JP4762178B2 - Time authentication system, time authentication device, and program - Google Patents

Description

  The present invention relates to a time authentication system and the like for improving the time evidence provided by a built-in timer.

Since a mobile terminal or the like may be used in an environment where it cannot be connected to a network, it is not always possible to receive a time authentication service (time stamp providing service) of electronic data by an external time authentication organization.
On the other hand, for example, Patent Document 1 discloses a technique for performing time authentication on electronic data in a local environment without using an external time authentication organization. According to Patent Literature 1, reliability of a time authentication method that does not use an external time authentication authority by connecting to a time server, correcting the time in the local environment, and ensuring the authenticity of the order of authentication times. We are trying to improve. However, since the external time certification authority is not used, the validity of the authentication time cannot be proved.
JP 2004-260666 A

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a time authentication system and the like that improve time authentication evidence ability even when an external time authentication authority cannot be used.

In order to achieve the above object, a time authentication system according to the first aspect of the present invention includes:
A time authentication system comprising a time authentication device attached to a terminal capable of communicating with a time authentication server,
The time authentication server is
Standard time certificate issuing means for issuing a time certificate for the received electronic data based on the standard time information,
The time authentication device is:
A time authentication request for electronic data from the terminal, and a time authentication request receiving means for receiving the electronic data;
Communication determining means for determining whether or not the terminal can communicate with the time authentication server;
Time acquisition means for acquiring current time information from the terminal;
An external time certificate that accepts an input, transmits a hash value of the input to the time authentication server, and receives a time certificate based on standard time information for the hash value of the input from the standard time certificate issuing unit Certificate issuing means,
Internal time certificate issuing means for receiving an input and issuing a time certificate based on the time acquired by the time acquisition means for the hash value of the input;
When receiving the input and the communication determining means determines that the terminal can communicate with the time authentication server, the input is output to be input to the external time certificate issuing means, and the external time is output. If the certificate issuing means issues a time certificate, and the communication determining means determines that the terminal cannot communicate with the time authentication server, the input is input to the internal time certificate issuing means. Time certificate issuing means for outputting the time certificate to cause the internal time certificate issuing means to issue a time certificate,
Accepting an input, outputting the input to be input to the time certificate issuing means, causing the time certificate issuing means to issue a first time certificate, and issuing the first time certificate And a second time certificate issued in response to the input accepted last time is input to the time certificate issuing unit, and the time certificate issuing unit issues the second time certificate. Means,
The time at which the electronic data received by the time authentication request receiving means is acquired, output so as to be input to the time authentication means, and the time authentication means issues a first time certificate and a second time certificate Authentication control means;
Is provided.

In the time authentication system according to the first aspect of the present invention,
The time authentication control means causes the time authentication means to issue a first time certificate and a second time certificate when the time authentication request receiving means does not receive a time authentication request for a predetermined period.
You may do it.

In the time authentication system according to the first aspect of the present invention,
The time authentication server includes identification information storage means for storing identification information for specifying the time authentication device and a flag indicating the validity of the identification information in association with each other.
When the user using the time authentication device specified by the identification information receives information that a predetermined amount has been paid in advance, the identification information storage means sets the flag stored in association with the identification information. Valid for a specified period of time,
If the standard time certificate issuing means determines that the received identification information and the identification information storage means are stored, and determines that the flag is valid, the standard time certificate issuing means Issue a time certificate based on the time information,
You may do it.

In the time authentication system according to the first aspect of the present invention,
When the time authentication device determines that the remaining period until the expiration date of any of the first time certificates issued by the time authentication means is equal to or less than a predetermined period, the first time certificate, Along with the input when the first time certificate is issued, the output is made to be input to the time authenticating means, and the first and second time certificates are newly issued to the time authenticating means. A re-time authentication means for
You may do it.

In the time authentication system according to the first aspect of the present invention,
When the communication determination unit determines that the terminal can communicate with the time authentication server, the time authentication device includes identification information identifying the time authentication device, and first and second times issued by the time authentication control unit. A transmission means for transmitting a second time certificate to the time authentication server;
The time authentication server is
User information storage means for storing user information including a mail address of a user who uses the time authentication device in association with identification information for specifying the time authentication device;
When receiving the identification information specifying the time authentication device transmitted by the transmission means, the user information storage means is referred to, and when the user information is registered in association with the identification information, the transmission means transmits Time certificate storage means for receiving the first and second time certificates and storing the received first and second time certificates in association with the identification information;
When it is determined that the remaining period until the expiration date of one of the first and second time certificates stored in the time certificate storage means is equal to or shorter than a predetermined period, the expiration date approaches. The mail address of the user registered in the user information storage means in association with the identification information for identifying the time authentication apparatus having the time authentication control means that issued the first and second time certificates. , An email sending means for sending a notification email to prompt action,
Comprising
You may do it.

Furthermore, the time authentication device according to the second aspect of the present invention provides:
A time authentication device attached to a terminal capable of communicating with a time authentication server that issues a time certificate for electronic data,
The time authentication device is:
A time authentication request for electronic data from the terminal, and a time authentication request receiving means for receiving the electronic data;
Communication determining means for determining whether or not the terminal can communicate with the time authentication server;
Time acquisition means for acquiring current time information from the terminal;
An external time certificate issuance that accepts an input, transmits a hash value of the input to the time authentication server, and receives a time certificate based on standard time information from the time authentication server for the hash value of the input Means,
Internal time certificate issuing means for accepting input and issuing a time certificate based on the time acquired by the time acquisition means for the hash value of the input;
Accepting an input, and when the communication determining means determines that the terminal is communicable with the time authentication server, outputs the input to be input to the external time certificate issuing means, and the external time If the certificate issuing means issues a time certificate, and the communication determining means determines that the terminal cannot communicate with the time authentication server, the input is input to the internal time certificate issuing means. Time certificate issuing means for causing the internal time certificate issuing means to issue a time certificate,
Accepting an input, outputting the input to be input to the time certificate issuing means, causing the time certificate issuing means to issue a first time certificate, and issuing the first time certificate And the second time certificate issued in response to the input accepted last time is input to the time certificate issuing means, and the time certificate issuing means issues the second time certificate. Means,
Obtaining the electronic data received by the time authentication request receiving means, outputting the electronic data to be input to the time authentication means, and causing the time authentication means to issue a first time certificate and a second time certificate; Time authentication control means;
Is provided.

