JP2012248915A - Identification name management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an environment in which an electronic signature can be utilized for self certification at an individual level or anonymously in the Internet.SOLUTION: An identification name management system receives registration requests from each of a plurality of users, receives only a public key of a pair of a public key and a secret key generated on a corresponding user side together with the respective registration requests, determines user identification names different from each other in response to the registration requests, registers the user identification name in a database in association with the corresponding public key, notifies the users of the fact that the user identification name has been registered in association with the public key, and opens the public key and the user identification name associated with each other to the public through the Internet.

Description

  The present invention relates to a system for assigning a unique identification name to a user and managing the registration on the Internet.

  Currently, the number of Internet users in the world exceeds 2 billion and is increasing explosively. Most of the users use community services such as Twitter, blog, SNS, and bulletin board in some form. In the community service, it is possible to freely transmit information and discuss opinions (Patent Document 1). In addition, real-time search has enabled us to obtain useful information about events currently in progress, and major changes are occurring in daily life.

  On the other hand, since the leakage of personal information can lead to serious damage on the Internet, most uses are anonymous. Even though personal information is disclosed to the service provider, users often do not disclose their real names. On the other hand, since anonymous communication has a credit problem, services based on real names are also functioning effectively.

JP 2010-146452 A

  It can be said that anonymous use is necessary from the viewpoint of privacy, but on the other hand, remarks on the network become a collection of ad hoc points such as “There are also such opinions”. Information about who is saying is important for assessing the usefulness of that opinion, and information such as "what else does the person saying this say?" It is very useful as a reference for evaluating sex. In addition, since there is no responsibility for information sent by disjoint anonymous individuals, information with low reliability may be easily sent.

  On Twitter, anonymous users can be identified to some extent by user name. Also, celebrities can avoid spoofing and confusion due to misleading user names by using a verified account. However, in addition to Twitter, there are many places to send information from general individuals such as other community services, online auctions, user reviews of mail order sites, posts on newspaper sites, writing to Q & A, SNS, blogs, etc. is there. There is no means to identify and reliably verify anonymous individuals on the Internet including these.

  In general, whether or not certain information is useful is an important clue to the source of the information. If you are an editorial on a leading newspaper site, I think it is worth reading. Also, if you're a reliable writer, consider spending time reading. In particular, in disasters such as earthquakes and eruptions, rumors and rumors are often a problem. In situations where urgency is required, damage may be suppressed if there are certain clues to the authenticity of information.

  If it is a major site, such as a newspaper company, a certain level of reliability can be expected. However, information transmission by general users is superior in the following three points. One is the fineness of information. When it comes to electrical products, problems related to certain operations of certain models and information related to certain fields in certain areas may have to rely on personal level information. Many. Another is the speed of information. For current events, the information of general users who are present is the fastest. Furthermore, an overwhelming number of general users are superior in terms of the amount of information.

  In addition to acquiring information, it is necessary to correctly interpret the contents and judge credibility. However, the information sent every day is far beyond the capacity of individuals. It seems that work such as division of labor at the individual level in each field of expertise is indispensable. However, if there is a lot of wrong or harmful information, it is difficult to select good quality correct information. In the following, it is important to select unnecessary information. In order to maximize the benefits of collective intelligence, the key is how to select unnecessary information.

  On the other hand, when a certain person posts to the posting column of the newspaper site, the person spends a certain amount of labor and time. And if the information is useful to other people, the information has a certain value. However, if the person is an unnamed person, the posting is single-shot information, and only the information that is referred to by the person who browsed the site.

  If a posted person is anonymous, the person gets only self-satisfaction that the person has posted. That is, the posting is ad hoc, and generally does not improve the person's credibility. Therefore, the merit of spending labor and time is small, and there is no willingness to provide good quality information over time.

  On the other hand, there is also a method of posting by real name. In fact, there are SNSs that require posting real names. However, the publication of real names involves significant risks such as privacy infringement. There is also doubt about the authenticity of the real name itself. Although it is conceivable to perform a complicated procedure required for an electronic certificate to confirm the real name, it is expensive and cumbersome and cannot be understood by general users. Furthermore, real name posting is limited to a specific SNS, and the horizontal relationship in various media on the Internet is varied. Furthermore, there are very many identical real names and similar real names.

  Another issue is that even very unique and valuable posts can be plagiarized by others. In particular, for creative works such as essays, videos, and music, the lack of proof of creation is a major factor that hinders publication and dissemination.

  Although PKI can be used to identify the subject, at least at the individual level, it is prevalent only in one direction, despite its principle effectiveness. In other words, a corporation such as a service provider has a public key certificate, digitally signs information on the service, and is confirmed by a general individual to use the service.

  Originally, an individual should have an electronic certificate and sign an electronic signature to expand the possibilities of the Internet, but such use is exceptional. In fact, there are only a limited number of situations where individuals use electronic certificates.

  This is probably because the introduction of PKI is complicated. At present, if it is absolutely necessary, an application is made to a certificate authority, and a personal electronic certificate is obtained in accordance with necessary procedures. This is not only laborious and time consuming, but also expensive. It is also necessary to pay attention to the validity period.

  And since the digital certificate identifies the individual user, it must be carefully managed, just like a seal. In a sense, it has a function to identify a user more directly than a seal, so if leaked, it can be said that there is a higher risk of misuse. Furthermore, privacy risks are associated with individual users who are active on the Internet with their real names.

  Accordingly, an object of the present invention is to provide an environment in which an electronic signature can be easily used for self-certification at an individual level.

  Another object of the present invention is to provide an environment in which an electronic signature can be used even when anonymous.

  Still another object of the present invention is to provide each user with a unique identification name, clarify the origin of the information transmitted on the Internet by the identification name, and provide a reliability evaluation standard. is there.

  In order to solve the above-mentioned problem, the identification name management system of the present invention receives a registration request from each of a plurality of users and, together with each of the registration requests, a public key and a secret key generated on the corresponding user side. Only the public key of the pair is received, and in response to the registration request, different user identification names are determined, the user identification names are registered in the database in association with the corresponding public keys, and for the user, It is notified that the user identification name is registered in association with the public key, and the public key and user identification name associated with each other are disclosed to the public via the Internet.

