WO2013065133A1 - 時刻認証システムおよび時刻認証プログラム - Google Patents
時刻認証システムおよび時刻認証プログラム Download PDFInfo
- Publication number
- WO2013065133A1 WO2013065133A1 PCT/JP2011/075209 JP2011075209W WO2013065133A1 WO 2013065133 A1 WO2013065133 A1 WO 2013065133A1 JP 2011075209 W JP2011075209 W JP 2011075209W WO 2013065133 A1 WO2013065133 A1 WO 2013065133A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- time
- electronic document
- divided data
- server
- time authentication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Definitions
- the present invention relates to a technology for authenticating time, and particularly to a technology effective when applied to a time authentication system and a time authentication program for authenticating the time or time zone when a file or data is created and stored.
- time stamp is given by the information processing apparatus.
- the system time of the information processing apparatus that is the basis of this time stamp is not necessarily accurate, and can be easily changed by a command or the like.
- time authentication is used as a mechanism for proving the creation time of an electronic document (or the time when the electronic document existed at least at this time).
- a user first acquires a hash value of an electronic document that requires time certification, and transmits the hash value to a time authentication provider.
- the authentication provider When receiving the hash value of the electronic document, the authentication provider further generates a hash value from data obtained by combining the hash value and accurate time information using an atomic clock or the like.
- Information obtained by encrypting the hash value with a secret key is transmitted to the user as time stamp information. By verifying that the time stamp information can be decrypted by the time authentication provider's public key, it is proved that the time stamp information was created by the time authentication provider.
- By comparing with the hash value included in the electronic document it is possible to detect falsification of the electronic document and time.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2003-244139
- Patent Document 1 Japanese Patent Application Laid-Open No. 2003-244139
- the time stamp issuing server replies with the electronic signature of the document with the signature generation secret key.
- the terminal device transmits the time-stamped document file and the time stamp verification request message received from the document creation terminal device to the time stamp verification server.
- the time stamp verification server verifies with the signature verification private key and returns a verification result.
- the document creation terminal device verifies the signature, and the terminal device verifies the signature verification result with the signature public key.
- Patent Document 2 Japanese Patent Laid-Open No. 2006-303963
- the time proof system responds to an instruction received from a user and an identity proof data acquisition unit that acquires identity proof data generated based on the information to prove the identity of the information.
- the time proof data generator generates the time proof data based on the observation data obtained as a result of observing the object that changes over time, and the identity proof data and time proof
- a signature data generating unit that generates signature data indicating that the information exists at the time when the object is observed, and an information recording unit that records the signature data in association with the information.
- time authentication mechanism in order to generate time information to be proved, for example, a time information generation mechanism using an atomic clock or a natural phenomenon that changes in real time as time passes is observed.
- an object of the present invention is to provide a time authentication system and a time authentication program that do not require a special mechanism for generating time information and can be easily constructed at low cost.
- a time authentication system includes a plurality of servers having storage devices, and an existence time that is connected to each of the servers via a network, and at least an electronic document is created and exists.
- a time authentication system having a time authentication device to be proved has the following characteristics.
- the time authentication device transmits a divided processing unit that divides the electronic document into a plurality of divided data by a secret sharing method, and transmits the divided data to different servers, and requests a time authentication from a user.
- the divided data corresponding to the received electronic document is collected from each server, and the electronic document is restored by the secret sharing method based on the divided data collected from each server.
- the presence of the electronic document based on a time stamp attached to each of the divided data collected from each of the servers when the electronic document is successfully restored in the restoration processing unit.
- An existence time calculation unit that calculates and outputs the time.
- the server adds the time stamp to the divided data transmitted from the time authentication system and stores it in a storage device.
- the present invention can also be applied to a time authentication program that causes a computer to function as a time authentication device in the time authentication system as described above.
- a special mechanism for generating time information is not required, and the occurrence time of an event such as a specific process or occurrence of an event can be easily performed at a low cost. It is possible to construct a time authentication system that can be proved with a certain degree of accuracy.
- the time authentication system divides a file or data that may require time authentication such as an electronic document into a plurality of divided data by a so-called secret sharing method, Store them in different servers and data centers.
- time authentication of the electronic document becomes necessary, the divided data corresponding to the electronic document is collected from each server and the electronic document is restored by the secret sharing method.
- time authentication that the electronic document existed at a certain time is performed. .
