JPH10240826A - Electronic contracting method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an electronic contracting method for constructing a simple and prevailing electronic contracting system in which cipher communication using a common key can be operated, and the reliability of contract can be improved between persons concerned. SOLUTION: When a user B receives the indication of the intention of the conclusion of contract from a user A, the user B generates a random number using one generative number as a seed by its own terminal equipment, enciphers it by a common key KAB with the user A, and transmits it to the user A. The user A decodes the random number by the common KAB, enciphers a contract content by using the random number as a key, transmits it to the user B, and applies for contract to the user B. Moreover, the user A transmits certification data obtained by converting the contract content by a hash function decided by its own secret key KSA to the user B.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD The present invention relates to the Internet,
The present invention relates to an electronic contract method for making various contracts, including sales and purchase of goods and associated billing and settlement, by online communication using a network such as a personal computer communication network.

[0002]

2. Description of the Related Art When two types of contracts are made by online communication between two parties on a network, one of which is an application side of a contract and the other is an acceptance side of the contract, the contract is made securely and the contract is executed. In order to enhance reliability, the contents of the contract cannot be forged by a third party (Third party condition
. The receiver (contract acceptor) cannot forge the contract contents (hereinafter referred to as condition T).
Condition R), the sender of the contract (sender of contract)
Cannot be denied after the fact (Sender condition. Hereinafter, condition S
It is generally said that such a condition must be satisfied (eg, W. Diffie and MEHell
man's dissertation "New directions in cryptography / IE
EE, IT, vol. IT-22, No. 6, pp. 644-654, 1976.11. "). In particular, in a sales contract for a product, etc., the condition S
Insufficient is often the source of a later dispute between the parties, and it is desirable to satisfy this condition S as much as possible.

[0003] As a conventional electronic contract method, for example, a method using a password unique to an applicant of the contract is widely used.

In this method, for example, when a user as a party applying for a contract on a network tries to make a contract to purchase a product from a merchandise seller as an accepting party to the contract, the user must first make a contract with the product. Using the unique password of the user registered with the seller, an application for product purchase is made to the product seller through online communication. Then, the product seller receiving the communication of the application authenticates the user based on the password, accepts the application for purchasing the product and paying the price for the user, and transfers the product to the user according to the accepted content. , Billing for money.

However, in this method, since the contract contents and the password are directly communicated between the user and the merchandise seller, the password is stolen by a third party or the contract contents are forged by the third party. High risk. Therefore, for example, it is difficult to satisfy the condition T, and it is difficult to make a highly reliable contract.

[0006] In recent years, an electronic contract method using a public key method using a so-called RSA encryption has also been known.

In this method, for example, when making a contract for the purchase of a product as described above, the user makes a request for the purchase of the product using a private key unique to the user provided by a key management station on the network. Encrypt and send it to the merchant. In addition, the merchandise seller receiving the encrypted application refers to the user's public key published by the key management station, and decrypts the encrypted application using the public key. Then, based on the decrypted application content, the user accepts the application for purchasing the product and paying for the product. In this case, the only thing that can be successfully decrypted using the user's public key is the one encrypted using the user's private key. The user can be authenticated depending on whether or not the decryption is successful.

[0008] In such a method based on the public key method, since communication between parties to a contract is performed by encryption, confidentiality of the communication content is ensured, and it is difficult for a third party to falsify the contract content. In addition, since the ciphertext that can be decrypted with the public key of the user who is the party applying for the contract is limited to that encrypted with the private key of the user, the user can later deny the fact of the contract, or the party accepting the contract It is also difficult for the merchandise seller to forge the contents of the contract. Therefore, the conditions T, R, and S are easily satisfied, and the reliability of the contract can be improved.

However, in this public key system, the amount of data processing for the encryption communication is generally large, which tends to be inefficient, and in communication, the public key is required to refer to the public key each time. It had to communicate with the key management office, which was troublesome. Further, since the key management station must maintain and manage the public key strictly, the burden on the key management station is large, and it is difficult for many users to join the system. Accordingly, it has been difficult to construct a simple and highly popular electronic contract system using such a public key method.

On the other hand, in the cryptographic communication, the same key is used for encryption and decryption in addition to the asymmetrical cryptographic communication system which uses different keys for encryption and decryption as in the public key system. A symmetric encryption communication system is known. And, as such a symmetric encryption communication method, for example,
Rolf Blom's paper `` NON-PUBLIC KEY DISTRIBUTION
/ Advances in Cryptology: Proceedings of CRYPTO '82
/ Plenum Press 1983, pp.231-236 ", also Rolf Blo
m, `` An Optimal Class of SymmetricKey Ge
neration Systems / Advances in Cryptology: EUROCRY
PT '84 / Springer LNCS 209, 1985, pp. 335-338 ", or Japanese Patent Publication No. 5-48980 or U.S. Pat. No. 5,016,276. A personal key (algorithm) is distributed, and at the time of communication, each user performs cipher communication with the communication partner by inputting a public identifier such as the name of the communication partner into his / her personal key. That can generate a common key for use in the communication are known.

[0011] According to such an encryption communication system, when performing the encryption communication, each user does not perform prior communication with the key management station or the like, but writes his / her personal key such as the name of the communication partner side. By simply inputting the openness identifier, it is possible to generate a common key for encrypted communication with the communication partner at any time, and the key management station only needs to issue a personal key for each user. The burden is small.

[0012] Therefore, if such a cryptographic communication system using a common key can be applied to an electronic contract, it is considered that a simple and highly popular electronic contract system can be provided.

[0013] However, when a contract for online communication is made by using such a common key cryptographic communication method, both parties to the contract may arbitrarily at any time,
Since a common key with the other party can be generated, it is difficult to sufficiently secure the reliability of the contract simply by encrypting the contents of the contract with the common key and exchanging the contents between the parties.

