JP2002006739A - Authentication information generating device and data verifying device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce a processing amount of re-signatures of digital signatures. SOLUTION: New storage data with signatures 900i are generated by performing digital signatures with new signature keys 850i by making information in which feature information 8201 to 820N of storing object data which are generated after the last cryptgraphic key is updated and feature information 920i-1 of the last generated storage data with a signature 900i-1 are included singing objects to be stored. The verification of the storing object data is performed by verifying the signature verification of storage data with signatures of respective generations and by verifying the coincidence between descriptions of the calculated featured values of the storage data with signatures of the pertinent generation and the storing object data of objects to be verified and descriptions of the storage data with signatures of the previous generation which are included in the storage data with signatures of a next generation and the storing object data as the respective generations.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a technique for updating a digital signature used for evaluating the authenticity of data.

[0002]

2. Description of the Related Art Conventionally, as a digital signature technique, a data of a predetermined length, which is obtained by evaluating data to be signed by using a one-way function called a hash function and extracting a feature of the data to be signed called a hash value, is used. A technique for generating a digital signature by encrypting the hash value with a signature key (secret key) is known. In this technique, the authenticity of the data to be signed is verified by confirming that the hash value of the data to be signed matches the value obtained by decrypting the digital signature with a verification key (public key).

[0003] In recent years, various service systems have been provided on open networks such as the Internet, and devices providing those services include:
In order to guarantee the authenticity of services and transactions, some information must be kept secure for a long time. Such long-term storage of information can be performed by using the above-described digital signature technology or the like to detect that the information has not been tampered with, or to store the medium in which the information is stored. It must be done in a safe form that can guarantee that it has not been damaged by deterioration.

By the way, since the digital signature technology is essentially a technology for protecting information by using an encryption technology using an encryption key, the encryption key (signature key) is illegally known to a third party. Then, there is a possibility that the fact of tampering by the third party cannot be detected. In other words, if a third party who has illegally obtained the encryption key falsifies the information and generates a new digital signature for the falsified information using the illegally obtained encryption key, the fact is detected. Can not be done. The likelihood that a cryptographic key has been revealed by leakage or analysis will increase over time.

Therefore, conventionally, for such long-term storage of information, an encryption key is updated every period in which it is assumed that the encryption key is not clarified, and a digital signature is generated using the newly updated encryption key. And re-attached to the information (re-signature).

As a technique for re-signing a digital signature, the authenticity of information is verified using the above-described digital signature technique. If the authenticity can be verified, a new encryption is applied to the information. Verifies the authenticity of the information using the digital signature technology with the key and the digital signature technology described above. If the authenticity can be verified, the information is obtained by concatenating the information and the digital signature attached to the information. A technology for applying a digital signature using a new encryption key is known.

[0007]

Now, as described above,
In a system in which information to be stored continuously occurs with the continuation of the service, the information to be stored increases with the passage of time. According to the technique of re-signing a digital signature described above, in any case, as the number of pieces of information to be stored increases, the processing load required for re-signing increases and becomes excessive.

[0008] According to the above-mentioned technology for applying a digital signature with a new encryption key to information obtained by concatenating information and a digital signature attached to the information, the digital signature applied in the past can be verified by verifying the information. Although there is an advantage that the digital signature can be used, since it has a complicated form in which digital signatures are applied in a multi-layered manner, there are some difficulties in its management and processing.

Accordingly, an object of the present invention is to enable a digital signature to be re-signed more efficiently. Specifically, it is an object of the present invention to realize re-signing of a digital signature with a smaller processing amount, and to be able to use a digital signature applied in the past in a simpler form for information verification. I do.

[0010]

In order to achieve the above object,
According to the present invention, when a signature (encryption) key is updated, an electronic signature is applied to storage data generated after updating the key and a characteristic value of signature information generated in the past to generate new signature information. In addition, a technique for verifying stored data using signature information generated so far is provided.

More specifically, an authentication information generating apparatus that generates signature information for evaluating the authenticity of continuously generated storage data using a signature key that is repeatedly updated,
When the signature key is updated to the i-th generation, characteristics of storage data (i-th generation storage data) generated from when the signature key is updated to the (i-1) th generation to when the signature key is updated to the i-th generation. Value and the i-th i-1 generated by the second generation unit described later.
First generation means for generating the i-th generation signature target information including the feature value of the generation signature information; and the first generation means generated by the first generation means using the i-th generation signature key. a second generation unit that generates an electronic signature for the feature value of the i-th generation signature target information, and generates information including the electronic signature and the i-th generation signature target information as i-th generation signature information; Is provided.

