JPH1022995A - Electronic signature system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To securely certify an opposite party and to prevent illegal behavior by comparing a restored sentence with a signature generated from a communication sentence. SOLUTION: A transmission side 1 transmits a password certifier C and the communication sentence M to a reception side. The reception side 2 generates a certifier V from the communication sentence M by a certifier generation means 21. The identifier of a transmission opposite party is inputted to a secret algorithm generation means 24 and a shared key is outputted. When the shared key is inputted to a decoding means 23, the password certifier C from the transmission side 1 is decoded and a certifier V' is outputted. The certifiers V and V' are compared in a comparison means 22. When they are matched, a matching signal is sent to an output terminal O and a signal with the effect in the other cases is sent the O.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic signature system based on shared information.

[0002]

2. Description of the Related Art While "encryption technology" has been highlighted in electronic commerce and e-commerce on networks, "digital signatures" (electronic signatures) used for personal authentication are also important technologies. ing. However, this digital signature is originally known for the theory using public key cryptography and the method for realizing it.Similarly, with the common key cryptography, as an authentication function, it is impossible to prove the injustice of the parties as an authentication function. Yes, the combination was not practical.

[0003]

SUMMARY OF THE INVENTION In view of the above, according to the present invention, there is provided a signature generating means for generating a unique signature based on a communication message, and transmitting the generated signature to other information based on an identifier of a transmission destination. A conversion statement creation unit for creating a conversion statement converted into a conversion statement, the receiving side restores at least the transmitted conversion statement into a signature based on the other party identifier, and a unique message based on the transmitted communication message. By providing a signature creating means for creating a signature, and a comparing means for comparing the created signature with the restored text restored by the restoring means, reliable partner authentication is performed and authentication is mainly performed. The establishment of another institution, a so-called notary institution, has realized an electronic signature system that prevents fraud.
The method of generating a shared key in the present invention is not particularly limited, but is preferably a KPS (Key Pre
distribution system) is preferably used. KP
In the S method, between the center that owns the center algorithm and the above-described entities indicating the transmitting side, the receiving side, and other institutions, the entity sends its own identifier to the center, and the center applies this identifier to the center algorithm. Create a secret algorithm and send it to the entity. Each entity stores this secret algorithm in secret and causes the above-described conversion statement creation means and restoration means to store and execute the secret algorithm. At the time of execution, the identifier of the communication partner is input to its own secret algorithm.
As a result, a shared key with the other party is created. Details of the identifier, center algorithm, secret algorithm, etc. are described in JP-A-63-36634 and JP-A-63-1076.
No. 67 and the like, and the present invention suitably uses this.

[0004]

FIG. 1 shows an embodiment of the present invention. 1 is a transmitting side, 11 is an authenticator creating means, and Hash
The authenticator is composed of functions and other compression algorithms and outputs an authenticator corresponding to the input text. Numeral 12 denotes a secret algorithm executing means, which has a built-in secret algorithm sent from the center and generates and outputs a common key by inputting and executing the identifier of the other party. The above-mentioned KPS method is appropriate for the secret algorithm, but (Bl
om, R., "Non-Public Key Distribution," Advances in C
riptology: Proceedings of CRYPTO'82, Plenum Press, 19
82,231-236) may be applicable in some cases. Reference numeral 13 denotes an encryption unit for inputting a common key to input data and encrypting and outputting the data. More specifically, the encryption unit 13
Processing device using hardware such as a scrambler, or DES (Data Encryption Standard), FEAL encryption (Shimizu, Miyaguchi, Ota: "High-speed data encryption algorithm FEAL"), IEICE technical report, (Information theory), VOL.
80, No. 113, IT86-33, PP. 1-6, (1986)), etc., but are not limited thereto. On the transmitting side, a configuration using only a general-purpose computer for personal use is sufficient, and the configuration shown in FIG. 1 can be easily replaced with software such as a program. Since the secret algorithm execution means 12 is kept secret by its nature, the secret algorithm execution means 12 may be constituted separately by a highly confidential device such as an IC card. In this case, an accessory device for reading or writing the IC card is provided. The receiving side 2
Has a similar configuration. Reference numeral 2 denotes a receiving side, and 21 denotes an authenticator creating means, which is the same as the transmitting side. Numeral 24 denotes a secret algorithm executing means, which is the same as the transmitting side. 22 is a comparing means,
The values of the two inputs are compared to determine that they are substantially the same, and as a result, a match / mismatch is output. The output of the comparison means 22 is adjusted by more specific judgment or form of identification means provided at the subsequent stage. Reference numeral 23 denotes a restoring means for restoring and reproducing the input encrypted data with a common key. This restoring means 23 has the same configuration as the encryption means.

Next, the operation will be described. On the sending side 1,
The message M is input to the authenticator creating means 11. The authenticator creating means 11 creates and outputs an authenticator V based on the input. This authenticator V is input to the encryption means 13.
Further, the transmitting side 1 inputs the identifier ID2 of the other party to the secret algorithm executing means 12. The secret algorithm executing means 12 outputs the shared key K12 based on the identifier. When the shared key K12 is input to the encrypting means 13, the authenticator V is encrypted and an encrypted authenticator C (v) is created.
The encrypted authenticator C (v) and the message M are transmitted to the receiving side. This transmission medium is not particularly limited, and various media such as radio waves, infrared rays, sound waves, and ultrasonic waves are exemplified. When the message M and the encrypted authenticator C (v) are transmitted on the receiving side 2, the message M is input to the authenticator creating means 21 and the authenticator V is created. The transmitted cryptographic authenticator C (v) is input to the decryption means 23. Further, the identifier ID1 of the transmission partner is input to the secret algorithm creating means 24. The shared key K12 is output based on this identifier. When this shared key K12 is input to the decryption means 23,
The above-described cryptographic authenticator C (v) is decrypted and the authenticator V ′
Is output. These authenticators V and V 'are compared with the comparing means 22.
If they match, a matching signal is output to an output terminal O in other cases. If they match, it can be authenticated that the message M is truly sent from the sender 1. In this way, even if the message or the cryptographic authenticator is tampered with in the transmission path by a third party, the tampering can not be found and prevented unless the comparison means makes a comparison.