- the secret sharing method is, for example, as described in A. Shamir, “How to Share a Secret”, Communications of the ACM, vol.22 no.11 pp.612-613, 1979. It is a technology that divides important data into non-important data that is meaningless by itself (important data cannot be recovered or guessed). Using this, a mechanism for reducing the risk of information leakage by dividing the original data into divided data (non-critical data) and individually storing or transmitting / receiving them has been proposed.
- the m pieces of divided data are generated from the original data by the secret sharing method at the same timing. It is assumed that the product has not been tampered with. In other words, if the original data cannot be restored from the m pieces of divided data, it is assumed that any of the divided data has been tampered with.
- each of the n pieces of divided data is distributed and stored in different servers and the like, and at that time, each server or the like attaches a time stamp to the divided data.
- the time information used for the time stamp for example, system time set individually in each server or the like is used.
- the time stamp attached to each collected data may differ depending on the server etc. in which each was stored, and it is not necessarily the original data It does not necessarily represent the exact standard time when creating / saving or storing divided data.
- the system time of each device is usually standardized with a certain degree of accuracy by original operation such as periodically synchronizing with other time servers. Measures are taken to correct for time. Accordingly, it is considered that the time stamps attached to the respective divided data also represent the time close to the standard time when the divided data is stored with a certain degree of accuracy. Therefore, in the present embodiment, based on the time stamps attached to the m pieces of divided data collected for restoring the original data, the time at which the original data is considered to exist at least after this point in time. (Hereinafter, it may be described as “existing time”) and the creation / save time of the original data is authenticated.
- FIG. 2 is a diagram showing an outline of an example of proving the existence time of the original data based on the time stamps respectively attached to the plurality of divided data.
- three divided data (410a to 410c) that have been stored with time stamps attached by different servers or the like are collected and arranged in a time series of time stamps.
- the original data is created and saved at least after the time of the latest time stamp (the time stamp attached to the divided data 410b in the example of FIG. 2). It is assumed that it existed.
- the system time is usually corrected with a certain degree of accuracy by operation although it is not necessarily accurate, and all the divided data generated by the secret sharing method are all from the electronic document as the original data. If the electronic document is generated at the same timing and the electronic document can be restored normally from each piece of divided data, the divided data has not been altered, and the restored electronic document is the same as the original. This is the basis of certification.
- the value of k (and n) in the (k, n) threshold secret sharing scheme and the number of servers where n pieces of divided data are distributed and stored are increased, and each piece of divided data is
- statistical processing can detect that the latest time stamp value is an abnormal value and exclude it from the sample. It is also possible to calculate a high existence time.
- the number of divided data is increased, the processing load at the time of secret sharing processing and distributed storage increases. Therefore, the values of k and n parameters should be set appropriately according to the requirements. desirable.
- the secret sharing method is used as a method for generating a plurality of pieces of divided data at the same timing.
- the present invention is not limited to this.
- various application processes that generate and output multiple files by specific processes, software development environment programs that generate multiple types of files when saving or building a project, etc. If multiple data and files are generated at the same timing when an event such as execution of a process or event occurs, the generated files are distributed and stored on multiple servers, etc. Similarly, it is possible to prove the time when the event occurred.
- FIG. 1 is a diagram showing an outline of a configuration example of a time authentication system according to an embodiment of the present invention.
- the time authentication device 100 that proves the existence time for the electronic document 400 and a plurality of servers 200 (servers 200a to 200c in the example of FIG. 1) are connected to each other via a network 300 such as the Internet. And has a configuration capable of communication.
- the time authentication device 100 includes an information processing device such as a PC (Personal Computer) or a portable terminal, for example, and divides an electronic document 400 created / stored by a user into a plurality of divided data 410 by a secret sharing method. In addition to being distributed and stored in each server 200, time authentication is performed on these electronic documents 400 according to an instruction from a user or the like.
- the time authentication device 100 includes, for example, a division processing unit 110, a distributed processing unit 120, a restoration processing unit 130, an existing time calculation unit 140, and an interface unit that are implemented by a software program that runs on an OS (Operating System) (not shown). 150 and so on.
- OS Operating System
- the division processing unit 110 uses, for example, the (k, n) threshold secret sharing method (k ⁇ n) according to a predetermined procedure using the electronic document 400 instructed by the user via the interface unit 150 described later as original data. ) To be divided into n pieces of divided data 410 to be distributed and stored in each server 200.
- the secret sharing algorithm is not particularly limited, and a known method can be used.
- the distributed processing unit 120 transmits, for example, each of the n pieces of divided data 410 generated from the electronic document 400 by the divided processing unit 110 to each server 200 according to a predetermined condition based on the contents of setting information (not shown) to be distributed and stored. At the same time, information relating to which server 200 stores each divided data 410 is recorded in the distribution status 121 and managed.