Furthermore, the time authentication program according to the third aspect of the present invention is:
A computer connected to the time authentication server via the network
Time authentication request for electronic data, and time authentication request receiving means for receiving the electronic data;
Communication determination means for determining whether or not communication with the time authentication server is possible;
Time acquisition means for acquiring current time information;
An external time certificate issuance that accepts an input, transmits a hash value of the input to the time authentication server, and receives a time certificate based on standard time information from the time authentication server for the hash value of the input means,
Internal time certificate issuing means for accepting an input and issuing a time certificate based on the time acquired by the time acquisition means for the hash value of the input;
Accepting an input, and when the communication determining means determines that the terminal is communicable with the time authentication server, outputs the input to be input to the external time certificate issuing means, and the external time If the certificate issuing means issues a time certificate, and the communication determining means determines that the terminal cannot communicate with the time authentication server, the input is input to the internal time certificate issuing means. The time certificate issuing means for causing the internal time certificate issuing means to issue a time certificate,
Accepting an input, outputting the input to be input to the time certificate issuing means, causing the time certificate issuing means to issue a first time certificate, and issuing the first time certificate And a second time certificate issued for the previously accepted input to the time certificate issuing means, and causing the time certificate issuing means to issue a second time certificate. ,
Obtaining the electronic data received by the time authentication request receiving means, outputting the electronic data to be input to the time authentication means, and causing the time authentication means to issue a first time certificate and a second time certificate; Time authentication control means,
To function as.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to improve the evidence capability of the time stamp provided based on the time information which a built-in timepiece measures.

  FIG. 1 shows a configuration example of a system according to an embodiment of the present invention. As shown in FIG. 1, in this system, a time authentication server 2 is connected to a network 3. The mobile terminal (PC) 10 is configured to be connected to the time authentication server 2 via the network 3 depending on the situation. That is, in the present embodiment, it is assumed that the mobile terminal 10 is not always connected to the network 3 and may be used in an environment where radio waves do not reach the access point for wireless communication, for example. . A time authentication device 1 is connected to the mobile terminal 10.

  Hereinafter, each component will be described in detail.

The time authentication server 2 shown in FIG. 1 is a server installed in a third party such as the Japan Time Authentication Organization that issues time certificates.
As illustrated in FIG. 2, the time authentication server 2 includes a control unit 210, a storage unit 211, a network communication unit 214, a display unit 215, an input unit 216, and a bus 219.

The control unit 210 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and controls the time authentication server 2 as a whole. Specifically, the time authentication is performed in response to a request from the time authentication device 1 having an ID registered in the authentication DB 2110 described later by the CPU executing a program stored in the ROM or the storage unit 211 described later. Perform related processing. Here, the time authentication related process means, for example, a later-described time authentication process (issue of a time stamp) or a verification process. The time authentication server 2 also has a time server function, and has a function as a standard time certificate issuing unit that provides a standard time in response to a request. At the time of this control / arithmetic processing, the control unit 210 temporarily stores various data in the RAM and uses it as a work area.
A detailed operation flow of the time authentication server 2 will be described later together with an explanation of the operation of the time authentication device 1.

The storage unit 211 includes a storage device such as a hard disk, and the control unit 210 stores data and programs necessary for performing predetermined time authentication related processing.
The time authentication server 2 includes an authentication DB 2110 that stores information for identifying the time authentication device 1 that provides the time authentication service. This has a function as identification information storage means. In addition, the storage unit 211 includes a backup DB 2111 that stores data of the time authentication device 1.

  As shown in FIG. 4A, the authentication DB 2110 stores a password, a user name, and a user email address in association with a use authority ID in each record. The use authority ID is an ID for identifying the time authentication device 1 for which the time authentication server 2 provides the time authentication service. The password is the password of the ID. The user name is the name of the user who uses the time authentication device 1. The user mail address is the mail address of the user.

  The backup DB 2111 stores the contents of the database stored in the time authentication device 1. Therefore, as shown in FIG. 4B, fields such as time stamp data and update time stamp data are stored in each record in association with the use authority ID of the time authentication device 1. The time stamp data holds a pointer to an area for storing a copy of time stamp information issued or acquired by the time authentication device 1 described later. The updated time stamp data holds a pointer to an area for storing a copy of the updated time stamp information issued or acquired by the time authentication device 1. The issuance, acquisition, and update of the time stamp will be described in detail in the description of the operation of the time authentication device 1.

  The network communication unit 214 is configured by a NIC (Network Interface Card) or the like, and includes an interface for connecting to a communication network. Communication with the network based on the TCP / IP protocol or the like is performed. The network communication unit 214 may include, for example, a modem device or an infrared communication device.

  Furthermore, the time authentication server 2 includes a display unit 215 and an input unit 216 for maintenance and the like. The display unit 215 includes a display device such as a liquid crystal monitor for displaying various information, and the input unit 216 includes input devices such as a keyboard and a mouse for inputting various information.

  The bus 219 is a transmission path for transferring various commands and data between the control unit 210, the storage unit 211, the network communication unit 214, the display unit 215, and the input unit 216.

  Next, a configuration example of the mobile terminal 10 will be described with reference to FIG. The mobile terminal 10 has a basic personal computer configuration, and includes a control unit 110, a storage unit 111, a clock unit 112, a communication unit 113, a network communication unit 114, a display unit 115, an input unit 116, and a bus 119. .

  The control unit 110 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and controls the entire mobile terminal 10. Specifically, the CPU performs control / arithmetic processing by executing a program stored in a ROM or a storage unit 111 described later. During this control / arithmetic processing, the control unit 110 temporarily stores various data in the RAM and uses it as a work area.

  The storage unit 111 includes a storage device such as a hard disk, and the control unit 110 stores data and programs necessary for performing predetermined processing.

  The clock unit 112 includes an oscillation circuit and the like, and clocks the current time.

  The communication unit 113 is a communication interface circuit for the control unit 110 to communicate with an external device. For example, the control unit 110 transmits data for performing time authentication to the time authentication device 1 via the communication unit 113 or receives a time stamp issued by the time authentication device 1.