[0012] Further, the data verification device for verifying the authenticity of the stored data using the signature information generated by the authentication information generation device as described above includes the signature information included in the latest (n-th generation) signature information. A first method of calculating a feature value of n-th signature target information and verifying the calculated feature value using an electronic signature for the feature value of the n-th signature object information included in the n-th signature information. A verification unit that calculates a feature value of the j-th generation signature information, and calculates the calculated feature value as j + 1
The process of comparing the characteristic value of the j-th generation signature information included in the j-th generation signature information included in the signature information of the generation and verifying a match between them is performed at least for the k-th generation (k is the storage of the verification target). J-th generation (where k is the data generation)
.Ltoreq.j.ltoreq.n-1) and a feature value of the k-th storage data to be verified is calculated, and the calculated feature value is converted to a signature of the k-th generation. A third verification unit that compares the feature value of the kth generation storage data included in the kth generation signature target information in the information and verifies the coincidence of the two, and the first to third verification units And authentication means for authenticating the authenticity of the storage data of the k-th generation to be verified when the verification is successful.

According to the present invention, the number of digital signatures (signature information) required to be generated each time the signature key is updated is always one. Therefore, the processing amount of the re-signature can be suppressed to a relatively small processing amount that is not so affected by the amount of the stored data. Further, the stored data can be protected by the updated signature key, and the authenticity of the stored data can be authenticated with high reliability.

[0014]

Embodiments of the present invention will be described below.

FIG. 1 shows the configuration of an information processing system according to this embodiment.

In the figure, a service providing apparatus 110 and user apparatuses 130 _{1 to} 130 _N are connected to each other via a network 100 to constitute a service providing system. The service providing device 110 and the data management device 120 are connected to each other via the network 100 to form a data management system. However, in the data management system, the service providing device 110 and the data management device 1
20 does not necessarily have to be connected online via the network 100. In addition, the service providing device 1
10 and the data management device 120 may be configured as a single device.

Next, FIG. 2 shows a hardware configuration of the service providing apparatus 110, the data management apparatus 120, and the user apparatus 130.

As shown, the service providing device 110
The data management device 120 includes an input device 210, a display device 220, a CPU 230, a memory 240, a storage device 250, a communication device 260 for performing communication via the network 100, and data transfer and storage. The configuration is such that an external storage medium 280 to be performed and an external storage medium input / output device 270 for inputting and outputting data are connected by a bus 200. In addition, the user device 130
Input device 210, display device 220, CPU 230
, A memory 240, a storage device 250, and a communication device 260 for performing communication via the network 100,
The configuration is such that they are connected by a bus 200. As will be described later, the data management device 120 uses the external storage medium 2 to transfer data to and from the service providing device 110.
When using 80, the communication device 260 may not be provided.

The input device 210 is a service providing device 11
0, which is used by an operator to input data, commands, and the like to the data management device 120 or the user device 130, and includes a keyboard, a mouse, and the like.

The display device 220 is connected to the service providing device 11.
0, which is used to display a message or the like to the operator of the data management device 120 or the user device 130, and is composed of a CRT, an LCD, or the like.

The CPU 230 is a service providing device 11
0. The respective components of the data management device 120 or the user device 130 are comprehensively controlled and various arithmetic processes are performed.

The memory 240 temporarily stores a program as shown in FIG. 3 and data necessary for processing later.

The storage device 250 stores the service providing device 11
0, which is used for permanently storing programs and data used in the data management device 120 or the user device 130, and is constituted by a hard disk or the like.

The communication device 260 is connected to the service providing device 110 and the data management device 12 via the network 100.
0 or an interface for the user device 130 to exchange data.

The external storage medium input / output device 270 is for inputting / outputting programs and data from the service providing device 110 or the data management device 120 to / from the storage medium 280, and includes an FD drive, a DAT drive, an MO drive and the like. Is done.

The external storage medium 280 is used to permanently store programs and data output from the external storage medium input / output device 270 outside the device and to transfer programs and data to another device. It serves as a medium and is composed of FD, DAT, MO, and the like.

