JP7276539B2 - Data management device and data management method - Google Patents

Description

The present disclosure relates to a data management device and data management method for managing data using distributed ledger technology.

Japanese Patent Application Laid-Open No. 2019-46442 (Patent Document 1) discloses an intellectual property management system that stores data related to intellectual property such as patents in a shared ledger such as a blockchain. This intellectual property management system generates notarization data based on the data of the shared ledger, and requests the notarization service connected externally to notarize the notarization data. Then, the intellectual property management system records the date and time of notarization. This ensures the accuracy of data recording.

JP 2019-46442 A Japanese Patent Publication No. 2019-521627

In view of the multinational expansion of business in recent years, it has become important to guarantee the accuracy of the time when data is recorded in multiple countries and regions. However, there may be cases where certification by a certification service in one country is not officially recognized in another. Therefore, for example, data certified by a certification service in a certain country does not necessarily guarantee the accuracy of the time when the data was recorded in a country other than the country to which the certification service belongs. There is a demand for a mechanism that can guarantee the accuracy of data recording times in multiple countries and regions.

The present disclosure has been made to solve the above problems, and an object of the present disclosure is to guarantee the accuracy of data recording time in a plurality of countries and/or regions.

(1) A data management device according to an aspect of the present disclosure manages data using distributed ledger technology. This data management device includes a storage device that stores a distributed ledger, a control device that registers transaction data including data information in the distributed ledger, and a communication device configured to communicate with a plurality of time stamping authorities. Prepare. Each of the plurality of time stamping authorities is a time stamping authority based on mutually different standards. The control device transmits the transaction data to at least one time stamping authority selected from the plurality of time stamping authorities via the communication device, and the time stamp token of the transaction data from the selected time stamping authority. Get and register the timestamp token on the distributed ledger.

According to the above configuration, the control device transmits transaction data including information on data to be managed by the distributed ledger (hereinafter also referred to as "target data") to one of the plurality of time stamping authorities via the communication device. Transmit to at least one selected time stamping authority to acquire a time stamp token of the transaction data from the selected time stamping authority. The control device then registers the obtained timestamp token in the distributed ledger. As a result, the time stamp tokens obtained from the time stamping authority are managed in a distributed ledger. Each of the plurality of time stamping authorities is a time stamping authority based on mutually different standards. By acquiring time stamp tokens from such multiple time stamping authorities and managing them in a distributed ledger, it is possible to guarantee the accuracy of the time when data is recorded in multiple countries and/or regions.

(2) In one embodiment, the data management device further comprises an input device configured to allow selection of any time stamping authority from among a plurality of time stamping authorities via a communication device. The control device transmits the transaction data to the time stamping authority selected by the input to the input device.

For example, depending on the contents and attributes of the target data, it may not be necessary to acquire timestamp tokens from all of the multiple time stamping authorities. According to the above configuration, the user of the data management device can select the time stamping authority from which the time stamp token is acquired. As a result, for example, it is possible not to acquire a time stamp token from a time stamp token that does not need to be acquired, so it is possible to reduce the processing load.

(3) In an embodiment, the control device transmits a hash value obtained by hashing the transaction data to at least one time stamping authority selected from among the plurality of time stamping authorities via the communication device. Then, the time stamp token of hash value is acquired from the selected time stamping authority, and the time stamp token is registered in the distributed ledger.

According to the above configuration, the control device transmits the hash value of the transaction data including the information of the target data to at least one time stamping authority selected from among the plurality of time stamping authorities via the communication device, Acquire a timestamp token with a hash value from the selected time stamping authority. The control device then registers the obtained timestamp token in the distributed ledger. As a result, the time stamp tokens obtained from the time stamping authority are managed in a distributed ledger. With such a configuration, it is possible to guarantee the accuracy of data recording time in a plurality of countries and/or regions.

(4) In one embodiment, the control device rehashed the data, compared the rehashed value with the hash value from which the timestamp token was obtained, and determined whether the data existed based on the comparison result. Verify proof.

According to the above configuration, it is possible to verify the existence proof of data, prove that the data existed at the time included in the timestamp token, and prove that the data has not been tampered with since that time. can do.

(5) In some embodiments, data is associated with ID information. The input device is configured to be able to select ID information. Hash data obtained by reading from a distributed ledger at least one transaction data linked to ID information selected by an operation on an input device, and hashing the read at least one transaction data collectively via a communication device. is sent to at least one time stamping authority selected from among a plurality of time stamping authorities, a timestamp token of hash data is obtained from the selected time stamping authority, and the timestamp token is stored in a distributed ledger register.

According to the above configuration, the user of the data management device can acquire the timestamp token of the hash data at any timing.

(6) In one embodiment, the control device rehashed at least one piece of transaction data associated with the ID information, and compared the rehashed value with the hash data from which the timestamp token was obtained. and verify the existence proof of the data based on the comparison result.

According to the above configuration, data existence proof can be verified in units of hash data.

(7) In one embodiment, the communication device is configured to communicate with multiple key certification authorities. Each of the plurality of key certification authorities is a certification authority that issues an electronic certificate for a private key and a public key paired with the private key based on mutually different standards. The electronic certificate contains public key information. The storage device stores private keys corresponding to each of the plurality of key certification authorities and electronic certificates issued by each of the plurality of key certification authorities. The control device generates an electronic signature using a private key for each of the plurality of key certification authorities, and includes the electronic signature for each of the plurality of key certification authorities in transaction data.

According to the above configuration, one transaction data registered in the distributed ledger includes electronic signatures for each of a plurality of certificate authorities. The validity of electronic signatures may vary by country or region due to differences in standards. By including a plurality of electronic signatures with different standards in the transaction data, it becomes possible to prove the validity of the electronic signatures included in the transaction data in a plurality of countries and/or regions. As a result, the reliability of the data registered in the distributed ledger is increased, and spoofing and falsification of data by a third party can be suppressed.

(8) In some embodiments, the communication device is configured to communicate with multiple key certification authorities. Each of the plurality of key certification authorities is a certification authority that issues an electronic certificate for a private key and a public key paired with the private key based on mutually different standards. The electronic certificate contains public key information. The storage device stores private keys corresponding to each of the plurality of key certification authorities and electronic certificates issued by each of the plurality of key certification authorities. A control device generates an electronic signature using a private key for each of a plurality of key certification authorities, and registers a plurality of transaction data corresponding to a plurality of key certification authorities in a distributed ledger for one process. Each of the plurality of transaction data includes the electronic signature of the corresponding key certification authority.

According to the above configuration, a plurality of transaction data corresponding to a plurality of key certification authorities are registered in the distributed ledger for one process. As described above, the validity of electronic signatures may vary from country to country or region due to differences in standards. Being registered in a type ledger makes it possible to prove the validity of an electronic signature in multiple countries and/or regions. As a result, the reliability of the data registered in the distributed ledger is increased, and spoofing and falsification of data by a third party can be suppressed.

(9) In one embodiment, the control device decrypts the electronic signature of each of the plurality of key certification authorities using the public key included in the corresponding electronic certificate of each of the plurality of key certification authorities. Based on the results, verify the validity of the electronic signatures for each of the multiple key certification authorities.

According to the above configuration, it is possible to verify the validity of a plurality of electronic signatures included in transaction data or the electronic signature included in each transaction data.

(10) In some embodiments, the data is intellectual property data.
With respect to intellectual property data, it is important to guarantee the accuracy of the time when the data was recorded from the viewpoint of prior use rights. accuracy can be guaranteed.

(11) A data management method according to another aspect of the present disclosure is a data management method for a data management device that manages data using distributed ledger technology. The data management device includes a storage device that stores a distributed ledger, a control device that registers transaction data including data information in the distributed ledger, and a communication device configured to communicate with a plurality of time stamping authorities. . Each of the plurality of time stamping authorities is a time stamping authority based on mutually different standards. The data management method comprises transmitting transaction data to at least one time stamping authority selected from a plurality of time stamping authorities; acquiring a timestamp token for the transaction data from the selected time stamping authority; and registering the timestamp token with the distributed ledger.

According to the present disclosure, it is possible to guarantee the accuracy of data recording time in multiple countries and/or regions.

