JP2002244553A - Electronic mark authentication method, and its performing device and processing program therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technology for realizing authentication processing by using an electronic mark issued from an electronic mark issuing administration of which the reliability is confirmed. SOLUTION: An electronic mark authentication method for authenticating the electronic mark by using the authentication information in the electronic mark comprises a step for issuing the electronic mark in which the electronic mark issuing administration or the verification information presenting effectiveness of the electronic mark is embedded from an issuing institution side device; a step in which a client side device requests an effectiveness verification device to verify the effectiveness of the verification information embedded in the electronic mark; a step for comparing the verification information requested for the effectiveness verification with the contents of a verification information expiration list presenting the expired verification information and transmitting the verification result of the effectiveness to the client side device from the effectiveness verification device; and a step for performing authentication processing of the electronic mark in which the verification information verifying the effectiveness has been embedded.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic mark authentication system that authenticates the authenticity of electronic data and that a provider of the electronic data satisfies a predetermined standard by using an electronic mark, and more particularly to an electronic mark authentication system that issues an electronic mark. The present invention relates to a technology that is effective when applied to an electronic mark authentication system that verifies the validity of a mark issuing organization and reduces the processing load on the electronic mark issuing organization during strict authentication of the electronic mark.

[0002]

2. Description of the Related Art Conventionally, electronic marks such as Internet Marks (IM) have been used to indicate the authenticity of contents on a Web site and to indicate that the Web site is an authenticated site. In the system using the IM, the authenticity of the electronic data and the W
Authentication information for authenticating that the web site satisfies a predetermined standard defined by a predetermined IM issuing organization is embedded in the IM, and the client accessing the web site uses the authentication information in the IM. By performing an authentication process called basic authentication, it is checked whether or not the electronic data to which the IM has been added has been tampered with, and the Web site can be verified by a site certified by the IM issuing organization that issued the IM. You can confirm that there is. Further, in a system using the IM, stricter authentication processing may be required, for example, to check whether the IM itself has been revoked. Request to IM
Can be checked by strict authentication at the IM issuing organization. In this strict authentication, a characteristic value (attribute information) such as a URL (Uniform Resource Locator) and contents of the content when the IM is issued is recorded by the IM issuing organization, and the attribute information of the content received from the Web site and More strict authentication processing is performed, such as comparing with recorded attribute information.

[0003]

In the above prior art,
Since a mechanism for verifying the validity of the electronic mark issuing organization that issues electronic marks was not provided, the electronic mark added to certain electronic data was issued by a reliable electronic mark issuing organization. Could not confirm. Further, in the above-mentioned conventional technology, strict certification of an electronic mark can be performed by an electronic mark issuing organization. However, when a large number of electronic marks are issued by one electronic mark issuing organization, the strict certification of the electronic mark can be performed from all over the country. Processing requests are concentrated on the electronic mark issuing organization, and the load on the electronic mark issuing organization may increase. An object of the present invention is to solve the above-mentioned problem and to provide a technique capable of performing an authentication process using an electronic mark issued by an electronic mark issuing organization whose reliability has been confirmed. Another object of the present invention is to provide a technique capable of performing an authentication process using an electronic mark whose validity has been confirmed. Another object of the present invention is to provide a technology capable of preventing concentration of processing of strict authentication of an electronic mark and reducing the processing load of strict authentication at an electronic mark issuing organization.

[0004]

SUMMARY OF THE INVENTION According to the present invention, in an electronic mark authentication system for authenticating electronic data using authentication information in an electronic mark, the validity of issuer verification information embedded in the electronic mark is verified. The authentication process using the electronic mark is performed later.

In the present invention, a certification authority that certifies an electronic mark issuing organization checks the status of electronic mark issuance at each electronic mark issuing organization that issues an electronic mark such as an IM, and appropriately issues an electronic mark. With respect to the electronic mark issuing institution, the certificate authority side device generates the institution verifying information indicating the validity of the electronic mark issuing institution, and transmits the generated information to the electronic mark issuing institution side device of the electronic mark issuing institution.

[0006] The electronic mark issuing organization receives the transmitted issuing institution verification information and, when issuing the electronic mark to a Web site, converts the electronic mark with the received issuing institution verification information into an electronic mark. Issue from the issuing institution side device to the Web site.

On the other hand, as a result of examining the electronic mark issuance status at each electronic mark issuing institution at the certificate authority, if there is an electronic mark issuing institution that has not properly issued the electronic mark, the issuing institution verification information is used. An issuing authority verification information revocation list indicating the expired issuing authority verification information is generated and transmitted from the certificate authority side device. The validity verification device
The transmitted issuing institution verification information revocation list is received and stored in the validity verification device.

When accessing the electronic data of the Web site to which the electronic mark is added from the client side device, the electronic data to which the electronic mark is added is received by the client side device and embedded in the electronic mark. It reads the issuing institution verification information and requests the validity verification device to verify its validity.

The validity verification device compares the issuing institution verification information for which the validity verification request has been made with the contents of the stored issuance institution verification information revocation list and compares the validity verification result with the validity verification result. It is transmitted from the verification device to the client device.

The client-side device checks the contents of the transmitted validity verification result. If the validity verification result indicates that the issuing authority verification information is valid, the electronic mark issuing authority Of the electronic data issued by the electronic mark issuing organization as a valid electronic mark, and the authenticity of the electronic data and the authenticated Web
Check if it is a site.

As described above, according to the electronic mark authentication system of the present invention, the authentication processing using the electronic mark is performed after verifying the validity of the issuing institution verification information embedded in the electronic mark. Authentication processing can be performed using an electronic mark issued by an electronic mark issuing organization.

[0012]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS (Embodiment 1) A public key certification for certifying a public key of an IM issuing institution as issuing institution verification information indicating the validity of an IM issuing institution that issues an IM which is an electronic mark. An electronic mark authentication system according to the first embodiment for verifying the validity of an IM issuing institution using a certificate will be described.

FIG. 1 is a diagram showing a schematic configuration of an IM authentication system according to the present embodiment. As shown in FIG.
The M authentication system includes a certificate authority side device 100, an IM issuing institution side device 110, a validity verification center device 120, a validity verification device 121, and a client side device 130.

The certificate authority-side device 100 is a processing device on the certificate authority side that generates a public key certificate for proving the public key of the IM issuing institution as issuing institution verification information indicating the validity of the IM issuing institution. . The IM issuing institution side device 110 is a processing device on the IM issuing institution side that issues an IM including the public key certificate generated by the certificate authority side device 100 to a Web site satisfying a predetermined standard.

The validity verification center device 120 is a processing device that manages transmission of a public key certificate revocation list indicating a revoked public key certificate to a plurality of validity verification devices 121. The validity verification device 121 is a processing device that verifies the validity of the IM issuing organization by verifying the public key certificate. The client-side device 130 is a client-side processing device that receives electronic data to which an IM including a public key certificate is added from a Web site and authenticates the IM.

FIG. 2 is a diagram showing a schematic configuration of the certificate authority-side apparatus 100 of the present embodiment. As shown in FIG. 2, the certificate authority-side apparatus 100 of the present embodiment includes a CPU 201, a memory 202
, A magnetic disk device 203, an input device 204, an output device 205, a CD-ROM device 206, a communication device 207, and an IM issuing institution information DB 208.

