CN1758586A - Time stamp service system and checking server for time stamp information and computer software - Google Patents

Time stamp service system and checking server for time stamp information and computer software Download PDF

Info

Publication number
CN1758586A
CN1758586A CNA2005100021757A CN200510002175A CN1758586A CN 1758586 A CN1758586 A CN 1758586A CN A2005100021757 A CNA2005100021757 A CN A2005100021757A CN 200510002175 A CN200510002175 A CN 200510002175A CN 1758586 A CN1758586 A CN 1758586A
Authority
CN
China
Prior art keywords
checking
information
record
authentication
time stamp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2005100021757A
Other languages
Chinese (zh)
Other versions
CN100593921C (en
Inventor
谷川嘉伸
小野里博幸
本多义则
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Publication of CN1758586A publication Critical patent/CN1758586A/en
Application granted granted Critical
Publication of CN100593921C publication Critical patent/CN100593921C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60HARRANGEMENTS OF HEATING, COOLING, VENTILATING OR OTHER AIR-TREATING DEVICES SPECIALLY ADAPTED FOR PASSENGER OR GOODS SPACES OF VEHICLES
    • B60H1/00Heating, cooling or ventilating [HVAC] devices
    • B60H1/00357Air-conditioning arrangements specially adapted for particular vehicles
    • B60H1/00385Air-conditioning arrangements specially adapted for particular vehicles for vehicles having an electrical drive, e.g. hybrid or fuel cell
    • B60H1/00392Air-conditioning arrangements specially adapted for particular vehicles for vehicles having an electrical drive, e.g. hybrid or fuel cell for electric vehicles having only electric drive means
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60HARRANGEMENTS OF HEATING, COOLING, VENTILATING OR OTHER AIR-TREATING DEVICES SPECIALLY ADAPTED FOR PASSENGER OR GOODS SPACES OF VEHICLES
    • B60H1/00Heating, cooling or ventilating [HVAC] devices
    • B60H1/00492Heating, cooling or ventilating [HVAC] devices comprising regenerative heating or cooling means, e.g. heat accumulators
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60HARRANGEMENTS OF HEATING, COOLING, VENTILATING OR OTHER AIR-TREATING DEVICES SPECIALLY ADAPTED FOR PASSENGER OR GOODS SPACES OF VEHICLES
    • B60H1/00Heating, cooling or ventilating [HVAC] devices
    • B60H1/00507Details, e.g. mounting arrangements, desaeration devices
    • B60H1/00514Details of air conditioning housings
    • B60H1/00521Mounting or fastening of components in housings, e.g. heat exchangers, fans, electronic regulators
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60HARRANGEMENTS OF HEATING, COOLING, VENTILATING OR OTHER AIR-TREATING DEVICES SPECIALLY ADAPTED FOR PASSENGER OR GOODS SPACES OF VEHICLES
    • B60H1/00Heating, cooling or ventilating [HVAC] devices
    • B60H1/00642Control systems or circuits; Control members or indication devices for heating, cooling or ventilating devices
    • B60H1/0065Control members, e.g. levers or knobs
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60HARRANGEMENTS OF HEATING, COOLING, VENTILATING OR OTHER AIR-TREATING DEVICES SPECIALLY ADAPTED FOR PASSENGER OR GOODS SPACES OF VEHICLES
    • B60H3/00Other air-treating devices
    • B60H3/0007Adding substances other than water to the air, e.g. perfume, oxygen
    • FMECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
    • F25REFRIGERATION OR COOLING; COMBINED HEATING AND REFRIGERATION SYSTEMS; HEAT PUMP SYSTEMS; MANUFACTURE OR STORAGE OF ICE; LIQUEFACTION SOLIDIFICATION OF GASES
    • F25DREFRIGERATORS; COLD ROOMS; ICE-BOXES; COOLING OR FREEZING APPARATUS NOT OTHERWISE PROVIDED FOR
    • F25D3/00Devices using other cold materials; Devices using cold-storage bodies
    • F25D3/02Devices using other cold materials; Devices using cold-storage bodies using ice, e.g. ice-boxes
    • F25D3/06Movable containers
    • F25D3/08Movable containers portable, i.e. adapted to be carried personally
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60HARRANGEMENTS OF HEATING, COOLING, VENTILATING OR OTHER AIR-TREATING DEVICES SPECIALLY ADAPTED FOR PASSENGER OR GOODS SPACES OF VEHICLES
    • B60H3/00Other air-treating devices
    • B60H3/0007Adding substances other than water to the air, e.g. perfume, oxygen
    • B60H2003/0042Adding substances other than water to the air, e.g. perfume, oxygen with ventilating means for adding the substances

Abstract

To provide a method that certifies that time stamp information was valid even after the valid period of a public key certificate included in the time stamp information has passed or after an encryption algorithm or a key has been compromised. A system comprises a client 100, a time stamp information issuing apparatus 102, a certification authority 104 and a verification server 110. The server 110 has means for accepting a message requesting the verification of time stamp information from the client 100 and verifying the time stamp information, means for searching saved verification records if the first verification fails, means for verifying data authentication data in a verification record of the time stamp information showing previous verification, and means for sending the second verification result as a verification response message if the second verification passes.

