifiers is a member identifier that identifies a member of the group to which the owner belongs.

Further, in the present invention, an identifier of each user and
Enable for each user's identifier that indicates the right to change the personalized access ticket that includes each user's identifier as the owner identifier
The predetermined operation for the personalized access ticket is performed only by the certificate authority device that issues r to each user and the user who has presented both the owner identifier included in the personalized access ticket and the Enabler corresponding to the owner identifier. And a secure arithmetic device capable of performing the operation.

Further, according to the present invention, the certificate authority device, for the information indicating that it is an enabler and the entity of the identifier of each user, is signed by the secret key of the certificate authority and is the identifier of each user. It is characterized by issuing as an enabler.

Further, according to the present invention, the predetermined operation is to create a new personalized access ticket, merge a plurality of personalized access tickets, divide one personalized access ticket into a plurality of personalized access tickets, and personalize an access ticket. Is changed, the expiration date of the personalized access ticket is changed, and the transfer control flag of the personalized access ticket is changed.

Further, according to the present invention, a special identifier known to all users and a special identifier corresponding to the special identifier.
The enabler is defined so that the personalized access ticket is newly generated and the owner of the personalized access ticket is changed by the owner of the personalized access ticket using the special identifier and the special enabler. En
The feature is that it can be done without using an abler.

In the present invention, the special identifier is
It is characterized in that it is defined so that it can be used only as the owner identifier of the personalized access ticket.

Further, the present invention is characterized in that a special identifier known to all users is defined, and the read-only attribute can be set in the personalized access ticket using the special identifier. .

Further, according to the present invention, when the access right of the caller to the called party is verified based on the personalized access ticket, the secure communication service device sets the calling party presented by the calling party. The recipient is used to extract the recipient identifier from the personalized access ticket, and the recipient identifier is used to convert the mail into a format that can be interpreted by a mail transfer function that actually performs mail delivery processing. It is characterized in that the personalized access ticket is attached to the mail and passed to the mail transfer function.

Further, according to the present invention, a certificate authority device which defines a personal identifier of each user by which the user can uniquely identify each user and a role identifier including at least one fragment of the personal identifier of each user. And a communication network in which each user is identified by the role identifier of each user in the mail communication therein, a communication system realizing mail access control is provided.

Further, in the present invention, the role identifier of each user signs the information including at least one fragment of the individual identifier of each user by the certificate authority device by using the private key of the certificate authority device. It is characterized by being a thing.

Further, in the present invention, the personal identifier of each user is a character string uniquely given to each user by the certification authority and a public key of each user. It is characterized by being signed by.

Further, according to the present invention, a caller desiring to send a mail to a recipient is presented to designate the recipient as a destination of the mail, and the role identifier of the sender and the role identifier of the recipient are associated with each other. The personalized access ticket including the personalized access ticket is received, and the access right between the originator and the called party is controlled by verifying the access right of the originator to the called party based on the personalized access ticket. And a secure communication service device for connecting communication between the callee and the called party.

Further, in the present invention, the secure communication service device determines the identity of the plurality of role identifiers of the sender included in the plurality of personalized access tickets used by the sender. , The identity of the sender is stochastically specified by reconstructing the personal identifier of the sender.

Further, in the present invention, the certificate authority device also defines link information of each role identifier by which each role identifier can be uniquely identified, and each role identifier also includes link information of each role identifier. Characterize.

Further, in the present invention, the link information of each role identifier is an identifier uniquely given to each role identifier by the certification authority device.

Further, according to the present invention, a caller who wishes to send a mail to the recipient is presented to specify the recipient as a destination of the mail, and the link information of the role identifier of the sender and the role identifier of the recipient are provided. The access between the caller and the callee is controlled by receiving the personalized access ticket including the link information in association and verifying the access right of the caller to the callee based on the personalized access ticket. It is characterized by further having a secure communication service for connecting communication between a caller and a callee on a communication network.

Further, in the present invention, the secure communication service device has the same plurality of role identifiers of the sender corresponding to the link information included in the plurality of personalized access tickets used by the sender. It is characterized in that the identity of the sender is stochastically specified by determining the sex and reconstructing the personal identifier of the sender.

Further, the present invention is presented for designating a recipient as a mail destination by computer hardware and a sender who wants to send a mail to the recipient.
By receiving the personalized access ticket including the caller identifier and the callee identifier, the access right between the caller and the callee is verified by verifying the access right of the caller to the callee based on the personalized access ticket. Secure communication service in a communication system realizing mail access control, the computer software controlling the computer hardware to operate communication between the caller and the callee. Provide a device.

Further, according to the present invention, the computer software authenticates the personalized access ticket presented by the sender, and when the personalized access ticket presented by the sender is tampered with, the computer sends the mail It is characterized in that the computer hardware is operated so as to refuse delivery.

Further, in the present invention, the personalized access ticket is signed by the secret key of the secure computing device that issued the personalized access ticket, and the computer software is the public key of the secure computing device. The computer hardware is operated to authenticate the personalized access ticket by verifying the signature of the secure computing device in the personalized access ticket.

Further, in the present invention, the computer software also receives a sender identifier presented by the sender together with the personalized access ticket, and the sender identifier presented by the sender is presented by the sender. It is checked whether it is included in the personalized access ticket, and if the sender identifier presented by the sender is not included in the personalized access ticket presented by the sender, the delivery of the mail is rejected. The computer hardware is operated as described above.

Further, in the present invention, the personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and the computer software includes the personalized access ticket presented by the sender. Checking the included expiry date and operating the computer hardware to refuse delivery of the mail when the personalized access ticket presented by the sender includes an expiry date that has already expired And

Further, in the present invention, the computer software includes, as a sender identifier, an identifier of a particular user whose delivery of mail from the user to the particular registrant is rejected, as an identifier of the particular registrant. When a personalized access ticket including a personal identification number is registered in advance in the secure communication service, and the personalized access ticket presented by the sender is preregistered in the secure communication service, It is characterized in that the computer hardware is operated so as to refuse delivery of mail.

Further, in the present invention, the computer software deletes the personalized access ticket registered in the secure communication service in response to a request from the specific registrant who registered the personalized access ticket. It is characterized in that the computer hardware is operated.

In the present invention, the personalized access ticket also includes a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service, and the computer software is included in the personalized access ticket. Authenticate the caller identifier presented by the caller when the transfer control flag indicates that the caller should be authenticated, and refuse delivery of the mail if the caller identifier authentication fails. It is characterized in that the computer hardware is operated.

Further, in the present invention, the computer software causes the computer hardware to operate so as to realize the authentication of the sender identifier by challenge / response authentication between the sender and the secure communication service. Is characterized by.

Further, in the present invention, the caller identifier and the callee identifier in the personalized access ticket are given by the role identifiers of the caller and the callee, and the role identifier of each user is thereby determined by the certificate authority. Including at least one piece of a personal identifier of each user that can uniquely identify the sender, the computer software further comprising: the sender included in a plurality of personalized access tickets used by the sender. Determining the identity of the plurality of role identifiers and reconstructing the personal identifier of the caller, thereby operating the computer hardware so as to stochastically identify the identity of the caller. To do.

Further, in the present invention, the role identifier of each user including at least one fragment of the individual identifier of each user by which the certificate authority can uniquely identify each user, and thereby, each role identifier is uniquely identified. Link information of each identifiable role identifier is defined, and the caller identifier and the callee identifier in the personalized access ticket are given by the link information of the caller role identifier and the link information of the callee role identifier, The computer software further determines the identity of the sender's role identifiers corresponding to the link information contained in the personalized access tickets used by the sender to determine the sender's personal identifier. Is reconfigured to cause the computer hardware to operate so as to stochastically identify the identity of the caller.

Also, in the present invention, the computer software uses the caller identifier presented by the caller when the access right of the caller to the callee is verified based on the personalized access ticket. A recipient identifier is extracted from the personalized access ticket, the extracted recipient identifier is used to convert the mail into a format that can be interpreted by a mail transfer function that actually performs mail delivery processing, and It is characterized in that the computer hardware is operated so that the personalized access ticket is attached and passed to the mail transfer function.

Furthermore, the present invention receives computer hardware and a request for a personalized access ticket from a user, includes a caller identifier and a callee identifier in association with each other, and is signed with its own private key. Computer software for operating the computer hardware to issue a secure computing device in a communication system realizing mail access control.

Further, according to the present invention, the computer hardware, the identifier of each registrant, and the public information, which is less confidential than the personal information, are managed in a searchable manner from an unspecified large number, and the sender is notified to the sender. According to the search condition specified by the caller, the identifier of the registrant of the public information that satisfies the search condition is used as the callee identifier, and the caller identifier specified by the caller together with the search condition is used. And a computer software for operating the computer hardware so as to issue a personalized access ticket including the callee identifier in association with each other, and a directory service in a communication system realizing mail access control. Provide a device.

Furthermore, the present invention provides computer hardware, a personal identifier of each user by which the user can uniquely identify each user, and a role identifier including at least one fragment of the personal identifier of each user. And a computer software for operating the computer hardware so as to be issued to each user, and a certificate authority apparatus in a communication system realizing mail access control.

Further, according to the present invention, the computer hardware, the identifier of each user, and generally one caller identifier and a plurality of callee identifiers are associated and one of them is the owner identifier. A computer for operating the computer hardware to issue an enabler of an identifier of each user indicating the right to change the individualized access ticket including the identifier of each user as an owner identifier in the individualized access ticket There is provided software, and a certificate authority apparatus in a communication system realizing mail access control.

Further, according to the present invention, the request for the personalized access ticket in which the computer hardware is associated with one sender identifier and a plurality of recipient identifiers and one of them is the owner identifier is issued to the user. The user has presented both the owner identifier included in the personalized access ticket and the enabler corresponding to the owner identifier indicating the modification right of the personalized access ticket including the user's identifier as the owner identifier. A secure computing device in a communication system that realizes mail access control, characterized by comprising computer software for operating the computer hardware so as to perform a predetermined computation on the personalized access ticket. .

Furthermore, the present invention is presented by a caller who wishes to send a mail to a recipient, and specifies the recipient as the destination of the mail, and the personalization includes the sender identifier and the recipient identifier in association with each other. Receive access ticket,
A mail access control that controls the access between the caller and the callee by verifying the access right of the caller to the callee based on the personalized access ticket and connects the communication between the caller and the callee. A storage medium storing a program for operating a computer as a secure communication service device in a realized communication system.

Further, in the present invention, the program authenticates the personalized access ticket presented by the sender, and delivers the mail when the personalized access ticket presented by the sender is tampered with. The computer is operated so as to reject the.

Further, in the present invention, the personalized access ticket is signed by the secret key of the secure computing device that issued the personalized access ticket, and the program is signed by the public key of the secure computing device. The computer is operated to authenticate the personalized access ticket by verifying the signature of the secure computing device in the personalized access ticket.

Further, in the present invention, the program also receives a sender identifier presented by the sender together with the personalized access ticket, and the sender identifier presented by the sender is the individual presented by the sender. It is checked whether it is included in the personalized access ticket, and if the sender identifier presented by the sender is not included in the personalized access ticket presented by the sender, the delivery of the mail is rejected. And operating the computer.

In the present invention, the personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and the program is included in the personalized access ticket presented by the sender. The expiration date is checked, and the computer is operated so as to refuse delivery of the mail when the personalized access ticket presented by the sender includes the expired expiration date.

Further, according to the present invention, the program includes, as a sender identifier, an identifier of a specific user whose delivery of mail from the user to the specific registrant is rejected, and the identifier of the specific registrant is included. When the personalized access ticket included as the callee identifier is registered in advance in the secure communication service device, and the personalized access ticket presented by the caller is registered in the secure communication service device in advance. The computer is operated so as to refuse delivery of the mail.

Further, in the present invention, the program deletes the personalized access ticket registered in the secure communication service apparatus in response to a request from the specific registrant who registered the personalized access ticket. It is characterized in that the computer is operated.

In the present invention, the personalized access ticket also includes a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service device, and the program is included in the personalized access ticket. Authenticate the caller identifier presented by the caller when the transfer control flag indicates that the caller should be authenticated, and refuse delivery of the mail if the caller identifier authentication fails. It is characterized in that the computer is operated.

Further, in the present invention, the program causes the computer to operate so as to realize the authentication of the sender identifier by challenge / response authentication between the sender and the secure communication service apparatus. And

Further, according to the present invention, the sender identifier and the receiver identifier in the personalized access ticket are given by the role identifiers of the sender and the receiver, and the role identifier of each user is thereby determined by the certificate authority. Containing at least one fragment of the personal identifier of each user that can uniquely identify the sender, and the program further includes the sender's personalized access tickets included in the plurality of personalized access tickets used by the sender. It is characterized in that the computer is operated so as to probabilistically identify the originator of the sender by determining the identity of a plurality of role identifiers and reconstructing the personal identifier of the sender.

Further, according to the present invention, the role identifier of each user including at least one fragment of the personal identifier of each user by which the certificate authority can uniquely identify each user, and thereby each role identifier is uniquely identified. Link information of each identifiable role identifier is defined, and the caller identifier and the callee identifier in the personalized access ticket are given by the link information of the caller role identifier and the link information of the callee role identifier, The program further determines the identity of the plurality of role identifiers of the sender corresponding to the link information included in the plurality of personalized access tickets used by the sender, and determines the personal identifier of the sender. By reconfiguring, the computer is operated so as to stochastically identify the identity of the caller.

Further, according to the present invention, the program uses the caller identifier presented by the caller when the access right of the caller to the callee is verified based on the personalized access ticket. The recipient identifier is extracted from the personalized access ticket, the extracted recipient identifier is used to convert the mail into a format that can be interpreted by the mail transfer function that actually performs mail delivery processing, and the individual mail is converted into the individual mail. The computer is operated so that the computerized access ticket is attached and passed to the mail transfer function.

Furthermore, the present invention receives a request for a personalized access ticket from a user, issues a personalized access ticket that includes a sender identifier and a called party identifier in association with each other, and issues a personalized access ticket signed by its own private key. A storage medium storing a program for operating a computer as a secure arithmetic unit in a communication system realizing access control.

Further, according to the present invention, an identifier of each registrant and
It manages public information that is less confidential than personal information so that it can be searched from an unspecified large number of people, and the public information that meets the search conditions is sent to the sender according to the search conditions specified by the sender. Using the registrant's identifier as the callee identifier, and using the caller identifier specified by the caller along with the search condition,
A storage medium storing a program for operating a computer as a directory service device in a communication system realizing mail access control, which issues an individualized access ticket including a caller identifier and a callee identifier in association with each other.

Furthermore, the present invention provides each user with a personal identifier of each user by which the user can uniquely identify each user and a role identifier including at least one fragment of the individual identifier of each user. Provided is a storage medium storing a program for operating a computer as a certificate authority device in a communication system that realizes mail access control.

Further, according to the present invention, an identifier of each user,
In general, an individualized access ticket in which one sender identifier and a plurality of called party identifiers are associated with each other and one of them is an owner identifier There is provided a storage medium storing a program for operating a computer as a certificate authority device in a communication system realizing mail access control, which issues an enabler of an identifier of each user indicating the change right of the above to each user.

Furthermore, the present invention receives a request for a personalized access ticket from a user, in which one sender identifier and a plurality of recipient identifiers are associated and one of them is the owner identifier, and the user receives the request. Presents both the owner identifier included in the personalized access ticket and the enabler corresponding to the owner identifier indicating the right to change the personalized access ticket including the user's identifier as the owner identifier. Provided is a storage medium that stores a program for operating a computer as a secure arithmetic device in a communication system that realizes mail access control for performing a predetermined arithmetic operation on an access ticket.

[0152]

BEST MODE FOR CARRYING OUT THE INVENTION First, a first embodiment of the present invention will be described with reference to FIGS. The mail access control method of the present invention appropriately enables bidirectional communication between the caller and the callee while maintaining the anonymity of the caller and the callee in the communication network. Only the information that shows the characteristics of the recipient is disclosed with the true identifier of the caller hidden, and based on this disclosed information, limited access is available to those who wish to communicate while maintaining anonymity. To grant the right.

Specifically, a role identifier (AID) that hides personal information from the user.
It is not possible to specify a user such as a hobby, age, occupation, etc., which is information indicating the characteristic of the user, on the network, but it is worth the caller to communicate with the user. Publish it to the network in combination with useful information to determine if it exists.

Also, the sender can search for the person he / she wants to communicate with by browsing or searching the published information. That is, when the caller wants to communicate with a party who keeps the anonymity of the sender himself, he / she specifies the role identifier of the party, and the personalized access ticket P
Get an AT (Personalized Access Ticket).

In the personalized access ticket PAT, in addition to the role identifiers AID of the sender and the receiver, the transfer control flag and the expiration date information are described. The transfer control flag is used to determine whether or not the secure communication service SCS (Secure Communication Service) performs authentication for the sender. That is, when the transfer control flag is set, SC
When making a connection request, S authenticates the sender, for example, verifying the signature. If the transfer control flag is not set, the secure communication service SC
S passes the connection request to the physical communication network connected to the secure communication service SCS without authentication. That is, the transfer control is used to authenticate whether the role identifier AID is properly used by the user assigned by the certification authority CA (Certification Authority).

In the communication network implementing the mail access control method of the present invention, the role identifier AID for the user
, Public information combined with the role identifier AID, issue of the personalized access ticket PAT, and mail access control based on the personalized access ticket PAT are performed by different institutions. This is because there is a difference in security level to be held for each action, and therefore it is more convenient to carry out the security in the whole network when executed by different institutions. However,
The same organization may hold the public information and issue the PAT.

FIG. 1 is an overall configuration diagram of the communication system of the first embodiment. This embodiment is intended for an electronic mail service on the Internet or an intranet. In FIG. 1, reference numeral 1 denotes a certificate authority CA, which has a right to authenticate an individual identifier OID and a right to issue a role identifier AID, and which generates a role identifier AID from the individual identifier OID and assigns the role identifier AID to a user. Have. 3 is a user. Reference numeral 5 denotes a secure communication service SCS, which determines whether or not to permit a connection in response to a connection request from the user 3 by e-mail, using an individualized access ticket presented by the user 3. Also, based on the request from the user 3, the connection request by e-mail is rejected. Further, the identity of the personal identifier OID is determined based on the request from the user 3. An anonymous directory service ADS 7 is a role identifier AID, a transfer control flag value, an expiration date value, and public information about the user 3 (personal information such as hobbies, name, telephone number, actual email address, etc.). It is a database that manages information that is considered less confidential than information). The anonymous directory service ADS7 is the role identifier AID of the user 3 who has presented the search condition, the role identifier AID of the user 3 who has registered the public information satisfying the search condition in the anonymous directory service ADS7, the user 3 or management. It has a function of generating an individualized access ticket PAT from the value of the transfer control flag given by the person or the like and the value of the expiration date given by the user 3 or the administrator, and assigning it to the user 3 who presented the search condition. .

First, a series of processes for generating a role identifier AID from a personal identifier based on a user's request and assigning it to the user will be described.

FIG. 2 shows a personal identifier OID and a role identifier A.
An example of an ID and an individualized access ticket PAT is shown. The personal identifier OID is, as shown in FIG.
The certificate authority CA1 signs information that is made up of an arbitrary character string and a public key that follows a rule by which the certificate authority CA1 can uniquely identify a user. Also, the role identifier AID
2B, a fragment of the personal identifier OID and its position information, a redundant character string, and an arbitrary character string (host that can uniquely identify the host or domain running the SCS on the network) Name, real domain name, etc.), the certification authority CA1
Was signed by.

The personalized access ticket PAT is
As shown in FIG. 2 (c), the anonymous directory service ADS signs the information including the transfer control flag, the role identifier AID ₀ , the role identifier AID ₁ , and the expiration date. Here, the value of the transfer control flag is defined to be either 0 or 1. The expiration date is the number of times the PAT is used, the absolute time (UTC) when the PAT becomes unavailable, the absolute time (UTC) when the PAT becomes available, and the time from when the PAT becomes available until it becomes unavailable. One of the relative times (lifetime) or a combination of two or more is defined.

Further, as described in each of the embodiments described later, the present invention provides an individualized access ticket PAT as
In addition to the one-to-one personalized access ticket described above, a one-to-N personalized access ticket that associates the sender and the recipient with one-to-one correspondence, and instead of specifying the substance of the role identifier in the personalized access ticket It has link information that specifies a role identifier, and has a link-specific personalized access ticket that specifies a role identifier with this link information. In this link-specific personalized access ticket, the above-mentioned correspondence between the sender and the receiver There is a link-designating type 1-to-1 personalized access ticket and a link-designating type 1-to-N personalized access ticket. That is, the personalized access ticket of the present invention includes a 1-to-1 personalized access ticket, a 1-to-N personalized access ticket, a link-specifying 1-to-1 personalized access ticket, and a link-specifying 1-to-N personalized access ticket. There are four types.

Next, a procedure in which the user 3 requests the role identifier AID from the certificate authority CA1 will be described. The user 3 generates a private key / public key pair. Next, using the personal identifier OID of the user 3 and the certificate of the certificate authority CA1, bidirectional authentication is performed between the user 3 and the certificate authority CA1. Next, the user 3 transmits the public key to the certificate authority CA1 by any means.

In the above procedure, the communication between the user 3 and the certificate authority CA1 may be encrypted.

Next, a procedure in which the certificate authority CA1 issues the role identifier AID to the user 3 in response to the above request for the role identifier AID will be described. Certificate Authority CA1
Receives the public key from the user 3, the role identifier A
Generate an ID. Next, the certificate authority CA1 sends the role identifier A
The ID is transmitted to the user 3 by any means. When the user 3 receives the role identifier AID from the certificate authority CA1, the user 3 records the received role identifier in the storage device of the user 3.

In the above procedure, the communication between the user 3 and the certificate authority CA1 may be encrypted.

Next, the role identifier A in the certificate authority CA1
The ID generation process will be described with reference to the flowchart shown in FIG. In FIG. 3, the certificate authority CA1 generates information having a length equal to the total length L of the personal identifier OID. This information is used as a temporary role identifier AID (step S91)
1). Next, in order to perform partial copying of the OID, the values of the parameters p _i and l _i that specify the copy range of the OID are determined by using arbitrary means such as random number generation (step S).
913). Here, L is equal to the total length of the personal identifier OID, and l _i is a value arbitrarily determined within the range where the relationship of 0 ≦ p _i ≦ L is established. Next, the information in the range from the position p _I to the position p _i + l _i from the beginning of the OID is copied to the same position of the temporary AID (step S915). That is, this OID fragment is copied from the beginning of the temporary AID to the range of position p _i and position p _i + l _i . Next, the values of p _i and l _i are encrypted by an arbitrary means and written in a defined range of the temporary AID obtained by partially copying the OID (step S917). Next, an arbitrary character string (host name, real domain, etc.) that can uniquely identify on the network the host or domain that operates the secure communication service SCS5 within the defined range of the temporary AID in which these values are written. ) Is SC
The information of S is written (step S919). Next, the temporary AID in which the character string is written is signed with the private key of the certificate authority CA1 (step S921).

Next, the role identifier AID of the user B3 and the public information are sent to the anonymous directory service ADS.
The procedure for registering in 7 will be described. User B3 who is a registrant and anonymous directory service ADS
7, the role identifier AID of user B3 and ADS7
Two-way authentication is performed by any means using the certificate of. Next, the user B3 transmits the value of the transfer control flag, the value of the expiration date, and public information such as hobbies to the ADS 7.
Next, the ADS 7 records the value of the transfer control flag, the value of the expiration date, and all the public information received from the user B3 in the storage device in association with the AID of the user B3.

In the above procedure, the communication between the registrant user B3 and ADS7 may be encrypted.

Next, a procedure for the user A3 to retrieve public information registered in the anonymous directory service ADS7 will be described. Between the user A3 who is the searcher and the anonymous directory service ADS7, the two-way authentication is performed by any means using the role identifier AID of the user A3 and the certificate of the ADS7. Next, the user A3 sends an arbitrary search condition to the ADS7. Next, A
The DS7 presents all the received search conditions to the storage device, and the role identifier A of the registrant who satisfies these search conditions.
Extract the ID. Next, ADS7 is the AID of user A3
And the personalized access ticket PAT from the AID of the registrant who satisfied the search condition, the value of the transfer control flag, and the value of the expiration date.
To generate. Next, ADS7 transmits the generated PAT to user A3.

In the above procedure, communication between the searcher, user A3 and ADS7 may be encrypted.

The one-to-one personalized access ticket is generated as a search result of the anonymous directory service ADS7.

Next, referring to the flowchart shown in FIG. 4, the one-to-one personalized access ticket PA in ADS
The T generation process will be described. First, information of a certain defined length is generated. This is used as a temporary personalized access ticket (temporary PAT) (step S1210). Next, the role identifier AID of the user A3 who is the searcher and the role identifier AID of the user B3 who is the registrant are copied into the range defined by the temporary PAT) (step S1215). Next, the transfer control flag value and the expiration date value are
The ID is written in the defined range of the copied temporary PAT (step S1217). Next, the temporary PAT in which these values are written is signed with the ADS private key (step S1).
219).

Next, the one-to-one individualized access ticket PA
The transfer control by T will be described. Transfer control is P
It is a function of restricting access to a user who has a legitimate access right from a third party (a user who originally does not have the access right) to whom the AT is transferred or eavesdropped.

Anonymous Directory Service AD
The user B3 of S7 and the registrant AID can prohibit the connection to the user B3 from a third party who does not have the access right by setting a value in the transfer control flag of the personalized access ticket PAT. it can.

When the value of the transfer control flag is set to 1, the secure communication service SCS5
Since the caller role identifier AID is authenticated between the caller and the caller according to an arbitrary challenge / response method, even if the caller passes both the caller AID and the PAT to any user other than the caller, the user is registered. Cannot connect to the person via SCS5.

On the other hand, when the value of the transfer control flag is set to 0, no challenge / response is performed between the SCS5 and the caller, so that the caller does not have the caller AID.
When both the PAT and the PAT are given to the users other than the sender, those users can also connect to the anonymous directory service registrant through the SCS5.

Next, the mail access control method in the SCS will be described with reference to FIG.

The sender is "From sender AID @" in the From: line.
The sender's SCS real domain ", To: line to" PAT @
Sender's SCS real domain "format.

SCS is an SMTP (Simple Mail Transfer).
A mail received by an MTA (Message Transfer Agent) such as Protocol) is acquired, and the processing shown in FIG. 5 is executed.

1. The signature of PAT is verified using the public key of ADS7 (step S1413).

If the PAT is tampered with (YES in step S1415), the mail is discarded and the process ends (step S1416).

If tampering cannot be recognized in the PAT (step S1415 NO), the following processing 2. To execute.

2. The sender AID is presented to the PAT and searched (steps S1417, S1419, S142).
1).

An AID that exactly matches the sender AID is P
If not included in the AT (step S1423N
O), discard the mail and end (step S141)
6).

The AID that exactly matches the sender AID is P
If it is included in the AT (step S1423YE
S), the following processing 3. To execute.

3. The value of the expiration date of the PAT is evaluated (steps S1425 and S1427).

If the PAT has expired (NO in step S1427), the mail is discarded and the process ends (step S1416).

If the PAT is within the valid period (YES in step S1427), the following process 4. To execute.

4. By referring to the value of the transfer control flag of the PAT, it is determined whether or not the sender is authenticated (step S1).
431, S1433).

When the value is 1 (step S1433)
YES), challenge / response authentication is executed between the SCS and the sender to verify the signature of the sender (step S1435). If the signature is correct, the called party is designated and the PAT is attached (step S1437). If the signature is incorrect, the mail is discarded and the process ends (step S1416).

If the value is 0 (step S1433)
NO), the recipient is specified and PAT is attached without executing the challenge / response authentication (step S143).
7).

Next, an example of challenge / response between the SCS and the sender will be described. First, the SCS generates arbitrary information, for example, a time stamp, and transmits the generated information to the sender.

[0193] Next, the sender adds the sender A to the received information.
Sign with the private key of the ID and send it to the SCS along with the public key of the sender AID.

The SCS sends the signature of the received information to the sender A.
Verify using the public key of the ID. If the signature is correct, specify the called party and attach the PAT. If the signature is incorrect, the mail is discarded and the process ends.

Next, the method of designating the called party in the SCS will be described. The SCS first sends the sender AID to the PA
It presents to T and searches, and acquires all AIDs that do not completely match the sender AID. Hereinafter, all the acquired AIDs are defined as the callee AIDs. Next, all callees A
For each ID, the callee's AID to the callee's S
Fetch the real domain of CS. Next, the callee is specified in the form of "callee AID @ real domain of SCS of callee". Finally, the SCS changes the caller from "caller AID @ caller's SCS real domain" format to "caller AID" format.

Next, the method of attaching the PAT in the SCS will be described. The SCS attaches the PAT anywhere in the email.

After designating the sender and the recipient and attaching the PAT, the SCS passes the mail to the MTA.

Note that all the above-mentioned processing is the same in the case of a 1-to-N individualized access ticket.

Next, a method of rejecting an incoming call for the personalized access ticket PAT in the SCS will be described.

Call rejection setting: Two-way authentication is performed between the user and the secure communication service SCS5 by any means. Next, the user sends a registration command, the user's own AID, and an arbitrary PAT to the SCS5.
Next, the SCS 5 verifies the received signature of the AID. If the signature is incorrect, the SCS 5 ends the process.
If the signature is correct, the SCS5 sends all Ps received.
For each AT, the signature is verified using the public key of ADS. Discard any PAT with an incorrect signature. If the signature is correct, the received AID is presented to each PAT and searched. For a PAT that includes an AID that exactly matches the received AID, the registration command and the PA
Present T to the storage device and register the PAT in the storage device. P that does not include an AID that exactly matches the received AID
The AT is discarded without being registered in the storage device. In addition,
In the above process, communication between the user and the SCS5 may be encrypted.

Execution of incoming call rejection: The SCS 5 presents the PAT to the storage device and retrieves it. If the PAT that exactly matches the presented PAT is registered in the storage device, the mail is discarded. If the PAT that exactly matches the presented PAT is not registered in the storage device, the mail is not discarded.

Cancellation of incoming call rejection: Two-way authentication is performed between the user and the secure communication service SCS5 by any means. Next, the user presents his AID to the SCS5. Next, SCS5 receives the received AID
Verify the signature of. If the signature is incorrect, SCS
5 ends the process. If the signature is correct, SCS5
Presents the presented AID as a search condition to the storage device to obtain all PATs including the presented AID,
Present to the user. Next, the user refers to all the presented PATs, selects all the PATs for which the call rejection is to be released, and sends them to the SCS 5 together with the deletion command. S that has received all the PATs for which you want to cancel the delete command and reject call
The CS5 presents the received delete command and all PATs to the storage device, and deletes all the received PATs from the storage device.

The call rejection method for the 1-to-N individualized access ticket PAT in the SCS is also the 1-to-1 described above.
This is the same as the method of rejecting an incoming call for an individualized access ticket.

The reply of the mail from the user B to the user A is the same as the reply of the mail from the user A to the user B.

Next, determination of identity will be described with reference to the flowchart of FIG. 6 and FIG.

1. The initial value of the variable OID _M is defined as a bit string having a length equal to the total length L of the OID and all values being 0. In addition, the initial value of the variable OID _V is set to OI
It is defined as a bit string having a length equal to the total length L of D and all values being 0 (step S2511).

2. One A from the set of AIDs to be processed
The ID is selected and the following bit operation is executed (step S2513).

(A) The values of the variables AID _M and AID _V are determined based on the position information contained in the AID (step S2515). Here, AID _M has a length equal to the total length L of the OID, and the value of the position where -OID information is defined is 1. -The value of the position where the OID information is not defined is 0. It is defined as a bit string (Fig. 7). AID _V has a length equal to the total length L of the OID, and the value of the position where the -OID information is defined is the actual value of the OID information. -The value of the position where the OID information is not defined is 0. It is defined as a bit string (Fig. 7).

(B) The AND operation of OID _M and AID _M is executed, and the result is substituted for the variable OVR _M (step S
2517).

(C) AND operation of OVR _M and AID _M ,
The AND operation of OVR _M and OID _M is executed, and the operation results are compared (step S2519).

If they match, OR of OID _M and AID _M
The calculation is executed and the execution result is substituted into OID _M (step S2521). Also, the OR operation of OID _V and AID _V is executed, and the execution result is substituted into OID _M (step S
2523).

If they do not match, the flow advances to step S2525 to execute.

(D) The AID to be processed next is extracted from the set of AIDs to be processed.

When the set includes at least one AID, steps S2513 to S2523 are executed.

If no AID is included in the set, the flow advances to step S2527.

(E) The values of OID _M and OID _V are output (step S2527).

The finally obtained value of OID _M represents all positions of OID information that can be restored from the set of AIDs to be processed. Further, the finally obtained value of OID _V represents all the OID information that can be restored from the set of AIDs to be processed. That is, OID _M and OID _V
If the value of (a) OID _V is used as a search condition, the OID can be calculated stochastically.

(B) The accuracy of the above search can be quantitatively evaluated by the ratio OID _M / L with the OID full length L.

As described above, in the present embodiment, based on the user's request, the certification authority CA1 which is a highly confidential and highly reliable third-party institution secures confidentiality such as name, telephone number, and real email address. Personal identifier O containing high personal information
Role identifier AID that hides these personal information from the ID
Is generated and delivered to the user. By using this AID to identify the user in the communication network and various services provided on the communication network, both the guarantee of the anonymity of the user and the guarantee of the identity of the user can be achieved. In other words, the users can communicate with each other without giving the real name, telephone number, or e-mail address to the other party, and the public information is disclosed to the general public through the anonymous directory service ADS7 as described later. You can also do it.

The user registers information, which is considered to have lower confidentiality than personal information, that is, public information, in the anonymous directory service ADS7. When searching the public information and the registrant AID, the searcher presents the searcher's role identifier AID and arbitrary search conditions to the ADS 7. The ADS 7 extracts the role identifier AID of the registrant that satisfies all the search conditions, and then performs the individualized access from the AID of the registrant who satisfied the search condition, the AID of the registrant that satisfied the search conditions, the transfer control flag value, and the expiration date Generate a ticket PAT.

This one-to-one personalized access ticket PAT
2C, the value of the transfer control flag and the value of the expiration date are set as shown in FIG. 2C. By setting the expiration date in advance, the connection from the caller can be restricted. .

Further, the value of the transfer control flag can prohibit connection from a third party who does not have the access right. That is, when the value of the transfer control flag is set to 1, the secure communication service S
Since the caller role identifier AID is authenticated between the CS5 and the caller according to an arbitrary challenge / response method, even if the caller passes both the caller AID and the PAT to any user other than the caller, that user is Unable to connect to the registrant of anonymous directory service ADS7 via SCS5. On the other hand, when the value of the transfer control flag is set to 0, since no challenge / response is performed between the SCS5 and the caller, the caller sets both the caller AID and PAT to the user other than the caller. Once handed over, those users will also be able to connect to the ADS7 registrant via SCS5.

[0223] Also, the one-to-one individualized access ticket PA
Access ticket PA for individualizing the call with the callee specified by T
A connection request can be made to the communication network so that the call is received at the callee role identifier AID or the caller role identifier AID defined in T. Further, it is possible to reject the call of the one-to-one personalized access ticket PAT selected by the recipient among the calls designated by the one-to-one personalized access ticket PAT. It is also possible to cancel the call rejection of the call of the one-to-one personalized access ticket selected by the callee. In addition, anonymity is exploited to exploit multiple caller role identifiers AI.
As a measure against a sender who repeats an individual attack in D, the identity of the individual identifier OID can be determined from the plurality of sender role identifiers AID, and the individual identifier can be retrieved with a certain probability.

Next, a mail access control method according to the second embodiment of the present invention will be described with reference to FIGS. 8 to 24. In the above-described first embodiment, the case where the caller and the callee are made to correspond one-to-one has been described, whereas in the second embodiment, the caller and the callee are made to correspond to one-to-N, and The case where a new generation and content change of this 1-to-N individualized access ticket are enabled by the user will be described. In addition, this sender is PAT
Is either the owner of the company or a member of the PAT. Similarly, the recipient is either the PAT owner or the PAT member.

In general, the membership of group communication (mailing list, etc.) changes dynamically, so that the organizer of group communication needs to manage contact information such as the member's telephone number and e-mail address. On the other hand, as in the first embodiment, when only a new one-to-one personalized access ticket can be generated, it is difficult to manage the contact information. For example, it is difficult to manage a group as a unit, and because of transfer control, even if it is given to another person, it does not function as an address for group communication such as a mailing list.

In the second embodiment, in order to solve such a problem, the 1-to-N individualized access ticket PAT is used.
It is possible for the user to take the initiative in the new generation of and the change of the contents of the existing 1-to-N individualized access ticket PAT.

First, the definition of each identifier used in the second embodiment will be described with reference to FIGS. 8 and 9.

[0228] Official Identification:
As shown in FIG. 8A, the OID is the certificate authority (Certif).
icate Authority (CA) conforms to the rules by which a user can be uniquely identified.
Was signed by.

Anonymous Identification:
AID) is the personal identifier OI as shown in FIG.
D fragment and its position information, redundant character string, SCS information that is an arbitrary character string (host name, real domain name, etc.) that can uniquely identify the host or domain running SCS on the network The information CA is signed by the certificate authority CA.

The 1: N personalized access ticket PAT is
As shown in FIG. 8 (c), information composed of two or more role identifiers, an owner index, an expiration date, a transfer control flag, and a PAT operation device identifier is signed with the private key of the PAT operation device. Is.

Here, one of the role identifiers AID is P
By presenting the owner AID and the corresponding enabler to the PAT computing device with the AT owner role identifier AID, the AID is added to the PAT, the AID is deleted from the PAT, the expiration date of the PAT is changed, and the PAT is changed. It is possible to change the information included in the PAT, such as changing the value of the transfer control flag.

On the other hand, all the AIDs other than the owner AID included in the PAT are member AIDs, and even if the member AID and the corresponding enabler are presented to the PAT calculation device,
You cannot change the information contained in.

The owner index is numerical data for identifying the owner AID, and includes the owner AID and the member AID.
Is defined as 1 if the first AID in the AID list composed of is the owner AID, 2, if the second AID from the beginning is the owner AID, and n if the nth. . The transfer control flag is defined to have a value of 0 or 1 as in the case of the one-to-one personalized access ticket.

The owner AID is the AID written in the position of the value of the owner index in the AID list.
Is defined as The member AID is defined as all AIDs other than the owner AID. The expiration date is the number of times PAT is used, the absolute time (UTC) when PAT becomes unavailable,
An absolute time (UTC) when the PAT becomes available, a relative time (lifetime) from when the PAT becomes available to when the PAT becomes unavailable, or a combination thereof is defined. The identifier of the PAT computing device (or the PAT computing object on the network) is defined as the serial number of the PAT computing device (or the network identification name of the PAT computing object). The private key of the PAT computing device (or PAT computing object on the network) is defined as uniquely corresponding to the identifier.

Further, in the second embodiment, Enabler is introduced as an identifier corresponding to the role identifier AID. As shown in FIG. 9, the enabler is a signature of the certificate authority CA1 on the information composed of the character string uniquely indicating the enabler and the AID.

Next, the operation for newly generating the PAT and changing the contents will be described. Secure P on communication terminal
The following operations are defined in the AT operation device, the PAT operation object on the CA or on the network legally requested by the CA (hereinafter also referred to as the PAT operation device).

1. Editing the AID List The AID list (hereinafter referred to as the AID list) included in the PAT is edited using the AID and the enabler. Alternatively, a new AID list is generated.

2. Setting expiration date and transfer control flag The value of the expiration date and the transfer control flag included in the PAT are changed using AID and Enabler. Alternatively, a new expiration date value and a new transfer control flag value are set in the newly generated AID list.

The user who has presented the owner AID and the Enabler corresponding to this owner AID to the PAT computing device is
The list of AIDs included in T can be edited. At this time,
Follow the calculation rules below.

(1) New generation (MakePAT) (see FIG. 10): AID list (ALIST <owner AID | member AID
₁ , member AID ₂ , ..., Member AID _n >) are newly generated, and the expiration date value and the transfer control flag value are set for the generated ALIST.

[0241]

[Equation 1] AID _A + AID _B + Enabler of AID _B + Enabler of AID _A → ALIST <AID _A | AID _B > ALIST <AID _A | AID _B > + Enabler of AID _A + Expiration date value + Transfer control flag value → PAT <AID _A | AID _B > (2) Merge (MergePAT) (see FIG. 11): Multiple ALISTs with the same owner AID are merged and the resulting ALIST is merged. , Set the value of expiration date and the value of transfer control flag.

[0242]

[Expression 2] ALIST <AID _A | AID _B1 , AID _B2 , ...> + ALIST <AID _A | AID _C1 , AID _C2 , ...> + Enabler of AID _A → ALIST <AID _A | AID _B1 , AID _B2 , ..., AID _C1 , AID _C2 , ...> ALIST <AID _A | AID _B1 , AID _B2 , ..., AID _C1 , AID _C2 , ...> + Enabler of AID _A + expiration date value + transfer control flag value → PAT <AID _A | AID _B1 , AID _B2 , ..., AID _C1 , AID _C2 ,…> (3) SplitPAT (see FIG. 12): ALIST is decomposed into multiple ALISTs of the same owner AID, and all ALISTs after decomposition On the other hand, the expiration date value and the transfer control flag value are set, respectively.

[0243]

[Expression 3] ALIST <AID _A | AID _B1 , AID _B2 , ..., AID _C1 , AID _C2 , ...> + Enabler of AID _A → ALIST <AID _A | AID _B1 , AID _B2 ,…> + ALIST <AID _A | AID _C1 , AID _C2 , ...> ALIST <AID _A | AID _C1 , AID _C2 , ...> + Enabler of AID _A + expiration date value + transfer control flag value → PAT <AID _A | AID _C1 , AID _C2 , ... > (4) Change Owner (TransPAT) (See Fig. 13): Change the AID owner AID and change the ALIS
Set an expiration date value and a transfer control flag value for T.

[0244]

[Expression 4] ALIST <AID _A | AID _B > + ALIST <AID _A | AID _C1 , AID _C2 ,…> + Enabler of AID _A + Enabler of AID _B → ALIST <AID _B | AID _C1 , AID _C2 ,…> ALIST <AID _B | AID _C1 , AID _C2 ,…> + Enabler of AID _B + expiration date value + transfer control flag value → PAT <AID _B | AID _C1 , AID _C2 ,…> in setting expiration date value In the operation, the following operation is defined so that only the user who owns both the owner AID and the corresponding enabler can set the value of the expiration date.

[0245]

## EQU00005 ## PAT <AID _A | AID _B > + Enabler of AID _A + expiration time value → PAT <AID _A | AID _B > In the operation for setting the value of the transfer control flag, the owner A
The following operation is defined so that only the user who owns both the ID and the corresponding Enabler can set the value of the transfer control flag.

[0246]

[Equation 6] PAT <AID _A | AID _B > + Enabler of AID _A + Value of transfer control flag → PAT <AID _A | AID _B > Next, FIGS. 14 to 20 showing the overall configuration of the present embodiment will be described. 14 to 20, CA to AI
The user A to which D _A is assigned stores AID _A and Enabler of AID _A in the computer of the user A and is connected to input / output devices such as a floppy drive, a CD-ROM drive, a communication board, a microphone, and a speaker. . Alternatively, a communication terminal (telephone, mobile phone, etc.) having a storage device and a data input / output function may be provided with AID _A and Enabl
er of AID _A is saved.

Similarly, the user B, who is assigned AID _B by the CA, assigns AID _B and Enabler to his computer.
Save of AID _B , floppy drive, CD-R
Input / output devices such as OM drive, communication board, microphone, and speaker are connected. Alternatively, AID _B and Enabler of AID _B are stored in a communication terminal (telephone, mobile phone, etc.) having a storage device and a data input / output function.

Thereafter, the user A selects PAT <AID _A | AI
A procedure for generating D _B > will be described. (1) User A uses one of the following means
Obtain D _B and Enabler of AID _B.

Anonymous directory service A
AID _B and Enabler of AID _B are registered in the DS7 and the user A waits for acquisition as a search result (FIG. 14).

-AID _B via e-mail, signaling, etc.
And Enabler of AID _B are directly transmitted to the user A (FIGS. 15 to 16).

Floppy disk, CD-ROM, M
AID _B for magnetic, optical and electronic media such as O and IC cards
And Enabler of AID _B are accumulated and passed to user A. Alternatively, it waits for the user A to browse and acquire (see FIG. 17-
(Fig. 18).

[0252] AID _{B on} paper media such as books and business cards
Enter Enabler of AID _B and give it to User A. Alternatively, it waits for the user A to browse and acquire (FIGS. 19 to 20).

(2) A by any one of the above (1)
User A who acquired ID _B and Enabler of AID _B
Issues a MakePAT command to the PAT arithmetic unit.
This procedure is common to FIGS. 14 to 20, and is defined as follows.

(A) User A sends A to the communication terminal of User A.
ID _A , Enabler of AID _A , AID _B , Enabler o
f AID _B , expiration value, and transfer control flag value are set, and issuance of a MakePAT command is requested.

(B) The communication terminal of user A generates a MakePAT command.

(C) The communication terminal of user A uses the generated Make
PATS the PAT command by means of e-mail, signaling, etc.
Send to T arithmetic unit (issue MakePAT command).

(D) The PAT computing device receives the MakePA received.
The T instruction is processed according to FIGS. 21 and 23, and PAT <AI
Generate D _A | AID _B >. In particular,

[Equation 7] AID _A + AID _B + Enabler of AID _B + Enabler of AID _A → ALIST <AID _A | AID _B > ALIST <AID _A | AID _B > + Enabler of AID _A + expiration time value + transfer control flag Value → PAT <AID _A | AID _B > (e) The PAT computing device generates PAT <AID _A | A
ID _B > is transmitted to the communication terminal of the user A or the communication terminal of the user B as necessary by means of electronic mail, signaling, or the like.

(F) The communication terminal of user A (or user B) saves the received PAT <AID _A | AID _B > in the storage device of the communication terminal of user A.

Merge PAT (MergePAT, FIG. 21,
FIG. 23), PAT split (SplitPAT, FIG. 22, FIG. 2)
3), PAT owner change (TransPAT, FIG. 21, FIG. 23) is the same procedure.

Next, the procedure of MakePAT, MergePAT and TransPAT will be described with reference to the flowchart of FIG.

1. Specify the owner AID (step S
4411).

2. All member AIDs are designated (step S4412).

3. An AID list is generated from the designated owner AID and all designated member AIDs (step S4413). Specifically, the designated owner AID and all designated member AIDs are linked using an arbitrary means.

4. As with the temporary AID, the temporary P
The AT is generated (step S4414).

5. Temporary P that generated the generated AID list
Copy to the range defined by AT (step S441)
5).

6. On the temporary PAT that copied the AID list,
Write the owner index value (step S441)
6).

7. The value of the transfer control flag is written in the temporary PAT in which the value of the owner index has been written (step S4417).

8. Temporary P in which the value of the transfer control flag is written
The expiration date value is written to the AT (step S441).
8).

9. Temporary PAT with the expiration date written
Write the identifier of the PAT computing device in (step S4
419).

10. The temporary PAT in which the identifier of the PAT calculation device is written is signed with the private key of the PAT calculation device (step S4420).

Next, the procedure of SplitPAT will be described with reference to the flowchart of FIG.

1. Specify the owner AID (step S
4511).

2. A as member AID of PAT after division
All IDs are designated (step S4512).

3. An AID list is generated from the designated owner AID and all designated member AIDs (step S4513). Specifically, the designated owner AID and all designated member AIDs are linked using an arbitrary means.

4. As with the temporary AID, the temporary P
The AT is generated (step S4514).

5. Temporary P that generated the generated AID list
Copy to the specified range of AT (step 451)
5).

6. On the temporary PAT that copied the AID list,
Write the value of the owner index (step S451)
6).

7. The value of the transfer control flag is written in the temporary PAT in which the value of the owner index has been written (step S4517).

8. Temporary P in which the value of the transfer control flag is written
The expiration date value is written in the AT (step S451).
8).

9. Temporary PAT with the expiration date written
Write the identifier of the PAT computing device in (step S4
519).

10. The temporary PAT in which the identifier of the PAT arithmetic unit is written is signed with the private key of the PAT arithmetic unit (step S4520).

11. To continue the division (YES in step S4521), 2. Return to 10. Are executed in order.

In the procedure of FIGS. 21 and 22, A
The ID list is generated as follows according to the flowchart of FIG. That is, first, the buffer length is determined (step S4611), and the buffer is generated (step S461).
4612). Next, the owner AID is copied to the free area of the generated buffer (step S4613). Next, the member AID is copied to the free area of the buffer (step S4614), and if the next member AID exists (step S4615 YES), step S4614 is repeated.

Next, the determination of the owner AID will be described. MakePAT, MergePAT, SplitPAT, TransP
Each AT command has two or more arguments, and the role identifier AID, the personalized access ticket PAT, or Enable is defined as an argument. At this time, the PAT arithmetic unit outputs the PAT owner A output after execution of each instruction.
Each ID is specified according to the following rules.

In case of MakePAT For the MakePAT command, the first argument to the Nth argument (N =
AID up to 2, 3, ...) and Enab after the N + 1th argument
Defined by specifying le. For example, MakePAT AID ₁ AID ₂ ... AID _N Enabler of
AID ₁ Enabler of AID ₂ ... Enabler of AID _N- PAT The arithmetic unit uses AI as the first argument of the MakePAT command.
Interpret D as the owner AID.

PAT only if any of the Enablers after the N + 1th argument corresponds to the AID of the first argument
The arithmetic unit uses this AID (that is, the AID of the first argument)
Is output after the MakePAT command is executed, the owner A of the PAT
Specify in ID.

In the case of MergePAT The first argument to the Nth argument (N
= 2,3, ...), PAT is enabled with N + 1 argument
Defined by specifying r. That is, MergePAT PAT ₁ PAT ₂ ... PAT _N Enabler of
The AID-PAT arithmetic unit uses P as the first argument of the MergePAT command.
The AT owner AID is interpreted as the PAT owner AID output after the MergePAT command is executed.

-Enabler of the N + 1th argument is P of the first argument
PAT only if it corresponds to AT owner AID
The arithmetic unit specifies this AID (that is, the owner AID of the PAT of the first argument) as the owner AID of the PAT output after execution of the MergePAT command.

-In the case of SplitPAT In response to the SplitPAT command, PAT is used as the first argument and second
From the argument to the Nth argument (N = 3, 4, ...) In advance
Some defined symbol (in this example, brackets ()
Grouped with one or more AIDs
It is defined that N + 1 argument specifies Enable. Sanawa
Chi,   SplitPAT PAT₁ (AID₁₁) (AID_{twenty one}AID_{twenty two}) ...               (AID_N1AID_N2… AID_NM) Enabler of AID -The PAT arithmetic unit uses P as the first argument of the SplitPAT instruction.
Output AT owner AID after executing SplitPAT command
Interpreted as the owner AID of the PAT to be processed.

-The N + 1th argument Enabler is the first argument P.
PAT only if it corresponds to AT owner AID
The arithmetic unit specifies this AID (that is, the owner AID of the PAT of the first argument) as the owner AID of the PAT output after the SplitPAT command is executed.

In the case of TransPAT For the TransPAT instruction, P is used as the first argument and the second argument.
It is defined that AT is designated by AID in the third argument and Enabler is designated by the fourth and fifth arguments. That is, the TransPAT PAT ₁ PAT ₂ AID Enabler of AID ₁ Enabler of AID ₂ -PAT arithmetic unit is the third argument A of the TransPAT instruction.
Only when the ID is included in the PAT of the second argument, the AID of the third argument is interpreted as the owner AID of the PAT output after the execution of the TransPAT instruction.

-The fourth argument Enabler is the first argument PAT.
And PAT of the second argument, and the Enabler of the fifth argument corresponds to the AID of the third argument, the PAT arithmetic unit transposes the AID of the third argument.
It is designated as the owner AID of the PAT that is output after the PAT command is executed.

Next, the determination of the member AID will be described. MakePAT, MergePAT, SplitPAT, TransP
The definition of each AT instruction follows above. The PAT calculation device specifies the member AID of the PAT output after execution of each command according to the following rules.

In the case of MakePAT, the owner AI of the PAT output after executing the MakePAT instruction
Only when D is formally determined: -The PAT arithmetic unit outputs all AIDs after the second argument of the MakePAT instruction P after the execution of the MakePAT instruction.
Interpreted as an AT member AID.

-Of all the AIDs after the second argument,
Only the AID corresponding to the Enabler designated by the N + 1th argument and thereafter is designated as the member AID of the PAT output after the execution of the MakePAT command.

In the case of MergePAT, the PAT arithmetic unit performs all of the first to Nth arguments specified in the MergePAT command only when the owner AID of the PAT output after execution of the MergePAT command is officially determined. The PAT member AID is designated as the PAT member AID output after the MergePAT command is executed.

In the case of SplitPAT The PAT arithmetic unit determines the member AID of the PAT specified by the first argument of the SplitPAT command only when the owner AID of the PAT output after execution of the SplitPAT command is officially determined. P output after executing the SplitPAT command
Designate AT member AID. At this time, the member AID is assigned to each PAT in parentheses (). For example, in the case of SplitPAT PAT (AID ₁₁ ) (AID ₂₁ AID ₂₂ ) ... (AID _N1 AID _N2 ... AID _NM ) Enabler of AID, (AID ₁₁ ), (AID ₂₁ AID ₂₂ ), and (AID ₂₁ AID ₂₂ ).
ID _N1 AID _N2 ... AID _NM ) becomes a member AID of another PAT having a common owner AID.

In the case of TransPAT, the PAT arithmetic unit has all the member AIDs of the PAT specified by the first argument of the TransPAT command only when the owner AID of the PAT output after the execution of the TransPAT command is officially determined. And the member AI who is scheduled to become the new owner AID of the member AIDs of the PAT specified by the second argument
All the remaining member AIDs except D are TransPAT
It is designated as the member AID of PAT that is output after the command is executed.

Next, the verification of the validity of the enabler will be described. The validity of this enabler is verified by MakePAT,
It is common to MergePAT, SplitPAT, and TransPAT, and is performed as shown in FIG.

1. Input AID and Enabler (step S5511).

2. The input AID and enabler are respectively verified with the public key of the certificate authority CA (step S55).
12). If at least one of them has been tampered with (YES in step S5513), the process ends.

3. A character string that proves to be Enabler is input (step S5514).

4. The start field of Enabler in step S5511 is compared with the character string in step S5514 (step S5515). If they do not match (NO in step S5516), the process ends.

5. If they match (step S551)
6YES), and compares the AID in step S5511 with the AID in the enabler (step S5517).

6. The comparison result is output (step S55).
19).

Next, a third embodiment of the present invention will be described with reference to FIGS.

In the new generation (MakePAT) and owner change (TransPAT) of the personalized access ticket (PAT) in the above-described embodiment, the member AID and the enabler are used.
It is necessary to give the member AID to the owner of the personalized access ticket. However, if this is given to the owner, the owner AID will be used for the group communication hosted by another owner. It becomes possible to participate. That is, there is a problem that impersonation using the member AID becomes possible. Also, if the owner AID and Enabler of member AID are posted on a media that can be viewed by an unspecified number of people, anyone can access the member AID, which causes harassment of the user of the member AID. There is a risk that
There is a problem that impersonation using an ID is also possible.

Therefore, in the present embodiment, even if the Enabler of member AID is not passed to the owner, MakePAT and Tr
Enables ansPAT.

Therefore, in this embodiment, Null-
AID (AID _Null ) and Ena of the Null-AID
bler (Enabler of Null-AID or Enabler of
AID _Null ) to use the personalized access ticket (P
AT) is newly generated and the content of the existing personalized access ticket (PAT) is changed. Where Nu
The operation including the 11-AID is subject to all the following rules: (a) New generation (MakePA) in the above-described embodiment.
T), Merge (MergePAT), Split (SplitPAT),
Calculation rule consisting of changes (TransPAT), (b) Null
-As a rule applicable only to AID, i. Null-
The AID is known to all users, ii. Enabler
of Null-AID is known to all users.

Here, the calculation rules defined in the above embodiment will be described.

(1) Creating a PAT from multiple AIDs (MakeP
AT):

[ _Equation 8] AID _holder + AID _member1 + AID _member2 + ... + AID _memberN + Enabler of AID _member1 + Enabler of AID _member2 + ... + Enabler of AID _memberN + Enabler of AID _holder → PAT <AID _holder | AID _member1 and AID _member2 ,…, AID _memberN > (2) Merge multiple PATs with the same owner (MergePA
T):

PAT <AID _holder | AID _membera1 , AID _membera2 , ..., AID _memberaM > + PAT <AID _holder | AID _memberb1 , AID _memberb2 , ..., AID _memberbN > + Enabler of AID _holder → PAT <AID _holder | AID _membera1 , AID _membera2 , ..., AID _memberaM , AID _memberb1 , AID _memberb2 , ..., AID _memberbN > (3) Divide the PAT into multiple PATs of the same owner (Spli
tPAT):

PAT <AID _holder | AID _membera1 , AID _membera2 , ..., AID _memberaM , AID _memberb1 , AID _memberb2 , ..., AID _memberbN > + Enabler of AID _holder → PAT <AID _holder | AID _membera1 , AID _membera2 ,. AID _memberaM > + PAT <AID _holder | AID _memberb1 , AID _memberb2 , ..., AID _memberbN > (4) Change the PAT owner AID (TransPA
T):

PAT <AID _holder | AID _membera1 , AID _membera2 , ..., AID _memberaM > + PAT <AID _holder | AID _newholder > + Enabler of AID _holder + Enabler of AID _newholder → PAT <AID _newholder | AID _membera1 , AID _membera2 , ..., AID _memberaM > Null-AID is included in the PAT including the expiration date value and the transfer control flag value, the method of designating the expiration date value and the transfer control flag value in the second embodiment described above. Follow

Next, an example of calculation regarding Null-AID will be described.

(1) When PAT <AID _Null | AID _A > is _created from AID _A and Enabler of AID _A : (a) From Null-AID rule (b) i. And (b) ii.
AID _Null and Enabler of AID _Null are known.

(B) By MakePAT

[Equation 12] AID _Null + AID _A + Enabler of AID _A + Enabler of AID _Null → PAT <AID _Null | AID _A > (2) PAT <AID _Null | AID _A > and PAT <AID
_Null | AID _B > and PAT <AID _Null | AI
When making D _A , AID _B >: (a) From Null-AID rules (b) i. And (b) ii.
AID _Null and Enabler of AID _Null are known.

(B) By MergePAT

[Equation 13] PAT <AID _Null | AID _A > + PAT <AID _Null | AID _B > + Enabler of AID _Null → PAT <AID _Null | AID _A , AID _B > (3) PAT <AID _Null | AID _A > PAT <AID
_Null | AID _B > and Enabler of AID _A from PAT
When <AID _A | AID _B > is created: (a) From Null-AID rules (b) i. And (b) ii.
AID _Null and Enabler of AID _Null are known.

(B) By TransPAT

[Equation 14] PAT <AID _Null | AID _A > + PAT <AID _Null | AID _B > + Enabler of AID _Null + Enabler of AID _A → PAT <AID _A | AID _B > Null-AID has the data structure shown in FIG. As shown in FIG. 3, it is composed of a character string uniquely indicating that it is Null-AID (for example, this character string is defined by the certificate authority CA) and a signature of the certificate authority CA given to the character string. To be done.

The data structure of Enabler of Null-AID is, as shown in FIG. 26, a character string uniquely indicating that it is an Enabler (for example, this character string is a certificate authority CA.
Null-AID entity, and
A character string indicating that it is an Enabler and the Null-AI
It is composed of a character string obtained by concatenating the entity of D with the signature of the certificate authority CA.

Note that Null-AID and Enabler o
The f Null-AID is held in the secure PAT arithmetic unit and the secure PAT certificate authority.

Next, a first application example of this embodiment will be described with reference to FIG. In FIG. 27, the following operation is performed.

(1) User B (PAT member) is user B
With a secure PAT computing device connected to
Execute the operation example (1) regarding the ull-AID and execute PAT.
<AID _Null | AID _B > is generated and passed to the user A (PAT owner) by any means.

(2) User A receiving PAT <AID _Null | AID _B > executes (a) Null-AID operation example (1) on the secure PAT operation device connected to the terminal of user A. And make PAT <AID _Null | AID _A >.

(B) The operation example (3) for Null-AID is executed to create PAT <AID _A | AID _B >.

(3) User A creates PAT <AID
Pass _A | AID _B > to user B by any means.

Since the method of determining the expiration date is the same as the method described above, it will be omitted. Further, the processing of the calculation regarding Null-AID is common to the above-mentioned method, and therefore its explanation is omitted.

PAT <AID _Null | AID _A , AID _B
When >> is passed to the user B, the operation example (2) regarding the Null-AID is executed in the operation (2) described above.

Next, a second application example of this embodiment will be described with reference to FIG. In FIG. 28, the following operation is performed.

(1) User B (PAT member) is user B
Nul with a secure PAT computing device connected to other terminals
Executing the calculation example (1) for l-AID to perform PAT <A
Create ID _Null | AID _B >, and register it in the anonymous directory service ADS along with any public information.

(2) User A (PAT owner) uses the secure PAT arithmetic unit connected to the terminal of user A as Nu.
Performing the operation example (1) regarding the 11-AID, PAT <
AID _Null | AID _A > is created and presented to the anonymous directory service ADS with arbitrary search conditions.

(3) If the personal information of the user B satisfies the search condition presented by the user A, the secure PAT arithmetic unit connected to the anonymous directory service ADS (a) Null-AID calculation example ( 2) is executed to make PAT <AID _Null | AID _A , AID _B >.

(B) PAT <AID _Null | AID _A , AI
Pass D _B > to the anonymous directory service ADS.

(4) Anonymous directory service ADS is PAT <AID created by the PAT processor.
_Null | AID _A , AID _B > is passed to the user A.

(5) PAT <AID _Null | AID _A , AI
The user A who receives D _B >, uses the secure PAT arithmetic unit connected to the terminal of the user A, and the following TransPAT.
Perform an operation to create PAT <AID _A | AID _B >.

[0333]

[Equation 15] Since the method of determining the expiration date is the same as the method described above, it is omitted. Further, the processing of the calculation regarding Null-AID is common to the above-mentioned method, and therefore its explanation is omitted.

When PAT <AID _A | AID _B > is generated by the secure PAT arithmetic unit connected to the anonymous directory service ADS, the Enabler of AID _A is passed to the PAT arithmetic unit. Then, in the operation (3) described above, the calculation example (3) regarding Null-AID is executed.

When PAT <AID _B | AID _A > is generated by a secure PAT processor connected to the anonymous directory service ADS and passed to user B, Enabler of AID _B is sent to the PAT processor. hand over. Then, in the operation (3) described above, Null-
The same calculation as the calculation example (3) regarding AID is executed.

Next, a fourth embodiment of the present invention will be described with reference to FIGS. In group communication, there are often situations where it is desired to fix the participants, but in the above-described embodiment, an individualized access ticket (PAT) is used.
Participants cannot be fixed because it does not have the function to make the change impossible. That is, in the above-described embodiment,
Whether to lock the participants is left to the discretion of the owner of the personalized access ticket.

Therefore, in this embodiment, the read-only attribute is set in the personalized access ticket.

Therefore, in this embodiment, God-AI is used.
A read-only attribute is set in the personalized access ticket (PAT) using D (AID _God ). Where G
Operations on od-AID follow all rules below: (a) God-AID is known to all users,
(b) Operations on God-AID are only allowed to be one of the following:

I.i. When the AID _holder is neither AID _Null nor AID _God : PAT <AID _holder | AID _member1 , AID _member2 , ..., AID _memberN > + Enabler of AID _holder → PAT <AID _God | AID _holder , AID _member1 , AID _member2 , ..., AID _memberN > ii. When the AID _holder is AID _Null : PAT <AID _Null | AID _member1 , AID _member2 , ..., AID _memberN > + Enabler of AID _Null → PAT <AID _God | AID _member1 , AID _member2 , ..., AID _memberN > God-AID The data structure is as shown in FIG.
It is composed of a character string uniquely indicating that it is a God-AID (for example, this character string is defined by the certificate authority CA), and the character string signed by the certificate authority CA. The God-AID is held in the secure PAT computing device and secure PAT certificate authority described above.

The processing of PAT including Null-AID is as follows.
21 to 24 are followed. Owner AID is Null-AI
If it is neither D nor God-AID, God-AID is added to the AID list, and the value of the owner index is God-AID in the AID list after the addition of God-AID.
Designate to be equal to the AID position. Owner AI
If D is Null-AID, then N from the AID list
The all-AID is deleted, then the God-AID is added, and finally, the value of the owner index is specified to be equal to the position of the God-AID in the AID list after the addition of the God-AID.

Next, FIG. 30 shows an application example of this embodiment.
Will be described with reference to.

PAT <AID _Null | AID _A > and PAT
<AID _Null | AID _B > and PAT <AID _God |
When making AID _A , AID _B >, the PAT owner (see FIG.
Secure P connected to user A's terminal at 0
The AT arithmetic unit executes the following arithmetic operations.

(1) By the MergePAT described above

PAT <AID _Null | AID _A > + PAT <AID _Null | AID _B > + Enabler of AID _Null → PAT <AID _Null | AID _A , AID _B > (2) Operation rule for God-AID (a) Than AI
D _God is known. (3) From calculation rule (b) ii. Regarding God-AID

[Equation 18] The above calculation is also executed by a secure PAT calculation device (FIG. 31) connected to a third-party computer (search engine or the like) or a secure PAT certificate authority.

Next, with reference to FIG. 32, a fifth embodiment of the present invention will be described.

When the Null-AID is added as described in the third embodiment, the owner of the personalized access ticket (PAT) (user of the owner AID) becomes a member (member) as described below. There is a problem that the access right to the AID user) can be transferred to a third party. Moreover, it can be transferred without permission to the members.

1. The owner _{A of} PAT <AID _A | AID _B > (member is B) creates PAT <AID _Null | AID _B > using PAT <AID _A | AID _B > -AID _A -Enabler of AID _A. Here, it is assumed that A knows all of AAT _A , Enabler of AID _A , AID _Null, and Enabler of AID _Null in addition to PAT <AID _A | AID _B >.

(A) A is PAT <A by MakePAT
Create ID _A | AID _Null >.

[0347]

[Formula 19] AID _A + AID _Null + Enabler of AID _Null + Enabler of AID _A → PAT <AID _A | AID _Null > (b) A is PAT <AID _Null |
Make AID _B >.

[0348]

[Equation 20] PAT <AID _A | AID _B > + PAT <AID _A | AID _Null > + Enabler of AID _A + Enabler of AID _Null → PAT <AID _Null | AID _B > Above 1. After (b), A is PAT <AID _Null | AID _B
> To the third party C, the following 2. Is possible.

2. C is PAT <AID _Null | AID _B
> To make PAT <AID _C | AID _B >. Here, it is assumed that C knows all of AID _C , Enabler of AID _C , AID _Null, and Enabler of AID _Null in addition to PAT <AID _Null | AID _B >.

(A) C is PAT <A by MakePAT
Create ID _Null | AID _C >.

[0351]

[Equation 21] AID _Null + AID _C + Enabler of AID _C + Enabler of AID _Null → PAT <AID _Null | AID _C > (b) C is PAT <AID _C | A by TransPAT.
Create ID _B >.

[0352]

[Equation 22] PAT <AID _Null | AID _B > + PAT <AID _Null | AID _C > + Enabler of AID _Null + Enabler of AID _C → PAT <AID _C | AID _B > As a result of the above 2 (b), C is PAT <AID _C | AID _B >
Since B is obtained, access to B becomes possible.

Therefore, in this embodiment, PAT <AID
_holder ｜ AID _member ＞ is an Aab _member 's Enab
If ler is unknown, then from this PAT PAT <AI
D _{Nu ll} | so as not to be able to make the AID _member>.

In the third embodiment described above, the owner of the PAT does not have PAT <AID without the Enabler of the AID _member.
To create _Null | AID _member >, PAT <AID
It is necessary to create _holder | AID _Null >.

Therefore, in this embodiment, the following rule is added to the Null-AID described in the third embodiment.

Null-AID is the PAT owner AID
Can not be used as a member AID.

PAT <AID _Null ｜ AID _member1 ,
_{AID member2, ..., AID memb erN} > permits.

PAT <AID _holder | AID _Null , A
ID _member1 , AID _member2 , ..., AID _memberN ＞
Is not allowed.

Secure PA in the Embodiments Above
Nul for the T arithmetic unit and the secure PAT certificate authority respectively
A function to check whether the l-AID is included in the member AID is added. This member AID check processing function will be described with reference to the flowchart shown in FIG.

1. Null-AID and PAT are input (step S6911).

2. PAT input in step S6911
All member AIDs from (step S691)
3).

3. The Nu entered in step S6911 for each of the extracted member AIDs.
It is compared with 11-AID (step S6915).

All member AIDs are Null-AID
Does not completely match with (step S6917 NO, S
6919NO), MergePAT, SplitPAT, or Tr
The procedure moves to ansPAT processing (FIG. 21 or 22) (step S6921).

・ Null-AID even if there is only one member AID
If it exactly matches with (YES in step S6917),
The process ends.

Next, a sixth embodiment of the present invention will be described with reference to FIGS. 33 to 39. In the sixth embodiment, link information is added as shown in FIG. 34 (b) to the role identifier AID shown in FIG. 2 in the above-described first embodiment, and at the same time the 1: 1 shown in FIG. Instead of the substance of the role identifier AID included in the personalized access ticket PAT, the link information of the role identifier AID is set as shown in FIG. 34 (c), and the role identifier AID is uniquely specified by the link information. The difference is that it is configured as described above.

The role identifier AID to which the link information is added in this way is called a role identifier with link information AID, and the one-to-one individualized access ticket PAT having the link information of the AID is one-to-one individualized link designation type. It will be referred to as an access ticket PAT. The link information is information that can uniquely identify the role identifier AID,
Data of a type generally called an identifier, for example, a serial number uniquely given to the role identifier AID by the certificate authority CA.

First, with reference to FIG. 33, an overall configuration diagram of a sixth embodiment of the present invention will be described. In FIG. 33, reference numeral 1 denotes a certificate authority CA, which has a right to authenticate an individual identifier OID and a right to issue a role identifier AID, and has a function of assigning a role identifier to a user. 3 is a user, 5 is a secure communication service S
The CS is a CS, which transfers an e-mail between the users 3 and, if necessary, rejects the call and determines the identity of the personal identifier and retrieves it. 7 is an anonymous directory service AD
S is a database that manages the role identifier AID, the value of the transfer control flag, the value of the expiration date, and the public information. That is, the anonymous directory service ADS7 has a function of generating the personalized access ticket PAT from the role identifier AID of the searcher and the role identifier AID of the registrant that satisfies the search condition, and issuing it to the searcher.

A series of processes from the generation of the role identifier AID from the personal identifier based on the user's request to the assignment to the user is basically the same as that of the first embodiment except that the link information is added. There is, but specifically
Will be described with reference to.

FIG. 34 shows a personal identifier OID (Official Id).
entification), a role identifier with link information AID, and a link-specified type one-to-one personalized access ticket PAT. As shown in FIG. 34 (a), the personal identifier OID is a signature of the certificate authority CA 1 on the information composed of an arbitrary character string and a public key according to the rule by which the certificate authority CA 1 can uniquely identify the user. Is. Also, as shown in FIG. 34 (b), the role identifier with link information AID uniquely identifies on the network the fragment of the personal identifier OID and its position information, redundant character string, and the host or domain running the SCS. The certificate authority CA1 signs information that is composed of arbitrary possible character strings (host name, real domain, etc.) and link information.

[0370] Further, as shown in Fig. 34 (c), the link designation type one-to-one personalized access ticket PAT has a transfer control flag, role identifier AID ₀ link information, role identifier AID ₁ link information, and an expiration date. The anonymous directory service ADS has signed the information consisting of

User 3 has role information with link information AI
The process of requesting D from the certificate authority CA1 is the same as that described above in the first embodiment.

Next, the processing for the certificate authority CA1 to issue the role identifier AID to the user 3 in response to the above request for the role identifier AID is the same as that described in the first embodiment.

Next, the process of generating the role information added role identifier AID in the certificate authority CA will be described with reference to FIG. In FIG. 35, the certification authority CA is the personal identifier O
Information having a length equal to the total length L of the ID is generated. This information is used as a temporary role identifier AID (step S721).
1). Next, in order to perform partial copying of the personal identifier OID, the values of the parameters p _i and l _i that specify the copy range of the personal identifier OID are determined by using arbitrary means such as random number generation (step S7213). Here, L is equal to the total length of the personal identifier OID, and l _i is an arbitrarily determined value within the range of satisfying the relationship of 0 ≦ l _i ≦ L. Next, the information in the range from the position p _i to the position p _i + l _i from the head of the personal identifier OID is copied to the same position of the temporary AID (step S7215). That is, this OID fragment is copied from the beginning of the temporary AID to the range of position p _i and position p _i + l _i . Next, the values of p _i and l _i are encrypted and written in a specified range of the temporary AID obtained by partially copying the OID (step S7217). Next, an arbitrary character string (host name, real domain name) that can uniquely identify on the network the host or domain that operates the secure communication service SCS5 within the defined range of the temporary AID in which these values are written. Etc.) is written (step S7219). Next, link information is added (step S7220). Then, the temporary AID in which the character string and the link information are written in this way is signed by the private key of the certificate authority CA1 (step S7221).

Next, the role identifier AID of the user B3 and the public information are sent to the anonymous directory service ADS.
The procedure for registering in 7 will be described. User B3 who is a registrant and anonymous directory service ADS
7, the role identifier AID of user B3 and ADS7
Two-way authentication is performed by any means using the certificate of. Next, the user B3 transmits the transfer control flag value, the expiration date value, and public information such as a hobby to the ADS 7.
Next, the ADS 7 records the value of the transfer control flag, the value of the expiration date, and all the public information received from the user B3 in the storage device in association with the AID of the user B3.

In the above procedure, the communication between the registrant user B3 and ADS7 may be encrypted.

Next, a procedure for the user A3 to retrieve public information registered in the anonymous directory service ADS7 will be described. Between the user A3 who is a searcher and the anonymous directory service ADS7, using the AID of the user A3 and the certificate of ADS7,
Bidirectional authentication is performed by any means. Next, user A3
Send arbitrary search conditions to the anonymous directory service ADS7. Next, the anonymous directory service ADS7 presents all the received search conditions to the storage device, and extracts the role identifier AID of the registrant that satisfies these search conditions. Next, the anonymous directory service ADS7 uses the link specification type 1 from the link information of the role identifier AID of the user A3, the link information of the role identifier AID of the registrant who has satisfied the search condition, the value of the transfer control flag, and the value of the expiration date. Generate a one-to-one personalized access ticket PAT. Next, ADS7 is the generated PA
Send T to user A3.

In the above procedure, communication between the searcher, user A3 and ADS7 may be encrypted.

The link specifying type one-to-one personalized access ticket is generated as a search result of the anonymous directory service ADS7.

Next, with reference to the flow chart of FIG. 36, the process of generating the link-specifying one-to-one personalized access ticket PAT in ADS will be described. First, information of a certain defined length is generated. This is used as a temporary personalized access ticket (temporary PAT) (step S75).
10). Next, the role identifier A of the user A3 who is the searcher
The link information of the ID and the link information of the role identifier AID of the user B3 who is the registrant are copied into the range defined by the temporary PAT (step 7516). Next, the value of the transfer control flag and the value of the expiration date are respectively written in the defined range of the temporary PAT in which the link information of the AID is copied (step S7517). Next, the temporary PAT in which these values are written
Is signed with the private key of ADS (step S7519).

Next, transfer control by the link-specifying one-to-one personalized access ticket PAT will be described. The transfer control is a function of restricting access to a user who has a legitimate access right from a third party who has been transferred or eavesdropped on the PAT (a user who originally does not have the access right).

Anonymous Directory Service AD
By setting a value in the transfer control flag of the personalized access ticket PAT, the user B3 of S7 and the registrant AID can prohibit the connection to the user B3 from a third party who does not have the access right. it can.

When the value of the transfer control flag is set to 1, the secure communication service SCS5
Since the caller role identifier AID is authenticated between the caller and the caller according to an arbitrary challenge / response method, even if the caller passes both the caller AID and the PAT to any user other than the caller, the user is the registrant. Cannot be connected via SCS5.

On the other hand, when the value of the transfer control flag is set to 0, no challenge / response is performed between the SCS5 and the caller, and therefore the caller does not have the caller AID.
When both the PAT and the PAT are given to the users other than the sender, those users can also connect to the anonymous directory service registrant through the SCS5.

Next, the mail access control method in SCS will be described with reference to FIG.

The sender is "From sender AID @" on the From: line.
The sender's SCS real domain ", To: line to" PAT @
Sender's SCS real domain "format.

SCS is an SMTP (Simple Mail Transfer).
A mail received by an MTA (Message Transfer Agent) such as Protocol) is acquired, and the processing shown in FIG. 37 is executed.

1. The PAT signature is verified using the ADS public key (step 7713).

If the PAT signature is tampered with (YES in step S7715), the mail is discarded and the process ends (step S7716).

-If the PAT signature is not tampered with
(Step S7715 NO), the following processing 2. To execute.

2. The link information of the sender AID is presented to the PAT and searched (steps S7717, S7720,
S7722).

If the PAT does not include link information that exactly matches the link information of the sender AID (step S7723 NO), the mail is discarded and the process ends (step S7716).

When the PAT includes link information that completely matches the link information of the sender AID (YES in step S7723), the following processing 3. To execute.

3. The value of the expiration date of the PAT is evaluated (steps S7725, S7727).

If the PAT is out of the valid period (step S7727 NO), the mail is discarded and the process ends (step S7716).

If the PAT is within the valid period (YES in step S7727), the following process 4. To execute.

4. By referring to the value of the transfer control flag of the PAT, it is determined whether or not the sender is authenticated (step S7).
731, S7733).

When the value is 1 (step S7733)
YES), the SCS presents the link information to the certificate authority CA to acquire the substance of the sender AID and the public key of the sender AID, and executes challenge / response authentication between the SCS and the sender to establish the sender. The signature of (step S7
735). If the signature is correct, specify the callee and P
AT is attached (step S7737). If the signature is incorrect, the mail is discarded and the process ends (step S).
7716).

If the value is 0 (step S7733)
NO), the recipient is specified without executing the challenge / response authentication, and the PAT is attached (step S773).
7).

The challenge / response method between the SCS and the sender is the same as the challenge / response method for the one-to-one personalized access ticket.

Next, the method of designating the called party in the SCS will be described.

First, the SCS presents the link information of the sender AID to the PAT and retrieves it, and acquires all the link information that does not completely match the link information of the sender AID. Next, all the acquired link information is presented to the certificate authority CA and searched, and the AID is acquired. All AIDs obtained
Will be hereinafter defined as the called party AID. Next, for all the acquired AIDs, the real domain of the recipient's SCS is extracted from the recipient's AID. Next, call the recipient
Specify the callee in the format of "callee AID @ real domain of callee's SCS." Finally, SCS identifies the caller as "caller AID @
From the sender's SCS real domain format to "sender AI
Change to D "format.

The method of attaching the PAT in the SCS is the same as the method of attaching the PAT to the 1: 1 personalized access ticket.

Next, the link specification type one-to-one in SCS
A method of rejecting an incoming call to the personalized access ticket PAT will be described.

Call rejection setting: Two-way authentication is performed between the user and the secure communication service SCS5 by any means. Next, the user sends a registration command, the user's own AID, and an arbitrary PAT to the SCS5.
Next, the SCS 5 verifies the received signature of the AID. If the signature is incorrect, the SCS 5 ends the process.
If the signature is correct, the SCS5 sends all Ps received.
For each AT, the signature is verified using the public key of ADS. Discard any PAT with an incorrect signature. If the signature is correct, the link information is extracted from the received AID, and the extracted link information is added to each P
Present to AT and search. Regarding the PAT including the link information that completely matches the link information of the received AID, the registration command and the PAT are presented to the storage device, and the PAT is registered in the storage device. A PAT that does not include link information that exactly matches the received AID link information is discarded without being registered in the storage device. In the above process, communication between the user and SCS5 may be encrypted.

Execution of Call Rejection: The SCS5 presents the PAT to the storage device and retrieves it. If the PAT that exactly matches the presented PAT is registered in the storage device, the mail is discarded. If the PAT that exactly matches the presented PAT is not registered in the storage device, the mail is not discarded.

Cancellation of incoming call rejection: Two-way authentication is performed between the user and the secure communication service SCS5 by any means. Next, the user presents his AID to the SCS5. Next, SCS5 receives the received AID
Verify the signature of. If the signature is incorrect, SCS
5 ends the process. If the signature is correct, SCS5
Retrieves the link information from the presented AID, presents the retrieved link information to the storage device as a search condition,
Get all PATs including the provided link information,
Present to the user. Next, the user refers to all the presented PATs, selects all the PATs for which the call rejection is to be released, and sends them to the SCS 5 together with the deletion command. S that has received all the PATs for which you want to cancel the delete command and reject call
The CS5 presents the received delete command and all PATs to the storage device, and deletes all the received PATs from the storage device.

[0407] The link specification type 1 to N in SCS
The method for rejecting an incoming call for an individualized access ticket PAT is the same as the method for rejecting an incoming call for the link-designated one-to-one individualized access ticket.

Next, the flow chart of FIG. 38 and FIG.
The determination of identity will be described with reference to FIG.

1. The initial value of the variable OID _M is defined as a bit string having a length equal to the total length L of the OID and all values being 0. In addition, the initial value of the variable OID _V is set to OI
It is defined as a bit string having a length equal to the total length L of D and all values being 0 (step S7911).

2. One AID with link information is selected from the set of AIDs with link information to be processed, and the following bit operation is executed (step S7913).

(A) The values of the variable AID _M and the variable AID _V are determined based on the position information included in the AID with link information (step S7915). Here, AID _M has a length equal to the total length L of the OID, and the value of the position where -OID information is defined is 1. -The value of the position where the OID information is not defined is 0. It is defined as a bit string (FIG. 39).

AID _V has a length equal to the total length L of the OID, and the value at the position where the -OID information is defined is the actual value of the OID information. -The value of the position where the OID information is not defined is 0. It is defined as a bit string (FIG. 39).

(B) The AND operation of OID _M and AID _M is executed, and the result is substituted into the variable OVR _M (step S
7917).

(C) AND operation of OVR _M and AID _M ,
An AND operation of OVR _M and OID _M is executed, and the operation results are compared (step S7919).

When they match, OR of OID _M and AID _M
The calculation is executed and the execution result is substituted into OID _M (step S7921). Also, the OR operation of OID _V and AID _V is executed, and the execution result is substituted into OID _M (step S
7923).

If they do not match, the flow advances to step S7925 to execute.

(D) The AID with link information to be processed next is extracted from the set of AIDs with link information to be processed.

When the set includes at least one AID with link information, steps S7913 to S7
923 is executed.

If the set does not include any AID with link information, the process advances to step S7927.

(E) The values of OID _M and OID _V are output (step S7927).

The value of OID _M finally obtained is the OID that can be restored from the set of AIDs with link information to be processed.
Represents all locations of information. In addition, the finally obtained value of OID _V is the AID with link information to be processed.
Represents all of the OID information that can be restored from the set. That is, when the values of OID _M and OID _V are used, (a) OID _V can be stochastically calculated by using the value of OID _V as a search condition.

(B) The accuracy of the above search can be quantitatively evaluated by the ratio OID _M / L with the OID full length L.

As described above, in the present embodiment, based on the user's request, the certification authority CA1 which is a highly confidential and highly reliable third-party organization confirms confidentiality such as name, telephone number, and real email address. Personal identifier O containing high personal information
A role information-attached role identifier AID that conceals these personal information from the ID is generated and delivered to the user. This AI
By using D to identify the user in the communication network and various services provided on the communication network, both the guarantee of the anonymity of the user and the identification of the user can be achieved. In other words, the users can communicate with each other without giving the real name, telephone number, or e-mail address to the other party, and as described later, the public information can be provided to an unspecified number of people via the anonymous directory service ADS7. It can also be disclosed.

The user registers information, which is considered to be less confidential than personal information, that is, public information, in the anonymous directory service ADS7. When searching the public information and the registrant AID, the searcher presents the role identifier AID of the searcher with the link information and arbitrary search conditions to the anonymous directory service ADS7.
The anonymous directory service ADS7 extracts the role identifier AID with the link information of the registrant that satisfies all the search conditions, and then registers the link information of the role identifier AID with the link information of the searcher and the search conditions. The link specifying type one-to-one personalized access ticket PAT is generated from the link information of the role identifier with link information AID of the person, the value of the transfer control flag, and the value of the expiration date.

As shown in FIG. 34 (c), the value of the transfer control flag and the value of the expiration date are set in the link specifying type one-to-one personalized access ticket PAT. The expiration date is set in advance. By setting, it is possible to restrict the connection from the caller.

Also, the value of the transfer control flag can prohibit connection from a third party who does not have the access right. That is, when the transfer control flag is set to 1, the secure communication service SCS
Since the caller role identifier AID is authenticated between the caller 5 and the caller according to an arbitrary challenge / response method, even if the caller passes both the caller AID and PAT to any user other than the caller, that user is Unable to connect to the registrant of anonymous directory service ADS7 via SCS5. On the other hand, if the transfer control flag is set to 0, no challenge / response is performed between the SCS5 and the caller, so if the caller passes both the caller AID and PAT to a user other than the caller. , Those users can also connect to the registrants of ADS7 through SCS5.

[0427] In addition, a link specifying type 1-to-1 individualized access ticket PAT is used for link specifying type 1 call
Recipient role identifier AID or sender role identifier A specified by the link information of the one-to-one personalized access ticket PAT
A connection request can be made to the communication network so that the ID is received. Furthermore, it is possible to reject the call of the link-specifying 1-to-1 individualized access ticket PAT selected by the callee among the calls designated by the link-specifying 1-to-1 individualized access ticket PAT. It is also possible to cancel the call rejection of the call of the link specifying type one-to-one personalized access ticket selected by the callee. Furthermore, as a countermeasure against a sender who repeats a personal attack with a plurality of sender role identifiers AID by exploiting anonymity, the plurality of sender role identifiers A
The identity of the personal identifier OID can be determined from the ID, and the personal identifier can be retrieved with a certain probability.

Next, a mail access control method according to the seventh embodiment of the present invention will be described with reference to FIGS. 40 to 49. In the sixth embodiment described above, the case where the caller and the callee are made to correspond one-to-one has been described. In the seventh embodiment, as in the second embodiment described above, Corresponding the callee to 1 to N,
A case will be described in which a new generation and a content change of a link-specified type 1-to-N individualized access ticket are enabled by the user. The sender is either the PAT owner or the PAT member. Similarly, the recipient is either the PAT owner or the PAT member.

As described in the second embodiment, the membership of group communication (mailing list, etc.) changes dynamically, so that the organizer of group communication is the member's telephone number,
You need to manage contact information such as email addresses. On the other hand, as in the sixth embodiment, in the case where only a new link specifying type one-to-one personalized access ticket can be newly generated, it is difficult to manage the contact information. For example, it is difficult to manage the group as a unit,
Also, because of transfer control, even if it is given to another person, it does not function as an address for group communication such as a mailing list.

In the seventh embodiment, in order to solve such a problem, a new generation of the link specifying type 1: N personalized access ticket PAT and the contents of the existing link specifying type 1: N individualizing access ticket PAT are performed. It allows users to make changes.

First, the definition of each identifier used in the seventh embodiment will be described with reference to FIGS. 40 and 41.

As shown in FIG. 40 (a), the personal identifier OID is signed by the certification authority CA1 with respect to information consisting of an arbitrary character string and a public key according to a rule by which the certification authority CA1 can uniquely identify a user. It was done.

The role identifier AID with link information is shown in FIG.
As shown in 0 (b), a fragment of the personal identifier OID and its position information, a redundant character string, an arbitrary character string (host name, real character) that can uniquely identify the host or domain running the SCS on the network. The certificate authority CA1 signs the information of the SCS, which is the domain name), and the information composed of the link information. Also, AID is SCS
It may be encrypted by CA or CA. The link information is
It is the same as that of the sixth embodiment.

[0434] The link specifying type 1: N personalized access ticket (PAT) is shown in FIG.
As shown in (c), link information of two or more role identifiers, owner index, expiration date, transfer control flag,
For information composed of PAT operation device identifier, PA
It is signed by the secret key of the T arithmetic unit.

Here, one piece of the link information of the role identifier AID is the link information of the owner role identifier AID of this PAT, and the link information of the owner AID and the corresponding En
By presenting the abler to the PAT computing device,
It is possible to change the information contained in the PAT, such as adding the AID link information to the PAT, deleting the AID link information from the PAT, changing the expiration date of the PAT, and changing the value of the transfer control flag of the PAT.

On the other hand, all the link information of the AID other than the link information of the owner AID included in the PAT is the member AID.
Even if the link information of the member AID and the corresponding Enabler are presented to the PAT computing device with the link information of 1, the information included in the PAT cannot be changed.

The owner index is numerical data for identifying the link information of the owner AID.
If the link information of the first AID in the link specification type AID list composed of the link information of the member AID and the link information of the member AID is the link information of the owner AID, the link information of the second AID from the first is owned. If the link information of the owner AID is 2, ..., And if the link information of the nth AID is the link information of the owner AID, it is defined as n.

It is defined that the transfer control flag can take a value of 0 or 1 as in the case of the link designation type one-to-one personalized access ticket.

The link information of the owner AID is defined as the link information of the AID written in the position of the value of the owner index in the link designation type AID list. The link information of the member AID is defined as the link information of all AIDs other than the link information of the owner AID.

The expiration date is the number of times the PAT is used, the absolute time (UTC) when the PAT is unavailable, the absolute time (UTC) when the PAT is available, and the period from when the PAT becomes available until it becomes unavailable. One of the relative times (lifetime) or a combination of two or more is defined. PAT computing device (or PAT computing object on network)
Is the serial number of the PAT computing device (or the network identifier of the PAT computing object)
Is defined as

The private key of the PAT computing device (or PAT computing object on the network) is defined to uniquely correspond to the identifier.

Further, in the seventh embodiment, Enabler is introduced as an identifier corresponding to the role identifier AID. As shown in FIG. 41, the enabler is a signature of the certificate authority CA1 on the information composed of the character string uniquely indicating the enabler and the AID with link information.

Next, an operation for newly generating a PAT and changing the contents will be described. Secure P on communication terminal
The following operations are defined in the AT operation device, the PAT operation object on the CA or on the network legally requested by the CA (hereinafter, also referred to as PAT operation device), which is the second operation. This is the same as that of the embodiment and will be described with reference to FIGS.

1. Editing the link specification type AID list The link specification type AID list, which is the list of the link information of the AID included in the PAT, is edited using the AID with link information and the enabler. Or, link specified type AID
Generate a new list.

2. Setting of Expiration Date and Transfer Control Flag Value Using the AID with link information and Enabler, the expiration date value and the transfer control flag value included in the PAT are changed. Alternatively, a new expiration date value and a new transfer control flag value are set in the newly generated link specification type AID list.

The user who has presented the owner AID and the enabler corresponding to this owner AID to the PAT arithmetic unit is
The list of link information of AID included in T can be edited. At this time, the following calculation rules are followed.

(1) New generation (MakePAT) (see FIG. 10): Link-specified AID list (LALIST <(link)
Owner AID | (Link) Member AID ₁ , (Link) Member AID ₂ , ..., (Link) Member AID _n >) (However,
(Link) AID _X represents that it is the link information of AID _X ), and for the generated LOCALIST,
Set the value of expiration date and the value of transfer control flag.

[0448]

[Formula 23] (link) AID _A + (link) AID _B ＋ Enabler of AID _B ＋ Enabler of AID _A → LALIST <(link) AID _A ｜ (link) AID _B ＞ LALIST <(link) AID _A ｜ (link) AID _B ＞ + Enabler of AID _A + Expiration date value + Value of transfer control flag → PAT <(link) AID _A | (link) AID _B > (2) Merge (MergePAT) (see FIG. 11): Multiple LALISTs of the same owner AID are merged and the merged LALIST , Set the value of expiration date and the value of transfer control flag.

[0449]

[Equation 24] LALIST <(link) AID _A | (link) AID _B1 , (link) AID _B2 ,…> + LALIST <(link) AID _A | (link) AID _C1 , (link) AID _C2 ,…> + Enabler of AID _A → LALIST <(link) AID _A | (link) AID _B1 , (link) AID _B2 , ..., (link) AID _C1 , (link) AID _C2 , ...> LALIST <(link) AID _A | ( (Link) AID _B1 , (link) AID _B2 , ..., (link) AID _C1 , (link) AID _C2 , ...> + Enabler of AID _A + expiration date value + transfer control flag value → PAT <(link) AID _A | (link) AID _B1, (link) AID _B2, ..., (link) AID _{C1, (link) AID C2, ...> (3} ) dividing (SplitPAT) (see Figure 12): L LIST decomposed into a plurality LALIST commonly owned AID and for all LALIST the decomposed, respectively, to set the values of and transfer control flag expiration.

[0450]

LALIST <(link) AID _A | (link) AID _B1 , (link) AID _B2 , ..., (link) AID _C1 , (link) AID _C2 ,…> + Enabler of AID _A → LALIST <(link ) AID _A | (link) AID _B1 , (link) AID _B2 , ...> + LALIST <(link) AID _A | (link) AID _C1 , (link) AID _C2 , ...> LALIST <(link) AID _A | ( Link) AID _C1 , (link) AID _C2 , ...> + Enabler of AID _A + expiration date value + transfer control flag value → PAT <(link) AID _A | (link) AID _C1 , (link) AID _C2 , …> (4) Change Owner (TransPAT) (See Fig. 13): Change the owner AID of LALIST and change LAL after change
Set an expiration date value and a transfer control flag value for IST.

[0451]

[Equation 26] LALIST <(link) AID _A | (link) AID _B > + LALIST <(link) AID _A | (link) AID _C1 , (link) AID _C2 , ...> + Enabler of AID _A + Enabler of AID _B → LALIST <(link) AID _B | (link) AID _C1 , (link) AID _C2 ,…> LALIST <(link) AID _B | (link) AID _C1 , (link) AID _C2 ,…> + Enabler of AID _B + expiration date value + transfer control flag value → PAT <(link) AID _B | (link) AID _C1 , (link) AID _C2 , ...> In the operation of setting the expiration date value, the owner AID and this The following operation is defined to allow only the user who owns both Enablers corresponding to the above to set the expiration value.

[0452]

[Equation 27] PAT <(link) AID _A | (link) AID _B > + Enabler of AID _A + expiry value → PAT <(link) AID _A | (link) AID _B > Setting of transfer control flag In operation, owner A
The following operation is defined so that only the user who owns both the ID and the corresponding Enabler can set the value of the transfer control flag.

[0453]

PAT <(link) AID _A | (link) AID _B > + Enabler of AID _A + value of transfer control flag → PAT <(link) AID _A | (link) AID _B > Next, the present embodiment 42 to 48 showing the overall configuration of the above will be described. 42 to 48, CA to AI
The user A to which D _A is assigned stores AID _A and Enabler of AID _A in the computer of the user A and is connected to input / output devices such as a floppy drive, a CD-ROM drive, a communication board, a microphone, and a speaker. . Alternatively, a communication terminal (telephone, mobile phone, etc.) having a storage device and a data input / output function may be provided with AID _A and Enabl
er of AID _A is saved.

Similarly, the user B assigned with AID _B by the CA assigns AID _B and Enabler to his computer.
Save of AID _B , floppy drive, CD-R
Input / output devices such as OM drive, communication board, microphone, and speaker are connected. Alternatively, AID _B and Enabler of AID _B are stored in a communication terminal (telephone, mobile phone, etc.) having a storage device and a data input / output function.

Thereafter, the user A selects PAT <(link) AI.
_A procedure for generating D _A | (link) AID _B > will be described.

(1) User A obtains AID _B and Enabler of AID _B by using any of the following means.

-Anonymous directory service A
AID _B and Enabler of AID _B are registered in the DS7 and the user A waits for acquisition as a search result (FIG. 42).

-AID _{B by} e-mail, signaling, etc.
And Enabler of AID _B are directly transmitted to the user A (FIGS. 43 to 44).

Floppy disk, CD-ROM, M
AID _B for magnetic, optical and electronic media such as O and IC cards
And Enabler of AID _B are accumulated and passed to user A. Alternatively, it waits for the user A to browse and acquire the data (FIG. 45-
(Fig. 46).

[0460] ・ AID _{B on} paper media such as books and business cards
Enter Enabler of AID _B and give it to User A. Alternatively, it waits for the user A to browse and acquire (FIGS. 47 to 48).

(2) A by any one of the above-mentioned means (1)
User A who acquired ID _B and Enabler of AID _B
Issues a MakePAT command to the PAT arithmetic unit.
This procedure is common to FIGS. 42 to 48 and is defined as follows.

(A) The user A uses the communication terminal of the user A for A
ID _A , Enabler of AID _A , AID _B , Enabler o
f AID _B , expiration value, and transfer control flag value are set, and issuance of a MakePAT command is requested.

(B) The communication terminal of user A generates a MakePAT command.

(C) The communication terminal of user A uses the generated Make
PATS the PAT command by means of e-mail, signaling, etc.
Send to T arithmetic unit (issue MakePAT command).

(D) The PAT computing device receives the MakePA received.
The T command is processed according to FIGS. 21 and 49 to generate PAT <(link) AID _A | (link) AID _B >. In particular,

[Formula 29] (link) AID _A + (link) AID _B ＋ Enabler of AID _B ＋ Enabler of AID _A → LALIST <(link) AID _A ｜ (link) AID _B ＞ LALIST <(link) AID _A ｜ (link) AID _B ＞ + Enabler of AID _A + Expiration date value + Value of transfer control flag → PAT <(link) AID _A | (link) AID _B > (e) PAT computing device generates PAT <(link) A
ID _A | (link) AID _B > is transmitted to the communication terminal of the user A, or the communication terminal of the user B as necessary, by means of electronic mail, signaling, or the like.

(F) The communication terminal of user A (or user B) stores the received PAT <(link) AID _A | (link) AID _B > in the storage device of the communication terminal of user A.

Merge PAT (MergePAT, FIG. 21,
49), PAT split (SplitPAT, FIG. 22, FIG. 4)
9), PAT owner change (TransPAT, FIG. 21, FIG. 49) is the same procedure.

The procedure of MakePAT, MergePAT, and TransPAT is as described above with reference to FIG. 21, except that the AID is replaced with the link information of the AID and the AID list is replaced with the link-designated AID list. Also,
The procedure of SplitPAT is also as described above with reference to FIG. 22, except that the AID is replaced with the link information of the AID and the AID list is replaced with the link-designated AID list.

However, in the procedure of FIGS. 21 and 22, the link designation type AID list is generated as follows according to the flowchart of FIG. That is, first, the buffer length is determined (step S9011) and the buffer is generated (step S9012). Next, the link information of the owner AID is copied to the free area of the generated buffer (step S9017). Next, the link information of the member AID is copied to the empty area of the buffer (step S901).
8) If the next member AID exists (step S901)
5YES) Repeat step S9018.

Next, the determination of the link information of the owner AID will be described.

MakePAT, MergePAT, SplitPAT,
Each command of TransPAT has two or more arguments, and the role identifier AID and the personalized access ticket P are used as arguments.
Define that AT or Enabler can be specified. At this time, the PAT arithmetic unit outputs P output after executing each instruction.
The link information of the owner AID of the AT is specified according to the following rules.

In case of MakePAT For the MakePAT instruction, the first argument to the Nth argument (N =
AID up to 2, 3, ...) and Enab after the N + 1th argument
Defined by specifying ler. For example, MakePAT AID ₁ AID ₂ ... AID _N Enabler of
AID ₁ Enabler of AID ₂ ... Enabler of AID _N- PAT The arithmetic unit uses AI as the first argument of the MakePAT command.
Interpret the link information of D as the link information of the owner AID.

-PAT only if any of the Enablers after the N + 1th argument corresponds to the AID of the first argument
The arithmetic unit specifies the link information of this AID (that is, the link information of the AID of the first argument) as the link information of the owner AID of the PAT that is output after execution of the MakePAT command.

In the case of MergePAT The first argument to the Nth argument (N
= 2,3, ...), PAT is enabled with N + 1 argument
Defined by specifying r. That is, MergePAT PAT ₁ PAT ₂ ... PAT _N Enabler of
The AID-PAT arithmetic unit uses P as the first argument of the MergePAT command.
Interpret the AT owner AID link information as the PAT owner AID link information that is output after the MergePAT command is executed.

-Enabler of the N + 1th argument is P of the first argument
PAT only if it corresponds to AT owner AID
The arithmetic unit merges the link information of this AID (that is, the link information of the owner AID of the PAT of the first argument) with MergePA.
It is specified in the link information of the owner AID of the PAT that is output after execution of the T command.

In the case of SplitPAT For the SplitPAT instruction, the PAT is given as the first argument and the second as the second argument.
From the argument to the Nth argument (N = 3, 4, ...), a group of one or more AIDs that are grouped by some predetermined symbol (in this example, parentheses ()), and the N + 1th argument enabler Is defined. That is, SplitPAT PAT ₁ (AID ₁₁ ) (AID ₂₁ AID ₂₂ ) ... (AID _N1 AID _N2 ... AID _NM ) Enabler of AID-PAT The arithmetic unit is the first argument P of the SplitPAT command.
Interpret the link information of the AT owner AID as the link information of the PAT owner AID that is output after the SplitPAT command is executed.

-The N + 1th argument Enabler is the first argument P
PAT only if it corresponds to AT owner AID
The arithmetic unit sends the link information of this AID (that is, the link information of the owner AID of the PAT of the first argument) to SplitPA.
It is specified in the link information of the owner AID of the PAT that is output after execution of the T command.

In the case of TransPAT, P for the first argument and the second argument for the TransPAT instruction
It is defined that AT is designated by AID in the third argument and Enabler is designated by the fourth and fifth arguments. That is, the TransPAT PAT ₁ PAT ₂ AID Enabler of AID ₁ Enabler of AID ₂ -PAT arithmetic unit is the third argument A of the TransPAT instruction.
Only when the link information of the ID is included in the PAT of the second argument, the link information of the AID of the third argument is set to TransP
It is interpreted as the link information of the PAT owner AID output after the AT command is executed.

-The fourth argument Enabler is the first argument PAT.
And PAT of the second argument, and the Enabler of the fifth argument corresponds to the AID of the third argument, the PAT arithmetic unit transmits the link information of the AID of the third argument to TransPAT. It is specified in the link information of the owner AID of the PAT that is output after the command is executed.

Next, the determination of the link information of the member AID will be described. MakePAT, MergePAT, SplitPA
The definition of each T and TransPAT instruction follows the above. The PAT computing device outputs the PAT member AI output after each command is executed.
The link information of D is specified according to the following rules.

In the case of MakePAT, the owner AI of the PAT output after executing the MakePAT instruction
Only when the link information of D is officially determined: -The PAT arithmetic unit uses the link information of all the AIDs after the second argument of the MakePAT command as the link information of the member AID of the PAT that is output after executing the MakePAT command. Interpret as there is.

-Of all AIDs after the second argument,
Only the link information of the AID corresponding to the Enabler specified by the N + 1th argument and thereafter, the PAT arithmetic unit is MakePAT.
It is specified in the link information of the member AID of PAT that is output after the command is executed.

In the case of MergePAT The PAT arithmetic unit is designated by the first argument to the Nth argument of the MergePAT command only when the link information of the owner AID of the PAT output after the execution of the MergePAT command is officially determined. The link information of the member AIDs of all the PATs are specified as the link information of the member AIDs of the PATs that are output after the execution of the MergePAT command.

In the case of SplitPAT, the PAT arithmetic unit is a member of the PAT specified by the first argument of the SplitPAT command only when the link information of the owner AID of the PAT output after the execution of the SplitPAT command is officially determined. The link information of the AID is designated as the link information of the member AID of the PAT that is output after the SplitPAT command is executed. At this time, the link information of the member AID is distributed to different PATs in parentheses (). For example, in the case of SplitPAT PAT (AID ₁₁ ) (AID ₂₁ AID ₂₂ ) ... (AID _N1 AID _N2 ... AID _NM ) Enabler of AID, (AID ₁₁ ), (AID ₂₁ AID ₂₂ ) and (AID ₂₁ AID ₂₂ )
The link information of ID _N1 AID _N2 ... AID _NM ) becomes the link information of the member AID of another PAT in which the link information of the owner AID is common.

In the case of TransPAT, the PAT arithmetic unit determines all of the PAT specified by the first argument of the TransPAT command only when the link information of the owner AID of the PAT output after the execution of the TransPAT command is officially determined. Of all the member AIDs other than the link information of the member AID of the PAT designated by the second argument and the link information of the member AID of the PAT designated by the second argument.
It is specified in the link information of the member AID of PAT that is output after execution of the T command.

The verification of the validity of the Enabler in this embodiment is the same as the above description with reference to FIG. The validity of this enabler is verified by MakePAT and MergePA.
It is common to T, SplitPAT, and TransPAT.

Next, an eighth embodiment of the present invention will be described.

In the eighth embodiment, the personal identifier OID is a real mail address. The personalized access ticket PAT is for information composed of two or more real mail addresses, an owner index, an expiration date, a transfer control flag, and an identifier of a PAT computing device (or a PAT computing object on the network), It is signed with the private key of the PAT computing device (or PAT computing object on the network).

One of the actual mail addresses is this PA
Add the real mail address to the PAT by presenting both the owner mail address and the Enabler including the owner mail address to the PAT calculation device (or the PAT calculation object on the network) as the owner mail address of T. Information contained in the PAT can be changed, such as deletion, change of the expiration date of the PAT, change of the value of the transfer control flag of the PAT, and the like.

On the other hand, among the real mail addresses included in the PAT, all real mail addresses other than the owner mail address are member mail addresses, and the enabler including the member mail address and the member mail address is set as the PAT computing device (or on the network). Even if presented to the PAT calculation object), the information contained in the PAT cannot be changed.

The owner index is numerical data for identifying the owner mail address. In the mail address list consisting of the owner mail address and the member mail address, 1 if the first real mail address is the owner mail address, 2 if it is the second from the top, ... Is defined as n.

In the mail address list, the owner mail address is defined as the actual mail address written in the position designated by the owner index. on the other hand,
Member email addresses are defined as all real email addresses other than the owner email address.

The transfer control flag is defined to have a value of 0 or 1.

The expiration date is the number of times the PAT is used, the absolute time (UTC) when the PAT is unavailable, the absolute time (UTC) when the PAT is available, and the period from when the PAT becomes available until it becomes unavailable. One of the relative times (lifetime) or a combination of two or more is defined.

The identifier of the PAT computing device (or the PAT computing object on the network) is defined as the serial number of the PAT computing device (or the network identification name of the PAT computing object).

The private key of the PAT computing device (or PAT computing object on the network) is defined as uniquely corresponding to the identifier.

[0497] Also, Enabler is defined as an identifier corresponding to the actual mail address. The enabler is data obtained by signing with a secret key of a PAT calculation device (or a PAT calculation object on the network) with respect to data composed of information uniquely indicating the enabler and an actual mail address.

The PAT is generated as follows.

A directory is given as an example of the PAT operation object on the network. The directory manages the user's real email address and public information in association with each other, inputs the search condition presented by any user, and
Output AT.

The user sends the real mail address and the search condition to the directory. The directory acquires all real email addresses that uniquely correspond to public information that satisfies the search conditions. Next, a list of real email addresses is constructed from the real email addresses of the users who presented the search conditions and all the real email addresses acquired as the search results.
Next, the value of the owner index, the value of the expiration date, the value of the transfer control flag, and the directory identification name are added. Finally, the added data is signed with the private key of the directory and sent as PAT to the user who presented the search condition.

Mail access control is performed as follows.

The sender specifies the sender's real mail address in the From: line of the mail and the PAT @ sender's real domain in the To: line.

SCS is an SMTP (Simple Mail Transfer)
Incoming mail to MTA (Message Transfer Agent) such as Protocol) is acquired and authentication is performed according to the following procedure.

1. The PAT's signature is verified using the PAT's public key.

If the PAT is tampered with, the mail is discarded and the process ends.

[0506] If the PAT is not tampered with,
The following processing 2. To execute.

2. Present the sender's real mail address on the PAT and search.

When the PAT does not include a real mail address that exactly matches the sender's real mail address, the mail is discarded and the process ends.

If the PAT contains a real mail address that exactly matches the sender's real mail address,
The following processing 3. To execute.

3. Evaluate the expiration date of the PAT.

If the PAT has expired, the mail is discarded and the process ends.

When the PAT is within the valid period, the following processing 4. To execute.

[0513] By referring to the value of the transfer control flag of the PAT, it is determined whether or not the caller is authenticated.

When the value is 1, challenge / response authentication is executed between the SCS and the caller to verify the caller's signature. If the signature is correct, specify the called party and attach the PAT. If the signature is incorrect, discard the email and exit.

When the value is 0, the recipient is designated and the ticket is attached without executing the challenge / response authentication.

An example of a challenge / response between the SCS and the caller will be described.

First, the SCS generates arbitrary information, for example, a time stamp, and transmits the generated information to the sender by arbitrary means.

Next, the sender generates a private key and a public key,
Sign the received information with the private key and add the public key to the SC
Send to S by any means.

[0519] Finally, the SCS verifies the signature of the received information using the public key presented by the sender. If the signature is correct, specify the called party and attach the PAT.
If the signature is incorrect, the mail is discarded and the process ends.

[0520] The designation of the called party and the attachment of the ticket are performed as follows.

[0521] The SCS first presents the sender's real mail address to the PAT and searches for it, and acquires all the real mail addresses that do not completely match the sender's real mail address. Next, all the acquired real mail addresses are designated as the real mail address of the recipient.

Next, the SCS attaches the PAT to an arbitrary part of the mail in order to send all the PAT to the recipient's mail address so as to enable bidirectional communication.

[0523] Finally, the SCS passes the mail to the MTA.

Rejection of incoming call is performed as follows.

Call rejection setting: Two-way authentication is performed between the user and the secure communication service SCS5 by any means. Next, the user sends a registration command, the user's own real mail address, and an arbitrary PAT to the SCS 5. Next, the SCS 5 verifies the signature of each of the received PATs using the public key of the ADS. Discard any PAT with an incorrect signature. If the signature is correct, the received real mail address is presented to each PAT to search. For a PAT that includes a real mail address that exactly matches the received real mail address, present the registration command and PAT to the storage device, and
Register T in storage. A PAT that does not include a real mail address that exactly matches the received real mail address is discarded without being registered in the storage device.

Execution of call rejection: SCS5 presents the PAT to the storage device and retrieves it. If the PAT that exactly matches the presented PAT is registered in the storage device, the mail is discarded. If the PAT that exactly matches the presented PAT is not registered in the storage device, the mail is not discarded.

Cancellation of incoming call rejection: Two-way authentication is performed between the user and the secure communication service SCS5 by any means. Next, the user presents his / her real mail address to the SCS5. Next, the SCS 5 presents the presented real mail address as a search condition to the storage device, and all Ps including the presented real mail address are displayed.
The AT is acquired and presented to the user. Next, the user refers to all the presented PATs, selects all the PATs for which the call rejection is to be released, and sends them to the SCS 5 together with the deletion command. All PAs for which you want to remove the delete command and reject the call
Upon receiving T, the SCS5 presents the received delete command and all PATs to the storage device, and receives all PAs.
Delete T from storage.

The PAT is edited as follows.

[0529] MakePAT, MergePAT, SplitPAT, TransP for the PAT having the role identifier AID as an element
In the AT operation, if the role identifier AID is replaced with the real mail address and the enabler for the role identifier AID is replaced with the enabler for the real mail address, MakePAT for the PAT having the real mail address as an element,
MergePAT, SplitPAT, and TransPAT calculations are performed.

The Null operator uniquely represents that it is Null, and the information composed of the information having the form of the real mail address is signed by the PAT operation device or the private key of the PAT operation object on the network. It is a thing.

Similarly, the God operator uniquely indicates that it is God, and the private key of the PAT operation device or the PAT operation object on the network is used for the information composed of the information having the form of the real mail address. It was signed by.

[0532] The enable operator of the Null operator is information obtained by signing with the private key of the PAT operation device or the PAT operation object on the network with respect to information uniquely indicating that it is an enabler and information consisting of the substance of the Null operator. is there.

In the calculation using the Null operator and the God operator, the role identifier AID is the real mail address, and the enabler for the role identifier AID is the real mail address in all the calculations for the PAT having the role identifier AID as an element. Required by replacing with Enabler. Further, Null-AID is used as the Null operator, God-AID is used as the God operator, and Null is used.
-Enabler for AID is En for Null operator
Required by replacing with abler.

[0534]

As described above, according to the present invention,
Validate access rights using personalized access tickets,
When the verification result is correct, the mail access control between the users is performed. Therefore, while hiding the true identifier of the user, the information indicating the characteristics of the user can be disclosed and appropriate communication can be performed based on this information. It is possible to prevent attacks and the like from third parties. In addition, when the called party is attacked by the calling party who abuses anonymity, the damage to the called party due to the attack can be minimized.

Further, according to the present invention, the role identifier AID assigned to each user for new generation and content change of the personalized access ticket and the Enab defined corresponding to this AID
Since it can be performed by the user using ler, for example, group communication that changes dynamically (mailing list, etc.)
It is also possible to properly manage contact information of members of.

Furthermore, according to the present invention, Null-AID
And Null-AID Enabler introduced, member AID
A new PAT is generated without passing the Enabler of Member AID and the owner of the individualized access ticket PAT (Ma
Since kePAT) and owner change (TransPAT) can be performed, it is possible to prevent impersonation using the member AID.

According to the present invention, the Null-AID can be used only as the owner AID of the personalized access ticket PAT (the Null-AID cannot be used for the member AID of the PAT), and PAT <AID _Null | AID
_member1 , AID _member2 , ..., AID _memberN > are permitted, but PAT <AID _holder | AID _Null , AID
_{Since member 1} , AID _member2 , ..., AID _memberN > are not permitted, PAT <AID _holder | AID _member >
Unless the owner of the AID _member knows the enabler of the AID _member , the PAT <AID _holder | AID _member >
AID _Null | it is not possible to create a AID _{memb er>.}

Further, according to the present invention, since the read-only attribute can be set in the personalized access ticket PAT by introducing God-AID, the participants can be fixed in the group communication.

Further, according to the present invention, the link information for uniquely identifying the role identifier is introduced so that the personalized access ticket PAT is defined by the link information so that the PAT does not include the substance of the role identifier. Therefore, the call rejection function can be realized without using the substance of the role identifier.

[Brief description of drawings]

FIG. 1 is an overall configuration diagram of a first embodiment of the present invention.

FIG. 2 is a personal identifier OID used in the first embodiment.
The figure which shows the data structure of a role identifier AID, and an individualized access ticket PAT.

FIG. 3 is a flowchart showing generation processing of a role identifier AID in the certification authority CA in the first embodiment.

FIG. 4 is a personalized access ticket PA in the anonymous directory service ADS according to the first embodiment.
The flowchart which shows the production | generation process of T.

FIG. 5 is a flowchart showing mail transfer control in the secure communication service SCS in the first embodiment.

FIG. 6 is a flowchart showing identity determination processing of a role identifier AID in the secure communication service SCS in the first embodiment.

7 is a diagram showing an example of data used in the identity determination processing shown in FIG.

FIG. 8 is a diagram showing a data structure of a personal identifier OID, a role identifier AID, and an individualized access ticket PAT used in the second embodiment of the present invention.

FIG. 9 is a diagram showing a data structure of a role identifier AID and Enabler used in the second embodiment of the present invention.

FIG. 10 is a diagram showing the definition of a calculation rule (MakePAT) used in the second embodiment of the present invention.

FIG. 11 is a diagram showing the definition of a calculation rule (MergePAT) used in the second embodiment of the present invention.

FIG. 12 is a diagram showing the definition of a calculation rule (SplitPAT) used in the second embodiment of the present invention.

FIG. 13 is a diagram showing the definition of a calculation rule (TransPAT) used in the second embodiment of the present invention.

FIG. 14 is a diagram showing a system configuration (1) according to a second embodiment of the present invention.

FIG. 15 is a diagram showing a system configuration (2) according to the second embodiment of the present invention.

FIG. 16 is a diagram showing a system configuration (3) according to the second embodiment of the present invention.

FIG. 17 is a diagram showing a system configuration (4) according to the second embodiment of the present invention.

FIG. 18 is a diagram showing a system configuration (5) according to the second embodiment of the present invention.

FIG. 19 is a diagram showing a system configuration (6) according to the second embodiment of the present invention.

FIG. 20 is a diagram showing a system configuration (7) in the second embodiment of the present invention.

FIG. 21 is a diagram showing a calculation process (Make) according to the second embodiment of the present invention.
The flowchart which shows the flow of PAT, MergePAT, TransPAT).

FIG. 22 is a diagram showing a calculation process (Spli) according to the second embodiment of the present invention.
The flowchart which shows the flow of tPAT).

FIG. 23 is an AID list generation process (MakePAT, MergePAT, SplitPA) according to the second embodiment of the present invention.
T, TransPAT).

FIG. 24 is a verification process (MakePAT, MergePAT, SplitP) of validity of Enabler in the second embodiment of the present invention.
A flow chart showing AT, TransPAT).

FIG. 25 is a Nul used in the third embodiment of the present invention.
The figure which shows the data structure of l-AID.

FIG. 26 Enabl used in the third embodiment of the present invention
The figure which shows the data structure of er of Null-AID.

FIG. 27 is a diagram showing a first application example of the third embodiment of the present invention.

FIG. 28 is a diagram showing a second application example of the third embodiment of the present invention.

FIG. 29: God used in the fourth embodiment of the present invention.
-The figure which shows the data structure of AID.

FIG. 30 is a diagram showing a first application example of the fourth embodiment of the present invention.

FIG. 31 is a diagram showing a second application example of the fourth embodiment of the present invention.

FIG. 32 is a member AID according to the fifth embodiment of the present invention.
6 is a flowchart showing the check processing of FIG.

FIG. 33 is an overall configuration diagram of a sixth embodiment of the present invention.

FIG. 34 is a personal identifier OI used in the sixth embodiment.
D, role identifier with link information AID, link designation type 1
The figure which shows the data structure of the to-one personalized access ticket PAT.

FIG. 35 is a flowchart showing a process of generating a role information added role identifier AID in the certificate authority CA in the sixth embodiment.

FIG. 36 is a flow chart showing a process of generating a link-specified type one-to-one personalized access ticket PAT in the anonymous directory service ADS in the sixth embodiment.

FIG. 37 is a flowchart showing mail transfer control in the secure communication service SCS in the sixth embodiment.

FIG. 38 is a flowchart showing the identity determination processing of the role identifier with link information AID in the secure communication service SCS in the sixth embodiment.

FIG. 39 is a diagram showing an example of data used in the identity determination processing shown in FIG. 38.

FIG. 40 is a diagram showing a data structure of a personal identifier OID, a role identifier with link information AID, and a link designation type 1-to-N individualized access ticket PAT used in a seventh embodiment of the present invention.

FIG. 41 is a diagram showing a data structure of a role identifier with link information AID and Enabler used in the seventh embodiment of the present invention.

FIG. 42 is a diagram showing a system configuration (1) according to the seventh embodiment of the present invention.

FIG. 43 is a diagram showing a system configuration (2) according to the seventh embodiment of the present invention.

FIG. 44 is a diagram showing a system configuration (3) according to the seventh embodiment of the present invention.

FIG. 45 is a diagram showing a system configuration (4) according to the seventh embodiment of the present invention.

FIG. 46 is a diagram showing a system configuration (5) according to the seventh embodiment of the present invention.

FIG. 47 is a diagram showing a system configuration (6) according to the seventh embodiment of the present invention.

FIG. 48 is a diagram showing a system configuration (7) according to a seventh embodiment of the present invention.

FIG. 49 is a link specification type AID list generation process (MakePAT, MergePA) according to the seventh embodiment of the present invention.
T, SplitPAT, TransPAT).

[Explanation of symbols]

1 Certificate Authority CA 3 users 5 Secure Communication Service SCS 7 Anonymous Directory Service ADS

Continuation of front page (31) Priority claim number Japanese Patent Application No. 10-315172 (32) Priority date November 5, 1998 (November 1, 1998) (33) Priority claim country Japan (JP) (56) Reference: JP-A-9-128308 (JP, A) (58) Fields investigated (Int.Cl. ⁷ , DB name) H04L 12/00 G06F 13/00 351 H04L 9/32

Claims (104)

(57) [Claims] 1. A personalized access ticket, which is presented by a caller desiring to send a mail to a recipient, for designating the recipient as a destination of the mail, and which includes a sender identifier and a recipient identifier in association with each other, A step of receiving in a secure communication service for connecting communication between a caller and a called party, and in the secure communication service,
Controlling the access between the caller and the callee by verifying the access right of the caller to the callee based on the personalized access ticket. 2. In the step of controlling, the secure communication service authenticates the personalized access ticket presented by the caller, and when the personalized access ticket presented by the caller has been tampered with. The mail access control method according to claim 1, wherein the delivery of the mail is rejected. 3. The personalized access ticket is signed by the secret key of the secure computing device that issued the personalized access ticket, and in the step of controlling, the secure communication service uses the secure computation. 3. The mail access control method according to claim 2, wherein the personalized access ticket is authenticated by verifying the signature of the secure computing device in the personalized access ticket with the public key of the device. 4. In the step of receiving, the secure communication service also receives a caller identifier presented by a caller together with the personalized access ticket, and in the step of controlling, the secure communication service is a caller. Check whether or not the caller identifier presented by the sender is included in the personalized access ticket presented by the sender, and the caller identifier presented by the sender is personalized by the sender. The mail access control method according to claim 1, wherein the delivery of the mail is rejected when the mail is not included in the access ticket. 5. The personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and in the step of controlling, the secure access
The communication service checks the expiry date contained in the personalized access ticket presented by the sender, and if the personalized access ticket presented by the sender contains an expired expiry date, the e-mail The mail access control method according to claim 1, wherein the delivery is rejected. 6. The mail access control method according to claim 5, wherein the expiration date of the personalized access ticket is set by a reliable third party. 7. A directory service that manages the identifier of each registrant and public information that is less confidential than personal information in a searchable state from an unspecified number of people, depending on the search condition specified by the sender. Then, the identifier of the registrant of the public information that satisfies the search condition is used as the callee identifier, and the caller identifier specified by the caller together with the search condition is used.
The mail access control method according to claim 1, further comprising the step of issuing the personalized access ticket to a sender. 8. An individual including an identifier of a specific user as a sender identifier, and an identifier of the specific registrant as a recipient identifier, for which delivery of mail from the user to a specific registrant should be refused. Further comprising the step of pre-registering a personalized access ticket with the secure communication service, wherein in the step of controlling, the secure communication service is pre-registered with the personalized access ticket presented by the sender. The mail access control method according to claim 1, wherein the delivery of the mail is rejected when the mail access is successful. 9. The method further comprises the step of deleting the personalized access ticket registered in the secure communication service in response to a request from the specific registrant who registered the personalized access ticket in the registering step. 9. The mail access control method according to claim 8. 10. The personalized access ticket also includes a transfer control flag indicating whether or not the sender should be authenticated by the secure communication service, and in the step of controlling, the transfer control flag included in the personalized access ticket. The secure communication
2. The mail access control method according to claim 1, wherein the service authenticates the sender identifier presented by the sender and refuses delivery of the mail when the authentication of the sender identifier fails. 11. The mail access control method according to claim 10, wherein the authentication of the sender identifier is realized by challenge / response authentication between a sender and the secure communication service. 12. The mail access control method according to claim 10, wherein the transfer control flag of the personalized access ticket is set by a reliable third party. 13. The mail access control method according to claim 1, wherein the sender identifier and the receiver identifier in the personalized access ticket are given by the actual mail addresses of the sender and the receiver. 14. The caller identifier and callee identifier in the personalized access ticket are given by the caller and callee role identifiers, and the role identifier of each user is thereby identified by the certificate authority to uniquely identify each user. 2. The mail access control method according to claim 1, wherein at least one fragment of a possible personal identifier of each user is included. 15. The role identifier of each user is information in which at least one fragment of the personal identifier of each user is included in the information, and the certificate authority signs the information with a private key of the certificate authority. The mail access control method according to claim 14. 16. The personal identifier of each user is a character string uniquely given to each user by the certification authority and a public key of each user, which is signed by the certification authority with the private key of the certification authority. 15. The mail access control method according to claim 14, wherein: 17. By determining the identity of the role identifiers of the sender contained in the personalized access tickets used by the sender and reconstructing the personal identifier of the sender. 15. The mail access control method according to claim 14, further comprising the step of probabilistically identifying the identity of the sender. 18. A role identifier of each user, which thereby includes at least one fragment of a personal identifier of each user by which the certificate authority can uniquely identify each user, and each role identifier by which each role identifier can be uniquely identified. Role identifier link information is defined, and the caller identifier and the callee identifier in the personalized access ticket are given by the caller role identifier link information and the callee role identifier link information. The mail access control method according to claim 1. 19. The mail access control method according to claim 18, wherein the link information of each role identifier is an identifier uniquely given to each role identifier by the certification authority. 20. The identity of a plurality of role identifiers of the sender corresponding to the link information included in the plurality of personalized access tickets used by the sender is determined, and the personal identifier of the sender is determined. The mail access control method according to claim 18, further comprising the step of probabilistically identifying the identity of the sender by reconfiguring. 21. The mail access control method according to claim 1, wherein the personalized access ticket includes one sender identifier and one recipient identifier in one-to-one correspondence. 22. The personalized access ticket includes one calling party identifier and a plurality of called party identifiers in a ratio of 1: N (N is 1).
2. The mail access control method according to claim 1, wherein the mail access control method is included in association with a larger integer). 23. One of the one caller identifier and the plurality of callee identifiers is an owner identifier that identifies the owner of the personalized access ticket, and the one caller identifier and the plurality of callees are received. 23. The mail access control method according to claim 22, wherein the other identifier of the person identifiers is a member identifier that identifies a member of the group to which the owner belongs. 24. An identifier of each user and an enabler of each user's identifier indicating the right to change an individualized access ticket including the identifier of each user as an owner identifier are issued to each user at a certificate authority, and the individualization is performed. Owner identifier included in the access ticket and Enab corresponding to the owner identifier
24. The method according to claim 23, further comprising the step of allowing a predetermined operation to be performed on the personalized access ticket in the secure computing device only by a user who has presented both of the ler to the secure computing device.
E-mail access control method described. 25. The certification authority signs the information indicating that it is an enabler and the entity of each user's identifier with a signature of the certification authority's private key to obtain an Enab of each user's identifier.
25. The mail access control method according to claim 24, wherein the method is issued as a ler. 26. The predetermined operation includes creating a new personalized access ticket, merging a plurality of personalized access tickets, dividing one personalized access ticket into a plurality of personalized access tickets, and changing the owner of the personalized access ticket. 25. The mail access control method according to claim 24, further comprising: changing the expiration date of the personalized access ticket, and changing the transfer control flag of the personalized access ticket. 27. A special identifier known to all users and a special enabler corresponding to the special identifier are defined so as to newly generate the personalized access ticket and change the owner of the personalized access ticket. 27. The mail access control method according to claim 26, wherein the owner of the personalized access ticket is enabled to use the special identifier and the special enabler without using the member identifier Enabler. 28. The mail access control method according to claim 27, wherein the special identifier is defined so that it can be used only as an owner identifier of a personalized access ticket. 29. The special identifier known to all users is defined, and the read-only attribute can be set in the personalized access ticket by using the special identifier. Mail access control method. 30. In the step of controlling, if the access right of the caller to the callee is verified based on the personalized access ticket, the secure
The communication service retrieves the recipient identifier from the personalized access ticket by using the sender identifier presented by the sender, and uses the retrieved recipient identifier to actually perform the mail delivery processing of the mail. The mail access control method according to claim 1, wherein the mail is converted into a format interpretable by a function, the personalized access ticket is attached to the mail after conversion, and the mail is passed to the mail transfer function. 31. According to this, the certificate authority defines a personal identifier of each user capable of uniquely identifying each user, and a role identifier including at least one fragment of the personal identifier of each user, and a mail on a communication network is defined. In each communication, each user is identified by the role identifier of each user, and it is presented by the caller who wants to send mail to the called party, and is presented to specify the called party as the destination of the mail. Receiving a personalized access ticket including a role identifier in association with a secure communication service for connecting communication between a sender and a receiver, and in the secure communication service,
Controlling the access between the caller and the callee by verifying the access right of the caller to the callee based on the personalized access ticket. 32. Thereby, the certification authority defines a personal identifier of each user capable of uniquely identifying each user and a role identifier including at least one fragment of the personal identifier of each user, and a mail on a communication network is defined. In the communication of, each user is identified by the role identifier of each user, the personal identifier of each user is a character string uniquely given to each user by the certificate authority, and the public key of each user, the certificate authority is It is a signature with the private key of the certification authority, and the identity of the role identifiers of the sender included in the personalized access tickets used by the sender is determined, A mail access control method comprising the step of probabilistically identifying the identity of the sender by reconstructing a personal identifier. 33. The certification authority defines a personal identifier of each user by which each user can be uniquely identified, and a role identifier including at least one fragment of the personal identifier of each user. In the communication of, each user is identified by the role identifier of each user, the step of defining also defines the link information of each role identifier by which each role identifier can be uniquely identified, each role identifier of each role identifier A mail access control method, which also includes link information. 34. The mail access control method according to claim 33, wherein the link information of each role identifier is an identifier uniquely given to each role identifier by the certification authority. 35. Presented by a caller desiring to send a mail to a recipient, for designating the recipient as a destination of the mail, the link information of the role identifier of the sender and the link information of the role identifier of the recipient are associated with each other. A step of receiving the personalized access ticket included in the secure communication service for connecting the communication between the caller and the callee, and in the secure communication service,
34. The mail access control according to claim 33, further comprising: controlling access between the caller and the callee by verifying an access right of the caller to the callee based on the personalized access ticket. Method. 36. The identity of the plurality of role identifiers of the sender corresponding to the link information included in the plurality of personalized access tickets used by the sender is determined, and the personal identifier of the sender is determined. The mail access control method according to claim 35, further comprising the step of probabilistically identifying the identity of the sender by reconstructing. 37. A communication network to which a plurality of user terminals are connected, and a caller identifier and a callee identifier that are presented by a caller who wishes to send a mail to a callee, in order to specify the callee as a mail destination. Is received, and the access right between the sender and the called party is controlled by verifying the access right of the sender to the called party based on the individualized access ticket, and the communication network A communication system that realizes mail access control, comprising: a secure communication service device for connecting communication between a sender and a receiver. 38. The secure communication
The service device authenticates the personalized access ticket presented by the sender, and refuses delivery of the mail when the personalized access ticket presented by the sender has been tampered with. 37. The communication system according to 37. 39. The secure communication device further comprises a secure arithmetic device that issues the personalized access ticket by signing it with its own private key, and the secure communication service device uses the public key of the secure arithmetic device to personalize the individualized access ticket. 39. The communication system of claim 38, wherein the personalized access ticket is authenticated by verifying the signature of the secure computing device in the access ticket. 40. The secure communication
The service device also receives a caller identifier presented by the caller together with the personalized access ticket, and whether the caller identifier presented by the caller is included in the personalized access ticket presented by the caller. 38. Communication according to claim 37, characterized in that if the sender identifier presented by the sender is not included in the personalized access ticket presented by the sender, the delivery of the mail is refused. system. 41. The personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and the secure communication service device is included in the personalized access ticket presented by a sender. 38. The communication system according to claim 37, wherein the expiration date of the mail is checked, and the delivery of the mail is rejected when the personalized access ticket presented by the sender includes the expiration date that has already expired. 42. The communication system according to claim 41, further comprising a reliable third party that sets an expiration date of the personalized access ticket. 43. The identifier of each registrant and public information, which is less confidential than personal information, is managed in a searchable state from an unspecified large number, and according to a search condition designated by the sender.
A directory service for issuing the personalized access ticket to the sender by using the identifier of the registrant of the public information satisfying the search condition as the callee identifier and using the caller identifier specified by the caller together with the search condition. 38. The communication system according to claim 37, further comprising a device. 44. The secure communication
The service device includes a personalized access including an identifier of a specific user, which is to be rejected from delivery of mail from the user to a specific registrant, as a sender identifier, and an identifier of the specific registrant as a recipient identifier. 38. The communication system according to claim 37, wherein the ticket is registered in advance, and the delivery of the mail is rejected when the personalized access ticket presented by the sender is registered in advance in the ticket. 45. The secure communication
The communication system according to claim 44, wherein the service device deletes the personalized access ticket registered therein in response to a request from the specific registrant who registered the personalized access ticket. 46. The personalized access ticket also includes a transfer control flag indicating whether or not the caller should be authenticated by the secure communication service device,
When the transfer control flag included in the personalized access ticket indicates that the sender should be authenticated, the secure communication service device authenticates the sender identifier presented by the sender, 38. The communication system according to claim 37, wherein the delivery of the mail is refused when the authentication of the identifier fails. 47. The communication system according to claim 46, wherein the authentication of the caller identifier is realized by challenge / response authentication between a caller and the secure communication service device. 48. The communication system according to claim 46, further comprising a reliable third party that sets a transfer control flag of the personalized access ticket. 49. The communication system according to claim 37, wherein the sender identifier and the receiver identifier in the personalized access ticket are given by the real mail addresses of the sender and the receiver. 50. This further comprises a certificate authority device for issuing each user's role identifier including at least one fragment of each user's personal identifier capable of uniquely identifying each user, the personalized access 38. The communication system according to claim 37, wherein the caller identifier and the callee identifier in the ticket are given by caller and callee role identifiers. 51. The role identifier of each user is information in which at least one fragment of the individual identifier of each user is included, and the certificate authority device signs the information with a private key of the certificate authority device. The communication system according to claim 50, wherein: 52. The personal identifier of each user is a character string uniquely given to each user by the certificate authority, and the public key of each user is signed by the certificate authority device with the private key of the certificate authority device. The communication system according to claim 50, which is a communication system. 53. The secure communication
The service device determines the identity of the plurality of role identifiers of the sender included in the plurality of personalized access tickets used by the sender, and reconstructs the personal identifier of the sender, 51. The communication system according to claim 50, wherein the identity of the caller is specified stochastically. 54. A role identifier of each user thereby including at least one fragment of a personal identifier of each user capable of uniquely identifying each user, and each role capable of uniquely identifying each role identifier thereby. The personal computer further comprises a certificate authority device that issues link information of the identifier, and the sender identifier and the receiver identifier in the personalized access ticket are given by link information of the role identifier of the sender and link information of the role identifier of the receiver. The communication system according to claim 37, wherein the communication system is provided. 55. The communication system according to claim 54, wherein the link information of each role identifier is an identifier uniquely assigned to each role identifier by the certification authority device. 56. The secure communication
The service device determines the identity of the plurality of role identifiers of the caller corresponding to the link information included in the plurality of personalized access tickets used by the caller, and re-identifies the personal identifier of the caller. 55. The communication system according to claim 54, wherein by configuring, the identity of the caller is probabilistically specified. 57. The communication system according to claim 37, wherein the personalized access ticket includes one sender identifier and one recipient identifier in a one-to-one correspondence. 58. The personalized access ticket includes one calling party identifier and a plurality of called party identifiers in a ratio of 1: N (N is 1).
38. The communication system according to claim 37, wherein the communication system is included in association with a larger integer). 59. One of the one caller identifier and the plurality of callee identifiers is an owner identifier that identifies the owner of the personalized access ticket, and the one caller identifier and the plurality of callees are received. 59. The communication system according to claim 58, wherein the other one of the person identifiers is a member identifier for identifying a member of the group to which the owner belongs. 60. A certificate authority device which issues to each user an identifier of each user and an enabler of the identifier of each user indicating the right to change an individualized access ticket including the identifier of each user as an owner identifier, and the personalization. And a secure arithmetic device capable of performing a predetermined arithmetic operation on the personalized access ticket only by a user who has presented both the owner identifier included in the access ticket and the enabler corresponding to the owner identifier. 60. The communication system according to claim 59, wherein: 61. The certificate authority device, for information indicating that it is an enabler and the substance of the identifier of each user,
What is signed by the private key of the certification authority
The communication system according to claim 60, wherein the communication system is issued as an enabler. 62. The predetermined operation includes creating a new personalized access ticket, merging plural personalized access tickets, dividing one personalized access ticket into plural personalized access tickets, and changing the owner of the personalized access ticket. 61. The communication system according to claim 60, comprising: changing the expiration date of the personalized access ticket, and changing the transfer control flag of the personalized access ticket. 63. A special identifier known to all users and a special enabler corresponding to the special identifier are defined to generate a new personalized access ticket and change the owner of the personalized access ticket. 63. The communication system according to claim 62, wherein the owner of the personalized access ticket can perform the operation without using the member identifier enabler by using the special identifier and the special enabler. 64. The communication system according to claim 63, wherein the special identifier is defined so that it can be used only as an owner identifier of a personalized access ticket. 65. The special identifier known to all users is defined, and the read-only attribute can be set in the personalized access ticket by using the special identifier. Communication system. 66. When the access right of the caller to the callee is verified based on the personalized access ticket, the secure communication service device uses the caller identifier presented by the caller. Retrieve the recipient identifier from the personalized access ticket,
The mail transfer function is performed by converting the mail into a format that can be interpreted by a mail transfer function that actually performs mail delivery processing by using the retrieved recipient identifier, and attaching the personalized access ticket to the converted mail. 38. The communication system according to claim 37, wherein 67. A personal identifier of each user by which the user can uniquely identify each user, and a certificate authority device defining a role identifier containing at least one fragment of the personal identifier of each user, In mail communication, each user is presented by the communication network identified by each user's role identifier, and the caller who wants to send the mail to the called party, in order to specify the called party as the destination of the mail. The personalized access ticket including the identifier and the role identifier of the called party is received, and the access right between the calling party and the called party is verified by verifying the access right of the calling party to the called party based on the personalized access ticket. A secure communication service device for controlling and connecting communication between a caller and a callee on the communication network. Communication system that realizes the e-mail access control that. 68. The secure communication
The service device determines the identity of the plurality of role identifiers of the sender included in the plurality of personalized access tickets used by the sender, and reconstructs the personal identifier of the sender, The communication system according to claim 67, characterized in that the identity of the caller is specified stochastically. 69. A certificate authority device for defining a personal identifier of each user by which the user can uniquely identify each user, and a role identifier including at least one fragment of the individual identifier of each user, In the communication of mail, each user has a communication network identified by the role identifier of each user, the certification authority device also defines link information of each role identifier that can uniquely identify each role identifier, A communication system realizing mail access control, wherein each role identifier also includes link information of each role identifier. 70. The communication system according to claim 69, wherein the link information of each role identifier is an identifier uniquely given to each role identifier by the certification authority device. 71. Presented by a caller desiring to send a mail to a recipient, for designating the recipient as a destination of the mail, the link information of the role identifier of the sender and the link information of the role identifier of the recipient are associated with each other. On the communication network, the personalized access ticket including the attached personalized access ticket is received, and the access right between the originator and the called party is controlled by verifying the access right of the originator to the called party based on the personalized access ticket. 70. The communication system according to claim 69, further comprising a secure communication service for connecting communication between a caller and a callee. 72. The secure communication
The service device determines the identity of the plurality of role identifiers of the caller corresponding to the link information included in the plurality of personalized access tickets used by the caller, and re-identifies the personal identifier of the caller. 72. The communication system according to claim 71, wherein by configuring, the identity of the caller is probabilistically specified. 73. Computer hardware and an individual presented by a caller desiring to send a mail to a recipient, for designating the recipient as an addressee of the mail, and including a sender identifier and a recipient identifier in association with each other. The access between the caller and the callee by verifying the access right of the caller to the callee based on the personalized access ticket and connecting the communication between the caller and the callee Computer software for operating the computer hardware so that the secure communication service apparatus in a communication system realizing mail access control is provided. 74. The computer software authenticates the personalized access ticket presented by the sender, and refuses delivery of the mail when the personalized access ticket presented by the sender has been tampered with. 74. The secure communication service device according to claim 73, wherein the computer hardware is operated as described above. 75. The personalized access ticket is signed by the private key of the secure computing device that issued the personalized access ticket, and the computer software is personalized by the public key of the secure computing device. 77. The secure communication service device of claim 74, wherein the computer hardware operates to authenticate the personalized access ticket by verifying the signature of the secure computing device in the access ticket. . 76. The computer software also receives a caller identifier presented by the caller together with the personalized access ticket, and the caller identifier presented by the caller is presented by the caller in the personalized access ticket. The computer so as to refuse delivery of the mail when the sender identifier presented by the sender is not included in the personalized access ticket presented by the sender. 8. The hardware is operated, and the hardware is operated.
The secure communication service device described in 3. 77. The personalized access ticket also includes an expiration date indicating a period of time during which the personalized access ticket is valid, and the computer software includes a validity period included in the personalized access ticket presented by the sender. The computer hardware is operable to check a deadline and refuse to deliver the mail when the personalized access ticket presented by the sender includes an expired expiration date. 7
The secure communication service device described in 3. 78. The computer software includes, as a sender identifier, an identifier of a particular user whose delivery of mail from the user to a particular registrant is to be refused, and the identifier of the particular registrant is a recipient identifier. The personalized access ticket included in the secure communication service is registered in advance, and when the personalized access ticket presented by the sender is registered in the secure communication service in advance, the mail is delivered. 74. Operating the computer hardware to deny.
The secure communication service device described. 79. The computer hardware is configured to delete the personalized access ticket registered in the secure communication service in response to a request from the specific registrant who registered the personalized access ticket. 79. The secure communication service device according to claim 78, characterized in that it operates. 80. The personalized access ticket also includes a transfer control flag indicating whether or not the caller should be authenticated by the secure communication service, and the computer software includes a transfer control flag included in the personalized access ticket. The computer hardware is configured to authenticate a caller identifier presented by the caller when indicating that the caller should be authenticated, and reject delivery of the mail if the caller identifier authentication fails. 73. is operated.
The secure communication service device described. 81. The computer software operates the computer hardware to realize authentication of the caller identifier by challenge / response authentication between a caller and the secure communication service. The secure communication service device according to claim 80. 82. The caller identifier and callee identifier in the personalized access ticket are given by the caller and callee role identifiers, whereby each user's role identifier is thereby uniquely identified by the certificate authority to each user. Including at least one fragment of each possible user's personal identifier, the computer software further comprising a plurality of roles of the caller included in a plurality of personalized access tickets used by the caller. 74. The computer hardware is operated to probabilistically identify the originator of the sender by determining the identity of the identifier and reconstructing the sender's personal identifier. The secure communication service device described. 83. A role identifier of each user thereby including at least one fragment of a personal identifier of each user by which the certificate authority can uniquely identify each user, and each role identifier by which each role identifier can be uniquely identified. Role identifier link information is defined, the caller identifier and the callee identifier in the personalized access ticket are given by the caller role identifier link information and the callee role identifier link information, and the computer software is Further, the identity of the plurality of role identifiers of the sender corresponding to the link information included in the plurality of personalized access tickets used by the sender is determined, and the personal identifier of the sender is reconstructed. 74. The security device of claim 73, wherein the computer hardware is operated to stochastically identify the identity of the caller. Communication service equipment. 84. When the access right of the caller to the called party is verified based on the personalized access ticket, the computer software uses the caller identifier presented by the caller to perform the personalized access. The recipient identifier is extracted from the ticket, the extracted recipient identifier is used to convert the mail into a format that can be interpreted by the mail transfer function that actually performs mail delivery processing, and the mail after conversion has the personalized access ticket. 74. The secure communication service apparatus according to claim 73, wherein the computer hardware is operated so as to attach it to the mail transfer function. 85. Computer hardware, receiving a request for a personalized access ticket from a user,
Computer software for operating the computer hardware to issue a personalized access ticket signed by its own private key, including a sender identifier and a recipient identifier in association with each other, and a mail, A secure arithmetic unit in a communication system that realizes access control. 86. Computer hardware, an identifier of each registrant, and public information that is less confidential than personal information are managed in a searchable state from an unspecified number of people, and Depending on the specified search criteria,
The identifier of the registrant of the non-personal public information that satisfies the search condition is used as the callee identifier, and the caller identifier specified by the caller together with the search condition is used to include the caller identifier and the callee identifier in association with each other. Computer service that operates the computer hardware to issue an individualized access ticket, and a directory service device in a communication system that realizes mail access control. 87. A personalized access ticket in which computer hardware, an identifier for each user, and generally one caller identifier and a plurality of callee identifiers are associated and one of them is the owner identifier. Of the identifiers of the respective users that indicate the right to change the personalized access ticket that includes the identifier of each of the users as the owner identifier in the
computer software that operates the computer hardware to issue r to each user, and a certificate authority device in a communication system that realizes mail access control. 88. The computer hardware receives a request from a user for a personalized access ticket in which one caller identifier and a plurality of callee identifiers are associated and one of them is an owner identifier, When the user presents both the owner identifier included in the personalized access ticket and the enabler corresponding to the owner identifier indicating the right to change the personalized access ticket including the user's identifier as the owner identifier And a computer software for operating the computer hardware to perform a predetermined arithmetic operation on an encrypted access ticket, and a secure arithmetic device in a communication system realizing mail access control. 89. Receive a personalized access ticket presented by a caller desiring to send a mail to the recipient to designate the recipient as the destination of the mail and including the sender identifier and the recipient identifier in association with each other. , Access control between the caller and the callee by verifying the access right of the caller to the callee based on the personalized access ticket, and connecting the communication between the caller and the callee, mail access control A storage medium storing a program for operating a computer as a secure communication service device in a communication system realizing the above. 90. The program authenticates the personalized access ticket presented by the sender, and refuses delivery of the mail when the personalized access ticket presented by the sender is tampered with. 89. The computer is operated by the computer.
The storage medium described. 91. The personalized access ticket is signed by the private key of the secure computing device that issued the personalized access ticket, and the program is the personalized access by the public key of the secure computing device. 91. The computer is operated to authenticate the personalized access ticket by verifying the signature of the secure computing device in the ticket.
The storage medium described. 92. The program also receives a sender identifier presented by the sender together with the personalized access ticket, and the sender identifier presented by the sender to the personalized access ticket presented by the sender. It is checked whether or not it is included, and when the sender identifier presented by the sender is not included in the personalized access ticket presented by the sender, the computer is configured to refuse delivery of the mail. The storage medium according to claim 89, which is operated. 93. The personalized access ticket also includes an expiration date indicating a period during which the personalized access ticket is valid, and the program includes an expiration date included in the personalized access ticket presented by the sender. 89. The method of claim 89, wherein the computer is operated to refuse delivery of the mail when the personalized access ticket presented by the sender includes an expired expiration date. Storage medium. 94. The program includes, as a sender identifier, an identifier of a specific user whose delivery of mail from the user to a specific registrant is to be rejected, and an identifier of the specific registrant as a recipient identifier. The personalized access ticket including the personalized access ticket is registered in advance in the secure communication service device, and the personalized access ticket presented by the sender is transmitted to the secure communication service device.
The storage medium according to claim 89, wherein the computer is operated so as to reject delivery of the mail when the computer is registered in advance in a service device. 95. The program is requested by the specific registrant who registered the personalized access ticket,
The storage medium according to claim 94, wherein the computer is operated to delete the personalized access ticket registered in the secure communication service device. 96. The personalized access ticket also includes a transfer control flag indicating whether the sender should be authenticated by the secure communication service device,
The program authenticates the caller identifier presented by the caller when the transfer control flag included in the personalized access ticket indicates that the caller should be authenticated, and the caller identifier is authenticated. The storage medium according to claim 89, wherein the computer is operated to refuse delivery of the mail when the mail fails. 97. The program causes the computer to operate so that the authentication of the caller identifier is realized by challenge / response authentication between the caller and the secure communication service apparatus. 96. A storage medium according to item 96. 98. The caller identifier and callee identifier in the personalized access ticket are given by the caller and callee role identifiers, whereby the role identifier of each user is thereby uniquely identified by the certificate authority to each user. Including at least one fragment of each possible user's personal identifier, the program further comprising a plurality of caller role identifiers contained in a plurality of personalized access tickets used by the caller. 90. The storage of claim 89, wherein the computer is operated to probabilistically identify the originator of the sender by determining the identity of the sender and reconstructing the personal identifier of the sender. Medium. 99. A role identifier of each user including at least one fragment of a personal identifier of each user by which the certificate authority can be uniquely identified, and each role identifier by which each role identifier can be uniquely identified. Role identifier link information is defined, the caller identifier and callee identifier in the personalized access ticket are given by the caller role identifier link information and the callee role identifier link information, and the program further Determining the identity of the role identifiers of the sender corresponding to the link information contained in the personalized access tickets used by the sender and reconstructing the personal identifier of the sender. The storage medium according to claim 89, wherein the computer is operated so as to stochastically identify the identity of the caller. 100. The program, when the access right of the caller to the called party is verified based on the personalized access ticket, the personalized access ticket using the caller identifier presented by the caller. The recipient identifier is extracted from the mail, the mail is converted into a format that can be interpreted by the mail transfer function that actually performs mail delivery processing using the extracted recipient identifier, and the personalized access ticket is converted to the mail after conversion. The storage medium according to claim 89, wherein the computer is operated so as to be attached and passed to the mail transfer function. 101. A mail access control for receiving a request for a personalized access ticket from a user, issuing a personalized access ticket that includes a caller identifier and a callee identifier in association with each other and is signed by a private key of the user. Medium storing a program for operating a computer as a secure arithmetic unit in the communication system described above. 102. The identifier of each registrant and public information, which is less confidential than personal information, is managed in a searchable state from an unspecified large number, and a search condition designated by the sender is given to the sender. Accordingly, the identifier of the registrant of the public information satisfying the search condition is used as the callee identifier, and the caller identifier specified by the caller together with the search condition is used to include the caller identifier and the callee identifier in association with each other. A storage medium that stores a program for operating a computer as a directory service device in a communication system that realizes mail access control that issues a personalized access ticket. 103. An individualized access ticket of each user in which each user's identifier is generally associated with one caller identifier and a plurality of callee identifiers, one of which is the owner identifier. A program for operating a computer as a certificate authority device in a communication system realizing mail access control, which issues an enabler of an identifier of each user indicating a right to change an individualized access ticket including an identifier as an owner identifier to each user. A storage medium that has been stored. 104. A request for a personalized access ticket is received from a user, in which one caller identifier and a plurality of callee identifiers are associated and one of them is an owner identifier, and the user personalizes the individualized access ticket. A predetermined value for the personalized access ticket when both the owner identifier included in the access ticket and the enabler corresponding to the owner identifier indicating the modification right of the personalized access ticket including the user's identifier as the owner identifier are presented. Is calculated,
A storage medium that stores a program for operating a computer as a secure arithmetic unit in a communication system that realizes mail access control.