JPH09244531A - Anonymity registration method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable trust organs to return a receipt while maintaining an anony mous characteristic when a user anonymously registers data to the trust organs. SOLUTION: The user forms cipher keys k1 ,..., k4 corresponding to the respective organs T1 ,..., T4 for cipher communication in a reply and inserts the information respectively in such a manner that only the respective organs Ti know ki at the time of forming the information for registration. The user U inserts the authentication code IDU of the user U as well to the information that only the trust organs Ti know in such a manner that in the final the trust organs Ti are able to send the information to the user U.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for anonymously registering data using a telecommunication system.

[0002]

2. Description of the Related Art As a method for a user to register anonymous data, the method described in Chaum, D. et al. , "Untrace
Able Electronic Mail, Retu
rnAddress, and Digital Pse
udonyms ", Comm. of the ACM,
24, 2, pp. 84-88 (1981). However, the method by which the registration agency sends back confidential data (receipt of receipt) to an anonymous user has not been known until now.

An example of the need for such a system is:
Electronic voting and electronic cash can be considered. In electronic voting, users become voters and hold secret votes in trust institutions. The trust institution sends back the evidence that it received the vote to the anonymous user. The electronic cash system can be applied to a system called “escrow electronic cash”.

Here, "escrow electronic cash" means that the user's secret information is forcibly registered in some reliable institution (trust agency), so that the user acts illegally on the system, that is, electronic cash. A method in which users can be identified if the trust institutions cooperate with each other without permission of the court without forging or double use.

[0005]

The present invention is based on Chau.
It provides a method that enables the following functions, which are not realized by the conventional method of Mr. M., to be realized.
The user registers some data anonymously, and the registrant returns the receipt to the user while maintaining anonymity.
At this time, the registrants are distributed to multiple institutions, and anonymity is maintained only when all the institutions do not cooperate. Conversely, if all institutions cooperate, the relationship between users and registration data can be specified.

[0006]

In the present invention, the basic idea that multiple public key cryptography is used is the same as in the method of Chaum. However, in the present invention, anonymity is also provided for a reply. You need your own method of doing so. Therefore, in this invention, at the time of creating the information for the registered user, each agency T ₁ for encrypted communication at the time of reply, ..., encryption key k ₁ corresponding to _{T t,} ..., to create a k _t, they Information is inserted so that only each institution T _i knows k _i . Further, the user U will eventually trustee T ₁ is also inserted authenticator ID _U of the user U to the trustee T ₁ only knows the information to send the information to the user U.

[0007]

1 is a block diagram showing the principle of the present invention. The registration agency 100, the user terminal 200, and the court 300 are connected via, for example, a communication line, but may be connected via an IC card or the like capable of recording information. Although the signature method and the public key encryption of the embodiment are all based on the RSA method, the method of the present invention can be realized by an arbitrary one-way function g, digital signature method, and public key encryption method (one-way function, digital signature). Eiji Okamoto, "Introduction to Cryptographic Theory" (Kyoritsu Shuppan)
See). Determine the g as of preparation published one-way function. Further, (ε, Д) is disclosed as a secret key cryptosystem for public disclosure of the procedure (devices for performing these calculations are called a g calculator, an encryptor ε, and a decryptor Д, respectively).

The signature algorithm and public key cryptography of the registration authority T _i are all RSA systems, and their private key and public key are (d _Ti , n _Ti ) and (e _Ti , n _Ti ). The registration processing user U registers the data N in the registration agency T (here, T = (T ₁ , ..., T _t )). This procedure is as follows (see FIGS. 2, 3, and 4).

Step 1 The user U uses the key generator 201
(Fig. 2) to registration agency T_iAs many keys (k₁,…,
k_t). Registration agency T_iPublic key (e_Ti,
n_Ti) And public key cryptographic device E202₁~ 202_tUsing,
Inductively c_i= E_i(K_i‖C_i-1) (However, c_oIs
User U authenticator ID_UIs calculated) and c_tGet
You. Furthermore, the registration agency T_iPublic key (e_Ti, N_Ti) And public
Open key encryption device E203₁~ 203 _tAnd inductively, C₁= E₁o ... oE_t(N | c_t) Is calculated (where E_ioE_j(X): = E_i(E
_j(X))), this C₁The registration agency T₁Sent to
I believe.