Description

Timestamp service system and checking server for time stamp information and computer software
Technical field
The present invention relates to a kind of existence that guarantees electronic data constantly and the timestamp technology of the integrality of data thereafter, particularly a kind of technology that the accuracy of timestamp information is verified.
Background technology
Follow the increasing of electronic data of the development of advanced IT application communication network society, how to guarantee that the former person's character that is easier to the electronic data distorted than paper document just becomes very important.Based on such background, prove that the existence of electronic data has or not the timestamp technology and the timestamp service of distorting very noticeable with its data constantly.Timestamp service is to be called as the service that reliable the 3rd side mechanism of TSA (Time Stamping Authority) is provided.The service user sends message digest value (messagedigest) to TSA, and this message digest value is the intrinsic characteristic quantity of the electronic data of timestamp object.TSA, by with reference to this message digest value and reliable moment source, generate by encryption technology with reference to the timestamp token that combines of time information, and return to the user.The user can confirm that by timestamp token (token) (timestamp information) and the electronic data received are verified the existence of this electronic data is distorted (for example, with reference to non-patent literature 3) with having or not constantly.
The verification method of timestamp information depends on the generation method (for example, with reference to non-patent literature 1, non-patent literature 4, non-patent literature 5) of timestamp information.For example, if paid the timestamp information of digital signature, carry out the checking of timestamp information by verifying this digital signature.In addition, if the timestamp information that generates with link token (link token) method, visit the TSA that can verify the accuracy that is included in the link information in this timestamp information, so will stab the accuracy of information the proving time.
In the timestamp technology of using existing digital signature, having with PKI technology (for example, non-patent literature 2) is the technology (for example patent documentation 1, non-patent literature 1, non-patent literature 4) of prerequisite.In the public-key cryptography certificate of the TSA that authentication office issues, comprised the main body name of TSA and the public-key cryptography that uses in order to verify the digital signature that in timestamp information, comprises.When stabbing, at first confirm the testimonial validity of public-key cryptography of TSA in the proving time.In this is confirmed, carry out the checking of the public-key cryptography checking of testimonial valid expiration date, the testimonial failure state of public-key cryptography and be paid to the checking of the digital signature of the testimonial authentication of public-key cryptography office etc.Only under the situation of having confirmed this validity, just use this key to carry out the checking of the digital signature of timestamp.The testimonial validity of public-key cryptography is being judged as when no, this timestamp information be verified as failure.
In addition, as the countermeasure of public-key cryptography certificate after valid expiration date, also has the method (for example, with reference to non-patent literature 6) of paying new digital signature in digital signature in effective time once more, the digital signature that this is new has been used and former different cryptographic algorithm and key informations.At this, before cryptographic algorithm of using in the signature document and key are in the hole, signature document and authorization information (public-key cryptography certificate information and certificate certificate revocation list information) are suitable for the timestamp of the RFC3161 standard that is called as file store (archive) timestamp, and generate the electronic signature data that is called as long-term signature form.And then, before algorithm that uses and key are in fragile state, signature document, authorization information, former file store timestamp are suitable for the file store timestamp that upgrades in this file store timestamp.
[patent documentation 1] special table 2003-524348 communique (33-34 page or leaf, the 8th figure)
[patent documentation 2] spy opens the 2001-331104 communique
[patent documentation 3] spy opens the 2001-331105 communique
[non-patent literature 1] C.Adams, other 3 people, RFC3161, InternetX.509Public KeyInfrastructure Time-Stamp Protocol (TSP), [online], August calendar year 2001, [putting down into retrieval on July 8th, 16], internet URL:http: //www.ietf.org/rfc/rfc3161.txt
[non-patent literature 2] カ one ラ ィ Le ア グ system ズ+ス テ ィ one Block ロ イ De work, Bell wood
Figure A20051000217500061
Gifted one translates, and " the public Open Key of PKI イ Application Off ラ ス ト ラ Network チ ヤ notion, Standard Quasi, exhibition Open " ピ ア ソ Application ェ デ ュ ケ one シ ョ Application is published, on July 15th, 2000, P.41-52
[non-patent literature 3] ISO/IEC 18014-1, " information technology-Securitytechniques-Time-stamping services-Part 1:Framework ", on October 1st, 2002
[non-patent literature 4] ISO/IEC 18014-2, " information technology-Securitytechniques-Time-stamping services-Part 2:Mechanisms producing independenttokens ", on December 15th, 2002
[non-patent literature 5] ISO/IEC 18014-3, " information technology-Securitytechniques-Time-stamping services-Part 3:Mechanisms producing linked tokens ", on February 9th, 2004
[non-patent literature 6] D.Pinkas, other 2 people, RFC3126, RFC-3126 ElectronicSignature Formats for long term electronic signatures, [online], September calendar year 2001, [putting down into retrieval on July 8th, 16], internet URL:http: //www.ietf.org/rfc/rfc3126.txt
Under the situation that use is verified based on the timestamp information of the word signature of existing P KI technology number, at first, verify TSA public-key cryptography certificate.At this moment, when the public-key cryptography certificate is judged as when invalid, authentication failed then, and can not prove the timestamp object electronic data existence constantly or have or not and distort.For example, surpass public-key cryptography after testimonial valid expiration date, that authentication office does not guarantee to put down in writing in the disclosure key certificate, TSA main body name and public-key cryptography interrelated do not carry out the management and the announcement of the testimonial failure state of the disclosure key (certificate certificate revocation list information) yet.Therefore, such as, even signature was effective digital signature at that time, served as the disclosure key during testimonial valid expiration date, exist the confidence level of this signature to lose such problem significantly.In addition, based on the electronic signature of long-term signature form, have the suitable data volume of each timestamp and can become the bigger such problem of required time big and that sign and use again.Therefore, expectation improves the timestamp information verification technique.
Summary of the invention
The present invention designs in order to address the above problem, even provide the public-key cryptography that in timestamp information, comprises after testimonial valid expiration date or the cryptographic algorithm of in timestamp information, using or key in the hole after, prove that timestamp information once was effective checking server for time stamp information device and timestamp information verification method in the past.
The present invention also provides the data volume that does not increase timestamp information and checking server for time stamp information device and the timestamp information verification method that guarantees the authenticity of timestamp information for a long time.