1 is a diagram showing a schematic configuration of a data management system according to Embodiment 1; FIG. It is a figure for demonstrating DAG data. 4 is a functional block diagram of a control device for explaining generation of transaction data; FIG. FIG. 4 is a diagram for explaining an outline of application for proof of existence (acquisition of time stamp token); FIG. 10 is a sequence diagram for explaining the flow from creation of DAG data to application for proof of existence (acquisition of a time stamp token); FIG. 10 is a diagram for explaining an interface screen for applying for proof of existence (obtaining a time stamp token); FIG. 7 is a diagram for explaining an interface screen that is displayed when the "issue proof of existence" button in FIG. 6 is selected; FIG. 4 is a functional block diagram of a control device for explaining an application for proof of existence (acquisition of a time stamp token); FIG. 10 is a sequence diagram for explaining the flow of existence proof verification; FIG. 10 is a diagram for explaining an interface screen for verifying proof of existence; FIG. 4 is a functional block diagram of a control device for explaining existence proof verification; FIG. 4 is a functional block diagram of a control device for explaining verification of validity of an electronic signature; 4 is a flow chart showing a procedure of processing for generating transaction data; FIG. 10 is a flow chart showing a procedure of processing for applying for existence proof of invention information; FIG. 10 is a flow chart showing a procedure of processing for verifying proof of existence; 10 is a flow chart showing the procedure of processing for verifying the validity of an electronic signature; FIG. 10 is a diagram showing a schematic configuration of a data management system according to Embodiment 2; FIG. FIG. 4 is a diagram for explaining blockchain data; FIG. 4 is a diagram for explaining an outline of application for proof of existence (acquisition of time stamp token);

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings. Embodiment 1 describes an example in which distributed ledger technology using DAG (Directed Acyclic Graph) is applied to a data management system that manages data using distributed ledger technology. Embodiment 2 will explain an example in which distributed ledger technology using blockchain is applied to a data management system that manages data using distributed ledger technology. It should be noted that other distributed ledger technologies other than the distributed ledger technology using the DAG and the distributed ledger technology using the blockchain can be applied to the data management system. The same or corresponding parts in the drawings are denoted by the same reference numerals, and the description thereof will not be repeated.

[Embodiment 1]
<Overall configuration of data management system>
FIG. 1 is a diagram showing a schematic configuration of a data management system 1 according to Embodiment 1. As shown in FIG. A data management system 1 according to the present embodiment is a system for forming a network among a plurality of companies and managing data related to intellectual property such as patents. The data managed by the data management system 1 is not limited to data relating to intellectual property, and may be various data.

Referring to FIG. 1 , data management system 1 includes four data management devices 100 , certificate authority group 300 , and time certificate authority group 400 . Each of the four data management devices 100 is a data management device belonging to a different company (for example, company A, company B, company C and company D). In FIG. 1, the data management device 100 of company A is denoted as data management device 100, and the data management devices 100 of company B, company C, and company D are denoted as data management device 100A. In the following, the data management device 100 of Company A will be described as a representative example, but the data management device 100A also has similar functions.

The four data management devices 100, 100A form a network NW. Distributed ledger technology using DAG is applied to the data management system 1 according to the first embodiment. A distributed ledger using DAG (hereinafter also simply referred to as "DAG") contains various information (recorded information) including the record history of data related to intellectual property such as patents. The DAG stores all recorded information from the start of operation of the data management system 1 to the present. In the data management system 1 according to the present embodiment, an example in which four data management devices form the network NW will be described, but the number of data management devices forming the network NW is arbitrary. , may be less than four, or may be five or more.

The data management device 100 is, for example, a desktop PC (Personal Computer), a notebook PC, a tablet terminal, a smart phone, or other information processing terminal having a communication function. The data management device 100 includes a control device 110, a ROM (Read Only Memory) 120, a RAM (Random Access Memory) 130, a communication device 140, a storage device 150, an input device 160, and a display device 170. . Control device 110 , ROM 120 , RAM 130 , communication device 140 , storage device 150 , input device 160 and display device 170 are connected to bus 180 . A management server 200 is communicably connected to the data management device 100 .

Control device 110 is configured by, for example, an integrated circuit including a CPU (Central Processing Unit). The control device 110 develops various programs stored in the ROM 120 in the RAM 130 and executes them. Various programs include an operating system and the like. The RAM 130 functions as a working memory and temporarily stores various data necessary for executing various programs. Control device 110 complies with a plurality of standards (for example, Japanese standards, Chinese standards, US standards, EU standards, etc.), and creates private keys (for example, first to It has a function of generating a fourth secret key) and a public key (for example, first to fourth public keys described later).

Communication device 140 is configured to be able to communicate with external devices. An external apparatus contains 100 A of data management apparatuses, the management server 200, the certification authority group 300, the time certification authority group 400 grade|etc., for example. Communication between the communication device 140 and an external device can be performed via the Internet, a wide area network (WAN), a local area network (LAN), an Ethernet (registered trademark) network, a public network, a private network, a wired network, a wireless network, or the like, or A combination of these is used.

Storage device 150 includes, for example, a storage medium such as a hard disk or flash memory. Storage device 150 stores DAG data 152 . Note that the DAG data 152 is not limited to being stored in the storage device 150, and may be stored in the ROM 120, the RAM 130, or the management server 200. FIG. Details of the DAG data 152 will be described later. Storage device 150 also stores a private key and a public key generated by control device 110 . The storage device 150 also stores electronic certificates issued by each of a plurality of certificate authorities included in the certificate authority group 300 . Note that the storage of the private key, public key and electronic certificate is not limited to the storage device 150, and may be stored in the ROM 120, the RAM 130, or the management server 200.

Input device 160 includes an input device. Input devices are, for example, mice, keyboards, touch panels, and/or other devices capable of accepting user operations.

Display device 170 includes a display. The display device 170 causes the display to display various images according to control signals from the control device 110 . The display is, for example, a liquid crystal display, an organic EL (Electro Luminescence) display, or other display devices.

The management server 200 stores data related to intellectual property such as patents. The management server 200 stores data related to intellectual property according to control signals from the data management device 100 . Note that data regarding intellectual property may be stored in the storage device 150 .

The certification authority group 300 includes multiple certification authorities. A certification authority includes a server belonging to a certification authority that issues digital certificates. An applicant for an electronic certificate (data management device 100 in this embodiment) generates a private key and a public key, and transmits the generated public key to the certification authority. The certificate authority generates an electronic certificate for the public key received from the applicant and issues the electronic certificate to the applicant. Alternatively, the certificate authority generates a private key, a public key, and an electronic certificate in response to a request from the applicant (data management device 100 in this embodiment) and issues them to the applicant. good too. A certificate authority issues a digital certificate containing public key information, for example. Each of the multiple certificate authorities included in the certificate authority group 300 issues electronic certificates conforming to different standards. In this embodiment, the certification authority group 300 includes four certification authorities, a first certification authority 310 , a second certification authority 320 , a third certification authority 330 and a fourth certification authority 340 . Note that the number of certificate authorities included in the certificate authority group 300 is arbitrary, and may be, for example, less than four or may be five or more.

The first certification authority 310 includes, for example, a server belonging to a certification authority that issues electronic certificates conforming to Japanese standards. The applicant generates a first private key and a first public key conforming to Japanese standards, and transmits the generated first public key to the first certification authority 310 . The first certificate authority 310 generates a first electronic certificate for the first public key received from the applicant and issues the first electronic certificate to the applicant. When the first certification authority 310 generates the first secret key and the first public key, the first certification authority 310 generates the first secret key and the first public key at the request of the applicant. and issues the first electronic certificate including the first private key and the first public key to the applicant. The second certification authority 320 includes, for example, a server belonging to a certification authority that issues electronic certificates conforming to Chinese standards. The applicant generates a second private key and a second public key that comply with Chinese standards, and transmits the generated second public key to the second certification authority 320 . The second certificate authority 320 generates a second electronic certificate for the second public key received from the applicant and issues the second electronic certificate to the applicant. When the second certification authority 320 generates the second secret key and the second public key, the second certification authority 320 generates the second secret key and the second public key at the request of the applicant. Then, a second electronic certificate containing the second private key and the second public key is issued to the applicant. The third certification authority 330 includes, for example, a server belonging to a certification authority that issues digital certificates conforming to US standards. The applicant generates a third private key and a third public key conforming to US standards, and transmits the generated third public key to the third certification authority 330 . The third certificate authority 330 generates a third electronic certificate for the third public key received from the applicant and issues the third electronic certificate to the applicant. In addition, when the third certification authority 330 generates the third private key and the third public key, the third certification authority 330 generates the third private key and the third public key in response to the applicant's request. Then, a third electronic certificate containing the third private key and the third public key is issued to the applicant. The fourth certification authority 340 includes, for example, a server that belongs to a certification authority that issues electronic certificates conforming to EU standards. The applicant generates a fourth private key and a fourth public key conforming to EU standards, and transmits the generated fourth public key to the fourth certification authority 340 . The fourth certificate authority 340 generates a fourth electronic certificate for the fourth public key received from the applicant and issues the fourth electronic certificate to the applicant. In addition, when the fourth certification authority 340 generates the fourth private key and the fourth public key, the fourth certification authority 340 generates the fourth private key and the fourth public key in response to the applicant's request. Then, a fourth electronic certificate containing the fourth private key and the fourth public key is issued to the applicant.