That is, when a contract is concluded between two parties,
In order to enhance the reliability of the contract, it is important that one of the conditions T, R, and S is satisfied as one of the requirements. It is important that only the parties can do so, and more preferably to give the other party what they can publicly authenticate. However, as described above, when an attempt is made to sign a contract by cryptographic communication using a common key, the common key can be generated by both parties at any time. Just encrypting and exchanging between the parties does not allow each party to give each other what only the parties can do, making it difficult to ensure sufficient contract reliability.

[0015]

SUMMARY OF THE INVENTION In view of this background, the present invention can improve the reliability of a contract while performing cryptographic communication using a common key between parties to the contract.
An object of the present invention is to provide an electronic contract method capable of constructing a simple and highly popular electronic contract system.

[0016]

In order to achieve this object, the electronic contract system of the present invention achieves the above object by setting one of two parties on a network as an application side of a contract and the other as an acceptor of the contract. In the electronic contract method in which the parties make the contract by online communication between the terminal devices owned by the parties, only the two parties are valid by inputting the identifier of the party making the contract in advance into the terminal device of each party Means for generating a common key for secure encrypted communication, and means for encrypting and decrypting communication data, wherein the accepting party receives an indication of the conclusion of the contract from the applying party. The receiving party's terminal device inputs the identifier of the applying party and generates the common key with the applying party, Is ignorant, encrypts the accepting party unique data unique to the accepting party using the common key, transmits the encrypted data to the terminal apparatus of the applying party, and receives the encrypted accepting party unique data. The parties are
After inputting the identifier of the accepting party by the terminal device of the applying party and generating the common key with the accepting party, decrypts the encrypted accepting side unique data using the common key. Further, after encrypting the contract contents to be contracted with the accepting party using the decrypted accepting side unique data as a key, the encrypted contract contents are transmitted to the terminal device of the accepting party. The accepting party who has applied for the contract to the accepting party by transmitting and received the contract content encrypted with the accepting party-specific data as a key, uses the terminal device of the accepting party to perform the encryption. Decrypting the contracted content using the accepting side unique data of the accepting party as a key, and accepting the contract based on the decrypted contracted content.

According to the present invention, when the accepting party receives an application for concluding a contract from the applying party, the accepting party is unique to the accepting party and unknown to the applying party. The data is encrypted using the common key with the requesting party and transmitted to the terminal device of the requesting party. In this case, the common key with the subscribing party is generated by inputting the identifier of the subscribing party that is the communication partner of the accepting party into the terminal device of the accepting party.

On the other hand, when the receiving party's own terminal apparatus receives the accepting party's unique data encrypted as described above, the requesting party's own encrypted data is sent to the common key with the accepting party. And decrypt it. in this case,
The common key with the accepting party is generated by inputting an identifier such as the name of the accepting party into the terminal device of the applying party.

The identifier of each party required for each party to generate a common key with the communication partner as described above is the name, address, mail address on the network, domain name of each party, or any of them. Use one that is unique and open to each party, such as a combination.

Next, the applicant party who decrypts the accepting side unique data as described above encrypts the contract contents using the accepting side unique data as a key and transmits it to the accepting party terminal device. Apply for the contract to the accepting party. The accepting party that has received the contract content encrypted with the accepting side unique data as a key in its own terminal device decrypts the contract content with the accepting side unique data owned by itself as a key. And accepts the contract with the applicant party based on the decrypted contract content.

According to the electronic contract method of the present invention for making such a contract, the applying party uses as a key the accepting side unique data that is unique to the accepting party and that the applying party cannot know in advance. Since the contract contents are encrypted and the contract is applied to the accepting party, the accepting party receives the contract application from the applying party in a unique manner specified by itself. Therefore, the accepting party increases the reliability of the application of the contract by the applying party. At the same time, the requesting party applies for the contract in accordance with the method uniquely specified by the accepting party, making it difficult for the contracting party to later deny the contract. Further, the common key for encrypted communication of the accepting side unique data from the accepting party to the applying party can be obtained by both parties simply inputting the other party's identifier into their own terminal devices. The key for the cryptographic communication of the contract content from the applicant party to the accepting party may be shared by the accepting party-specific data as the key from the accepting party to the applying party. Can be shared by both parties simply by giving them encrypted data, so that the parties can perform communication for contract without any trouble without the involvement of a third party such as a key management authority. . Further, since communication between the parties is performed by encrypted communication, confidentiality of the communication data (accepting-side unique data and contract contents) to outsiders is maintained.

Therefore, according to the present invention, it is possible to enhance the reliability of a contract while performing cryptographic communication using a common key between parties to the contract, and to construct a simple and highly popular electronic contract system. can do.

In the present invention, the accepting party includes:
Before encrypting the accepting side unique data and transmitting it to the applying party, the accepting party's terminal device generates a random number whose seed is irreducible using the number of singleness as a seed, and generates the random number. Preferably, a random number is used as the accepting side unique data. Here, the one-time number is a number having no reproducibility or extremely poor reproducibility.

As described above, by using the random number generated by using the number of oneness as a seed in the terminal device of the accepting party as the accepting party unique data, the unique color of the accepting party unique data in the accepting party is enhanced, By using the unique data of the accepting side as a key and encrypting the contents of the contract from the applying party and transmitting it to the accepting party, the reliability of the contract between the two parties based on the contents of the contract can be effectively increased. Increase.

