JP3796528B2 - Communication system for performing content certification and content certification site device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
  The present invention relates to a communication system and a content certification site apparatus for performing content certification of transmission information transmitted and received using a network such as the Internet.
[0002]
[Prior art]
  Conventionally, in a network such as the Internet, electronic authentication (digital authentication) for verifying the identity of a person who is performing communication using a password or public key encryption, or an electronic signature (digital authentication) that puts a signature on the transmission information to be transmitted using public key encryption, etc. Signatures) are well known.
[0003]
[Problems to be solved by the invention]
  However, the content proof of the transmission information on the network, that is, the third party proves that the certain transmission information sent from a certain sender is passed to the recipient (sender name, recipient name, transmission information). There is still no technology to identify and prove the contents of
[0004]
  It is an object of the present invention to perform content certification of transmission information on such a network.
[0005]
[Means and Actions for Solving the Problems]
  In the communication system according to the present invention, the content certification site device as a third party other than the sender and the receiver proves that the transmission information transmitted from the sender device is received by the receiver device via the network. It is what you do.
[0006]
  In order to solve the above-described problems, the present invention (the invention according to claim 1)
  The content proof site device of the content proof site proves that the transmission information transmitted in an encrypted state from the sender device is received and decrypted by the receiver device via the network. A communication system for performing
  The caller device is:Sending the communication information directly only to the recipient device;Sending the sender signature data electronically signed by the sender to the content certification site device to the data that can confirm the identity of the content of the transmission information sent by the sender device;
  The recipient device isSaidWhen the received information is received and decrypted, the receiver signature data electronically signed by the receiver is sent to the content certification site device to the data that can be confirmed by the receiver device for the identity of the content of the received received information and decrypted. ,
  The content certification site device is configured to store the sender signature data received from the sender device and the receiver signature data received from the receiver device for content certification.As part of the content certification, the sender signature data includes data that can confirm the identity of the content of the transmission information transmitted by the sender device, and the receiver signature data that includes the reception Is set to collate with the data that can be confirmed the identity of the content of the transmission information received and decrypted by the user device,
Data that can confirm the identity of the content of the transmission information transmitted by the sender device is limited to the digest of the transmission information or the digest of the encryption information that encrypted the transmission information,
  Data that can confirm the identity of the content of the transmission information received and decrypted by the receiver apparatus is limited to the digest of the transmission information or the digest of the encryption information obtained by encrypting the transmission information.As a configuration.
  In order to solve the above-described problems, the present invention (claims)8Invention))
  A content proof site device that proves that transmission information transmitted in an encrypted state from a sender device is received and decrypted by a receiver device via a network,
  First receiving means for receiving, from the caller device, caller signature data electronically signed by the caller in data that can confirm the identity of the content of the transmission information transmitted by the caller device;
  Second receiving means for receiving, from the receiver device, receiver signature data digitally signed by the receiver into data that can be confirmed by the receiver device by receiving and decrypting the content of the transmitted information;
  Storage means for storing the sender signature data received from the sender device and the receiver signature data received from the receiver device for proof of contents;
As part of the content certification, out of the sender signature data, the data that can confirm the identity of the content of the transmission information transmitted by the sender device and the receiver signature data received by the receiver device Means for collating with data that can confirm the identity of the content of the decrypted transmission information,
Data that can confirm the identity of the content of the transmission information transmitted by the caller device is limited to the digest of the transfer information transmitted by the caller device or the digest of encrypted information obtained by encrypting the transfer information,
  The data that can confirm the identity of the content of the transmission information received and decrypted by the receiver device is the digest of the transmission information received and decrypted by the receiver device or the digest of the encryption information that encrypted the transmission information limitedAs a configuration.
  As a result, the content certification site device can verify the identity of the sender and the receiver, the transmitted information sent by the sender, and the receiver based on the sender signature data and the receiver signature data stored in the storage means. It is possible to confirm the identity of the received and decrypted transmission information, thereby enabling content verification regarding the transmission information from the third party's standpoint. At this time, the original transmission information to be proved may be stored by the content certification site itself or received from the sender side or the receiver side when the content certification is required. There may be.
[0007]
  The content certification site device confirms each identity based on the sender signature data and the receiver signature data, and confirms the identity of the transmission information sent by the sender and the transmission information received and decrypted by the receiver. It can also be configured to do.
[0008]
  The receiver signature data can be configured to include information on the date and time when the receiver received the transmission information, which is digitally signed by the receiver. This makes it possible to prove at a later date when the transmission information has been received by the recipient. Similarly, the above-mentioned sender signature data may be configured so that information related to the date and time when the sender sends the transmission information includes the electronic signature of the sender.
[0009]
  Caller deviceThe transmission information can also be configured to be transmitted to the recipient device without mediation by the content certification site device. In this case, the content certification site device may be configured to receive the transmission information from either the sender device or the receiver device.
[0010]
  Further, as data that can confirm the identity of the content of the transmission information transmitted by the caller device, a digest of the transfer information transmitted by the caller device or a digest of encrypted information obtained by encrypting the transfer information is used.
[0011]
  Also,As data that can confirm the identity of the content of the transmission information received and decrypted by the receiver device, a digest of the transmission information received and decrypted by the receiver device or a digest of the encryption information obtained by encrypting the transmission information Used.
[0012]
  Further, the content certification site device can be configured to receive the sender signature data and the receiver signature data using its own public key cryptography.
  With this configuration, the confidentiality of communication can be ensured and the sender signature data and the receiver signature data can be prevented from being read by others. In addition, since only the content certification site can perform decryption, it is possible to guarantee to the sender and receiver that each communication partner is a content certification site, and to ensure the safety of communication.
[0013]
  Further, it is preferable to use a common key encryption as an encryption method for encrypting communication data on a transmission line of a network.
  When such a common key encryption is used, the calculation efficiency when encrypting communication data is improved, and the encryption processing speed can be improved.
[0014]
  In addition, the content certification site device may be configured to receive the common key from the sender device using its own public key encryption when the common key of the common encryption is generated on the sender device side.
  With this configuration, when the common key is delivered, high communication confidentiality can be ensured so that it is not read by others. In addition, since only the content proof site can perform decryption, it is possible to guarantee to the caller that the communication partner is the content proof site, and secure communication safety.
[0015]
  In addition, the content certification site device receives the receiver signature data from the receiver device before the receiver device receives the encryption key for decrypting the encrypted transmission information from the sender device or the content certification site device. It may be configured as follows. As a result, it is possible to avoid the receiver apparatus itself receiving the transmission information and reading the contents thereof and rejecting the reception.
[0016]
DETAILED DESCRIPTION OF THE INVENTION
  Embodiments of the present invention will be described below with reference to the drawings.
  FIG. 2 shows a communication system including a content certification site apparatus as one embodiment (first embodiment) of the present invention. In the figure, the content certification site 1 includes a content certification server C, an authentication server N, a recording server M, and the like. The content certification server C and the certificate authority N can communicate with each other by connecting to an external transmitting terminal A and receiving terminal B via the Internet 4.
[0017]
  The terminals A and B can be realized by a workstation or a personal computer of a general user, for example. The terminals A and B have programs for realizing functions for performing various processes for content certification according to the present invention described below.
  Each time a round 1 content certification communication is performed, the content certification server C of the content certification site 1 takes in via the network.
  Installed by a portable program stored on a Maru 2 recording medium (floppy, optical disk, magneto-optical disk, magnetic tape, etc.)
  Install in advance as a resident program inside the Maru 3 device.
You can have it in the form.
[0018]
  The content certification server C of the content certification site 1 manages the communication between the transmitting terminal A and the receiving terminal B while intermediating between them, and in that case, ensuring the confidentiality of the communication And a communication content proof (sender name, receiver name, contents of transmission information, confirmation of transmission date and reception date, etc.).
[0019]
  The authentication server N of the content certification site 1 can be connected to an external certificate authority 2 (authentication infrastructure) certificate authority 2 via the Internet 4. This authentication platform is used to verify the identity of the sending terminal A and the receiving terminal B, and it is possible to perform identity verification using digital authentication using cryptographic techniques, biometrics using fingerprints and iris patterns, etc. However, in this embodiment, identity verification is performed using public key cryptography. For this reason, public keys (public keys) of the transmitting terminal A, the receiving terminal B, the content certification server C, etc. are registered in advance in this authentication infrastructure, and these public keys are requested through the network when requested. Can be sent to the original.
[0020]
  The recording server M of the content proofing site 1 is for storing and storing various data necessary for proof of communication content, and also with the external recording server 3 via the Internet 4 as necessary. Data can be exchanged.
[0021]
  The outline of the operation of this embodiment system will be described below with reference to the sequence diagram shown in FIG. 2 and the flowcharts shown in FIGS. In the sequence diagram of FIG. 2, a transmitting terminal A, a content certification server C, an authentication server N, and a receiving terminal B are arranged in order from the left side, and the types of data passed between them through the network are shown in the figure. Is written on. In these data, the notation [α] β indicates that the data α is encrypted with the key β. The notation [α, ε] β indicates that the data α and data ε are encrypted with the key β, and is equivalent to the fact that [α] β and [ε] β are independent of each other. Suppose that Further, the notation (γ) x represents a value obtained by digesting data γ at the site X (described later).
[0022]
  3 to 5 are flowcharts showing processing procedures executed in the transmitting terminal A, the receiving terminal B, and the content certification server C, respectively. In these drawings, the transmitting terminal A as the sender sends the transmission information D to the receiving terminal B as the receiver via the content certification server C of the content certification site 1, and the content certification site 1 delivers the transmission information D. The contents shall be proved at the time.
[0023]
  In the sequence of FIG. 1, it is assumed that the transmitting terminal A and the receiving terminal B have previously obtained the public key PKc of the content certification server C from an authentication server or the like. The public key PKc may be acquired every time a communication request is made. However, if the public key PKc is not changed for a certain period, the public key PKc acquired before is changed until it is changed. It may be kept as it is.
[0024]
  First, the originating terminal A requests the content certification server C to perform communication with content certification. At this time, the calling terminal A performs the following process (step A1). That is, the transmission information D to be sent is prepared, and a common key (also referred to as a secret key) R of a common key cryptosystem for encrypting the transmission information D is generated. For example, a random number can be used as the common key R. Using this common key R, the transmission information D is encrypted to create a ciphertext [D] R. The common key R is generated by changing to a new one each time the originating terminal A performs this content certification communication, thereby ensuring security with high communication confidentiality.
[0025]
  In this way, when the transmission information D is encrypted using the common key R, the calculation efficiency of the encryption operation is higher than that of the encryption using the public key of the public key encryption, and therefore the transmission information D is Even a large amount of data can be encrypted efficiently.
[0026]
  Further, the ciphertext [D] R and the transmission information D are converted by performing a conversion operation using a hash function or the like to obtain a digest value ([D] R) a and a digest value (D) a.
[0027]
  Here, the digest value (γ) x created at site X can uniquely identify the contents of the data γ. When the contents of the data γ are altered or damaged, the altered data Digest value (γ) y obtained by converting γ with the same hash function at site Y does not match the above digest value (γ) x. Therefore, it is confirmed that there was falsification based on the digest value (γ) x. It can be recognized immediately.
[0028]
  The encrypted transmission information digest value ([D] R) a and the transmission information digest value (D) a are encrypted with the secret key (private key) SKa of the transmitting terminal A [([ D] R) a and (D) a] SKa. The ciphertext [([D] R) a, (D) a] SKa can be decrypted using the public key (public key) PKa of the terminal A on the receiving side by the side receiving it. The person can be identified as the originating terminal A, and the digest value ([D] R) a and the digest value (D) a uniquely identify the contents of the transmission information D sent by the originating terminal A. Therefore, it can be used as electronic signature data for identifying the sender and identifying the content of the transmission information in the present invention.
[0029]
  In the following description, when the expression that the site X is an electronic signature (sign) is used for the data α, the data α is encrypted with the secret key SKx of the site X as described above, and the ciphertext [α] SKx is obtained. It means to create.
[0030]
  Further, the digest value (R) a of the common key R is created, and the originating terminal A digitally signs the common key R and the digest value (R) a to create a ciphertext [R, (R) a] SKa. To do. . Then, the ciphertext [([D] R) a, (D) a] SKa in which the ciphertext [R, (R) a] SKa and the digest value related to the transmission information are digitally signed.AndEncryption is performed with the public key PKc of the content certification server C. This encryption with the public key PKc is for concealing communication information from a third party other than the content certification server C.
[0031]
  Then, the transmitting terminal A prepares the following transmission data and sends it to the content certification server C of the content certification site 1 via the Internet 4 (step A2 in FIG. 3).
  Mal 1 address AA: address on the network of the originating terminal A as the source
  Maru 2 address BB: address on the network of the receiving terminal B as the receiving destination
  Maru 3 ciphertext [[([D] R) a, (D) a] SKa] PKc:
  The ciphertext [([D] R) a in which the originating terminal A electronically signed the digest value ([D] R) a of the encrypted transmission information and the digest value (D) a of the transmission information with the private key SKa. , (D) a] ciphertext obtained by encrypting SKa with the public key PKc of the content certification server C
  Maru 4 ciphertext [D] R: Ciphertext obtained by encrypting the transmission information D with the common key R
  Maru 5 ciphertext [[R, (R) a] SKa] PKc: Ciphertext [R, (R) a with which the originating terminal A digitally signed the common key R and its digest value (R) a with the private key SKa ] A ciphertext obtained by encrypting SKa with the public key PKc of the content certification server C
[0032]
  When the content certification server C of the content certification site 1 receives the transmission data from the transmission side terminal A, the content certification server C performs communication from the transmission side terminal A to the reception side terminal B based on the transmission source address AA and the reception destination address BB. It recognizes that there is, and obtains the public key PKa of the sender terminal A and the public key PKb of the receiver terminal B from the authentication server N (step C1 in FIG. 3). Note that if the public key PKb of the receiving terminal B is not yet registered in the authentication infrastructure, the receiving terminal B is prompted to register through the authentication server N or the like.
[0033]
  Then, the content certification server C uses the private key SKc of the ciphertext [[([D] R) a, (D) a] SKa] PKc and the ciphertext [[R, (R) a] SKa]. PKc is decrypted to obtain a ciphertext [([D] R) a, (D) a] SKa of the digest value relating to the transmission information and a ciphertext [[R, (R) a] SKa relating to the common key. Since only the content proof server C can perform this decryption, high confidentiality of communication can be ensured.
[0034]
  Further, these ciphertexts are decrypted using the public key PKa of the transmitting terminal A, and the encrypted transmission information digest value ([D] R) a, transmission information digest value (D) a, The common key R and the digest value (R) a of the common key are obtained (step C2 in FIG. 3). By being able to perform this decryption, it is possible to confirm the identity of the origin of these data ([D] R) a, (D) a, R, (R) a as the originating terminal A. If these decryptions cannot be performed, the sender cannot be authenticated.
[0035]
  The content certifying server C performs a conversion operation using the same hash function as that performed on the transmitting terminal A side on the ciphertext [D] R and the common key R of the transmission information obtained by the decryption, and the ciphertext [D] R digest value ([D] R) c and common key R digest value (R) c are obtained (step C3 in FIG. 3R> 3). Then, the digest value ([D] R) a received from the originating terminal A side is compared with the digest value ([D] R) c calculated by the local station, and received from the originating terminal A side. The digest value (R) a of the common key is compared with the digest value (R) c calculated by the own station (step C4 in FIG. 3). If the two match each other, the encrypted text [D] R and the common key R of the received transmission information have the completeness that the contents are not lost due to falsification or transmission path error. Can be confirmed.
[0036]
  In this case, when the comparison result does not match, the calling terminal A is notified to that effect and urges the data transmission to be performed again (see step C4 and step A2 in FIG. 3).
[0037]
  Thereafter, the content certification server C determines the transmission date / time Ta of data transmission from the calling terminal A, and uses the transmission date / time Ta and the digest value ([D] R) a of the encrypted transmission information to The private key SPc is used to make an electronic signature to generate a ciphertext [([D] R) a, Ta] SKc, and this electronic signature-added ciphertext [([D] R) a, Ta] SKc is received as a recipient. A ciphertext [[([D] R) a, Ta] SKc] PKb encrypted with the public key PKb of the receiving terminal B is created (step C5 in FIG. 4).
[0038]
  Then, the following transmission data is sent via the Internet 4 to the receiving terminal B as the receiving destination (step C6 in FIG. 4).
  Maru 1 address CC: address on the network of the content certification server C as the source
  Maru2 ciphertext [[([D] R) a, Ta] SKc] PKb: transmission date / time Ta and the digest value ([D] R) a of the transmission information encrypted with the secret key SKc of the content certification server C The ciphertext [([D] R) a, Ta] SKc digitally signed with the ciphertext obtained by encrypting the ciphertext with the public key PKb of the receiving terminal B that is the recipient
  Maru3 ciphertext [D] R: ciphertext obtained by encrypting the transmission information D with the common key R
[0039]
  When receiving the data from the content certification server C, the receiving terminal B as the reception destination recognizes that the communication is from the content certification server C based on the source address CC.
[0040]
  The receiving terminal B then decrypts the ciphertext [[([[D] R) a, Ta] SKc] PKb using its own secret key SKb, and decrypts the ciphertext [([D] R) a, Ta] SKc is obtained. Since only the receiving side terminal B can perform this decryption, it is possible to ensure the confidentiality of communication as well as confirming that it is addressed to its own station.
[0041]
  Further, by decrypting the decrypted ciphertext [([D] R) a, Ta] SKc using the public key PKc of the content certification server C, the transmission date and time Ta and the digest of the encrypted transmission information are digested. The value ([D] R) a can be obtained (step B1 in FIG. 4), whereby the source of the ciphertext [([D] R) a, Ta] SKc is the content certification server C. I can confirm.
[0042]
  Furthermore, the ciphertext [D] R of the transmission information received from the content certification server C is digested using the same hash function as that of the terminal A on the transmission side to create a digest value ([D] R) b (FIG. 4). Step B1).
[0043]
  Receiving side terminal B calculated by this stationDigest value([D] R) b is compared with the digest value ([D] R) a received and decrypted from the content certification server C (step B2). If they match, it can be confirmed that the ciphertext [D] R of the transmission information D has not been subjected to falsification of contents or a transmission path error. If they do not match, the content certification server C is notified of “mismatch” and urges the same data to be transmitted again (steps B2 and C6 in FIG. 4).
[0044]
  The receiving terminal B receives the transmission date / time Ta received from the content certification server C and the local station calculation.Digest value([D] R) b and an electronic signature with its own private key SKb to create a ciphertext [([D] R) b, Ta] SKb, and this ciphertext [([D] R) b, Ta] SKb is the receipt. The receipt [[[D] R) b, Ta] SKb can be decrypted by using the public key PKb of the receiving terminal B on the receiving side, thereby confirming that the source is the receiving terminal B. The present invention is data that can be confirmed and that the content of the ciphertext [D] R of the transmission information received by the receiving terminal B can be uniquely identified to confirm the completeness of the content (that it has not been changed). Can be used as electronic signature data for identifying the recipient and identifying the content of the transmission information.
[0045]
  The receiving side terminal B encrypts the receipt [([D] R) b, Ta] SKb with the public key PKc of the content certification server C [[([D] R) b, Ta] SKb]. PKc is created and sent to the content certification server C (step B3).
[0046]
  The content certification server C that has received the receipt [([D] R) b, Ta] SKb decrypts it using the public key PKb of the receiving terminal B, and calculates the digest value ( [D] R) b is obtained. By this decryption, it is possible to confirm that the receipt [[[D] R) b, Ta] SKb is transmitted from the receiving terminal B.
[0047]
  Furthermore, the digest value ([D] R) a calculated from the transmitting terminal A side acquired from the transmitting terminal A side is compared with the digest value ([D] R) b calculated on the receiving terminal B side ( Step C7 in FIG. If they match, the ciphertext [D] R of the transmission information transmitted from the calling terminal A is received by the receiving terminal B without being altered or damaged. It is possible to confirm the completeness of the transmission information. In addition, an electronic signature on the receiving terminal B side can be obtained for the transmission date and time Ta.
[0048]
  Thereafter, the content certification server C determines the receipt date Tb of the receipt [[[D] R) b, Ta] SKb from the receiving terminal B. Then, the reception date / time Tb, the common key R for decrypting the ciphertext [D] R of the transmission information, and the digest value (R) a of the common key are digitally signed with the private key SKc. A sentence [[[R, (R) a, Tb] SKc is created, and this ciphertext is encrypted with the public key PKb on the receiving terminal B side. [[[R, (R) a, Tb] SKc ] PKb is generated and sent to the receiving terminal B (step C8 in FIG. 4).
[0049]
  The receiving terminal B decrypts the received ciphertext [[[[R, (R) a, Tb] SKc] PKb using its own secret key SKb and the public key PKc of the content certification server C, and The common key R, its digest value (R) a, and the reception date and time Tb are acquired. Then, using this common key R, the ciphertext [D] R of the transmission information previously received from the content certification server C is decrypted to obtain the transmission information D. Then, the transmission information D is digested using a hash function to create a digest value (D) b of the transmission information (step B4 in FIG. 4).
[0050]
  A ciphertext [(D) b, Tb] SKb electronically signed with its own private key SKb at the digest value (D) b of the transmission information and the reception date and time Tb is created, and this is converted into a decrypted certificate (receipt certificate). To do. The decrypted certificate [(D) b, Tb] SKb is further encrypted with the public key PKc of the content certification server C, and the communication is concealed and sent to the content certification server C (FIG. 5). Step B5).
[0051]
  The content certification server C decrypts the received ciphertext with its own secret key SKc to obtain a ciphertext [(D) b, Tb] SKb, and receives this ciphertext [(D) b, Tb] SKb. The decryption certificate (receipt) with the electronic signature of the terminal B is used. Further, the decrypted certificate [(D) b, Tb] SKb is decrypted with the public key PKb of the receiving terminal B to obtain the digest value (D) b and the reception date Tb. The digest value (D) b created on the receiving side terminal B side is compared with the digest value (D) a created on the calling side terminal A side received from the calling side terminal A side. It can be confirmed that the ciphertext [D] R of the transmission information transmitted from the side terminal A side is definitely received by the reception side terminal B side and correctly decrypted as the transmission information D (step C9 in FIG. 5). ).
[0052]
  On the other hand, if the contents do not match as a result of the verification, the receiving terminal B is urged to transmit the same data again. Even when the data (D) b, Tb of the decryption certificate does not contain the digital signature of the receiving terminal B, the digital signature is given to the receiving terminal B and the decryption certificate [(D ) B, Tb] SKb is requested to be retransmitted.
[0053]
  If the digital signature of the receiving terminal B is not obtained in step C9, the content certification server C uses the ciphertext [Ta that has been digitally signed with its own private key SKc at the transmission date and time Ta and the reception date and time Tb. , Tb] SKc is generated as a result notification, which is encrypted with the public key PKa of the originating terminal A and sent to the originating terminal A (step C12 in FIG. 5). The result notification is accompanied by the fact that the common key R has been passed to the receiving terminal B but the decryption certificate has not been acquired.
[0054]
  When the content certification server C normally receives the above-mentioned decrypted certificate [(D) b, Tb] SKb, the ciphertext [with its own private key SKc and the electronic signature at the transmission time Ta and the reception time Tb [ Ta, Tb] SKc is created and used as a completion notification. The completion notification [Ta, Tb] SKc is encrypted with the public key PKa of the transmitting terminal A and then sent to the transmitting terminal A (step C10 in FIG. 5). ). The completion notification [Ta, Tb] SKc may be sent to the calling terminal A without being encrypted.
[0055]
  Then, the content certification server C sends the necessary data to the recording server M and stores it so that the content certification of the fact that there was a communication in which the transmission information D was sent from the transmission side terminal A to the reception side terminal B can be performed at a later date. (Step C11 in FIG. 5). At this time, which data items are stored can be, for example, combinations as shown below.
[0056]
  (1) Combination example 1 of storage data
    Maru1 ciphertext [(D) a] SKa: Data obtained by digitally signing the digest value (D) a of the transmission information by the calling terminal A with the private key SKa
    Maru 2 public key PKa: public key of the sending terminal A necessary for decrypting the ciphertext [(D) a] SKa
    Mar 3 transmission date and time Ta: Date and time when the content certification server C was confirmed as the date and time when the calling terminal A transmitted
    Maru 4 decryption certificate [(D) b, Tb] SKb: data obtained by the receiving side terminal B electronically signing with the secret key SKb on the digest value (D) b of the transmission information and the receiving date and time Tb
    Maru 5 public key PKb: public key of receiving side terminal B necessary for decrypting receipt [(D) b, Tb] SKb
    Maru 6 ciphertext [D] R: Data obtained by encrypting the transmission information D with the common key R
    Maru 7 common key R: Common key necessary for decrypting the ciphertext [D] R of the transmitted information (however, it is stored separately from the data of items 1 to 2 for key management)
[0057]
  (2) Storage data combination example 2
    Maru1 ciphertext [(D) a] SKa: Data obtained by digitally signing the digest value (D) a of the transmission information by the calling terminal A with the private key SKa
    Maru 2 public key PKa: public key of the sending terminal A necessary for decrypting the ciphertext [(D) a] SKa
    Maru 3 receipt [[[D] R) b, Ta] SKb: The receiving terminal B on the receiving side sends the secret key SKb to the digest value ([D] R) b and the transmission date / time Ta of the encrypted transmission information. Data digitally signed with
    Maru 4 public key PKb: public key of receiving side terminal B necessary for decrypting receipt [([D] R) b, Ta] SKb
    Maru 5 ciphertext [D] R: Data obtained by encrypting the transmission information D with the common key R
    Mar 6 receipt date and time Tb: Date and time when the content certification server C was confirmed as the date and time when the originating terminal B received
    Maru 7 common key R: Common key necessary for decrypting the ciphertext [D] R of the transmission information (however, it is stored separately from the data of items 1 to 6 for key management)
[0058]
  As described above, when the content certification server C cannot obtain the decrypted certificate [([D] R) b, Ta] SKb from the receiving terminal B, it interpolates the following data items: The content is proved (step C13 in FIG. 5).
    Maru 1 ciphertext [(D) a] SKa
    Maru 2 public key PKa
    Mar 3 outgoing date and time Ta
    Maru 4 receipt [[[D] R) b, Ta] SKb: The receiving terminal B on the receiving side receives the secret key SKb at the encrypted transmission information digest value ([D] R) b and the transmission date / time Ta. Data digitally signed with
    Maru 5 public key PKb
    Maru 6 ciphertext [D] R
    Maru 8 receipt date and time Tb
    Round 7 common key R (separate storage)
[0059]
  In carrying out the present invention, various modifications are possible. Hereinafter, each of these modifications will be described sequentially.
[0060]
  FIG. 10 is a diagram for explaining another embodiment (second embodiment) of the content certifying apparatus according to the present invention, and shows an operation sequence of the communication network according to the second embodiment. In the above-described first embodiment, since the transmission date and time Ta determined by the content certification server C has not received the electronic signature of the transmission side terminal A, in this second embodiment, the transmission side terminal A has received the transmission date and time Ta. An electronic signature can be obtained.
[0061]
  In other words, in the second embodiment, the transmitting terminal A includes the address AA of the transmitting terminal A, which is the transmission source, and the address BB of the receiving terminal B, which is the reception destination, in performing the communication with the content proof. It sends to the certification server C and requests content certification communication. The content certification server C sees the source address AA and the destination address BB, obtains the public key PKa of the sender terminal A and the public key PKb of the receiver terminal B from the authentication server N, and Confirm the transmission date and time Ta. Then, the transmission date and time Ta itself or the transmission date and time Ta is encrypted with the public key PKc, and then sent to the transmission side terminal A.
[0062]
  When the sending terminal A receives the sending date / time Ta from the content certification server C, the ciphertext [([D] R) a, (D) a] with the electronic signature sent to the content certification server C in the first embodiment is used. Instead of SKa, a ciphertext [([D] R) a, (D) a, Ta] SKa having an electronic signature is also created at the transmission date and time Ta, and the contents are the same as in the first embodiment. Send to certification server C.
[0063]
  Since the subsequent processing is the same as that in the first embodiment (see FIG. 2), detailed description is omitted. However, the difference is that the data item stored for content certification at the content certification site is encrypted. Instead of the text [([D] R) a, (D) a] SKa, the ciphertext [([D] R) a, (D) a, Ta] SKa is stored, and the transmission date and time Ta itself. The data is not saved.
[0064]
  FIG. 11 is a diagram for explaining another embodiment (third embodiment) of the content certification device according to the present invention, and shows an operation sequence of the communication network according to the third embodiment. In the above-described first and second embodiments, the common key R (common key) for encrypting the transmission information D is generated at the transmitting terminal A. In the second embodiment, the common key R is used for content verification. It is generated by the server C.
[0065]
  That is, in performing the communication with the content certification, the transmission side terminal A sends the address AA of the transmission side terminal A that is the transmission source and the address BB of the reception side terminal B that is the reception destination to the content verification server C. Request content certification communication. The content certifying server C obtains the public key PKa of the sender terminal A and the public key PKb of the receiver terminal B from the authentication server N by looking at the sender address AA and the receiver address BB. In addition, a common key R is generated and a digest value (R) c is created. Further, the transmission date / time Ta of the transmission side terminal A is determined. Then, a ciphertext [R, (R) c, Ta] SKc is created by digitally signing the common key R, its digest value (R) c, and the transmission date / time Ta with the secret key SKc of the content certification server C. The ciphertext is further encrypted with the public key PKa of the transmitting terminal A, and then sent to the transmitting terminal A.
[0066]
  The originating terminal A decrypts the ciphertext [[R, (R) c, Ta] SKc] public key PKa received with its own private key SKa, and decrypts the ciphertext [R, (R) c, Ta] SKc is obtained, and the ciphertext is further decrypted with the public key PKc of the content certification server C to obtain the common key R, its digest value (R) c, and transmission date / time Ta.
[0067]
  Thereafter, the local key side digests the common key R to create a digest value (R) a, and compares the digest value (R) a with the digest value (R) c obtained from the content certification server C. . When the two match, it is possible to confirm that the common key R received from the content certification server C is a complete one that has not been altered or damaged due to a transmission error.
[0068]
  Next, using the common key R received from the content certification server C, a ciphertext [D] R is generated by encrypting the transmission information D to be sent to the receiving terminal B, and the digest of the ciphertext [D] R is further created. Create the value ([D] R) a.
[0069]
  The encrypted transmission information digest value ([D] R) a, the transmission information digest value (D) a, and the transmission date and time Ta are encrypted using the secret key SKa and the ciphertext [( [D] R) a, (D) a, Ta] SKa are created, and the ciphertext is further encrypted with the public key PKc of the content certification server C [[([(D] R) a, (D A) Ta] SKa] SKc is generated and sent to the content certification server C together with the source address AA, the destination address BB, and the ciphertext [D] R of the transmission information. As a result, the content certification server C can obtain the electronic signature of the caller terminal A for the call date / time Ta.
[0070]
  Since the subsequent processing is the same as that of the first embodiment (see FIG. 2), detailed description thereof is omitted.
[0071]
  FIG. 12 explains another embodiment (embodiment 4) of the content certifying apparatus according to the present invention, and shows an operation sequence of the communication network according to the embodiment 4. In the above-described first to third embodiments, the ciphertext [D] R of the transmission information transmitted from the transmission side terminal A is once received by the content certification server C, and further from the content certification server C to the reception side terminal B. It is configured to take a route (that is, a route of A → C → B) to be delivered to each site. On the other hand, in the fourth embodiment, together with the fifth and sixth embodiments to be described later, the ciphertext [D] R of the transmission information transmitted from the calling terminal A is a reception destination of the transmission information D. It is configured such that it is directly sent to the side terminal B and passed to each site by taking a path (that is, a path of A → B → C) sent from the receiving side terminal B to the content certification server C.
[0072]
  If Example 4 shown in FIG. 12 is described in contrast with Example 1 shown in FIG.
    Round 1 address AA
    Maru 2 address BB
    Ciphertext [[([D] R) a, (D) a] SKa] PKc concerning the digest value of the Maru 3 transmission information
    Ciphertext [[R, (R) a] SKa] PKc for the maru-4 common key
Based on this, the public key PKa of the transmitting terminal A and the public key PKb of the receiving terminal B are acquired, and the transmission date and time Ta is determined.
[0073]
  Thereafter, in the first embodiment, the content certification server C transmits necessary data to the receiving terminal B. However, in this fourth embodiment, the content certification server C sends the receiving terminal A to the receiving terminal A. The ciphertext [PKb, Ta] SKc electronically signed by the content certification server C is sent to B's public key PKb and the transmission date and time Ta. Alternatively, the ciphertext [PKb, Ta] SKc may be further encrypted with the public key PKa of the terminal A on the transmission side to send the communication confidential.
[0074]
  Upon receiving this ciphertext, the calling terminal A directly receives the ciphertext from the receiving terminal B.
    Multi 1 address CC
    Maru2 ciphertext [([D] R) a, Ta] PKb: Digital signature with the secret key SKa of the sending terminal A at the digest value ([D] R) a of the encrypted transmission information and the transmission date / time Ta Ciphertext
    Maru3 ciphertext [D] R
Send. These data items are substantially the same as the data items sent from the content certification server C to the receiving terminal B in the above-described embodiment.
[0075]
  Since the subsequent processing is the same as that of the first embodiment (see FIG. 2), detailed description thereof is omitted.
[0076]
  FIG. 13 is a diagram for explaining another embodiment (embodiment 5) of the content certification device according to the present invention, and shows an operation sequence of the communication network according to the embodiment 5. In the above-described fourth embodiment, since the transmission date and time Ta determined by the content certification server C has not received the electronic signature of the transmission side terminal A, in this fifth embodiment, the transmission date and time Ta of the transmission side terminal A An electronic signature can be obtained.
[0077]
  That is, in the fifth embodiment, in performing communication with the content proof, the transmitting side terminal A includes the address AA of the transmitting side terminal A that is the source and the address BB of the receiving side terminal B that is the destination. It sends to the certification server C and requests content certification communication. The content certification server C sees the source address AA and the destination address BB, obtains the public key PKa of the sender terminal A and the public key PKb of the receiver terminal B from the authentication server N, and Confirm the transmission date and time Ta.
[0078]
  Next, the content proof server C sends the ciphertext [PKb, Ta] SKc digitally signed by the content proof server C to the transmitting terminal A and the public key PKb of the receiving terminal B and the transmission date and time Ta, or this cipher. The ciphertext [[PKb, Ta] SKc] PKa, which is obtained by encrypting the text with the public key PKa of the transmitting terminal A, is sent.
[0079]
  When the sending terminal A receives the communication data from the content certification server C, the data of the next item is received.
    Mal 1 address AA: address on the network of the originating terminal A as the source
    Maru 2 address BB: address on the network of the receiving terminal B as the receiving destination
    Maru 3 ciphertext [[([D] R) a, (D) a, Ta] SKa] PKc: Digest value ([D] R) a of encrypted transmission information and digest value (D) of transmission information The ciphertext [([D] R) a, (D) a] SKa obtained by digitally signing the a and the transmission date / time Ta with the private key SKa is encrypted with the public key PKc of the content certification server C. secret message
    Maru 5 ciphertext [[R, (R) a] SKa] PKc: Ciphertext [R, (R) a with which the originating terminal A digitally signed the common key R and its digest value (R) a with the private key SKa ] A ciphertext obtained by encrypting SKa with the public key PKc of the content certification server C
Is sent to the content certification server C. At the same time, the data of the same item as that of the above-described fourth embodiment, that is, for the receiving terminal B,
    Multi 1 address CC
    Maru2 ciphertext [([D] R) a, Ta] PKb
    Maru3 ciphertext [D] R
Send.
[0080]
  Since the subsequent processing is the same as that of the above-described fourth embodiment (see FIG. 12), detailed description is omitted. However, the difference is that a data item stored for content certification at the content certification site is encrypted. Instead of the text [([D] R) a, (D) a] SKa, the ciphertext [([D] R) a, (D) a, Ta] SKa is stored, and the transmission date and time Ta itself. The data is not saved.
[0081]
  FIG. 14 is a diagram for explaining another embodiment (sixth embodiment) of the content certification apparatus according to the present invention, and shows an operation sequence of the communication network according to the sixth embodiment. In the above-described fourth and fifth embodiments, the common key R (common key) for encrypting the transmission information D is generated at the transmitting terminal A. In the sixth embodiment, the common key R is used for content verification. It is generated by the server C.
[0082]
  That is, in performing the communication with the content certification, the transmission side terminal A sends the address AA of the transmission side terminal A that is the transmission source and the address BB of the reception side terminal B that is the reception destination to the content verification server C. Request content certification communication. The content certifying server C obtains the public key PKa of the sender terminal A and the public key PKb of the receiver terminal B from the authentication server N by looking at the sender address AA and the receiver address BB. In addition, a common key R is generated and a digest value (R) c is created. Further, the transmission date / time Ta of the transmission side terminal A is determined.
[0083]
  Next, a ciphertext [PKb, Ta] SKc in which the public key PKb of the receiving terminal B, which is the receiving destination, and the transmission date / time Ta are digitally signed with the secret key SKc of the content certification server C is created, and the common key R and its digest are also created. A ciphertext [R, (R) c] SKa is generated by digitally signing the value (R) c with the secret key SKc of the content certification server C, and this ciphertext is encrypted with the public key PKa of the originating terminal A The ciphertexts [[R, (R) c] SKa] PKc are prepared in order to conceal them, and these ciphertexts are sent to the transmitting terminal A. The former ciphertext [PKb, Ta] SKc may be concealed from the third party by encrypting it with the public key PKa of the calling terminal A.
[0084]
  The originating terminal A uses its own private key SKa and the public key PKc of the private key SKc, and from the received ciphertext, the public key PKb of the receiving terminal B, the transmission date / time Ta, the common key R, The digest value (R) c is acquired. Then, the symmetric key R is digested on the local station side to create a digest value (R) a, and this digest value (R) a is compared with the digest value (R) c obtained from the content certification server C, If the two match, it is confirmed that the common key R received from the content certification server C is a complete one that has not been altered or damaged due to a transmission error.
[0085]
  Next, using the common key R received from the content certification server C, a ciphertext [D] R is generated by encrypting the transmission information D to be sent to the receiving terminal B, and the digest of the ciphertext [D] R is further created. Create the value ([D] R) a.
[0086]
  Then, an encrypted digital signature is applied to the encrypted transmission information digest value ([D] R) a, transmission information digest value (D) a and transmission date and time Ta using the private key SKa of the local station. The sentence [([D] R) a, (D) a, Ta] SKa is created and encrypted with the public key PKc of the content certification server C, thereby making the ciphertext confidential to the third party [ [([D] R) a, (D) a, Ta] SKa] PKc are created and sent to the content certification server C. In this case, since the common key R is generated on the content certification server C side in the sixth embodiment, the information on the common key R is not sent to the content certification server C, unlike the fifth embodiment.
[0087]
  Subsequent processing is the same as that in the fifth embodiment (see FIG. 13), and a detailed description thereof will be omitted.
[0088]
  FIG. 15 is a diagram for explaining another embodiment (embodiment 7) of the content certification device according to the present invention, and shows an operation sequence of the communication network according to the embodiment 7. In the above-described first to third embodiments, the ciphertext [D] R of the transmission information transmitted from the transmission side terminal A takes the path of the transmission side terminal A → the content certification server C → the reception side terminal B and receives the reception side terminal. In the fourth to sixth embodiments described above, the ciphertext [D] R of the transmission information transmitted from the calling terminal A is transmitted from the calling terminal A → the receiving terminal B → the content certification server C. It is configured to be passed to each site through a route. On the other hand, in the seventh embodiment, together with the eighth and ninth embodiments described later, the ciphertext [D] R of the transmission information transmitted from the calling terminal A is sent to the content certification server C, and It is configured such that it takes a route (that is, a route of A → C and a route of A → C) that is directly sent directly to the receiving terminal B that is the recipient of the transmission information D and is passed to each site. .
[0089]
  If Example 7 shown in FIG. 15 is described in contrast with Example 4 shown in FIG.
    Round 1 address AA
    Maru 2 address BB
    Ciphertext [[([D] R) a, (D) a] SKa] PKc concerning the digest value of the Maru 3 transmission information
    Ciphertext [D] R of Maru 4 transmission information
    Ciphertext [[R, (R) a] SKa] PKc for the Maru 5 common key
Receive. Compared to the fourth embodiment, the difference is that the encrypted information [D] R is added. The content certification server C acquires the public key PKa of the transmitting terminal A and the public key PKb of the receiving terminal B based on the received data, and determines the transmission date and time Ta.
[0090]
  Subsequent processing is the same as that in the above-described fourth embodiment (see FIG. 12) except that the encrypted information [D] R of the transmission information is not sent from the receiving terminal B to the content certification server C. Description is omitted.
[0091]
  FIG. 16 illustrates another embodiment (Embodiment 8) of the content certifying apparatus according to the present invention, and shows an operation sequence of the communication network according to the eighth embodiment. In the above-described seventh embodiment, since the transmission date and time Ta determined by the content certification server C has not received the electronic signature of the transmission side terminal A, in this eighth embodiment, the transmission side terminal A has received the transmission date and time Ta. An electronic signature can be obtained.
[0092]
  That is, in the fifth embodiment, the sending terminal A sends the address AA of the sending terminal A and the address BB of the receiving terminal B to the contents certification server C when performing the communication with the contents certification. The content certification server C sees the source address AA and the destination address BB, obtains the public key PKa of the sender terminal A and the public key PKb of the receiver terminal B from the authentication server N, and Confirm the transmission date and time Ta.
[0093]
  Next, the content proof server C sends the ciphertext [PKb, Ta] SKc digitally signed by the content proof server C to the transmitting terminal A and the public key PKb of the receiving terminal B and the transmission date and time Ta, or this cipher. The ciphertext [[PKb, Ta] SKc] PKa, which is obtained by encrypting the text with the public key PKa of the transmitting terminal A, is sent.
[0094]
  When the sending terminal A receives the communication data from the content certification server C, the data of the next item is received.
    Round 1 address AA
    Maru 2 address BB
    Maru3 ciphertext [[([D] R) a, (D) a, Ta] SKa] PKc
    Ciphertext [D] R of Mal 5 transmission information
    The Maru 6 ciphertext [[R, (R) a] SKa] PKc is sent to the content certification server C. Compared to Example 7, the difference is that the ciphertext [D] R of the transmission information is also sent.
[0095]
  Subsequent processing is the same as that in the above-described fourth embodiment (see FIG. 12) except that the encrypted information [D] R of the transmission information is not sent from the receiving terminal B to the content certification server C. Description is omitted.
[0096]
  FIG. 17 explains another embodiment (Example 9) of the content certification device according to the present invention, and shows an operation sequence of the communication network according to Example 9. In the above-described seventh and eighth embodiments, a common key R (common key) for encrypting the transmission information D is generated at the originating terminal A. However, in this ninth embodiment, the common key R is used for content verification. It is generated by the server C.
[0097]
  The difference between the ninth embodiment and the sixth embodiment described above is that the transmission side terminal A transmits the transmission date and time Ta in the data transmitted to the content certification server C after receiving the common key R from the content certification server C. The data [Ta] SKa digitally signed by the side terminal A with the private key SKa is included. Except for this point, the other processing is the same as that of the sixth embodiment, and detailed description thereof is omitted. .
[0098]
  FIG. 18 explains another embodiment (embodiment 10) of the content certifying apparatus according to the present invention, and shows an operation sequence of the communication network according to the embodiment 10. In the above-described Examples 7 to 9, the ciphertext [D] R of the transmission information transmitted from the transmission side terminal A is sent to the content certification server C and the reception side terminal B which is the reception destination of the transmission information D In the tenth embodiment, the transmission information is encrypted in such a way that it is passed directly to each site by taking a direct route (ie, a route of A → C and a route of A → B). The sentence [D] R is directly passed to the receiving terminal B but is processed without being passed to the content certification server C, and the common key R is generated on the calling terminal A side. It is what I did.
[0099]
  The tenth embodiment shown in FIG. 18 will be described in comparison with the eighth embodiment shown in FIG. 16. The originating terminal A sends the address AA of the originating terminal A and the address B of the receiving terminal B to the content certification server C. To the content certificate server C, the ciphertext [PKb, Ta] SKc digitally signed by the content certificate server C at the public key PKb of the receiving terminal B and the transmission date and time Ta, or this A ciphertext [[PKb, Ta] SKc] PKa obtained by further encrypting the ciphertext with the public key PKa of the transmitting terminal A is received.
[0100]
  On the other hand, the calling terminal A
    Round 1 address AA
    Maru 2 address BB
    Maru3 ciphertext [[([D] R) a, (D) a, Ta] SKa] PKc
    Maru5 ciphertext [[R, (R) a] SKa] PKc
Is sent to the content certification server C. The difference from the eighth embodiment is that the ciphertext [D] R of the transmission information is not sent.
[0101]
  In the subsequent processing, the content certification server C does not store the ciphertext [D] R of the transmission information that has not been acquired and the common key R for decrypting it as the content certification database described above. Since it is the same as Example 4 (refer FIG. 12), detailed description is abbreviate | omitted.
[0102]
  Next, for each of the above-described embodiments, a processing sequence in the case where the sending terminal A or the receiving terminal B requests a content certification from the content certification server C of the content certification site will be described with reference to FIGS. .
[0103]
  First, the case where the calling terminal A requests a content proof regarding the digest value of the transmission information D will be described with reference to FIG. The terminal A on the sending side attaches an ID number that identifies the case and makes a digest certification request (content certification request) to the content certification server C.
[0104]
  In response to this content certification request, the content certification server C creates a ciphertext digitally signed by the content certification server C with the secret key SKc in the data of the next item for content certification, and further transmits the ciphertext. The data is encrypted with the public key PKa of the terminal A and concealed from the third party, and then returned to the terminal A on the transmission side.
[0105]
  [Case 1]
    Maru1 ciphertext [(D) a] SKa: Data obtained by digitally signing the digest value (D) a of the transmission information by the calling terminal A with the private key SKa
    Maru 2 public key PKa: public key of the sending terminal A necessary for decrypting the ciphertext [(D) a] SKa
    Mar 3 transmission date and time Ta: Date and time when the content certification server C was confirmed as the date and time when the calling terminal A transmitted
    Maru 4 decryption certificate [(D) b, Tb] SKb: data obtained by the receiving side terminal B electronically signing with the secret key SKb on the digest value (D) b of the transmission information and the receiving date and time Tb
    Maru 5 public key PKb: decryption certificate [(D) b, Tb] public key of receiving side terminal B necessary for decrypting SKb
[0106]
  [Case 2]
    Maru 1 ciphertext [(D) a, Ta] SKa: Data obtained by digitally signing the transmission side digest A with the secret key SKa at the transmission information digest value (D) a and the transmission date and time Ta
    Maru 2 public key PKa: Same as above
    Maru 3 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 4 public key PKb: Same as above
[0107]
  [Case 3]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: data obtained by digital signature of the receiving terminal B with the secret key SKb at the transmission information ciphertext [D] R and the transmission date and time Ta
    Maru 4 public key PKb: Same as above
    Mar 5 receipt date and time Tb: Date and time when the content certification server C was confirmed as the date and time when the receiving terminal B received the transmission information
[0108]
  [Case 4]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Maru 5 receipt date and time Tb: Same as above
[0109]
  Next, the case where the receiving terminal B requests content certification regarding the digest value of the transmission information D will be described with reference to FIG. The receiving terminal B attaches an ID number that identifies the case, and makes a digest certification request (content certification request) to the content certification server C.
[0110]
  In response to this content certification request, the content certification server C creates a ciphertext digitally signed by the content certification server C with the private key SKc in the data of the next item for content certification, and receives the ciphertext. After encrypting with the public key PKb of the side terminal B and concealing it from the third party, it is returned to the reception side terminal B.
[0111]
  [Case 1]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 transmission date and time Ta: Same as above
    Maru 4 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 5 public key PKb
[0112]
  [Case 2]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 4 public key PKb: Same as above
[0113]
  [Case 3]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Maru 5 receipt date and time Tb: Same as above
[0114]
  [Case 4]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Maru 5 receipt date and time Tb: Same as above
[0115]
  Next, the case where the calling terminal A requests content certification regarding the original transmission information D will be described with reference to FIG. The terminal A on the sending side attaches an ID number for identifying the case and makes a request for content certification of the original transmission information to the content certification server C.
[0116]
  In response to this content certification request, the content certification server C creates a ciphertext digitally signed by the content certification server C with the secret key SKc in the data of the next item for content certification, and further transmits the ciphertext. The data is encrypted with the public key PKa of the terminal A and concealed from the third party, and then returned to the terminal A on the transmission side.
[0117]
  [Case 1]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 transmission date and time Ta: Same as above
    Maru 4 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 5 public key PKb: Same as above
    Maru 6 ciphertext [D] R: Same as above
    Maru 7 common key R: Same as above
[0118]
  [Case 2]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Mal 5 ciphertext [D] R: Same as above
    Maru 6 common key R: Same as above
[0119]
  [Case 3]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Mal 5 ciphertext [D] R: Same as above
    Maru 6 common key R: Same as above
    Maru 7 receipt date and time Tb: Same as above
[0120]
  [Case 4]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Mal 5 ciphertext [D] R: Same as above
    Maru 6 common key R: Same as above
    Maru 7 receipt date and time Tb: Same as above
[0121]
  Next, a case where the receiving terminal B requests content certification regarding the original transmission information D will be described with reference to FIG. The receiving side terminal B attaches an ID number for identifying the case, and makes a content certification request for the original transmission information to the content certification server C.
[0122]
  In response to this content certification request, the content certification server C creates a ciphertext digitally signed by the content certification server C with the private key SKc in the data of the next item for content certification, and receives the ciphertext. After encrypting with the public key PKb of the side terminal B and concealing it from the third party, it is returned to the reception side terminal B.
[0123]
  [Case 1]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 transmission date and time Ta: Same as above
    Maru 4 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 5 public key PKb: Same as above
    Maru 6 ciphertext [D] R: Same as above
    Maru 7 common key R: Same as above
[0124]
  [Case 2]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 decryption certificate [(D) b, Tb] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Mal 5 ciphertext [D] R: Same as above
    Maru 6 common key R: Same as above
[0125]
  [Case 3]
    Maru 1 ciphertext [(D) a] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Mal 5 ciphertext [D] R: Same as above
    Maru 6 common key R: Same as above
    Maru 7 receipt date and time Tb: Same as above
[0126]
  [Case 4]
    Maru 1 ciphertext [(D) a, Ta] SKa: Same as above
    Maru 2 public key PKa: Same as above
    Maru 3 receipt ([D] R) b, Ta] SKb: Same as above
    Maru 4 public key PKb: Same as above
    Mal 5 ciphertext [D] R: Same as above
    Maru 6 common key R: Same as above
    Maru 7 receipt date and time Tb: Same as above
[0127]
  The digest content proofs in FIGS. 6 and 7 are selected in such cases because the amount of the transmission information D in the above items may be large and may not necessarily be stored for the content proof. Good. Also in this case, if either the sender's sender terminal A or the receiver's receiver terminal B stores the transmission information D, the transmission information D is the subject of content certification. This can be easily proved based on the digest values (D) a and (D) b stored in the recording server M or the digest values ([D] R) a and ([D] R) b.
[0128]
  In the first to tenth embodiments described above, the digest value ([D] of the ciphertext [D] R obtained by encrypting the transmission information D with the common key R as the digest value for confirming the integrity of the transmission information D. R] x is mainly used, but the present invention is not limited to this, and an operation sequence is performed to confirm the integrity of the transmission information D using the digest value (D) x obtained by digesting the transmission information D itself. May be configured.
[0129]
  In the present invention, the transmission information D is encrypted with the common key R to conceal communication for the third party. However, the present invention is not limited to this, and the public key PKx on the receiving side is not limited thereto. The operation sequence may be configured so as to transmit the transmission information D in order to conceal it by encrypting it using. The reason why the transmission information D is encrypted with the common key R as in each of the above-described embodiments is that the calculation efficiency at the time of encryption is good. Therefore, in this embodiment, the transmission information D is relatively short. Although it is suitable for the above case, the entire operation sequence can be simplified.
[0130]
  In each of the first to tenth embodiments described above, the transmission information D is encrypted using public key cryptography or common key cryptography (random number, etc.) and sent to the other party. It may be encrypted by the encryption method and sent to the other party.
[0131]
  In addition, as a digital signature method, those using the public key cryptosystem are used in each of the above-described embodiments, but of course the present invention is not limited to this, and identity verification and communication data contents using other digital signature methods. May be specified.
[0132]
  Further, in each of the above-described embodiments, the digest value is used as data for specifying the content of the transmission information (identification of data content), but the present invention is not limited to this, and the content of the transmission information is not limited to this. May be specified.
[0133]
  In each of the above-described embodiments, it has been described that a program for realizing the operation sequence of each embodiment is installed in advance on each site server such as a content certification server. However, the present invention is only in this form. Without limitation, such a recording medium obtained by recording a program for causing a computer to execute each procedure of the operation sequence of each of the above embodiments on a computer-readable recording medium and distributing the recording medium in the market. Alternatively, the present invention may be implemented by installing a program on a server at each site.
[0134]
【The invention's effect】
  As described above, according to the present invention, when transmitting / receiving transmission information using a network, the contents can be proved by a third party other than the sender / recipient.
[Brief description of the drawings]
FIG. 1 is a diagram showing a communication system using a content proving device as one embodiment (first embodiment) of the present invention.
FIG. 2 is a sequence diagram illustrating a state of data transmission / reception in the communication system according to the first embodiment of this invention.
FIG. 3 is a flowchart (1/3) illustrating a processing procedure of each site in the communication system according to the first embodiment of this invention.
FIG. 4 is a flowchart (2/3) illustrating a processing procedure at each site in the communication system according to the first embodiment of this invention.
FIG. 5 is a flowchart (3/3) illustrating a processing procedure of each site in the communication system according to the first embodiment of this invention.
FIG. 6 is a diagram showing a sequence in which the content certification server returns content certification data in response to the digest content certification request of the originating terminal in the system of the embodiment of the present invention.
FIG. 7 is a diagram showing a sequence in which a content certification server returns content certification data in response to a digest content certification request of a receiving terminal in the system of the embodiment of the present invention.
FIG. 8 is a diagram showing a sequence in which a content certification server returns content certification data in response to a content certification request for original transmission information of a transmitting terminal in the system of the embodiment of the present invention.
FIG. 9 is a diagram showing a sequence in which a content certification server returns content certification data in response to a content certification request for original transmission information of a receiving terminal in the system of the embodiment of the present invention.
FIG. 10 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (second embodiment) of the present invention.
FIG. 11 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (third embodiment) of the present invention.
FIG. 12 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (embodiment 4) of the present invention.
FIG. 13 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (embodiment 5) of the present invention.
FIG. 14 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (sixth embodiment) of the present invention.
FIG. 15 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (seventh embodiment) of the present invention.
FIG. 16 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (eighth embodiment) of the present invention.
FIG. 17 is a sequence diagram for explaining a state of data transmission / reception in a communication system according to another embodiment (embodiment 9) of the present invention.
FIG. 18 is a sequence diagram illustrating a state of data transmission / reception in a communication system according to another embodiment (Example 10) of the present invention.
[Explanation of symbols]
        1 Content proof site (content proof device)
        2 certificate authorities
        3 Recording server
        4 Internet
        A Caller terminal (calling site as front end)
        B Receiving terminal (receiving site as front end)
        C Content certification server
        D Transmission information
        (D) a Digest value of the transmission information D calculated by the calling terminal A
        (D) b Digest value of the transmission information D calculated by the receiving terminal B
        (D) c Digest value of the transmission information D calculated by the content certification server C
        ([D] R) a Digest value of encrypted transmission information [D] R calculated by the sending terminal A
        ([D] R) b Digest value of encrypted transmission information [D] R calculated by the receiving terminal B
        ([D] R) c Digest value of encrypted transmission information [D] R calculated by the content certification server C
        M Content certification site recording server
        N Content certification site authentication server
        PKa Public key of originating terminal A
        Public key of PKb receiving terminal B
        Public key of PKc content certification server C
        R Common key (random number)
        SKa Secret key of originating terminal A
        SKb receiving terminal B's private key
        SKc Content certification server C private key
        Ta outgoing date and time
        Tb date and time of receipt

Claims (14)

The content proof site device of the content proof site proves that the transmission information transmitted in an encrypted state from the sender device is received and decrypted by the receiver device via the network. A communication system for performing
The sender device transmits the transmission information directly only to the receiver device, and the sender who digitally signed the data that can confirm the identity of the content of the transmission information transmitted by the sender device. Send the signature data to the content certification site device,
The recipient apparatus, when decoding received the transmission information, the recipient signature data receiving followers has electronic signature to data that can confirm the identity of the contents of the transmission information receiving followers device has decoded received Sent to the content certification site device,
The content certification site device is configured to store the sender signature data received from the sender device and the receiver signature data received from the receiver device for content certification . As part of the content certification, among the sender signature data, data that can confirm the identity of the content of the transmission information transmitted by the sender device, and among the receiver signature data, the receiver device receives Is set to collate with the data that can confirm the identity of the content of the transmission information decrypted by
Data that can confirm the identity of the content of the transmission information transmitted by the sender device is limited to the digest of the transmission information or the digest of the encryption information that encrypted the transmission information,
Data that can confirm the identity of the content of the transmission information received and decrypted by the receiver device is limited to the digest of the transmission information or the digest of encryption information that encrypted the transmission information,
A communication system for performing content certification characterized by the above. Receiving followers signature data communication system for content certification according to claim 1, wherein configured to include those receiving followers information about when receiving followers receives the transmission information is electronic signature. The content certification site device calling party device or communication system for content certification according to claim 1, wherein consisted either to receive said transmission information receiving followers device. The communication system for performing content certification according to any one of claims 1 to 3 , wherein the content certification site device is configured to receive the sender signature data and the receiver signature data using its own public key encryption.   The communication system for performing content certification according to any one of claims 1 to 4, wherein a common key encryption is used as an encryption method for encrypting transmission information on a transmission path of the network. The content certification site device when generating the common key of the common cipher with calling party device side, according to claim 5, configured to receive said common key from calling party device using its own public key cryptography Communication system for proof of content. Before the receiver device receives the encryption key for decrypting the encrypted transmission information from the sender device or the content proof site device, the content proof site device receives the receiver signature from the receiver device. The communication system for performing content certification according to any one of claims 1 to 6 , configured to receive data. A content proof site device that proves that transmission information transmitted in an encrypted state from a sender device is received and decrypted by a receiver device via a network,
First receiving means for receiving, from the caller device, caller signature data electronically signed by the caller in data that can confirm the identity of the content of the transmission information transmitted by the caller device;
Second receiving means for receiving, from the receiver device, receiver signature data digitally signed by the receiver into data that can be confirmed by the receiver device by receiving and decrypting the content of the transmitted information;
Storage means for storing the sender signature data received from the sender device and the receiver signature data received from the receiver device for proof of contents;
As part of the content certification, out of the sender signature data, the data that can confirm the identity of the content of the transmission information transmitted by the sender device and the receiver signature data received by the receiver device Means for collating with data that can confirm the identity of the content of the decrypted transmission information,
Data that can confirm the identity of the content of the transmission information transmitted by the caller device is limited to the digest of the transfer information transmitted by the caller device or the digest of encrypted information obtained by encrypting the transfer information,
The data that can confirm the identity of the content of the transmission information received and decrypted by the receiver device is the digest of the transmission information received and decrypted by the receiver device or the digest of the encryption information that encrypted the transmission information limited,
Content proof site device characterized by that. 9. The content certifying site apparatus according to claim 8, wherein the receiver signature data is configured so that information about a date and time when the receiver receives the transmission information includes a digital signature of the receiver. The content proof site device is configured to receive the transmission information from either the sender device or the receiver device as data necessary for processing the content proof, not to deliver the information to the receiver device. The content proof site device according to any one of claims 8 to 9 . The content proof site device according to any one of claims 8 to 10 , wherein the content proof site device is configured to receive the sender signature data and the receiver signature data using its own public key encryption. The content certification site device according to any one of claims 8 to 11 , wherein a common key encryption is used as an encryption method for encrypting transmission information on a transmission path of the network. The content certification site device when generating the common key of the common cipher with calling party device side, according to claim 12 configured to receive the common key from the calling party device using its own public key cryptography Content proof site equipment.   The content proof site device receives the encryption key for the recipient device to decrypt the encrypted transmission information from the receiver device or the content proof site device before receiving the encryption key from the receiver device. 14. The content certification site device according to claim 8, wherein the content certification site device is configured to receive signature data.

Images