In this embodiment, a first private key, a first electronic certificate, a second private key, a second electronic certificate, a third private key, a third electronic certificate, a fourth private key, and a fourth electronic certificate The book is stored in storage device 150 . Note that each of the first certification authority 310, the second certification authority 320, the third certification authority 330, and the fourth certification authority 340 included in the certification authority group 300 is an example of the "key certification authority" according to the present disclosure. Equivalent to.

The time stamp authority group 400 includes a plurality of time stamp authorities (TSA). A time stamping authority includes a server belonging to a certification authority that issues timestamp tokens. A time stamp authority issues a time stamp token in response to a time stamp issue request from an applicant (data management device 100 in this embodiment). More specifically, the time stamping authority adds time information based on a traceable time source to the data (hash value) received from the applicant (data management device 100 in this embodiment). Send the combined timestamp token to the applicant. The data transmitted from the data management device 100 to the time stamping authority may be, for example, a hash value of transaction data (described later), or at least one transaction data linked to an invention ID (invention ID). may be a hash value (invention hash (described later)) obtained by hashing together. The details of the transaction data will be described later, but the transaction data is data containing hash values of data related to intellectual property stored in the management server 200 . A hash value is a numerical value obtained as a result of hashing data using a hash function.

In the present embodiment, time stamping authority group 400 includes four time stamping authorities: first time stamping authority 410, second time stamping authority 420, third time stamping authority 430, and fourth time stamping authority 440. ing. Note that the number of time stamping authorities included in the time stamping authority group 400 is arbitrary, and may be, for example, less than four or may be five or more.

Each of the first time stamping authority 410, the second time stamping authority 420, the third time stamping authority 430, and the fourth time stamping authority 440 is a time stamping authority based on different standards in different countries or regions. The first time stamping authority 410 includes, for example, a server belonging to a time stamping authority that issues time stamps conforming to Japanese standards. The second time stamping authority 420 includes, for example, a server belonging to a time stamping authority that issues time stamps conforming to Chinese standards. Third time stamping authority 430 includes, for example, a server belonging to a time stamping authority that issues time stamps conforming to US standards. The fourth time stamping authority 440 includes, for example, a server that belongs to a time stamping authority that issues time stamps conforming to EU standards.

<DAG data>
FIG. 2 is a diagram for explaining the DAG data 152. As shown in FIG. As shown in FIG. 2, the DAG data 152 has a configuration in which one transaction data is connected in one direction, multiple times, and not circulated. The transaction data is data indicating a transaction, the details of which will be described later. The DAG data 152 stores a history of records such as data related to intellectual property in the data management devices 100 and 100A forming the network NW from the start of operation of the data management system 1 to the present. The DAG data 152 is stored in all the data management devices 100, 100A forming the network NW. As a result, even if the DAG data 152 is tampered with by a certain user, tampering is prevented based on the DAG data 152 of a plurality of other users.

In the example of DAG data 152 according to the present embodiment shown in FIG. 2, transaction data is linked to transaction data of two transactions that occurred earlier than the transaction to which the transaction data corresponds. This indicates that the transaction data includes hash values of transaction data of two transactions that occurred earlier than the transaction to which the transaction data corresponds. Concretely, the consensus building algorithm according to the present embodiment will be described by taking as an example a case where the transaction data 153c is added to the DAG data 152. FIG.

When registering data on a new intellectual property, the data management device 100 causes the management server 200 to store the data (for example, document) on the intellectual property to be newly registered, and generates transaction data (transaction data) indicating this process. ) 153c and transmits the transaction data 153c to the network NW. This transaction data 153c includes a hash value of the data (document) regarding the intellectual property. This hash value is a numerical value obtained as a result of hashing data related to intellectual property using a hash function. Further, this transaction data 153c includes hashes of the transaction data 153a and 153b of two transactions that occurred before the transaction to which the transaction data 153c corresponds (storage of the data on the intellectual property in the management server 200). Contains a value. The fact that the hash values of the transaction data 153a and 153b are included in the transaction data 153c indicates that the data management device 100 approved the transaction data 153a and 153b when the transaction data 153c was generated.

The data management device 100 selects two transaction data 153a and 153b from past transaction data included in the DAG data 152 when generating the transaction data 153c. Then, the data management device 100 verifies the contents of the selected transaction data 153a, 153b in order to approve the selected transaction data 153a, 153b. Furthermore, the data management device 100 may retroactively verify transaction data directly or indirectly approved by the transaction data 153a, 153b to verify that unauthorized transaction data is not approved. To directly approve means to include the hash value of the transaction data. For example, taking the transaction data 153a and 153c as an example, the transaction data 153c directly approves the transaction data 153a. are doing. Indirect approval means that the directly approved transaction data directly or indirectly approves the transaction data. Then, transaction data 153f contains the hash value of transaction data 153c directly approving transaction data 153a, and indirectly approving transaction data 153a.

The verification method may be, for example, a verification method using an electronic signature included in the transaction data, or may be another known verification method. After verifying the contents of the transaction data, the data management device 100 hashes the verified transaction data 153a and 153b, and includes these hash values in the transaction data 153c. The method of selecting the two transaction data 153a and 153b may be a method of randomly selecting from past transaction data, or a selection method using a selection algorithm such as the Markov chain Monte Carlo method. may

Transaction data 153c transmitted from data management device 100 to network NW is later approved by data management device 100A and/or data management device 100 in the same manner as described above. For example, transaction data 153c is endorsed by transaction data 153d and 153f.

Additionally, the weight on the transaction data may be taken into account in approving the transaction data. Transaction data is set with a cumulative weight that is the sum of the weights of transaction data directly or indirectly approving the transaction data. In other words, the larger the value of the accumulated weight, the more transaction data approve the transaction data. In other words, the higher the cumulative weight, the higher the probability that the transaction data is valid. The weight may be set differently depending on whether the transaction data is approved by the person (for example, data management device 100) who generated the transaction data or by another person (for example, data management device 100A).

<Transaction data>
The transaction data includes, for example, invention ID information, hash value of target data (data related to intellectual property: for example, document), time information for broadcasting the transaction data to the network NW (sending to the network NW), Transaction data sender information, hash values of past transaction data, electronic signatures, and the like are included. Data related to intellectual property included in the transaction data is data related to the invention ID. The details of the invention ID information and the hash value of the intellectual property data will be described later. Note that the time information included in the transaction data may be time information indicating the time at which a process corresponding to the transaction data (for example, a process of recording target data in the management server 200) occurred.

The sender information of the transaction data is, for example, information indicating Company A if the transaction data is transmitted from the data management device 100 to the network NW. In addition, the sender information of the transaction data may be information indicating in more detail the department (a department of company A) that executed the operation of transmitting the transaction data to the network NW. It may be information indicating the individual (employee of company A) who performed the transmission operation.

<Generation of transaction data>
FIG. 3 is a functional block diagram of the control device 110 for explaining generation of transaction data. Referring to FIG. 3 , control device 110 includes an information acquisition unit 1101 , a transaction data generation unit 1103 , an electronic signature unit 1105 and a transaction data transmission unit 1107 . Control device 110 functions as information acquisition section 1101 , transaction data generation section 1103 , electronic signature section 1105 , and transaction data transmission section 1107 by executing programs stored in ROM 120 , for example. Information acquisition unit 1101, transaction data generation unit 1103, electronic signature unit 1105, and transaction data transmission unit 1107 may be implemented by dedicated hardware (electronic circuits), for example.

The information acquisition unit 1101 acquires requested information from the user via the input device 160 . Request information includes, for example, a request to record data relating to intellectual property. For example, when the user of the data management device 100 operates the input device 160 to store (register) data related to intellectual property in the management server 200, the information acquisition unit 1101 receives a request to record the data related to the intellectual property. is entered. The information acquisition unit 1101 also acquires a time stamp token from the time stamping authority group 400 via the communication device 140 , details of which will be described later. Upon acquiring the request information or the time stamp token, the information acquisition unit 1101 outputs the request information or the time stamp token to the transaction data generation unit 1103 .

The transaction data generator 1103 generates transaction data to be transmitted to the network NW. For example, when request information for recording data related to intellectual property is acquired from the information acquisition unit 1101, the transaction data generation unit 1103 reads out the data related to the intellectual property (target data) from the management server 200, and uses the hash function. Hash the target data using The transaction data generation unit 1103 then generates transaction data for including the hashed target data in the DAG data 152 . Further, for example, when a timestamp token is obtained from the information obtaining unit 1101, the transaction data generating unit 1103 hashes the timestamp token (target data) using a hash function, and converts the hashed timestamp token into a DAG. Generate transaction data for inclusion in data 152 .

