JP2007041903A - Information processing system, information processing method and information processing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing system and a verification system capable of performing time stamp verification with high accuracy and responsibility by improving fault tolerance. <P>SOLUTION: A user terminal 100 is provided with a time stamp requesting part 106 for requesting the issuing of a time stamp 109 from a plurality of time authentication stations about original copy data 101 requiring time authentication, a time stamp receiving part 110 for receiving time stamps 109 from a plurality of TSAs (time stamp authority) 200a, 200b and 200c, and a data management part 114 for associating the plurality of time stamps 109 received from the plurality of TSAs 200a, 200b and 200c with the original copy data 101 and storing them for a time stamp storage part 116. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an information processing system, an information processing method, and an information processing program, and more particularly to an information processing system, an information processing method, and an information processing program capable of verifying the reliability of time certification of electronic data.

As a conventional time audit system device, for example, there is one described in Patent Document 1. The time audit system described in the document has a plurality of time stamp devices and a time distribution device that distributes accurate time, and the time distribution device has a link given a current time and a random number at regular intervals. Time information is generated from the information and distributed to the time stamp device, and the generated time information is stored together with the generation time, the used link information, and a random number. In addition, when the time information is distributed, the time stamp device stores the time information distributed this time instead of the time information stored in the previous distribution, and also stores the time information stored in the previous distribution and a random number. Is used to generate time audit information and transmit it to the time distribution device. This time audit information is used as link information of time information to be distributed next time by the time distribution device and is stored together with the corresponding time information. With such a configuration, it is possible to reliably prevent falsification of information such as time information and time stamps.
JP 2004-235826 A

  The prior art described in the above document aims to reliably prevent falsification of information such as time information and time stamp and to detect falsification. In addition, it is assumed that a plurality of time stamp devices are completely operated, and the time stamp issuance and storage are any one of the plurality of time stamp devices. Furthermore, it is assumed that the time distribution device transmits an accurate time.

  By the way, in the science and technology field, for example, in a system in which information is exchanged between a large number of unspecified users, when the order of information transmission times of each user is determined using time stamps, a large number of information is transmitted in a short time. It is assumed that a large amount of time stamps are used. Conventional commercial systems are expensive in terms of cost if they require a large amount of time stamps.

  In addition, when the order of information transmission time is determined by the time stamp, an error may occur from the actual issue request time depending on the time certificate authority used or the network environment, etc., resulting in inequality in the determination of the order. I can not.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide an information processing system and a verification system capable of performing time stamp verification with improved fault tolerance and high accuracy and reliability. It is in.

According to the present invention, for electronic data that requires time certification, a time stamp requesting unit that requests a plurality of time certificate authorities to issue time stamps;
A time stamp receiving unit for receiving the time stamp from the plurality of time certificate authorities;
A time stamp storage unit that stores a plurality of the time stamps received from the plurality of time certificate authorities in association with the electronic data;
An information processing system characterized by comprising:

  Here, the electronic data is digital data including, for example, a text format (text, HTML, PDF, XML, etc.) and a binary format (various images, application data, etc.). Alternatively, electronic data transmitted to a server or the like via a network such as the Internet may be used. Examples include electronic data posted on bulletin boards, blogs, forms, etc. on web pages.

  The information processing system includes a device including an arithmetic device and a memory, and can be a user terminal such as a personal computer, a PDA (Personal Digital Assistance), or a mobile phone. Alternatively, it can be included in a time stamp authority (TSA).

  The time stamp request unit converts the digital data into a hash value, transmits the hash value to the TSA, and requests issuance of a time stamp. The time stamp storage unit stores and manages the digital data and the hash value of the digital data to which the time stamp is given in association with each other. In the present invention, a plurality of time stamps are assigned to one digital data and stored in association with each other. The number of time certification authorities is preferably at least three.

  According to the present invention, since a plurality of time stamps acquired from a plurality of time certificate authorities can be attached to electronic data, the reliability of the time stamp is improved as compared with electronic data having only one time stamp.