  According to the identification name management system of the present invention, a user who transmits information on the Internet can accumulate trust in the identification name. In addition, since the identification name is used anonymously, it can be separated from the real life, and thus privacy risks can be avoided.

  Furthermore, according to the distinguished name management system of the present invention, since it is directly beneficial to the user to transmit useful information to the Internet, each user will actively transmit useful information, Information on the Internet will be enriched, which will lead to public interest.

  Furthermore, according to the identification name management system of the present invention, a general user who uses the Internet can evaluate the usefulness and reliability of information by the sender of the information. It can be used.

FIG. 1 is a diagram for explaining a procedure for cybername registration in the identification name management system according to the first embodiment of the present invention. FIG. 2 is a diagram illustrating a specific example of a newspaper advertisement for publishing a hash value of a list file in which a correspondence between a cyber name and a public key is described in the identification name management system according to the first embodiment of the present invention. FIG. 3 is a diagram illustrating a specific example of a list file in which correspondence between a cyber name and a public key is described in the identification name management system according to the first embodiment of the present invention. FIG. 4 is a diagram illustrating a procedure for authenticating with a cyber name in the identification name management system according to the first embodiment of the present invention. FIG. 5 is a diagram illustrating a password input screen displayed when authentication is performed with a cyber name in the identification name management system according to the first embodiment of the present invention. FIG. 6 is a diagram illustrating a specific example of a message that a user should sign when authenticating with a cyber name in the identification name management system according to the first embodiment of the present invention. FIG. 7 is a diagram illustrating a specific example of a message authenticated by a cyber name in the identification name management system according to the first embodiment of the present invention. FIG. 8 is a diagram for explaining a cyber name management table and a message management table provided in a management server implemented as an identification name management system according to the first embodiment of the present invention. FIG. 9 is a diagram illustrating a linking protocol implementation method in the distinguished name management system according to the first embodiment of the present invention. FIG. 10 is a diagram for explaining the effect of the linking protocol in the identification name management system according to the first embodiment of the present invention. FIG. 11 is a diagram for explaining how the reliability of the date / time information (in the message) is related to other information in the link information of the identification name management system according to the first embodiment of the present invention. FIG. 12 is a diagram for explaining how the link information of the identification name management system according to the first embodiment of the present invention has a relationship regarding the reliability of the authentication date and time. FIG. 13 is a diagram showing a specific example of a bulletin board on which a general user message is posted, including a message authenticated by the identification name management system according to the first embodiment of the present invention. FIG. 14 is a view showing a screen on which a result of verifying authentication of each displayed message is displayed by a plug-in corresponding to the identification name management system in the browser displaying the screen of the bulletin board in FIG. It is. FIG. 15 is a diagram illustrating a screen on which a remark list generated in the identification name management system according to the first embodiment of the present invention is displayed by a browser. FIG. 16 is a diagram illustrating a screen on which a message similar to a specific message is extracted and displayed by the browser in the identification name management system according to the first embodiment of the present invention. FIG. 17 is a diagram illustrating an example in which authentication is performed on video and music content in the identification name management system according to the first embodiment of the present invention. FIG. 18 is a diagram illustrating an example of a website that has been authenticated in the identification name management system according to the first embodiment of the present invention. FIG. 19 is a diagram illustrating an example in which authentication data for each file on the Web site is displayed in the identification name management system according to the first embodiment of the present invention. FIG. 20 is a diagram illustrating an example of an authentication message indicating authentication of a file, which is configured from the authentication data of FIG. FIG. 21 is a diagram illustrating a specific example in which an electronic signature that can be verified with a public key registered in the identification name management system according to the first embodiment of the present invention is attached to the body of an electronic mail. FIG. 22 is a diagram for explaining a case where the text of the electronic mail in FIG. 21 is verified with utility software. FIG. 23 is a diagram showing a verification result by the utility software of FIG. FIG. 24 is a diagram showing a verification result by the utility software of FIG. FIG. 25 illustrates a procedure for attaching an electronic signature that can be verified with the public key registered in the identification name management system according to the first embodiment of the present invention to the text of the electronic mail typed in the utility software of FIG. FIG. FIG. 26 is a diagram illustrating a case where mail is transmitted / received from the remark list generated in the identification name management system according to the first embodiment of the present invention. FIG. 27 is a diagram for explaining a case where an authenticated message is cited in the identification name management system according to the first embodiment of the present invention. It is a figure explaining the cyber name management table and message management table which are provided in the mounted management server. FIG. 28 is a diagram for explaining a case where the user's favorite is displayed from the remark list generated in the identification name management system according to the first embodiment of the present invention. FIG. 29 is a diagram illustrating a specific example of a message authenticated in the identification name management system according to the second embodiment of the present invention. FIG. 30 is a diagram illustrating a specific example of a bulletin board on which a general user message is posted, including a message authenticated in the identification name management system according to the second embodiment of the present invention. FIG. 31 is a diagram illustrating a message authenticated in the identification name management system according to the third embodiment of the present invention, a cyber name management table, and a message management table. FIG. 32 is a diagram showing a specific example of a bulletin board on which a general user message is posted, including a message authenticated in the identification name management system according to the third embodiment of the present invention. FIG. 33 is a diagram for explaining how the link information locally proves the reliability of the authentication date and time in the identification name management system according to the third embodiment of the present invention.

In an electronic signature algorithm, a signature is generated by processing plaintext with a signature key, and signature verification is performed with a verification key. However, in the database, only information unique to each record becomes a problem. Accordingly, in this specification, verification key information unique to each key pair is referred to as a public key, and signature key information concealed in each key pair is referred to as a secret key. For example, in the RSA signature, the relationship between the plaintext c and the signature value s is as follows.
c = s ^ e mod n
s = c ^ d mod n

  That is, for plaintext c, the signature value s can be calculated using d and n. Also, plaintext c can be calculated for signature value s using e and n. Here, the signature keys are d and n, and the verification keys are e and n. Normally, e is determined in advance to a certain number, so that the substantial verification key, that is, the public key unique to each record is n. Also, since n is open to the public, the substantial signing key (secret key) to be concealed is d.