Also, the transaction data generation unit 1103 receives an electronic signature from the electronic signature unit 1105 . The transaction data generator 1103 includes the electronic signature in the transaction data.

Electronic signature unit 1105 reads the first to fourth secret keys from storage device 150 . Electronic signature unit 1105 generates a first electronic signature using the first secret key. For example, the electronic signature unit 1105 obtains the hashed target data from the transaction data generation unit 1103, encrypts the hashed target data using the first secret key, and generates the first electronic signature. Generate. Electronic signature unit 1105 outputs the generated first electronic signature to transaction data generation unit 1103 . Further, the electronic signature unit 1105 generates second to fourth electronic signatures using the second to fourth private keys in the same procedure as the first electronic signature generation procedure described above. Electronic signature section 1105 then outputs the second to fourth electronic signatures to transaction data generation section 1103 .

The transaction data generation unit 1103 includes four electronic signatures (first electronic signature, second electronic signature, third electronic signature, fourth electronic signature) in the transaction data. Transaction data generation section 1103 then outputs the transaction data to transaction data transmission section 1107 . If the transaction data has a data structure that can contain only one electronic signature, for example, the remaining three electronic signatures should be included in the data area of the transaction data that can contain arbitrary data. may

The transaction data transmission unit 1107 outputs to the communication device 140 a control signal for transmitting transaction data to the network NW. Thereby, the transaction data is transmitted to the network NW via the communication device 140 .

A digital certificate issued by a certification authority in one country may not be recognized as valid in another country due to differences in the standards to which the certification authority complies. In this embodiment, transaction data includes a plurality of electronic signatures (first electronic signature, second electronic signature, third electronic signature, fourth electronic signature). Therefore, it is possible to ensure the validity of electronic signatures attached to transaction data in multiple countries and regions.

<Application for proof of existence (acquisition of time stamp token)>
In data relating to intellectual property such as patents, the time at which the data was recorded may be important, for example, from the viewpoint of prior use rights. The data management device 100 according to the present embodiment stores data (target data) in the management server 200 , acquires a time stamp token for the target data from the time stamping authority, and includes it in the DAG data 152 . This makes it possible to prove the existence of the target data. Furthermore, due to differences in the standards that time stamping authorities comply with, the time stamp token of a certain country's time stamping authority may not be officially recognized in another country. The data management device 100 acquires time stamp tokens for target data from a plurality of time stamping authorities and includes them in the DAG data 152 . This makes it possible to prove the existence of target data in multiple countries and regions.

FIG. 4 is a diagram for explaining an outline of application for proof of existence (acquisition of time stamp token). Referring to FIG. 4, data management device 100 stores data on intellectual property (inventor data in FIG. 4) in management server 200, and then hashes the data on the intellectual property to include hash values. Send the transaction data to the network NW and include it in the DAG data 152 . For example, when a plurality of intellectual property data related to an invention accumulates in the management server 200 and the DAG data 152, an application for proof of existence is made. In FIG. 4, an application for proof of existence is made when transaction data 153 ( c ) is added to DAG data 152 . When an application for proof of existence is made, an invention hash is generated by collectively hashing transaction data (transaction data 153 (a) to (c) in FIG. 4) related to a certain invention, and the invention hash is generated by the time stamping authorities. 400. Each time stamp authority then generates a time stamp token that combines the invention hash with time information based on a time source traceable to International Standard Time. This timestamp token can prove that the data contained in the DAG data 152 existed at that time. Note that FIG. 4 shows an example in which transaction data related to a certain invention is continuously stored in the DAG data 152 (consortium distributed ledger), but transaction data related to a certain invention is continuously stored in the DAG data 152. not necessarily. Transaction data for an invention may be stored in DAG data 152 non-contiguously. In such a case, for example, the invention ID included in the transaction data may be used to identify transaction data relating to a certain invention, and hash them together to generate an invention hash. The "invention hash" corresponds to an example of "hash data" according to the present disclosure.

FIG. 5 is a sequence diagram for explaining the flow from creation of DAG data 152 to application for proof of existence (acquisition of time stamp token). In the present embodiment, the process of applying for proof of existence proceeds in the order of (1) to (6) shown in FIG. Note that the process of issuing an electronic certificate shown in (0) is executed, for example, when the data management device 100 participates in the network NW. An electronic certificate will be issued upon application.

Referring to FIG. 5, (1) the user of data management device 100 performs an operation via input device 160 to issue an invention ID. The invention ID is an ID for managing data related to intellectual property, and in the present embodiment, one invention ID is assigned to one invention. The invention is managed by associating the invention ID with data (document files in FIG. 5) relating to a plurality of intellectual properties related to the invention. When an operation for issuing an invention ID is performed, control device 110 of data management device 100 issues an invention ID, stores it in storage device 150, for example, and generates transaction data for generating this transaction. and transmit it to the network NW. As a result, the invention ID is stored in the DAG data 152 . Here, it is assumed that the invention ID "A001" has been issued. Note that the invention ID corresponds to an example of "ID information" according to the present disclosure.

Next, (2) the user of the data management device 100 performs an operation for registering the document file (data regarding intellectual property) via the input device 160 . The user performs an operation so that this document file is registered in association with the invention ID "A001". By this operation, the control device 110 stores the document file on the Web (management server 200) in association with the invention ID "A001". In the example shown in FIG. 5, two document files "000001" and "000002" are stored in the management server 200 in association with the invention ID "A001". Note that the data (for example, document files) linked to the invention ID are also collectively referred to as "invention information".

(3) The control device 110 hashes the document file, generates transaction data for registering the hash value in the DAG data 152, and transmits the transaction data to the network NW via the communication device 140. . Specifically, when the document file “000001” is stored in the management server 200 , the control device 110 generates transaction data including the hash value of the document file “000001” and transmits the transaction data via the communication device 140 . Send the transaction data to the network NW. As a result, transaction data including the hash value of the document file “000001” is stored in the DAG data 152 . Also, when the document file “000002” is stored in the management server 200, the control device 110 generates transaction data including the hash value of the document file “000002” and transmits the transaction data via the communication device 140. Send to network NW. As a result, transaction data including the hash value of the document file “000002” is stored in the DAG data 152 . Since the transaction data includes the information of the invention ID "A001", the transaction data is associated with the invention ID "A001".

The column of consortium distributed ledger schematically shows the state of the DAG data 152 at the time of application for proof of existence (acquisition of timestamp token) (time of (4)). FIG. 5 shows a state in which invention ID "A001" is associated with two transaction data (each containing hash values of document files "000001" and "000002").

(4) The user of the data management device 100 performs an operation via the input device 160 to apply for proof of existence (acquire a time stamp token). When an operation for applying for proof of existence (obtaining a time stamp token) is performed, the control device 110 uses a hash function to generate transaction data (document file "000001") linked to the invention ID "A001". and transaction data including the hash value of the document file "000002") are collectively hashed. The numerical value (hash value) obtained at this time is the "invention hash".

The operation for applying for proof of existence can be performed at any time by the user.

(5) The control device 110 transmits the invention hash to the time stamping authority group 400 . At this time, the control device 110 transmits the invention hash to the time stamping authority selected on the interface screen to be described later among the time stamping authorities group 400 via the communication device 140 .

(6) The time stamp authority that receives the invention hash returns to the data management device 100 a time stamp token (TST) that combines the invention hash with time information based on a time source with traceability to the international standard time. Upon receiving the time stamp token from the time stamp authority, the control device 110 generates transaction data for registering the time stamp token in the DAG data 152, and transmits the transaction data to the network NW via the communication device 140. The timestamp token is thereby registered in the DAG data 152 . Thus, an existence proof (time stamp token) is obtained.

Controller 110 stores the invention hash and timestamp token, eg, in storage 150 . Further, the control device 110 transmits the invention certificate attached with the first to fourth electronic certificates to the network NW. The invention certificate includes an invention ID, transaction data linked to the invention ID, first to fourth electronic signatures, and a time stamp token. The invention certificate is used for existence verification and electronic signature validity verification, which will be described later. It should be noted that the electronic certificate attached to the invention certificate may be only the electronic certificate corresponding to the time stamping authority that applied for proof of existence (acquired the time stamp token).

FIG. 6 is a diagram for explaining an interface screen for applying for proof of existence (obtaining a time stamp token). The interface screen shown in FIG. 6 is displayed on the display of display device 170 .

The interface screen includes a selection area 171 , a first display area 172 , a second display area 173 and a third display area 174 .

In the selection area 171, tabs of "invention information management" and "existence proof verification" are displayed so as to be selectable. For example, by selecting either tab of "invention information management" or "existence proof verification" with the input device 160 such as a mouse, the display contents of the interface screen can be switched. FIG. 6 shows an interface screen when "invention information management" is selected. When "existence proof verification" is selected, an interface screen shown in FIG.