According to the present invention, for electronic data that requires time certification, a time stamp requesting unit that requests a plurality of time certificate authorities to issue time stamps;
A time stamp receiving unit for receiving the time stamp from the plurality of time certificate authorities;
A time stamp storage unit that stores the plurality of time stamps received by the time stamp receiving unit for each of the plurality of time certificate authorities;
An information processing system characterized by comprising:

  According to the present invention, since a plurality of time stamps acquired from each time certificate authority is stored for each time certificate authority, it becomes possible to verify the reliability of the time stamp of each time certificate authority, and one time certificate The reliability is improved as compared with the case where the station time stamp is used.

  The information processing system may include a request destination table for storing a part of the plurality of time certificate authorities as a time stamp request destination, and the time stamp request unit is included in the request destination table. The time stamp can be requested from the time certificate authority.

In the above information processing system,
The request destination table may include some time certificate authorities selected at random from the plurality of time certificate authorities.

  In the information processing system, a reception unit that receives a request for issuing the time stamp of the electronic data, a time when the reception unit receives the request for issuance, and a delay time from a time when the time stamp receiving unit receives the time stamp. A delay time calculation unit for calculating the delay time, a statistical unit for taking statistics of the delay time calculated by the delay time calculation unit for each of the plurality of time certificate authorities, and a statistical delay time calculated by the statistical unit for the plurality of times And a delay time storage unit for storing each certificate authority.

  Here, the delay time is the time required from when the accepting unit accepts the issuance request until the time stamp requesting unit makes a request, and the time from when the time stamp requesting unit makes a request until the time certificate authority accepts the request. It is a value obtained by adding the time, the issue time required for the time certificate authority to issue the time stamp, and the down time until the time stamp receiving unit receives the time stamp from the time certificate authority.

  According to this configuration, since it is possible to take statistics of delay times of a plurality of time stamps for each time certificate authority, it can be used as an index for evaluating the reliability of the time stamp for each time certificate authority. Will improve. In addition, since the statistical value of the delay time is used for evaluation based on multiple time stamps, some time certificate authorities have temporarily failed and time stamps cannot be obtained or some time stamps Even if tampered, the evaluation of the time stamp is not affected, and the accuracy and reliability are improved.

  In addition, since multiple time stamps are used, it is not necessary for all TSAs and time authorities (TAs) to operate correctly, and even if some TSAs or TAs fail, there is an effect. Without receiving it, the time stamp can be verified, and fault tolerance is improved.

  In the information processing system, the request destination table may include a time certificate authority selected based on the statistical delay time. Here, a plurality of time certificate authorities can be classified for each rank obtained by dividing the statistical delay time by a predetermined range, a rank table can be created, and a time certificate authority having a predetermined rank or higher can be selected based on the rank table. . That is, it is possible to select a time certificate authority whose statistical delay time is a predetermined value or less. The statistical delay time can be an average value, a median value, or a mode value of the delay times of a plurality of time stamps. The time certificate authority can be ranked according to these values. Alternatively, it is possible to rank the time certificate authorities by calculating the standard deviation of the delay times of a plurality of time stamps.

  The information processing system includes a reliability table that assigns a score for each time certificate authority according to the statistical delay time, ranks the time certificate authority according to the score, and stores the score as a reliability rank be able to.

According to the present invention, providing a time stamp storage unit;
Requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification; and
Receiving the time stamp from the plurality of time certificate authorities;
Storing the plurality of time stamps received from the plurality of time certificate authorities in association with the electronic data in the time stamp storage unit;
An information processing method characterized by including:

According to the present invention, providing a time stamp storage unit;
Requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification; and
Receiving the time stamp from the plurality of time certificate authorities;
Storing the plurality of time stamps received in the time stamp receiving step in the time stamp storage unit for each of the plurality of time certificate authorities;
An information processing method characterized by including:

According to the present invention, a computer having a time stamp storage unit is provided.
A means for requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification,
Means for receiving the time stamps from the plurality of time certificate authorities;
Means for storing the plurality of time stamps received from the plurality of time certificate authorities in the time stamp storage unit in association with the electronic data;
An information processing program is provided for functioning as

According to the present invention, a computer having a time stamp storage unit is provided.
A means for requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification,
Means for receiving the time stamps from the plurality of time certificate authorities;
Means for storing the plurality of time stamps received by the time stamp receiving means in the time stamp storage unit for each of the plurality of time certificate authorities;
An information processing program is provided for functioning as

  It should be noted that any combination of the above-described constituent elements and a conversion of the expression of the present invention between a method, an apparatus, a system, a recording medium, a computer program, etc. are also effective as an aspect of the present invention.