- the setting information includes, for example, access information (IP address, host name, etc.) for each server 200 that is a distributed storage destination, and a criterion for selecting n servers 200 when there are more than n servers 200. And information such as the priority of the server 200, an ordered list, a rotation method, and the like can be set in advance by a file, a registry, or the like.
- the distribution processing unit 120 when the restoration processing unit 130, which will be described later, restores the electronic document 400, the distribution processing unit 120, based on a request from the restoration processing unit 130, performs predetermined processing based on the contents of the distribution status 121 and the setting information. According to the conditions, m pieces of divided data 410 for restoring the electronic document 400 are collected from each server 200 and transferred to the restoration processing unit 130.
- the setting information includes, for example, divided data 410 from the target server 200 according to criteria, conditions, failures, and the like for selecting the target m servers 200 when m is m or n ⁇ n. It is possible to set in advance a method for determining the server 200 as an alternative in the case where the server cannot be acquired.
- n pieces of divided data 410 cannot be stored in each server 200 when the divided data 410 is distributed and stored due to a failure of the server 200 or the like, or more than k pieces when the divided data 410 is collected. If the data cannot be collected, an error may be returned to the user. Further, when the divided data 410 is transmitted / received to / from each server 200, the time authentication apparatus 100 and each server 200 perform predetermined encryption on the divided data 410 to transmit / receive information. The risk of leakage may be further reduced.
- the restoration processing unit 130 may use k or more, which is the number necessary to restore the electronic document 400 that is instructed by the user to use reference, editing, or time authentication via the interface unit 150.
- the divided data 410 is requested and acquired from the distributed processing unit 120. Further, the electronic document 400 is restored from the obtained k or more pieces of divided data 410 by, for example, the (k, n) threshold secret sharing method according to a predetermined procedure.
- the existence time calculation unit 140 calculates an existence time when it is considered that an event subject to time certification has occurred.
- the electronic document 400 is present at least on the time authentication device 100 based on each piece of divided data 410 ( Calculate the time considered to have been generated or stored.
- Various methods for calculating the existence time are conceivable, but in the present embodiment, for example, the latest one of the time stamps attached to each divided data 410 by the method shown in FIG. 2 described above.
- the time of the thing is calculated and set as the existence time. At this time, various statistical processes may be performed to improve accuracy. Moreover, you may make it give width as a time slot
- the interface unit 150 has a user interface such as a screen display in the time authentication apparatus 100 and an input / output function such as data transmission / reception.
- the user can use the function of the time authentication device 100 by using, for example, a file management screen of a general OS.
- the user moves the electronic document 400 to a specific folder or the like by a simple operation such as drag and drop.
- the division processing unit 110 and the distribution processing unit 120 automatically divide the electronic document 400 into n pieces of divided data 410 as original data, and each server 200 without making the user aware of each piece of divided data 410. It can be distributed and stored securely.
- the electronic document 400 is deleted from the time authentication device 100 and, for example, a dummy file corresponding to the electronic document 400 is created and left on the file management screen so that the user is not conscious. May be.
- the user performs operations such as referencing and editing the electronic document 400 by operating the dummy file of the electronic document 400 managed in a specific folder on the file management screen.
- the distributed processing unit 120 and the restoration processing unit 130 automatically generate m (k ⁇ m ⁇ n) electronic documents 400 corresponding to the dummy file from each server 200.
- Corresponding divided data 410 is collected and the electronic document 400 can be restored and made available to the user.
- the user can request time authentication for the electronic document 400 by operating the dummy file of the electronic document 400 or the like. That is, using the time authentication request for a dummy file or the like as a trigger, the divided data 410 is collected from each server 200 in the same manner as described above, and the electronic document 400 is restored. Further, the existence time calculation unit 140 calculates the existence time based on each divided data 410 and outputs the result, thereby obtaining time authentication for the electronic document 400.
- the time authentication device 100 which is an information processing device such as a PC or a portable terminal, performs processing such as division and restoration of the electronic document 400 by the secret sharing method, distributed storage in each server 200, and the like. Although these processes are performed, these processes may be collectively executed on a specific server such as a file server that stores the electronic document 400.
- the server 200 is an information processing apparatus having a storage device such as an HDD (Hard Disk Drive) (not shown) that can store the divided data 410 transmitted from the time authentication apparatus 100.
- a storage device such as an HDD (Hard Disk Drive) (not shown) that can store the divided data 410 transmitted from the time authentication apparatus 100.