The registered invention projects are displayed in the first display area 172 . An invention project contains multiple invention IDs. In the example shown in FIG. 6, four invention IDs A001 to A004 are registered. Invention projects, ie, new invention IDs, can be issued and added by selecting the "Add Invention Project" display. In FIG. 6, the invention ID "A001" is selected.

The second display area 173 displays the version information of the selected invention ID. Version information is added, for example, when a document file is newly stored or when there is some update regarding the invention ID "A001".

The third display area 174 includes an invention title display field, an invention ID display field, an invention description display field, a document display field, and an existence proof display field. The title of the invention is displayed in the display column for the title of the invention. The ID of the invention is displayed in the display column of the invention ID. In the example shown in FIG. 6, the invention ID "A001" is displayed. The description of the invention is displayed in the display column of the description of the invention.

Document files stored in association with the invention ID are displayed in the document display field. In the example shown in FIG. 6, document files "000001" and "000002" linked to the invention ID "A001" are displayed. By selecting the "Add file" button (display), a new document can be linked to the invention ID "A001" and saved.

Information on the country and/or region that issued the proof of existence (time stamp token) for the invention ID "A001", information on the time included in the time stamp token, and information on the time certification authority are displayed in the proof of existence display column. (trust service name). In FIG. 6, it is shown that existence certificates are issued in China (second time stamping authority 420), EU (fourth time stamping authority 440) and Japan (first time stamping authority 410). As described below, when the existence proof is issued, the result is displayed in the existence proof display field.

The existence proof display field further includes a button (display) for “issue proof of existence”. By selecting the "issue proof of existence" button, it is possible to issue (apply for) proof of existence for the invention ID "A001". Selecting the "Proof of Existence" button causes controller 110 to generate a current invention hash.

FIG. 7 is a diagram for explaining an interface screen displayed when the "Issuance of Existence Proof" button in FIG. 6 is selected. As shown in FIG. 7, selecting the "Issue Proof of Existence" button displays a pop-up screen 179 for selecting the country and/or region for which the proof of existence is to be issued. That is, a pop-up screen 179 is displayed for selecting the time stamping authority issuing the proof of existence. In the example shown in FIG. 7, the first time stamping authority 410 (Japan), the second time stamping authority 420 (China), and the fourth time stamping authority 440 (EU) are selected. By selecting the button (display) of "Issuance of proof of existence" shown in FIG. 7 with the above selected, the invention hash is transmitted to the selected time stamping authority. As a result, a time stamp token can be obtained from the selected time stamping authority. The information of the time stamp token acquired from the selected time stamping authority is displayed in the display column of proof of existence in FIG.

FIG. 8 is a functional block diagram of control device 110 for explaining an application for proof of existence (acquisition of a time stamp token). Referring to FIG. 8 , control device 110 includes an input acquisition portion 1111 , a display control portion 1113 , a selection determination portion 1115 , an invention hash generation portion 1117 , a transmission portion 1119 and a reception portion 1121 . Control device 110, for example, by executing programs stored in ROM 120, functions as input acquisition unit 1111, display control unit 1113, selection determination unit 1115, invention hash generation unit 1117, transmission unit 1119, and reception unit 1121. Function. Input acquisition unit 1111, display control unit 1113, selection determination unit 1115, invention hash generation unit 1117, transmission unit 1119, and reception unit 1121 may be realized by dedicated hardware (electronic circuit), for example. .

Input acquisition unit 1111 detects that an operation for applying (issuing) an existence proof has been performed via input device 160 . Specifically, the input acquisition unit 1111 acquires from the input device 160 information indicating that the “issue proof of existence” button displayed on the interface screen (FIG. 6) of the display device 170 has been selected. Upon acquiring the information, the input acquisition unit 1111 outputs a control signal instructing pop-up display to the display control unit 1113 and outputs a control signal instructing invention hash generation to the invention hash generation unit 1117 .

When the display control unit 1113 acquires the control signal instructing the pop-up display from the input acquisition unit 1111, the display control unit 1113 causes the display device 170 to display a pop-up screen (FIG. 7) for selecting the time stamping authority issuing the proof of existence.

The selection determination unit 1115 determines the time stamping authority selected on the pop-up screen. When the “Issue Proof of Existence” button displayed on the pop-up screen is selected, selection determination section 1115 outputs transmission information, which is information for specifying the selected time stamping authority, to transmission section 1119 .

When the invention hash generation unit 1117 acquires the control signal instructing the generation of the invention hash from the input acquisition unit 1111, the invention hash generation unit 1117 collectively hashes the transaction data linked to the selected invention ID to generate the invention hash. . Invention hash generation section 1117 outputs the generated invention hash to transmission section 1119 .

Transmitting section 1119 outputs to communication device 140 a control signal for transmitting the invention hash to the time stamping authority specified by the transmission information received from selection determining section 1115 . Thereby, the invention hash is transmitted to the selected time stamping authority via the communication device 140 .

Each time stamp authority that receives the invention hash returns a time stamp token to the data management device 100 .

The receiving unit 1121 receives the time stamp token from the time stamping authority that transmitted the invention hash via the communication device 140 . As a result, it is possible to obtain the existence proof of the invention information of the invention ID for which the existence proof is applied.

<Verification of proof of existence>
FIG. 9 is a sequence diagram for explaining the flow of existence proof verification. In this embodiment, the process of verifying existence proof proceeds in the order of (1) to (5) shown in FIG.

First, (1) the user of the data management device 100 selects an arbitrary invention (invention ID) through the input device 160 and performs an operation for verifying the proof of its existence.

FIG. 10 is a diagram for explaining an interface screen for verifying proof of existence. The interface screen shown in FIG. 10 is displayed on the display of display device 170 . The interface screen includes a selection area 171 , a fourth display area 175 , a fifth display area 176 and a sixth display area 177 . The selection area 171 is common to the interface screen for applying for proof of existence described in FIG. By selecting the "invention information management" tab displayed in the selection area 171, the interface screen shown in FIG. 6 can be displayed, and by selecting the "existence proof verification" tab, the interface screen shown in FIG. 10 can be displayed. can be made

A fourth display area 175 displays an input area for retrieving an invention for which proof of existence is to be verified. For example, by inputting the invention ID “A001” in the input area, the information of the invention ID “A001” can be displayed in the fifth display area 176 . FIG. 10 shows the display screen where the invention ID "A001" has been searched.

Information on the found invention ID (“A001”) is displayed in the fifth display area 176 . The sixth display area 177 includes a button (display) for "existence proof verification". By selecting the "Verify Existence Proof" button, the verification of the existence proof of the invention information of the invention ID displayed in the fifth display area 176 is started.

Referring to FIG. 9 again, (2) the control device 110 of the data management device 100 collectively hashes the transaction data linked to the selected invention ID to generate an invention hash.

(3) Controller 110 reads the timestamp token from storage device 150 . Controller 110 then reads the invention hash contained in the timestamp token.

(4) The control device 110 compares the generated invention hash with the invention hash contained in the timestamp token, and confirms that the two match. By confirming that the two match, it is proved that the invention information of the invention ID ("A001" in the example shown in FIG. 9) has not been tampered with since the time stamp token was issued. can do.

(5) Control device 110 displays the verification result of the proof of existence on the display of display device 170, for example.

FIG. 11 is a functional block diagram of control device 110 for explaining verification of proof of existence. Referring to FIG. 11 , control device 110 includes an input acquisition portion 1131 , an invention hash generation portion 1133 , a reading portion 1135 , a comparison portion 1137 and an output portion 1139 . Control device 110 functions as input acquisition section 1131 , invention hash generation section 1133 , reading section 1135 , comparison section 1137 , and output section 1139 by executing programs stored in ROM 120 , for example. Input acquisition unit 1131, invention hash generation unit 1133, reading unit 1135, comparison unit 1137, and output unit 1139 may be implemented by, for example, dedicated hardware (electronic circuits).

Input acquisition unit 1131 detects that an operation for verifying existence proof has been performed via input device 160 . Specifically, the input acquisition unit 1131 acquires from the input device 160 information indicating that the “existence proof verification” button displayed on the display device 170 has been selected. After acquiring the information, the input acquisition section 1131 outputs a control signal instructing generation of the invention hash to the invention hash generation section 1133 and outputs a control signal instructing reading of the timestamp token to the reading section 1135 .

When the invention hash generation unit 1133 acquires a control signal instructing the generation of the invention hash from the input acquisition unit 1131, the invention hash generation unit 1133 collectively hashes the transaction data linked to the selected invention ID to generate the invention hash. . Invention hash generation section 1133 outputs the generated invention hash to comparison section 1137 .