Next, FIG. 3 shows the service providing device 110,
3 shows a software configuration of the data management device 120 and the user device 130.

As shown, the service providing device 110
The memory 240 _1, the operating system 30
0 ₁ , communication program 310 ₁ , service providing program 320, data management device utilization program 330
Is temporarily stored.

The memory 240 ₂ of the data management device 120 stores an operating system 300 ₂ , a communication program 310 _2, and a security function program 340.
And a program such as the data management program 350 are temporarily stored.

Then, the memory 240 of the user device 130
₃ is an operating system 300 _3, the communication program 310 _3, programs such as service program 360 is stored temporarily.

Here, the operating system 300
_{1-300 3,} the service providing apparatus 110, the data management device 120 or the user device 130, in order to perform the overall control, file management, process management, a program for realizing functions such as device management.

Further, the communication programs 310 _{1 to} 310 ₃
Is the network 100 in the service providing device 110, the data management device 120, or the user device 130.
This is a program for performing communication of data between devices via a communication protocol according to a predetermined communication protocol.

Further, the service providing program 320
In the service providing apparatus 110, analysis of a service request sent from the user apparatus 130, service processing corresponding to the request, creation of a response to the user apparatus 130 for a result of the service processing, output of a log related to the service, and the like. It is a program for performing.

The data management device utilization program 33
0 is a program for the service providing apparatus 110 to extract data to be transferred from the storage device 250 in order to transfer data to the data management apparatus 120.

The security function program 340
Indicates that the data management device 120
This is a program for performing decryption, generation / verification of a digital signature, and the like.

The data management program 350 is a program for causing the data management device 120 to perform a series of processes relating to signatures of stored data and a series of processes relating to data verification.

Here, the security function program 34
0 and the data management program 350 may be provided by a portable storage medium or communication, and may be installed or loaded in the storage device 250.

Next, the service use program 360
The user device 130 is a program for creating a service request to be sent to the service providing device 110, analyzing a response from the service providing device 110 to a service processing result, displaying the analysis result, and the like.

The operation of such an information processing system will be described below.

First, on the service providing system composed of the user device 130 and the service providing device 110, the user device 130 uses the service provided by the service providing device 110, so that the service providing device 110
The operation up to the generation of the data for storage will be described with reference to FIG.

As shown, in the user device 130,
In using the service providing system, a service use request message 440 for using the service is created using the service use program 360 (step 400).

Then, the service use request message 44
After creating 0, using the communication program 310,
A service use request message 440 is transmitted to the service providing apparatus 110 (step 410).

In the service providing device 110, the service use request message 44 transmitted from the user device 130
0 is received using the communication program 310. Further, the log or the like is outputted on the received information when the output data 450 ₁ of the log, and the like are stored in the storage unit 250 (step 420).

Next, the service providing program 320 analyzes the service use request message 440 received by the service providing apparatus 110, and executes a corresponding service process. At this time, a log relating to the service execution event, registration information used in the service, and the like are output. The output data 450 ₂ of the log, and the like are stored in the storage unit 250 (step 430).

Next, on the data management system constituted by the service providing device 110 and the data management device 120, the service providing device 110
The operation of transferring data for storage to the MFP and adding a digital signature for falsification detection will be described with reference to FIG.

First, the data management device utilization program 330 of the service providing device 110 reads the storage target data 501 which is obtained by extracting only the data to be stored from the output data 450 ₁ and 450 ₂ such as logs in the storage device 250 ( Step 510).

Then, the data management device utilization program 3
30 is a communication device 260 and a communication program 310
Is used to store the storage target data 501 in the data management device 12.
0 (step 520). Also, the storage target data 501, as the free capacity of the storage device 250 in the service providing apparatus 110 does not run out, from time to time, and output from the external storage medium output unit 270 in the external storage medium 503 _1, medium stocker 500 (Step 530).

The storage target data 501 is transmitted from the service providing apparatus 110 to the data management apparatus 120 via the network.
, The data management device 120 receives the storage target data 501 using the communication device 260 and the communication program 310 (step 540).

Then, the data management program 350 of the data management apparatus 120 uses the security function program 340 to create the temporary storage data 502 with a signature.