  ADVANTAGE OF THE INVENTION According to this invention, fault tolerance improves and the information processing system and verification system which can perform time stamp verification with high precision and reliability are provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In all the drawings, the same reference numerals are given to the same components, and the description will be omitted as appropriate.

  In order to verify the reliability of time stamps attached to electronic data, the present invention performs statistical processing based on a plurality of time stamps issued by a plurality of TSAs, generates TSA trust information, It is possible to verify the reliability of the stamp. The trust information of this TSA becomes an index when determining the time rank of time stamps issued from a plurality of TSAs.

  FIG. 1 is a block diagram showing a configuration of an information processing system according to an embodiment of the present invention. Here, a configuration for acquiring a plurality of time stamps and assigning them to electronic data in the user terminal 100 will be described. The configuration related to the above-described TSA reliability information and time order determination will be described later.

  The information processing system (user terminal 100) according to the present embodiment includes a time stamp request unit (request for time stamp 109) that requests a plurality of time certificate authorities to issue time stamps (time stamp 109) for electronic data (original data 101) that requires time certification. A time stamp requesting unit 106), a time stamp receiving unit (time stamp receiving unit 110) that receives time stamps from a plurality of time certificate authorities (first TSA 200a, second TSA 200b, and third TSA 200c); A time stamp storage unit (time stamp adding unit 112, data management unit 114, time stamp storage unit 116) that stores a plurality of time stamps in association with electronic data.

  In the information processing system, the user terminal 100 is, for example, a personal computer, a PDA, or a mobile phone connected to the network 1 such as the Internet or a LAN. In FIG. 1, the configuration of parts not related to the essence of the present invention is omitted. The TSA 200a, TSA 200b, and TSA 200c are time distributors that issue time stamps in response to a request from the user, and may be connected to the user terminal 100 via the network 1 or in the user terminal 100. It can also be included. The first TSA 200a, the second TSA 200b, and the third TSA 200c are simply abbreviated as “TSA 200” hereinafter unless otherwise distinguished.

  TA5 delivers an accurate time to TSA200 in response to a request from TSA200. The TA 5 and the TSA 200 are connected via a medium capable of time calibration. For example, the TSA 200 can receive from the TA 5 via a dedicated line, a public telephone line network, radio waves, or via a satellite, a radio tower, or the like. Alternatively, the TSA 200 can also receive from the TA 5 via a network using a protocol such as NTP (Network Time Protocol) or SNTP (Simple Network Time Protocol). The TSA 200 acquires the time from the TA 5 at any time, for example, once a day, and corrects the clock in the own device.

  Each component of the information processing system includes a CPU of any computer, a memory, a program for realizing the components shown in the figure loaded in the memory, a storage unit such as a hard disk for storing the program, and a network connection interface. It is realized by any combination of hardware and software. It will be understood by those skilled in the art that there are various modifications to the implementation method and apparatus. Each figure described below shows functional unit blocks, not hardware unit configurations.

  Specifically, the user terminal 100 includes an original data storage unit (shown as “original data” in the drawing) 102, a hash conversion unit 104, and a time stamp request unit (shown as “TS request unit” in the drawing) 106. An interface unit (indicated as “I / F”) 108, a time stamp receiving unit (indicated as “TS receiving unit” in the figure) 110, and a time stamp adding unit (indicated by “TS adding unit” in the figure). ”112, a data management unit 114, and a time stamp storage unit (shown as“ TS storage unit ”in the figure) 116.

  The original data storage unit 102 stores original data 101 for time certification. The original data 101 is digital data including, for example, a text format (text, HTML, PDF, XML, etc.) and a binary format (various images, application data, etc.). The original data storage unit 102 is included in the user terminal 100, but is not limited thereto. It may be an external storage device or an external storage device on a network.

  Alternatively, the original data 101 may be digital data transmitted to a server (not shown) or the like via the network 1, and in this case, the original data 101 is stored in a storage device of a server on the network 1. The original data storage unit 102 stores the storage location of the original data 101, for example, a URI (Uniform Resource Identifier). Examples include posting data on bulletin boards, blogs, forms, etc. on web pages.

  The hash conversion unit 104 receives the specification of the original data 101 for which the file specification receiving unit (not shown) performs time certification, converts the original data 101 received by the file specification receiving unit into a hash value, The data is transferred to the time stamp request unit 106. When the original data 101 is the post data described above, a post accepting unit (not shown) accepts an instruction to send post data and converts the post data accepted by the post accepting unit into a hash value. The posted data is actually released after a time stamp is issued from the TSA 200 and is added to the posted data.

  The time stamp requesting unit 106 transmits the hash value received from the hash conversion unit 104 to a plurality of TSAs on the network 1 via the interface unit 108, in this embodiment, the first TSA 200a, and requests the time stamp issuance. In the present embodiment, the first TSA 200a is configured on the network 1, but is not limited thereto. The first TSA 200a can also be included in the user terminal 100. In the present invention, it is preferable that the plurality of TSAs 200 be at least three.

  The time stamp request unit 106 has a TSA information table (not shown) that stores location information of the TSA 200 to which the hash value is to be transmitted, for example, an IP address, and the hash value transmission destination is referred to by referring to the TSA information table. To decide.

  In the present embodiment, as will be described later, the hash value received from the user terminal 100 is transferred from the first TSA 200a to the second TSA 200b and the third TSA 200c, and further a time stamp issuance request is made to the second TSA 200b and the third TSA 200c. However, it is not limited to this. A configuration in which a hash value is simultaneously transmitted to a plurality of TSAs from the user terminal 100 to issue a time stamp is also possible.

  The interface unit 108 communicates with the TSA 200 via the network 1. The time stamp receiving unit 110 receives a time stamp (shown as “TS” in the figure) 109 issued from each TSA 200 on the network 1 via the interface unit 108. The time stamp assigning unit 112 associates the original data 101, the hash value 103 thereof, and the time stamp 109 received by the time stamp receiving unit 110 corresponding to the hash value 103, and passes them to the data management unit 114. The data management unit 114 stores the information transferred from the time stamp assigning unit 112 in the time stamp storage unit 116 and manages the time stamp information stored in the time stamp storage unit 116.

  FIG. 2 shows an example of the structure of the time stamp storage unit 116. The time stamp storage unit 116 associates an original data file name (shown as “original data” in the figure) 120, a hash value 122, and at least one time stamp 124 (here, a time stamp certification time). Is remembered. The original data file name 120 includes, for example, a storage location of the original data 101, for example, a path, a URI, and the file name. In FIG. 2, “-” in the time stamp 124 indicates that there is no response from the TSA 200.

  In this way, a plurality of time stamps 109 acquired from a plurality of TSAs 200 can be attached to digital data and associated with each other and stored in the time stamp storage unit 116. Therefore, compared with digital data of only one time stamp 109, The reliability of the time stamp 109 is improved.

  Returning to FIG. 1, the TSA 200 synchronizes with the interface unit 202, the request reception unit 204, the hash value database 206, the time stamp generation unit 208, the time stamp database 210, the time stamp transmission unit 212, and the clock 220. Part 222.

  Specifically, the interface unit 202 communicates with other TSA 200 and the user terminal 100 on the network 1. The request reception unit 204 receives the hash value 103 from the user terminal 100 or another TSA 200 via the interface unit 202, and receives a time stamp issue request. The hash value 103 received by the request receiving unit 204 is temporarily stored in the hash value database 206.

  The time stamp generation unit 208 generates a time stamp 109 for the hash value 103 received by the request reception unit 204. The generated time stamp 109 is stored in the time stamp database 210 in association with the hash value 103. FIG. 3 shows an example of the structure of the time stamp database 210. The time stamp database 210 stores the hash value 230, the time stamp 232 (here, the certification time of the time stamp), and the serial number 234 in association with each other. The time stamp database 210 can also include a delay time τ described later. The serial number 234 can be used to determine the time rank of the time stamp.

  Returning to FIG. 1, the time stamp transmission unit 212 transmits the time stamp 109 generated by the time stamp generation unit 208 to another TSA 200 or the user terminal 100 via the interface unit 202. The time stamp transmission unit 212 has a destination TSA information table (not shown) that stores the location information of other TSAs 200 to which the time stamp 109 is to be transmitted, for example, an IP address, and refers to the destination TSA information table. Thus, the transmission destination of the time stamp 109 is determined. The clock 220 is a clock inside the TSA 200. The synchronization unit 222 accesses TA5 and synchronizes the time of the clock 220 with TA5 periodically or at any time. Thereby, the time of the clock 220 can be accurately maintained. The timing of synchronization of the clock 220 will be described later.

FIG. 4 is a block diagram showing the main configuration of the TSA 200 in the information processing system of this embodiment.
The information processing system (TSA 200) according to the present embodiment includes a time stamp requesting unit (hash transmitting unit 300) that requests a plurality of time certificate authorities (TSA 200) to issue time stamps (time stamps 109) for electronic data requiring time certification. ), A time stamp receiving unit (time stamp receiving unit 302) for receiving time stamps from a plurality of time certificate authorities, and a time stamp for storing a plurality of time stamps received by the time stamp receiver for each of a plurality of time certificate authorities A storage unit (other TSA time stamp database 304).

  In FIG. 4, the first TSA 200a will be described as an example. Specifically, in addition to the configuration of FIG. 1, the TSA 200 includes a hash transmission unit 300, a time stamp receiving unit (shown as “TS receiving unit” in the figure) 302, and another TSA time stamp database (in the figure, “ 304, a time stamp statistical unit (shown as “TS statistical unit” in the figure) 310, a TSA credit information database (shown as “TSA credit information DB” in the figure) 312; A trust information providing unit 314.

  In the present embodiment, the above-described components are included in the TSA 200, but are not limited thereto. It can be included in the user terminal 100 or can be included in another computer connected via the network 1.

  The hash transmission unit 300 transmits the hash value stored in the hash value database 206 to another TSA 200 on the network 1 via the interface unit 202. The hash transmission unit 300 has a transfer destination TSA information table (not shown) for storing location information of the TSA 200 to which the hash value is to be transmitted, for example, an IP address, and the hash value is referred to by referring to the transfer destination TSA information table Determine the destination of. The TSA 200 in this transfer destination TSA information table is associated with the other TSA time stamp database 304. The time stamp receiving unit 302 receives a time stamp from another TSA 200 on the network 1 via the interface unit 202. The received time stamp is stored in another TSA time stamp database 304. The other TSA time stamp database 304 stores the time stamp generated by each TSA 200. Further, the other TSA time stamp database 304 may include a delay time τ described later.

  The time stamp statistical unit 310 statistically processes and verifies the time stamp generated by the own TSA 200 stored in the time stamp database 210 and the time stamp generated by another TSA 200 stored in the other TSA time stamp database 304. To do. Details of the statistics and the verification method will be described later.

  The TSA credit information database 312 stores the credit information of the TSA 200 calculated by the time stamp statistics unit 310. Various credit information stored in the TSA credit information database 312 will be described later. The trust information provider 314 provides the TSA 200 credit information stored in the TSA credit information database 312 to another information processing system (not shown) via the network 1.

  By the way, when the user terminal 100 requests the TSA 200 to issue the time stamp 109, a time lag occurs after the issue request is made until the time stamp 109 is actually issued. In particular, when issuing an issue request via the network 1, it is easily affected by the communication status of the network 1.

  As shown in FIG. 5, in the present embodiment, this time lag is indicated by a delay time τ. In the user terminal 100, this delay time τ is expressed by the following (formula 1).

  τ = t_h + t_tsq + t_ts + t_tsr (Equation 1)

  Here, t_h is a request time required from when the file designation accepting unit accepts the time stamp issue request to generate the hash value 103 and when the time stamp request unit 106 makes the time stamp issue request. t_tsq is the uplink time from when the user terminal 100 transmits the hash value 103 to the TSA 200 via the network 1 until the TSA 200 receives the hash value 103. t_ts is an issue time required to generate the time stamp 109 from the hash value 103 in the TSA 200. t_tsr is a downlink time from when the time stamp 109 is transmitted from the TSA 200 to the user terminal 100 via the network 1 until the time stamp receiving unit 110 of the user terminal 100 receives the time stamp 109.

  The delay time τ is calculated from the time when the time stamp issuance request is made and the time when the time stamp is received. Note that τ ≧ 0.

  In addition, there is a possibility that the delay time τ is caused by the deviation of the clock 220 used by each TSA 200. Alternatively, the delay time τ may also occur when the time information of the clock 220 is falsified. If the time is earlier than the actual time, there is a possibility that the delay time τ <0. However, when the delay time τ <0, the delay time τ = 0 may be treated or verified at the time of verification. Or exclude from the data. In the user terminal 100, the delay time τ is calculated by the difference between the time when the time stamp receiving unit 110 receives the time stamp 109 and the time when the file designation receiving unit receives the time stamp issuing request.

  FIG. 6 is a diagram schematically showing distances from the user terminal 100 that has issued a time stamp issue request to a plurality of TSAs 200. In FIG. 6, the plurality of TSAs 200 are indicated as αTSA, βTSA,. In the present embodiment, the αTSA is provided in the user terminal 100, and the αTSA is classified into the rank r0 as the TSA 200 closest to the user terminal 100. βTSA and εTSA are classified into rank r1 as TSA200 next closest to user terminal 100. Thus, the plurality of TSAs 200 are classified into a plurality of ranks r0, r1, r2,..., Ri according to the distance on the network from the user terminal 100 serving as a reference.

  FIG. 7 is a diagram illustrating a result of classifying TSA by delay time τ with αTSA as a reference. That is, the distance from the user terminal 100, that is, each TSA 200 on the network based on αTSA is classified by the delay time τ. As a result, as shown in FIGS. 6 and 7, TSA 200 is classified into a plurality of ranks based on the distance from αTSA.

  On the other hand, as shown in FIG. 8, when βTSA is used as a reference, for example, rank r1 includes αTSA, δTSA, and λTSA, and rank r2 includes εTSA, γTSA, and θTSA.

  In this way, the time stamps 109 collected from the plurality of TSAs 200 are stored in the time stamp storage unit 116 of the user terminal 100. When verifying these time stamps 109, for example, the delay time depends on the rank described above. Only the time stamps 109 of the TSA 200 included in the ranks r0 to r3 in which τ is smaller than a predetermined value can be trusted, and the average value thereof can be used as the certification time of the actual time stamp 109. Alternatively, a certification time randomly selected from the time stamps 109 of the TSA 200 included in the ranks r0 to r3 whose delay time τ is smaller than a predetermined value can be used.

  Further, based on the above result, the time stamp request unit 106 can make a request to issue the time stamp 109 only to the TSA 200 included in the rank having the delay time τ smaller than the predetermined value. That is, the TSA information table of the time stamp requesting unit 106 can be updated based on the above result.

  On the other hand, in the TSA 200 of FIG. 4, the time stamp statistics unit 310 collects a plurality of time stamps 109 issued from each of the plurality of TSA 200. The delay time τ of the plurality of time stamps 109 of each collected TSA 200 is calculated. For example, the average value of the delay time τ is calculated for each TSA 200. Based on the calculated average value of the delay times τ, a plurality of TSAs 200 are classified into ranks as shown in the proximity TSA table 350 shown in FIG. These results are stored in the TSA credit information database 312. Here, the average value 402, the median value 404, and the mode value 406 of the delay time τ have a relationship as shown in FIG.

  In addition, the time stamp statistics unit 310 takes the statistics of the delay times τ of the plurality of time stamps 109 collected from the plurality of TSAs 200 for each TSA 200 and calculates the standard deviation σ of the delay times τ. A plurality of TSAs 200 can be classified into ranks based on the standard deviation σ of the delay time τ. For example, as shown in the τ dispersion table 352 shown in FIG. 9B, a plurality of TSAs 200 are classified into ranks. These results are also stored in the TSA credit information database 312.

  Alternatively, the time stamp statistical unit 310 can take statistics of the delay times τ of the plurality of time stamps 109 collected from the plurality of TSAs 200 and classify the TSA 200 into ranks based on the median value 404 of the delay times τ. . Alternatively, the TSA 200 can be classified into ranks based on the mode value 406 of the delay time τ. In this way, the statistical value of the delay time τ is obtained using the time stamps 109 collected from the plurality of TSAs 200 and used for verification of the time stamp 109.

  Further, the time stamp statistics unit 310 can also create a TSA reliability table 354 as shown in FIG. 9C and store it in the TSA credit information database 312. The TSA reliability table 354 is scored for each TSA 200 according to the accumulated delay time τ of the time stamp 109 while, for example, statistics of the delay time τ of the plurality of time stamps 109 are collected from the plurality of TSA 200. Is granted.

  The TSA 200 is classified according to the total score. There are various ways of assigning the score. For example, a high score is assigned to the collected time stamp 109 having a small delay time τ, and the score is set to be low as the score is increased. If the time stamp 109 is not issued, the score is 0. Also, the score is subtracted according to the number of time stamps 109 that have returned the delay time τ <0. Note that these TSA reliability tables 354 can be valid from the point in time when a predetermined number or more of time stamps 109 are counted.

  FIG. 11 shows an example of the score table. Using this score table 420, when a predetermined condition 422 is satisfied, a score 424 can be given. Here, for example, each time 1000 time stamps are collected, one point is added to TSA200, and every time one million time stamps are collected, five points are added to TSA200, and there is no response. Five points are deducted, and one point is deducted from the TSA 200 in which the delay time τ is greater than 5 seconds.

  Note that if the score indicating the reliability of the TSA 200 based on the delay time described above is continuously low for a predetermined time or more, there is a possibility that the clock 220 (FIG. 1) of the TSA 200 is shifted. Thus, the TSA 200 that gives an instruction to correct the clock 220 and receives the correction instruction can synchronize the clock 220 by the synchronization unit 222.

  As described above, according to the information processing system of the present embodiment, it is possible to obtain statistics of delay times of a plurality of time stamps for each time certification authority, and therefore, the reliability evaluation of time stamps for each time certification authority Can be used as an indicator of, and reliability is improved. In addition, since the statistical value of the delay time is used for evaluation based on multiple time stamps, some time certificate authorities have temporarily failed and time stamps cannot be obtained or some time stamps Even if tampered, the evaluation of the time stamp is not affected, and the accuracy and reliability are improved.

  Also, since multiple time stamps are used, it is not necessary for all TSAs and TAs to operate correctly, and even if some TSAs or TAs fail, time stamp verification is not affected. And the fault tolerance is improved.

  As mentioned above, although embodiment of this invention was described with reference to drawings, these are the illustrations of this invention, Various structures other than the above are also employable.

It is a block diagram which shows the structure of the information processing system which concerns on embodiment of this invention. It is a figure which shows an example of the structure of the time stamp memory | storage part of FIG. It is a figure which shows an example of the structure of the time stamp database of FIG. It is a block diagram which shows the principal part structure of TSA in the information processing system of FIG. It is a figure for demonstrating the delay time of this embodiment. It is the figure which showed typically the distance with several TSA from the user terminal which made the issuing request | requirement of a time stamp. It is a figure which shows the result of having classified TSA by delay time (tau). It is a figure for demonstrating the difference in ranking by TSA used as a reference | standard. It is a figure which shows the example of the various tables contained in the TSA credit information database in the information processing system of this embodiment. It is a graph which shows the example of the statistical result of delay time (tau) in the TS statistics part of TSA of FIG. It is a figure which shows an example of the score table which the TS statistics part in TSA of FIG. 4 uses.

Explanation of symbols

1 network 5 TA
DESCRIPTION OF SYMBOLS 100 User terminal 101 Original data 102 Original data storage part 103 Hash value 104 Hash conversion part 106 Time stamp request part 108 Interface part 109 Time stamp 110 Time stamp reception part 112 Time stamp provision part 114 Data management part 116 Time stamp storage part 120 Original Data file name 122 Hash value 124 Time stamp 200 TSA
202 Interface unit 204 Request reception unit 206 Hash value database 208 Time stamp generation unit 210 Time stamp database 212 Time stamp transmission unit 220 Clock 222 Synchronization unit 230 Hash value 232 Time stamp 234 Serial number 300 Hash transmission unit 302 Time stamp reception unit 304 Other TSA time stamp database 310 Time stamp statistics section 312 TSA credit information database 314 Trust information providing section 350 Proximity TSA table 352 τ Variance table 354 TSA reliability table 402 Average value 404 Median value 406 Mode value 420 Score table 422 Condition 424 Score

Claims (11)

For electronic data requiring time certification, a time stamp requesting unit that requests a plurality of time certificate authorities to issue time stamps;
A time stamp receiving unit for receiving the time stamp from the plurality of time certificate authorities;
A time stamp storage unit that stores a plurality of the time stamps received from the plurality of time certificate authorities in association with the electronic data;
An information processing system comprising: For electronic data requiring time certification, a time stamp requesting unit that requests a plurality of time certificate authorities to issue time stamps;
A time stamp receiving unit for receiving the time stamp from the plurality of time certificate authorities;
A time stamp storage unit that stores the plurality of time stamps received by the time stamp receiving unit for each of the plurality of time certificate authorities;
An information processing system comprising: The information processing system according to claim 1 or 2,
A request destination table for storing a part of the plurality of time certificate authorities as a time stamp request destination;
The information processing system, wherein the time stamp requesting unit requests the time certification authority included in the request destination table. The information processing system according to claim 3,
The information processing system, wherein the request destination table includes a part of time certification authorities randomly selected from the plurality of time certification authorities. The information processing system according to any one of claims 1 to 4,
A reception unit for receiving a request for issuing the time stamp of the electronic data;
A delay time calculation unit that calculates a delay time from the time when the reception unit receives the issue request and the time when the time stamp reception unit receives the time stamp;
A statistics unit that takes statistics of the delay time calculated by the delay time calculation unit for each of the plurality of time certificate authorities;
A delay time storage unit that stores the statistical delay time statistically calculated by the statistical unit for each of the plurality of time certificate authorities;
An information processing system comprising: The information processing system according to claim 5,
The information processing system, wherein the request destination table includes a time certificate authority selected based on the statistical delay time. The information processing system according to any one of claims 1 to 6,
Information including a reliability table for assigning a score for each time certificate authority according to the statistical delay time, ranking the time certificate authority according to the score, and storing the score as a reliability rank Processing system. Preparing a time stamp storage unit;
Requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification; and
Receiving the time stamp from the plurality of time certificate authorities;
Storing the plurality of time stamps received from the plurality of time certificate authorities in association with the electronic data in the time stamp storage unit;
An information processing method comprising: Preparing a time stamp storage unit;
Requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification; and
Receiving the time stamp from the plurality of time certificate authorities;
Storing the plurality of time stamps received in the time stamp receiving step in the time stamp storage unit for each of the plurality of time certificate authorities;
An information processing method comprising: To a computer with a time stamp storage,
A means for requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification,
Means for receiving the time stamps from the plurality of time certificate authorities;
Means for storing the plurality of time stamps received from the plurality of time certificate authorities in the time stamp storage unit in association with the electronic data;
Information processing program to function as To a computer with a time stamp storage,
A means for requesting multiple time certificate authorities to issue time stamps for electronic data requiring time certification,
Means for receiving the time stamps from the plurality of time certificate authorities;
Means for storing the plurality of time stamps received by the time stamp receiving means in the time stamp storage unit for each of the plurality of time certificate authorities;
Information processing program to function as

Images