In this case, the one-time number serving as a seed of the random number is generated based on, for example, the temporal timing of an artificial input operation in the terminal device of the accepting party. As described above, the number generated based on the temporal timing of an artificial input operation (for example, an operation of inputting a certain sentence or phrase) in the terminal device of the accepting party is accidentally predicted by the ambiguity of the human operation. It will be unattractive. Therefore, it is possible to accurately generate a one-time number having no reproducibility or extremely poor reproducibility, and by using the random number generated as a seed as the unique data of the accepting side, the unique number of the accepting side can be obtained. The uniqueness of the data can be secured well.

Further, in the present invention, when the applicant party indicates to the accepting party the intention to conclude the contract, the applying party or the preliminary contract content indicating the outline thereof is exchanged with the accepting party. Using the common key, encrypt the data by the terminal device of the applicant side and transmit it to the terminal device of the accepting party.When accepting the contract, the accepting party encrypts using the common key when accepting the contract. Decrypted by the terminal device of the accepting party, and decrypted by the terminal device of the accepting party the encrypted content of the contract with the accepting party specific data as a key. The contract is confirmed by checking the contract.

As described above, when the applicant party indicates to the accepting party the intention to conclude the contract, the applicant or the preliminary contract showing the outline thereof is accepted by the cryptographic communication using the common key. By giving to the side parties,
When the accepting party finally accepts the contract, the contract contents or the preliminary contract contents encrypted using the common key are decrypted and the accepting party specific data is encrypted as a key. After checking the agreement with the decrypted version of the contract content and confirming their consistency, the contract can be accepted, and the accepting party can further increase the reliability of the contract with the applying party. Can be enhanced.

Further, in the present invention, when applying for the contract to the accepting party, the application side uses the terminal device of the applying side to at least add the contract contents to the accepting party.
A processing based on a secret key unique to the applicant party, which can be authenticated by a third party having notarization capability other than the applicant party and the accepting party, is performed so as to be unique to the contract contents and unique to the applicant party. Generating authentication data and transmitting the generated authentication data to the accepting party.

As described above, when the applying party applies for a contract with the accepting party at the time, a process based on a secret key that is unique to the applying party and can be authenticated by the third party is applied to the contents of the contract. By generating authentication data unique to the contract content and unique to the applicant party and transmitting it to the accepting party, the accepting party is provided with the public information by the applicant party for the contract content. The authentication data corresponding to the signature or the seal is given by the party on the application side. This allows both parties to
Contract credibility will be stronger.

In this case, the authentication data may be data of the contract contents, data obtained by encrypting the contract contents with the acceptor-side unique data as a key, or data corresponding to the date and time of the contract application to these data. The added data is converted by a one-way function determined by the secret key.

Alternatively, the authentication data may be data of the contract contents, data obtained by encrypting the contract contents using the accepting side unique data as a key, or data corresponding to the date and time of the contract application to these data. Is converted by a predetermined one-way function, and the converted data is generated by encrypting the converted data with the secret key.

According to this, the contents of the contract or the contents obtained by encrypting the contents using the unique data of the accepting side as a key, or the contents obtained by adding data corresponding to the date and time of the contract (hereinafter, the contents of the contract ) And the application party can generate authentication data unique to the party. Also, when generating authentication data, the contents of the contract and the like are converted using a one-way function, so after giving the generated authentication data to the accepting party, for example, even if the applying party tries to falsify the contract contents, It is difficult for the applicant party to falsify the contract contents so as to match the authentication data given to the accepting party, and it is difficult for the applicant party to later deny the contract contents. Further, since the authentication data is generated based on the secret key of the party on the application side, it is difficult for the party on the application side to falsify the contract contents so as to match the received authentication data. Therefore, the reliability of the contract can be effectively increased between the two parties.

When data corresponding to the date and time of the contract application is added, the data corresponding to the date and time of the contract application includes a numerical value indicating the date and time as the one-way function or the one-way function. Is preferably data converted by a different one-way function. By converting the date and time of the contract by the one-way function in this way, it is difficult to falsify the date and time of the contract application later.

As described above, after converting the contract content and the like by a predetermined one-way function, and encrypting the converted data using the secret key as a key,
When applying for the contract to the accepting party, the conversion data obtained by the one-way function is transmitted to the terminal device of the accepting party, and the accepting party that has received the conversion data, The contract content decrypted using the accepting side unique data as a key by the terminal device of the side party is converted by the same one-way function as the one-way function of the applying party, and further, the contract is accepted. At this time, the conversion data transmitted from the terminal device of the accepting party and the contract content decrypted using the accepting side unique data as a key are the same as the one-way function of the applying party. It is preferable to check the converted data by collating with data converted by a function.

[0035] As described above, the converted data obtained by converting the contents of the contract and the like by the applying party using a predetermined one-way function is transmitted to the accepting party. By comparing the data obtained by converting the contract content decrypted with data as a key by the same one-way function as the applicant party and the conversion data sent from the accepting party, the conversion data becomes It is possible to confirm whether or not it is generated based on the formal contract contents (contract contents obtained by decrypting the data unique to the accepting side as a key). Thereby, the reliability of the contract can be further enhanced.

In the communication of the converted data, the requesting party encrypts the converted data by the terminal device of the requesting party using the unique data of the receiving side as a key, and encrypts the converted data by the terminal device of the receiving side. Preferably, the accepting party decrypts the encrypted converted data with the accepting party specific data as a key by a terminal device of the accepting party.

In the communication of the authentication data,
The requesting party encrypts the authentication data with the accepting party specific data as a key using the terminal apparatus of the requesting party and transmits the encrypted data to the terminal apparatus of the accepting party, and the accepting party encrypts the encrypted data. Preferably, the authentication data obtained is decrypted by the terminal device of the accepting party using the accepting side unique data as a key.

As described above, by encrypting and communicating the converted data and the authentication data which are important for enhancing the reliability of the contract, it is possible to ensure the confidentiality of the converted data and the authentication data to outsiders. Can be.

In the case where the authentication data and the conversion data are communicated at the time of the contract, after the contract is concluded, the applying party and the accepting party at least communicate the contract contents, the accepting side unique data, and the conversion data with each other. It is particularly preferable that the authentication data is sent to the third party for storage.

In this way, each party sends the contents of the contract, the data unique to the accepting side, the conversion data, and the authentication data from these parties to a neutral third party for storage, thereby increasing the validity of the contract. It can be assured.

[0041]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of the present invention will be described with reference to FIGS. FIG. 1 is an explanatory diagram showing an overall configuration of an electronic contract system to which the electronic contract method of the present embodiment is applied, FIG. 2 is a block diagram showing a functional configuration of a terminal device possessed by a party making a contract in the present embodiment, FIG.
FIG. 4 is a flowchart showing a processing procedure when making a contract in the present embodiment.

With reference to FIG. 1, in the present system, a plurality of users A, B,.
1b,..., And a key management station C responsible for issuing a key for cryptographic communication, etc.
Is connected to a terminal device 3 of a notary public S that performs authentication of a key for encrypted communication and the like via a network 4 such as the Internet or a personal computer communication network. Each of the terminal devices 1a, 1b,..., 2, 3 is constituted by a computer machine such as a personal computer, a communication device, or software attached thereto. In this case, each user A, B,... Has a common key generation algorithm X unique to each user A, B,... For generating a common key for encrypted communication with any other user. _A , X _B ,... Are distributed in advance from the key management station C, and a common key K _AS , for cryptographic communication with the notary public S.
_KBS ,... Are distributed in advance from the key management station C as secret keys unique to the users A, B,. The algorithm X _A , X _B ,..., The secret key K _AS ,
K _BS, ... it is stored for each user A, respectively, B, ... of the terminal device 1a, 1b, ... (hereinafter collectively referred to as the terminal apparatus 1 as needed).

The notary public S has common keys K _AS , K _BS , and _CRS for cryptographic communication with arbitrary users A, B _,.
.. (= Secret key of each user A, B,...), A common key generation algorithm X _S unique to the notary public S is distributed in advance from the key management station C, and it is the terminal of the notary public S. It is stored in the device 3. Thereby, the notary public S
Is used to generate its own common key generation algorithm X
_{Using S} , common keys K _AS , K with each of users A, B,.
_BS, to generate a ..., each of it user A, B, ... that is to match the secret key K _AS, K _BS, ... and who owns, each user A, B, ... the secret key K _AS of, K _BS, ... can be authenticated.

Here, each user A, B,...
Common key generation Arugorimu X _A but that possession, X _B, ..., X
_S described the above-mentioned paper by Rolf Blom and Japanese Patent Publication No. 5-48980.
No. 5,016,276, it is possible to input an identifier that is unique and open to the communication partner, such as the name and address of the communication partner, to perform encryption communication with the communication partner. This is to generate a common key.

As shown in FIG. 2, each user A, B,.
The terminal device 1 has a random number generating means 5 for generating a random number as a functional configuration by hardware or software.
.., And inputs the identifier of the communication partner, as described above, to generate a common key for encrypted communication with the communication partner using the common key generation algorithms X _A , X _B ,. Encryption / decryption means 7 for encrypting / decrypting communication data according to a so-called key sharing method using a common key generated by the common key generation means 6 and a random number generated by the random number generation means 5 as keys. And a communication means 8 for transmitting and receiving communication data, and a contract processing system 9 (details will be described later) which is responsible for processing such as generation of various data for a contract described below.

In this case, the encryption / decryption means 7 is, for example, 3
The communication means 8 is constituted by a modem and software for communication processing.

The random number generation means 5 generates a random number which can be used as a key for the encryption / decryption means 7 by using the one-time number as a seed. More specifically, when the random number is generated by the random number generating means 5, for example, a user of the terminal device 1 inputs a certain phrase or sentence to the terminal device 1 from a keyboard (not shown). Measures the timing of the input operation (for example, the input time of each word and the time interval of input of each word). Since the measured value of the timing of the input operation is based on an artificial input operation having ambiguity, it corresponds to a one-time number that is accidental and has no reproducibility. Then, the random number generation unit 5 converts the measured value into data that can be used as a key for encryption / decryption of the encryption / decryption unit 7 using the measurement value of the timing of the input operation as a seed. , Generate random numbers. In this case, when converting the measured value to a random number, for example, by performing a conversion using a one-way function such as a hash function, the measured value as a seed is back-calculated from the random number obtained as a result of the conversion. Can not be done. The random number generated by the random number generation means 5 is unique to the accepting party in the terminal device 1 on the user side which is the accepting party of the contract when each user A, B,. This is generated as unique data on the accepting side which cannot be expected by the party applying for the contract.

In the system according to the present embodiment having the above-described configuration, for example, a user A purchases a product from a user B or obtains a service. When the two parties enter into a contract with B as the accepting party of the contract, the contract is made as follows.

That is, referring to FIG. 3, first, a user A who is a party applying for a contract receives his / her own terminal device 1
In a, enter the identifier of an acceptance party of contract user B, by the common key generating unit 6 from the identifier and the common key generation algorithm X _A of the user B, the common key K _AB between the user B Is generated (STEP 1).
a).

Next, the contents of the contract to be concluded with the user B (this is separately prepared by the user A on the terminal device 1a) are transmitted by the encryption / decryption means 7 of the terminal device 1a to the common key generated in STEP 1a. The contract is encrypted using the K _AB , and the encrypted contract is transmitted to the terminal device 1b of the user B via the communication means 8 (STEP 2a). Thus, the user A indicates to the user B the intention to conclude the contract.

It should be noted that the content to be encrypted and transmitted for the purpose of displaying the intention is not necessarily the content of the contract that the user A ultimately intends to conclude with the user B. It may be the preliminary content shown.

On the other hand, the user B who has received the above transmission
In his terminal device 1b, enter the identifier of the user A, by the common key generating unit 6 and the user A algorithm identifier and the common key generation X _B, generates a common key K _AB between the user A (STEP 1b).

Next, the user B uses the random number generation means 5 to seed the number of times (measured value of the timing of the input operation) based on the timing of the input operation to the terminal device 1b of the user B as described above. Is generated as acceptance-side unique data (STEP 2b).

The user B uses the encryption / decryption means 7 of the terminal device 1b to encrypt the random number generated in STEP 2b using the common key K _AB generated in STEP 1b, and transmits the encrypted random number to the communication means 8 Is transmitted to the terminal device 1a of the user A via (step 3b).

The user A, having received the encrypted random number, decrypts the encrypted random number by the encryption / decryption means 7 of the terminal device 1a using the common key K _AB generated in STEP 1a. (STEP 3a).

The user A has his / her own terminal device 1a.
Is concluded with User B by the contract processing system 9 of
Authentication data unique to the user
(Step 4a). That is, the contract processing system
The stem 9 includes the secret key K of the user A._SAThe parameter
Hash function as a one-way function determined as
User A issues an instruction to generate authentication data
When it is obtained, the contract contents are converted by this hash function
By doing so, authentication data (hash value) is generated. This
The authentication data generated as in
ー A's secret key K _SADepends on the hash function determined by
Unique to contract A and user A
It will be.

Next, the user A collects the authentication data generated in this way and the contract contents as its original text by the encryption / decryption means 7 of the terminal device 1a.
Random numbers (accepting-side unique data) decoded in STEP 3a
And transmits the encrypted authentication data and contract contents to the terminal device 1b of the user B (STE
P5a). As a result, the user A applies for a contract with the user B.

The user B who has received the authentication data and the contract contents encrypted as described above generates the encrypted authentication data and the contract contents by the encryption / decryption means 7 of the terminal device 1b in the STEP 3b. The original authentication data and the contract contents that are not encrypted are obtained by decrypting the random number as a key (STEP 5b). Further, the user B agrees with the contract contents acquired in STEP 5b,
The contract content obtained in STEP 2b is collated (ST2).
EP6b), after confirming the consistency of the contents, accepts the contract applied by user A as described above (ST6).
EP7b), whereby a contract between users A and B is established.

The user A stores the random number decrypted in STEP 3a, the authentication data before the encryption in STEP 5a, and the contract contents.
The random number generated in EP3b or the one-time number as a seed of this random number, the authentication data decrypted in STEP5b, and the contract content are stored. According to such an electronic contract of the present embodiment, when receiving the intention of the contract from the user A, the user B uses the number of one-timeness that is unique to the user B and is unknown to the user A as a seed. The generated random number is given to the user A, and the user B receives the encrypted contract content from the user A using the random number as a key.
Receives an application for a contract in accordance with the contract contents from the user A in a method unique to the user B specified by the user himself.

Therefore, the intention of the user B to conclude the contract by the user A becomes clear. At the same time, since the user A applies for a contract to the user B in a unique manner specified by the user B, it is difficult to later deny the fact of the contract. Therefore, for the user B, the reliability of the contract applied from the user A increases.

Further, the user A gives the user B the contents of the contract to be concluded with the user B or an outline thereof at the time of first indicating the intention of the user B to conclude the contract. When finally accepting the contract with the user A, the contract contents initially received or the outline thereof (decoded in STEP 2b) and the contract contents finally received (STEP 2b)
5b), and after confirming whether there is any contradiction between the two, the contract with the user A can be accepted. This also increases the reliability of the contract with the user A.

Further, the user A transmits the authentication data obtained by converting the contract contents by a hash function (one-way function) determined by the secret key K _SA unique to the user A, to the user B.
Therefore, the reliability of the contract for both users A and B is further strengthened.

That is, the authentication data indicates that the user A
Since the contract contents are converted by a hash function (one-way function) determined by a secret key K _SA unique to the user, the contract contents are unique to the user A and the contract contents and cannot be generated by the user B. Things. And
The secret key K _SA of the user A can be authenticated by the notary public S in a neutral position from both the users A and B as necessary. Therefore, providing the authentication data from the user A to the user B means that the user A
Means that a public signature or seal is applied to the contents of the contract concluded with User B to User B.

In this case, when the user B receives the authentication data from the user A, the user B does not know whether or not the authentication data is appropriate. The contract contents stored by the user A are converted by a hash function determined by the secret key K _SA of the user A, and the converted
By collating with the authentication data given to the user B from the user A, the authenticity of the authentication data given from the user A to the user B can be proved.

Further, since the user B does not know the secret key K _SA of the user A reflected on the authentication data, the user B may falsify the contract content received from the user A after the user B concludes the contract with the user A. However, it is not possible to generate authentication data that matches the altered contract content, and as a result, the user B cannot alter the contract content.

Further, since the authentication data is obtained by converting the contract contents by a hash function as a one-way function, even if the user A attempts to falsify the contract contents after the contract, the authentication data given to the user B It is also difficult for the user A to falsify the contract contents so as to match the agreement.

Therefore, by giving the above authentication data from the user A to the user B, the users A and B
For both, the credibility of the contract will be strong.

Further, the contract between the two users A and B at the time of the contract
Communication of the common key K_ABOr cryptographic communication using random numbers as keys
Outsiders of contract details and authentication data
Confidentiality is assured. In this case, the random number
Key K for communication _ABMeans that each user A, B
The other party sends the common key generation means 6 of its own terminal device 1a, 1b
Entering the identifier of the key management
And can be generated, and also the final contract
Used as a key for encrypted communication of authentication and authentication data
The random number is generated by the user B using the random number generation method of the terminal device 1b.
Generated by stage 5 and used_ABEncrypted by
Just by transmitting to the terminal device 1a of the user A,
Both A and B can share.

Therefore, the two users A and B have a contract.
Communication can be easily performed. Also, the key management station C
Is a secret key generation algorithm or secret for each user A, B,.
Secret key K _AS, K_BSAfter distributing,…, the public key method
It is not necessary to maintain and manage the key as in
The burden on the management station C is small.

For this reason, the system for making an electronic contract according to the present embodiment can be made simple and highly popular.

Next, a second embodiment of the present invention will be described with reference to FIG. In this embodiment, the system configuration is the same as that of the first embodiment, and the description of the components will be omitted using the reference numerals in FIGS.

Referring to FIG. 4, in the present embodiment, when a contract similar to that of the first embodiment is made between two users A and B, exactly the same as in the first embodiment. , The intention of signing a contract from the user A to the user B, and the subsequent transfer of a random number (accepting-side unique data) from the user B to the user A are performed (S at the user A side).
STEP1a to STEP3a and STEP of the user B side
1b to STEP3b).

On the other hand, the user A, who has received the random number from the user B, uses the contract processing system 9 of the terminal device 1a to send the authentication data unique to the content of the contract to be concluded with the user B and unique to the user A next. Is generated as follows.

That is, the contract processing system 9 of the terminal device 1a of the user A and the contract processing system 9 of the terminal device 1b of the user B have the same hash function (one-way function).
The contract processing system 9 of the terminal device 1a of the user A, when given an instruction to generate authentication data from the user A, firstly, describes the contents of the contract that the user A intends to conclude with the user B by using the hash Conversion is performed by a function (STEP 4a).

The hash function as described above may be set in advance to be the same for all users A, B,..., For example, a common hash function used when these users conclude a contract. The key K _AB ,... Or a random number may be set as a parameter each time a contract is made.

Next, the contract processing system 9 of the user A
The converted data obtained by the conversion of STEP 4a (hash value) by the encryption-decryption unit 7, that allowed to encrypt the secret key K _SA user A, generates authentication data (STEP6a). In this case, the conversion data is encrypted with the secret key _KSA of the user A to generate authentication data, so that the authentication data is unique to the contract contents and the user A.

After generating the authentication data in this way, the user A converts the authentication data, the conversion data obtained in the process of generating the authentication data, and the contract contents, which are these original texts, Using the random number obtained by decryption in STEP 3a as a key, the data is encrypted by the encryption / decryption means 7, and the encrypted authentication data, conversion data, and contract details are transmitted to the terminal device 1b of the user B (STEP 5a).

User B, which has received the encrypted authentication data, converted data and contract contents, encrypts the encrypted authentication data, converted data and contract contents using the random number generated in STEP 3b as a key. The original authentication data, converted data and contract contents that are not encrypted are obtained by decrypting by the decrypting means 7 (S
TEP5b). Then, the user B collates the contract contents acquired in STEP 5b with the contract contents acquired in STEP 2b (STEP 6b), and confirms consistency of the contents.

Further, the user B has his / her own terminal device 1
b, the contract processing system 9 converts the contents of the contract acquired in STEP 5b by the same hash function as that of the user A (STEP 7b), and compares the data obtained by the conversion with the converted data acquired in STEP 5b ( (Step 8b) It is confirmed whether or not both data match.

Then, when the consistency of the contract contents is confirmed in STEP 6b and the coincidence of the converted data is confirmed in STEP 8b, the user B accepts the contract with the user B in accordance with the contract contents given by the user A ( STE
P9b).

User A stores the random number decrypted in STEP 3a, the authentication data before conversion in STEP 5a, the conversion data, and the contract content, and user B stores the random number generated in STEP 3b or the random number generated in STEP 3b. The number of one-timeness as a seed of the random number, the authentication data decrypted in STEP 5b, the conversion data, and the contract content are stored.

According to the electronic contract of this embodiment, the transfer of the random number from the user B to the user A,
By transferring the authentication data from the user A to the user B, the same operation and effect as those of the first embodiment can be obtained.

Further, in the present embodiment, when user A generates authentication data, conversion data obtained by converting the contract contents by the same hash function as user B is given from user A to user B, By confirming the converted data, the reliability of the contract can be further increased. That is, on the user B side, the user A
The fact that the data obtained by converting the contract content sent from the user by the hash function matches the converted data sent from the user A means that the user A generates the converted data and further generates the authentication data. This means that the contents of the original sentence at the time of the agreement with the contents of the contract sent from the user A to the user B match. Therefore, on the user B side,
By comparing the data obtained by converting the contract content sent from the user A by the hash function with the converted data sent from the user A and confirming that they match, on the user B side, the user B When A generates authentication data, it is possible to confirm whether or not the conversion data has been generated by the hash function from the correct contract contents,
Thereby, the reliability of the contract can be further enhanced.

Next, a third embodiment of the present invention will be described with reference to FIG. Note that the present embodiment is different from the first and second embodiments.
Since the system configuration is the same as that of the embodiment of
The description of the components will be omitted using the reference numerals in FIGS. 1 and 2.

Referring to FIG. 5, in this embodiment, when two users A and B conclude the same contract as in the first and second embodiments, the first and second users In exactly the same manner as in the embodiment, the intention of the user A to conclude the contract from the user B and the subsequent transfer of the random number (accepting-side unique data) from the user B to the user A are performed (user A's side). STEP1a to STEP3a and STEP1b to STEP3b of the user B side).

On the other hand, the user A, which has received the random number from the user B, uses the contract processing system 9 of the terminal device 1a to send authentication data unique to the contract to be concluded with the user B and unique to the user A next. Is generated as follows.

That is, the user A inputs the date and time of applying for a contract to the user B to the contract processing system 9 having the same hash function as the user B, as in the second embodiment. A time stamp (data corresponding to the date and time of the contract application) generated by converting the date and time of the contract application by the hash function of the processing system 9 is generated (STEP 4a).

User A converts the sum of the time stamp generated in STEP 4a and the contents of the contract concluded with user B using the hash function of contract processing system 9 to generate converted data (hash value). (STEP 5a), and further converts the converted data into the second
Similar to the embodiment, it generates the authentication data by encrypting the secret key K _SA user A (STEP7
a).

Next, the user A transmits the contract contents, the time stamp, the conversion data, and the authentication data to the STE
Using the random number obtained by decryption in P3a as a key, the data is encrypted by the encryption / decryption means 7, and the encrypted contract contents, time stamp, conversion data, and authentication data are transmitted to the terminal device 1b of the user B (STEP 6a).

The user B who has received the encrypted contract contents, time stamp, conversion data and authentication data
Decrypts the encrypted contract contents, the time stamp, the conversion data, and the authentication data by using the random number generated in STEP 3b as a key by the encryption / decryption means 7 so that the original contract that has not been encrypted can be obtained. Acquire contents, time stamp, conversion data and authentication data (ST
EP5b). Then, the user B collates the contract contents acquired in STEP 5b with the contract contents acquired in STEP 2b (STEP 6b), and confirms consistency of the contents.

Further, the user B has his / her own terminal device 1
b, the contract processing system 9 converts the combination of the contract contents acquired in STEP 5b and the time stamp using the same hash function as the user A side (STEP 5b).
7b) the data obtained by the conversion and STEP5
b is compared with the converted data obtained in step b (STEP 8b),
Check whether the two data match.

Then, as in the second embodiment, S
TEP6b confirms the consistency of the contract contents and STE
When a match of the converted data is confirmed in P8b, the user B
Accepts the contract with user B in accordance with the contract content given by user A (STEP 9b).

The user A receives the random number decrypted in STEP 3a, the authentication data, the converted data, and the contract content before encryption in STEP 5a, the time stamp or the date and time of the contract application based on the time stamp. The user B stores the random number generated in STEP 3b or the one-time number as a seed of this random number,
The authentication data, converted data, contract contents, and time stamp decrypted in EP5b are stored.

Further, in this embodiment, users A and B
Sends the data to be stored to the notary public S for storage as described above. In this case, when each of the users A and B sends data to the notary public S, each of them uses cryptographic communication using the common key K _SA and K _SB (= the secret key of each of the users A and B) with the notary public S. , Sends the data to the notary public S.

According to such an electronic contract of the present embodiment, the transfer of random numbers from user B to user A,
By transferring the authentication data from the user A to the user B, the same operation and effect as those of the first embodiment can be obtained. Further, as in the second embodiment, by confirming the conversion data on the user B side,
The credibility of the contract can be increased.

In the present embodiment, since the conversion data and the authentication data reflect the date and time of the contract application by the user A in addition to the contract contents, the data is not only the contract contents but also the user A The contract is also unique at the date and time of application for the contract, and the credibility of the contract based on those data becomes stronger. In particular, in the present embodiment, instead of using the date and time of the contract application as it is and generating conversion data and authentication data, the date and time are converted by a hash function and then reflected in the conversion data and authentication data. For example, if the user A
It is difficult to falsify the date and time of the contract application so as to match the time stamp sent to the user, and as a result, the time stamp becomes effective in determining the date and time of the contract application by the user A. .

Further, in this embodiment, each user A,
B sends, to the notary public S, not only the contents of the contract, but also the above-mentioned random number or the number of one-timeness, authentication data, conversion data, and a time stamp or the date and time of the application for the contract based on the same. So users A, B
The fact of the contract between them can be assured.

In each of the above-described embodiments, the user A uses the contract itself when generating the conversion data and the authentication data. However, the contract is used as a random number given by the user B. The conversion data and the authentication data may be generated from the data encrypted using the as a key. In this case, the conversion data and the authentication data include the contract contents and the secret key K _SA unique to the user A.
In addition, since the random number unique to the user B generated by the user B is also reflected, the validity of the contract based on the conversion data and the authentication data can be made stronger for both users A and B. .

In the first and second embodiments,
Each of the users A and B may send a random number or a one-time number as a seed, authentication data, conversion data, and the like to the notary public S for storage in the same manner as in the third embodiment.

In each of the above embodiments, a common key with the notary public S is used as the secret key K _SA for generating authentication data. It is also possible to generate a unique secret key at the key management station C and distribute it to each user. However,
In this case, in order to authenticate the secret key of each user, the notary public S must keep the secret key of each user, and the burden on the notary public S is large. On the contrary,
As in the above embodiments, by using the common key of the notary public S as the secret key of each user, the notary public S inputs the identifier of each user to the common key generation algorithm owned by itself, The secret key of each user can be generated at any time, and the burden on the notary public S can be extremely small.

In each of the above embodiments, a random number is used as the accepting-side unique data. However, for example, the time of the input operation on the terminal device 1b of the accepting party (user B) is used as the accepting-side unique data. The requesting party (user B) may be made to apply for a contract with the accepting party within a time period in which the data cannot be falsified.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram showing the overall configuration of an electronic contract system to which a first embodiment of the present invention has been applied.

FIG. 2 is a block diagram showing a functional configuration of a terminal device possessed by a party making a contract in the first embodiment of the present invention.

FIG. 3 is a flowchart showing a processing procedure when making a contract in the first embodiment of the present invention.

FIG. 4 is a flowchart showing a processing procedure when making a contract in the second embodiment of the present invention.

FIG. 5 is a flowchart showing a processing procedure when making a contract in the third embodiment of the present invention.

[Explanation of symbols]

1 (1a, 1b, ...) terminal device, A, B ... user (participant in contract), S ... notary public (third party), K _AB ... common key, K _SA ... private key, 5 ... random number generation means , 6... Common key generation means, 7.

Claims (13)

[Claims] An electronic contract method in which one of two parties on a network is an application side of a contract and the other is an accepting side of the contract, and the parties make the contract by online communication between terminal devices respectively owned by the parties. Means for generating a common key for encrypted communication valid only between both parties by inputting in advance to the terminal device of each party the identifier of the other party making the contract, and encrypting / decrypting communication data The accepting party inputs the identifier of the applying party through a terminal device of the accepting party when receiving an indication of the conclusion of the contract from the applying party. Then, after generating the common key with the applying party, the accepting party-unique data unique to the accepting party without being known to the applying party is encrypted using the common key. The receiving party, receiving the encrypted receiving-side unique data, inputs the identifier of the receiving-side party through the terminal of the receiving-side party. After generating the common key with the accepting party by using the common key, decrypt the encrypted accepting side unique data using the common key,
After encrypting the contract contents to be contracted with the accepting party using the decrypted accepting side unique data as a key, transmitting the encrypted contract contents to the terminal device of the accepting party. The accepting party who has applied for the contract to the accepting party, and has received the encrypted contract content using the accepting party-specific data as a key, uses the terminal device of the accepting party to execute the encrypted contract content. Using the accepting side unique data of the accepting party as a key, and accepting the contract based on the decrypted contract contents. 2. The accepting party, before encrypting the accepting party-specific data and transmitting the enciphering data to the applying party, uses the terminal device of the accepting party to identify the one-time number as a seed and 2. The electronic contract method according to claim 1, wherein a random number that cannot be calculated is generated, and the generated random number is used as the accepting side unique data. 3. The electronic device according to claim 2, wherein the one-time number as a seed of the random number is generated based on a temporal timing of an artificial input operation in the terminal device of the accepting party. Contract method. 4. The applying party, when notifying the accepting party of the intention to conclude the contract, stores the contract contents or a preliminary contract content indicating the outline thereof with the common key with the accepting party. Using the terminal device of the applicant side to encrypt and transmit to the terminal device of the accepting party, the accepting party, when accepting the contract, the contract encrypted using the common key The contents or preliminary contract contents decrypted by the terminal device of the accepting party, and the contents of the contract encrypted using the accepting side unique data as a key and decrypted by the terminal device of the accepting party. 4. The electronic contract method according to claim 1, wherein the contents of the contract are confirmed by collation. 5. The application side, at the time of applying for the contract to the accepting party, uses a terminal device of the applying party to provide at least the contents of the contract with a notarization capability other than the applying party and the accepting party. A processing is performed based on a secret key unique to the applicant party, which can be authenticated by a third party having an authentication data, to generate authentication data unique to the contract contents and unique to the application party, and the generated authentication data is 5. The transmission to the accepting party.
Electronic contract method according to any of the above. 6. The authentication data includes data of the contract contents, data obtained by encrypting the contract contents using the data unique to the accepting side as a key, or data corresponding to the date and time of contract application added to these data. 6. The electronic contract method according to claim 5, wherein the generated data is converted by a one-way function determined by the secret key. 7. The data according to the date and time of the contract application is data obtained by converting a numerical value indicating the date and time by the one-way function or a one-way function different from the one-way function. 7. The electronic contract method according to claim 6, wherein: 8. The authentication data includes data of the contract contents, data obtained by encrypting the contract contents using the accepting side unique data as a key, or data corresponding to the date and time of contract application to these data. 6. The electronic contract method according to claim 5, wherein the converted data is generated by converting the converted data by a predetermined one-way function and encrypting the converted data with the secret key. 9. The data according to the date and time of the contract application is data obtained by converting a numerical value indicating the date and time by the one-way function or a one-way function different from the one-way function. 9. The electronic contract method according to claim 8, wherein: 10. The applying party, when applying for the contract to the accepting party, transmits the conversion data obtained by the one-way function to a terminal device of the accepting party, The accepting party that has received the contract content decrypted by the accepting party terminal device using the accepting side unique data as a key is the same one-way function as the one-way function of the applying party. Further, when accepting the contract, the conversion data transmitted from the terminal device of the accepting party, and the contract contents decrypted using the accepting side unique data as a key, the contracting party The electronic contract method according to claim 8 or 9, wherein the converted data is confirmed by checking the one-way function and data converted by the same one-way function. 11. The accepting party encrypts the converted data with the accepting party specific data as a key using the accepting party's terminal device and transmits the converted data to the accepting party terminal device. 11. The electronic contract method according to claim 10, wherein the encrypted converted data is decrypted by the terminal device of the accepting party using the accepting side unique data as a key. 12. The accepting party encrypts the authentication data with the accepting party specific data as a key using the accepting party unique data as a key and transmits the authentication data to the accepting party terminal. 12. The electronic contract method according to claim 5, wherein the encrypted authentication data is decrypted by a terminal device of the accepting party using the accepting side unique data as a key. 13. After the conclusion of the contract, the applying party and the accepting party send at least the contract contents, the accepting side unique data, the conversion data, and the authentication data to the third party for storage. 13. The electronic contract method according to claim 10, wherein: