WO2013054701A1 - データの真正性保証方法、管理計算機及び記憶媒体 - Google Patents
データの真正性保証方法、管理計算機及び記憶媒体 Download PDFInfo
- Publication number
- WO2013054701A1 WO2013054701A1 PCT/JP2012/075557 JP2012075557W WO2013054701A1 WO 2013054701 A1 WO2013054701 A1 WO 2013054701A1 JP 2012075557 W JP2012075557 W JP 2012075557W WO 2013054701 A1 WO2013054701 A1 WO 2013054701A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- log
- computer
- hash
- hash value
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the present invention relates to a digital signature technique for guaranteeing the authenticity of a large amount of log data or data generated at any time for a long period of time.
- tracing the hash chain means that the previous signed data is compared by comparing the hash value of the previous signed data included in the verified data with the hash value calculated from the previous signed data. This means that the process of verifying that the file has not been tampered with is repeated with the signed data making up the hash chain.
- Patent Document 1 discloses a technique for reducing the number of signatures and reducing the load on a computer by making a signature for data constituting a hash chain once for a plurality of data. .
- a method for ensuring that the previous data has not been tampered with a method for storing the hash value of the previous data in the tamper resistant device is disclosed. That is, by comparing and verifying the hash value stored in the tamper resistant apparatus and the hash value calculated from the previous data, it can be confirmed that the previous data has not been tampered with.
- the hash value of a tree is obtained by combining the hash values of multiple log data and taking the hash value of the combined hash values.
- a method is disclosed in which a hierarchical structure is used, and when the lower part of the tree is tampered with, the range of influence of tampering is limited to a specific range.
- Patent Document 1 discloses that the influence range of alteration is limited to a specific range by creating a hash tree structure.
- the vulnerability is that the authenticity of the entire hash tree is lost when the hash value corresponding to the highest node is tampered with because it has a structure that guarantees the authenticity of a node by the upper node of that node. There is. For this reason, even when certain data is falsified, the problem of maintaining the authenticity of the hash chain has been solved only to a limited extent.
- hash values are generated after combining hash values of a plurality of log data, but it is ensured that the plurality of hash values have not been tampered with.
- a method of storing a plurality of log data in a tamper resistant device can be considered in the same way as storing the previous log data in a tamper resistant device, but when considering handling a large amount of log data, Preserving all log data in the tamper resistant device may exceed the capacity of the tamper resistant device.
- Patent Document 1 when the authenticity of past specific data is to be confirmed, all hash chains from the present to the past specific data must be traced, which requires a long calculation time. there were.
- the present invention has been made in view of the above circumstances, and in the digital signature technology for guaranteeing the authenticity of a large amount of log data or data that occurs at any time for a long period of time, other cases when certain data has been tampered with
- the purpose is to maintain the authenticity of the data and to quickly verify specific log data. Furthermore, it aims at reducing the load of the computer at the time of producing
- the present invention relates to a data authenticity guarantee method implemented by a management computer having a processor and a memory, from the first data received from the computer and the second data held in the data holding unit of the management computer.
- a digital signature is given to the data obtained by combining the acquired hash value of one or more second data and a key set in advance to generate second data, and the generated second data is used as data.
- the plurality of second data held in the data holding unit and the second data to be verified the plurality of hash chains are intermittently traced to authenticate
- a signature verification process for performing verification is performed.
- the signature generation process includes a first step of receiving first data from the computer, and a second time data among the second data held in the data holding unit.
- 6th step of accepting data 7th step of obtaining and verifying second data that can be independently verified from the data holding unit, and 2nd data to be verified can be independently verified Na
- the second data is verified by sequentially comparing the hash value calculated from the second data with the second data including the hash value, and the verification is performed by intermittently tracing a plurality of hash chains. 8 steps.
- the management computer selects a plurality of second data at a predetermined interval on the time series of the digital signature
- the general term is a geometric sequence of the previous one, the first term N, and the common ratio 2. Selection is made from the second data before n ⁇ 2 ⁇ (p ⁇ 1).
- all the second data (for example, log records) is a hash of the second data before a plurality of pieces of data.
- a plurality of hash chains are formed.
- the hash chain verification processing is reduced by creating a hash chain for a plurality of previous second data at the time of generating the second data, the second data to be verified can be verified at high speed. it can. Furthermore, since the process of verifying whether a plurality of previous second data has been tampered with when generating the second data, tampering of the second data can be detected at an early stage.
- FIG. 1 is a block diagram showing an example of a data processing system to which the first embodiment of the present invention is applied.
- an application server 102-1 to an application server 102-L (hereinafter, the generic name of the application server is 102) that provides business applications and databases to the user's computer, and the application server 102 Log management server 101 that collects and manages these logs and a network 103 that connects the servers.
- FIG. 2 is a block diagram illustrating an example of functional elements of the log management server 101.
- the log management server 101 generates a log record from the log data sent from the application server 102, and verifies the log record and determines authenticity in response to a request from the user, and the log management server 101.
- Storage unit 202 that stores log data generated by the user, data such as keys necessary for processing, input / output unit 210 that receives input from the user or administrator, and communication unit that receives log data output from the application server 102 211.
- a log output from the application server 102 is referred to as log data
- a log processed by the log management server 101 as described later is referred to as a log record.
- the processing unit 201 includes a signature generation unit 203 that gives a signature to data obtained by combining log data and a hash value of a log record, a signature verification unit 204 that verifies the signature of the log record, a hash value included in the log record, and the hash A hash value comparison unit 205 that compares and verifies a log record that is a source of a value, a hash value generation unit 206 that takes a hash value of the log record and generates a hash value, and a control unit 207 that controls them.
- a signature generation unit 203 that gives a signature to data obtained by combining log data and a hash value of a log record
- a signature verification unit 204 that verifies the signature of the log record, a hash value included in the log record
- the hash A hash value comparison unit 205 that compares and verifies a log record that is a source of a value
- a hash value generation unit 206 that takes a hash value of the log record
- the storage unit 202 stores a log record holding unit 208 that stores a log for which signature processing or the like has been completed, and a secret key / certificate holding unit that holds a secret key, a certificate, and a public key for generating and verifying a signature 209.
- the private key / certificate may be stored in a tamper resistant device.
- the signature verification unit 204 may include the hash value comparison unit 205
- the signature generation unit 203 may include the hash value generation unit 206.
- FIG. 3 is a block diagram illustrating an example of functional elements of the application server 102.
- the application server 102 executes an application and communicates with a processing unit 301 for outputting a log, a storage unit 302, an input / output unit 307 that receives input from a user, the log management server 101, and other application servers.
- the processing unit 301 includes a log output processing unit 303 that performs processing of sending a log generated by the application server 102 to the log management server 101, an application processing unit 304 that executes an application, and a control unit 305 that controls these. Have.
- the storage unit 302 includes an application data holding unit 306 that stores data necessary for executing an application.
- the processing units 201 and 301 of the log management server 101 and the application server 102 illustrated in FIGS. 2 and 3 include, for example, a CPU 401, a memory 402, and an external storage device 404 such as a hard disk as illustrated in FIG.
- the CPU 401 executes a predetermined program loaded on the memory 402, Can be embodied.
- Each of the above devices can be realized using a general computer including a CPU 401 and a storage device, or a program or hardware having a function equivalent to that of a general computer.
- the CPU 401 executes a predetermined program loaded on the memory 402 from the external storage device 404, whereby the above-described processing units can be realized. That is, the communication units 211 and 308 are realized by the CPU 401 using the communication device 403. The input / output units 210 and 307 are realized by the CPU 401 using the input device 405, the output device 406, and the reading device 407. The storage units 202 and 302 are realized by the CPU 401 using the memory 402 and the external storage device 404. The processing units 201 and 301 are realized as processes of the CPU 401.
- These programs may be stored in advance in the memory 402 or the external storage device 404 in the electronic computer, or when necessary, from a removable storage medium 408 that can be used by the electronic computer, or It may be introduced from another device via a communication medium (such as the network 103 or a carrier wave or digital signal propagating over them).
- a communication medium such as the network 103 or a carrier wave or digital signal propagating over them.