When reading unit 1135 acquires a control signal instructing reading of the timestamp token from input acquiring unit 1131 , reading unit 1135 reads the timestamp token of the selected invention ID stored in storage device 150 . Reading unit 1135 reads the invention hash from the read timestamp token, and outputs the read invention hash to comparison unit 1137 .

The comparison unit 1137 compares the invention hash received from the invention hash generation unit 1133 and the invention hash received from the reading unit 1135 . If the two match, the comparison unit 1137 determines that the invention information of the invention ID has not been tampered with since the time stamp token was issued. If the two do not match, the comparison unit 1137 determines that the invention information of the invention ID has been tampered with since the time stamp token was issued. The comparison section 1137 outputs the comparison result to the output section 1139 .

The output unit 1139 outputs the comparison result to the display device 170, for example. As a result, the verification result of the proof of existence of the selected invention ID is displayed on the display device 170 .

<Verification of validity of electronic signature>
Referring to FIG. 9 again, when the process (1), ie, the operation for selecting an invention ID and verifying its existence proof, is performed, control device 110 of data management device 100 performs the above-described existence verification. The validity of the electronic signature is verified in parallel with the verification of the proof or before and after the verification of the existence proof.

First, the control device 110 applies the electronic signatures (first to fourth electronic signatures) of the transaction data linked to the invention ID (“A001” in the example shown in FIG. 9) to the first electronic signature attached to the invention certificate. Decrypt using the first to fourth public keys contained in the first to fourth electronic certificates, respectively. As described above, the invention certificate includes the invention ID, the transaction data linked to the invention ID, the first to fourth electronic signatures, and the time stamp token. The invention certificate to be used can be identified by matching the invention ID thus obtained with the invention ID contained in the invention certificate.

The control device 110 decrypts the first to fourth electronic signatures using the first to fourth public keys, respectively. For each electronic signature, the control device 110 compares the decrypted value with the hash value of the target data (document) included in the transaction data linked to the invention ID, and confirms that the two match. The validity of the electronic signature is recognized by confirming that the two match.

Note that the control device 110 verifies the validity of the electronic signatures corresponding to the countries or regions subject to verification of the existence proof, and verifies the validity of the electronic signatures corresponding to the countries or regions not subject to verification of the existence proof. You may choose not to verify. The country or region to be verified for proof of existence is the country or region selected in the application for proof of existence (selected in FIG. 7). For example, if the countries or regions subject to verification of the proof of existence of the selected invention ID are Japan, China, and the EU, that is, the first time stamping authority 410, the second time stamping authority 420, and the fourth time stamping authority If the timestamp token has been acquired at 440, the control device 110 verifies the validity of the first electronic signature, the second electronic signature, and the fourth electronic signature, and verifies the validity of the third electronic signature. May be omitted. This makes it possible to verify the validity of electronic signatures corresponding to countries or regions that are not subject to proof of existence verification, in addition to verifying the validity of electronic signatures that correspond to countries or regions that are subject to verification of proof of existence. In comparison, the processing load can be reduced.

FIG. 12 is a functional block diagram of control device 110 for explaining verification of validity of an electronic signature. Referring to FIG. 12 , control device 110 includes an input acquisition portion 1141 , a reading portion 1143 , a selection portion 1145 , a decoding portion 1147 , a determination portion 1149 and an output portion 1151 . Control device 110 functions as input acquisition section 1141 , reading section 1143 , selection section 1145 , decoding section 1147 , determination section 1149 , and output section 1151 by executing programs stored in ROM 120 , for example. Note that the input acquiring unit 1141, the reading unit 1143, the selecting unit 1145, the decoding unit 1147, the determining unit 1149, and the output unit 1151 may be implemented by dedicated hardware (electronic circuits), for example.

Input acquisition unit 1141 detects that an operation for verifying existence proof has been performed via input device 160 . Specifically, the input acquisition unit 1141 acquires from the input device 160 information indicating that the “existence proof verification” button displayed on the display device 170 has been selected. When the input acquisition unit 1141 acquires the information, the input acquisition unit 1141 specifies the target invention ID, and outputs the specified invention ID and the control signal for instructing the reading of the transaction data linked to the invention ID to the reading unit 1143. output to

When the reading unit 1143 acquires the invention ID and the control signal instructing to read the transaction data linked to the invention ID from the input acquisition unit 1141 , the reading unit 1143 reads the transaction data linked to the invention ID from the storage device 150 . . Further, reading unit 1143 reads the invention certificate corresponding to the invention ID from storage device 150 . Reading unit 1143 outputs the read invention certificate to selection unit 1145 and outputs the read transaction data and invention certificate to decryption unit 1147 .

A selection unit 1145 selects an electronic signature whose validity is to be verified. Selecting unit 1145 identifies a country or region to be verified for proof of existence from, for example, the time stamp token included in the certificate of invention. Then, the selection unit 1145 selects an electronic signature corresponding to the identified country or region. Specifically, for example, when the invention certificate contains timestamp tokens issued by the first time stamping authority 410, the second time stamping authority 420, and the fourth time stamping authority 440, the selection unit 1145 , the first certification authority 310, the second certification authority 320, and the fourth The first electronic signature, the second electronic signature and the fourth electronic signature corresponding to the certificate authority 340 are selected as electronic signatures whose validity is to be verified. Selecting section 1145 outputs a signal indicating the selected electronic signature, ie, the electronic signature to be decrypted, to decoding section 1147 .

The decryption unit 1147 decrypts the electronic signature to be decrypted using the electronic certificate attached to the invention certificate. Specifically, the decryption unit 1147 selects the electronic signatures to be decrypted among the electronic signatures attached to the transaction data received from the input acquisition unit 1141 (here, the first electronic signature, the second electronic signature, and the 4 electronic signature) is decrypted with the first electronic certificate (first public key), the second electronic certificate (second public key), and the fourth electronic certificate (fourth public key), respectively. Decoding section 1147 outputs each decoded value (decoded value) to determination section 1149 . Also, the decoding unit 1147 outputs the transaction data received from the reading unit 1143 to the determination unit 1149 . Note that the transaction data may be sent from the reading unit 1143 to the determination unit 1149 .

The determining unit 1149 compares each decrypted value received from the decrypting unit 1147 with the hash value of the document file included in the transaction data. If both match, the determination unit 1149 determines that the electronic signature is valid. If the two do not match, the determination unit 1149 determines that the electronic signature is not valid. The determination unit 1149 outputs the determination result to the output unit 1151 .

The output unit 1151 outputs the determination result to the display device 170, for example. As a result, the verification result of the validity of the electronic signature is displayed on the display device 170 .

<Processing Executed by Control Device>
<<Generation of transaction data>>
FIG. 13 is a flow chart showing a procedure of processing for generating transaction data. The processing of the flowchart shown in FIG. 13 is executed by control device 110 each time an input operation is performed via input device 160 or each time a time stamp token is acquired from time stamp authority group 400 . An input operation is, for example, an operation of newly saving data related to intellectual property. 13 and FIGS. 14, 15, and 16 to be described later (steps are abbreviated as "S" below) will be described as being realized by software processing by the control device 110, but some Alternatively, all of them may be implemented by hardware (electronic circuits) fabricated within the control device 110 .

In S1, the control device 110 hashes the target data. Specifically, when recording data related to intellectual property, the control device 110 reads the data related to the intellectual property (target data) from the management server 200, and uses a hash function to hash the target data. do. Alternatively, when recording a timestamp token, the control device 110 hashes the timestamp token (target data) using a hash function.

In S 3 , control device 110 reads the first to fourth secret keys from storage device 150 . Then, the control device 110 encrypts the hashed target data using the first to fourth secret keys to generate the first to fourth digital signatures, respectively.

In S5, the control device 110 generates transaction data including the hash value of the target data and four electronic signatures (first electronic signature, second electronic signature, third electronic signature, fourth electronic signature). . Note that, in addition to the above, the control device 110 also includes invention ID information, time information for broadcasting transaction data toward the network NW (it may be time information indicating the occurrence time of a process corresponding to the transaction data), and include transaction data sender information in the transaction data. Furthermore, the control device 110 approves the transaction data of two transactions that occurred in the past and includes hash values of these transaction data in the transaction data.

In S5, the control device 110 generates the transaction data including the hash value of the target data and the first electronic signature, the transaction data including the hash value of the target data and the second electronic signature, the hash value of the target data and Four transaction data may be generated: transaction data including the third electronic signature and transaction data including the hash value of the target data and the fourth electronic signature. These four transaction data also include invention ID information, time information for broadcasting transaction data to the network NW, transaction data sender information, and hash values of transaction data of two transactions that occurred in the past. is included.

In S7, the control device 110 outputs to the communication device 140 a control signal for transmitting the generated transaction data to the network NW. Thereby, the transaction data is transmitted to the network NW via the communication device 140 .