That is, the security function program 3
Reference numeral 40 denotes the received storage target data 5 as shown in FIG.
01, for example, using a one-way compression function such as a hash function, the feature information 820 of the data is extracted, and the attribute information 8 such as a file name, a file size, and a file creation date and time that can specify the storage target data 501 is obtained.
10 is taken out (step 550). Then, the security function program 340 stores the extracted feature information 82
Using the signature key 850 such as the secret key of the administrator with the 0 and the attribute information 810 as the signature target range of the digital signature, the signature adding process is performed to create the signature information 830. here,
The signature key 850 is periodically updated by the data management program 350. Then, the security function program 340 includes the data characteristic information 820 and the attribute information 8
10 and the storage target data 5 including the signature information 830.
01 in the form of signed temporary storage data 502 (step 560).

The data management program 350 has a signature
Once the temporary storage data 502 has been created,
Data management until the signature key 850 is updated.
Whether to store it safely in the storage device 250 in the device 120, or
Or, the external storage medium 503 _TwoOutput to the media storage
Store in a safe place such as 500 (step 57)
0).

The data transfer between the service providing apparatus 110 and the data management apparatus 120 is performed by the network 1
When it is physically and securityally impossible to perform the operation via the data providing system 110, the service providing apparatus 110
FIG. 7 shows an operation of transferring the data for storage to the MFP and adding a digital signature for falsification detection.

That is, steps 520 and 53 in FIG.
The following steps 620 and 630 are performed instead of 0 and 540. In this step 620, the storage target data 5
01 is a storage device 250 in the service providing device 110
As the free space of no lack, at any time, and output from the external storage medium output unit 270 in the external storage medium 503 _1, it is physically transferred to the data management device 120. Further, in step 630, the data management program 350 of the data management apparatus 120, storage target data 50 using the external medium output device 270 from the external storage medium 503 ₁
1 and the external storage medium 5 for which reading has been completed.
03 ₁ is stored for a long time in a safe place such as the media storage 600.

The resignature operation performed in the data management device 120 will be described below.

This re-signing process is performed every time the signature key 850 is updated by the data management program 350. In the re-signing process, a new signature is added from all the signed temporary storage data 502 stored at that time and the latest signed storage data 900 at that time using the newly updated signature key 850. The storage data 900 is created. Hereinafter, the signature key 850 generated i-th by updating the signature key 850 is replaced with the signature key 85 of the i-th generation.
0 _i , the signed temporary storage data 502 created using the i-th generation signature key 850 _i is created using the i-th generation signature temporary storage data 504 _i , and the i-th generation signature key 850 _i The signed signed storage data 900 will be described as the i-th generation signed storage data 900 _i .

In this case, the data management program 350
_Are from the signature key 850 _{i - 1} of the signature key 850 to the signature key 850 _i
With the update, the temporary storage data 502 _i-1 with the signature created using the _i-th signature key 850 _i stored at that time, and the latest storage data with the signature at that time From 900 _i−1 , new signed storage data 900 _i is created using the newly updated signature key 850 _i .

The details of such re-signature processing will be described below.

FIG. 8 shows the procedure of such re-signature processing.
FIG. 9 shows the i-th re-signature process.
Storage data 900 _i with the signature of the generation and 1 from the i th generation
All the temporary storage data 502 _i-1 with the signature before the generation (the i-1st generation) and one generation before the i th generation (the i-1st generation)
Shows the relationship with the stored data 900 _i-1 with signature.

As shown in the drawing, the data management program 350 updates the signature key 850 _i-1 when the signature key 850 _i-1 becomes cryptically old, and updates the old signature key 850 _i-1.
the _i-1 (1 generation ago) is digitally signed, the signed temporary storage data 502 _i-1 in the storage device 250 or the external storage medium 503 _2, the data management unit 12
0 is read into the memory 240 (step 710).

Then, the attribute information 810 and the characteristic information 820 are extracted from the read temporary storage data with signature 502 _{i-1 and} stored in the memory 240 of the data management device 120 (step 720).

Here, signed temporary storage data 502
_Since there may be a plurality of _i- 1s, if there is one that has not been read yet, the process returns to step 710 to read the temporary storage data 502 _i-1 with the signature and store the attribute information 8
10 and the characteristic information 820 are extracted and the data management device 12
0 in the memory 240. For example, when there are N pieces of temporary storage data with signature 502 _i-1 one generation before (in FIG. 9, temporary storage data with signature 502 _{i-1 , 1 to} 5
02 _{i-1 , N} ), all the N data are read, and steps 710 and 720 are repeated until attribute information 810 _N and feature information 820 _N are extracted (step 730). Here, N is an integer of 1 or more.