Step 2 The registration authority T ₁ calculates C ₂ = D ₁ (C ₁ ) using the private key (d _T1 , n _T1 ) and the public key decryption device D 101 (FIG. 3), and calculates this C ₂ = D ₁ (C ₁ ). T ₂
Send to Step 3 The registration authority T _i calculates C _{i + 1} = D _i (C _i ) by using the private key (d _T1 , n _T1 ) and the public key decryption device D101, and the next registration authority T _{i + 1.} And the registration authority T _t finally obtains C _t .

Step 4 Registration authority T_tIs the private key
(D_Tt, N_Tt) And public key decryptor D102_tUsing,
(N | c_t) = D_t(C_t), (K_t‖C_t-1) = D_t
(C_t). N, c_t-1, K_tAfter getting the private key
(D_T, N_T), G calculator 103, digital signature generation
Digital signature L for N by using the device sig104
= G (N)^dTmod n_TGenerate Furthermore, k_tThe secret
K as a key_tAnd encryption device ε105 _tTo sign the signature L
_t= Ε_ktEncrypt with (L), (c_t-1， Э_t) Just before
Registration agency T_t-1Send to

Step 5 The registration authority T _i uses the private key (d _Ti , n _Ti ) and the public key decryption device D102 _i to
(K _i ‖c _i-1 ) = D _i (c _i ) is calculated, and k _i
Э _i using k _i and the cipher ε 105 _i as the secret key
= Ε _ki (Э _{t + 1} ) is calculated. (C _i-1 , Φ _i ) is transmitted to the immediately preceding registration authority T _i-1 . By repeating this, the last registration authority T ₂ is the public key encryption unit Ipushiron105 ₂ from (c _1,
Э ₂ ) get.

Step 6 Registration authority T₁Is the private key
(D_T1, N_Ti) And public key decryptor D102₁Using,
(K_i‖ID_U) = D₁(C₁) Is calculated. Authenticator I
D_UThe user U is specified from. k_iAnd cipher ε_t105
₁Using₁= Ε_k1(Э_Two), Then Э₁Profit
Send to user U. Step 7 User U uses (k₁,…, K_t) And the decoder
Д204₁~ 204_tUsing the receipt LL = Д_kto ... oД_k1(Э₁) = G (N)^dTmod n_T Step 8 Registration agency T₁Is the correspondence (ID_U， Э_Two,
Э₁) (Fig. 4) _tIs the correspondence (N, L, Э₁)
Other than T_iIs the correspondence (Э_{i + 1}， Э_i),
Each secret c_i-Database 106_iManage
You.Identification of user from registered information and vice versa (N, L) → user At the request of a trusted third party (eg court),
Registration agency T₁, ..., T _tIs c_i-Using a database
The process for finding the user U from (N, L) is as follows.
(See FIG. 4).

Step 1 A trusted third party (eg a court) sends (N, L) to the registration authority T _t . Step 2 The registration agency T _t uses the receipt L to obtain _ct −
Search (N, L, Э _t ) from the database 106 _t ,
Э _t is sent to the last registration agency T _t-1 . Step 3 RA T _i by using the Э _{i + 1,} c _i - retrieves from the database 106 _i a _{(Э i + 1, Э i} ), Э
_i is transmitted to the immediately preceding registration authority T _i−1 (i = t−1,
…, 2).

Step 4 Registration authority T₁Is Э_TwoUsing
, C₁-Database 105₁From (ID_U， Э_Two,
Э₁) Is searched and its ID_UUser U is identified from
Communicate this to a trusted third party (eg court). User → (N, L) At the request of a reliable third party (eg court),
Trust organization T₁, ..., T _tIs c_i-Using a database
The process of finding out the payment history H of the fraudulent U is as follows.
Yes (see FIG. 4).

Step 1 A trusted third party (eg
Court) is the certifier ID of the illicit person_UThe registration agency T₁Send to
You. Step 2 T₁Is the ID_UUsing c₁-Database
Space 106₁From (ID _U， Э_Two， Э₁) Search for Э_Two
The next registration agency T_TwoSend to Step 3 Registration agency T_iIs Э_iUsing c_i-Day
Database 106_iFrom (Э_{i + 1}， Э_i) Search for Э
_{i + 1}The next registration agency T_{i + 1}To (i = 2, ..., t
-1).

[0017] Step 4 RA T _t by using the Э _t, c _t - from the database _{106 t (N, L, Э} t,
Search for k _t), identifies the recipient certificate L, tell it to the trusted third party (for example, the court) institutions.

[0018]

The effects of the present invention are as follows.
Unless all trust institutions collude, with user U and (N, L)
You can keep your relationship with. On the other hand, the trust institutions T ₁ , ..., T
_With the cooperation of _t , the user can be traced from (N, L) and (N, L) can be traced from the user. This tracking is easy and does not compromise the privacy of anyone other than this user.

[Brief description of drawings]

FIG. 1 is a block diagram showing a system configuration diagram to which the present invention is applied.

FIG. 2 is a user terminal 20 when a terminal usage permit is issued.
The functional block diagram which shows the process of 0.

FIG. 3 is a functional configuration diagram showing a process of a registration agency 100 when a usage permit is issued.

FIG. 4 is a process of tracking a user from (N, L), and
The figure for demonstrating the process which tracks (N, L) from a user.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification code Internal reference number FI Technical display location G06F 19/00 G06F 15/30 Z H04L 9/30 H04L 9/00 663B 9/32 675B

Claims (1)

[Claims] 1. The user U transfers the data N to a trust institution T =
(T₁, ..., T_t) When registering with₁, ..., T_tAgainst (k₁,…, K_t)
Select T_iPublic-key cryptographic function E_iUsing inductively 1<i<c for t_i= E_i(K_i‖
c_i-1) (However, c₀Is the authenticator ID of user U_UToss
Is calculated, and finally c_tAnd, by induction, C₁= E₁o ... oE_t(N | c_t) Is calculated (where E_ioE_j(X): = E_i(E
_j(Means x), this C₁Trust agency T₁Sent to the trust institution T₁Is the public key decryption function D₁Using C_Two= D₁(C₁) Is calculated, and this is the trust institution T_TwoSent to
Trust, and then i = 1, ..._iIs the public key decryption function D_iUsing C_{i + 1}= D_i(C_i) Is a trust institution T_{i + 1}To the trust agency T_tIs C_tAnd trust organization T_tIs C_tFrom the public key decryption function D_tUsing
, (N ‖c_t) = D_t(C_t), And further c_tFrom
(K_t‖C_t-1) = D_t(C_t), And eventually (N, c_t-1, K_t) And trust organization T_tGenerates receipt L, k_tThe receipt L as Φt = ε_kt(L) and encryption
And (c_t-1， Э_t) Is a trust institution T_t-1Sent to the trust institution T_iIs c_iThan (k_i‖C_i-1) = D
_i(C_i), K_iAnd Э_{i + 1}From the secret key KI_{i + 1}To Э_i
= Ε_ki(Э_{i + 1}) And encrypted (c_i-1， Э_i) Believe
Trust T_i-1To the trust agency T_TwoIs (c₁， Э
_Two) And trust organization T₁Is c₁From (k₁‖ID_U) = D₁(C₁), And the authenticator ID_U
Identifies the user U by k₁And Э_TwoThan Э₁= Ε_k1(Э_Two), Then Э₁Is sent to user U, and trust institution T₁, T_i, T_tEach (ID_U， Э_Two,
Э₁), (Э_{i + 1}， Э _i), (N, L, Э_t) Hold
Then, the user U uses (k₁,…, K_t) And ε decryption agency Д
Using, L = Д_kto ... oД_k1(C₁) = Sig (N) 2. Anonymous registration method.