The present invention, its a kind of form, the interconnective more than one customer set up in communication network of serving as reasons, more than one timestamp information distributing device, more than one authentication exchange device, timestamp service system with more than one checking server for time stamp information device formation, carry out the checking server for time stamp information device of checking of the accuracy of timestamp information, when receiving that from client terminal device request time stabs the information of checking of information, timestamp information in the authorization information, when being proved to be successful, generate the checking result, and when generating this checking record, generation is to the data authentication information of checking record, preserve this verify data and checking record, after this, will verify that the result sends to client terminal device as the checking response message.In addition, under the situation of authentication failed, the checking record that retrieval is preserved, if be judged as the timestamp information that former checking is over, in specific corresponding checking record, verify the data authentication data of this checking record, when being proved to be successful, generation comprises checking result's in the past checking result, generate data authentication information when generating this checking record to the checking record, preserve this verify data and checking record, after this, will verify that the result sends to client terminal device as the checking response message.
According to the present invention, even crossed the timestamp information of valid expiration date, if in the valid period, carried out the timestamp information of checking, owing to use the checking record that has improved reliability, just can under the situation of the data volume that does not increase timestamp information, can advocate accuracy according to checking result's in the past timestamp information.
Description of drawings
Fig. 1 is the system construction drawing of embodiment 1;
Fig. 2 is the system construction drawing of embodiment 2;
Fig. 3 is the key diagram of an example that is illustrated in the flow chart of the timestamp information checking action in the checking server for time stamp information device;
Fig. 4 is the key diagram of an example of the structure of timestamp information data;
Fig. 5 is the key diagram of an example of the structure of checking record data;
Fig. 6 is the key diagram of an example of checking record management data table;
Fig. 7 is the key diagram of an example of the express time checking result's that stabs information picture;
Fig. 8 is the system construction drawing of embodiment 3;
Fig. 9 is the key diagram that is illustrated in an example of the flow chart of another timestamp information checking action in the checking server for time stamp information device;
Figure 10 is the key diagram that expression revalues an example of the flow chart of verifying the action of writing down;
Figure 11 is the key diagram that storage revalues an example of schedule work;
Figure 12 is the key diagram that upgrades an example of the data structure of verifying record;
Figure 13 is the key diagram of expression based on an example of the checking result screen of the timestamp information that revalues of checking record.
Embodiment
Below, embodiments of the present invention are described.
Below, the embodiment for timestamp service system of the present invention and checking server for time stamp information device is described in detail with figure.
Embodiment 1 is described.Fig. 1 represents the timestamp service system structure of present embodiment.The timestamp service system is made of with the communication network 150 that is connected these Apparatus and systems a plurality of client terminal devices 100, more than one timestamp information distributing device 102, more than one authentication exchange device 104, more than one checking server for time stamp information system 110.
Client terminal device 100 is in order to obtain the electronic data at contract or application etc., and perhaps, the timestamp information of the supervisory daily record data of communication log or system journal etc. sends the client terminal device of request to timestamp information distributing device 102.In addition, this client terminal device 100 stabs the accuracy of information, entrusts to checking server for time stamp information system 110 and verify for acknowledging time.
Timestamp information distributing device 102 is devices of accepting the request of client terminal device 100 and sending timestamp information.These timestamp information distributing devices also can be installed timestamp method alone respectively.In addition, this installs, and the authentication function of the timestamp information of the timestamp method that depends on use is provided.For example, generate the timestamp information distributing device 102-B of the timestamp information of link token method, the function of the timestamp information of verifying the link token method that generates is provided.
Authentication exchange device 104 is the high service units of reliability that utilize when the digital signature of PKI technology is used in checking.Specifically, by issue public-key cryptography testimonial authentication office unit, storage vault (repository) unit of open public-key cryptography certificate certificate revocation list and reply the formations such as unit, OCSP response station of the testimonial validity of public-key cryptography.Authentication exchange device 104 provides service at any time to checking server for time stamp information system 110.
Checking server for time stamp information system 110 is made of with the LAN 152 that is connected these devices more than one timestamp information checking foreground server unit 114, more than one certificate service for checking credentials apparatus 116, network equipment 112.Checking server for time stamp information device 110 connects communication network 150 by network equipment 112.
Timestamp information checking foreground server unit 114 when accepting from timestamp information request message that client terminal device sends, is entrusted the testimonial validation of public-key cryptography that comprises to certificate service for checking credentials apparatus 116 in timestamp information.Certificate service for checking credentials apparatus 116, access registrar exchange device 104 when confirming the testimonial validity of public-key cryptography, returns its result to timestamp information checking foreground server unit 114.Timestamp information checking foreground server unit 114 uses to comprise public-key cryptography in the public-key cryptography certificate that validity was identified, and the digital signature that comprises in timestamp information is verified.Verification steps etc. are stated in the back.
About embodiment 2, describe with Fig. 2.Present embodiment and embodiment 1 are relatively implementing on the checking server for time stamp information system this point different with a device.Checking server for time stamp information device 210, possess: the processing unit that timestamp information checking request receiving portion 212, timestamp information proof department 214 and timestamp information checking record management portion 216 are such, and have secret (security) data 218, verify record management data 220.
Timestamp information checking request receiving portion 212 is accepted the timestamp information checking request that sends from client terminal device 100.Timestamp information proof department 214, carry out to the testimonial validity of public-key cryptography that in timestamp information, comprises affirmation, to the checking of the digital signature that in timestamp, comprises.Timestamp information checking record management portion 216 carries out that the generation of record is handled in timestamp information checking that timestamp information proof department 214 carries out or to the data management of the keeping of checking record management data 220 etc.
Private data 218 stores itself signature certificate data of public-key cryptography certificate data, private cipher key data and authentication exchange device 104 that checking server for time stamp information device 210 had.In addition, in this private data 218, also can memory by using the service of authentication exchange device 104 and the information (for example, the testimonial certificate revocation list of public-key cryptography) that obtains.
Gratifying is that checking server for time stamp information device 210 is to allow a plurality of computers of visiting simultaneously, possessing the network connection device that has the high speed processing ability.Specifically, be to realize with mainframe computer or the work station of holding a plurality of central processing units.