<< Application for proof of existence >>
FIG. 14 is a flow chart showing the procedure of processing for applying for existence proof of invention information. The processing of the flowchart shown in FIG. 14 is executed by control device 110 each time an operation for applying for proof of existence is performed via input device 160 . In this embodiment, an application for proof of existence is made for each invention ID.

In S11, the control device 110 causes the display device 170 to display a pop-up screen for selecting a time stamping authority that issues proof of existence.

In S13, the control device 110 determines the time stamping authority selected on the pop-up screen.

In S<b>15 , the control device 110 collectively hashes the transaction data linked to the invention ID for which the existence proof application is requested, and generates an invention hash. Note that the process of S15 may be performed before the process of S11.

In S17, the control device 110 outputs to the communication device 140 a control signal for transmitting the invention hash to the selected time stamping authority. Thereby, the invention hash is transmitted to the selected time stamping authority via the communication device 140 .

At S<b>19 , the control device 110 receives the timestamp token from the time stamping authority that sent the invention hash via the communication device 140 . As a result, the existence proof of the invention information of the invention ID for which the existence proof application is requested is obtained.

<<Existence proof verification>>
FIG. 15 is a flow chart showing a procedure of processing for verifying existence proof. The processing of the flowchart shown in FIG. 15 is executed by control device 110 each time an operation for verifying existence proof is performed via input device 160 .

In S21, the control device 110 collectively hashes the transaction data linked to the invention ID selected in the operation for verifying the proof of existence to generate an invention hash.

In S23, control device 110 reads from storage device 150 the time stamp token of the invention ID selected in the operation for verifying existence proof. Then, the control device 110 reads the invention hash from the read timestamp token.

At S25, the control device 110 compares the invention hash generated at S21 with the invention hash read at S23.

In S27, control device 110 causes the display of display device 170, for example, to display the comparison result in S25. As a result, the verification result of the proof of existence for the selected invention ID is displayed on the display device 170 .

<< Verification of validity of electronic signature >>
FIG. 16 is a flow chart showing the procedure of processing for verifying the validity of an electronic signature. The processing of the flowchart shown in FIG. 16 is executed by control device 110 each time an operation for verifying existence proof is performed via input device 160 . The processing of this flowchart may be executed in parallel with the processing of the flowchart of FIG. 15, or may be executed before or after the processing of the flowchart of FIG.

In S31, the control device 110 reads from the storage device 150 the transaction data linked to the invention ID selected in the operation for verifying the proof of existence. Further, control device 110 reads from storage device 150 the invention certificate of the invention ID selected in the operation for verifying the existence proof.

At S33, the control device 110 selects an electronic signature whose validity is to be verified. Control device 110 identifies the country or region subject to proof of existence verification from the time stamp token included in the certificate of invention.

In S35, the control device 110 decrypts the electronic signature to be decrypted using the electronic certificate attached to the invention certificate. Specifically, control device 110 selects the electronic signature whose validity is to be verified (for example, the first electronic signature, the second electronic signature, etc.) among the first to fourth electronic signatures included in one transaction data. and fourth electronic signature) is decrypted using the corresponding electronic certificate (for example, the first electronic certificate, the second electronic certificate and the fourth electronic certificate). The processing of S35 is executed for all transaction data linked to the invention ID.

In S37, the control device 110 compares each decrypted value (decrypted value) with the hash value of the document file included in the transaction data. If the two match, the control device 110 determines that the electronic signature is valid. If the two do not match, the control device 110 determines that the electronic signature is not valid.

In S<b>39 , control device 110 causes the display of display device 170 to display the determination result in S<b>37 , for example. As a result, the verification result of the validity of the electronic signature is displayed on the display device 170 .

As described above, in the data management system 1 according to the present embodiment, the data management device 100 transmits the invention hash of the invention information to the time stamp authority group 400 when recording the invention information. The time stamping authority group 400 includes a plurality of time stamping authorities (first to fourth time stamping authorities 410 to 440 in the embodiment). The data management device 100 acquires time stamp tokens from a plurality of time certification authorities. This makes it possible to guarantee the accuracy of the time when the invention information is recorded in a plurality of countries and regions.

Further, in the data management system 1 according to the present embodiment, the data management device 100 can select the time stamping authority from which the time stamp token is acquired from the time stamping authority group 400 . Depending on the invention, there may be countries or regions where it is not necessary to obtain a timestamp token. By being able to select the time stamp token acquisition authority, it is possible not to acquire the time stamp token from the time stamp token acquisition authority. Processing load can be reduced.

Further, in the data management system 1 according to the present embodiment, the data management device 100 acquires an electronic certificate from each certificate authority included in the certificate authority group 300 . Specifically, the data management device 100 receives the first electronic certificate from the first certificate authority 310, the second electronic certificate from the second certificate authority 320, the third electronic certificate from the third certificate authority 330, A fourth electronic certificate is obtained from the fourth certificate authority 340, respectively. The data management device 100 attaches the first to fourth electronic certificates to the invention certificate and transmits it to the network NW. The data management device 100 generates first to fourth electronic signatures using the first to fourth private keys, respectively, and includes these four electronic signatures in the transaction data. The validity of electronic signatures may differ depending on the country or region due to differences in standards. Or it becomes possible to prove the validity of the electronic signature locally. As a result, the reliability of data transmitted to the network NW is increased, and spoofing and falsification of data by a third party can be suppressed.

In addition, verify the validity of electronic signatures corresponding to countries or regions subject to verification of proof of existence, and do not verify the validity of electronic signatures corresponding to countries or regions not subject to verification of proof of existence. good too. This makes it possible to verify the validity of electronic signatures corresponding to countries or regions that are not subject to proof of existence verification, in addition to verifying the validity of electronic signatures that correspond to countries or regions that are subject to verification of proof of existence. In comparison, the processing load of the data management system 1 can be reduced.

[Modification]
In the embodiment, an example has been described in which four electronic signatures (first electronic signature, second electronic signature, third electronic signature, and fourth electronic signature) are included in one transaction data. However, multiple transaction data may be generated according to the number of electronic signatures. That is, for one process of target data, transaction data including a first electronic signature, transaction data including a second electronic signature, transaction data including a third electronic signature, and transaction data including a fourth electronic signature. Four transaction data may be generated. Even with such a configuration, it is possible to prove the validity of electronic signatures in multiple countries and/or regions by generating the above four transaction data for one process of target data. becomes.

In the modified example, when applying for proof of existence (obtaining a time stamp token), data including the electronic signature of the certification authority corresponding to the time certification authority (for example, invention hash) is sent to the time certification authority. . Specifically, data including the first electronic signature of the first certification authority 310 is transmitted to the first time certification authority 410 . Data including the second electronic signature of the second certification authority 320 is transmitted to the second time certification authority 420 . Data including the third electronic signature of the third certification authority 330 is transmitted to the third time certification authority 430 . Data including the fourth electronic signature of the fourth certification authority 340 is transmitted to the fourth time certification authority 440 . As a result, it is possible to appropriately secure the validity of the electronic signature attached to the data for which the existence proof has been applied.

The modified example can also be applied to a second embodiment described later.
[Embodiment 2]
FIG. 17 is a diagram showing a schematic configuration of a data management system 2 according to Embodiment 2. As shown in FIG. A data management system 2 according to Embodiment 2 is a system for forming a network NW (block chain network) among a plurality of companies and managing data related to intellectual property such as patents. Distributed ledger technology using blockchain is applied to the data management system 2 . The data management system 2 has basically the same configuration as the data management system 1 according to the first embodiment. Therefore, in the second embodiment, the points related to the blockchain, which are different from the first embodiment, will be described. The same reference numerals are assigned to the same configurations as those of the data management system 1 according to Embodiment 1, and the description thereof will not be repeated.

The data management system 2 includes four data management devices 500 , a group of certificate authorities 300 , and a group of time certificate authorities 400 . Each of the four data management devices 500 is a data management device that belongs to a different company (eg, company A, company B, company C, and company D), as in the first embodiment. In FIG. 17, the data management device 500 of company A is denoted as data management device 500, and the data management devices 500 of company B, company C, and company D are denoted as data management device 500A. In the following, the data management device 500 of Company A will be described as a representative example, but the data management device 500A also has similar functions.

The data management device 500 is, for example, a desktop PC, notebook PC, tablet terminal, smart phone, or other information processing terminal having a communication function. Data management device 500 includes control device 510 , ROM 120 , RAM 130 , communication device 140 , storage device 550 , input device 160 and display device 170 . Control device 510 , ROM 120 , RAM 130 , communication device 140 , storage device 550 , input device 160 and display device 170 are connected to bus 180 . A management server 200 is communicably connected to the data management device 500 .