- a file server such as a file server, a storage server, etc. Consists of.
- the data center which has these information processing apparatuses may be sufficient. Further, it may be a virtual server or a virtual data center by a cloud computing service.
- the system time of each server 200 is appropriately corrected by operation.
- the system time is corrected by periodically synchronizing with a time server or the like.
- a time stamp is added when the divided data 410 is stored in the storage device. This time stamp may be added by processing of a normal file system, or may be added separately to the header of the divided data 410 or the like.
- FIG. 3 is a diagram showing an outline of an example of processing when the electronic document 400 is stored and time authentication is performed on the electronic document 400.
- the division processing unit 110 converts the electronic document 400 into a plurality of secret documents using the secret sharing method.
- the data is divided into divided data 410 (S02). For example, the data is divided into n pieces of divided data 410 by the (k, n) threshold secret sharing method.
- the distributed processing unit 120 transmits n pieces of divided data 410 to each of n different servers 200 determined based on a predetermined rule (S03).
- FIG. 3 shows an example in which the divided data 410 is transmitted to each of the server A (200a) and the server B (200b).
- Each server 200 that has received the divided data 410 adds a time stamp based on the system time to the received divided data 410 and stores it in a storage device (S04), and returns the processing result to the time authentication device 100.
- the distributed processing unit 120 determines whether all the n pieces of divided data 410 have been normally stored in the server 200 (S05). Here, if any one of the n pieces of divided data 410 could not be stored normally, an error may be notified to the user via the interface unit 150. At this time, the series of processes described above may be rolled back. Even if there is divided data 410 that has not been normally stored, if the storage of k or more pieces of divided data 410 is completed normally, the electronic document 400 can be restored, so that no error occurs. It may be.
- a dummy file corresponding to the electronic document 400 may be generated. Further, the electronic document 400 and the divided data 410 generated by the division processing unit 110 may be deleted from the storage device of the time authentication device 100.
- the restoration processing unit 130 is designated.
- the distributed processing unit 120 is requested to acquire m pieces (m ⁇ k) of divided data 410.
- the distributed processing unit 120 identifies the server 200 that stores the divided data 410 generated from the target electronic document 400 based on the distribution status 121, setting information (not shown), and the like, and uses the divided data 410 for each server. It collects from 200 (S11).
- Each server 200 that has received the request to acquire the divided data 410 acquires the corresponding divided data 410 from the storage device and transmits it to the time authentication device 100 (S12).
- the distributed processing unit 120 determines whether or not the number m ′ of the divided data 410 that can be normally collected is k or more necessary for restoring the electronic document 400 (S13). ).
- an error may be notified to the user via the interface unit 150.
- the restoration processing unit 130 restores the electronic document 400 from the collected m ′ pieces of divided data 410 by the (k, n) threshold secret sharing method (S14). . At this time, it is determined whether or not the electronic document 400 has been successfully restored (S15). When a part of the divided data 410 is falsified, the original data cannot be restored normally by the secret sharing method. Therefore, the divided data 410 is not falsified because it has been restored normally. It can be proved that the electronic document 400 is the same as the original.
- the existence time calculation unit 140 calculates the existence time for the electronic document 400 (S16).
- the time of the latest one of the time stamps attached to the respective divided data 410 used for the restoration of the electronic document 400 is calculated, and the electronic document 400 exists at least after that time. This is regarded as having been present, and this is the existing time.
- This existence time value may be output to the user via the interface unit 150, for example, or may be added to the electronic document 400 as an authenticated time stamp.
- the electronic document 400 is divided into a plurality of divided data 410 by the secret sharing method, and these are distributed and stored in different servers 200, respectively. To do.
- the time stamp given by each server 200 is the latest among the divided data 410.
- the time of the object is the existence time of the electronic document 400.
- the electronic document 400 is divided into divided data 410, which is non-important data that does not make sense by itself, and is securely stored, while the electronic document 400 can be simply and inexpensively stored with a certain degree of accuracy. Proof can be made.
- the time of creation and storage of the electronic document 400 is not limited to the case of authenticating with the time stamps of a plurality of divided data 410 generated by secret sharing, and a plurality of data at the same timing.
- the generated files are distributed and stored in a plurality of servers 200, etc. It is possible to prove based on the time stamp attached to the file.
- the present invention can be used for a time authentication system and a time authentication program for authenticating the time or time zone when a file or data is created and stored.