In addition, checking server for time stamp information device 210 is in order to provide the service for checking credentials of timestamp information, demanding reliability to client terminal device 100.Therefore, gratifying is that the plateform system that timestamp information checking handling procedure is turned round carries out security countermeasures.Specifically, preferably prevent OS to the countermeasure of the unauthorized access of file system or destruction (crack) behavior by network.And then, from the viewpoint that public-key cryptography certificate data or private cipher key data etc. are maintained secrecy, wish the important data of hardware aspect management of distorting (damper) property by anti-.
Timestamp information distributing device 102 or authentication exchange device 104 also adopt the platform the same with checking server for time stamp information device 210.
Client terminal device 100, can use general personal computer to realize, this personal computer has: the output device of the storage device of the input unit of central processing unit, keyboard or mouse etc., hard disk or RAM etc., CRT monitor, LCD or printer etc. is used network equipment with communicating by letter.Certainly be not limited to personal computer, also be fine if possess at user's the input unit and the computer of output device and communicator.
Communication network 150 can or utilize mobile communication base station, communication to realize with the communication networks such as wireless network of moonlet with the wired network of public network, internet, ISDN net etc.
In addition, in the timestamp service system, by the communication between the device of communication network 150 time, the countermeasure that the robber that also can carry out the distorting of the pretending to be of anti-locking apparatus, communication data, communication data listens etc.These can be realized by utilizing SSL (the Secure Sockets Layer) communication technology.
More than each function and each handling part of each device, the central processing unit by is separately carried out institute's program stored in storage device, specializes.In addition, each program both can be stored in each storage device in advance, as required, also can install available, the medium that can load and unload and imported from other device as the communication network of communication medium or the carrier wave that transmits on communication network by this.
Fig. 3 be express time stab Information Authentication 110 proving times of server unit stab information the illustration of flow chart of step, and embodiment 2 described, and also can be the same in embodiment 1.At first, checking server for time stamp information device 210 is accepted the timestamp information checking from client terminal device 100 and is entrusted message (step 302).
Entrust in the message in the timestamp information checking, contain timestamp information data described later at least.In addition, also can contain electronic data that should timestamp information.
In addition, also can become one and encode with the known form type pair electronic data corresponding with the timestamp information data.For example, also can the electronic data corresponding with timestamp information be encoded with application program data mode or XML (Extensible Markup Language) form alone.The information relevant with these coding method can be represented in the communication protocol between client terminal device 100 and the checking server for time stamp information device 210.For example, the information of code displaying form can be included in the content heads of HTTP (Hyper Text Transfer Protocol).
Checking server for time stamp information device 210 is entrusted message to carry out checking according to the checking of accepting and is handled (step 304).The example of checking content is as described below.By carrying out these checking processing the accuracy of timestamp information is judged.
(1) utilizes the testimonial certificate revocation list of storing in private data 218 of public-key cryptography, perhaps authenticate the service of exchange device 104, the testimonial validity of the public-key cryptography that comprises in timestamp information is confirmed.
(2) use the public-key cryptography that in confirming the public-key cryptography certificate of validity, comprised, the digital signature of timestamp information is verified.
(3) if contain other data, verify with method same as described above with signature.
(4) contain under the situation of the electronic data corresponding in timestamp information checking request message with timestamp information, try to achieve the message digest value of electronic data with corresponding hash function, confirm whether this value is identical with the message digest value that comprises in timestamp information.
In addition, the checking content is not limited only to these, also can append to be used for the checking project that acknowledging time stabs the reliability of information.For example, for the reliability of the time information confirming in timestamp information, to comprise, also can carry out with reference to the conforming affirmation between the data items that in timestamp information, comprises and the affirmation or the checking of reliable external data.Can also carry out affirmation about the fail safe of the cryptographic algorithm in timestamp information, used or key.And then checking server for time stamp information device 210 as the checking result, also can use the checking result who was undertaken by other checking server for time stamp information device 210.
In step 306, under the situation about being proved to be successful of step 304 (timestamp information has accuracy), the rise time is stabbed the checking result (step 308) of information.After this, generate the checking record of the record that shows that checking is handled, simultaneously, generate data authentication information (step 310, step 312) at this checking record.At last, preserve checking record and data authentication information, return checking result's (step 314, step 316) to client terminal device 100.
In step 306, under the situation of the authentication failed of step 304 (timestamp information does not have accuracy), the checking of retrieve stored record (step 320).Empirical tests is out-of-date when being judged as in step 322, and after this specific corresponding checking record, carries out having added with the checking record authentication (the 2nd checking) of corresponding relation data authentication information, confirms the authenticity (step 324) of checking record.When the authenticity of checking record is identified, during authentication success, generate the checking result (step 308) of the timestamp information that comprises checking result in the past.At this moment, the checking result who contains the oldest past at least.After this, generate the checking record (310) of the record that shows that checking is handled, simultaneously, generate data authentication information (step 312) for this checking record.At last, preserve checking record and data authentication information (step 314), return checking result's (step 316) to client terminal device 100.
In step 322, when the checking record that is judged as the past does not exist, generate the checking result (step 308) of the timestamp information that does not contain checking result in the past.After this, generate the checking record (step 310) of the record that shows that checking is handled, simultaneously, generate data authentication information (step 312) for this checking record.At last, preserve checking record and data authentication information (step 314), return checking result's (step 316) to client terminal device 100.
Fig. 4 is an example of timestamp information.Timestamp information 400 is made of following data items: be used for the timestamp identifier field 402 of recognition time stamp information inherently; Eap-message digest value field 404 as the electronic data of timestamp object; The time information field 406 that when timestamp generates, derives with reference to reliable time information; Be used to store the extra information field 408 of the title of TSA, the public-key cryptography certificate of TSA, the attribute certificate of TSA and the electronic data of timestamp object etc.; With authentication information field 410.Authentication information field 410, storage is than the authentication information field digital signature of the data authentication that is used for the data items group that exists of upside more.In addition, in order to guarantee long-term data authentication, also can use digital signature method institute's publicity, that utilize historical information in patent documentation 2 and patent documentation 3 etc. ((hysteresis) signature lags behind).And then, also can use the hash function that is used for data authentication for easy.
Fig. 5 is an example of checking record.Checking record 500 is made of following field: the checking record identifier field 502 that is used for discerning inherently the checking record; Stab the timestamp information field 504 of the entity (for example, the binary data of timestamp information) of information memory time; Be stored as the public-key cryptography certificate validation information field 506 of the information that necessary certificate certificate revocation list of the testimonial validity of public-key cryptography when confirming checking or OCSP reply etc.; The checking moment field 508 that shows the moment of carrying out the checking processing; Checking object information field 510 with the checking result who stabs information memory time.
Fig. 6 is the table example of checking record management data 220.Checking record management table 600 has following 4 hurdles (column).Checking record data hurdle 602, the binary data of storage checking record data 500.In data authentication field 604, storage is for the data authentication data of checking record.Timestamp intrinsic information 606, storage are used for the information of fixed time stamp inherently.For example, for example, stab the publisher's of information identifier 402, timestamp DN (Distinguished Name), intrinsic series (serial) sequence number of timestamp and the message digest value of timestamp information memory time.Checking record log date time fences 608, the time on date of the expression checking record that 220 logins generate as the checking record data.
Fig. 7 is the illustration of the checking result screen 700 that shows on the display of the client terminal device 100 that has received the checking object information that checking server for time stamp information device 210 returns.Checking result screen 700 is made of a plurality of display items display.Time information field 702 is presented at the time information that comprises in the timestamp information.Show UTC (Universal Coordinate Time) or, be transformed into country's value constantly of having considered the time zone.Eap-message digest value field 704 is presented at the message digest value of the electronic data of the timestamp object that comprises in the timestamp information.Checking is field 706 constantly, and express time stabs the checking processing execution moment of Information Authentication server unit.Checking result field 708 is represented the timestamp information checking result in the above-mentioned checking constantly.In this embodiment, owing to be judged as the testimonial term of validity of the public-key cryptography that has passed through TSA,, advocate that promptly timestamp information does not have accuracy so timestamp is verified NG (No Good) as a result.Checking record checking result's past checking is field 710 constantly, and expression by the checking in the checking in the past of this timestamp information of keeping in the checking record constantly.And then checking record checking result's past checking result field 712 is illustrated in the checking result in the above-mentioned checking constantly in the past.Like this, even the timestamp information that the term of validity has been crossed if carried out the timestamp information of checking in the term of validity, by using the checking record, can be advocated the accuracy based on the checking result's in past timestamp information.
In addition, under the checking result's who includes a plurality of past situation, on picture, show the GUI of corresponding checking result's separately label (tab) shape.The user of operated client device 100 uses input units such as mouse, selects label, the corresponding checking in the past constantly and the checking result of can reading.
Embodiment 3 is described.Fig. 8 is another execution mode of timestamp information demo plant 210.Timestamp information demo plant 210 compares with embodiment 2 (with reference to figure 2), appends the checking record and revalues portion 217 and revalue work data 222.The checking record revalues portion 217, according to the operational definition of storage in revaluing work data 222, to verifying that record data revalue.
Fig. 9 is illustrated in the timestamp information checking treatment step that has appended the timestamp information demo plant of verifying under the situation that writes down the portion that revalues 217 and revalue work data 222 210.This contents processing, it is identical to remove flow chart more following with shown in Figure 3, and the signpermutation with 900 becomes 300, so just can be corresponding.
In Fig. 9, also not corresponding is-symbol 915 after appending.Checking server for time stamp information device 210 is preserved the checking record in step 914, generation revalues operation and logins in step 915.
In addition, what is called revalues operation, is the operation procedure that is used in the future verifying the checking content of constantly carrying out in checking.For example, owing to there is the disclosed time difference of crash handling certificate revocation list from public-key cryptography certificate failure procedure to reality, so, in the public-key cryptography certificate certificate revocation list that the proving time point is obtained, can not guarantee the testimonial failure state of the public-key cryptography that in timestamp information, comprises fully.Therefore, in order to determine the testimonial failure state of public-key cryptography of proving time point, be necessary that reference is at the public-key cryptography certificate certificate revocation list of issuing in the future.
Figure 10 is the flow chart that revalues the treatment step example of checking record.Checking record revalue processing, turn round all the time as the background process of timestamp information demo plant, perhaps, 1 time on the 1st running termly.
In step 1002, obtain and defined the record that revalues that to carry out operation.In revaluing record, owing to comprise operation action date temporal information, so, according to this information, can judge whether to carry out processing operation.For example, have than the more Zao operation of the present moment action time on date, become action object.Secondly, in step 1004, specific for as revaluing the public-key cryptography certificate certificate revocation list point of departure that comprises in the public-key cryptography certificate data of object data, next, access registrar exchange device 104 is obtained public-key cryptography certificate certificate revocation list (step 1006).In step 1008, according to the public-key cryptography certificate certificate revocation list of obtaining, confirming becomes the testimonial validity of the public-key cryptography that revalues object (step 1008), when generation revalues data, upgrades checking record (step 1010,1012).Secondly, generate data authentication information (step 1014), preserve (step 1016) with the checking record at the checking record that upgrades.In addition, in step 1004 and step 1006, obtain public-key cryptography certificate certificate revocation list, in step 1008, confirmed the testimonial validity of public-key cryptography according to public-key cryptography certificate certificate revocation list point of departure, but also can be with other method.For example, obtain the mechanism information visit of in the public-key cryptography certificate, putting down in writing, also can be connected to the represented website of this information and confirm the testimonial validity of public-key cryptography afterwards.In addition, just be eliminated after being recorded in of operation revalues about revaluing of once once carrying out.
Figure 11 is the example of storing in revaluing work data that revalues record.Revaluing operation can be used as by the database table that constitutes of a plurality of records of definition and realizes.Checking record identifier column 1102 stores the intrinsic identifier that is used to specify the checking record.Operation action date time fences 1104, expression revalues the moment that operation should be started.This when checking becomes the public-key cryptography certificate that revalues object, is set at than the date after the day of renewal next time that comprises in employed public-key cryptography certificate certificate revocation list, (Next Update) more leaned on constantly.If Next Update is 8: 59: 59 on the 22nd December in 2003, for example, the value of appending thereon after 1 second is 9: 00: 00 on the 22nd December in 2003.Revalue field 1106, store and to revalue public-key cryptography certificate data.
Figure 12 is the example of the checking result data that upgraded.Checking record data 1200, as the information of upgrading, appended storage revalue constantly revalue field 1202 constantly with represent to revalue the result revalue object information field 1204.
Figure 13 is at the example that writes down checking result screen shown in the client terminal device that revalues based on checking.Result's the field 1302 constantly that revalues verified in the checking record, represents the moment that revalues.In addition, checking record checking result's past checking result field 1304, expression is based on the checking result who revalues the result.In this embodiment, because the testimonial result of revaluing of public-key cryptography is effectively, so, as the checking result who is determined, will verify in the past that the result is shown as OK (determining).Like this, even the timestamp information that the term of validity has been crossed, if take advantage of the timestamp information that carried out checking when effective,, just can advocate according to the checking in the past accuracy of timestamp information as a result by using by revaluing the further checking record that has improved reliability.
In addition, certain all the time, self-evident as the checking request in the present invention from the timestamp information data scale that client terminal device sends, that is do not increase with the elapsed time.
As in above embodiment, illustrating, the present invention, by more than one client terminal device, more than one timestamp information distributing device, more than one authentication exchange device and the more than one checking server for time stamp information device formation of carrying out the accuracy checking of timestamp information, and above-mentioned these are installed in the interconnective timestamp service system with communication network, it is above-mentioned checking server for time stamp information device, have the timestamp service system with lower unit: the 1st authentication unit is used for receiving request time by above-mentioned client terminal device and stabs the message of Information Authentication and verify timestamp information in this message; The 2nd retrieval unit, the checking record of be used for when the 1st authentication failed, retrieval being preserved; The 2nd authentication unit is used for simultaneously, verifying the data authentication data of this checking record to verifying the specific corresponding checking record of timestamp information that is over before being judged as; When the 2nd is proved to be successful, generate the 2nd checking result's who comprises checking result in the past unit; When generating the 2nd checking record, generate unit at the 2nd data authentication information of the 2nd checking record; Preserve the unit that the 2nd verify data and the 2nd that generates is verified record; With with the 2nd checking result as the checking response message to unit that above-mentioned client terminal device sends.
In addition, the present invention, with communication network client terminal device, timestamp information distributing device and authentication exchange device are being coupled together, carry out in the checking server for time stamp information device of accuracy checking of timestamp information, be the checking server for time stamp information device that has with lower unit: the 1st authentication unit is used for receiving request time by above-mentioned client terminal device and stabs the message of Information Authentication and verify timestamp information in this message; The 2nd retrieval unit, the checking record of be used for when the 1st authentication failed, retrieval being preserved; The 2nd authentication unit is used for simultaneously, verifying the data authentication data of this checking record to verifying the specific corresponding checking record of timestamp information that is over before being judged as; When the 2nd is proved to be successful, generate the 2nd checking result's comprise checking result in the past unit; When generating the 2nd checking record, generate unit at the 2nd data authentication information of the 2nd checking record; Preserve the unit that the 2nd verify data and the 2nd that generates is verified record; With with the 2nd checking result as the checking response message to unit that above-mentioned client terminal device sends.
And the present invention is in containing checking result's in the past the 2nd checking result, to contain the constantly the oldest result's of checking checking server for time stamp information device at least in the past of timestamp information checking result.
And then the present invention is in the 2nd checking record, to comprise: the checking server for time stamp information device of the 2nd timestamp information, the 2nd public-key cryptography certificate validation information, the 2nd checking moment or the 2nd checking object information.
In addition, the present invention is verify that at the 2nd the 2nd data authentication information of record is digital signature, and this digital signature to be the checking server for time stamp information device with the signature that digital signature method was generated that utilizes signature history.
And, the present invention, be checking server for time stamp information device: promptly, receive request time by above-mentioned client terminal device and stab the message of Information Authentication and verify the timestamp information in this message and when the 1st is proved to be successful, generate the 1st checking result's unit with following unit; When generating the 1st checking record, generate unit at the 1st data authentication information of the 1st checking record; Preserve the unit that the 1st verify data and the 1st that generates is verified record; With with the 1st checking result as the checking response message to unit that above-mentioned client terminal device sends.
Moreover the present invention is, has when the above-mentioned the 1st is proved to be successful, generates the checking server for time stamp information device of the unit that revalues operation and login.
In addition, the present invention is, above-mentioned to revalue operation be the checking server for time stamp information device that the testimonial validity of the public-key cryptography that comprises in timestamp information is revalued.
And, the present invention is, the above-mentioned opportunity that revalues the operation action is the checking server for time stamp information device the testimonial validity of public-key cryptography is identified time update date next time out-of-date, that comprised in the public-key cryptography certificate certificate revocation list of use after.
Moreover, the present invention is, be stored in communication network and be connected with client terminal device, timestamp information distributing device and authentication exchange device, computer software in the checking server for time stamp information device of the accuracy checking of the line time of going forward side by side stamp information, it is by allowing above-mentioned checking server for time stamp information device realize that the program of following function is constituted, this function comprises: the 1st authentication function is used for receiving request time by above-mentioned client terminal device and stabs the message of Information Authentication and verify timestamp information in this message; The 2nd search function, the checking record of be used for when the 1st authentication failed, retrieval being preserved; The 2nd authentication function is used for simultaneously, verifying the data authentication data of this checking record to verifying the specific corresponding checking record of timestamp information that is over before being judged as; When the 2nd is proved to be successful, generate the 2nd checking result's comprise checking result in the past function; Generated for the 2nd checking record time, generate function at the 2nd data authentication information of the 2nd checking record; Preserve the 2nd verify data and the 2nd that generates and verify the function of record; With the function that the 2nd checking result is sent to above-mentioned client terminal device as the checking response message.

Claims (10)

1. timestamp service system, it is made of client terminal device, timestamp information distributing device, authentication exchange device and the checking server for time stamp information device that carries out the accuracy check of timestamp information, and by communication network these devices are connected with each other, it is characterized in that
Above-mentioned checking server for time stamp information device,
Have with lower unit:
The 1st authentication unit, be used for by above-mentioned client terminal device receive request time stab information checking message and verify timestamp information in this message;
The 2nd retrieval unit, the checking record of be used for when the 1st authentication failed, retrieval being preserved;
The 2nd authentication unit is used for simultaneously, verifying the data authentication data of this checking record to verifying the specific corresponding checking record of timestamp information that is over before being judged as;
When the 2nd is proved to be successful, generate the 2nd checking result's who comprises checking result in the past unit;
When generating the 2nd checking record, generate unit at the 2nd data authentication information of the 2nd checking record;
Preserve the unit that the 2nd verify data and the 2nd that has generated is verified record; With
With the 2nd checking result, as the unit of checking response message to above-mentioned client terminal device transmission.
2. checking server for time stamp information device, it is connected with client terminal device, timestamp information distributing device and authentication exchange device with communication network, carries out the checking of the accuracy of timestamp information, it is characterized in that,
Have with lower unit::
The 1st authentication unit, be used for by above-mentioned client terminal device receive request time stab information checking message and verify timestamp information in this message;
The 2nd retrieval unit is used for when the 1st authentication failed, the checking record that retrieval is preserved;
The 2nd authentication unit is used for simultaneously, verifying the data authentication data of this checking record to verifying the specific corresponding checking record of timestamp information that is over before being judged as;
When the 2nd is proved to be successful, generate the 2nd checking result's who comprises checking result in the past unit;
When generating the 2nd checking record, generate unit at the 2nd data authentication information of the 2nd checking record;
Preserve the unit that the 2nd verify data and the 2nd that has generated is verified record; With
Verify that with the 2nd the result is as the unit of checking response message to above-mentioned client terminal device transmission.
3. checking server for time stamp information device according to claim 2 is characterized in that,
In the 2nd checking result who comprises checking result in the past, comprise the constantly the oldest checking result of checking among the checking result in past of timestamp information at least.
4. checking server for time stamp information device according to claim 2 is characterized in that,
In the 2nd checking record, comprise: the 2nd timestamp information, the 2nd public-key cryptography certificate validation information, the 2nd checking moment, or the 2nd checking object information.
5. checking server for time stamp information device according to claim 2 is characterized in that,
The 2nd data authentication information at above-mentioned the 2nd checking record is digital signature, and this digital signature generates with the digital signature method that has utilized signature history.
6. checking server for time stamp information device according to claim 2 is characterized in that,
Have with lower unit:
Verify the timestamp information in this message after the message by the Information Authentication of above-mentioned client terminal device reception request time stamp, and when the 1st is proved to be successful, generate the 1st checking result's unit;
When generating the 1st checking record, generate unit at the 1st data authentication information of the 1st checking record;
Preserve the unit that the 1st verify data and the 1st that has generated is verified record; With
Verify that with the 1st the result is as the unit of checking response message to above-mentioned client terminal device transmission.
7. checking server for time stamp information device according to claim 6 is characterized in that,
The unit that have when the above-mentioned the 1st is proved to be successful, generation revalues operation and logins.
8. checking server for time stamp information device according to claim 7 is characterized in that,
Above-mentionedly revaluing operation, is that the testimonial validity of the public-key cryptography that is comprised in timestamp information is revalued.
9. checking server for time stamp information device according to claim 8 is characterized in that,
The above-mentioned opportunity that revalues operation action is after update date next time of being comprised when having confirmed the testimonial validity of public-key cryptography, in employed public-key cryptography certificate certificate revocation list, time.
10. computer software, it is stored in communication network and is connected with client terminal device, timestamp information distributing device and authentication exchange device, and the line time of going forward side by side stabs in the checking server for time stamp information device of accuracy checking of information, it is characterized in that,
By allowing above-mentioned checking server for time stamp information device realize that the program of following function constitutes:
Realize the program of the 1st authentication function, it receives request time by above-mentioned client terminal device and stabs the message of Information Authentication and verify timestamp information in this message;
Realize the program of the 2nd search function, it retrieves the checking record of being preserved when the 1st authentication failed;
Realize the program of the 2nd authentication function, the specific corresponding checking record of timestamp information that it is over to checking before being judged as simultaneously, is verified the data authentication data of this checking record;
Be implemented in the 2nd when being proved to be successful, generate the 2nd checking result's who comprises checking result in the past functional programs;
Be implemented in the functional programs that generation the 2nd is verified when writing down, generated the 2nd data authentication information that writes down at the 2nd checking;
Realize preserving the 2nd verify data and the 2nd that has generated and verify the functional programs of record; With
Realization sends as the checking response message functional programs from the 2nd checking result to above-mentioned client terminal device.
CN200510002175A 2004-10-07 2005-01-14 Time stamp service system and checking server for time stamp information and computer software Expired - Fee Related CN100593921C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004294904 2004-10-07
JP2004294904A JP4302035B2 (en) 2004-10-07 2004-10-07 Time stamp service system, time stamp information verification server device, and computer software

Publications (2)

Publication Number Publication Date
CN1758586A true CN1758586A (en) 2006-04-12
CN100593921C CN100593921C (en) 2010-03-10

Family

ID=36376901

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200510002175A Expired - Fee Related CN100593921C (en) 2004-10-07 2005-01-14 Time stamp service system and checking server for time stamp information and computer software

Country Status (3)

Country Link
JP (1) JP4302035B2 (en)
KR (1) KR100697132B1 (en)
CN (1) CN100593921C (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082796A (en) * 2011-01-20 2011-06-01 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
CN103384983A (en) * 2011-02-23 2013-11-06 精工电子有限公司 Long-term-signature terminal, long-term-signature server, long-term-signature terminal program, and long-term-signature server program
CN106230596A (en) * 2016-07-26 2016-12-14 乐视控股(北京)有限公司 Numeral labelling generation, verification method and device
CN108256297A (en) * 2016-12-29 2018-07-06 北京博瑞彤芸文化传播股份有限公司 The authority checking method on probation of software
CN109726597A (en) * 2018-12-29 2019-05-07 杭州趣链科技有限公司 Trusted timestamp system based on block chain

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4640287B2 (en) * 2006-07-27 2011-03-02 村田機械株式会社 Electronic document management apparatus and electronic document management program
JP5533380B2 (en) * 2010-07-14 2014-06-25 富士ゼロックス株式会社 Information processing program and information processing apparatus
JP2013077188A (en) * 2011-09-30 2013-04-25 Brother Ind Ltd Information processing program, information processing device and information processing method
JP5785875B2 (en) * 2012-01-13 2015-09-30 株式会社日立製作所 Public key certificate verification method, verification server, relay server, and program
JP6180355B2 (en) * 2014-03-31 2017-08-16 セコム株式会社 Signature verification device
KR101729987B1 (en) * 2015-01-13 2017-05-11 홍승은 Mobile payment authentication system and method in online and offline
KR20150029664A (en) * 2015-02-26 2015-03-18 이명수 Payment gateway system using security code based on time stamp, and the operating method thereof
CN112092583A (en) * 2020-09-09 2020-12-18 上海仙塔智能科技有限公司 Vehicle-mounted aromatherapy control system and vehicle-mounted aromatherapy

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI20000760A0 (en) * 2000-03-31 2000-03-31 Nokia Corp Authentication in a packet data network
KR20020020133A (en) * 2000-09-08 2002-03-14 정규석 PKI system for and method of using WAP browser on mobile terminals
KR100477578B1 (en) * 2002-04-23 2005-03-18 서울통신기술 주식회사 system and method for remote management of information device in home network

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082796A (en) * 2011-01-20 2011-06-01 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
CN102082796B (en) * 2011-01-20 2014-04-09 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
CN103384983A (en) * 2011-02-23 2013-11-06 精工电子有限公司 Long-term-signature terminal, long-term-signature server, long-term-signature terminal program, and long-term-signature server program
CN103384983B (en) * 2011-02-23 2016-11-23 精工电子有限公司 Long-term signatures terminal and long-term signatures server
CN106230596A (en) * 2016-07-26 2016-12-14 乐视控股(北京)有限公司 Numeral labelling generation, verification method and device
CN108256297A (en) * 2016-12-29 2018-07-06 北京博瑞彤芸文化传播股份有限公司 The authority checking method on probation of software
CN109726597A (en) * 2018-12-29 2019-05-07 杭州趣链科技有限公司 Trusted timestamp system based on block chain
CN109726597B (en) * 2018-12-29 2020-12-08 杭州趣链科技有限公司 Trusted timestamp system based on block chain

Also Published As

Publication number Publication date
JP4302035B2 (en) 2009-07-22
KR100697132B1 (en) 2007-03-20
KR20060031583A (en) 2006-04-12
JP2006107247A (en) 2006-04-20
CN100593921C (en) 2010-03-10

Similar Documents

Publication Publication Date Title
CN1758586A (en) Time stamp service system and checking server for time stamp information and computer software
JP4949232B2 (en) Method and system for linking a certificate to a signed file
US7500099B1 (en) Method for mitigating web-based “one-click” attacks
US8261336B2 (en) System and method for making accessible a set of services to users
US7082538B2 (en) Electronically verified digital signature and document delivery system and method
US6314425B1 (en) Apparatus and methods for use of access tokens in an internet document management system
US20170005807A1 (en) Encryption Synchronization Method
AU2001277943B2 (en) Digital receipt for a transaction
US11223482B2 (en) Secure data exchange
US20080016357A1 (en) Method of securing a digital signature
US20020053023A1 (en) Certification validation system
MX2008015958A (en) Biometric credential verification framework.
EP1629629A1 (en) Method and system for digitally signing electronic documents
CN1439982A (en) Time marking system and progam medium for electronic files
CN1838163A (en) Universal electronic stamping system based on PKI
JP2004023796A (en) Selectively disclosable digital certificate
CN106921496A (en) A kind of digital signature method and system
CN109981287B (en) Code signing method and storage medium thereof
CN106533693B (en) Access method and device of railway vehicle monitoring and overhauling system
EP3796613B1 (en) Techniques for repeat authentication
US20060129804A1 (en) Message based network configuration of server certificate purchase
CN111884811A (en) Block chain-based data evidence storing method and data evidence storing platform
CN110753016A (en) Real name authentication method based on block chain
CN1697376A (en) Method and system for authenticating or enciphering data by using IC card
CN106533681A (en) Attribute attestation method and system supporting partial presentation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100310

Termination date: 20150114

EXPY Termination of patent right or utility model