  The network communication unit 114 is configured by a NIC (Network Interface Card) or the like, and includes an interface for connecting to a communication network, and performs communication based on the TCP / IP protocol and the like with the network. The network communication unit 114 may include, for example, a modem device or an infrared communication device.

  The display unit 115 is for displaying various information, and is composed of a display device such as a liquid crystal monitor.

  The input unit 116 is used to input various information, and includes input devices such as a keyboard and a mouse.

  The bus 119 is a transmission path for transferring various commands and data between the control unit 110, the storage unit 111, the time measuring unit 112, the communication unit 113, the network communication unit 114, the display unit 115, and the input unit 116. is there.

Next, the configuration of the time authentication device 1 will be described with reference to FIG.
As illustrated in FIG. 3, the time authentication device 1 includes a control unit 100, a storage unit 101, a communication unit 103, and a bus 109.

  The control unit 100 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and controls the entire time authentication device 1. Specifically, the CPU performs control / arithmetic processing by executing a program stored in the ROM or the storage unit 101 described later. During this control / arithmetic processing, the control unit 100 temporarily stores various data in the RAM and uses it as a work area. The control unit 100 also realizes a function as a time authentication request for electronic data from the mobile terminal 10 and a time authentication request receiving means for receiving the electronic data, and a time acquisition means for acquiring current time information from the mobile terminal 10. Also performs control / arithmetic processing.

The storage unit 101 includes a non-volatile memory such as a flash memory, and the control unit 100 performs predetermined time authentication related processing (for example, time authentication processing (issue of a time stamp described later) or verification processing described later). Store necessary data and programs. Further, a use authority ID and a password for using the time authentication processing service provided by the time authentication server 2 are stored. Furthermore, the storage unit 101 further includes a time stamp DB 1010 for storing issued time stamp data and the like, as shown in FIG. Further, as shown in FIG. 5B, an update time stamp DB 1011 for storing the time stamp for a long period is also provided. In the present embodiment, programs and data for performing predetermined processing are stored in the storage unit 101, but may be stored in the above-described ROM or the like.
Next, the time stamp DB 1010 and the update time stamp DB 1011 stored in the storage unit 101 will be described.

  As shown in FIG. 5A, the time stamp DB 1010 associates each record with a file path where the time authentication target file exists, and includes a time stamp, a public key certificate for time stamp, a composite time stamp, and a composite time stamp. Fields such as a public key certificate, a reception order number, and an update flag. The file path stores absolute path information in the time authentication device 1 where the time authentication target file exists. The file path is composed of a directory name and a file name, and each directory name and file name are separated by a “¥” symbol or the like. The file name follows the last delimiter in the file path. The time stamp stores a time stamp for the hash value of the file. The time stamp public key certificate stores a certificate including a public key for decrypting the time stamp. The composite time stamp stores a time stamp for a hash value of the time stamp and the previous composite time stamp issued. The composite time stamp public key certificate stores a public key certificate including a public key for decrypting the composite time stamp. The reception order number stores the order in which the time authentication processing requests are received. The update flag identifies whether or not the file having the file name stored in the record is an updated time stamp file. The update time stamp will be described in detail in the explanation of the long-term storage process by the time authentication device 1.

  The update time stamp DB 1011 shown in FIG. 5B is a database that stores files with updated time stamps. Since the time stamp has an expiration date, the time authentication device 1 performs a process of updating before the time stamp expires. Then, the update history is stored in the update time stamp DB 1011. As shown in FIG. 5B, the update time stamp DB 1011 has fields such as a time stamp, a public key certificate, a previous file, and a next file in association with the file path of the file subjected to time authentication. Is provided. The file path is a file path of a file that has undergone time authentication. The time stamp is the time stamp of the file. The public key certificate is a time stamp public key certificate. “Previous file” is a pointer to the record having the previous time stamp information in which the file is updated. The “next file” is a pointer to a record having time stamp information regarding an update file that has updated the file.

  The communication unit 103 is a communication interface circuit for the control unit 100 to communicate with the mobile terminal 10. For example, the control unit 100 exchanges data for performing time authentication with the mobile terminal 10 via the communication unit 103. Further, the control unit 100 realizes a function as a communication determination unit that determines whether or not the mobile terminal 10 can communicate with the time authentication server 2.

  The bus 109 is a transmission path for transferring various commands and data between the control unit 100, the storage unit 101, and the communication unit 103.

  Next, the operation of the time authentication device 1 will be described.

  A program for connecting the time authentication device 1 as an auxiliary storage device is installed in the storage unit 111 of the mobile terminal 10. Accordingly, the user can operate the file operation program on the mobile terminal 10 to operate the file stored in the storage unit 101 of the time authentication device 1 or copy the file to the time authentication device 1. It becomes possible. However, when a file operation is performed on the time authentication device 1, the time authentication device 1 performs predetermined time authentication related processing on the target file.

The predetermined time authentication related processing is, for example, when an operation of copying a file to the time authentication device 1 is performed, the time authentication device 1 copies the file to the storage unit 101 of the time authentication device 1 and also performs time authentication processing. (Time stamp issuance processing) is performed. When the file operation program of the mobile terminal is operated to refer to the property of the file stored in the time authentication device 1, the time authentication device 1 performs time stamp verification processing of the file and displays the result as the property. . When an operation for deleting a file stored in the time authentication device 1 is performed, the time authentication device 1 also deletes a time stamp or the like given to the file to be deleted.
Instead of using the file operation program of the mobile terminal 10, the time authentication and verification process is installed in the mobile terminal 10, and the time authentication and verification process is executed in the time authentication apparatus 1 by executing this program. May be performed.

  Further, the mobile terminal 10 is installed with a program for providing a function (for example, acquisition of the current time) provided to the mobile terminal 10 to an external device such as the time authentication device 1. When there is a request from the time authentication device 1, this program is activated on the mobile terminal and performs predetermined processing. Alternatively, this program may be activated in the background so that a request can always be accepted.

(Initialization process)
In order for the time authentication device 1 to be usable, first, the mobile terminal 10 needs to be connected to the network 3 once with the time authentication device 1 attached.
When it is detected for the first time that it is connected to the network 3 via the mobile terminal 10, the control unit 100 of the time authentication device 1 generates a random number. Then, for use as an initial time stamp, the time authentication server 2 is requested via the mobile terminal 10 to issue a time stamp for the random number data. The initial time stamp does not need to be issued using a random number, and a constant may be used. However, the data used to issue the initial time stamp needs to be stored in the storage unit 101 so that the verification can be performed.