[0006] An embodiment of the unauthorized authentication by the transmission side 1 will be described with reference to FIG. 1 is a transmitting side, 2 is a receiving side, and the configuration is the same as that of FIG. still,
In the present embodiment, in order to transmit the message and the encrypted authenticator to a plurality of locations, the secret algorithm executing means simultaneously or in time series inputs the identifier and outputs the shared key corresponding to the identifier. Is added according to the situation. The DH is a broadcast transmitting unit for delivering the message transmitted from the transmitting side and the output of the encrypted authenticator to the receiving side and the notary authority 3, respectively. The transmission unit may have a transmission network as shown in FIG. 2, and may employ an additional function or structure such as a time-series connection switching system depending on the case. 3 is a notary institution, which is set up as having third-party independent facilities and operations, but is not necessarily an independent institution,
If it can be guaranteed that it has functionally independent notarization, it may be the receiving side, the transmitting side, or a center that creates and distributes a secret algorithm based on the KPS system. Is also good. In the notary authority 3, reference numeral 31 denotes a secret algorithm executing means, which is similar to that of the transmitting side 1 and the receiving side 2 in a state where an identifier is set in advance and a secret algorithm based on this identifier is provided from the center. It has a configuration of In the case where the notary institution 3 is the same as the center, provision of a secret algorithm in advance may not be necessary. Reference numeral 32 denotes a decoding unit having the same configuration as that of the receiving side 2. 33 is
Authenticator creation means, which is the same as that on the receiving side. 3
Reference numeral 4 denotes comparison means, which is the same as that on the receiving side.

Next, the operation will be described. The transmitting side inputs the message M to the authenticator creating means 11 and outputs the authenticator V created and output by the encrypting means 12 to the identifier I of the receiving side 2.
D2 and the ID of the notary institution ID3 are given to the secret algorithm creating means 13 and the shared keys K12 and K
13 to obtain C1 (v) and C3 (v),
The information is transmitted to the receiving side 2 and the notary institution 3 via the broadcast transmitting unit DH.

[0008] The notary authority 3 mainly stores the encrypted authenticator C3 (v) for a necessary period of time unless a notarization request is issued mainly from the transmitting side, the receiving side, or another organization. For example, if the sender denies sending the message, the receiver 2 presents the message M and the sender information to the notary public authority 3 (RE). Notary institution 3
Transmits the message M sent from the receiving side to the authenticator converting means 33.
Then, the encrypted authenticator C3 (v) sent from the transmitting side is input to the decrypting means 32, and the identifier ID1 of the transmitting side 1 is input to the secret algorithm executing means 31. The encrypted authenticator is decrypted based on the shared key K13 obtained as described above to obtain an authenticator V ″ ′.
If V ″ ′ matches, the message M is output to the receiving side 2 with information to prove that the message M is truly transmitted from the transmitting side 1 (AU).

[0009] Even if the receiving side 2 performs fraud such as falsification of the message N, an authenticator encrypted with a unique shared key between the transmitting side 1 and the notary institution 3 is sent to the notary institution 3. Since it has been transmitted, the occurrence of tampering can be detected as long as it is passed through a notary institution.

As described in detail above, the present invention makes it possible to implement a digital signature by the shared key system without complicating the configuration and without requiring an arbitrator required for communication. There is an effect that authentication by a notary institution can be easily performed without requiring a third party such as a center.

[Brief description of the drawings]

FIG. 1 is a diagram showing one embodiment of the present invention.

FIG. 2 is a diagram showing another embodiment of the present invention.

[Description of Signs] 1 Transmitting side 2 Receiving side 3 Notary institution 11, 21, 33 Authenticator conversion means 12 Encryption means 13, 25, 31 Secret algorithm execution means 23, 34 Comparison means 24, 32 Decoding means

Continued on the front page (51) Int.Cl. ⁶ Identification code Agency reference number FI Technical display location H04L 9/00 601E

Claims (5)

[Claims] 1. A signature generating means for generating a unique signature based on a communication message, and a conversion statement generation for converting a generated signature into another information based on an identifier of a transmission destination. Means for restoring at least the transmitted conversion text into a signature based on the other party identifier, a signature generation means for generating a unique signature based on the transmitted communication text, An electronic signature method comprising comparing means for comparing the restored signature with the restored text restored by the restoring means. 2. A transmitting side mainly sends another conversion body which converts the signature into other information based on an identifier of the other institution, and provides the other side with an authentication institution. The institution restores the transmitted conversion text to a signature based on the identifier of the sender, creates a unique signature based on the transmitted communication text, and restores the created signature and the recovery data restored by the recovery means. 2. The digital signature method according to claim 1, wherein the digital signature is compared with a sentence for authentication. 3. Other means for restoring at least the transmitted conversion sentence into a signature based on the other party identifier,
3. The electronic signature method according to claim 2, further comprising signature creation means for creating a unique signature based on the transmitted communication message, and comparison means for comparing the created signature with a restoration sentence restored by the restoration means. . 4. The electronic signature system according to claim 1, wherein the identifier is unique and semi-fixed information for identifying a person who owns the identifier. 5. The method according to claim 1, wherein the conversion statement creating means and the restoring means have a secret algorithm obtained by applying the transmitted own identifier to the center algorithm at the center having the center algorithm. 3. The digital signature method according to 3.