  Also in this specification, e is determined in advance to a certain number. Therefore, in the following description, only d is called a secret key and only n is called a public key. In the following description, signature processing is included, including preprocessing for plain text such as padding and hash processing.

  The identification name management system according to the first embodiment of the present invention is implemented as a management server that connects to the Internet and manages identification names. Dedicated utility software is installed on the user's personal computer in order to communicate with the management server and use the identification name. The management server issues a unique cyber name as an identification name for each anonymous user, and publishes this cyber name in association with the public key of the corresponding anonymous user. The management server manages and guarantees that each cybername is unique, but since all are public, anyone can check for duplication.

  In the PC utility software, a public / private key pair is generated and stored. However, the secret key is encrypted. Then, the management server is requested to register the public key and the cyber name in association with each other. The private key is not sent to the management server, and the user keeps it private at his / her own risk. In addition, when a user posts a message, it can authenticate with a cyber name by signing it or verify the authentication of another person's message. In this embodiment, 2048-bit RSA is used as a signature algorithm.

  Note that the management server and the user perform communication protected by SSL, and this SSL includes TLS (Transport Layer Security). In particular, although not essential, it is also preferable to perform client authentication. In this case, it is convenient to use a public key associated with the cyber name.

  The basic function of the identification name management system is to enable Internet users to use an electronic signature without disclosing personal information. For this purpose, each user's identification name and public key are associated with each other and registered and made public.

  Thus, each user can clearly distinguish his / her activities on the Internet from others by attaching an electronic signature, and can establish an identity on the Internet using his / her distinguished name.

<Mounting form>
The operation phase of this identification name management system includes a registration phase in which a cyber name is associated with a public key and registered in a management server, a transmission phase in which a user signs information such as a message and transmits information, and a transmission by another person. There is a verification phase that verifies the authentication of the information.

  In addition, the user-side utility software may be implemented as independent software that has a browser function and operates independently, or may use an existing browser. Independent software offers a high degree of freedom in the interface, but the user needs to move away from the familiar browser.

  Even when an existing browser is used, first, implementation as software that operates completely independently of the browser can be considered. In this case, the user needs to exchange information with the site opened in the browser. There is also a method of incorporating utility software into an existing browser as a dynamic link library such as a plug-in. Furthermore, various mounting methods such as a method of operating in cooperation with a browser and COM are conceivable. These are appropriately selected according to the corresponding situation on the browser side.

  In the following implementation form, only the program for performing the registration phase is implemented as independent software, and the transmission phase and the verification phase are described as being implemented as plug-ins. Other implementations can be easily implemented by those skilled in the art.

<Cybername registration>
In this embodiment, cybername registration is performed anonymously. In this case, if a single user registers many cyber names, the cyber names will be insufficient. Therefore, a mechanism that makes it impossible to make an issuance request is necessary. To that end, for example, a CAPTCHA (capture) system can be used that displays unclear and distorted characters that are difficult for a machine to read automatically and allows the user to read them. In addition, registration from the same IP address may be restricted or cookies may be used as appropriate.

  Hereinafter, the procedure for cyber name registration will be described with reference to FIG. A user who wishes to register a cyber name in the management server 10 of this identification name management system must first install utility software on his personal computer. Launch this utility software and open the Cybername registration application window 1.

  In the window 1, a box for inputting a desired cybername is displayed. The user enters the desired cybername here. When the update button is clicked after the input, the cyber name is transmitted to the management server 10 (S1), the cyber name that can be issued is returned from the management server 10 and displayed in the box of the issued cyber name (S2).

  However, in the cyber names that can be issued, a prefix is added to the head of the inputted cyber name. This prefix is a hash value for obtaining a unique cyber name, and is selected on the management server 10 side so that there is no cyber name that looks as similar as possible. The prefix ends with an underscore. For example, in the example of FIG. 1, Nuages is desired as the cyber name, and aZ38_Nuages is returned from the management server 10 as an example that can be issued.

  As a result, cyber names with the pattern **** _ Nuages can be used by multiple users. If four characters used in Base64 are used as in this example, there are 16,777,216 prefixes. In addition, the number of prefix characters need not be fixed because they are clearly separated by an underscore “_”.

  In addition, an image of a CAPTCHA distorted character string is transmitted from the management server 10 and displayed on the window 1. The user needs to input this character string in the adjacent input box. Further, after displaying the CAPTCHA image, the utility software generates a public key / private key pair. The private key corresponding to the generated public key is encrypted and stored and managed on the hard disk of the personal computer, but it is also necessary to enter the necessary password in the input box.

  When the issuance cybername is determined and the user clicks the application button, the public key is transmitted to the management server 10 together with the issuance cybername and the input character string of CAPTCHA (S3). If the input character string of CAPTCHA is correct, the management server 10 uses the current date and time as the temporary registration date and time, associates it with the issued cybername and the received public key, and stores it in the management database. The management server 10 transmits a message notifying completion of temporary registration to the user (S4).

  The utility software that has received the provisional registration completion notification stores the cyber name, public key, and private key on the hard disk of the personal computer. However, the private key is stored after being encrypted with the password. For example, it can be encrypted using existing common key encryption such as AES. Alternatively, the password is processed recursively (for example, 1000 times or more) with SHA-512, and the obtained values are concatenated to form a 2048-bit key, and the bitwise exclusive OR of the bit string and the secret key Is stored as an encrypted private key. For decryption, the key is calculated from the password entered by the user, and exclusive OR with the encrypted secret key is performed.

  In this embodiment, for the purpose of eliminating useless registration, the above registration is temporary registration, and the time when the first cybername is used is the main registration. If the main registration is not made within one week from the temporary registration, the temporary registration is deleted. In that case, the user has to start over.

<Clarification of registered information>
Records of the management database are publicly disclosed on a dedicated site, and anyone can obtain a public key corresponding to a cyber name. Also, records registered for a certain period can be downloaded as a file. For example, a cyber name and a public key registered during that period are published as a list file such as a CSV file together with the registration date in a weekly unit. Then, the hash value of the list file is published in a publication such as a newspaper. This is called clarification of registered information (S5).

  A specific example of a newspaper advertisement is shown in FIG. A specific example of the list file is shown in FIG. In the specific example of FIG. 2, two hash values are published. Even if one of them is broken, the effectiveness of the other is maintained. In addition, representative values of link information are also published. This representative value will be described in detail later.

  Therefore, the owner of the corresponding private key (cyber name user) saves the list file so that he / she can always use the cyber name regardless of the management server 10. Can prove. The validity of the list file and the published hash value is guaranteed for the period when the security of the hash function being used is confirmed. That is, a combination of a list file and a publication forms a public key certificate for the cyber name.

  In order to extend the period, it is only necessary to process the combination of the list file so far and the published hash value with a stronger hash function, and publish the hash value again. The list file created thereafter uses this strong hash function.

<Use of Cybername>
Once registered, users can use cyber names to authenticate when they write their opinions and information on a website such as a bulletin board. Here, the case of writing in the edit box of the bulletin board site will be described with reference to FIG.

  It is assumed that a plug-in for performing necessary processing is installed in the browser in advance. As described above, the encrypted private key is stored on the local hard disk. Therefore, since a public key and a secret key are required to authenticate a message, access to the local hard disk by a plug-in is required.

  If the local hard disk is not used by the plug-in, a dummy public key and secret key are incorporated as data (constants) in the plug-in in advance, and the file image of the plug-in is installed before installation in the browser. The user's public key and the encrypted private key may be overwritten. This process is performed by the utility software as a plug-in installer using the stored public key and encrypted private key.

  The user writes a message in the edit box. To authenticate this, press the authentication button. This authentication button is provided in the browser window by a plug-in. Then, since the password input screen as shown in FIG. 5 appears, the user inputs the password. The plug-in reads the public key and the encrypted private key from the local hard disk or its own memory area, and decrypts the private key with the input password. Then, a message is transmitted together with the cyber name, and an authentication request is made to the management server.

  The management server that has received the authentication request first confirms that the cybername has not expired. If the expiration date has expired, a notification to that effect is made and the process is terminated. If it is within the validity period, a signature message is created by adding the cyber name and the current time (authentication date) after the cyber name, and returns this to the user (plug-in). This signature message is as shown in FIG.

  The signature message shown in FIG. 6 need not be displayed to the user. The plug-in compares the authentication date and time of the signature message with the current time in the personal computer. If there is no significant difference, the plug-in signs the signature message and returns it to the management server. If there is a big difference, display it to the user and confirm the signature. Normally, there is no significant difference between the two.

  The management server verifies the received user signature based on the signature message. If the verification fails, the plug-in is notified to that effect and the process is terminated. If the verification is successful, a serial number is assigned to the signature message to create an authentication message, which is returned to the user (plug-in). This authentication message is as shown in FIG. Here, the serial number arranges messages of all users in time series and is expressed in hexadecimal (8 digits in parentheses in FIG. 6).

  As will be described later, these serial numbers are associated with the hash value of the corresponding authentication message, and become authentication data for this message. That is, it is confirmed that the management server confirms that the user signature has been made corresponding to the cyber name and that the authentication date and time described is correct.

  When receiving the authentication message from the management server, the plug-in uses the authentication message to replace the edit box message before posting. In this embodiment, when the plug-in makes an authentication request, the URL of the currently displayed page is acquired from the browser and transmitted to the management server together with the message. This information is also recorded in the database of the management server and used in a later-described comment list as information indicating the posting destination.

  In order for a third party to check whether an authentication message is indeed from a user of the cyber name contained therein, it is necessary to verify the user signature. Since the management server publishes the user signature, anyone can do it. If the user signature verification fails, it is clear that the management server is responsible for it.

<Message management>
As shown in FIG. 8, the management server is provided with a cyber name management table 61 for associating a cyber name with a user public key, and a message management table 62 for managing all authentication messages in time series.

  In each entry of the cyber name management table 61, a cyber name (CyN), a user public key (Kup), the number of points (Points) described below indicating the user's reliability, ranking information (Ranking), and registration A field for storing a date (Registration) and an expiration date (Expiration) is included.

  Each entry in the message management table 62 includes a serial number (Serial No.) that is a serial number assigned in time series when each authentication message is created, and a pointer (pMsg) to the stored authentication message body. ), The hash value h (Msg) of the authentication message body, the user signature SigU for the signature message, the authentication date / time (Date) of the authentication message, and the cyber name CyN.

  In this example, the entry URL 1 of the URL of the currently displayed page obtained from the user's browser is also included. Further, as will be described later, an entry URL 2 of the URL of the page where the authentication message is actually posted and a pointer pCache to the cache in the management server of the posted page are also included. These URLs 1 and 2 are used in a later-described message list.

  The serial number is a serial number obtained by arranging all messages in time series. As a result, the context of the authentication date and time of the message can be specified. As will be described later, here, the representative value of the link information with the serial number as the time series ID is published in a publication such as a newspaper simultaneously with the hash value of the list file (FIG. 2). The last published data of the link information is also stored in the management server as a set 63 of the corresponding serial number and representative value.

  As described above, the management server verifies the user signature and assigns a serial number to the message. Therefore, the serial number added to the message is authentication data indicating that it has been authenticated.

  Anyone can access the management server to obtain the database information. For example, it is possible to specify a cyber name and acquire all information of the corresponding entry in the cyber name management table 61. Also, it is possible to acquire all the information of the corresponding entry in the message management table 62 by designating the serial number.

<Date and time certification>
Time stamps are used as means for performing time authentication on electronic data. This time stamp is also used in electronic notarization and electronic signature laws, and some documents that are permitted to be digitized by the e-document law require the use of time stamps in some ministerial ordinances. . A linking protocol is often used as a time stamp implementation method. This linking protocol enables existence proof and non-falsification proof at the date and time of authentication over a long period of time without depending on the reliability of the electronic signature.

  Hereinafter, the time authentication method according to the present embodiment will be described with reference to FIG. When the serial number is i, the corresponding link information L (i) and the link information L (i-1) and L (i + 1) before and after the authentication are the authentication message Msg (i) and the authentication message Msg (i + This information identifies the context of 1).

  That is, the link information L (i) is information calculated from the link information L (i-1) and the authentication message Msg (i). Here, a linear linking protocol is used. That is, the link information L (i) is a numerical value calculated by L (i) = h (L (i−1), i, h (Msg (i))) using h () as a hash function. That is, a chain of authentication messages is formed by the link information.

  From the characteristics of the hash function, both the link information L (i-1) and the authentication message Msg (i) are information before the link information L (i). Similarly, the link information L (i) and the authentication message Msg (i + 1) are information before the link information L (i + 1).

  Therefore, if the link information L (i-1), L (i), L (i + 1) is consistent with the authentication messages Msg (i), Msg (i + 1), the authentication message Msg (i) The authentication date / time Date (i) must be before the authentication date / time Date (i + 1) of the authentication message Msg (i + 1). If Date (i)> Date (i + 1), at least one is not correct.

  Further description will be given with reference to FIG. Here, the link information L (j) and the link information L (n) are representative values published in publications such as newspapers. If all the authentication messages between them are known, it can be confirmed that j <k <n and always Date (j)> Date (k)> Date (n). If it is certain that the authentication date and time Date (k) of the authentication message Msg (k) is correct, j <m <k <n and Date (j)> Date (m)> Date (k) It will be certain.

  This linear linking protocol is one of the time stamp protocols used in a general time stamp service. In this embodiment, however, the reliability of the system is higher than that of a normal time stamp service. Yes.

  In the case of a normal time stamp service, it merely proves that a hash value, which is a de facto random number, exists at a specific date and time. The information itself is owned only by the user and is not open to the public. In addition, the time stamp service side only discloses the hash value on the way, and does not know the content of the information.

  In addition, when a representative value is published in a publication at weekly intervals, the linear linking protocol itself does not guarantee where the actual date and time of authentication are within a week. Only the order relationship between time stamps is certain. The authentication date itself depends on the reliability of the time stamp service providing site.

  As described above, also in this embodiment, the representative value of the link information with the serial number as the time series ID is published in a publication such as a newspaper simultaneously with the hash value of the list file (FIG. 2). However, here, the authentication message Msg (i) is stored and managed in the management server, and is posted and disclosed on an unspecified number of sites.

  When the authentication message Msg (i) is disclosed, the hash value is also effectively disclosed. This hash value is data for collation connecting public link information.

  In the case of this embodiment, in addition to the authentication date and time assigned by the management server, an authentication message is posted and published together with the posting date and time on a large number of unspecified sites. The probability for the correctness of the authentication date is increased by the amount of the public data (particularly the posting date and time) of this large number of third parties. If there is an authentication message published on one trusted site between the date of publication of adjacent representative values, and the hash value and posting date and time are values consistent with the link chain, the authentication of the link chain The reliability of the date and time will be reinforced by the date and time of posting on the reliable site.

  Therefore, from the management server side, the hash value of the authentication message between the publication dates of the adjacent representative values and the list of URLs of the posting sites are made available for download. In addition, image data of public information as shown in FIG. 2 and bibliographic items of publications are also released. If the user wishes to save the list of hash values and the data of the public information, it can be used as objective evidence data regarding the posting date of the authentication message.

<Effect of link information>
The relationship between the link information and the reliability of the authentication date will be described in more detail. FIG. 11 shows a state in which cyber names, user signatures, link information, date / time information (management server assignment) and date / time information (each site assignment) are arranged in time series. These are all information published on the posting site. Moreover, since it is also disclosed in the management server, it is easy to follow the link. The link information is not directly disclosed on the posting site, but can be calculated from the published representative value using the hash value of the authentication message.

  FIG. 12 shows how the reliability of the date / time information (in the message) is related to other information. However, due to the nature of the hash function, the context of each authentication message is guaranteed by the link information. Here, a message of date / time information Date (i) in a message posted on a certain site is considered.

  In the site, the message is posted together with the date / time information DateS (i) given regardless of the date / time information Date (i). Therefore, the reliability of Date (i) and the reliability of DateS (i) are complementary to each other. That is, Date (i) and DateS (i) have a one-to-one correspondence.

  Since the context of each authentication message is guaranteed by the link information, if i <j and Date (i)> Date (j), either Date (i) or Date (j) Is wrong. In this case, there is a very high possibility that the unnatural one is wrong in the chain of date / time information Date () and DateS ().

  For example, let us consider a case in which fraud is performed by using date and time information of a message as date and time information one week ago. First, it is necessary to obtain a collaborator who can access the management server or to intrude and tamper with it. However, if the date / time information of the message is the date / time information of one week ago, it is out of the monotonically increasing rule in the chain of the date / time information Date ().

  So the chain itself needs to be reconfigured. Delete all the one-week chains and create a new chain that is linked to the previous date and time information. In this case, it is necessary to invade each site where the message of the deleted chain is posted and erase the trace. In addition, new chain messages also need to be written on each site as if they were posted by each user. Furthermore, it is necessary to consider the necessity of intrusion into each user's personal computer to ensure consistency. Such a thing seems to be extremely difficult in practice.

  In other words, the reliability of each of the management server, each user who sent a message, and each site where the message is posted independently corresponds to the reliability of each date and time information. If there is any doubt about the date information, it can be easily estimated which date information is incorrect based on the one-way property of the hash function. It is also clear where the responsibility lies. Therefore, apart from unintentional errors, the possibility of fraud is very low.

<Signature confirmation>
An example of a bulletin board on which a general user message is posted is shown in FIG. It is assumed that the plug-in is installed in the browser of the viewing user's personal computer, and thereby the authentication button and the verification button are displayed. In order to verify the authentication message, a viewer of this bulletin board may press the verification button of the browser.

  The plug-in then analyzes the contents of the currently displayed page and identifies the authentication message. Specifically, the end of the message is Base64 4 characters + underscore "_" + cybername + space + rating (described later) + line feed + date and time (20101130 11:52 format) + space + serial number (in parentheses) If the format is an 8-digit hexadecimal number, verification as an authentication message is performed.

  First, the hash value of those authentication messages is calculated. Then, the hash value of each authentication message is transmitted to the management server together with the corresponding serial number. In this example, since authentication is not added to the second message from the top, there are three pairs of hash values and serial numbers.

  The management server checks whether the received hash value is the same as the hash value of the corresponding serial number database entry. If they are the same, the message is authenticated, and if they are not the same, the message is not authenticated. Furthermore, the management server confirms that the validity period of the cyber name has not expired for each authenticated message.

  Then, for each serial number, it is notified whether authentication is possible and the validity of the cyber name. If it is authenticated and valid, it obtains the current rating from the corresponding cybername, determines the rating described below, and sends it to the utility software together with a notification of authentication confirmation.

  The plug-in that has received the authentication information adds the authentication result to the corresponding position on the bulletin board as shown in FIG. In other words, when authentication fails, “authentication failure” is displayed. When the authentication is successful, the current rating is given to “authenticated” and “authenticated AA” is displayed. The fourth message from the top shows that the rating was A at the time of posting, but now it has been promoted to AA. Further, the plug-in sets a link to a URL of a later-described message list to the cyber name that has been successfully authenticated. In FIG. 14, the link is underlined. In addition, even if authenticated, if the expiration date of the cybername has expired, “authenticated (currently invalid)” is displayed.

<Remark list>
If you are using the Internet, and you are particularly concerned about writing, you may want to know what others are saying. Or you may want to know who is making such a statement. In such a case, the user can display the speech list. That is, as shown in FIG. 14, when the display of a cyber name aZ38_Nuages with successful authentication is selected, a request to display the message list is transmitted to the management server together with the cyber name aZ38_Nuages.

  In response to the request, the management server extracts an entry of aZ38_Nuages from the message management table 62, creates a statement list, and transmits it as a Web page together with other information. Information including the message list is received by the browser, and a window as shown in FIG. 15 is displayed.

  In the speech list, a list of past authentication messages of the speaker (here aZ38_Nuages) is listed from the latest one. If there are a considerable number of remarks, it is possible to know to some extent the user image of aZ38_Nuages by using a narrow search or the like here. In the lower left of each item, link information to the site where the message is posted is shown.

  As described above, this link information is a URL acquired from the foremost browser being displayed during authentication. Therefore, it is not always a link to the authentication message posting page. However, it can be used as information for knowing the actual publication page.

  In addition, the management server searches for the posted page of the authentication message. This is performed by searching the Web using the serial number and cyber name of the message management table 62 as search terms. However, since a general search engine may take several days or a week or more to update an index, a search is performed after a while after authentication.

  As shown in the second statement in the list of FIG. 15, the URL acquired from the frontmost browser being displayed at the time of authentication is also displayed as it is under the URL of the posting page of the authentication message obtained by the search. Keep it. Therefore, the posted page can be displayed directly by clicking the URL above.

  It should be noted that the image of a person obtained from past authentication messages is not the image of a person who owns the cyber name. The real person can freely form another person image called aZ38_Nuages, for example, in the cyber space of the Internet.

  In other words, the quality and quantity of speech determines the value of the cybername. Therefore, it is important to nurture one cyber name carefully, and there is not much meaning in performing multiple registration. In order to emphasize this point, an objective ranking is used.

  In the example of FIG. 15, 144/48237 is displayed as the ranking. This shows that it is the 114th place among 48237 cyber names. The information stored in the ranking field (Ranking) of the cyber name management table 61 is this rank 114. This ranking is ranked based on the number of points (Points) described later. That is, here, it is shown that the user has the 114th most points.

  Moreover, a user's rating is performed based on this ranking. For example, if it is included in the top 5% of all cyber names, it will be “AAA”, if it is less than that, it will be “AA” if it is included in the top 15%, and it will be included in the top 30% below that. If it is less than that, it will be “B”. This rating is posted in the authentication message, so it is convenient to know the user's rating when reading the post.

  However, the rating value of the authentication message displayed on the bulletin board or the like is the rating value at the time of writing the message. Therefore, the rating value at the time of authentication confirmation generally does not match. On the right side of the “authenticated” display in FIG. 14, the time of authentication confirmation, that is, the current rating value is displayed.

  A button for displaying another user authentication message similar to the content of the message is shown at the lower right of each item in the message list. When this button is pressed, a screen as shown in FIG. 16 is displayed. Here, the message is displayed in the uppermost row, and the content that is closer to it is displayed below it.

  As a result, the opinions of other users regarding similar themes can be referred to. Also, the messages before and after the date of the message are displayed in different colors. In this way, when original content is included, it is possible to know which user is the first.

<Points>
The number of points (Points) is calculated from information regarding the usage status of the management server by each user as a numerical value indicating the reliability of the user who owns the cyber name. The following can be considered as such information.

1) The number of times other users have displayed the user's remark list 2) The number of times other users have displayed the user's favorite pages 3) Other users clicked links to the user's favorite pages 4) Number of times another user has purchased a product from the user's favorite page 5) Number of times another user has performed a refinement search of the user's remark list 6) Other than the user's blog 7) Number of times the user's remarks were quoted and the original remarks were displayed from the recitation 8) Number of times that the remarks of the user were recited and the remark list of the user was displayed from the recitations

  After appropriate weighting is performed on the above information, for example, the information is accumulated by the calculation formula Points = Σ (ci × fi). This calculation formula indicates that the number of the item is i, fi is the i-th number of the item, ci is a coefficient set for each i, and the sum for all i becomes Points. .

<Copyright>
When a general user makes a call, a copy and paste problem may occur. It looks like posting a unique and insightful message, copying it as it is, authenticating yourself, and posting it on another bulletin board as your own message. Even in this case, if the first user has his / her signature, it will be clear which is the first.

  The reliability of the cyber name of the user who performed the copy and paste will decrease. In order to reflect this in the number of points, it is only necessary to allow a user who is determined to be malicious to lower the points of the target cybername, that is, to reduce points. In order to prevent abuse, only users with a rating of A or higher will be able to spend their points and deduct points. For example, in the case of rating A, it is possible to deduct twice as much as the reduction of its own points, and in the case of rating AA, it is possible to deduct four times as much as the decrease of its own points. Will be able to reduce their points by 8 times.

  If you publish creative content such as your own compositions, illustrations, and poems on the Internet instead of normal messages, there will be a certain amount of restraint against the plagiarism of others if there is an authentication date. For example, in the case of video or music, authentication is performed after adding a hash value to a message.

  FIG. 17 shows an example in which a video is attached to a self-made song “Beyond Forgetting” and presented as an MPEG-4 file. Here, “Oblivescence.mpg: SHA-2 a1yOOj… 1jO =” is added to the message “I made a song to commemorate the excursion to Shimatori”, and authentication is performed with the cyber name. Oblivescence.mpg is the file name of the video and indicates that the hash value “a1yOOj... 1jO =” is obtained by encoding with Base64 using SHA-2 as the hash function.

  For example, let's say another user takes out only the music, changes it a little, and announces it as a self-made song. In this case, the authentication date and time when the previous MPEG-4 file was announced can be a strong evidence as to whether or not it is plagiarism.

<Web site authentication>
A website page consists of multiple files. In order to authenticate such data, it is convenient to provide a separate page for confirming the authentication. For example, in the case of the top page of a Web site as shown in FIG. 18, the URL (link) of the authentication page is described. Here, a link to an authentication page is set in a button called individual file authentication. This authentication page includes, for example, the contents as shown in FIG.

  That is, this authentication page lists URLs of data (usually files) to be authenticated. Then, authentication is performed as described above for the hash value of the data specified by these URLs.

  For example, the hash value of the file “myhome.ne.jp/member1/content1.htm” is calculated, and encoded as Base64 text data. A user signature is added to the text data in the same manner as a normal message, the message is assembled in a predetermined format, and the server is requested to authenticate. FIG. 19 shows that this file was created at 20061223 19:23 and authenticated with the serial number 00383093.

  In this case, the authentication message is assembled as follows. That is, as shown in FIG. 20, a file name, a hash function, a hash value of a file, a cyber name, a rating, a date and time of authentication, a serial number, and a predetermined format may be combined. As described above, authentication can be confirmed by the hash value of this authentication message. In order for the creator of the website to obtain authentication, authentication may be requested for a message assembled according to a predetermined format such as the date and time of authentication and the serial number removed from FIG.

  Web pages may be updated frequently. In this case, a plurality of authentications with different authentication dates and times may be obtained for the same URL. In FIG. 19, “myhome.ne.jp/member1/content2.htm” shows two entries having different authentication dates and times.

<Person authentication>
In the above-described method, any message that has been authenticated can be freely viewed. In other words, all activities on the Internet by cyber names are public. If you don't want to publish, but want to authenticate with a cybername, you can just sign it with a registered RSA key.

  In that case, the utility software calculates the user signature for the message but does not send it to the management server. The user signature is encoded in Base64 and added to the end of the message along with the character string “signature (sha256WithRSAEncryption):”.

  FIG. 21 shows a screen on which a message with personal authentication received by e-mail is displayed by a general mailer. Since a 2048-bit RSA signature is used here, 342 characters encoded in Base64 and a slightly longer user signature are added. If 224-bit ECDSA is used instead of RSA, the user signature is 448 bits, which can be shortened to 75 characters when encoded in Base64.

  To verify the message with personal authentication, the text of the message including the user signature is copied and input to the utility software together with the cyber name (FIG. 22). When the verification button is pressed, the utility software accesses the management server, acquires the public key corresponding to the cyber name, and verifies the signature attached to the message body.

  If the verification is successful, the utility software displays “U + Qj_Satoh's message” (FIG. 23). This display also shows the current rating of the cybername. The rating is obtained from the management server. If you click the message list display button here, you can display the message list of U + Qj_Satoh. If the verification is not possible, a message such as “cannot be confirmed as U + Qj_Satoh's message” is displayed (FIG. 24).

  Even if the cyber name is unknown to U + Qj_Satoh, the rating value can be used as a measure of reliability. It is also possible to display a speech list and perform credit evaluation of the person. If U + Qj_Satoh is a well-known user, the public key may be stored in advance.

  If it is desired to add a signature, a message is entered as shown in FIG. 25, and a signature addition button is pressed. Then, according to a predetermined format, a signature is added to the end of the message, and the contents are converted into the contents shown in FIG. The user can copy it and send it with any mail software.

<Other functions>
In some cases, you may want to send an email directly to a user who has gained trust through a speech list. To do that, you can install a mail function on the management server. This mail function is provided through a speech list window. For example, as shown in FIG. 26, it can be used by clicking a mail tab provided in the message list window.

  In addition, a blog function is implemented in the management server, and this can also be used by clicking the blog tab provided in the speech list window. This blog differs from a regular blog in that it links to all Internet activities performed by users identified by their cyber names.

<Invalid cybername>
Each user can revoke their cybername. To do so, an invalid application may be made with a signature to the management server. The invalid cybername and public key information are also put on a list in which hash values are published by newspaper advertisements as shown in FIG. Possible reasons for invalidation include the case where the secret key has been leaked. In FIG. 3, a list of invalid cyber names is shown below the list of registered cyber names. In that case, the expiration date (Expiration) field of the cyber name management table 61 is overwritten with the date and time when it becomes invalid.

  In addition, an expiration date is set for the cyber name. For users with a rating of A or higher, the expiration date is automatically updated. The renewal of the expiry date is published in the newspaper as well as new registrations. However, for users with a rating of A or lower, the expiration date will not be updated if there is no effective use of the cybername for a certain period of time.

<Quotation>
It's not very well-behaved to silently use someone else's text for your posting. However, the reuse of useful writing improves the convenience of the Internet. In this case, it is possible to give consideration to the original writer by specifying the citation destination. The serial number is enough for that. If you add more cyber names, you will be more respectful.

  A specific example is shown in FIG. Here, the serial number after “sn:” and the cyber name after “Cbn:” indicate the quotation destination. The plug-in sets a quoted link in the serial number display if a quote is included in a message that has been successfully authenticated. In addition, a link to the user's remark list is set to display the quoted cybername. If the browsing user wants to refer to a quote destination or a list of remarks, they can click these links. As described above, if the utterance list is displayed by being quoted in this way, points are added.

<Revenue model>
The comment list as shown in FIG. 15 includes a “favorite” tab. When this favorite is selected, a window as shown in FIG. 28 is displayed. A profit model can be designed by using such a speech list as a network medium. That is, by selecting a favorite tab in the window, it is possible to know products and services recommended by the user who owns the cyber name. This favorite content can be an effective advertising medium if the user has high reliability. It is also possible to use an affiliate program. By sharing the revenue between the user and the system provider, the revenue necessary for system operation becomes possible.

  In the first embodiment, the reliability and cooperation of the management server is indispensable for the owner of the cyber name to prove the fact that the posted message is not sent by himself / herself. In order to certify regardless of the management server, a seal may be used as follows. Except for the addition of a seal, the mounting in the second embodiment is the same as the mounting in the first embodiment.

  In the second embodiment, when the management server receives and verifies the user signature for the signature message as shown in FIG. 6, the management server calculates a hash value of the user signature and encodes the last 24 bits in Base64. By doing this, a four-character seal (Seal) is generated. As the hash function here, SHA-1 or the like may be used. Then, as shown in FIG. 29, an authentication message is obtained by adding this seal in front of the serial number. The message is verified by checking the hash value of the authentication message including the seal. FIG. 30 shows an authentication message when the second embodiment is applied to the specific example of FIG.

  Since the seal is also considered to be a 24-bit random number, it can be said to be one hash value of the user signature. It is not difficult to search for another data having the same bit length as the user signature and generating the same hash value as the 24-bit hash value. However, when verification is performed by regarding the data as a user signature, it is difficult to calculate an authentication message that is an original image of a hash value that can be verified successfully.

  Therefore, by using the seal, each user can prove that a certain post is his or her own, independently of the management server. To be personal, you can create a signature for the message and show that the signature corresponds to the seal. If it is not yours, create a signature for the message and show that the signature does not correspond to the seal. The correspondence between the cyber name and the public key can be proved by a list file and information published in a newspaper.

  In the first and second embodiments, the reliability of the authentication date of the message is evaluated based on the representative value of the link information published in a publication such as a newspaper. In that case, the hash value of the message between the publication dates of adjacent representative values is required. So, the management server publishes these hash values together.

  If a problem occurs in the management server and the hash value cannot be used, it is possible to search for a message from the serial number or the like. However, not all necessary messages can be retrieved. Embodiment 3 proposes a method for determining the context of adjacent messages from only those messages.

  In this embodiment, as shown in FIG. 31, link information (Link Inf.) Is included in the authentication message itself. FIG. 32 shows an authentication message when the third embodiment is applied to the specific example of FIG. That is, as shown in FIG. 32, 44-character link information encoded in Base64 is added at the end of the authentication message. This link information is given at the same time as the serial number after verifying the user signature, and is returned to the user as an authentication message. In the example of FIG. 31, i = 003F4959, L (i−1) = mU0OjBha... GICACAgIG0a =. The serial number i is enclosed in parentheses. A sticker is added in front of the serial number.

  This will be further described with reference to FIG. The authentication message Msg (i) includes not only the serial number i but also link information L (i-1). Therefore, the next link information L (i) can be calculated only by the authentication message Msg (i). This link information L (i) is displayed in the next authentication message Msg (i + 1). Therefore, it is proved by the link information L (i) that the authentication message Msg (i) existed before the authentication date and time of the authentication message Msg (i + 1).

  In this embodiment, since each link information is posted on an unspecified number of sites, it is not always required to place representative values in publications. Authentication messages reinforce each other's authentication date and time.

  In the notation of link information in the authentication message, a space is inserted after the first 12 characters. This is to make the first 12 characters independent as words. If the first 12 characters include a character such as “/” that separates words, a space or a line feed code for making the 12-character string independent as a word is inserted thereafter.

  This word is used as a search term when searching the page for posting the authentication message. A character string of 12 characters corresponds to a 72-bit numerical value and is regarded as a pseudo-random number from the nature of the hash function. Therefore, there is a high possibility that the search result is only the posted page. However, since a general search engine may take several days or a week or more to update an index, a search may not take a while after authentication.

  By doing so, even if a problem occurs in the management server, the link can be easily traced by searching the link information on the search site. For example, link information to be included in the next authentication message Msg (j + 1) is obtained from the link information included in a certain authentication message Msg (j) and the hash value of the authentication message Msg (j). . If a word to be included in the display of the link information is searched, the next authentication message Msg (j + 1) can be confirmed. Further, if the word of the link information that should be included in the authentication message Msg (j + 2) is similarly searched, the authentication message Msg (j + 2) can be confirmed. These authentication messages Msg (j + 1), Msg (j + 2)... Each guarantee the existence of the authentication message Msg (j).

  As described above, the identification name management system according to the present invention is very useful for improving the quantity and quality of information transmission by individuals on the Internet.

1 Cybername registration application window 10 Management server 61 Cybername management table 62 Message management table

Claims (1)

Receive registration requests from each of multiple users,
With each of the registration requests, only the public key of the public key and private key pair generated on the corresponding user side is received,
In response to the registration request, different user identification names are determined,
Register this user identifier in the database in association with the corresponding public key,
Notifying the user that the user identifier has been registered in association with the public key;
An identification name management system characterized in that the public key and user identification name associated with each other are made public via the Internet.

Images