- Time authentication system DESCRIPTION OF SYMBOLS 100 ... Time authentication apparatus, 110 ... Division processing part, 120 ... Distributed processing part, 121 ... Distributed condition, 130 ... Restoration processing part, 140 ... Presence time calculation part, 150 ... Interface part, 200 (200a-c) ... server, 300 ... Network, 400: electronic document, 410 (410a to c): divided data.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
図1は、本発明の一実施の形態である時刻認証システムの構成例について概要を示した図である。時刻認証システム1は、電子文書400に対して存在時刻を証明する時刻認証装置100と、複数のサーバ200(図1の例ではサーバ200a~c)とがインターネット等のネットワーク300を介して互いに接続され通信可能な構成を有する。
図3は、電子文書400を保管してこれに対する時刻認証を行う際の処理の例について概要を示した図である。時刻認証装置100において、インタフェース部150を介してユーザから保管対象(すなわち時刻認証の対象)の電子文書400を受領すると(S01)、分割処理部110により、電子文書400を秘密分散法により複数の分割データ410に分割する(S02)。例えば、(k,n)閾値秘密分散法により、n個の分割データ410に分割する。
100…時刻認証装置、110…分割処理部、120…分散処理部、121…分散状況、130…復元処理部、140…存在時刻算出部、150…インタフェース部、
200(200a~c)…サーバ、
300…ネットワーク、
400…電子文書、410(410a~c)…分割データ。
Claims (5)
- 記憶装置を有する複数のサーバと、
前記各サーバとネットワークを介して接続され、同じタイミングで複数のデータが生成される事象が少なくとも発生していたとみなされる存在時刻を証明する時刻認証装置とを有する時刻認証システムであって、
前記時刻認証装置は、
前記事象の発生の際に同じタイミングで生成された複数の前記データを、それぞれ異なる前記サーバに送信し、また、ユーザから時刻認証の要求を受けた前記事象に対応する前記データを、前記各サーバから収集する分散処理部と、
前記各サーバから収集した前記各データに付されているタイムスタンプに基づいて、前記事象に係る前記存在時刻を算出して出力する存在時刻算出部とを有し、
前記サーバは、
前記時刻認証システムから送信された前記データに対して前記タイムスタンプを付した上で記憶装置に保管することを特徴とする時刻認証システム。 - 記憶装置を有する複数のサーバと、
前記各サーバとネットワークを介して接続され、電子文書が少なくとも作成され存在していたとみなされる存在時刻を証明する時刻認証装置とを有する時刻認証システムであって、
前記時刻認証装置は、
前記電子文書を秘密分散法により複数の分割データに分割する分割処理部と、
前記各分割データを、それぞれ異なる前記サーバに送信し、また、ユーザから時刻認証の要求を受けた前記電子文書に対応する前記各分割データを、前記各サーバから収集する分散処理部と、
前記各サーバから収集した前記各分割データに基づいて前記秘密分散法により前記電子文書を復元する復元処理部と、
前記復元処理部において前記電子文書が正常に復元できた場合に、前記各サーバから収集した前記各分割データに付されているタイムスタンプに基づいて、前記電子文書に係る前記存在時刻を算出して出力する存在時刻算出部とを有し、
前記サーバは、
前記時刻認証システムから送信された前記分割データに対して前記タイムスタンプを付した上で記憶装置に保管することを特徴とする時刻認証システム。 - 請求項1または2に記載の時刻認証システムにおいて、
前記時刻認証装置の前記存在時刻算出部は、
前記各サーバから収集した前記各データもしくは前記各分割データに付されている前記タイムスタンプのうち最も遅いものの時刻を前記存在時刻とすることを特徴とする時刻認証システム。 - 請求項1~3のいずれか1項に記載の時刻認証システムにおいて、
前記時刻認証装置の前記存在時刻算出部は、
前記各サーバから収集した前記各データもしくは前記各分割データに付されている前記タイムスタンプについて、所定の統計処理を行って前記存在時刻を算出することを特徴とする時刻認証システム。 - 記憶装置を有する複数のサーバと、
前記各サーバとネットワークを介して接続され、電子文書が少なくとも作成され存在していたとみなされる存在時刻を証明する時刻認証装置とを有する時刻認証システムにおいて、前記時刻認証装置としてコンピュータを機能させる時刻認証プログラムであって、
前記電子文書を秘密分散法により複数の分割データに分割する分割処理と、
前記各分割データを、それぞれ異なる前記サーバに送信して保管し、また、ユーザから時刻認証の要求を受けた前記電子文書に対応する前記各分割データを、前記各サーバから収集する分散処理と、
前記各サーバから収集した前記各分割データに基づいて前記秘密分散法により前記電子文書を復元する復元処理と、
前記復元処理において前記電子文書が正常に復元できた場合に、前記各サーバから収集した前記各分割データに前記サーバによって付されているタイムスタンプに基づいて、前記電子文書に係る前記存在時刻を算出して出力する存在時刻算出処理とを実行することを特徴とする時刻認証プログラム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012521896A JP5368637B1 (ja) | 2011-11-01 | 2011-11-01 | 時刻認証システムおよび時刻認証プログラム |
US13/635,046 US20140229738A1 (en) | 2011-11-01 | 2011-11-01 | Timestamping system and timestamping program |
PCT/JP2011/075209 WO2013065133A1 (ja) | 2011-11-01 | 2011-11-01 | 時刻認証システムおよび時刻認証プログラム |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2011/075209 WO2013065133A1 (ja) | 2011-11-01 | 2011-11-01 | 時刻認証システムおよび時刻認証プログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013065133A1 true WO2013065133A1 (ja) | 2013-05-10 |
Family
ID=48191527
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/075209 WO2013065133A1 (ja) | 2011-11-01 | 2011-11-01 | 時刻認証システムおよび時刻認証プログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20140229738A1 (ja) |