The CPU 201 is a device for controlling the operation of the certificate authority-side device 100 as a whole. The memory 202 is a storage device that loads various processing programs and data for controlling the operation of the certificate authority-side device 100 as a whole.

The magnetic disk device 203 is a storage device for storing the various processing programs and data. The input device 204 is a device that performs various inputs for issuing a public key certificate indicating the validity of the IM issuing organization and a revocation list thereof.

The output device 205 is a device that performs various types of output upon issuance of a public key certificate and its revocation list. CD
The ROM device 206 is a device for reading the contents of the CD-ROM in which the various processing programs are recorded. The communication device 207 is a device that communicates with another processing device via a network such as the Internet.

The IM issuing institution information DB 208 stores, as issuing institution verification information indicating the validity of each IM issuing institution, information indicating whether or not issuance of a public key certificate for certifying the public key is permitted. Database.

The certificate authority-side apparatus 100 includes an issuing institution verification information transmission processing unit 211 and a revocation list transmission processing unit 212.
And The institution verification information transmission processing unit 211
A public key certificate for certifying the public key is generated as issuance institution verification information indicating the validity of the M issuance institution.
This is a processing unit for transmitting to the IM issuing institution side device 110 of the M issuing institution. The revocation list transmission processing unit 212 is a processing unit that generates a public key certificate revocation list indicating a revoked public key certificate and transmits it to the validity verification center device 120.

A program for causing the certificate authority-side apparatus 100 to function as the issuing institution verification information transmission processing unit 211 and the revocation list transmission processing unit 212 is recorded on a recording medium such as a CD-ROM and stored on a magnetic disk or the like. , Loaded into memory and executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 3 shows an IM issuing institution side device 1 of this embodiment.
It is a figure which shows the schematic structure of 10. As shown in FIG. 3, the IM issuing institution side device 110 of the present embodiment includes a CPU 301,
Memory 302, magnetic disk device 303, input device 304, output device 305, CD-ROM device 306
, A communication device 307, and a website information DB 308.

The CPU 301 is a device for the IM issuing institution 11
0 is a device that controls the entire operation. The memory 302
It is a storage device for loading various processing programs and data for controlling the operation of the entire IM issuing institution side device 110.

The magnetic disk device 303 is a storage device for storing the various processing programs and data. The input device 304 is a device that performs various inputs for issuing an IM in which a public key certificate for indicating the validity of the IM issuing organization is embedded to a Web site.

The output device 305 is a device that performs various types of output accompanying the issuance of an IM. The CD-ROM device 306 is a device for reading the contents of a CD-ROM in which the various processing programs are recorded. The communication device 307 is a device that communicates with another processing device via a network such as the Internet. The Web site information DB 308 stores
This is a database that stores information indicating whether or not issuance of an IM to the b site is permitted.

The IM issuing institution side device 110 includes an issuing institution verification information request processing unit 311 and an IM issuance processing unit 312.
And Issuing organization verification information request processing unit 311
Is a processing unit that requests the certificate authority-side apparatus 100 to transmit a public key certificate for indicating the validity of the IM issuing organization. IM
The issuance processing unit 312 receives the public key certificate from the certificate authority-side device 100, and
M is a processing unit that issues M to a Web site.

A program for causing the IM issuing institution side device 110 to function as the issuing institution verification information request processing unit 311 and the IM issuing processing unit 312 is recorded on a recording medium such as a CD-ROM and stored on a magnetic disk or the like. , Loaded into the memory and executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 4 is a diagram showing a schematic configuration of the validity verification center device 120 of the present embodiment. As shown in FIG. 4, the validity verification center device 120 according to the present embodiment includes a CPU 401
, A memory 402, a magnetic disk device 403, an input device 404, an output device 405, and a CD-ROM device 4.
06 and a communication device 407.

The CPU 401 is a validity verification center device 1
20 is a device for controlling the entire operation. Memory 402
Is a storage device that loads various processing programs and data for controlling the operation of the entire validity verification center device 120.

The magnetic disk device 403 is a storage device for storing the various processing programs and data. The input device 404 is a device that performs various inputs for distributing the public key certificate revocation list to the plurality of validity verification devices 121.

The output device 405 is a device that performs various types of output accompanying distribution of a public key certificate revocation list. CD-RO
The M device 406 stores the various processing programs.
This is a device for reading the contents of the D-ROM. Communication device 40
Reference numeral 7 denotes a device that communicates with another processing device via a network such as the Internet.

The validity verification center device 120 has a revocation list distribution processing unit 411. The revocation list distribution processing unit 411 receives a public key certificate revocation list indicating a revoked public key certificate from the certificate authority-side apparatus 100 among the public key certificates for indicating the validity of the IM issuing organization. This is a processing unit that is distributed to the validity verification device 121.

A program for causing the validity verification center device 120 to function as the revocation list distribution processing unit 411 is as follows:
After being recorded on a recording medium such as a CD-ROM or the like and stored on a magnetic disk or the like, it is loaded into a memory and executed. The recording medium for recording the program is a CD-ROM.
A recording medium other than the ROM may be used. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 5 shows the validity verification device 121 of this embodiment.
It is a figure which shows the schematic structure of. As shown in FIG. 5, the validity verification device 121 of this embodiment includes a CPU 501, a memory 5
02, the magnetic disk device 503, and the input device 504.
, An output device 505, a CD-ROM device 506, a communication device 507, and a revocation information DB 508.

The CPU 501 is a device for controlling the operation of the whole validity verification device 121. The memory 502 is a storage device that loads various processing programs and data for controlling the entire operation of the validity verification device 121.

The magnetic disk device 503 is a storage device for storing the various processing programs and data. The input device 504 is a device that performs various inputs for verifying the validity of the public key certificate indicating the validity of the IM issuing organization.

The output device 505 is a device that performs various types of output associated with verification of the validity of the public key certificate. CD-ROM
The device 506 is a CD storing the various processing programs.
-A device for reading the contents of a ROM. Communication device 507
Is a device that communicates with another processing device via a network such as the Internet. Revocation information DB 508
Is a database that stores a serial number of a revoked public key certificate and an issuer name indicating the name of the certificate authority-side apparatus 100 that has issued the public key certificate.

The validity verification device 121 has a revocation list reception processing unit 511 and a verification result response processing unit 512. The revocation list reception processing unit 511 is a processing unit that receives the public key certificate revocation list from the validity verification center device 120 and stores it in the revocation information DB 508. The verification result response processing unit 512
Is a processing unit that compares the public key certificate for which the validity verification request has been issued with the contents of the revocation information DB 508 and transmits the validity verification result to the client-side device 130.

A program for causing the validity verification device 121 to function as the revocation list reception processing unit 511 and the verification result response processing unit 512 is recorded on a recording medium such as a CD-ROM, stored on a magnetic disk or the like, and then stored in a memory. And executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 6 shows a client-side device 1 of this embodiment.
FIG. 3 is a diagram showing a schematic configuration of a device 30. As shown in FIG. 6, the client-side device 130 of this embodiment includes a CPU 601 and
Memory 602, magnetic disk device 603, input device 604, output device 605, CD-ROM device 606
And a communication device 607.

The CPU 601 controls the client device 13
0 is a device that controls the entire operation. The memory 602 is
It is a storage device for loading various processing programs and data for controlling the operation of the entire client device 130.

The magnetic disk device 603 is a storage device for storing the various processing programs and data. The input device 604 is a device that performs various inputs for requesting the validity verification device 121 to verify the validity of the IM issuing organization.

The output device 605 is a device for performing various outputs in accordance with the validity verification request of the IM issuing organization. CD-RO
The M device 606 stores the various processing programs in the C
This is a device for reading the contents of the D-ROM. Communication device 60
Reference numeral 7 denotes a device that communicates with another processing device via a network such as the Internet.

The client device 130 has a verification request processing unit 611 and an IM authentication processing unit 612. The verification request processing unit 611, when an IM is added to the electronic data received from the website,
A processing unit that requests the validity verification device 121 located near the client-side device 130 to verify the validity of the public key certificate embedded in M. IM authentication processing unit 61
When the validity verification result transmitted from the validity verification device 121 indicates that the public key certificate is valid, the authentication processing of the IM in which the public key certificate is embedded is performed. It is a processing unit to perform.

A program for causing the client device 130 to function as the verification request processing unit 611 and the IM authentication processing unit 612 is recorded on a recording medium such as a CD-ROM, stored on a magnetic disk or the like, and then loaded into a memory. Shall be executed. The recording medium for recording the program may be a recording medium other than the CD-ROM.
In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

In the following, in the IM authentication system of the present embodiment, a public key certificate for indicating the validity of the IM issuing institution is transmitted from the certificate authority side device 100 to the IM issuing institution side device 110, and the public key certificate is transmitted. A process for issuing an IM in which is embedded to a Web site and verifying the validity of a public key certificate in the IM to verify the validity of the IM issuing organization will be described.

FIG. 7 is a flowchart showing a processing procedure of the public key certificate request processing of the present embodiment. As shown in FIG. 7, the issuing authority verification information request processing unit 311 of the IM issuing authority side device 110 performs a process of requesting the certificate authority side device 100 to transmit a public key certificate for indicating the validity of the IM issuing authority. Do.

At step 701, the IM issuing institution side device 11
The issuance institution verification information request processing unit 311 checks whether a public key certificate transmission request instruction has been input from the administrator of the IM issuing institution, and determines that the public key certificate transmission request instruction has been input. To step 702. In step 702, a request for transmitting a public key certificate is sent to the certificate authority-side device 100 via the communication device 307 via the network.

At step 703, the IM issuing institution side device 11
The issuing institution verification information request processing unit 311 of 0 receives the public key certificate from the certificate authority-side apparatus 100. Step 704
Then, the received public key certificate is stored in the magnetic disk device 303 of the IM issuing institution side device 110.

FIG. 8 is a flowchart showing the processing procedure of the public key certificate transmission processing of this embodiment. As shown in FIG. 8, the issuing authority verification information transmission processing unit 2 of the certificate authority-side apparatus 100.
11 generates a public key certificate for indicating the validity of the IM issuing institution, and generates an IM issuing institution side device 11 of the IM issuing institution.
0 is transmitted.

In step 801, the issuing authority verification information transmission processing unit 211 of the certificate authority-side device 100 transmits the IM issuing authority-side device 110 via the communication device 207 via the network.
It is checked whether a request for transmitting a public key certificate has been received from the server. If the request for transmitting a public key certificate has been received, the process proceeds to step 802. In step 802, the information of the IM issuing institution that has made the transmission request of the public key certificate is read with reference to the IM issuing institution information DB 208.

In step 803, by referring to the read information, whether or not issuance of a public key certificate for certifying the public key as issuing organization verification information indicating the validity of the IM issuing organization is permitted. Determine whether Here, the issuance of the public key certificate for indicating the validity of the IM issuing organization is performed by examining the Web site according to a predetermined standard determined by the IM issuing organization, and the IM is issued only to the Web site that passes the examination. It shall be permitted only to the issuing IM issuing organization.

If the result of the determination in step 803 is that the issuance of the public key certificate to the IM issuing institution that has made the transmission request of the public key certificate is permitted, the flow advances to step 804 to proceed to step 804. If the issuance is not permitted, the process proceeds to step 806.

In step 804, a public key certificate for certifying the public key of the IM issuing organization is generated. In step 805, the generated public key certificate is transmitted to the communication device 20.
7 and via the network to the IM issuing institution side device 110 of the IM issuing institution. In step 806, an error message indicating that the issuance of the public key certificate is rejected is transmitted to the IM issuing institution side device 110 of the IM issuing institution via the communication device 207 and the network.

FIG. 9 is a flowchart showing the processing procedure of the public key certificate revocation list transmission processing according to this embodiment. As shown in FIG. 9, the revocation list transmission processing unit 212 of the certificate authority-side device 100 performs a process of generating a public key certificate revocation list indicating a revoked public key certificate and transmitting the generated public key certificate revocation list to the validation center device 120. .

The administrator of the certificate authority periodically checks the status of IM issuance from the IM issuing institution, examines whether the IM issuing institution is performing proper IM issuance, and checks for any leakage of customer information. The issuing of the public key certificate is prohibited for the IM issuing organization that issues the IM to the problematic Web site, and the information is input to the certificate authority side device 100.

In step 901, the revocation list transmission processing unit 212 of the certificate authority-side apparatus 100 determines whether or not the information indicating the IM issuing institution for which issuance of the public key certificate has been rejected has been input from the administrator of the certificate authority. If the information indicating that the public key certificate is not permitted has been input, the process proceeds to step 902.

In step 902, IM issuing organization information D
B208, and stores information indicating that the issuance of the public key certificate to the IM issuing institution is not permitted in the IM issuing institution information DB 208.

In step 903, the serial number of the issued public key certificate is given to the IM issuing institution information DB2 for the IM issuing institution for which issuance of the public key certificate has been prohibited.
08, and generates a public key certificate revocation list indicating that the public key certificate of the IM issuing organization has been revoked. In step 904, the generated public key certificate revocation list is transmitted to the validation center device 120 via the communication device 207 and the network.

FIG. 10 is a flowchart showing the processing procedure of the public key certificate revocation list distribution processing according to this embodiment.
As shown in FIG. 10, the revocation list distribution processing unit 411 of the validity verification center device 120 includes a public key certificate indicating a revoked public key certificate among public key certificates for indicating the validity of an IM issuing organization. Performing a process of receiving the revocation list from the certificate authority side device 100 and distributing it to the plurality of validity verification devices 121;
Revocation list reception processing unit 511 of validity verification device 121
Performs a process of receiving the public key certificate revocation list from the validity verification center device 120.

In step 1001, the revocation list distribution processing unit 411 of the validity verification center device 120 receives the public key certificate revocation list indicating the revoked public key certificate from the certificate authority side device 100 via the network and the communication device 407. It is determined whether or not the public key certificate revocation list has been received.

In step 1002, the received public key certificate revocation list is transmitted to the validity verification device 121 via the communication device 407 and the network. Step 10
At 03, it is checked whether or not transmission of the public key certificate revocation list to all the validity verification devices 121 managed by the validity verification center device 120 has been completed. If there is the validity verification device 121, the process returns to step 1002 to continue transmitting the public key certificate revocation list.

In step 1011, the validity verification device 121
The revocation list reception processing unit 511 checks whether the public key certificate revocation list indicating the revoked public key certificate has been received from the validity verification center device 120 via the network and the communication device 507. If the revocation list has been received, the process proceeds to step 1012.

In step 1012, a serial number of the revoked public key certificate indicated in the received public key certificate revocation list and an issuance indicating the name of the certification authority-side apparatus 100 that has issued the public key certificate. Revocation information DB5
08.

FIG. 11 is a flowchart showing the procedure of the IM issuing process according to this embodiment. As shown in FIG.
The IM issuance processing unit 312 of the M issuing institution side device 110 receives the public key certificate from the certificate authority side device 100 and performs a process of issuing an IM in which the public key certificate is embedded to a Web site.

In step 1101, the IM issuing institution side device 1
The 10 IM issue processing unit 312 checks whether an IM issue request has been received from the website via the network and the communication device 307, and proceeds to step 1102 if the IM issue request has been received.

In step 1102, the Web site information DB 308 is referred to, and the
Read the information of the b site. In step 1103, referring to the read information, the I
It is determined whether issuance of M is permitted. Here, when issuing an IM to a website, the website is examined based on a predetermined standard determined by the IM issuing organization,
Issuance of IMs is permitted only to Web sites that have passed the examination.

As a result of the determination in step 1103, the I
If the issuing of the IM to the Web site that has issued the request for issuing the M is permitted, the process proceeds to step 1104. If the issuing of the IM is not permitted, the process proceeds to step 1106.

In step 1104, the certificate authority-side device 10
0 and the public key certificate received from IM
0 is read from the magnetic disk device 303 and embedded in the IM to generate an IM for the Web site. In step 1105, the generated IM is transmitted to the communication device 307.
Then, the data is transmitted to the Web site via the network.
In step 1106, an error message indicating that the issuance of the IM has been rejected is transmitted to the Web site via the communication device 307 and the network.

FIG. 12 is a flowchart showing a processing procedure of the IM authentication processing according to the present embodiment. As shown in FIG. 12, the verification request processing unit 611 of the client-side device 130
When an IM is added to the electronic data received from the website, the validity verification of the public key certificate embedded in the IM is performed by the validity verification device 121 located near the client device 130. Perform the requested processing.
Also, when the validity verification result transmitted from the validity verification device 121 indicates that the public key certificate is valid, the IM authentication processing unit 612 embeds the public key certificate. Performs IM authentication processing.

In step 1201, the client side device 1
The Web browser 30 checks whether an instruction to access the Web site has been input by the user of the client-side device 130, and proceeds to step 1202 if the instruction to access the Web site has been input.

In step 1202, the user accesses the Web site to request the page data, and
Page data described in HTML (HyperText Markup Language) or the like is received from the site via the network and the communication device 607.

At step 1203, it is checked whether or not IM has been added to the received page data.
If M is added, the process proceeds to step 1204,
The verification request processing unit 611 is started.

At step 1204, the verification request processing unit 611
Is the IM added to the received page data.
, The public key certificate for indicating the validity of the IM issuing organization is read, and the serial number and issuer name of the public key certificate are extracted.

In step 1205, information indicating the validity verification device 121 located near the client device 130 is read from the magnetic disk device 603, and the communication device is checked according to a communication protocol for confirming the validity of the public key certificate. 607 and the serial number and issuer name of the extracted public key certificate to the validity verification device 121 located in the vicinity via the network,
Request the validity verification device 121 to verify the validity of the public key certificate embedded in the public key certificate. Here, it is assumed that the information indicating the validity verification device 121 located near the client-side device 130 is set in advance when the verification request processing unit 611 is installed.

At step 1206, the client device 1
The verification request processing unit 611 receives the public key certificate validity verification result from the validity verification device 121 via the network and the communication device 607, and proceeds to step 1207.

In step 1207, the validity verification result of the received public key certificate is referred to, and it is checked whether the validity verification result indicates that the public key certificate is valid. If it is indicated that the key certificate is valid, the process proceeds to step 1208 assuming that the validity of the IM issuing institution that has issued the IM in which the public key certificate is embedded has been confirmed. If it is indicated that the public key certificate has been revoked, it is determined that the validity of the IM issuing organization has not been confirmed, and step 12 is performed.
Go to 09.

In step 1208, the IM authentication processing unit 612
Extracts the public key of the IM issuing organization from the public key certificate whose validity has been confirmed, performs basic authentication processing of the IM, determines whether the received page data has been tampered with, and checks whether the Web site has been tampered with. And outputs to the output device 605 an authentication result indicating whether the site has been authenticated. In step 1209, the output device 60 outputs an error message indicating that the validity of the IM issuing organization is not confirmed.
5 is output.

FIG. 13 is a flowchart showing the processing procedure of the IM issuing institution verification result response processing of this embodiment. As shown in FIG. 13, the verification result response processing unit 512 of the validity verification device 121 compares the public key certificate for which the validity verification request has been issued from the client-side device 130 with the contents of the revocation information DB 508, and A process of transmitting the sex verification result to the client device 130 is performed.

In step 1301, the validity verification device 121
The verification result response processing unit 512 checks whether a public key certificate validity verification request has been received from the client device 130 via the network and the communication device 507, and receives the public key certificate validity verification request. If yes, go to step 1302.

In step 1302, the revocation information DB 508 storing the contents of the public key certificate revocation list is referred to, and matches the serial number and issuer name of the public key certificate in the received validity verification request. Search for records.

At step 1303, the search result is checked. If a record matching the serial number and issuer name of the public key certificate in the received validity verification request is found from the revocation information DB 508, step 1304 is executed. The process proceeds to step 1306 if no matching record is found.

In step 1304, a validity verification result indicating that the public key certificate for which the validity verification request has been issued has been revoked is transmitted to the client side device 130 via the communication device 507 and the network.

In step 1306, the validity verification result indicating that the public key certificate for which the validity verification request has been made is valid is transmitted to the client device 130 via the communication device 507 and the network.

As described above, in this embodiment, the validity of the IM issuing institution is verified by using the public key certificate of the IM issuing institution. Can be efficiently verified. The validity of the IM issuing institution may be verified using original issuing institution verification information indicating the validity of the IM issuing institution without using the public key certificate.

As described above, according to the electronic mark authentication system of the present embodiment, the authentication processing using the electronic mark is performed after verifying the validity of the issuing institution verification information embedded in the electronic mark. It is possible to perform the authentication process using the electronic mark issued by the issued electronic mark issuing organization.

(Embodiment 2) An electronic mark authentication system according to Embodiment 2 in which a pseudo certificate similar to a public key certificate is used as IM verification information indicating the validity of an IM, and the validity of the IM is verified. Will be described.

FIG. 14 is a diagram showing a schematic configuration of the IM authentication system of the present embodiment. As shown in FIG. 14, the IM issuing institution side device 110 of the present embodiment issues an IM including a pseudo certificate for indicating the validity of the IM, and
After verifying the pseudo certificate by 21, the IM is authenticated.

FIG. 15 is a diagram showing a schematic configuration of the IM issuing institution side device 110 of the present embodiment. As shown in FIG. 15, the IM issuing institution side device 110 of the present embodiment has an IM information DB 1
508. The IM information DB 1508 is a database that stores information indicating whether the issued IM is valid.

The IM issuing institution side device 110 has an IM issuing processing unit 1511 and a revocation list transmission processing unit 1512. The IM issuance processing unit 1511 is a processing unit that generates a pseudo certificate for indicating the validity of the IM and issues the IM in which the pseudo certificate is embedded. The revocation list transmission processing unit 1512 is a processing unit that generates and transmits a pseudo certificate revocation list indicating a pseudo certificate that has been revoked.

A program for causing the IM issuing institution side device 110 to function as the IM issuing processing unit 1511 and the revocation list transmission processing unit 1512 is recorded on a recording medium such as a CD-ROM, stored on a magnetic disk or the like, and then stored in a memory. And executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 16 is a diagram showing a schematic configuration of the validity verification center device 120 of this embodiment. As shown in FIG. 16, the validity verification center device 120 of this embodiment has a revocation list distribution processing unit 1611. The revocation list distribution processing unit 1611 receives, from the IM issuing institution side apparatus 110, a pseudo certificate revocation list indicating a revoked pseudo certificate from among the pseudo certificates for indicating the validity of the IM, and performs a plurality of validity verifications. This is a processing unit to be distributed to the device 121.

A program for causing the validity verification center device 120 to function as the revocation list distribution processing unit 1611 is recorded on a recording medium such as a CD-ROM, stored on a magnetic disk or the like, and then loaded into a memory and executed. Shall be. The recording medium for recording the program is C
A recording medium other than the D-ROM may be used. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 17 shows the validity verification device 12 of this embodiment.
FIG. 1 is a diagram showing a schematic configuration of No. 1. As shown in FIG. 17, the validity verification device 121 of this embodiment has a revocation information DB 1708. The revocation information DB 1708 is a database that stores the serial number of the pseudo certificate that has been revoked and the issuer name indicating the name of the IM issuing institution side device 110 that has issued the IM.

The validity verification device 121 has a revocation list reception processing unit 1711 and a verification result response processing unit 1712. The revocation list reception processing unit 1711 is a processing unit that receives the pseudo certificate revocation list from the validity verification center device 120 and stores the pseudo certificate revocation list in the revocation information DB 1708. The verification result response processing unit 1712 compares the pseudo certificate for which the validity verification request has been issued from the client-side device 130 with the contents of the revocation information DB 1708, and transmits the validity verification result to the client-side device 130. It is.

A program for causing the validity verification device 121 to function as the revocation list reception processing unit 1711 and the verification result response processing unit 1712 is recorded on a recording medium such as a CD-ROM, stored on a magnetic disk or the like, and then stored in a memory. And executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

FIG. 18 is a diagram showing a schematic configuration of the client-side device 130 of this embodiment. As shown in FIG. 18, the client-side device 130 of the present embodiment has a verification request processing unit 1811 and an IM authentication processing unit 1812.

When the IM is added to the electronic data received from the Web site, the verification request processing unit 1811 verifies the validity of the pseudo certificate embedded in the IM in the vicinity of the client-side device 130. This is a processing unit that requests the validity verification device 121 located at.

When the validity verification result transmitted from the validity verification device 121 indicates that the pseudo certificate is valid, the IM authentication processing unit 1812 has embedded the pseudo certificate. A processing unit that performs an IM authentication process.

A program for causing the client device 130 to function as the verification request processing unit 1811 and the IM authentication processing unit 1812 is recorded on a recording medium such as a CD-ROM, stored on a magnetic disk or the like, and then loaded into the memory. Shall be executed. The recording medium for recording the program may be a recording medium other than the CD-ROM. In addition, the program may be installed in the information processing apparatus from the recording medium and used, or the recording medium may be accessed through a network to use the program.

In the following, in the IM authentication system according to the present embodiment, an IM in which a pseudo certificate for indicating the validity of the IM is embedded is issued from the IM issuing institution side device 110 to a Web site, and the pseudo certificate in the IM is issued. A process of verifying the validity of the IM by verifying the validity of the IM will be described.

FIG. 19 is a flowchart showing the procedure of the IM issuing process according to this embodiment. As shown in FIG.
The IM issuing processing unit 1511 of the M issuing institution side device 110
A process of generating a pseudo certificate for indicating the validity of the IM and issuing the IM in which the pseudo certificate is embedded to a Web site is performed.

At step 1901, the IM issuing institution side device 1
The 10 IM issue processing unit 1511 checks whether an IM issue request has been received from the website via the network and the communication device 307, and proceeds to step 1902 if the IM issue request has been received.

At step 1902, the Web site information DB 308 is referred to and the
Read the information of the b site. In step 1903, referring to the read information, the I
It is determined whether issuance of M is permitted. Here, when issuing an IM to a website, the website is examined based on a predetermined standard determined by the IM issuing organization,
Issuance of IMs is permitted only to Web sites that have passed the examination.

As a result of the judgment at step 1903, the I
If the issuance of the IM to the Web site that has issued the M issuance request is permitted, the process proceeds to step 1904. If the issuance of the IM is not permitted, the process proceeds to step 1906.

In step 1904, a pseudo certificate including the serial number of the IM and its issuer name (the name of the IM issuing institution side device 110) is generated as IM verification information for indicating the validity of the IM. Embedded in the Web
Generate IM to site and store the information in IM information DB15
08. In step 1905, the generated IM is transmitted to the Web server via the communication device 307 and the network.
Send to b site. In step 1906, IM
Is transmitted to the website via the communication device 307 and the network.

FIG. 20 is a flowchart showing the procedure of the pseudo certificate revocation list transmission process according to the present embodiment. As shown in FIG. 20, the revocation list transmission processing unit 1512 of the IM issuing institution side apparatus 110 generates a pseudo certificate revocation list indicating a revoked pseudo certificate, and
0 is transmitted.

The administrator of the IM issuing organization periodically checks the status of the Web site that has issued the IM, examines whether or not proper business is being performed on the Web site, and examines the problem such as leakage of customer information. Revokes an IM issued to a certain Web site and sends the information to the IM issuing institution side device 110
To enter.

In step 2001, the IM issuing institution side device 1
The revocation list transmission processing unit 1512 of the ten
It is checked whether or not the information indicating the invalid IM has been input from the administrator of the IM issuing organization. If the information indicating the expired IM has been input, the process proceeds to step 2002. Step 2
002, the IM information DB 1508 is accessed, and information indicating that the IM has expired is stored in the IM information DB 1508.
To be stored.

In step 2003, the expired IM
, Reads the serial number of the pseudo certificate generated from the IM information DB 1508, and generates a pseudo certificate revocation list indicating that the pseudo certificate of the IM has been revoked. In step 2004, the generated pseudo certificate revocation list is transmitted to the validation center device 120 via the communication device 207 and the network.

FIG. 21 is a flowchart showing the processing procedure of the pseudo certificate revocation list distribution processing according to this embodiment. As shown in FIG. 21, the revocation list distribution processing unit 1611 of the validity verification center device 120 issues a pseudo certificate revocation list indicating a revoked pseudo certificate among the pseudo certificates for indicating the validity of the IM to the IM. A process of receiving from the institution side device 110 and distributing it to the plurality of validity verification devices 121 is performed. The revocation list reception processing unit 1711 of the validity verification device 121 transmits the pseudo certificate revocation list from the validity verification center device 120 to the pseudo certificate revocation list. Processing for receiving and storing the received information in the revocation information DB 1708 is performed.

In step 2101, the revocation list distribution processing unit 1611 of the validity verification center device 120 receives the pseudo certificate revocation list indicating the revoked pseudo certificate from the IM issuing institution side device 110 via the network and the communication device 407. It is determined whether or not the pseudo certificate revocation list has been received.

In step 2102, the received pseudo certificate revocation list is transmitted to the validity verification device 121 via the communication device 407 and the network. Step 210
In 3, it is checked whether or not the transmission of the pseudo certificate revocation list to all the validity verification devices 121 managed by the validity verification center device 120 has been completed, and the validity verification that the pseudo certificate revocation list has not been transmitted yet If there is the device 121, the process returns to step 2102 to continue transmitting the pseudo certificate revocation list.

In step 2111, the validity verification device 121
The revocation list reception processing unit 1711 checks whether the pseudo certificate revocation list indicating the revoked pseudo certificate has been received from the validity verification center device 120 via the network and the communication device 507, and checks the pseudo certificate revocation list. If so, the process proceeds to step 2112.

In step 2112, the serial number of the revoked pseudo-certificate indicated in the received pseudo-certificate revocation list and the issuer name indicating the name of the IM issuing institution side device 110 that has issued the pseudo-certificate And revocation information DB1
708.

FIG. 22 is a flowchart showing a processing procedure of the IM authentication processing according to the present embodiment. As shown in FIG. 22, the verification request processing unit 1811 of the client-side device 130
When an IM is added to the electronic data received from the Web site, a request to verify the validity of the pseudo certificate embedded in the IM is made to the validity verification device 121 located near the client device 130. Perform the following processing.
Further, the IM authentication processing unit 1812 includes the validity verification device 121
In the case where the validity verification result transmitted from indicates that the pseudo certificate is valid, the authentication processing of the IM in which the pseudo certificate is embedded is performed.

In step 2201, the client device 1
The Web browser 30 checks whether an instruction to access the Web site has been input by the user of the client-side device 130, and proceeds to step 2202 if the instruction to access the Web site has been input.

In step 2202, the web site is accessed to request the page data, and the web site is accessed.
Page data described in HTML or the like is received from the site via the network and the communication device 607.

In step 2203, it is checked whether or not IM has been added to the received page data.
If M has been added, the process proceeds to step 2204,
The verification request processing unit 1811 is started.

At step 2204, verification request processing section 181
1 is the I added to the received page data.
With reference to M, the pseudo certificate for indicating the validity of the IM is read, and the serial number and issuer name of the pseudo certificate are extracted.

In step 2205, information indicating the validity verification device 121 located near the client device 130 is read from the magnetic disk device 603, and a communication protocol for confirming the validity of the public key certificate is used. Transmitting the serial number and issuer name of the extracted pseudo-certificate to the validity verification device 121 located in the vicinity via the communication device 607 and the network,
It requests the validity verification device 121 to verify the validity of the pseudo certificate embedded in M. Here, it is assumed that the information indicating the validity verification device 121 located near the client-side device 130 is set in advance when the verification request processing unit 1811 is installed.

In step 2206, the client device 1
The verification request processing unit 1811 receives the validity verification result of the pseudo certificate from the validity verification device 121 via the network and the communication device 607, and proceeds to step 2207.

In step 2207, the validity verification result of the received pseudo certificate is referred to, and it is checked whether or not the validity verification result indicates that the pseudo certificate is valid. Is valid, the process proceeds to step 2208 assuming that the validity of the IM in which the pseudo certificate is embedded is confirmed, and it is indicated that the pseudo certificate has been revoked. If so, the process proceeds to step 2209 assuming that the validity of the IM has not been confirmed.

In step 2208, the IM authentication processing unit 181
2 performs basic authentication processing of the IM whose validity has been confirmed,
An authentication result indicating whether the received page data is falsified or whether the Web site is a site authenticated by the IM issuing organization is output to the output device 605. In step 2209, an error message indicating that the validity of the IM is not confirmed is output to the output device 605.
Output to

FIG. 23 is a flowchart showing the processing procedure of the IM issuing institution verification result response processing of this embodiment. As shown in FIG. 23, the verification result response processing unit 1712 of the validity verification device 121 includes a pseudo certificate and a revocation information DB 1708 for which a validity verification request has been made from the client side device 130.
Then, a process of transmitting the result of the validity verification to the client-side device 130 by comparing the contents with the contents is performed.

In step 2301, the validity verification device 121
The verification result response processing unit 1712 checks whether the pseudo certificate validity verification request is received from the client-side device 130 via the network and the communication device 507, and receives the pseudo certificate validity verification request. If yes, go to step 2302.

In step 2302, the revocation information DB 1708 storing the contents of the pseudo certificate revocation list is referred to, and a record matching the serial number and issuer name of the received pseudo certificate in the received validity verification request is retrieved. Search for.

In step 2303, the search result is checked, and a record that matches the serial number and issuer name of the pseudo certificate in the received validity verification request is found in the revocation information D.
When the record is searched from B1708, the process proceeds to step 2304. When no matching record is searched, the process proceeds to step 2306.

In step 2304, the validity verification result indicating that the pseudo certificate for which the validity verification request has been made has been revoked is transmitted to the client device 130 via the communication device 507 and the network.

In step 2306, the validity verification result indicating that the pseudo certificate for which the validity verification request has been made is valid is transmitted to the client device 130 via the communication device 507 and the network.

As described above, in this embodiment, since the validity of the IM is verified using the pseudo certificate of the IM, the validity of the IM can be efficiently verified by effectively utilizing the PKI. Without using a pseudo certificate equivalent to a public key certificate,
The validity of the IM may be verified using unique IM verification information indicating the validity of the IM. In this embodiment, the same processing unit as in the first embodiment may be provided to verify the validity of the IM issuing organization.

In the following, a description will be given of a process in which the validity of the IM is verified by the validity verification device 121 located near the client side device 130 after the validity of the IM is verified in the IM authentication system of the present embodiment.

FIG. 24 is a diagram showing a schematic configuration of an IM authentication system in which strict authentication according to the present embodiment is performed by the validity verification device 121. As shown in FIG. 24, in the IM authentication system of the present embodiment, at the time of issuing an IM, attribute information for performing strict authentication of the IM is transmitted from the IM issuing institution side device 110 via the validity verification center device 120 to each validity verification. It is transmitted to the device 121, and the validity verification device 121 performs strict authentication of the IM in response to a request from the client device 130.

That is, in step 1905 of FIG.
The IM issuing processing unit 1511 of the M issuing institution side device 110
After transmitting the generated IM to the Web site via the communication device 307 and the network, the feature value (attribute information) embedded in the IM is transmitted to the validity verification center device 12.
0, and the validity verification center device 120 distributes the attribute information to each validity verification device 121 in the same manner as the distribution of the revocation list.

In step 2208 of FIG. 22, the IM authentication processing unit 1812 of the client-side device 130, when instructed by the user to perform strict authentication processing of the IM whose validity has been confirmed, moves to the vicinity of the client-side device 130. It requests strict authentication from the validity verification device 121 located. The validity verification device 121 that has received the strict authentication request from the client device 130 receives the attribute information transmitted from the client device 130 and the attribute information distributed from the IM issuing institution side device 110 via the validity verification center device 120. To perform strict authentication of IM.

As described above, in the present embodiment, since the IM is strictly authenticated by the validity verification device 121, it is possible to prevent a strict authentication request from being concentrated on the IM issuing institution and reduce the processing load on the IM issuing institution. it can. Also, the client device 13
0 requests strict authentication to the validity verification device 121 located in the vicinity thereof, the strict authentication request is distributed to various places according to the location of the client-side device 130, and one IM
Even when many IMs are issued from the issuing organization, it is possible to prevent strict processing requests from being concentrated in one place, and to perform strict processing efficiently.

As described above, according to the electronic mark authentication system of the present embodiment, the authentication processing using the electronic mark is performed after verifying the validity of the electronic mark verification information embedded in the electronic mark. The authentication process can be performed using the electronic mark.

According to the electronic mark authentication system of the present embodiment, since the strict authentication of the electronic mark is performed by the validity verification device located in the vicinity of the client side device among the plurality of validity verification devices, It is possible to prevent intensive authentication processing from being concentrated and reduce the processing load of strict authentication at the electronic mark issuing organization.

[0140]

According to the present invention, the authentication processing using the electronic mark is performed after verifying the validity of the issuing organization verification information embedded in the electronic mark, so that the electronic mark issuance issued by the electronic mark issuing organization whose reliability has been confirmed. The authentication process can be performed by the electronic mark.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating a schematic configuration of an IM authentication system according to a first embodiment.

FIG. 2 is a diagram illustrating a schematic configuration of a certificate authority-side apparatus 100 according to the first embodiment.

FIG. 3 is a diagram illustrating a schematic configuration of an IM issuing institution side device 110 according to the first embodiment.

FIG. 4 is a diagram illustrating a schematic configuration of a validation center device 120 according to the first embodiment.

FIG. 5 is a diagram illustrating a schematic configuration of a validity verification device 121 according to the first embodiment.

FIG. 6 is a diagram illustrating a schematic configuration of a client device 130 according to the first embodiment.

FIG. 7 is a flowchart illustrating a procedure of a public key certificate request process according to the first embodiment.

FIG. 8 is a flowchart illustrating a procedure of a public key certificate transmission process according to the first embodiment.

FIG. 9 is a flowchart illustrating a processing procedure of a public key certificate revocation list transmission process according to the first embodiment.

FIG. 10 is a flowchart illustrating a processing procedure of a public key certificate revocation list distribution processing according to the first embodiment.

FIG. 11 is a flowchart illustrating a procedure of an IM issuing process according to the first embodiment.

FIG. 12 is a flowchart illustrating a procedure of an IM authentication process according to the first embodiment.

FIG. 13 is a flowchart illustrating a processing procedure of an IM issuing institution verification result response process according to the first embodiment.

FIG. 14 is a diagram illustrating a schematic configuration of an IM authentication system according to a second embodiment.

FIG. 15 is a diagram illustrating a schematic configuration of an IM issuing institution apparatus 110 according to a second embodiment.

FIG. 16 is a diagram illustrating a schematic configuration of a validity verification center device 120 according to the second embodiment.

FIG. 17 is a diagram illustrating a schematic configuration of a validity verification device 121 according to a second embodiment.

FIG. 18 is a diagram illustrating a schematic configuration of a client-side device according to a second embodiment.

FIG. 19 is a flowchart illustrating a procedure of an IM issuing process according to the second embodiment.

FIG. 20 is a flowchart illustrating a procedure of a pseudo certificate revocation list transmission process according to the second embodiment.

FIG. 21 is a flowchart of a pseudo certificate revocation list distribution process according to the second embodiment.

FIG. 22 is a flowchart illustrating a procedure of an IM authentication process according to the second embodiment.

FIG. 23 is a flowchart illustrating a processing procedure of an IM issuing institution verification result response process according to the second embodiment.

FIG. 24 shows the strict authentication of the second embodiment and the validity verification device 12;
1 is a diagram showing a schematic configuration of an IM authentication system performed in Step 1.

[Explanation of symbols]

100: certificate authority side device, 110: IM issuing agency side device,
Reference numeral 120: validity verification center device, 121: validity verification device, 130: client-side device, 201: CPU, 2
02: memory, 203: magnetic disk device, 204: input device, 205: output device, 206: CD-ROM device, 207: communication device, 208: IM issuing organization information D
B, 211: issuing organization verification information transmission processing unit, 212: revocation list transmission processing unit, 301: CPU, 302: memory, 303: magnetic disk device, 304: input device, 3
05 ... output device, 306 ... CD-ROM device, 307 ...
Communication device 308 Web site information DB 311 Issuing organization verification information request processing unit 312 IM issuing processing unit
Reference numerals 401, CPU, 402, memory, 403, magnetic disk device, 404, input device, 405, output device, 406
.., CD-ROM device, 407, communication device, 411, revocation list distribution processing unit, 501, CPU, 502, memory,
503: magnetic disk device, 504: input device, 505
.., Output device, 506, CD-ROM device, 507, communication device, 508, revocation information DB, 511, revocation list reception processing unit, 512, verification result response processing unit, 601 CP
U, 602: memory, 603: magnetic disk device, 60
4: Input device, 605: Output device, 606: CD-RO
M device, 607: communication device, 611: verification request processing unit,
612: IM authentication processing unit, 1508: IM information DB, 1
511: IM issue processing unit, 1512: revocation list transmission processing unit, 1611: revocation list distribution processing unit, 1708: revocation information DB, 1711: revocation list reception processing unit, 171
2 verification result response processing unit, 1811 verification request processing unit,
1812: IM authentication processing unit.

 ────────────────────────────────────────────────── ─── Continuing on the front page (72) Inventor Shoichi Nakagami 1-6-27 Shinsuna, Koto-ku, Tokyo F-term in the Public Works Division, Hitachi, Ltd. F-term (reference) 5J104 AA09 AA14 EA05 LA03 LA06 MA01

Claims (20)

[Claims] 1. An electronic mark authentication method for authenticating electronic data using authentication information in an electronic mark, comprising: an electronic mark issuing organization or an electronic mark in which verification information indicating the validity of the electronic mark is embedded. Issuing from the institution side device, requesting the validity verification device from the client side device to verify the validity of the verification information embedded in the electronic mark, and verifying the validity verification request and invalidating the validity verification request. Transmitting the validity verification result from the validity verification device to the client-side device by comparing the contents of the verification information revocation list indicating the verified verification information with the contents of the verification information revocation list. Performing a mark authentication process. 2. The electronic device according to claim 1, wherein the verification information indicating the validity of the electronic mark issuing organization is a public key certificate for certifying a public key of the electronic mark issuing organization. Mark authentication method. 3. The verification information indicating the validity of the electronic mark is a pseudo certificate including identification information of the electronic mark and identification information of an electronic mark issuing organization that has issued the electronic mark. An electronic mark authentication method according to claim 1 or 2. 4. The apparatus according to claim 1, wherein the verification of the validity of the verification information is requested to a validity verification apparatus located near a client-side apparatus. Electronic mark authentication method. 5. The validity verification device located near a client-side device performs strict authentication of an electronic mark whose validity of the verification information has been verified. An electronic mark authentication method according to claim 1. 6. The electronic mark includes authentication information for confirming the authenticity of the electronic data to which the electronic mark is added and that the source of the electronic data is a site certified by the electronic mark issuing organization. The electronic mark authentication method according to any one of claims 1 to 5, wherein the mark is an embedded Internet mark. 7. A certificate authority-side apparatus for generating issuing organization verification information indicating the validity of an electronic mark issuing institution, wherein the certification authority-side apparatus generates issuing organization verification information indicating the validity of the electronic mark issuing institution and issues the electronic mark. Issuing institution verification information transmission processing unit that transmits to the institution's electronic mark issuing institution side device, and an validity verification device that generates an issuance institution verification information revocation list indicating expired institution verification information and verifies the institution's verification information And a revocation list transmission processing unit for transmitting to the certificate authority. 8. An electronic mark issuing institution side device for issuing an electronic mark including issuing institution verification information indicating the validity of an electronic mark issuing institution, and transmitting the issuing institution verification information indicating the validity of the electronic mark issuing institution. Issuer verification information request processing unit for requesting the certification authority side device, and an electronic mark issuance processing unit receiving the issuance authority verification information from the certification authority side device and issuing an electronic mark embedded with the issuing authority verification information. An electronic mark issuing institution side device comprising: 9. A validity verification device for verifying issuance institution verification information indicating the validity of an electronic mark issuance institution, wherein, among the issuance institution verification information indicating the validity of the electronic mark issuance institution, an expired institution verification is A revocation list reception processing unit that receives an issuing authority verification information revocation list indicating information from the certificate authority side device, and the contents of the issuing authority verification information and the issuing authority verification information revocation list for which the validity request was issued from the client side device. And a verification result response processing unit that transmits the validity verification result to the client-side device. 10. A client-side device for performing authentication of an electronic mark including issuing institution verification information indicating the validity of an electronic mark issuing institution, wherein when the electronic mark is added to received electronic data, A verification request processing unit that requests the validity verification device to verify the validity of the issuing institution verification information embedded in the electronic mark; and that the issuing institution verification information is valid in the validity verification result transmitted from the validity verification device. A client-side device that includes an electronic mark authentication processing unit that performs authentication processing of the electronic mark in which the issuing institution verification information is embedded when it is indicated that there is any. 11. An apparatus for issuing an electronic mark including electronic mark verification information indicating the validity of an electronic mark, wherein the apparatus generates electronic mark verification information indicating the validity of the electronic mark. An electronic mark issuance processing unit that issues an electronic mark in which mark verification information is embedded, and a revocation list transmission processing unit that generates and transmits an electronic mark verification information revocation list that indicates revoked electronic mark verification information. The electronic mark issuing institution side device. 12. An apparatus for verifying electronic mark verification information indicating the validity of an electronic mark, comprising: an electronic mark indicating invalid electronic mark verification information among the electronic mark verification information indicating the validity of the electronic mark. The revocation list reception processing unit that receives the mark verification information revocation list from the electronic mark issuing institution side device, compares the electronic mark verification information for which the validity request was made from the client side device with the contents of the electronic mark verification information revocation list. And a verification result response processing unit that transmits the validity verification result to the client-side device. 13. A client-side device for authenticating an electronic mark including electronic mark verification information indicating the validity of the electronic mark, wherein, when the electronic mark is added to the received electronic data, the electronic mark is A verification request processing unit that requests the validity verification device to verify the validity of the electronic mark verification information embedded in the electronic mark verification information, and that the electronic mark verification information is valid in the validity verification result transmitted from the validity verification device , An electronic mark authentication processing unit that performs authentication processing of the electronic mark in which the electronic mark verification information is embedded. 14. A program for causing a computer to function as a certificate authority side device that generates issuing institution verification information indicating the validity of an electronic mark issuing institution, the issuing authority verification information indicating the validity of the electronic mark issuing institution. Issuer verification information transmission processing unit for generating and transmitting to the electronic mark issuing institution side device of the electronic mark issuing institution, and an issuing authority verification information revocation list indicating the expired issuing institution verification information, and A program that causes a computer to function as a revocation list transmission processing unit that transmits information to a validity verification device that verifies information. 15. A program for causing a computer to function as an electronic mark issuing institution side device that issues an electronic mark including issuing institution verification information indicating the validity of an electronic mark issuing institution. An issuance institution verification information request processing unit for requesting the certificate authority side apparatus to transmit the issuance institution verification information indicating the issuance institution verification information; A program that causes a computer to function as an electronic mark issuance processing unit that issues the electronic mark. 16. A program for causing a computer to function as a validity verification device for verifying issuance institution verification information indicating the validity of an electronic mark issuing institution, the issuance institution verification information indicating the validity of the electronic mark issuance institution. Among them, a revocation list reception processing unit that receives an issuing authority verification information revocation list indicating expired issuing authority verification information from a certificate authority side device, and an issuing authority verification information for which a validity request has been issued from a client side device and issuance. A program for causing a computer to function as a verification result response processing unit that compares the contents of an institution verification information revocation list with the contents of an institution verification information revocation list and transmits the validity verification result to a client-side device. 17. A program for causing a computer to function as a client-side device for authenticating an electronic mark including issuing institution verification information indicating the validity of an electronic mark issuing institution, wherein the electronic mark is included in the received electronic data. If added, the verification request processing unit that requests the validity verification device to verify the validity of the issuing institution verification information embedded in the electronic mark, and the validity verification result transmitted from the validity verification device. When the issuing institution verification information indicates that it is valid, the computer functions as an electronic mark authentication processing unit that performs authentication processing of the electronic mark in which the issuing institution verification information is embedded. program. 18. A program for causing a computer to function as an electronic mark issuing organization side device that issues an electronic mark including electronic mark verification information indicating the validity of the electronic mark, the electronic mark indicating the validity of the electronic mark. An electronic mark issuance processing unit that generates verification information and issues an electronic mark in which the electronic mark verification information is embedded, and a revocation list transmission that generates and transmits an electronic mark verification information revocation list indicating expired electronic mark verification information A program that causes a computer to function as a processing unit. 19. A program for causing a computer to function as a validity verification device for verifying electronic mark verification information indicating the validity of an electronic mark, the program comprising: List revocation list receiving unit for receiving an electronic mark verification information revocation list indicating the obtained electronic mark verification information from the electronic mark issuing institution side device, the electronic mark verification information and the electronic mark verification for which the validity request was issued from the client side device A program for causing a computer to function as a verification result response processing unit that compares the contents of an information revocation list and transmits the verification result to a client device. 20. A program for causing a computer to function as a client-side device for authenticating an electronic mark including electronic mark verification information indicating the validity of the electronic mark, wherein the electronic mark is added to received electronic data. Verification request processing unit that requests the validity verification device to verify the validity of the electronic mark verification information embedded in the electronic mark, and the validity verification result transmitted from the validity verification device A program that causes a computer to function as an electronic mark authentication processing unit that performs authentication processing of an electronic mark in which the electronic mark verification information is embedded when the mark verification information indicates that the electronic mark verification information is valid.