Control device 510 is configured by, for example, an integrated circuit including a CPU. The control device 510 develops various programs stored in the ROM 120 in the RAM 130 and executes them. The control device 510 complies with multiple standards (eg, Japanese standards, Chinese standards, US standards, EU standards, etc.), and generates private keys (eg, first to fourth private key) and public keys (eg, first to fourth public keys).

Storage device 550 includes, for example, a storage medium such as a hard disk or flash memory. Storage device 550 stores blockchain data 552 . Note that the block chain data 552 is not limited to being stored in the storage device 550, and may be stored in the ROM 120, the RAM 130, or the management server 200. Storage device 550 also stores a private key and a public key generated by control device 510 . Storage device 550 also stores electronic certificates issued by each of the plurality of certificate authorities included in certificate authority group 300 . Note that the storage of the private key, public key, and electronic certificate is not limited to the storage device 550 , and may be stored in the ROM 120 , RAM 130 , or management server 200 .

<Blockchain data>
FIG. 18 is a diagram for explaining the blockchain data 552. As shown in FIG. As shown in FIG. 18 , blockchain data 552 is composed of a series of blocks 553 . Each of blocks 553 contains various information, such as data relating to intellectual property. The block chain data 552 stores a history of records such as data related to intellectual property in the data management devices 500 and 500A forming the network NW from the start of operation of the data management system 2 to the present.

Blockchain data 552 is stored in all data management devices 500, 500A forming network NW. As a result, even if the blockchain data 552 is tampered with by a certain user, tampering is prevented based on the blockchain data 552 of a plurality of other users.

Specifically, when registering data on a new intellectual property, the data management device 500 causes the management server 200 to store the data on the newly registered intellectual property. data). The data management device 500 hashes data related to the intellectual property using a hash function, and generates transaction data including numerical values (hash values) obtained as a result of hashing. The data management device 500 transmits the generated transaction data to the network NW. This transaction data is grouped into a new block 553 (Bn+1). A new block 553 (Bn+1) is added to the blockchain data 552 when certain conditions are met.

It should be noted that transaction data is not recognized as valid just by flowing into the network NW. The transaction data becomes effective only after being added to the blockchain data 552 held in each of the data management devices 500 and 500A. The unauthenticated transaction data is put together into a new block 553 (Bn+1), and the new block 553 (Bn+1) is added to the block chain data 552 by mining processing called POW (Proof of Work), for example.

POW is a mechanism in which a plurality of nodes (management apparatuses 500 and 500A) compete to add a new block 553 (Bn+1). Nodes that participate in POW are commonly called miners. The miner who produces the new block 553 (Bn+1) the fastest is rewarded. A consensus building algorithm using such a mechanism ensures tamper resistance of the blockchain data 552 .

<Transaction data>
The transaction data includes, for example, invention ID information, hash value of target data (data related to intellectual property: for example, document), time information for broadcasting the transaction data to the network NW, sender information of the transaction data, and electronic signatures, etc. Note that the time information included in the transaction data may be time information indicating the time at which a process corresponding to the transaction data (for example, a process of recording target data in the management server 200) occurred.

The sender information of the transaction data is, for example, information indicating Company A if the transaction data is transmitted from the data management device 500 to the network NW. In addition, the sender information of the transaction data may be information indicating in more detail the department (a department of company A) that executed the operation of transmitting the transaction data to the network NW. It may be information indicating the individual (employee of company A) who performed the transmission operation.

<Application for proof of existence (acquisition of time stamp token)>
FIG. 19 is a diagram for explaining an outline of application for proof of existence (acquisition of time stamp token). Referring to FIG. 19, data management device 500 saves data on intellectual property (inventor data in FIG. 19) in management server 200, hashes the data on the intellectual property, and includes a hash value. Send the transaction data to the network NW and include it in the blockchain data 552. For example, at a certain timing, the user of data management device 500 applies for proof of existence for a certain invention ID. Then, the data management device 500 reads the transaction data linked to the invention ID from each block and hashes them together to generate an invention hash. Then, the data management device 500 transmits the invention hash to the time stamping authority group 400 (more specifically, the selected time stamping authorities). Each time stamp authority that receives the invented hash generates a time stamp token that combines the invented hash with time information based on a time source traceable to International Standard Time. This timestamp token can prove that the data contained in the blockchain data 552 existed at that time.

Verification of the existence proof and verification of the validity of the electronic proof are processed in the same procedure as in the first embodiment, and therefore will not be described repeatedly.

As described above, even if the distributed ledger technology using blockchain is applied to the data management system 2, the same effect as in the first embodiment can be obtained.

The embodiments disclosed this time should be considered as examples and not restrictive in all respects. The scope of the present disclosure is indicated by the scope of claims rather than the description of the above-described embodiments, and is intended to include all modifications within the scope and meaning equivalent to the scope of the claims.

1, 2 data management system, 100, 100A data management device, 110 control device, 120 ROM, 130 RAM, 140 communication device, 150 storage device, 152 DAG data, 160 input device, 170 display device, 171 selection area, 172 second 1 display area, 173 second display area, 174 third display area, 175 fourth display area, 176 fifth display area, 177 sixth display area, 179 pop-up screen, 180 bus, 200 management server, 300 certification authority group, 310 first certification authority, 320 second certification authority, 330 third certification authority, 340 fourth certification authority, 400 time certification authority group, 410 first time certification authority, 420 second time certification authority, 430 third time certification authority , 440 fourth time stamping authority, 500, 500A data management device, 510 control device, 550 storage device, 552 blockchain data, 1101 information acquisition unit, 1103 transaction data generation unit, 1105 electronic signature unit, 1107 transaction data transmission unit, 1111 input acquisition unit 1113 display control unit 1115 selection determination unit 1117 invention hash generation unit 1119 transmission unit 1121 reception unit 1131 input acquisition unit 1133 invention hash generation unit 1135 reading unit 1137 comparison unit 1139 output Section 1141 Input Acquisition Section 1143 Reading Section 1145 Selection Section 1147 Decoding Section 1149 Determination Section 1151 Output Section NW network.

Claims (8)

A data management device that manages data using distributed ledger technology,
a storage device that stores a distributed ledger;
a control device that registers transaction data including information of the data in the distributed ledger;
a communication device configured to be able to select a plurality of certificate authorities that provide trust services;
each of the plurality of certification authorities is a certification authority based on a mutually different standard;
The control device is
Acquiring at least one predetermined data obtained by a trust service provided by at least one certificate authority selected from the plurality of certificate authorities through the communication device;
A data management device that registers the at least one predetermined data in the distributed ledger. further comprising an input device configured to allow selection of an arbitrary certificate authority from among the plurality of certificate authorities;
2. The data management device according to claim 1, wherein said control device acquires said at least one predetermined data from at least one certificate authority selected by input to said input device via said communication device. each of the plurality of certification authorities is a key certification authority that issues an electronic certificate for a private key and a public key paired with the private key;
the electronic certificate includes information of the public key,
3. The data management device according to claim 1, wherein each of said at least one predetermined data is an electronic certificate. said storage device stores at least one said private key corresponding to at least one said electronic certificate issued by said at least one selected key certification authority;
the controller generates at least one digital signature using the at least one private key;
4. The data management apparatus of claim 3, including the generated at least one electronic signature in transaction data. The control device decrypts each of the at least one electronic signature using the public key information included in the corresponding at least one electronic certificate;
5. The data management device according to claim 4, wherein validity of each of said at least one electronic signature is verified based on a decryption result. 6. The data management device according to any one of claims 1 to 5, wherein said data is data relating to intellectual property. A data management method for a data management device that manages data using distributed ledger technology,
The data management device
a storage device that stores a distributed ledger;
a control device that registers transaction data including information of the data in the distributed ledger;
a communication device configured to be able to select a plurality of certificate authorities that provide trust services;
each of the plurality of certification authorities is a certification authority based on a mutually different standard;
The data management method includes:
obtaining, via the communication device, at least one predetermined data obtained by a trust service provided by at least one certificate authority selected from among the plurality of certificate authorities;
registering said at least one predetermined data in said distributed ledger. The data management device includes first and second data management devices,
each of the plurality of certification authorities is a key certification authority that issues an electronic certificate for a private key and a public key paired with the private key;
the electronic certificate includes information of the public key,
each of the at least one predetermined data is an electronic certificate;
said first data management device stores at least one said private key corresponding to at least one said electronic certificate issued by said at least one selected key certification authority;
The data management method includes:
the first data management device generating at least one electronic signature using the at least one private key and including the generated at least one electronic signature in transaction data;
The second data management device decrypts each of the at least one electronic signature using the public key information included in the corresponding at least one electronic certificate, and based on the decryption result, the 8. The data management method of claim 7, further comprising verifying the validity of each of the at least one electronic signature.

Images