If the temporary storage data with signature 502 _i-1 that has not been read is no longer present, the storage data with signature 900 _i-1 that is digitally signed with the old encryption key (one generation before) is present. It is determined whether or not to perform (step 740). Here, the signed data 900 is storage data for integrity verification of storage target data to be stored for a long time, and has a data structure as shown in FIG.

At step 740, when the first encryption key is updated (when i = 2), the storage data 900 with the signature is
_{Since i-1} has not been created, the process proceeds to step 770.

On the other hand, when the encryption key is updated for the second time or later (i ≧ 3
) Is the signed storage data 900 _{i-1 of the} previous generation
Exists, the storage device 250 that is digitally signed by the old encryption key 850 _i-1 (one generation before).
The storage data 900 _i-1 with the signature in the internal or external storage medium 280 is read into the memory 240 of the data management device 120 (step 750).

Then, the security function program 34
0 and the stored storage data 900 with signature
_The attribute information 910 _i-1 and the characteristic information 920 _i-1 are extracted from _i-1 and the information is stored in the memory 240 of the data management device 120 (step 760), and the process proceeds to step 770. Here, the security function program 340 operates in the same manner as in the case of the temporary storage data 502 with a signature shown in FIG.
From signed storage data 900 _i-1 read, for example with by using the one-way compression function such as a hash function retrieves the feature information 910 _i-1 of the data 900 _i-1, signed storage data 900 _{i The} storage data 920 _i-1 with the attribute information signature such as the file name, the file size, and the file creation date and time that can specify _-1 is extracted.

Next, in step 770, the attribute information 810 _{1 to} 81 ₁ extracted in steps 720 and 760 using the security function program 340.
0 _N , feature information 820 _{1 to} 820 _N , attribute information 910 _i−1 ,
And, all of the feature information 920 _i-1 as the signature range, using a new encryption key 850 _i generates signature information 930 _i, the signature information 930 _i generates a signed storage data 900 _i imparted with (step 770).

[0067] Then, at signed one in the storage device 250 or the external storage medium 503 in ₂ deletes the stored data 502 _i-1, a newly created (the i-th generation) signed stored data 900 _i, it The stored data with signatures 900 _{1 to} 900 _i created up to this point are stored and stored in the storage device 250 or the external storage medium 280 in the data management device 120 in which the stored data 900 _{1 to} 900 _i are stored (step 780).

Next, the operation of verifying the authenticity of the storage target data using the storage data 900 with a signature thus created will be described.

FIG. 10 shows the procedure of this verification operation, and FIG. 11 shows the flow of this verification operation.

As shown in the figure, the data management program 350 determines that the storage target data 501 _{k to} be verified is of the kth generation, and that the storage target data 501 _k is valid during the period when the signature key 850 _{k of the} generation is valid. _The following processing is performed assuming that the storage data 900 _k with a signature for _k has been created.

That is, it is assumed that the current signature key generation is n and i = n (step 1000). Then, the i-th generation (here, i = n) signed storage data 900 _i stored in the storage device 250 of the data management device 120 or in the external storage medium 280 is stored in the storage device 250.
The data is read into the memory 240 in the data management device 120 (step 1010).

Then, the signature verification is performed from the signature information 930 _i of the storage data with signature 900 _i read into the memory by using the i-th generation verification key and the security function program 340 (step 1020). That is,
The signature information 930 _i of the signed storage data 900 _i is decrypted using the i-th generation verification key, and the signature range feature value of the signed storage data 900 _i is extracted. Then, the decrypted value and the extracted value are compared, and if they match, the verification is successful. As a result of such signature verification, if the verification is successful, the process proceeds to step 1070. On the other hand, if the verification fails, error processing is performed because there is a possibility that the stored data with the signature is falsified (step 1099).

Next, in step 1070, it is checked whether or not i = k. If i = k, the flow advances to step 1080.
If i ≠ k, the process proceeds to step 1030.