- the present invention can be realized by the configuration shown in FIGS. 1 to 3, but the present invention is not limited to this configuration.
- the log management server 101 but also the application server 102 may have a function of managing log records.
- log records held in the log record holding unit 208 of the log management server 101 will be described with reference to FIG.
- a case will be described in which a plurality of previous log records and a previous six log records are included as a plurality of previous log records. Note that these log records are generated by the signature generation unit 203 of the log management server 101.
- One log record 501 is log data 502 that is the log data body transmitted from the application server 102, a data ID 503 that is a unique ID representing the log data 502, and a hash value of the previous log record.
- the general term of the connecting ID 1 ⁇ connecting ID 3 is referred to as "coupling ID”
- fields 502-509 Consisting of signature 510 that was given a digital signature for.
- the log record S8 includes the log data 502 M8, the log data M8 data ID 503 8 and the previous hash value 504 H (S7) ("H (S7)" is a hash calculated from S7. The same as the following), “7” which is the concatenation ID 1 , H (S5) which is the previous three hash values 506, “5” which is the concatenation ID 2 , and the six previous hash values. H (S2) which is 508, “2” which is ID 3 for concatenation, and signature 510 which is the result of signing log data M8, H (S7), H (S5) and H (S2).
- the signature generation unit 203 of the log management server 101 calculates the hash value 504 of the previous (preceding) log record and the hash value 506 of the previous three log records for the log data received from the application server 102, respectively.
- the hash value 508 of the previous six log records is duplicated from the previous three log records, and a digital signature is given to the log record.
- the signature generation unit 203 assigns a concatenation ID to the previous, third, and sixth log records.
- the log record of FIG. 5 shows the history of the signature 510 of the log record generated by the log management server 101 from the log data of the specific data processed by the application server 102.
- the log record holding unit 208 stores a log record signature 510 history as shown in FIG. 5 for each piece of data processed by the application server 102.
- one log record includes the previous, third, and sixth hash values, and as shown in FIG. 6, all log records are the previous and third.
- a chain of log records is formed by the previous and sixth hash values. That is, a plurality of hash chains are generated from one log record.
- FIG. 7 is a flowchart showing an example of processing performed by the control unit 207 of the log management server 101 when one log record of FIG. 5 is generated.
- a process for generating the log record S11 of FIG. 4 will be described as an example. 7 is executed at a predetermined timing such as when the log management server 101 receives log data.
- the control unit 207 starts the processing upon receiving the log data M11 from the application server 102.
- the log data M11 acquired from the communication unit 211 is stored in the log record holding unit 208 as a new log record (step 701).
- a new log record may be generated by the signature generation unit 203.
- the signature verification unit 204 verifies the log record S10 that is the previous log record stored in the log record holding unit 208 (step 702). That is, the signature verification unit 204 obtains a public key from a certificate stored in advance in the private key / certificate holding unit 209, and decrypts the data by applying the public key to the signature 510 of the log record S10. And the acquired data and the hash value of the log record S10 are compared.
- the signature verification unit 204 acquires the log data M10 and the hash values H (S9), H (S7), and H (S4) from the digitally signed signature 510 with the public key, and the log data 502 of the log record S10 and the hash The authenticity of the log record S10 is verified by comparing with the values 504, 506, and 508. That is, if the log data and the hash value included in the digitally signed signature 510 are equal to the log data 502 of the log record S10 and the hash values 504, 506, and 508, respectively, the log record S10 is not tampered with. Data is guaranteed.
- the signature verification unit 204 may verify the hash value included in the digitally signed signature 510 and the hash values 504, 506, and 508 of the log record S10.
- the hash value generation unit 206 of the signature generation unit 203 uses the hash value of the log record S10. It is generated and stored in the log record holding unit 208 together with “10” which is the data ID 503 (step 704).
- the signature generation unit 203 can add the hash value of the previous log record S10 to the hash chain of the log record S11.
- the process proceeds to step 703, and the signature verification unit 204 performs error processing as described later.
- the log record S8 which is the previous three log records stored in the log record holding unit 208, is verified by the signature verification unit 204 in the same manner as in step 702. If the verification result is correct (verification in step 705). If successful, the hash value generation unit 206 generates a hash value of the log record S8 and stores it in the log record holding unit 208 together with “8” as the concatenation ID 1 506 (step 707). Thereby, after the signature verification unit 204 verifies that the log record S8 has not been tampered with, the hash value generation unit 206 can add the hash value of the previous three log records S8 to the hash chain of the log record S11. On the other hand, if the three previous log records S8 have been tampered with or deleted, the process proceeds to step 706, and the signature verification unit 204 performs error processing as described later.
- the hash value generation unit 206 duplicates the hash value H (S5) and creates a concatenation ID. 2 is stored in the log record holding unit 208 together with “5” of 509 (step 708). At this time, since it has already been verified in step 705 that the three previous log records S8 have not been tampered with, it has been verified that H (S5) which is a part of the log record S8 has not been tampered with. It is.
- the signature generation unit 203 performs a digital signature on the connection IDs “10”, “8”, and “5”. That is, the signature generation unit 203 uses the private key stored in the private key / certificate holding unit 209 to calculate a signature value for the log data.
- the signature generation unit 203 stores the obtained signature 510 in the log record holding unit 208 (step 709).
- the log management server 101 After the processing in steps 701 to 709, the log management server 101 generates a log record S11 obtained by digitally signing the hash values of the log records S10, S8, and S5 with the secret key from the received log data M11. It is stored in the holding unit 208.
- N is a natural number constant
- p is a natural number variable that takes a value from 1 to n
- n is a value representing how many previous hash values are acquired.
- the log management server 101 since it is possible to perform the verification that no falsification is performed for each log record and the calculation of the hash value by one-time comparison of the hash value and replication of the hash value, the log management server 101 when the log record is generated The calculation load is reduced.
- Log records have hash values of log records before 3, 6, 12, and 24.
- the signature generation unit 203 generates a new log record
- the six previous log records (three previous) included in the three previous log records are verified. (3 log records for the previous log record) is acquired and replicated, and the acquired hash value is compared with the hash value calculated from the 6 previous log record. Perform record validation.
- the previous 12th hash value is acquired.
- the acquired hash value is compared with the hash value calculated from the previous 12 log records, and the previous 12 log records are verified.
- the twelve previous log records verified by the signature verification unit 204 include 24 previous log records (12 previous records for the previous 12 log records).
- the signature generation unit 203 performs three times, six times, twelve times, and twenty-four times by performing one signature verification process, two hash value comparison processes, and four copy processes.
- a log record containing the previous hash value can be generated.
- step 703 and step 706 executed by the signature verification unit 204 warns the user that the log record verification processing may have failed and the verification target log record may have been altered or deleted.
- the data ID 503 of the log record that has been tampered with is output to the computer used by the user and displayed on the output device 406 of the computer.
- n log records are selected every N predetermined intervals. Then, the log management server 101 calculates the hash values of the immediately preceding log record and the Nth previous log record. Then, the hash value of the log record older than the previous N (N ⁇ 2 and later) duplicates the hash value stored in the previous N log record.
- the log management server 101 stores n + 1 hash values in a new log record, but the hash value is actually calculated only twice for the immediately preceding log record and the N previous log record. Therefore, the calculation load can be reduced.
- the log management server 101 selects a plurality of log records at predetermined intervals on the time series of the digital signature 510, and out of the selected plurality of log records.
- the hash value of the latest log record is calculated, and the hash value of the previous log record is calculated.
- the log management server 101 duplicates the hash value held in each log record for hash values other than the latest log record among the plurality of selected log records.
- the specific data is a log record in which the input / output unit 210 has received a verification request from the user's computer or a log record in which a verification request has been received from the input device 212.
- FIG. 8 is a diagram showing an example of tracing a log when performing high-speed verification.
- the fast verification route 801 in FIG. 8 is a diagram illustrating the shortest route for verifying S1 when the log record S11 is a trust point.
- verification is performed in three steps. In this example, by comparing and verifying the signature 510 and the hash value of the hash value of the oldest six log records S5 among the hash values included in the log record, the hash chain is compared one by one. The number of steps can be omitted.
