JPH1173466A - Registering method in plural systems, its device and program recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To register respectively different information data in plural registering systems by one registering system so that the contents of respective registered data are not mutually known. SOLUTION: In a method for registering data in respective registering systems 100, 200, a user 300 generates a cipher key EK and information elements IA, IB, sends information EK(IB) obtained by ciphering the information IB by the key EK and the information IA to the system 100. The system 100 registers the information IA as the information of the user 300 and sends the information EK(IB) to the system 200. The system 200 decodes the received information EK(IB) by the key EK to obtain the information IB and registers the information IB.

Description

DETAILED DESCRIPTION OF THE INVENTION

The present invention is applied to, for example, a system for implementing an electronic cash method, and a method for registering a plurality of electronic information with a plurality of institutions using a telecommunications system, a device thereof, and a program recording medium therefor. About.

[0002]

TECHNICAL FIELD OF THE INVENTION

[0003]

BACKGROUND OF THE INVENTION For example, electronic cash system, a user registers the information I _A, which was his generation to the bank, the information I _A
The bank will sign the bank and issue it as a license, and the user will have the registrar issue electronic cash using the license. In that case, the user, different information I _A to the bank and the issuing authority, the I _B, it is necessary to register each without revealing among banks and issuing authorities each other.

[0004] Such different, for example, two information I _A,
The I _B into two registrar A and B, what registers without knowing are registered with each other between those institutions, RA A pair of the public key PK _A and a secret key SK _A to The registrar B prepares a pair of a public key PK _B and a secret key SK _B , and the user sends the different information I _A and I _B to the public keys PK _A and PK of the respective organizations.
_It was necessary to encrypt with B and register separately with registrars A and B, respectively. Therefore, there is a problem that the processing load on the user is large.

[0005]

SUMMARY OF THE INVENTION An object of the present invention is to allow a user to present information to one registrar without informing each registrar of information registered by the user with another registrar. Accordingly, it is an object of the present invention to provide a registration method, an apparatus thereof, and a program recording medium which enable different information to be registered in a plurality of registrars.

[0006]

The principle of the registration method according to the present invention is based on the information I _A that the user should register with the registration agencies A and B.
And I _B are generated, and the information I _B to be registered in the registrar _B is used as an encryption key.
Newsletter EK (I _B) is encrypted by EK, I _A and EK (I _B) the registrar A
Send to Registrar A registers the information I _A as information of the user, and sends the information EK (I _B) to the registrar B. Registrar B has information
Decodes EK to (I _B) with the encryption key EK, and registers the obtained information I _B.

[0007] The steps of the registration method according to the invention include the following: for a registrar A device and a registrar B device:
When the user U registers respectively different information I _A and I _B from the user device, the user device generates a key information K to share the registrar B device, and registers the registration authority B device information the I _B and K, the public key (PK _B) in an encrypted by the information PK _B (I _B, K) of the registration authority B make, information PK _B (I _B, K) and the registrar a device I _a The registrar A device transmits the
Register the I _A, PK _B sends (I _B, K) to the registrar B device, registrar B device information PK _B by its own secret key _{SK B (I B, K)} I by decoding the _B and removed K, registers the I _B.

[0008] The signature of the registration confirmation is sent to the user device.
When there is no key information K, the key information K can be omitted without generating it. Profit
User device is PK_B(I_B, K) instead of I_BDark with K
Information K (I_B) And K to PK_B PK encrypted with
_BCreate (K) and send it to Registrar A.
Is PK_B(K), K (I_B) To Registrar B machine
The device is SK_B With PK _B(K) is decrypted to obtain K, and K
(I_B) To decrypt I_BMay be obtained.

[0009] Further, the registrar A apparatus is a device for the registrar A.
The information is sent to the Registration Institution B as information indicating that registration has been performed.
The information of the organization A with the private key SK_A Done at
The registration institution B first receives information from the registration institution A
The signature in the public key PK of the institution A _A And verify that
Only when it is classified, the decryption processing is performed. Also, check the registration
In order to notify the user device, mail or telephone may be used.
However, the confirmation notice, especially the signature of the registrar, is
To send to the registrar B device is I_BFor the secret key SK_B In de
Digital signature and registration confirmation information SK_B(I_B), And
Encrypt the registration confirmation information of K with K_B(I_BRegister))
Transmit to the institution A device, the registered institution A device, I_ARegistered
Information to confirm that SK_A(I_A) Is the secret key SK_A Digital
Sign and generate, SK_A(I_A) And received from Registration Authority B equipment
K (SK_B(I_B)) To the user device, and the user device
K (SK_B(I_B)) Using K to obtain SK
_B(I_B) And I_ARegistration Authority A's signature SK for_A(I_A)
And I_BRegistration Body B Signature SK for_B(I_B)
Name SK_A(I_A) To PK_A , I_ABy signature SK_B(I_B) To PK_B , I_B
Are verified, and if both pass, they are registered correctly.
Make sure that

[0010] As described above, a user simply presents information to one registrar without informing each registrar of the information registered by the user to another registrar, and the different registrars have different information. Can be registered.

[0011]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS First, the principle of a registration method for a plurality of institutions according to the present invention will be described with reference to FIG. The registration institution A device 100, the registration institution B device 200, and the user device 300 are connected, for example, via a communication line, but may be connected via an IC card or the like capable of recording information.

As a premise in the basic system configuration,
At least Registration Authority B device 100 is prepared in advance a pair of secret key SK _B and a public key PK _B, it is assumed that the distribution of the public key PK _B to the user device 300. User U by using the registration information generation unit 33 of the user apparatus 300 generates the registration information I _B with the registration information I _A for registration institution A apparatus 100 to the registrar B device 200. Also, information to be registered with the institution B using the encryption key EK
Obtaining EK (I _B) is encrypted by the encryption unit 32 and I _B. The user registers these information I _A and the encrypted information EK (I _B) institution A apparatus 1
Sending 00, the engine A registers the information I _A to the user U and the storage in association device 11 sends the encrypted information EK (I _B) to the institution B apparatus 200. Institution B sends the received encrypted information PK _B (I _B )
Obtain information I _B decoded by using the decryption key DK by the decoding unit 23, and registers in correspondence with the user U in the storage device 21.

[0013] and encryption of information I _B by the encryption unit 32 of the user 300 in the system of FIG. 1, the decoding section 2 of the engine 200
There are two embodiments of decryption of the encrypted information EK (I _B ) in 3 as described in the following embodiments. One user using the public key PK _B of the engine 200 is generated in advance as the encryption key EK is to encrypt the information I _B to generate information PK _B (I _B), together with the information I _A to the engine 100 transmitted, the engine 200 to obtain the I _B decrypts the encrypted information PK _B (I _a) with a decryption key DK a secret key SK _B. The other is to generate K (I _B ) by using the common key K generated by the user 300 as the encryption key EK, and to encrypt the common key K with the public key PK _B of the institution 200 to obtain PK _B ( generates K), common these information PK _B (K), K a (I _B) sends to the engine 100 together with the I _a, the engine 200 decrypts encrypted information PK _B of (K) with the secret key SK _B Get key K and use that key K
It can be obtained I _B decrypts the K (I _B). Therefore agency A
Is not possible to know the information I _B corresponding to the user U the authority B registered, also institution B can not know the information I _A corresponding to the user U the engine A has registered.

Therefore, in any case, the institution A cannot know the information I _B corresponding to the user U registered by the institution B, and the institution B cannot obtain the information I _B corresponding to the user U registered by the institution A. _A cannot be known. Embodiment 1 FIG. 2 shows an example of a system configuration for carrying out a method for registering with a plurality of institutions according to the present invention, and FIG. 3 shows a registration procedure for institutions A and B in the system configuration of FIG.

As a premise in this embodiment, the registrar A apparatus 100 has a private key for a public key cryptosystem and a digital signature system (refer to Ikeno and Koyama, "Modern Cryptography Theory", IEICE, etc.). create a SK _a and a public key PK _a, and that has distributed the public key PK _a to the user device 300, also registrar B apparatus 200 previously same secret key SK _B and a public key
It is assumed that PK _B has been created and the public key PK _B has been distributed to the user device 300.

Step S1: The user U is in the user device 300
Using the registration information generation unit 330 of, generates registration information I _B for registration information I _A and registrar B device 200 to the registrar A device 100, also the common key K by using the common key generation unit 340 generated, the I _B and K, encrypted with PK _B using the encryption unit 320 and the information PK _B (I _B, K) to create an, I _a and PK _B (I _B, K) the registrar a device Send to 100.

[0017] Step S2: Registration Authority A device 100, I _A
And PK _B (I _B, K) stores the by the registration unit 120 in the storage device 110. Step S3: Registration Authority A _{further, PK B (I B, K} ) by a secret key SK _A using a signature portion 130 signatures for _{SK A (PK B (I B} ,
Create a K)), and transmits _{SK A (PK B (I B} , K)) and PK _B (I _B, K) to the registrar B device 200.

[0018] Step S4: Registration Authority B apparatus 200, the signature _{SK A (PK B (I B} , K)) of the registration authority A with the public key PK _A using the signature verification unit 220 decodes the obtained thereby PK
_B (I _B, K) is received from the engine _{A PK B (I B, K} ) to verify by checking it matches, the verification result is NG
In the case of, the received information is discarded. If the verification is OK, PK _B (I _B , K) is obtained, which is
By decoding the _B, taking the I _B and K.

Step S5: The institution B obtains the obtained I_BAnd K
Is stored in the storage device 210 by the registration unit 240. Step S6: Institution B further performs I_BSignature SK for_B(I_B)
SK_B And the signature SK_B(I_B)
Is encrypted by the encryption unit 260 using K, and the information K (SK _B(I_B))
And that K (SK_B(I_B)) Signature information of Registrar B
SK_B(K (SK_B(I_B))) In the signature unit 250, and K (SK_B(I_B))
And SK_B(K (SK_B(I_B))) To the registration institution A device 100
You.

Step S7: The registration institution A apparatus 100
The signature SK of the registrar B using the name verification unit 140_B(K (SK
_B(I_B))) PK_B If the verification is NG, receive
Discard the information that was sent. If the verification is OK, the registrar
A is a registered I_AOf Registration Agency A for
Information SK_A(I_A) By the signature unit 150_A Created with SK
_A(I_A) And K (SK_B(I _B)) To the user device 300.

Step S8: The user device 300 uses K
And K (SK_B(I_B)) By the decoding unit 350
SK_B(I_B), And uses the signature verification unit 360 to_A(I_A)
And SK _B(I_B) For each PK_A And I_A, PK_B And I_BVerified by
If either verification is NG, SK_A(I_A)
And SK_B(I_B) And if both are OK, SK_A(I_A) as well as
SK_B(I_B) Is stored in the storage device 310.

In the embodiment shown in FIG.
Information PK to send to B_B(I_B, K) and SK_A Signed by
The purpose of sending the information is the information SK received at the registrar B.
_A(PK _B(I_B, K)) is the official route, that is,
To be able to verify that
It is. Registered organization B has signed information received from organization A
SK_A(PK_B(I_B, K)) with the public key PK_A Validate using the information
PK_B(I_B, K) was received from registrar A
Check. However, if such verification is not needed,
Registrar A receives the PK without signing_B(I_B, K) only
It may be transmitted to the registrar B as it is. Similarly, registration machine
Seki A receives the received information K (SK_B(I_B)) Was received from Registrar B
If there is no need to verify that
Without signing information K (SK_B(I_B, K)) only the registrar
Send it to A. Registrar A receives the received information K (SK_B(I_B,
K)) is transmitted to the user U as it is.

In the above description, the embodiment of FIG. 2 can be further modified as shown in FIG. The registration procedure in that case is shown in FIG. 5 in correspondence with FIG. Although in FIG. 4 are given the same reference numerals to portions corresponding to FIG. 2, the user device 300, the encrypted information PK _B (I _B, K) instead of making, by the key information K generated in step S1 the information I _B by the encryption unit 321 generates encrypted to the information K (I _B), and in the encryption unit 322 encrypts the key information K by the public key PK _B, generates information PK _B (K),
These K (I _B ) and PK _B (K) are replaced with the registration authority A in place of PK _B (I _B , K).
Send to device 100.

In the registrar A apparatus 100, in step S2
Register the I _A in the storage device 110, _{further, PK B (I B, K} ) in place of
K (I _B ) is registered in the storage device 110, and in step S3, K (I _B ) is registered.
Signed with the secret key SK _A signature unit 130 to send the signature _{SK A (K (I B)} ) and PK _B (K), K a (I _B) to the registrar B device 200. In step S4, the registrar B apparatus 200 verifies the signature SK _A (K (I _B )) using the key PK _A at the verification section 220, and further passes the information PK _B (K) at the decryption section 231 if the verification is successful. obtain the key information K is decrypted by the secret key SK _B, the decoding unit by the key information K
It decrypts the information K (I _B) at 232 to give the information I _B, the step S
5 registers the I _B and K in the storage device 210.

[0025] For the registration confirmation signature _{SK A (I A), SK} B transmission process to the user U in (I _B) is omitted in FIG. 4 since it is the same as that shown in Figures 2 and 3. In Figures 2 and 4, the registrar A device 100, as information indicating that the registered information I _A, was sent encrypted information signed by the private key SK _A to registrar B apparatus 200, registrar A to device 100 information I _a, the information I _B for registration institution B apparatus 200, respectively, information
Without revealing the I _B to registrar A device 100, and information
If only registers without knowing I _A to the registration authority B device 200 may not send the signature by SK _A. That is, the signature in the signature unit 130 in step S3 is omitted, and FIG.
In the case of, only PK _B (I _B , K) is sent to the registrar _B as shown in FIG. 6, and in the case of FIG. 5, K (I _B ) and PK _B
(K) may be sent to registrar B. Therefore, FIGS.
For, registrar B does not perform signature verification of the registration authority A in step S4, the decoding using the key SK _B only obtained I _B, the K.

Further, the registrar A apparatus 100 and the registrar B apparatus
Respectively 200 information I _A, may be registered to I _B, it has its registered, without electronically notifies the user, for example, be performed by mail or telephone, in which case and, user device 200 in the information I _A, registration for I _B institution A apparatus 100,
The respective signatures SK _A (I _A ), SK _B by registrar B device 200
If (I _B) does not require, the signature verification unit 140 in FIG. 2,
360, the signature units 150 and 250, the encryption unit 260, and the decryption unit 350 and related processes can be omitted, and the key information K is unnecessary in the embodiment of FIG. Further, in the electronic cash method, for example, the registrar A apparatus 100 is a bank, and the registrar B
Device 200 is an electronic cash issuing institution, such as for process when an illegal, except when requiring information including information I _B with registrar A device 100, FIG. 2, registered in the example of FIG. 4 PK _B in institution a apparatus 100 (I _B, K), the registration of the K (I _B) is not necessary to perform.

Registration institution A device 100, registration institution B device 200
Each of the user devices 300 has the functional configuration shown in FIG. 2 and FIG. 3, and each of the user devices 300 executes a process by a computer, and uses a recording medium on which the execution program is recorded. Embodiment 2 Here, an embodiment in which the present invention is applied to a hierarchical electronic cash system and a device used therefor will be described.

FIG. 8 shows a configuration example of a system to which this embodiment is applied. A device of an electronic cash issuing institution (hereinafter referred to as issuer I) 200 and devices of a plurality of institutions that manage user information (account information) and settle electronic cash with a retail store (hereinafter simply referred to as issuer I) Bank) 100 and the device of the person who will issue electronic cash (hereinafter simply called the user) 300
And a device of an organization that receives electronic cash from users (hereinafter,
400 is simply connected via a communication line or the like. These may be connected by an IC card or the like.

[0029] The bank 100 and the public key PS _B for a digital signature that is set in advance by the signature verification function V _B, to publish the signature verification function V _B, to generate a secret key SS _B, which is set by the function S _B deep. The issuer 200 is pre-function E _I public encryption key is set by PE _I, for digital signature public key is set by the function V _I PS
Publish the _I, and the secret encryption key SE _I, which is set by the function D _I, should generate a secret signature key SS _I, which is set by the function S _I. The disclosure of the public key PE _I is based on the assumption that the cryptographic function E _I using it is disclosed. Similarly, to publish the public key PS _I for digital signature is based on the assumption that also public signature verification function V _I = V _PSI using the public key PS _I.

In this embodiment, when the user 300 requests the bank 100 to issue an electronic cash with a face value of X, the bank 100 debits the amount X from the account of the user 300 and sends a request for the issuance procedure. On the other hand, a digital signature indicating that it is valid is sent to the issuer 200. Issuer 200 verifies that the issuance request is legitimate,
Issue the electronic cash of face value X to the user 300.

Here, the user 300 makes a request for issuing electronic cash.
Procedures for users to pay electronic cash to retail stores as information
Verification key N required for user signature verification_UIncluding
And generate bank information according to the method of the first embodiment.
Register the user's account and the real name U corresponding to 100, and
Seki 200 has signature verification key N_URegister (A) User registration process Step S1: First, the user is a bank 100, which is two institutions.
Fig. 9 shows the procedure for registering user information with the user 200 and the issuer 200.
Function block for 300 users, 100 banks, and 200 issuers
It will be described with reference to FIG. User 300 holds the digital signature key
Using the generator 330, the signature generation key SS_U , That is, the signature student
Function S_U And signature verification key N_U Generate Also common
Cryptographic key (Ikeno and Koyama, "Modern cryptography"
Using the encryption key generator 340 for the encryption key K
Generate These generated SS_U, N _U, K is the memory 30
M. Next, the publisher 200
Cryptographic function E_I E using the encryptor 320 that calculates_I(K, N_U)
Calculate and send it to the bank 100 together with the user name U.

[0032] Step S2: the bank 100, check that the user name U is the correct user with an account, the user database 11 as further user name U and E _I (K, N _U) pairs
Record to 0. Next, the bank 100 by using a signature function S _B by the signature generator _{130, E I (K, N} U) signed bank for _{s B = S B (E I} (K, N U)) was calculated, Send {E _I (K, N _U ), s _B } to issuer 200.

[0033] Step S3: The issuer 200 verifies the signature verification function V _B the validity of the signature s _B sent from the bank 100 by the signature verifier 220. If it is correct, the decoder
E _I (K, N _U) by using the key SE _I in 230 decodes the K, obtaining the N _U. Next, a signature is generated for N _U using signature generator 250.
Create S _I (N _U ). Also, registered in the inspection database 210 N _U and E _I (K, N _U) and the K as a set. In addition, the encryption device 260
E _K (S _U ) obtained by encrypting S _I (N _U ) using K as an encryption key
_I (N _U )). The issuer sends E _K (S _I (N _U )) to bank 100.

Step S4: The bank 100 sends E _K (S _I (N _U )) to the user. Step S5: The user 300 uses the key K and the decryptor 350 to decrypt the sent E _K (S _I (N _U )) using the key K to sign the signature S _I (N _U ). Where L = ｛N _U ,
Let S _I (N _U )｝ be the license of user U. This registration processing corresponds to the registration processing in the embodiment of FIG. That is, the signature verification key N U of the user _U is the information of the above-described embodiment.
Corresponds to I _B, the user real name U corresponds to the information I _A. Bank 10
0 knows the correspondence between the encrypted information E _I (K, N _U ) and the user U, but cannot decrypt E _I (K, N _U ),
K, it is impossible to know about N _U (can not know the information I _B). On the other hand, the electronic cash issuing institution 200
100 encrypted information E _I (K, N _U) be it knows to have, it is impossible to know the correspondence between the user U, real name U of the user, i.e. the information I _A know Can not do. (B) Electronic cash issuance processing Next, the procedure for the user to issue electronic cash is shown in FIG.
The description will be made using the functional blocks of each device shown in FIG.

Note that the issuer 200 has a public key PE_IDark using
Signal function E_ICorresponding to the PE_ISecret key SE corresponding to_IWhen,
Decoding function D using it_I= D_SEIIn the memory 10M
Keep, that is, SE_IIs kept secret. Also issued
200 is the signature verification public key PS _ISignature verification function V using
_ICorresponding to the PS_ISecret key SS corresponding to_ISignature with
Generation function S_I= S_SSIIs kept secret in the memory 20M.
Mari, SS_IIs kept secret. Similarly, bank 100 is public
Key PS_BSignature verification function V using_BCorresponding to the PS_BTo
Corresponding secret key SS_BSignature generation function S using_B= S_SSBNote
Keep it secret in 20M, that is, SS_BKeep secret
I do.

The user 300 performs a procedure for requesting the withdrawal of the amount X from the bank user's account in order to request issuance of the electronic cash of the face value X in the following procedure. Step S1: The user 300, from the memory 30M, the encryption key K generated previously, the signature generation key SS _U, the signature generation function S _U
And the signature verification key N _U. Next, the encryption unit 320 using an encryption function E _I and encryption key PE _I published issuer _{200 (X, K, N U} ) E obtained by encrypting the _I (X, K, generates N _U) as issue request form, the amount X of the user U of the message requesting that a pulling down from the account E _I (X, K, with N _U) and sends to the bank 100. Encryption key K is for the issuer 200 encrypts the reply information S _I (X, N _U) to be described later for the subscriber 300 with it. This message is
It is desirable that the user U be authenticated by a digital signature or the like.

Step S2: The bank 100 checks the balance of the account of the user U, and reduces X from the balance. The withdrawal request message of the user 300 may be recorded. In particular, if the request message is signed, there will be evidence later. The opportunity to reduce the balance from the user account may be any time after the balance is confirmed.

Next, the bank 100 uses the signature creator 130 to issue the amount X and the information E _I as an issuance request from the user 300.
(X, K, N _U) signed bank for _{s B = S B (X,} E I (X, K, N U)
And sends {X, E _I (X, K, N _U ), s _B } to the issuer 200. Step S3: The issuer 200 checks the validity of the signature s _B sent from the bank 100 by the signature verifier 220 using the signature verification function V _B
Verify by If it is correct, by using the secret encryption key SE _I in decoder _{230, E I (X, K} , N U) decodes the X, K,
Ask for N _U. Next, the comparator 240 verifies the identity between X sent from the bank 100 and X obtained by decryption. If it is correct, use the signature generator 250 to
Signature for information (X, N _U ) containing 300 signature verification keys N _U
Create S _I (X, N _U ).

Further, the set of N _U , E _I (X, K, N _U ), and K is made to correspond to the initial value Y = 0 of the total usage amount Y, and the procedure bank 100
(Bank name or identification number) B in the inspection database 210. Further, using the encryptor 260, K
The signature S _I (X, N _U ) is encrypted using E _K (S _I (X, N
_U )) is calculated. Issuer 200 transfers E _K (S _I (X, N _U )) to bank 10
Send to 0.

Step S4: Bank 100 issues from issuer 200
E sent_K(S_I(X, N_U)) To the user 300. Step S5: The user 300 uses the key K and the decryptor 350
E sent_K(S _I(X, N_U)) To decrypt the issuer
200 signatures S_I(X, N_U). Where the remaining electronic cash
The initial value of high x is x = X, and C = {x, X, N_U, S_I(N_U), S_I(X, N_U)}
With the amount X as the electronic cash_UWith memory 30M
Carry. In the following, issuer 200 issues this electronic cash C
Let's call it electronic cash.

In this embodiment, an example is shown in which a user generates N _U , but it may be generated by another institution, for example, an issuer. In that case, the user sends E _I (X, K) to the bank 100, while the bank 100 sends E _I (X, K, N _U )
And the issuer 200 performs the same process to verify the signature for (X, E _I (X, K)), decrypt it further to obtain X, K, and then issue Generates N _U and X,
The same process is performed for N _U , and E _K (N _U ) is transmitted from the issuer to the user via the bank. (C) Payment of Electronic Cash Next, a procedure in which the user 300 pays the amount y (y ≦ x) at the retail store 400 using the electronic cash C of the face value X and the balance x will be described with reference to FIG.

Step S1: The user 300 stores the information in the memory 30
Electronic cash read from M C = {x, X, N _U, S_I(X, N_U), S_I(N_U)}
To the retail store 400. Step S2: The retailer 400 confirms the signature of the issuer 200
Open key PS_I The signature of the issuer signature S_I
(N_U) And S_I(X, N_U) Is verified. If correct,
Random number generator 450 generates random number R₁, R_TwoProduce and retail stores
Information W and random number R corresponding to 400_I Is the value G obtained by stirring_I , And
And signature verification key N_W And random number R_Two Is the value G obtained by stirring_Two The stirrer
460 and these G₁, G_TwoTo the transaction identifier generator 43
Transaction identifier T generated by 0_S With user 300
You. Transaction identifier T_SFor example, the day of the transaction,
Use information that includes time.

Step S3: The user 300 receives the above T _S ,
G ₁ and G ₂ are input to the one-way function calculator 380, and e = f
(T _S , G ₁ , G ₂ ) is generated, and a user signature S _U (e, y) for e and the payment amount y is created by the signature generator 370 and transmitted to the retail store 400 together with the payment amount y. Step S4: retailers 400 also computes e from T _S, G _1, G ₂ similarly to the user with a one-way direction function verification unit 420, using the signature verification key N _U received from the user 300 The validity of the user signature S _U (e, y) is verified by the signature verifier 440, and further, y ≦ x is verified using the comparator 470.
If both are correct, payment of the corresponding usage amount y by electronic cash is permitted, and all communication data H = {x, X, N _U , S _I (N _U ), S
_I (X, N _U ), T _S , G ₁ , G ₂ , R ₁ , R ₂ , y, S _U (e, y)} are stored in the storage device 480. (D) Settlement Finally, a settlement method between the retail store 400 and the bank 100 will be described with reference to FIG.

Step S1: Retail store 400 first issues a request to issuer 200 for intercommunication data H = {x, X, N _U , S _I (N _U ), S _I (X, N _U ), T _S , G ₁ , G ₂ , R ₁ , R ₂ ,
y, S _U (e, y)}. Step S2: The determination control unit 295 of the issuer device 200 transmits the signature verification key N of the user 300 included in the mutual communication data H.
_It is checked whether _U is registered in the inspection database 210. (X, N _U) if is not registered in the inspection database 210, as fraudulent payment by the user 300 has been performed, performing unauthorized person identification process. If registered, the total value Y + y of the usage amounts corresponding to (X, N _U ) is obtained by using the adder 270, and the total value Y + y and X are compared by the comparator 290, and the comparison is performed. The following processing is performed based on the result.

(A) If the total value Y + y is smaller than the face value X,
The retail store 400 requests the bank to transfer the amount y to the bank account. At this time, the bank having the account of the retail store 400 need not be the bank 100 having the account of the user 300. The total value Y in the inspection database 210 is updated with Y + y, and the mutual communication data H is registered in the history database 280. (b) If Y + y = X, request the bank to transfer the amount y to the bank account of the retail store 400. Further, the electronic cash is removed from the inspection database 280 because it was full use (X, N _U) and the corresponding total amount Y.

(C) If Y + y> X, the inspection database 210
To (X, N_U) And the corresponding total amount Y are deleted.
Also, after all, fraudulent payment was made by user 300
In this case, an unauthorized person identification process is performed. Step S3: In the unauthorized person identification process, the issuer 200
(X, N_U) Before deleting it from the history database 280.
Evidence of correct conduct (all mutual information regarding fraudulent payments)
Information from the inspection database 210 together with the communication data H)
(K, N_U), E_I(K, N _U) To Bank 100. Bank 100
Is evidence of wrongdoing (all mutual
The validity of the communication data H) is N_UAnd the signature verifier 140
And verify, E if correct_I(K, N_U) As a key
The unauthorized user U is specified from the database 110.

In the above-described second embodiment, generally, an arbitrary function g is used to convert g (X, N _U ) = n or {g (X), g (N _U )} = n. the (X, N _U) may be used as a value corresponding to. That is, the above-described embodiment is a case where an identity function is used as the function g. E _I (X, K, N _U ) is equal to E _I (X, K).
It can be considered as a combination of E _I (N _U ).

[0048]

As described above, according to the present invention, one registration information user according to the invention from the user apparatus registration organization A device (e.g., a bank) PK _B (I _B) and I _A or PK _B (K ), by sending the K (I _B) and I _a, I _a is registered in the registrar a device and registrar a device without revealing the I _B in, the registrar a device registrar B device the information including the I _B is transmitted, the I _B is registered in the registrar B device. Therefore, the user does not need to separately perform the registration processing on the registration institution A apparatus and the registration institution B apparatus, which simplifies the processing.

Further, the registrar A apparatus signs the information received from the user apparatus and sends it to the registrar B apparatus, and the registrar B apparatus verifies the signature from the registrar A apparatus, and registers if it passes. Institution A device is information I _A from user device
You can confirm that you have already registered. When this invention is applied to the electronic cash issuance procedure, the user registers his / her real name U in the bank without being known to the issuer, and registers the user's signature verification key N _U in the issuer without being known to the bank. This can be done in one go through the bank.

[Brief description of the drawings]

FIG. 1 is a diagram for explaining the principle of a registration method for a plurality of institutions according to the present invention.

FIG. 2 is a block diagram showing a functional configuration of a user device, a registrar A device, and a registrar B device in the embodiment of the present invention.

FIG. 3 is a view showing a processing procedure in the system configuration of FIG. 2;

FIG. 4 is a diagram showing a modified example of FIG. 2;

FIG. 5 is a view showing a processing procedure in the system configuration of FIG. 4;

FIG. 6 is a view showing a modification of the processing procedure in FIG. 3;

FIG. 7 is a view showing a modification of the processing procedure in FIG. 5;

FIG. 8 is a diagram showing a configuration of an electronic cash system to which the registration method of the present invention is applied.

FIG. 9 is a block diagram showing a configuration of a user device, a bank device, and an issuer device that perform a user registration process in the electronic cash system of FIG. 8;

FIG. 10 is a block diagram showing a configuration of a user device, a bank device, and an issuer device that perform electronic cash issuing processing in the electronic cash system of FIG. 8;

11 is a block diagram showing a configuration of a user device and a retail store device that perform electronic cash payment processing in the electronic cash system of FIG. 8;

FIG. 12 is a block diagram showing a configuration of a bank device and an issuer device that perform a settlement process in the electronic cash system of FIG. 8;

Claims (35)

[Claims] 1. A method in which a user registers different information with registrars A and B, respectively, including the following steps: (a) The user must register information I _{A with the} above registrars A and B, respectively. and generates the I _B, (b) the registration authority information I _B to be registered in the B to give EK (I _B) is encrypted by the encryption key EK, the information I _a and EK (I _B) the sent to registrar a, (c) the registration authority a registers said information I _a as information corresponding to the real name of the user, sends the information EK (I _B) to the registrar B, (d) the registration authority B is to obtain the information I _B by decoding using the decryption key DK said information EK (I _B), and registers it. 2. The method of claim 1, wherein the registration is performed.
Institution B has public key PK_BAnd secret key SK_B The above encryption key EK and the above
A public key PK generated in advance as a decryption key DK_BUse the above
The step (b) is performed by the public key PK as the encryption key EK.
_B Using the above information I_BEncrypt the PK_B(I_B) The above information
EK (I_B)._AWith the above registration machine
The step (c) is a step of sending the information EK (I_B) As above PK
_B(I_B) To the registrar B, and the step (d) comprises the step of transmitting the secret key SK as the decryption key DK.
_B Using the above information PK _B(I_B) And decrypts the information I_BGet
Including the steps of: 3. The method according to claim 1, wherein the registrar _B generates a public key PK _B and a secret key SK _B in advance, and gives the public key PK _B to the user. In step (b), a common encryption key K is used as the encryption key EK.
Generates, encrypts said information I _B with it K (I _B)
Is obtained as the information EK (I _B ), the common encryption key K is encrypted with the public key PK _B to obtain PK _B (K), and the K (I _B ) and PK
Wherein the _B (K) and the information EK (I _B) the step of sending to the registrar A together with said information I _A, the step (c) and the K (I _B) as the information EK (I _B)
Sending the PK _B (K) to the registrar B, and the step (d) using the decryption key DK for the information DK
As a process of decrypting (I _B ), the PK _B (K) is decrypted by using the secret key SK _B to obtain the common encryption key K, and the K (I _B ) decoded by the including the step of obtaining the information I _B. 4. The method according to claim 3, wherein the registration is performed.
The institution has a public key PK in advance _A And secret key SK_A Generate and publish above
Key PK_A And the step (c) is performed in the information received from the user device.
Note K (I_B) 'S signature SK_A(K (I_B))
And its signature SK_A(K (I_B)) The above PK_B(K), K (I_B) And
And transmitting to the registrar B. The step (d) includes the step of transmitting the signature SK in the received information._A(K
(I_B)) With the above public key PK_AVerification step using
If the verification passes, the PK_B(K) decryption
Do. 5. A method according to claim 1, wherein the registration authority B is generated in advance a public key PK _B and secret key SK _B as the encryption key EK and the decryption key DK, the use of the public key PK _B includes a step to be given to the user, the step (b), the common encryption key K generated by using the public key PK _B to encrypt the information I _B and said common cipher key K as the encryption key EK Information PK _B (I _B , K) to the above information EK (I
Generated as _B), said information I _A with said information PK _B (I _B, K)
Transmitting the information to the registrar A, and the step (c) includes transmitting the information received from the user.
I _A and PK _B (I _B, K) and registered as information corresponding to the real name of the user, send to said information PK _B (I _B, K) the registration authority B as the information EK (I _B) to include a step, the step (d) is the above information in the information received from the registrar _{a PK B (I B, K} ) and the information I _B and decodes using the secret key SK _B removed common encryption key K, comprising the step of registering at least said information I _B. 6. The method according to claim 2, wherein the registrar A includes a step of generating a public key PKA and a secret key SKA in advance, and the registrar A performs , the signature of the registrar a to encrypted information with the public key PK _B prepared using the secret key SK _a, comprising the step of transmitting the signature to the registration authority B device, the registrar B receiving information The signature inside is verified using the public key PK _A, and if the verification passes, the public key PK _B
Decrypts the information encrypted by the secret key SK _B
Including the step of using. 7. The registration according to claim 3, 4 or 5.
The recording method further includes the following steps: a registrar
B: (1) The decrypted K is converted to the information I_B(2) The above private key SK_B With I_BDigital signature for
SK_B(I_B), And (3) the digital signature SK_B(I_B) With the above common encryption key K
Encrypted information K (SK_B(I_B)), And (4) the information K (SK_B(I_B)) Signature SK of registrar B
_B(K (SK_B(I_B))), And (5) the above information K (SK_B(I_B)) And its signature SK_B(K (SK_B(I_B)))
Is transmitted to the registrar A apparatus. The registrar A sends the signature SK in the information received from the_B(K (SK_B(I_B))
The public key PK_B (7) If the verification is passed, I_ADigital signature SK for
_A(I_A), And (8) the signature SK_A(I_A) And received from Registration Authority B equipment
K (SK_B(I_B)) To the user device. (9) K (SK) in the received information_B(I_B)) For K
Decrypt and sign SK _B(I_B) And (10) signature SK_A(I_A), Signature SK_B(I_B),
If both of these verifications pass, information I_A, I_BEach
Confirm that registration has been made with Registration Agencies A and B. 8. The method of registering the plurality engine according to claim 3, 4 or 5, registrar A also registers information containing information I _B in the received information from the user. 9. A registration method according to claim 3, 4 or 5, further comprising the following steps: the registration authority B is (1) a K that the decoded registered with said information I _B (2) Digital signature on I _B using the above secret key SK _B
SK _B (I _B ) is generated, and (3) the digital signature SK _B (I _B ) is encrypted with the common key K to generate information K (SK _B (I _B )). K (SK _B (I _B )) is transmitted to the registrar A apparatus, and the registrar A sends (5) the information K (SK _B (I _B )) received from the registrar B to the user. transmitted, the user, (7) the registration authority information from a K (SK _B (I _B)) to be decoded by the common encryption key K of the registrar B for said information I _B signature SK _B to obtain (I _B), (8) to verify the signature SK _B (I _B) in the above-mentioned public key PK _B, if passed, acknowledge that the above information I _B has been registered in the registration authority B . 10. The user is a user apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, a storage device for storing the public key PK _B registrar B, A common key generating means for generating a common encryption key K and storing it in the storage device; and generating registration information IA to the registrar _A and registration information IB to the registrar _B to generate I _A , I _A storing _B in the storage unit and the registration information generation unit, and the information I _B and said common cipher key K to encrypt the above public key PK _B information PK _B (I _B, K) cryptographic means to make, the information PK _B (I _B, K) and the information I and means for transmitting the _a to device registrar a, signature decrypts the information received from the registration authority _{a K (SK B (I B} )) SK comprising a decoding means for obtaining _B a (I _B), the signature verification means for verifying by using the signature SK _B (I _B) with the public key PK _B and the information I _B, and. 11. The user is a user apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, a storage device for storing the public key PK _B registrar B, A common key generating means for generating a common encryption key K and storing it in the storage device; and generating registration information IA to the registrar _A and registration information IB to the registrar _B to generate I _A , I _A a registration information generating means for storing the _B in the storage unit, information PK the common encryption key K encrypted with the public key PK _B
B a first cipher means for making (K), the common key K by encrypts said information I _B information K (I _B)
Second encryption means for making said information PK _B (K), information K (I _B) and means for transmitting said information I _A to the apparatus of the registrar A, information received from the Registration Authority A _{K (SK B (I B)} ) and decoding means for obtaining decoded by signature SK _B (I _B) with said signature SK _B (I _B) the public key PK _B, the signature verification to verify using the information I _B Means. 12. The user device according to claim 10, wherein the storage device holds a public key PK _A of a registrar A, and the signature verification means performs the signature SK received from the registrar A. _a and (I _a), comprising a means for verifying by using the public key PK _a and information I _a. 13. The user is a registered institution A apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, a storage device for storing the public key PK _B registrar B , transmits from the user device information received I _a and PK _B (I _B, K) and means for storing in the storage device, said information PK _B (I _B, K) and the apparatus of the registrar B and means, means for transmitting information received from the registrar B K a (SK _B (I _B)) to the user device. 14. The user is a registered institution A apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, a storage device for storing the public key PK _B registrar B , information I _a received from the user device, K (I _B) and PK _B of (K) and means for storing in the storage device, the information received from the user PK _B (K) and the information K (I _B )
And means for transmitting the information K (SK _B (I _B )) received from the registrar B to the user device. 15. The registrar A device according to claim 13, in the storage device and a secret key SK _A and a public key PK _A of the registration authority A is held, the information received from the user PK _B (I _B , K) is signed with the private key SK _A and the signature information SK
_{A (PK B (I B,} K)) signature means for obtaining a is provided, the means for the transmission the signature information _{SK A (PK B (I B} , K)) said information PK _B (I
_B , K) and send it to the registrar B. 16. The registrar A device according to claim 14, in the storage device are held secret key SK _A and a public key PK _A of the registration authority A is information K received from the user (I _B ) with the private key SK _A and signing information SK _A (K
(I _B)) to obtain the signature means are provided to, means for the transmission to said signature information _{SK A (K (I B)} ) said information K (I _B) and PK _B (K) the registration with institution B Send. 17. The method according to claim 13, 14, 15, or 16.
In the registrar A device, the registrar B device
Received information K (SK_B(I_B)) And its signature SK_B(K (SK _B(I_B)))of
Sign public key PK_B There is a signature verification means to verify using
Have been. 18. The registrar A device according to claim 13, 14, 15 or 16, wherein the signature to generate a signature signed information I _A in the storage device with the secret key SK _A SK _A (I _A) means are provided, said signature SK _A (I _A) is transmitted to the user apparatus together with information received from the registration authority _{B K (SK B (I B} )). 19. The user is a registered institution B apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, its own secret key SK _B, and stores the public key PK _B a storage device, the information received from the apparatus registration authority a PK _B (I _B, K) a secret key SK that decoded information I _B and decoded in _B, decoding means for storing the common key K in the storage device If the signature SK signed information I _B in said memory with a secret key SK _B
B (I _B) and signature means for obtaining a said signature SK _B (I _B) and encrypted with said information K information K (SK
_B (I _B )), and means for transmitting the information K (SK _B (I _B )) to the device of the registrar A. 20. The user is a registered institution B apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, its own secret key SK _B, and stores the public key PK _B A storage device, and a secret key for the information PK _B (K) received from the device of the registrar A.
First decryption means for decrypting with the SK _B to obtain a common encryption key K, second decryption means for decrypting the information K (I _B ) received from the apparatus of the registrar A with the information K, _B, a means for storing the K in the storage device, the signature SK signed information I _B in said memory with a secret key SK _B
B (I _B) and signature means for obtaining a said signature SK _B (I _B) and encrypted with said information K information K (SK
_B (I _B )), and means for transmitting the information K (SK _B (I _B )) to the device of the registrar A. 21. The registrar B according to claim 19 or 20.
In the apparatus, there is provided a signing means for signing the information K (SK _B (I _B )) with a secret key SK _B to generate signature information SK _B (K (SK _B (I _B ))). _B (K (SK _B (I _B ))) is the information K (SK
_B (I _B )) and is transmitted to the registrar A. 22. A recording medium storing a program for allowing a user of a user device in a system for registering different information IA and IB to a registrar _A and a registrar _B to be performed by a user. Steps include: generating a common encryption key K, registering information I _A with registrar _A , and registering information I _B with registrar _B.
The generated respectively, said information K, I _A, and stores the I _B in the storage device, said information I _B, information encrypted with the public key PK _B of registrar B to K PK _B (I _B, K) and The information I _A , PK _B (I _B , K) is generated and transmitted to the device of the registrar A, and the information K (SK _B (I _B )) received from the device of the registrar A is converted to the key. decrypts the information K to obtain a signature SK _B (I _B), verified using the signature SK _B (I _B) with the public key PK _B and the information I _B described above decoding. 23. a recording medium recording a program for executing on a computer of a user device in a system for registering user different information I _A and I _B to the registration authority B and registrar A, the program Steps include: generating key information K, registering information I _A with registrar _A , and registering information I _B with registrar _B.
The generated respectively, said information K, and stores I _A, the I _B in the storage unit, information encrypted with the public key PK _B of registrar B said information K
Generate PK _B (K), to encrypt the information I _B by the key information K to generate information K (I _B), the information _{I A, PK B (K)} , K a (I _B) above send to the device registrar a, the registrar information received from device a K a (SK _B (I _B)) to decrypt with the key information K to obtain a signature SK _B (I _B), the decoding be verified using the signature SK _B (I _B) the public key PK _B and the information I _B. 24. The user's recording medium according to claim 22, wherein the program further comprises the registration institution A.
Comprising the step of verifying by using the public key PK _A and information I _A received signature SK _A (I _A) from the device. 25. A recording medium in which a program for causing a computer of a registrar A apparatus in a system for a user to register different information IA and IB to a registrar _A and a registrar _B is recorded. program step comprises: user information received from the device I _a and PK _B (I _B, K) stored in the storage device, said information PK _B (I _B, K) a device registrar B transmitted to, and transmits the information received from the apparatus of the registrar _{B K (SK B (I B} )) to the user device. 26. a recording medium recording a program for executing a computer registrar A device in a system for registering user different information I _A and I _B to the registration authority B and registrar A, the The steps of the program include: information I _A received from the user device,
K (I _B ) and PK _B (K) are stored in a storage device, and the information PK _B (K) and the information K (I _B ) received from the user are transmitted to the device of the registrar B, and The information K (SK _B (I _B )) received from the device of the registrar B is transmitted to the user device. 27. The recording medium of the registrar A according to claim 25.
In the body, the storage device stores the secret key of the registrar A.
SK_A And public key PK_A Is held and received from the above user.
Information received PK_B(I_B, K) to the private key SK_A Sign with
SK_A(PK_B(I_B, K)), and the above signature
Name information SK_A(PK_B(I_B, K)) is the above information PK _B(I_B, K)
It is transmitted to the registration institution B. 28. The recording medium of the registrar A according to claim 26, wherein the secret key of the registrar A is stored in the storage device.
SK _A and the public key PK _A are held, and the information K (I _B ) received from the user is signed with the private key SK _A to sign information SK
_A (K (I _B)) to obtain step is provided, the signature information SK
_A (K (I _B )) is transmitted to the registrar B together with the information K (I _B ) and PK _B (K). 29. The method according to claim 25, 26, 27 or 28.
In the recording medium of the registrar A,
K (SK_B(I_B)) And its signature SK _B(K (SK
_B(I_B))) Sign the public key PK_B To verify using
Is provided. 30. The method according to claim 25, 26, 27, or 28.
In the recording medium of the registrar A described, the information I _A in the storage device and signed by the private key SK _A signature SK _A (I _A) generating, there are provided as the signature SK _A (I _A) It is sent to the user apparatus together with information received from the registration authority _{B K (SK B (I B} )). 31. A recording medium on which a program for causing a computer of a registrar B apparatus in a system for registering different information IA and IB to a registrar _A and a registrar _B to be registered by a user is recorded. The steps of the program include: information received from the device of RA A
PK _B (I _B, K) and decrypts the secret key SK _B to obtain information I _B, and K, these I _B, and stores the K in the storage device, the signature by the private key SK _B to the information I _B SK _B (I _B ) is generated, and the signature SK _B (I _B ) is encrypted with the above information K to obtain the information K (SK
_B (I _B )), and transmits the information K (SK _B (I _B )) to the device of the registrar A. 32. a recording medium recording a program for executing a computer user registrar B apparatus in a system for registering different information I _A and I _B to the registration authority B and registrar A, the The steps of the program include: information received from the device of RA A
PK _B (K) is decrypted with the secret key SK _B to obtain a common encryption key K, and the information K (I _B ) received from the device of the registrar A is decrypted with the common encryption key K to obtain the information I _B obtain the information I _B and K, which are the decoded stored in the storage device, said information I _B to generate signature by the secret key _{SK B SK B (I B)} , the signature SK _B (I _B) the Information K (SK
_B (I _B )), and transmits the information K (SK _B (I _B )) to the device of the registrar A. 33. A recording medium for registrar B apparatus of claim 31, the registration authority A information PK _B (I _B, K) received from the device and its signature SK _A (PK _B (I _B , K)) is verified using the public key PK _A, and if the verification passes, the information PK _B (I _B , K) is decrypted with the secret key SK _B to obtain the information I _B and the common encryption key K. Including steps. In the recording medium for 34. registrar B apparatus of claim 32, exposes the registrar information received from the device A PK _B (K) and its signature _{SK A (K (I B)} ) Verification is performed using the key PK _A, and if the verification passes, the above information PK _B (K)
The comprises the step of obtaining a common encryption key information K is decrypted by the secret key SK _B. 35. The recording medium for a registrar B apparatus according to claim 31, 32, 33 or 34, wherein the information
K (SK _B (I _B )) is signed with a secret key SK _B and signature information SK _B (K (SK
_B (I _B ))) A signature step for generating is provided, and the signature information SK _B (K (SK _B (I _B ))) is transmitted to the registrar A together with the information K (SK _B (I _B )). Is done.