In order to request the issuance of the time stamp, the control unit 100 sends the use authorization ID and password of the service provided by the time authentication server 2 and the hash value of the previously generated random number data together with the issuance request to the time authentication server 2. Send to. Next, the control unit 210 of the time authentication server 2 performs the process shown in FIG. 7 and issues a time stamp.
As shown in FIG. 7, when the control unit 210 of the time authentication server 2 receives a time stamp issue request and necessary information from the time authentication device 1 (step S201), it first confirms that the transmission source has service use authority. In order to confirm, the received ID and password are inquired in the authentication DB 2110. If the use authority ID is registered in the authentication DB 2110 and the passwords match, it means that the user has the use authority. If the control unit 210 determines that there is a use right (step S202; YES), the standard time information obtained from a reliable time source is attached to the received hash value as the reception time (step S203). Next, the time authentication server 2 performs a digital signature on the data obtained in step S203 (step S204). Specifically, the digital signature is performed by encrypting using a secret key of a public key cryptosystem (such as RSA encryption). Data obtained by encryption becomes a time stamp. Then, the time authentication server 2 returns the time stamp TSn to the transmission source through the network communication unit 214 together with the public key certificate including the public key that is the secret key pair (step S205). On the other hand, when the control unit 210 determines that there is no usage authority (step S202; NO), the process ends.

The obtained public key certificate and time stamp are stored in the storage unit 101 in association with the random number data to be issued for the time stamp.
This time authentication flow is merely an example, and time authentication may be performed by other methods.

  When the above processing is performed, the time authentication device 1 is in a state in which processing such as time authentication described later can be performed.

(Issuing a time stamp that ensures the authenticity of the order)
Next, time authentication processing by the time authentication device 1 in the present embodiment will be described with reference to FIG.
A user operates a file operation program installed on the mobile terminal 10, designates a file path, and instructs the time authentication device 1 to copy a file. When this operation is detected, the control unit 100 of the time authentication device 1 starts the time authentication process shown in FIG. 6 for the file. Note that the file to be processed is represented as Dn for the sake of convenience, assuming that the time authentication device 1 has received nth time.
First, the control unit 100 obtains a hash value (Hash (Dn)) of the received data file (step S101). Next, it is determined whether or not the mobile terminal 10 can communicate with the time authentication server 2 (step S102). Specifically, the control unit 100 requests the mobile terminal 10 to execute a PING command or the like from the time authentication server 2. When it is determined that the mobile terminal 10 can communicate with the time authentication server 2 (step S102; YES), the control unit 100 issues the time stamp TSn to the hash value calculated in step S101. The time authentication request is transmitted to the time authentication server 2 via (step S103). The control unit 100 also transmits a use authorization ID and password necessary for using the time authentication server 2 and the hash value calculated in step S101 together with the time authentication request.

The specific flow of the time authentication process by the time authentication server 2 in step S104 is the same as the process in steps S201 to S205 described above.
The control unit 210 of the time authentication server 2 receives the use authority ID, the password, and the hash value of the authentication target file (step S201). Then, first, the received ID and password are inquired from the database to confirm that the transmission source has the authority to use the service. If authorized (step S202; YES), the standard time information obtained from a reliable time source is attached to the hash value of the received authentication target file as the reception time (step S203). Next, the time authentication server 2 performs a digital signature on the data obtained in step S203 (step S204). Then, the time authentication server 2 returns the time stamp TSn together with the public key certificate to the transmission source (step S205). When the time stamp TSn is issued by the time authentication server 2, the time authentication device 1 receives the time stamp and the public key certificate via the mobile terminal 10 (step S105).

  Next, the time authentication device 1 associates the time stamp and public key certificate received in step S105 with the file path of the file to be authenticated (the path specified by the user during the copy operation), and records one record in the time stamp DB 1010. (Step S106). The issue order number stored in the time stamp DB 1010 is obtained by adding 1 to the reception order number of the previous time stamp issue process.

On the other hand, if it is determined that communication with the time authentication server 2 is not possible (step S102; NO), the control unit 100 of the time authentication device 1 locally stores the reception time information attached to the hash value of the target file as measured by the mobile terminal 10. Obtained from the unit 112. Then, the same processing as in steps S203 and S204 is performed, and the time stamp TSn is calculated based on the acquired time information. The calculated result is stored in the time stamp DB 1010.
It is assumed that the public key certificate corresponding to the private key used for the time authentication device 1 to calculate the time stamp has been issued in advance by the certification authority. It is assumed that the public key certificate is stored in advance in the storage unit 111 together with the corresponding private key. Therefore, when the time authentication apparatus 1 issues a time stamp internally in this way, the public key certificate is not stored in the time stamp DB 1010.

As described above, when the time authentication device 1 issues a time stamp internally or acquires it by the time authentication server 2, the control unit 100 next performs a process of obtaining a combined time stamp. The procedure is the same as steps S101 to S110 as shown in steps S121 to 130 of FIG. However, the hash value calculated in step S121 is calculated by the following equation based on the combined time stamp TCn-1 calculated by the control unit 100 when the previous time authentication process was performed and the time stamp TSn of the data Dn. Is done.
Cn = Hash (TCn-1, TSn)

  Also in the calculation of the combined time stamp, if connection to the time authentication server 2 is possible (step S122; Yes), the control unit 100 requests the time authentication server 2 for time authentication processing and acquires the combined time stamp TCn ( Steps S123 to S125). If connection to the time authentication server 2 is not possible (step S122; No), time authentication is performed based on time information measured by the time measuring unit 112 built in the mobile terminal 10 (step S130). The control unit 100 stores the composite time stamp TCn calculated in this way in the composite time stamp field of the time stamp DB 1010 in association with the file path of the time authentication target file Dn, similarly to the time stamp TSn (step S126). ). Here, the file path is a path name of a copy destination on the time authentication device 1 specified by the user of the mobile terminal 10 by a copy operation of the file operation program. Note that the time authentication target file Dn itself is copied onto the designated file path when the time authentication device 1 succeeds in giving the time stamp (step S127).

  Thereafter, similarly, when there is a time authentication request, the control unit 100 issues a time stamp to the target file, and uses the combined time stamp issued in the previous time authentication process to generate a new combined time stamp. Issue. That is, the time authentication apparatus 1 accepts a file input by the time authentication means, outputs the file to be input to the time certificate issuing means, and causes the time certificate issuing means to issue the first time certificate. The first time certificate issued and the previous time certificate issued in response to the previously accepted input are input to the time certificate issuing means, and the second time certificate is issued to the time certificate issuing means. A function of issuing a time certificate is realized. This is shown in FIG. In addition, the control unit 100 of the time authentication device 1 acquires the electronic data received by the time authentication request reception unit, outputs the electronic data to be input to the time authentication unit, and outputs the first time certificate and the second time to the time authentication unit. It also functions as time authentication control means for issuing a time certificate.

  At the time of the first time authentication request, since there is no composite time stamp value (TC0) issued in the previous process, the initial time stamp calculated in the initialization process is used as the composite time stamp TC0. To do.

In this way, by issuing the next combined time stamp TCn using the previous combined time stamp TCn-1, it is possible to guarantee the order relationship in which they were issued. If the order of accepting documents is altered, the consistency of the composite time stamp cannot be obtained.
In addition, if a time stamp is issued by the time authentication server 2 at a certain time T1 and time Tn, it is guaranteed that the issue time of the time stamp issued during that time is at least between the times T1 and Tn. .

On the other hand, it is possible to tamper the time of the time measuring unit 112 and issue the next time stamp within the time when the time authentication server 2 cannot be accessed.
In order to avoid this, the control unit 100 functioning as a time authentication control unit forcibly issues a time stamp and a combined time stamp when the time authentication request is not received for a predetermined period. The time stamp may be issued at a predetermined interval measured by the timer unit 112 of the mobile terminal 10, or may be issued at an indefinite interval triggered by the operation of the input unit 116 by the user. The data for which a time stamp is issued may be generated by a random number or may be fixed data. In the present embodiment, a random number is periodically generated, and a time stamp and a combined time stamp are issued. Since the data (random number) used for generating the time stamp is necessary for verification, it is stored in the random number field of the time stamp DB 1010, and the time stamp and the combined time stamp are stored in association with this.
By periodically issuing time stamps (and combined time stamps) in this way, it is possible to narrow the range of times that the time measuring unit 112 can be tampered with.

Note that while the mobile terminal 10 is connected to the time authentication server 2, the time authentication apparatus 1 periodically receives information related to the standard time from the time authentication server 2 via the mobile terminal 10. Based on this time information, the control unit 100 requests the time measuring unit 112 of the mobile terminal 10 to adjust the time. By doing so, the time measuring unit 112 can keep the standard time.
If the time measured by the time measuring unit 112 is significantly different from the standard time, there is a high possibility that the time of the time measuring unit 112 has been tampered with, and a warning may be displayed on the display unit 115 at that time.

(Verification process)
The process for performing time authentication on the nth received file has been described above. Next, a description will be given of the guarantee of the originality of a file that has been accepted n-th time and has been time-authenticated, and the time verification process (file verification process). At this time, the verification process is performed by verifying the time stamp and the combined time stamp of the time authentication target file received from the first to the nth in the order of the reception order number.

  In response to the verification request from the mobile terminal 1, the control unit 100 of the time authentication device 1 performs verification processing including the flow illustrated in FIG. Note that FIG. 9 shows that the reception order number currently focused on is m.

  First, the record having the reception order number 1 is acquired with reference to the time stamp DB 1010. When the corresponding record is acquired, the control unit 100 calculates a hash value of the file stored in the file path field of the record (step S301). Alternatively, when a random number is stored in the random number field (when the time stamp is issued forcibly), a hash value of this random number is calculated.

  Next, the public key is acquired from the time stamp public key certificate stored in the record, the time stamp TS1 is decrypted, and the hash value and time information are extracted from the obtained result (step S302). When the corresponding public key certificate is not stored, it means that the time stamp is issued not by the time authentication server 2 but by the time authentication device 1. Therefore, in this case, the time stamp TS1 is decrypted using the public key stored in the storage unit 101 and possessed by the public key certificate of the time authentication device 1. When the time stamp is decrypted, it is guaranteed that the time stamp is encrypted by the time authentication server 2 or the time authentication device 1. The validity of the public key certificate is periodically verified by inquiring the issuer.

  Next, the control unit 100 compares the hash value stored in the time stamp TS1 with the hash value calculated in step S301 (step S303). If they match, it is guaranteed that the contents of the file have not been tampered with. If they do not match, it means that there has been tampering.

  If the originality of the file is guaranteed (step S303; YES), then the time consistency is confirmed (step S304). If the time information extracted in step S302 is earlier than the time information included in the time stamp having the previous reception order number, it means that the time has been falsified. Since the previous time stamp TS0 does not exist, the initial time stamp issued in the initialization process is used as TS0.

  When the time stamp verification is successful (step S304; YES), the control unit 100 verifies the composite time stamp. First, the control unit 100 obtains a hash value based on the time stamp stored in the record in the previously acquired time stamp TS1 and the composite time stamp (TC0 in this case) of the record having the previous reception order number. Obtained (step S305). When verifying the composite time stamp having the first reception order number, the initial time stamp issued in the initialization process is used as the previous composite time stamp TC0.

  Next, the composite time stamp stored in the record having the first reception order number is decrypted with the public key included in the public key certificate for composite time stamp stored in the record. Then, a hash value and time information are extracted from the obtained result (step S306). The decrypted composite time stamp is compared with the hash value obtained in step S305 (step S307). If they match (step S307; YES), the time stamp is not altered or the time stamp issuance order is not changed. Is guaranteed.

  Finally, the time information obtained in step S306 is compared with the time information included in the composite time stamp having the previous reception order number (step S308). If the time information obtained in step S306 is earlier than the time information included in the combined time stamp having the previous reception order number, it means that the time has been falsified.

  This verification process is repeated up to the nth file received according to the reception order number. If the verification is successful up to the nth file, all the correctness of the files received up to the nth other than the nth file is guaranteed. The result of the verification process (whether or not successful) is displayed on the display unit 115 of the mobile terminal 10.

  As described above, the time stamp verification process is performed when referring to a file stored in the time authentication device 1 from the mobile terminal 2 or checking a property file. It is also necessary to newly copy or create a file in the time authentication device 1. This is because the validity of the next combined time stamp to be issued cannot be guaranteed unless the validity of the combined time stamp issued so far is guaranteed.

(Deleting time-certified files)
When the file operation program of the mobile terminal 1 is operated to delete a file on the time authentication device 1 (that is, a file that has undergone time authentication in the past), the time stamp and the combined time stamp are deleted. Furthermore, it is necessary to delete all subsequent composite time stamps depending on the composite time stamp and reissue them. On the other hand, the time stamp is maintained as it is because it does not depend on a past time stamp or the like. These time stamps are used to calculate a new composite time stamp.
Similarly, when a file on the time authentication device 1 is overwritten, the file is once deleted and all the combined time stamps are re-acquired. Then, the time authentication process is performed in the procedure of newly saving the file to be overwritten in the time authentication device 1.

(Long-term storage)
Since the public key certificate has an expiration date, the time stamp becomes invalid after the expiration date. Therefore, the time authentication device 1 periodically checks the certificate expiration date of the file to which the time stamp is given, and detects a file with a near certificate expiration date (for example, one day before the expiration date). For this reason, the control unit 100 outputs the time stamp of the file whose certification validity period is close and the input when the time stamp of the file whose certification validity period is close together as an input to the time authentication means. Thus, it functions as time re-authentication means for causing the time authentication means to newly issue each time stamp.

  For example, in FIG. 5B, it is assumed that the certification expiration date of the time stamp TSx given to the file A is near. At this time, the file path of the file A, the time stamp TSx and the certificate 1 as its public key are temporarily stored in the RAM, and the process of deleting the file A is performed. As described above, in order to delete the file A that has undergone time authentication, not only the record in the time stamp DB 1010 in which the file A is stored, but also a record having an acceptance sequence number after the file A It is necessary to re-create all the composite time stamps.

When the deletion process ends, the time authentication device 1 acquires the file A itself from the file path of the file A temporarily stored in the RAM, and creates one file together with the time stamp file TSx assigned to the file A ( This is an update file, A + TSx). The control unit 100 of the time authentication device 1 stores this A + TSx in an appropriate file path on the time authentication device 1 (a hidden directory may be provided in advance for storing the update file), and a new A + The time authentication process of steps S101 to S130 is performed on TSx, and a time stamp and a composite time stamp are given. The result is registered in the time stamp DB 1010. The state of the time stamp DB 1010 after registration is shown in FIG. The record in which the file A is stored is deleted from the time stamp DB 1010, and an updated file A + TSx is newly added.
When the time stamp TSy given to the update file A + TSx is further updated, a new time stamp may be given to A + TSx + TSy.

  In consideration of file verification, the time stamp DB 1010 includes an update flag for indicating whether or not the file having the file name stored in the file path field is a file for updating the time stamp. When a time stamp update file (that is, A + TSx or the like) is stored in the time stamp DB 1010, this update flag is set to 1.

  In addition, the history before update is necessary for the verification process of the updated time stamp file. Therefore, when the time stamp is updated, the control unit 100 of the time authentication device 1 registers the history in the update time stamp DB 1011. For example, when the time stamp assigned to the file A is updated, information on the file A and the update file A + TSx is acquired from the time stamp DB 1010 and registered in the update time stamp DB 1011. Here, in the fields indicated by “previous file” and “next file” in the update time stamp DB 1011, pointers indicating the relationship of the update history are stored. For example, the “next file” of file A stores a pointer to an area in which information of A + TSx that is an update file is stored. Conversely, a pointer to an area in which information of the file A that is the update source is stored in the “previous file” of A + TSx.

  In the file verification process, if the update flag of the verification target file in the time stamp DB 1010 is 1, the update status may be verified after step S308 is completed. Specifically, the control unit 100 searches the update time stamp DB 1011 and sequentially handles the “previous file” pointer stored in association with the verification target file. The file stamps are sequentially verified until the destination pointed to by the “previous file” pointer becomes null (for example, when the verification target is the update file A + TSx, up to the original file A to be updated) (steps S301 to S303). (Similar processing) If there is no falsification of the file and the time stamp has been updated before it expires, it is determined that the verification target file (in this case, A + TSx) is valid.

  On the other hand, for example, when it is desired to verify the file A, there is no verification target file even if the time stamp DB 1010 is referred to. In such a case, since the file A may be updated, the control unit 100 of the time authentication device 1 refers to the update time stamp DB 1011. If the target file exists in the update time stamp DB 1011, the pointer indicated by “next file” may be acquired sequentially, and the final update file name (A + TSx) may be acquired. When the finally updated file name is acquired, from step S301 to step S308 in order of the reception order number from the file having the reception order number 1, which is stored in the time stamp DB 1010. Verification is possible by performing the processing.

  The time authenticating device 1 periodically checks the certificate validity period for the combined time stamp, and detects a certificate whose certificate validity period is close. The detected composite time stamp is reissued together with the composite time stamp issued based on the composite time stamp.

  As described above, the time authentication device 1 reacquires the time stamp before the time stamp certification expires. However, if the mobile terminal 10 is not powered on or the time authentication device 1 is not attached to the mobile terminal 10, the time authentication device 1 cannot perform processing for reacquiring the time stamp. , The time stamp may expire.

  Considering this, the user of the time authentication device 1 is made to perform user registration in the time authentication server 2. When the user registration is performed, the time authentication server 2 stores the time authentication file stored in the time authentication device 1 and the contents of the time stamp DB 1010 and the update time stamp DB 1011 in the time authentication server 2. A service (backup service) for copying to the backup DB 2111 is provided.

  For example, the user registration is performed by referring to the property of the time authentication device 1 and selecting the displayed user registration menu tag from the file operation program. When the user selects this menu tag, the control unit 100 displays a user registration screen on the display unit 115 of the mobile terminal 10. The user operates the input unit 116 to input user information such as an email address on the user registration screen. When the user presses the confirmation button, the control unit 100 transmits the input information to the time authentication server 2 together with the use authority ID of the time authentication device 1. When receiving the information, the time authentication server 2 has a function as a user information storage unit that stores the information in the authentication DB 2110 in association with the use authority ID.

  When the time authentication device 1 determines that the mobile terminal 10 is connected to the network, the time authentication device 1 transmits a backup request to the time authentication server 2. If the user information is registered, the time authentication server 2 replies that the request is accepted. Then, the time authentication device 1 transmits the file itself having the file path stored in the time stamp DB 1010 to the time authentication server 2 in addition to the contents of the time stamp DB 1010 and the update time stamp DB 1011. When receiving the information, the time authentication server 2 stores the received information in association with the user ID in the backup DB 2111. As described above, the backup DB 2111 also stores the target file itself to which the time stamp is given, so that all files necessary for verifying the time stamp are stored in the backup DB 2111.

  When the user registration is performed, the time authentication server 2 checks the certification expiration date of the time stamp given to the file stored in the backup DB 2111. The time authentication server 2 also checks whether data is periodically transmitted from the time authentication device 1 to the backup DB 2111. If there is a time stamp that is close to the deadline, or if there is no update to the backup DB 2111 for a predetermined period or longer, the time authentication server 2 notifies the user of that fact. The notification is performed by the time authentication server 2 sending an email prompting the user to connect the time authentication device 1 to the network via the mobile terminal 10 to the address registered in the authentication DB 2110.

  Although the embodiments of the present invention have been described above, the present invention can be modified and applied in various forms and is not limited to the above embodiments.

  For example, the present embodiment may be applied to a storage medium such as a compact flash (registered trademark), an SD card, and a USB memory. That is, a control program that causes the time authentication device 1 to perform time authentication related processing is stored in these storage media. Then, when the storage medium is attached to the mobile terminal 10, this program is executed on the mobile terminal 10 to perform time authentication related processing.

  Further, when this embodiment is applied to the storage medium as described above, a digital camera may be used instead of the mobile terminal 10 as a destination to which the storage medium is attached. In this case, when the storage medium is attached to the digital camera, a control program for performing time authentication related processing is executed on the digital camera. With this program, the digital camera performs time authentication processing on a newly captured image or moving image file and saves it on a storage medium. File names may be numbered sequentially in the order in which they were taken. If the storage medium is attached to the digital camera, time authentication processing is performed based on the built-in clock of the digital camera. On the other hand, when the storage medium is mounted from a digital camera to a personal computer or the like, the time authentication processing by the time authentication server 2 may be performed by connecting to the network via the personal computer. As a result, it is possible to guarantee the originality and time of the image or moving image file taken by the digital camera.

  In the present embodiment, the time authentication device 1 is given authority to use the service provided by the time authentication server 2 in advance, but the mobile terminal 10 is provided with connection authority, and the time authentication device 1 is connected to the mobile terminal. The time authentication may be received from the time authentication server 2 by using the connection authority ID given in FIG.

  Alternatively, instead of giving the time authentication device 1 the authority to use the service provided by the time authentication server 2 in advance, for example, when the user pays a certain amount, an ID for specifying the service authority that the time authentication device 1 has, and The password may be registered in the authentication DB of the time authentication server 2. The authentication DB may be provided with a flag indicating the validity of the ID in association with the ID for specifying the service use authority. When the time authentication apparatus 1 is purchased, this flag is made valid. When a certain period has elapsed, this flag is invalidated. In the service use authority authentication process performed in step S202, it is first determined that this flag is valid, and then the ID and password are authenticated. By doing so, it is possible to provide a time authentication service in a time authentication apparatus 1 prepaid type. The validity period of the time stamp issued by the time authentication device 1 may be set according to the prepaid amount.

  In the above embodiment, the control program of the time authentication device has been described as being stored in advance in the storage unit or the like. However, any device that reads storage media such as a flexible disk, CD-ROM (Compact Disk Read-Only Memory), DVD (Digital Versatile Disk), MO (Magneto-Optical disk), USB memory, etc. is suitable for a mobile terminal. It is also possible to provide a device that stores the control program in these storage media, distributes it to the time authentication device, and executes the above-described processing operation.

  Alternatively, the control program may be stored in a disk device or the like of a predetermined server device on the communication network and downloaded to the time authentication device. Furthermore, the above-described processing can also be achieved by starting and executing a program while transferring it via a communication network.

  Note that the time authentication apparatus according to the above embodiment can be realized not only by the control unit controlled by a program but also by dedicated hardware.

It is a block diagram which shows the structural example of the system which concerns on embodiment of this invention. It is a block diagram which shows the structural example of a time authentication server. It is a block diagram which shows the structural example of a time authentication apparatus and a mobile terminal. (A) is a figure which shows the example of a data structure of authentication DB, (B) is a figure which shows the example of a data structure of backup DB. (A) is a figure which shows the data structural example of time stamp DB, (B) is a figure which shows the data structural example of update time stamp DB. It is a flowchart which shows the example of the time authentication process of a time authentication apparatus. It is a flowchart which shows the example of the time authentication process of a time authentication apparatus. It is a figure which shows a mode that a synthetic | combination time stamp is issued. It is a flowchart which shows the example of the verification process of a time authentication apparatus. It is a figure which shows the mode of time stamp DB after updating a time stamp.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Time authentication apparatus 10 Mobile terminal 100 Control part 101 Storage part 1010 Time stamp DB
1011 Update time stamp DB
DESCRIPTION OF SYMBOLS 103 Communication part 109 Bus 110 Control part 111 Memory | storage part 112 Timing part 113 Communication part 114 Network communication part 115 Display part 116 Input part 119 Bus 2 Time authentication server 210 Control part 211 Storage part 2110 Authentication DB
2111 Backup DB
214 Network communication unit 215 Display unit 216 Input unit 219 Bus 3 Network

Claims (7)

A time authentication system comprising a time authentication device attached to a terminal capable of communicating with a time authentication server,
The time authentication server is
Standard time certificate issuing means for issuing a time certificate for the received electronic data based on the standard time information,
The time authentication device is:
A time authentication request for electronic data from the terminal, and a time authentication request receiving means for receiving the electronic data;
Communication determining means for determining whether or not the terminal can communicate with the time authentication server;
Time acquisition means for acquiring current time information from the terminal;
An external time certificate that accepts an input, transmits a hash value of the input to the time authentication server, and receives a time certificate based on standard time information for the hash value of the input from the standard time certificate issuing unit Certificate issuing means,
Internal time certificate issuing means for receiving an input and issuing a time certificate based on the time acquired by the time acquisition means for the hash value of the input;
When receiving the input and the communication determining means determines that the terminal can communicate with the time authentication server, the input is output to be input to the external time certificate issuing means, and the external time is output. If the certificate issuing means issues a time certificate, and the communication determining means determines that the terminal cannot communicate with the time authentication server, the input is input to the internal time certificate issuing means. Time certificate issuing means for outputting the time certificate to cause the internal time certificate issuing means to issue a time certificate,
Accepting an input, outputting the input to be input to the time certificate issuing means, causing the time certificate issuing means to issue a first time certificate, and issuing the first time certificate And a second time certificate issued in response to the input accepted last time is input to the time certificate issuing unit, and the time certificate issuing unit issues the second time certificate. Means,
The electronic data received by the time authentication request receiving means is acquired and output so as to be input to the time authentication means so that the time authentication means issues the first time certificate and the second time certificate. Time authentication control means;
Comprising
A time authentication system characterized by that. The time authentication control means causes the time authentication means to issue a first time certificate and a second time certificate when the time authentication request receiving means does not receive a time authentication request for a predetermined period.
The time certification | authentication system of Claim 1 characterized by the above-mentioned. The time authentication server includes identification information storage means for storing identification information for specifying the time authentication device and a flag indicating the validity of the identification information in association with each other.
When the user using the time authentication device specified by the identification information receives information that a predetermined amount has been paid in advance, the identification information storage means sets the flag stored in association with the identification information. Valid for a specified period of time,
If the standard time certificate issuing means determines that the received identification information and the identification information storage means are stored, and determines that the flag is valid, the standard time certificate issuing means Issue a time certificate based on the time information,
The time certification | authentication system of Claim 1 characterized by the above-mentioned. When the time authentication device determines that the remaining period until the expiration date of any of the first time certificates issued by the time authentication means is equal to or less than a predetermined period, the first time certificate, Along with the input when the first time certificate is issued, the output is made to be input to the time authenticating means, and the first and second time certificates are newly issued to the time authenticating means. Including time re-authentication means
The time certification | authentication system of Claim 1 characterized by the above-mentioned. When the communication determination unit determines that the terminal can communicate with the time authentication server, the time authentication device includes identification information identifying the time authentication device, and first and second times issued by the time authentication control unit. A transmission means for transmitting a second time certificate to the time authentication server;
The time authentication server is
User information storage means for storing user information including a mail address of a user who uses the time authentication device in association with identification information for specifying the time authentication device;
When receiving the identification information specifying the time authentication device transmitted by the transmission means, the user information storage means is referred to, and when the user information is registered in association with the identification information, the transmission means transmits Time certificate storage means for receiving the first and second time certificates and storing the received first and second time certificates in association with the identification information;
When it is determined that the remaining period until the expiration date of one of the first and second time certificates stored in the time certificate storage means is equal to or shorter than a predetermined period, the expiration date approaches. The mail address of the user registered in the user information storage means in association with the identification information for identifying the time authentication apparatus having the time authentication control means that issued the first and second time certificates. , An email sending means for sending a notification email to prompt action,
Comprising
The time certification | authentication system of Claim 1 characterized by the above-mentioned. A time authentication device attached to a terminal capable of communicating with a time authentication server that issues a time certificate for electronic data,
The time authentication device is:
A time authentication request for electronic data from the terminal, and a time authentication request receiving means for receiving the electronic data;
Communication determining means for determining whether or not the terminal can communicate with the time authentication server;
Time acquisition means for acquiring current time information from the terminal;
An external time certificate issuance that accepts an input, transmits a hash value of the input to the time authentication server, and receives a time certificate based on standard time information from the time authentication server for the hash value of the input Means,
Internal time certificate issuing means for accepting input and issuing a time certificate based on the time acquired by the time acquisition means for the hash value of the input;
Accepting an input, and when the communication determining means determines that the terminal is communicable with the time authentication server, outputs the input to be input to the external time certificate issuing means, and the external time If the certificate issuing means issues a time certificate, and the communication determining means determines that the terminal cannot communicate with the time authentication server, the input is input to the internal time certificate issuing means. Time certificate issuing means for causing the internal time certificate issuing means to issue a time certificate,
Accepting an input, outputting the input to be input to the time certificate issuing means, causing the time certificate issuing means to issue a first time certificate, and issuing the first time certificate And the second time certificate issued in response to the input accepted last time is input to the time certificate issuing means, and the time certificate issuing means issues the second time certificate. Means,
Obtaining the electronic data received by the time authentication request receiving means, outputting the electronic data to be input to the time authentication means, and causing the time authentication means to issue a first time certificate and a second time certificate; Time authentication control means;
A time authentication device comprising: A computer connected to the time authentication server via the network
Time authentication request for electronic data, and time authentication request receiving means for receiving the electronic data;
Communication determination means for determining whether or not communication with the time authentication server is possible;
Time acquisition means for acquiring current time information;
An external time certificate issuance that accepts an input, transmits a hash value of the input to the time authentication server, and receives a time certificate based on standard time information from the time authentication server for the hash value of the input means,
Internal time certificate issuing means for accepting an input and issuing a time certificate based on the time acquired by the time acquisition means for the hash value of the input;
Accepting an input, and when the communication determining means determines that the terminal is communicable with the time authentication server, outputs the input to be input to the external time certificate issuing means, and the external time If the certificate issuing means issues a time certificate, and the communication determining means determines that the terminal cannot communicate with the time authentication server, the input is input to the internal time certificate issuing means. The time certificate issuing means for causing the internal time certificate issuing means to issue a time certificate,
Accepting an input, outputting the input to be input to the time certificate issuing means, causing the time certificate issuing means to issue a first time certificate, and issuing the first time certificate And a second time certificate issued for the previously accepted input to the time certificate issuing means, and causing the time certificate issuing means to issue a second time certificate. ,
Obtaining the electronic data received by the time authentication request receiving means, outputting the electronic data to be input to the time authentication means, and causing the time authentication means to issue a first time certificate and a second time certificate; Time authentication control means,
Time authentication program to function as.

Images