- the hash value is compared for the second oldest hash value, and if the second oldest hash value is older than the specific data, the third oldest hash value is compared. In this way, the authenticity of specific data is verified with the minimum number of steps by gradually narrowing the omitted range.
- the signature verification unit 204 includes the hash value H (S5) included in the log record S11 and the log record. The hash value of S5 is calculated and verified.
- the signature verification unit 204 calculates the oldest hash value H (S2) included in the log record S5 and the hash value of the log record S2, and performs verification in the same manner as described above.
- the signature verification unit 204 calculates the hash value for the oldest (immediately preceding) hash value H (S1) and the log record S1 included in the log record S2, and performs verification in the same manner as described above.
- the signature verification unit 204 can ensure that the log record S11 is authentic data of the log record S1. Accordingly, the log management server 101 can quickly verify the authenticity of the requested log record S11 by tracing the log records S5 and S2 without tracing all of the log records S1 to S10.
- FIG. 9 is a flowchart illustrating an example of the verification process of the high-speed verification route 802 in FIG. 8 performed by the signature verification unit 204. The detailed description of FIG. 9 will be given below.
- a log record to be verified is acquired from the input / output unit 210, and a trustpoint is selected.
- the trust point is a log record whose signature has not expired and which is closest to the log data to be verified. In this case, since it is assumed that the signatures of the log records S1 to S10 shown in FIG. 8 have expired, the log record S11 is selected as a trust point (step 901).
- Step 902 the signature of the trust point is verified by the signature verification unit 204 (step 902).
- the variable x holding the data ID of the verified log record is initialized with the data ID of the trust point (step 904).
- “11” is assigned to the variable x here.
- Step 906 to Step 908 are repeated until the variable x reaches the ID to be verified (ID is 1 according to the example of FIG. 8) (Step 905).
- step 902 the signature verification unit 204 proceeds to step 903 and executes error processing described later.
- the signature verification unit 204 selects the oldest concatenating ID from among the linkage IDs included in the log record of the log record Sx that is the same as the data ID of the log record to be verified or newer than the log record to be verified. Then, it is substituted for the variable x (step 906). Specifically, among the hash values included in the log record S11 in FIG. 5, the concatenation ID of the hash value H (S5) that satisfies the above condition is “5”, so “5” is substituted for the variable x. .
- the hash value comparison unit 205 compares the hash value H (S5) with the value obtained by calculating the hash value of the log record S5, and performs partial verification of the hash chain 601 shown in FIG. 907). Accordingly, the signature verification unit 204 ensures that the log record S5 has not been tampered with.
- log record S5 is not a log record to be verified
- steps 906 to 908 are repeated. That is, among the hash values included in the log record S5, H (S2) satisfying the above condition is compared with the value calculated from the hash value of S2, and the partial verification of the hash chain 601 shown in FIG. 6 is performed. Do more. Since the log record S2 is not the verification target log record, the hash value included in the log record S2 is compared with H (S1) satisfying the above condition and the value obtained by calculating the hash value of the log record S1, and the hash The chain is partially verified, and the verification of the log record to be verified is completed.
- the signature verification unit 204 warns the user that the trustpoint data may be falsified or deleted.
- the data ID 503 of the log record that has been tampered with is transmitted to the user computer and displayed on the output device 406 of the computer.
- step 903 the process returns to step 901 to select a new trust point.
- the new trustpoint is a log record whose signature has not expired, a log record closest to the log data to be verified is selected, and is not a log record in which an error has occurred. Thereafter, the processing after step 902 described above is executed.
- step 907 If the verification of the log record fails in step 907, the signature verification unit 204 proceeds to step 908 and executes error processing to be described later.
- step 908 the user is warned that the verification process has failed and the log record may have been altered or deleted.
- the data ID 503 of the log record that has been tampered with is transmitted to the user computer and displayed on the output device 406 of the computer.
- verification of specific data may be continued with another verification route.
- a verification route other than the high-speed verification route 801 illustrated in FIG. 8 can be selected.
- other verification route selection methods include verification routes generated from other hash values included in the verified log record, and other hash values included in the log record that guaranteed the verified log record. It is conceivable to select a verification route.
- the signature verification unit 204 first selects the log record S11 as a trust point (step 901). The signature verification unit 204 verifies the log record S11 of the selected trust point (step 902), and substitutes “11” for the variable x (step 904). Since “11” is not the data ID of the verification target data (step 905), one of the hash values included in the log record S11 is the same as the data ID of the verification target log data or newer than the verification target log data. ID “5”, which satisfies the condition of the oldest connection ID, is substituted for variable x (step 906).
- the hash value comparison unit 205 verifies the hash value H (S5) and the log record S5 (step 205).
- an error process step 908 is performed, and a warning to the user and another verification route are selected.
- H (S8) which is a hash value closer to S1 to be verified, among H (S8) and H (S10), which are other hash values included in the log record S11, is used as a new verification route. select.
- the hash value comparison unit 205 verifies the hash value H (S8) and the log record S8 (step 908).
- the hash value H (S2) is selected from the hash values included in the log record S8 (step 906), and the hash value calculated from the hash value H (S2) and the log record S2 is compared with the hash value comparison unit. Verification is performed by 205 (step 908).
- the hash value H (S1) included in the verified hash value H (S2) and the hash value calculated from the log record S1 are verified by the hash value comparison unit 205, and the verification of S1 ends. In this way, even when certain data is tampered with or deleted, log records can be verified even if verification fails by using the hash value of other log records included in the log record of the trustpoint. And authenticity can be reliably verified.
- all log records have a plurality of hash values of a plurality of previous log records, Configure multiple hash chains.
- log records can be generated while reducing the load on the computer at the time of digital signature generation by efficiently verifying a plurality of previous log records and reducing the number of digital signature verification steps.
- tampering of the log record may be detected at an early stage.
- the log records before 3 and 6 are acquired, but how many hash values of the previous log record can be arbitrarily set, and N before (N is a constant) Alternatively, it may be a log record before the number of random values. That is, a plurality of log records may be acquired from a plurality of previous log records. It is also possible to set to take a hash value of a log record of a certain time ago.
- a method for constructing a verification route to specific data in confirming that the log record at the time of log generation has not been tampered with and verifying specific data is known or publicly known
- the optimal route can be calculated by applying the graph theory.
- the present invention can be realized by the configuration shown in FIGS. 1 to 3, but the present invention is not limited to the above configuration.
- the log management server 101 but also the application server 102 may have a function of generating and managing the log record of FIG.
- the application server 102 sends log data to the log management server 101 each time a log is generated.
- the log management server 101 collects log data generated in one day into a file. It is also possible to send to.
- the application server 102 since the file may be tampered before being sent to the log management server 101, as a countermeasure, the application server 102 has a function of generating a hash chain or uses a time stamp. Can be considered.
- a processing method of the sent file in the log management server 101 a method of creating a hash chain from log records in the file, a method of handling the file itself like log data, and creating a hash chain for each file, etc. are conceivable. .
- the present invention can be applied to a computer system that digitally signs electronic data.
- FIGS. 10 and 11 show an example of the second embodiment of the specific log record high-speed verification method of the present invention.
- the feature of the second embodiment is that a trust point that minimizes the number of verifications of the hash chain is selected, the selected trust point and the hash chain to be verified are verified, and the hash chain used for verification is output. That is.
- a log record that has not expired in the signature and that is closest to the log record to be verified is selected as a trust point.
- the signature is valid.
- a signature that is a log record that has not expired and that has the minimum number of verifications of the hash chain is selected as a trustpoint.
- This embodiment is a method in which the high-speed verification method described with reference to FIGS. 8 and 9 is changed in the first embodiment.
- the system configuration and the log record generation method described with reference to FIGS. It is assumed that a log record has been generated.
- the trust point is a signature that has not expired, and a normal electronic certificate usually has a validity period of about five years. Therefore, at a certain point in time, a log record whose trust has not expired (trust There will be multiple points. For example, when using an electronic certificate with an expiration date of 5 years, all log records for a maximum of 5 years can be the trust point.
- FIG. 10 is a diagram showing an example of tracing a hash chain when performing high-speed verification in the present embodiment.
- log records S11 to S13 are log records whose signatures have not expired
- S1 is a log record to be verified.
- a set of log records that can be a trust point, such as a log record whose signature has not expired, is stored in the storage unit 202 of FIG. 2, and is stored in, for example, a DB or a file.
- the trust point is not determined first, but the trust point is selected in parallel with the verification of the hash chain. Specifically, in parallel with the verification of the hash chain of S7 and S13 connected with S1 to be verified by the hash chain, the expiration date of the signature of S7 and S13 connected with the hash chain of S1 is confirmed, When a signature that can be a trustpoint is found, the tracing of the hash chain is ended, and the signature is set as the trustpoint. Then, the signature verification of the trust point is performed, and it is confirmed that the verification target S1 and the trust point are connected by a hash chain, and the verification target S1 is not falsified.
- FIG. 11 is a flowchart illustrating an example of the verification process of the verification route 1001 performed by the signature verification unit 204 in which the number of verifications in FIG. 10 is minimized. The detailed description of FIG. 11 will be given below.
- a log record to be verified is acquired from the input / output unit 210, and the ID of the acquired log record is substituted into a variable x that holds the ID of the log record to be verified (step 1101). Specifically, “1” is substituted for x.
- the signature verification unit 204 calculates a log record having a hash value of Sx, and substitutes the ID of the latest log record among the calculated log records into a variable y that holds the ID of the log record to be compared.
- the log records (S1) to be verified have the hash values of the log records S2, S4, and S7, and the concatenated ID “7” of the log record of S7, which is the latest one, is stored. Assigned to variable y.
- the hash value comparison unit 205 compares the hash value H (Sx) included in the log record Sy with the value obtained by calculating the hash value of the log record Sx, and the hash value 601 shown in FIG. Is verified (step 1103). Specifically, the hash value H (S1) included in S7 is compared with the value obtained by calculating the hash value of the log record S1.
- the signature verification unit 204 confirms that the log record S1 has not been tampered with.
- the signature verification unit 204 confirms whether or not the log record Sy is registered as a trust point. If the log record Sy is not registered, the signature verification unit 204 substitutes the variable y for the variable x and proceeds to step 1102. Specifically, since S7 is not registered as a trust point, the most recent of the log records S8, S10, and S13, which are log records having the hash value of S7, is substituted for the variable x with the linkage ID “7” of S7. S13 is substituted for variable y (step 1102), and the hash value H (S7) included in S13 is compared with the value obtained by calculating the hash value of log record S7 (step 1103).
- the signature verification unit 204 confirms that the log record S13 is registered as a trust point, and proceeds to step 1106 to verify the signature of the log record S13. If the signature verification of the log record S13 is successful, it can be confirmed that the hash value H (S7) included in the log record S13 has not been tampered with. If all the above processes are successful, the signature verification of the log record S13 selected as the trustpoint and the verification of the hash chain from the trustpoint to the log record S1 to be verified have been confirmed. Next, the signature verification unit 204 presents the verification result and the list of log records used for verification to the user, and the verification of the verification target log record is completed (step 1108).
- the list of log records used for verification is S1, S7, and S13, and the data ID 503 of these series of log records is presented to the user.
- the user may acquire the series of log records from the log record holding unit 208 using the data ID 503 of the series of log records as a key.
- the signature verification unit 204 warns the user that the log record Sy recorded in the storage unit 202 may be falsified or deleted. For example, together with the error message, the data ID 503 of the altered log record is transmitted to the user's computer and displayed on the output device 406 of the computer.
- verification of specific data may be continued using another verification route.
- a verification route other than the verification route 1001 that minimizes the number of verifications shown in FIG. 10 can be selected.
- other verification route selection methods include verification routes generated from other hash values included in the verified log record, and other hash values included in the log record that guaranteed the verified log record. It is conceivable to select a verification route.
- the second embodiment of the present invention has been described above. According to this embodiment, by selecting the optimum trust point from a plurality of trust points, the number of verifications of the hash value is minimized, and the oldest trust point is selected, which is faster than the method shown in the first embodiment. It is possible to perform verification.
- the user can acquire a series of log records included in the presented list of log records from the log record holding unit 208 and provide it to a third party.
- the third party can verify the authenticity of the log record to be verified using the list of log records provided by the user without accessing the log management server 101. That is, the third party can confirm the authenticity of the log record to be verified by himself / herself using the evidence information provided by the user.
- the hash values of the previous and third log records are included, but how many previous log records are included can be arbitrarily set, and the set method
- the trust point that minimizes the number of verifications of the hash chain can be selected.
- a well-known or well-known graph theory may be applied.
- An information linkage system is a system that relays information related to an organization such as a person or company between different organizations, an information inquiry system and an information provision system. For example, when an organization such as a person or a company having an information inquiry system and an information provision system is managed with different IDs, the information inquiry system ID is converted to an information provision system ID, and information linkage is relayed. .
- the information exchanged by the information linkage system includes a lot of sensitive information related to organizations such as individuals and companies
- the information of the information inquiry system and information providing system involved in the processing and the type of personal information exchanged are saved as a trail.
- These information linkage trails are stored as log data in the log management server.
- the data processing system described with reference to FIGS. 1 to 3 is applied to the information linkage system in the first embodiment, and the log record described with reference to FIGS. 5 to 7 is generated.
- high-speed verification can be performed by the processing described in FIG. 8, FIG. 9, or the second embodiment.
- FIG. 12 is a block diagram showing an example of log data processing in the information cooperation system to which the third embodiment of the present invention is applied.
- the information cooperation system, the information inquiry system, and the information provision system are connected by a network 103 such as the Internet or a wide area WAN.
- the information linkage system includes a log management server 101 and an information relay device 1201 and is connected by an intra-organization network 1202.
- Information inquiry system and information providing system information link 1203 1-1203 2 (collectively referred to as "MES system 1203") and consists of the log management server 1204 1 ⁇ 1204 N, connected in the corporate network 1202 1 ⁇ 1202 N Has been.
- the information relay device 1201 and the information linkage device 1203 have the same configuration as the application server 102. That is, processing related to information cooperation is performed by the application processing unit 304, and data to be used as a trail of information cooperation is output by the log output processing unit 303.
- the information cooperation apparatus 1203 of the information inquiry system sends an information cooperation request to the information relay apparatus 1201 at the timing of receiving an information cooperation start instruction from the operator of the information cooperation apparatus 1203 or the like (step S1301).
- the information inquiry system that has made the information cooperation request outputs the record to the log management server 1204 (step S1302), and the log management server 1204 assigns a signature to the record and stores it by performing the process of FIG. S1303).
- the information relay apparatus 1201 that has received the information cooperation request performs information relay processing, such as converting an ID representing a cooperation target individual or organization from an ID used in the information inquiry system to an ID used in the information providing system. (Step S1304). Then, the information relay apparatus 1201 transmits an information cooperation request to the information cooperation apparatus 1203 of the information providing system (step S1305), and outputs a record of the processing results of steps S1304 and S1305 to the log management server 1204 (step S1305). S1306). The log management server 1204 assigns a signature to the record by performing the process of FIG. 7 and stores it (step S1307).
- information relay processing such as converting an ID representing a cooperation target individual or organization from an ID used in the information inquiry system to an ID used in the information providing system.
- the information relay apparatus 1201 transmits an information cooperation request to the information cooperation apparatus 1203 of the information providing system (step S1305), and outputs a record of the processing results of steps S1304 and S1305 to the log management server 120
- the information cooperation apparatus 1203 of the information providing system that has received the information cooperation request performs processing such as generation of information to be transmitted in response to the information cooperation request (step S1308), and transmits the result to the information inquiry system (step S1309).
- the information linkage apparatus 1203 outputs log data as a result of the processing in steps S1308 and S1309 to the log management server 1204 (step S1310), and the log management server 1204 assigns a signature by performing the processing in FIG. Store (step S1311).
- the information cooperation apparatus 1203 of the information inquiry system that has received the requested information outputs the reception result to the log management server 1204 (step S1312), and the log management server 1204 adds a signature by performing the processing of FIG. Store (step S1313). Further, the information cooperation apparatus 1203 of the information inquiry system sends the reception result to the information relay apparatus (step S1314), and outputs a record of the processing result of step 1314 to the log management server 1204.
- the log management server 1204 By performing the above process, a signature is attached to the record and stored (step 1316).
- the information relay apparatus 1201 that has received the reception result outputs the result of the reception process to the log management server 1204 (step S1317), and the log management server 1204 performs processing of FIG. To do.
- the information inquiry system that has sent the information requested in step S1309 transmits the transmission result to the information relay device (step S1319), and outputs the record of the result to the log management server 1204 (step S1320).
- the management server 1204 assigns a signature to the log by performing the process of FIG. 7 and stores it (step S1321).
- the information relay apparatus that has received the transmission result of step S1319 outputs the reception result to the log management server 1204 (step S1322), and the log management server 1204 assigns a signature to the log by performing the process of FIG. (Step S1323).
- the authenticity of the trail is increased for use cases where it is necessary to generate a record of processing related to information cooperation every time communication occurs and to guarantee long-term authenticity as a trail of information cooperation.
- all log records have a plurality of hash values of the previous log records, thereby forming a plurality of hash chains.
- log records can be generated while reducing the load on the computer at the time of digital signature generation by efficiently verifying a plurality of previous log records and reducing the number of digital signature verification steps.
- the access token method is described in which the information providing system responds to the information inquiry system from the information providing system in S1309. Even in information cooperation using the gateway method, in which information is linked to an organization of the information inquiry system via the linkage system, the authenticity of the information linkage trail can be maintained.
- FIG. 14 and FIG. 15 show an example of the fourth embodiment for further improving the complexity when generating the hash chain of the present invention.
- the feature of the present embodiment is that when there are a plurality of hash chain aggregates composed of a plurality of hash chains, a plurality of log records of a hash chain aggregate before a log record of another hash chain aggregate. By including the hash value of, the collection of hash chains is connected.
- hash chain aggregates means that, for example, a hash chain aggregate may be created for each application server 102. That is, when generating log records from the output log data from the application server 102 1, the hash value of the log record and six application server 102 1 generated from three previous log data of the application server 102 1 by including the hash value of log records generated from previous log data, constituting a set of application servers 102 1 hash chain. As described above, there are as many aggregates of hash chains as there are application servers.
- This embodiment has improved the detailed contents (FIGS. 5 to 6) of the log record generated by the log record generation method in the description of the first embodiment performed with reference to FIGS. Therefore, high-speed verification can be performed by the processing described in FIGS. 8 to 9 or the second embodiment.
- one log record 1401 of the aggregate s includes an aggregate ID 1402, which is a unique ID for identifying the aggregate, and a log three before the aggregate t.
- the hash value 1403 three times before the aggregate t that is the hash value of the record, the concatenation ID 1404 that is a unique ID representing the hash value 1403 three times before t, and the log record six times before the aggregate t Is a hash value 1405 six times before t, and a concatenating ID 1406 that is a unique ID representing the hash value 1405 six times before t.
- the connection ID includes the ID of the assembly, and the assembly can be identified from the connection ID.
- the signature 1407 is a digital signature for the fields 502 to 509 and 1402 to 1406, similar to the signature 510 of FIG.
- Signature generation unit 203 of the log management server 101 the log data received from the application server 102 1, one before collection of the application server 102 first hash chains (aggregation s), 3-previous, six pre A hash value of the log record is generated in the same manner as in the first embodiment.
- the signature generation unit 203 further calculates a hash value 1403 of the three previous log record collection of application server 102 second hash chains (aggregation t), a set of hash values of the six previous aggregate t Duplicate from the hash value three times before the field t, and give a digital signature to the log record.
- the signature generation unit 203 assigns a concatenation ID to the log records one, three, and six before the aggregate s and the log records three and six before the aggregate t.
- the hash chain structure 1501 in FIG. 15 is used to visualize the hash chain structure of the log record illustrated in FIG.
- the log record of the aggregate s includes the hash values one, three, and six before the own aggregate, and the three and six previous hash values of the aggregate t.
- all log records are represented by the hash values one, three, and six before the own aggregate, and the three and six previous hash values of the aggregate t.
- Each log record chain (hash chain) is configured. That is, a hash chain is also formed between the aggregate s and the aggregate t.
- the hash chain generated using the method shown in FIGS. 14 and 15 is verified by the method described in the first embodiment and the second embodiment, but the secret key is leaked by the attacker, etc. If the trust point does not exist in the self-assembly, the verification is performed by following the hash chain that connects the trust point existing in the other set and the verification target.
- the fourth embodiment has been described above.
- a hash chain is generated between other aggregates. This increases chain complexity and resistance to attacks. For example, even if a signature is revoked due to leakage of a private key corresponding to a certain aggregate, if the signature of another aggregate is not revoked, the verification is performed by tracing the hash chain from that aggregate. It can be carried out.
- log record generated as a result of this embodiment can also be applied to the high-speed verification of the second embodiment and the information linkage system of the third embodiment.
- the feature of the fifth embodiment is that, in the information inquiry system and the information providing system described in the third example, the log management server is not arranged, but the function that can be shared is used as the log management server. It is a point that it is shared by a plurality of systems, and a part that cannot be shared is arranged in each system as a log management client. Specifically, the log management client has a function of calculating a hash value, and after calculating the hash value of log data, sends the hash value to the log management server. The log management server signs the hash value received from the log management client.
- the log is output at the timing described with reference to FIG. 13 in the third embodiment, and the log record described in the first embodiment and the fourth embodiment is generated.
- the high-speed verification described in the second embodiment is performed.
- FIG. 16 is a block diagram showing an example of a log management system to which the fifth embodiment of the present invention is applied.
- the log management system, the information inquiry system, and the information provision system are connected by a network 103 such as the Internet or a wide area WAN.
- the log management system includes a log management server 101.
- Information inquiry system and information providing system (collectively referred to as "MES system 1203")
- MES 1203 1-1203 2 consists log management client 1601 1 ⁇ 1601 N, connected in the corporate network 1205 1 ⁇ 1205 N Has been.
- FIG. 17 is a block diagram illustrating an example of functional elements of the log management client 1603.
- the log management client 1603 calculates a hash value of the log data from the log data sent from the information linkage apparatus 1203, or issues a verification request to the log management server, and the log data sent from the information linkage apparatus 1203
- Storage unit 1702 that stores information, an input / output unit 1707 that receives input from a user or an administrator, and a communication unit 1708 that receives log data output from the information cooperation apparatus 1203.
- the processing unit 1701 includes a hash value generation unit 1703 that generates a hash value of log data, a signature verification request unit 1704 that makes a verification request to the log management server, and a control unit 1705 that controls them.
- the storage unit 1702 includes a log data holding unit 1706 that stores log data.
- the information inquiry system or the information providing system using the log management system sends each private key to the log management system, and the log management system stores them in the private key / certificate holding unit 209.
- log management client 1603 illustrated in FIG. 17 uses a device as shown in FIG. 4 and a program or hardware having the same function as the log management server 101 and the application server 102 of the first embodiment. Can be realized.
- the information linkage apparatus 1203 transmits log data to the log management client 1601 at the timings of steps 1302, 1310, 1312, 1315, and 1320 (step S1801).
- the log management client that has received the log data stores the log data in the log data holding unit 1706, the hash value generation unit 1703 generates a hash value of the log data (step S1802), and the log management server receives the hash value of the log data. Transmit (step S1803).
- the log management server 101 that has received the hash value of the log data assigns a signature to the log by performing the process of FIG. 6 (step S1804), stores it (step S1805), and responds with the processing result (step S1806). .
- the log management server signs the hash value of the log data sent from the log management client, the log data in the log record 501 is H (M1), and the signature 510 is Sign. (H (M1)
- the log management client 1603 acquires the log data to be verified held in the storage unit 1702, and the hash value generation unit 1703 generates a hash value of the log data (step S1901), and the log management server stores the hash value of the log data. Is transmitted (step S1902).
- the log management server that has received the hash value of the log data searches for a log record including the log data using the received hash value of the log data as a search key (step S1903), and the searched log record is shown in FIG. 9 or FIG. This process is verified (step S1904), and the verification result is returned to the log management client (step S1905).
- the log management client that has received the response confirms that the log data has not been tampered with since the log record including the transmitted hash value exists, and ends the verification.
- the fifth embodiment has been described above.
- the cost of the information inquiry system or the information providing system can be minimized, and the authenticity of log data such as information linkage records can be guaranteed.
- the log management client can reduce the load on the network 103 by calculating the hash value of the log data instead of the log data itself and transmitting it to the log management server.
- log data may be transmitted to the log management server for management.
- the log management client has a secret key storage and signature generation function, and the log management system can only store the signature.
- the log management server may respond to the log management client together with information for identifying the log record such as the data ID 503 and the aggregate ID 1402. Further, when the log management server performs a search, the search may be performed using the identified information.
- the present invention can be applied to a computer or a computer system that verifies data having an expiration date in a digital signature, and is particularly suitable for a computer system that performs a hysteresis signature.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
次に、ハッシュ値比較部205により、ログレコードSyに含まれるハッシュ値H(Sx)とログレコードSxのハッシュ値を計算した値との比較を行い、図6に示したハッシュチェーン601の部分的な検証を行う(ステップ1103)。具体的には、S7に含まれるハッシュ値H(S1)とログレコードS1のハッシュ値を計算した値を比較する。これにより、署名検証部204はログレコードS1が改ざんされていないことを確認する。
次に、署名検証部204は、検証結果と、検証に使用したログレコードのリストをユーザに提示して検証対象のログレコードの検証が終了する(ステップ1108)。検証に使用したログレコードのリストとは、具体的には、S1、S7、S13であり、これらの一連のログレコードのデータID503をユーザに提示する。なお、ユーザは、当該一連のログレコードのデータID503をキーに、ログレコード保持部208から当該一連のログレコードを取得してもよい。
Claims (13)
- プロセッサとメモリを備えた管理計算機にて実施するデータの真正性保証方法において、計算機から受信した第1のデータと前記管理計算機のデータ保持部に保持されている第2のデータから取得した1以上の第2のデータのハッシュ値と、を合わせたデータに対して予め設定された鍵でデジタル署名を付与して第2のデータを生成し、前記生成した第2のデータをデータ保持部に保持する署名生成処理と、前記データ保持部に保持された複数の第2のデータと検証対象の第2のデータをもとに、複数のハッシュチェーンを間欠的に辿って真正性の検証を行う署名検証処理を実施し、
前記署名生成処理は、
前記計算機から第1のデータを受信する第1のステップと、
前記データ保持部に保持されている第2のデータのうち、時系列上の所定の間隔で複数の第2のデータを選択する第2のステップと、
前記選択した複数の第2のデータのハッシュ値をそれぞれ演算する第3のステップと、
前記計算機から受信した第1のデータと、前記選択した複数の第2のデータのハッシュ値と、を合わせて署名対象データを生成する第4のステップと、
前記署名対象データに対して予め設定された鍵でデジタル署名を付与して第2のデータを生成し、前記生成した第2のデータを順次時系列順に前記データ保持部に保持する第5のステップと、
を含み、
前記署名検証処理は、
検証対象の第2のデータを受け付ける第6のステップと、
単独で検証可能な第2のデータを前記データ保持部から取得して検証する第7のステップと、
前記検証対象の第2のデータから、前記単独で検証可能な第2のデータまでを、前記第2のデータから演算したハッシュ値と、当該ハッシュ値を含む第2のデータとを順次比較することで検証を行い、複数ハッシュチェーンを間欠的に辿って検証する第8のステップと、
を含む事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第2のステップは、
前記管理計算機が、時系列上の所定の間隔で1以上の第2のデータを選択する際に、1個前および初項N、公比2、の等比数列である一般項n×2^(p-1)の個数前の第2のデータから選択する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第3のステップは、
前記管理計算機が、複数の第2のデータのハッシュ値をそれぞれ演算する代わりに、演算対象の第2のデータのハッシュ値を含む他の第2のデータをデータ保持部から取得し、当該取得した第2のデータから演算対象の第2のデータのハッシュ値を複製して取得する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第3のステップは、複数の第2のデータのそれぞれの真正性を確認する第9のステップをさらに含み、
前記第9のステップは、複数の第2のデータのそれぞれを検証対象として、前記第6のステップから第8のステップを実行することを特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第8のステップは、
前記検証対象の第2のデータから、前記単独で検証可能な第2のデータまでを、順次比較する際に、第2のデータから演算したハッシュ値と、当該ハッシュ値を含む第2のデータとが一致しなかった場合、または、第2のデータが存在しない場合に、当該ハッシュ値を含む他の第2のデータをデータ保持部から取得して比較対象とし、検証を続行する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第7のステップは、
前記単独で検証可能な第2のデータを選択する際に、複数の単独で検証可能な第2のデータのうち、前記複数のハッシュチェーンを間欠的に辿る回数が最小になる前記単独で検証可能な第2のデータを選択する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第8のステップにおいて、前記複数のハッシュチェーンを間欠的に辿った際に検証に用いた全ての第2のデータを前記管理計算機の利用者に提示する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記管理計算機は、前記計算機を含んで中継システムを構成しており、前記中継システムは、前記計算機から構成される複数の処理システムと接続されており、
前記中継システムを介して、前記複数の処理システムのうちのひとつの処理システムから他の処理システムに、電子データからなる第3のデータを送信する際に、
前記中継システムを構成する前記計算機が、前記第3のデータがある処理システムから他の処理システムに送信された処理の記録を第1のデータとして生成し、前記中継システムを構成する前記管理計算機に送信する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、前記管理計算機が複数の前記計算機と接続され、
前記第1のステップは、
前記複数の前記計算機のうち、いずれの計算機から受信したものかを特定し、
前記第2のステップは、
前記管理計算機が、時系列上の所定の間隔で複数の第2のデータを選択する際に、
前記データ保持部に保持されている第2のデータを前記計算機毎に管理・保持し、前記第1のステップで特定した計算機に対応して別々に管理・保持されている第2のデータを選択し、
前記第5のステップは、
前記管理計算機が、前記生成した第2のデータを順次時系列順に前記データ保持部に保持する際に、前記計算機毎に別々に管理・保持することで、
前記計算機毎に複数ハッシュチェーンを各々構成する事を特徴とするデータの真正性保証方法。 - 請求項9に記載のデータの真正性保証方法であって、
前記第2のステップは、
前記管理計算機が時系列上の所定の間隔で複数の第2のデータを選択する際に、前記第5のステップにより、前記計算機毎に管理・保持されている時系列順の第2のデータより、前記第1のステップで特定した計算機に対応して管理・保持されている第2のデータと、前記特定した計算機以外の計算機に対応して管理・保持されている第2のデータと、を選択する事を特徴とするデータの真正性保証方法。 - 請求項1に記載のデータの真正性保証方法であって、
前記第1のステップにおいて、
前記計算機は、当該計算機が保持する第4のデータのハッシュデータを計算し、前記第4のデータを前記計算機のデータ保持部に保持し、前記ハッシュデータを管理計算機に送信し、前記管理計算機は前記ハッシュデータを第1のデータとして受信し、
前記第6のステップにおいて、
前記計算機は検証対象の第4のデータをデータ保持部から取得し、取得した第4のデータのハッシュデータを計算し、前記ハッシュデータを管理計算機に送信し、前記管理計算機は前記ハッシュデータを第1のデータとして受信する、
事を特徴とするデータの真正性保証方法。 - プロセッサとメモリを備えた管理計算機において、
計算機から受信した第1のデータと、前記管理計算機のデータ保持部に保持されている第2のデータから取得した1以上の第2のデータのハッシュ値と、を合わせたデータに対してあらかじめ設定された鍵でデジタル署名を付与して第2のデータを生成し、前記生成した第2のデータをデータ保持部に保持する署名生成処理と、前記データ保持部に保持された複数の第2のデータと検証対象の第2のデータをもとに、複数のハッシュチェーンを間欠的に辿って真正性の検証を行う署名検証処理を行う制御部を具備し、
前記署名生成処理は、
前記計算機から第1のデータを受信し、
前記データ保持部に保持されている第2のデータのうち、時系列上の所定の間隔で複数の第2のデータを選択し、
前記選択した複数の第2のデータのハッシュ値をそれぞれ演算し、
前記計算機から受信した第1のデータと、前記選択した複数の第2のデータのハッシュ値と、を合わせて署名対象データを生成し、
前記署名対象データに対して予め設定された鍵でデジタル署名を付与して第2のデータを生成し、前記生成した第2のデータを順次時系列順に前記データ保持部に保持し、
前記署名検証処理は、
検証対象の第2のデータを受け付け、
単独で検証可能な第2のデータを前記データ保持部から取得して検証し、
前記検証対象の第2のデータから、前記単独で検証可能な第2のデータまでを、前記第2のデータから演算したハッシュ値と、当該ハッシュ値を含む第2のデータとを順次比較することで検証を行い、複数ハッシュチェーンを間欠的に辿って検証する、
事を特徴とする管理計算機。 - プロセッサとメモリを備えたコンピュータにて実行する、データの真正性保証プログラムを格納した計算機読み取り可能な非一時的な記憶媒体であって、
計算機から受信した第1のデータと、管理計算機のデータ保持部に保持されている第2のデータから取得した1以上の第2のデータのハッシュ値と、を合わせたデータに対してあらかじめ設定された鍵でデジタル署名を付与して第2のデータを生成し、前記生成した第2のデータをデータ保持部に保持する署名生成処理と、前記データ保持部に保持された複数の第2のデータと検証対象の第2のデータをもとに、複数のハッシュチェーンを間欠的に辿って真正性の検証を行う署名検証処理を実行し、
前記署名生成処理の実行は、
前記計算機から第1のデータを受信する手順と、
前記データ保持部に保持されている第2のデータのうち、時系列上の所定の間隔で複数の第2のデータを選択する手順と、
前記選択した複数の第2のデータのハッシュ値をそれぞれ演算する手順と、
前記計算機から受信した第1のデータと、前記選択した複数の第2のデータのハッシュ値と、を合わせて署名対象データを生成する手順と、
前記署名対象データに対して予め設定された鍵でデジタル署名を付与して第2のデータを生成し、前記生成した第2のデータを順次時系列順に前記データ保持部に保持する手順とを含み、
前記署名検証処理の実行は、
検証対象の第2のデータを受け付ける手順と、
単独で検証可能な第2のデータを前記データ保持部から取得して検証する手順と、
前記検証対象の第2のデータから、前記単独で検証可能な第2のデータまでを、前記第2のデータから演算したハッシュ値と、当該ハッシュ値を含む第2のデータとを順次比較することで検証を行い、複数ハッシュチェーンを間欠的に辿って検証する手順とを含む、
事を特徴とするデータの真正性保証プログラムを格納した計算機読み取り可能な非一時的な記憶媒体。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/351,673 US9419804B2 (en) | 2011-10-14 | 2012-10-02 | Data authenticity assurance method, management computer, and storage medium |
JP2013538505A JP5753273B2 (ja) | 2011-10-14 | 2012-10-02 | データの真正性保証方法、管理計算機及び記憶媒体 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011-227308 | 2011-10-14 | ||
JP2011227308 | 2011-10-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013054701A1 true WO2013054701A1 (ja) | 2013-04-18 |
Family
ID=48081758
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2012/075557 WO2013054701A1 (ja) | 2011-10-14 | 2012-10-02 | データの真正性保証方法、管理計算機及び記憶媒体 |
Country Status (3)
Country | Link |
---|---|
US (1) | US9419804B2 (ja) |
JP (2) | JP5753273B2 (ja) |
WO (1) | WO2013054701A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPWO2019058560A1 (ja) * | 2017-09-25 | 2019-11-14 | 三菱電機株式会社 | 制御装置および制御装置システム |
JP2021061576A (ja) * | 2019-10-08 | 2021-04-15 | グラビティ株式会社 | データ管理システム、データ管理方法、データ管理装置、及びデータ管理プログラム |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10193696B2 (en) * | 2015-06-02 | 2019-01-29 | ALTR Solutions, Inc. | Using a tree structure to segment and distribute records across one or more decentralized, acylic graphs of cryptographic hash pointers |
KR101772554B1 (ko) * | 2016-02-02 | 2017-08-30 | 주식회사 코인플러그 | 파일에 대한 노터리 서비스를 제공하고 상기 노터리 서비스를 사용하여 기록된 파일에 대한 검증을 수행하는 방법 및 서버 |
CN107172003B (zh) * | 2016-03-08 | 2020-08-04 | 创新先进技术有限公司 | 一种发布信息的处理方法、装置及信息发布系统 |
GB2548851B (en) * | 2016-03-30 | 2018-07-25 | The Ascent Group Ltd | Validation of the integrity of data |
US10075425B1 (en) * | 2016-08-26 | 2018-09-11 | Amazon Technologies, Inc. | Verifiable log service |
US10311224B1 (en) * | 2017-03-23 | 2019-06-04 | Amazon Technologies, Inc. | Digitally sealing equipment for authentication of components |
CN107124444B (zh) * | 2017-03-28 | 2020-08-04 | 丽水北斗区块链科技有限责任公司 | 一种区块链数据同步的方法和装置 |
JP6818623B2 (ja) * | 2017-04-27 | 2021-01-20 | 株式会社東芝 | 情報処理装置 |
US10728036B2 (en) * | 2017-09-05 | 2020-07-28 | PeerNova, Inc. | Cryptographically linking related events processed across multiple processing systems |
US10803022B2 (en) | 2017-09-08 | 2020-10-13 | ULedger, Inc. | Systems and methods of providing immutable records |
KR102084855B1 (ko) * | 2018-07-31 | 2020-03-04 | 전자부품연구원 | 해쉬체인 생성장치 및 해쉬체인 생성방법 |
DE112018007934B4 (de) | 2018-10-12 | 2024-03-07 | Mitsubishi Electric Corporation | Softwareprüfvorrichtung, softwareprüfverfahren und softwareprüfprogramm |
US11386078B2 (en) * | 2018-12-17 | 2022-07-12 | Sap Se | Distributed trust data storage system |
US10733213B2 (en) * | 2018-12-31 | 2020-08-04 | Iguazio Systems Ltd. | Structuring unstructured machine-generated content |
US11240039B2 (en) * | 2019-06-28 | 2022-02-01 | Intel Corporation | Message index aware multi-hash accelerator for post quantum cryptography secure hash-based signing and verification |
KR102218297B1 (ko) * | 2019-08-01 | 2021-02-24 | 주식회사 블룸테크놀로지 | 원장의 증명 가능 프루닝 시스템 |
KR102408728B1 (ko) * | 2019-10-22 | 2022-06-14 | 한국전자기술연구원 | 연속데이터 기반 무결성 부여 해쉬체인 생성장치 및 해쉬체인 생성방법 |
SG11202010205SA (en) | 2019-11-13 | 2020-11-27 | Alipay Hangzhou Inf Tech Co Ltd | Managing trust points in ledger systems |
JP7323807B2 (ja) * | 2020-01-20 | 2023-08-09 | 富士通株式会社 | 検証方法、プログラム、および情報処理装置 |
WO2020143855A2 (en) | 2020-04-22 | 2020-07-16 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing transaction requests in ledger systems |
EP3837657B1 (en) | 2020-04-22 | 2022-12-07 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing transaction requests in ledger systems |
WO2020143856A2 (en) | 2020-04-22 | 2020-07-16 | Alipay (Hangzhou) Information Technology Co., Ltd. | Managing transaction requests in ledger systems |
US20230033054A1 (en) * | 2021-08-02 | 2023-02-02 | Sap Se | Comparing datasets using hash values over a subset of fields |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001251296A (ja) * | 2000-03-06 | 2001-09-14 | Kddi Corp | メッセージ認証装置 |
JP2003022007A (ja) * | 2001-07-05 | 2003-01-24 | Kddi Corp | ストリーム転送における電子署名方法、システム、プログラム及びプログラムを記録した記録媒体 |
WO2004068350A1 (ja) * | 2003-01-30 | 2004-08-12 | Fujitsu Limited | データ改ざん検出方法、データ改ざん検出装置及びデータ改ざん検出プログラム |
WO2008026238A1 (fr) * | 2006-08-28 | 2008-03-06 | Mitsubishi Electric Corporation | Système de traitement de données, procédé de traitement de données, et programme |
Family Cites Families (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004104750A (ja) | 2002-07-17 | 2004-04-02 | Hitachi Ltd | ディジタル署名の検証方法 |
JP3873603B2 (ja) | 1999-10-22 | 2007-01-24 | 株式会社日立製作所 | ディジタル署名方法および装置 |
JP4626136B2 (ja) | 1999-10-22 | 2011-02-02 | 株式会社日立製作所 | ディジタル署名処理システムおよびディジタル署名生成処理プログラムが記憶された記憶媒体 |
EP1094424A3 (en) | 1999-10-22 | 2004-06-16 | Hitachi, Ltd. | Digital signing method |
US7134021B2 (en) | 1999-10-22 | 2006-11-07 | Hitachi, Ltd. | Method and system for recovering the validity of cryptographically signed digital data |
JP2001331105A (ja) | 2000-02-08 | 2001-11-30 | Hitachi Ltd | 情報の保証方法、およびそのシステム |
JP3899808B2 (ja) | 2000-12-07 | 2007-03-28 | 株式会社日立製作所 | ディジタル署名生成方法およびディジタル署名検証方法 |
US7404080B2 (en) * | 2001-04-16 | 2008-07-22 | Bjorn Markus Jakobsson | Methods and apparatus for efficient computation of one-way chains in cryptographic applications |
JP2003169052A (ja) | 2001-11-30 | 2003-06-13 | Hitachi Ltd | デジタル署名システム |
JP4078454B2 (ja) | 2002-03-22 | 2008-04-23 | 株式会社日立製作所 | ディジタル署名管理方法とディジタル署名処理装置およびプログラムと記録媒体 |
JP4266096B2 (ja) | 2002-03-26 | 2009-05-20 | 株式会社日立製作所 | ファイル保管システムとnasサーバ |
JP4608845B2 (ja) | 2003-02-27 | 2011-01-12 | 株式会社日立製作所 | 署名記録の公開方法 |
JP4316265B2 (ja) * | 2003-03-17 | 2009-08-19 | 株式会社アルバック | 液晶表示パネルの製造方法 |
JP4569118B2 (ja) | 2004-02-05 | 2010-10-27 | 株式会社日立製作所 | 署名検証ログを作成する検証結果記録方法とその装置 |
JP2006229800A (ja) | 2005-02-21 | 2006-08-31 | Nagoya Institute Of Technology | ヒステリシス署名における信頼性向上方法 |
JP4512697B2 (ja) * | 2005-12-01 | 2010-07-28 | 学校法人東京電機大学 | デジタルフォレンジック保全装置 |
US8422682B2 (en) * | 2006-07-14 | 2013-04-16 | Kinamik Data Integrity, S.L. | Method and system of generating immutable audit logs |
US8943332B2 (en) * | 2006-10-31 | 2015-01-27 | Hewlett-Packard Development Company, L.P. | Audit-log integrity using redactable signatures |
JP5053013B2 (ja) * | 2007-09-25 | 2012-10-17 | 京セラ株式会社 | 受信装置、およびストリーム送信装置 |
US8874921B2 (en) * | 2011-06-20 | 2014-10-28 | Guardtime IP Holdings, Ltd. | System and method for generating keyless digital multi-signatures |
-
2012
- 2012-10-02 WO PCT/JP2012/075557 patent/WO2013054701A1/ja active Application Filing
- 2012-10-02 US US14/351,673 patent/US9419804B2/en active Active
- 2012-10-02 JP JP2013538505A patent/JP5753273B2/ja active Active
-
2015
- 2015-05-20 JP JP2015102930A patent/JP5989183B2/ja active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001251296A (ja) * | 2000-03-06 | 2001-09-14 | Kddi Corp | メッセージ認証装置 |
JP2003022007A (ja) * | 2001-07-05 | 2003-01-24 | Kddi Corp | ストリーム転送における電子署名方法、システム、プログラム及びプログラムを記録した記録媒体 |
WO2004068350A1 (ja) * | 2003-01-30 | 2004-08-12 | Fujitsu Limited | データ改ざん検出方法、データ改ざん検出装置及びデータ改ざん検出プログラム |
WO2008026238A1 (fr) * | 2006-08-28 | 2008-03-06 | Mitsubishi Electric Corporation | Système de traitement de données, procédé de traitement de données, et programme |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPWO2019058560A1 (ja) * | 2017-09-25 | 2019-11-14 | 三菱電機株式会社 | 制御装置および制御装置システム |
US10997008B2 (en) | 2017-09-25 | 2021-05-04 | Mitsubishi Electric Corporation | Controller and control system that manages event occurrence history utilizing a flash chain of event history data |
JP2021061576A (ja) * | 2019-10-08 | 2021-04-15 | グラビティ株式会社 | データ管理システム、データ管理方法、データ管理装置、及びデータ管理プログラム |
Also Published As
Publication number | Publication date |
---|---|
JP2015180097A (ja) | 2015-10-08 |
JP5753273B2 (ja) | 2015-07-22 |
US20140298034A1 (en) | 2014-10-02 |
JPWO2013054701A1 (ja) | 2015-03-30 |
JP5989183B2 (ja) | 2016-09-07 |
US9419804B2 (en) | 2016-08-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5989183B2 (ja) | データの署名生成方法、データの署名検証方法及び管理計算機 | |
US11170092B1 (en) | Document authentication certification with blockchain and distributed ledger techniques | |
JP7062838B2 (ja) | ブロックチェーンデータベースにデータをデジタルファイルとして登録する方法 | |
US10846416B2 (en) | Method for managing document on basis of blockchain by using UTXO-based protocol, and document management server using same | |
CN109542888B (zh) | 区块链的数据修改和同步方法、装置、设备及存储介质 | |
US10637669B2 (en) | Data and data lineage control, tracking, and verification | |
JP6853364B2 (ja) | ブロックチェーンベースのデジタル証明書を実装するためのシステム及び方法 | |
EP3345360B1 (en) | Method for storing an object on a plurality of storage nodes | |
EP3255549B1 (en) | Verifiable audit log | |
CN115210741B (zh) | 部分有序的区块链 | |
JP2021512569A5 (ja) | ||
JP2020511018A (ja) | デジタル・マークを生成するためのシステム及び方法 | |
WO2019233615A1 (en) | A method for registration of data in a blockchain database and a method for verifying data | |
Bistarelli et al. | End-to-end voting with non-permissioned and permissioned ledgers | |
CN111753014B (zh) | 基于区块链的身份认证方法及装置 | |
KR102326460B1 (ko) | 원장 시스템에서의 신뢰 포인트 관리 | |
WO2023035477A1 (zh) | 一种基于区块链的文书验真方法 | |
CN111222963A (zh) | 基于区块链的招标信息处理方法及装置 | |
WO2020127428A1 (en) | Method and system for creating and updating an authentic log file for a computer system and transactions | |
US20130268764A1 (en) | Data event authentication and verification system | |
KR102294569B1 (ko) | 블록체인 네트워크를 구축할 수 있는 블록체인 관리시스템 | |
US11343107B2 (en) | System for method for secured logging of events | |
WO2018219425A1 (en) | Method for validating and/or authenticating online curriculum vitae using blockchain distributed ledger technology | |
KR20200095203A (ko) | 전자 문서 관리 방법 및 그 시스템 | |
Truong et al. | Authenticating operation-based history in collaborative systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12840295 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013538505 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14351673 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12840295 Country of ref document: EP Kind code of ref document: A1 |