At step 1030, i = i-1 is set to verify the data of the previous generation (step 103).
0). Then, the i + 1st generation (here, i + 1 = n)
Storage than the described values of the attribute information 910 _i signed storage data 900 i + is within ₁ second i-th generation Signed storage data 900 _i, in the storage device 250 of the data management apparatus 120 or the external storage medium 280 the i-th generation which is to identify the signed storage data 900 _i of (here i = n-1), read into the memory 240 of the data management apparatus 120 (step 1040).

Then, the security function program 34
0 by using the signature verification of the signature information 930 _i signed storage data 900 _i read into the memory 240, performed in the same manner as the previous step 1020 (step 10
50). As a result, if the verification is successful, step 1
060. On the other hand, if the verification fails, since the signed storage data 900 _i the possibility of tampering, error processing is performed (step 1099).

Next, in step 1060, first, for example by using the one-way compression function such as a hash function, the characteristic information 1100 _i of the data 900 _i from the i-th generation Signed storage data 900 _i Extract. next,
Feature information 9 of the i-th generation signed storage data 900 _i in the (i + 1) th generation signed storage data 900 _{i + 1}
20 _i is extracted. Then, the feature information 1100 _i is compared with the feature information 920 _i to check whether they match. If they match, the process proceeds to step 1070. If they do not match, error processing is performed (step 1099).

In step 1070, it is checked whether i = k. If i = k, step 1 is executed.
Proceeds to 080, in the case of i ≠ k returns to step 1030, further previous generation signed stored data and the i-th generation, perform a verification of the feature values of the signature verification and the signed stored data 900 _i.

In this way, the signature verification of the n-th generation storage data 900 with signature, the signature verification of the storage data 900 with signature from the (n−1) th generation to the kth generation, and the verification of the characteristic value are all performed. successful, if becomes i = k, in step 1080, the k-th generation signed storage data 900 times signed one storage for storing target data 501 _k to be verified within _k data 502 _k of the attribute information 810 _k , the storage device 2 of the data management device 120
The storage target data 501 _k to be verified, which is stored in the storage device 50 or the external storage medium 280, is specified and read into the memory 240 in the data management device 120.

Then, for example, like a hash function
Using the one-way compression function, the storage target data to be verified
501_kFrom the data 501_kFeature information 1100_k
Is extracted. In addition, the storage data 9 with the signature of the k-th generation
00_kData 501 to be verified and stored in_kAgainst
Signed temporary storage data 502_kFeature information 820 _kTo
Extract. Then, the feature information 1100_kAnd feature information 82
0_kAre compared with each other to check whether they match (step 10).
90). If they match, the verification is successful.
Certificate processing is completed, and the storage target data 501_kGuaranteed content
can do. On the other hand, if they do not match,
(Step 1099).

In the above description, the error processing in step 1099 is performed, for example, by storing the signed storage data 900
Alternatively, processing corresponding to the operation is performed, such as displaying an error message or the like on the display device 220 indicating that the storage target data 501 to be verified may be falsified.

The embodiments of the present invention have been described above.

According to the present embodiment, the digital signature is re-signed including the characteristic information of the data to be stored of the current generation and the characteristic information of the storage data with signature one generation before. Then, the current generation signed storage data is verified by signature verification of the current generation signed storage data. Also, for the storage data to be verified and the signed storage data of each generation from the generation next to the generation of the storage target data to one generation before the current generation, the characteristic value obtained from the signed storage data of the generation and the next A match is determined with the characteristic value of the signed storage data of the generation included in the signed storage data of the generation. Thus, the storage data to be verified and the signed storage data of each generation from the generation after the generation of the storage target data to one generation before the current generation are verified. Therefore, the number of digital signatures that need to be generated each time the signature key is updated is always one. Therefore, the processing amount of re-signing
The processing amount can be suppressed to a relatively small processing amount, which is not so affected by the amount of the storage target data.

Further, if the storage data with signature of each generation is further stored as it is, and the verification is performed by verifying the signature of the digital signature as in the flow shown in FIG. As described above, it is possible to protect and verify data to be stored using a past digital signature without using a complicated form in which digital signatures are applied in a multi-layered manner.

In the flow shown in FIG. 10, the processing in step 1050 may be omitted, and signature verification may be performed only on the current generation (nth generation) signed storage data. Further, the processing in step 1060 may be performed only for the k-th generation (i = k) that is the generation of the storage data to be verified. Even in this case, the effect of protecting the storage target data by updating the encryption key can be obtained to some extent.

The verification of the data to be stored of the current generation (nth generation) is based on the flow shown in FIG.
The processing is performed according to a flow in which 0 to 1060 are omitted.

[0086]

As described above, according to the present invention,
The digital signature can be re-signed more efficiently. Specifically, re-signing of a digital signature can be realized with a smaller processing amount, and in a simpler form, a digital signature applied in the past can be used for information verification.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of an information processing system to which an embodiment of the present invention has been applied.

FIG. 2 is a diagram illustrating an example of a hardware configuration of a service providing device, a data management device, and a user device illustrated in FIG. 1;

FIG. 3 is a block diagram illustrating a software configuration of a service providing device, a data management device, and a user device illustrated in FIG. 1;

FIG. 4 is a diagram showing an operation procedure of the service providing system shown in FIG.

FIG. 5 is a diagram showing an operation procedure for generating signed temporary storage data in the data management system shown in FIG. 1;

FIG. 6 is a diagram showing how temporary storage data with a signature is generated in the data management system shown in FIG. 1;

7 is a diagram showing an operation procedure for generating temporary storage data with a signature in the data management system shown in FIG. 1;

FIG. 8 is a flowchart showing a procedure of a re-signature process in the data management system shown in FIG. 1;

FIG. 9 is a diagram showing how to generate signed storage data in the data management system shown in FIG. 1;

FIG. 10 is a flowchart showing a procedure of a verification process in the data management system shown in FIG. 1;

11 is a diagram illustrating a relationship between storage data with a signature of each generation and storage target data to be verified in verification processing in the data management system illustrated in FIG. 1;

[Explanation of symbols]

100: network, 110: service providing terminal,
120: data management device, 130: user device,
210: input device, 220: display device, 230: C
PU, 240 ... memory, 250 ... storage device, 26
0: communication device, 270: external storage medium input / output device, 2
80, 503: external storage medium, 300: operating system, 310: communication program, 320
... Service providing program, 330 ... Data management device use program, 340 ... Security function program, 350 ... Data management program, 360 ... Service use program, 440 ... Service use request message, 450 ... Log and other output data, 501 ...
Storage target data, 502: Temporary storage data with signature,
810, 910, 1100... Data characteristic information,
20, 920 ... data attribute information, 830, 930 ...
Signature information, 850: signature key, 900: signed storage data

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Hiroyuki Onosato 6-27, Shinsuna, Koto-ku, Tokyo Inside the Public Information Division, Hitachi, Ltd. No. 27 F-term in Hitachi Public Works Division (Reference) 5B017 AA07 BA07 CA15 CA16 5B049 AA05 DD00 DD05 EE03 EE09 FF03 FF04 FF09 GG04 GG07 GG10 5J104 AA09 LA02 LA07 PA07

Claims (7)