JP (1) | JP5368637B1 (ja) |
WO (1) | WO2013065133A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013179569A (ja) * | 2012-01-30 | 2013-09-09 | Seiko Instruments Inc | データ証明システムおよびデータ証明サーバ |
JP2016115036A (ja) * | 2014-12-12 | 2016-06-23 | エヌ・ティ・ティ・ソフトウェア株式会社 | データ格納制御装置、データ格納制御方法、及びプログラム |
CN114422114A (zh) * | 2021-12-08 | 2022-04-29 | 河南大学 | 基于多时间服务器的时控性加密方法和系统 |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10063374B2 (en) | 2015-05-31 | 2018-08-28 | Massachusetts Institute Of Technology | System and method for continuous authentication in internet of things |
CN108616556B (zh) * | 2016-12-13 | 2021-01-19 | 阿里巴巴集团控股有限公司 | 数据处理方法、装置和系统 |
US10419225B2 (en) | 2017-01-30 | 2019-09-17 | Factom, Inc. | Validating documents via blockchain |
US10411897B2 (en) | 2017-02-17 | 2019-09-10 | Factom, Inc. | Secret sharing via blockchains |
US20180260889A1 (en) * | 2017-03-10 | 2018-09-13 | Factom | Sourcing Mortgage Documents via Blockchains |
US20180268504A1 (en) * | 2017-03-15 | 2018-09-20 | Factom | Indexing Mortgage Documents via Blockchains |
US10817873B2 (en) | 2017-03-22 | 2020-10-27 | Factom, Inc. | Auditing of electronic documents |
US10685399B2 (en) | 2017-03-31 | 2020-06-16 | Factom, Inc. | Due diligence in electronic documents |
US10270599B2 (en) | 2017-04-27 | 2019-04-23 | Factom, Inc. | Data reproducibility using blockchains |
US10783164B2 (en) | 2018-05-18 | 2020-09-22 | Factom, Inc. | Import and export in blockchain environments |
US11134120B2 (en) | 2018-05-18 | 2021-09-28 | Inveniam Capital Partners, Inc. | Load balancing in blockchain environments |
US11170366B2 (en) | 2018-05-18 | 2021-11-09 | Inveniam Capital Partners, Inc. | Private blockchain services |
US11328290B2 (en) | 2018-08-06 | 2022-05-10 | Inveniam Capital Partners, Inc. | Stable cryptocurrency coinage |
US11164250B2 (en) | 2018-08-06 | 2021-11-02 | Inveniam Capital Partners, Inc. | Stable cryptocurrency coinage |
US11044095B2 (en) | 2018-08-06 | 2021-06-22 | Factom, Inc. | Debt recordation to blockchains |
US11620642B2 (en) | 2018-08-06 | 2023-04-04 | Inveniam Capital Partners, Inc. | Digital contracts in blockchain environments |
US11989208B2 (en) | 2018-08-06 | 2024-05-21 | Inveniam Capital Partners, Inc. | Transactional sharding of blockchain transactions |
US11695783B2 (en) * | 2018-08-13 | 2023-07-04 | Ares Technologies, Inc. | Systems, devices, and methods for determining a confidence level associated with a device using heuristics of trust |
US11824882B2 (en) * | 2018-08-13 | 2023-11-21 | Ares Technologies, Inc. | Systems, devices, and methods for determining a confidence level associated with a device using heuristics of trust |
US11582044B2 (en) * | 2019-06-17 | 2023-02-14 | Mahboud Zabetian | Systems and methods to timestamp and authenticate digital documents using a secure ledger |
US11444749B2 (en) | 2020-01-17 | 2022-09-13 | Inveniam Capital Partners, Inc. | Separating hashing from proof-of-work in blockchain environments |
US12008526B2 (en) | 2021-03-26 | 2024-06-11 | Inveniam Capital Partners, Inc. | Computer system and method for programmatic collateralization services |
US12007972B2 (en) | 2021-06-19 | 2024-06-11 | Inveniam Capital Partners, Inc. | Systems and methods for processing blockchain transactions |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005159961A (ja) * | 2003-11-28 | 2005-06-16 | Ntt Comware Corp | 電子情報配信方法及び電子情報配信システム |
JP2007287028A (ja) * | 2006-04-19 | 2007-11-01 | Nec Infrontia Corp | 警備用データ管理システムおよび警備用データ管理方法 |
JP2010198349A (ja) * | 2009-02-25 | 2010-09-09 | Ntt Docomo Inc | データ暗号化システム、通信機器、及びデータ暗号化方法 |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5347579A (en) * | 1989-07-05 | 1994-09-13 | Blandford Robert R | Personal computer diary |
US5923763A (en) * | 1996-03-21 | 1999-07-13 | Walker Asset Management Limited Partnership | Method and apparatus for secure document timestamping |
US8868914B2 (en) * | 1999-07-02 | 2014-10-21 | Steven W. Teppler | System and methods for distributing trusted time |
US6823456B1 (en) * | 1999-08-25 | 2004-11-23 | International Business Machines Corporation | System and method for providing trusted services via trusted server agents |
US20050160272A1 (en) * | 1999-10-28 | 2005-07-21 | Timecertain, Llc | System and method for providing trusted time in content of digital data files |
US6993656B1 (en) * | 1999-12-10 | 2006-01-31 | International Business Machines Corporation | Time stamping method using aged time stamp receipts |
US7412462B2 (en) * | 2000-02-18 | 2008-08-12 | Burnside Acquisition, Llc | Data repository and method for promoting network storage of data |
US20050071283A1 (en) * | 2000-05-25 | 2005-03-31 | Randle William M. | Quality assured secure and coordinated transmission of separate image and data records representing a transaction |
FR2811848A1 (fr) * | 2000-07-13 | 2002-01-18 | Thomson Multimedia Sa | Systeme, procede et dispositif d'horodatage et de verification de la validite d'horodate dans un environnement de diffusion numerique |
JP2003244139A (ja) * | 2002-02-20 | 2003-08-29 | Amano Corp | 電子文書に対するタイムスタンプ押印システム、及び、そのプログラム媒体 |
US7373664B2 (en) * | 2002-12-16 | 2008-05-13 | Symantec Corporation | Proactive protection against e-mail worms and spam |
US20040236950A1 (en) * | 2003-05-20 | 2004-11-25 | Norman Carte | Method for digitally timestamping documents |
GB2404296A (en) * | 2003-07-23 | 2005-01-26 | Sony Uk Ltd | Data content identification using watermarks as distinct codes |
US7702909B2 (en) * | 2003-12-22 | 2010-04-20 | Klimenty Vainstein | Method and system for validating timestamps |
JP2006268149A (ja) * | 2005-03-22 | 2006-10-05 | Toshiba Corp | スキャナ装置およびこのスキャナ装置を備えた文書管理システム |
JP2006303963A (ja) * | 2005-04-21 | 2006-11-02 | Internatl Business Mach Corp <Ibm> | 情報を管理するシステム、方法およびプログラム |
US7543173B2 (en) * | 2005-08-02 | 2009-06-02 | Hewlett-Packard Development Company, L.P. | Timestamp generator |
JP4622811B2 (ja) * | 2005-11-04 | 2011-02-02 | 株式会社日立製作所 | 電子文書の真正性保証システム |
JP4089742B2 (ja) * | 2006-10-13 | 2008-05-28 | 富士ゼロックス株式会社 | 文書管理システムおよび文書廃棄装置 |
JP2008097517A (ja) * | 2006-10-16 | 2008-04-24 | Matsushita Electric Ind Co Ltd | 文書管理システム |
US7958367B2 (en) * | 2007-05-30 | 2011-06-07 | Hitachi, Ltd. | Authentication system and apparatus |
US7516186B1 (en) * | 2008-04-01 | 2009-04-07 | International Business Machines Corporation | Thread based view and archive for simple mail transfer protocol (SMTP) clients devices and methods |
US7904450B2 (en) * | 2008-04-25 | 2011-03-08 | Wilson Kelce S | Public electronic document dating list |
JP5344460B2 (ja) * | 2008-09-29 | 2013-11-20 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 編集装置、編集プログラム、および編集方法 |
JP2012170047A (ja) * | 2011-01-28 | 2012-09-06 | Sony Corp | 情報処理装置、情報処理方法、及びプログラム |
-
2011
- 2011-11-01 WO PCT/JP2011/075209 patent/WO2013065133A1/ja active Application Filing
- 2011-11-01 US US13/635,046 patent/US20140229738A1/en not_active Abandoned
- 2011-11-01 JP JP2012521896A patent/JP5368637B1/ja not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005159961A (ja) * | 2003-11-28 | 2005-06-16 | Ntt Comware Corp | 電子情報配信方法及び電子情報配信システム |
JP2007287028A (ja) * | 2006-04-19 | 2007-11-01 | Nec Infrontia Corp | 警備用データ管理システムおよび警備用データ管理方法 |
JP2010198349A (ja) * | 2009-02-25 | 2010-09-09 | Ntt Docomo Inc | データ暗号化システム、通信機器、及びデータ暗号化方法 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013179569A (ja) * | 2012-01-30 | 2013-09-09 | Seiko Instruments Inc | データ証明システムおよびデータ証明サーバ |
JP2016115036A (ja) * | 2014-12-12 | 2016-06-23 | エヌ・ティ・ティ・ソフトウェア株式会社 | データ格納制御装置、データ格納制御方法、及びプログラム |
CN114422114A (zh) * | 2021-12-08 | 2022-04-29 | 河南大学 | 基于多时间服务器的时控性加密方法和系统 |
CN114422114B (zh) * | 2021-12-08 | 2023-08-11 | 河南大学 | 基于多时间服务器的时控性加密方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2013065133A1 (ja) | 2015-04-02 |
US20140229738A1 (en) | 2014-08-14 |
JP5368637B1 (ja) | 2013-12-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5368637B1 (ja) | 時刻認証システムおよび時刻認証プログラム | |
EP3345360B1 (en) | Method for storing an object on a plurality of storage nodes | |
CN108076057B (zh) | 一种基于区块链的数据保全系统及方法 | |
US7822206B2 (en) | Systems and methods for management and auto-generation of encryption keys | |
EP3631668B1 (en) | High integrity logs for distributed software services | |
US11599431B2 (en) | Database optimized disaster recovery orchestrator | |
EP3679686B1 (en) | Managing blockchain-based centralized ledger systems | |
US20080069341A1 (en) | Methods and systems for strong encryption | |
CN110770729B (zh) | 用于证明虚拟机完整性的方法和设备 | |
US20200169425A1 (en) | Trusted timestamping | |
WO2021042246A1 (en) | Managing blockchain-based centralized ledger systems | |
CN102947795A (zh) | 安全云计算的系统和方法 | |
US11003523B2 (en) | Database optimized disaster recovery testing | |
JPWO2017033442A1 (ja) | 情報処理装置、認証システム、認証方法、並びにコンピュータ・プログラム | |
US12013972B2 (en) | System and method for certifying integrity of data assets | |
JP2019079280A (ja) | ファイル検証装置、ファイル移行システムおよびプログラム | |
JP6063321B2 (ja) | サーバ装置およびハッシュ値処理方法 | |
JP2011205234A (ja) | タイムスタンプ付与システム、タイムスタンプ付与方法、タイムスタンプ付与プログラム | |
Noman et al. | Hardware-based DLAS: Achieving geo-location guarantees for cloud data using TPM and provable data possession | |
US11930121B2 (en) | Blockchain index tracking | |
US20210365341A1 (en) | Ledger-based device health data sharing | |
JP6072584B2 (ja) | サーバ装置およびプログラム管理方法 | |
JP6284301B2 (ja) | 保守作業判定装置および保守作業判定方法 | |
JP2007096413A (ja) | パケット記録支援装置、パケット記録支援方法、及びパケット記録支援プログラム | |
IIPS et al. | Reliable and enhanced third party auditing in cloud server data storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2012521896 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13635046 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11875204 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/08/2014) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11875204 Country of ref document: EP Kind code of ref document: A1 |