[Claims] 1. An authentication information generating apparatus for generating signature information for evaluating the authenticity of stored data that is continuously generated sequentially using a signature key that is repeatedly updated, wherein the signature key is an i-th signature key. When the signature key is updated to the generation, the characteristic value of the storage data (i-th generation storage data) generated from when the signature key is updated to the (i-1) th generation until the signature key is updated to the i-th generation, I-1 generated by the second generation means
First generation means for generating the i-th generation signature target information including the feature value of the generation signature information, and the first generation means generated by the first generation means using the i-th generation signature key. a second generation unit that generates an electronic signature for the feature value of the i-th generation signature target information, and generates information including the electronic signature and the i-th generation signature target information as i-th generation signature information; An authentication information generation device, comprising: 2. A data verification device for verifying the authenticity of stored data using signature information generated by the authentication information generation device according to claim 1, wherein the signature information is the latest (n-th generation) signature information. , And calculates the characteristic value of the n-th signature object information included in the signature information, and verifies the calculated characteristic value using an electronic signature for the characteristic value of the n-th signature object information included in the n-th signature information. A first verification unit that calculates a feature value of the j-th generation signature information, and stores the calculated feature value in the j-th generation signature target information included in the j-th generation signature information in the j + 1 generation signature information. Compared with the signature value of the signature information of
The process of verifying the agreement between the two is performed at least for the kth generation (k
Is a generation of the storage data to be verified), a second verification unit that executes the signature information of the j-th generation (where k ≦ j ≦ n−1), and the k-th generation of the verification target Calculate the feature value of the storage data, compare the calculated feature value with the feature value of the k-th storage data included in the k-th signature target information in the k-th signature information, and determine whether the two match. And verification means for verifying the authenticity of the k-th storage data to be verified when the verification by the first to third verification means is successful. A data verification device, characterized in that: 3. The data verification device according to claim 2, wherein said first verification means calculates and calculates a characteristic value of the j-th generation signature target information included in the j-th generation signature information. The process of verifying the feature value using an electronic signature for the feature value of the signature information of the j-th generation included in the signature information of the j-th generation is represented by k ≦ j ≦ n−
1. A data verification apparatus, which executes the processing for all the j-th generation signature information that is 1 (where k is the generation of storage data to be verified and n is the latest generation). 4. A storage medium storing a program for generating signature information for evaluating the authenticity of stored data that is continuously generated sequentially using a signature key that is repeatedly updated. The program is read and executed by the computer, and when the signature key is updated to the i-th generation, from the time the signature key is updated to the (i-1) th generation to the time when the signature key is updated to the i-th generation. The characteristic value of the generated storage data (i-th generation storage data) and the i-1th generation data generated by the second generation unit described later.
First generation means for generating the i-th generation signature target information including the feature value of the generation signature information, and the first generation means generated by the first generation means using the i-th generation signature key. a second generation unit that generates an electronic signature for the feature value of the i-th generation signature target information and generates information including the electronic signature and the i-th generation signature target information as the i-th generation signature information; And a storage medium constructed on the computer. 5. A storage medium storing a program for verifying the authenticity of stored data using signature information generated by the program stored in the storage medium according to claim 4. Is read and executed by the computer to calculate the characteristic value of the n-th generation signature target information included in the latest (hereinafter referred to as the n-th generation) signature information, and substitutes the calculated characteristic value for the n-th generation A first verification unit that verifies the signature value of the n-th generation information included in the signature information by using an electronic signature, and calculates the characteristic value of the j-th generation signature information, and calculates the calculated characteristic value. , Compared with the characteristic value of the j-th generation signature information included in the j-th generation signature target information in the j + 1 generation signature information,
The process of verifying the agreement between the two is performed at least for the kth generation (k
Is a generation of the storage data to be verified), a second verification unit that executes the signature information of the j-th generation (where k ≦ j ≦ n−1), and the k-th generation of the verification target Calculate the feature value of the storage data, compare the calculated feature value with the feature value of the k-th storage data included in the k-th signature target information in the k-th signature information, and determine whether the two match. And verification means for verifying the authenticity of the k-th storage data to be verified when the verification by the first to third verification means is successful. A storage medium characterized by being built on an electronic computer. 6. An authentication information generating method for generating signature information for evaluating the authenticity of stored data that is continuously generated sequentially using a signature key that is repeatedly updated, wherein the signature key is an i-th signature key. When the signature key is updated to the generation, the characteristic value of the storage data (i-th generation storage data) generated from when the signature key is updated to the (i-1) th generation until the signature key is updated to the i-th generation, I-th generated in the generation step 2
A first generation step of generating signature object information of the i-th generation including the feature value of the signature information of the first generation; and a first generation step using the signature key of the i-th generation. Generating an electronic signature for the characteristic value of the i-th generation signature target information, and generating information including the electronic signature and the i-th generation signature target information as the i-th generation signature information. And a method for generating authentication information. 7. A data verification method for verifying the authenticity of stored data using signature information generated by the authentication information generation method according to claim 6, wherein the latest (nth generation) signature information is used. Is calculated, and the calculated feature value is calculated as
Using a digital signature for the feature value of the n-th signature object information included in the n-th signature information, calculating a first verification step, and calculating a feature value of the j-th signature information; The calculated characteristic value is compared with the characteristic value of the j-th generation signature information included in the j-th generation signature target information in the j + 1 generation signature information,
The process of verifying the agreement between the two is performed at least for the kth generation (k
Is a generation of the storage data to be verified), a second verification step executed for the signature information of the j-th generation (where k ≦ j ≦ n−1), and the k-th generation of the verification target Calculate the feature value of the storage data, compare the calculated feature value with the feature value of the k-th storage data included in the k-th signature target information in the k-th signature information, and determine whether the two match. And a verification step of verifying the authenticity of the k-th storage data to be verified when the verification in the first to third verification steps is successful. A data verification method comprising: