This application claims priority of PCT/JP00/00121, filed Jan. 13, 2000.
This invention relates to a safe security method in recording or exchanging electronic information, especially an inquiry process for confirming mutual electronic information maintaining the same content each other when the both parties should retain the same information in exchange of the electronic information or in electronic commerce.
Many computers are connected to communications networks for forming computer systems in recent years, and each computer may be accessed by many uncertified persons through the communications networks. Therefore, the electronic information recorded in the external memory storage of the computer such as hard disk devices may be falsified by others having no rights. Alterations may be occurred by accidents without willfulness of others, and also even the parties may commit falsification or forgery of the information.
Thus, important contents should be always doubted whether the electronic information recorded in the apparatus maintains truth or not. In electronic commerce, problems may occur afterwards when someone has transactions believing an altered electronic information changed by an accident, willful, or fault which records the contracting condition agreed by each other.
To avoid such problems, it is required to confirm agreement of the content of the records held by the both parties as the occasion demands. For confirming agreement of the electronic information held by both parties, it is enough to exchange the electronic information each other and to compare the received information with the information maintained. However, it is preferable to avoid letting full of the electronic information run in the communications channels for preventing from leakage of the information to others, when secrecy of the information is required.
When there is a difference between the contents recorded by each other, it comes into question which is true and it might become a futile discussion. It is desirable to be judged by a neutral third party such as a notary public or an authentication authority etc. If full of the information runs through the channels for judgment of genuineness of the information, the information may be stolen along the communications channels. And high ability and long time for processing are required as well as congestion occurs in the communications channels because of a vast quantity of the running information. Especially, an authentication authority or a database center who has to communicate with many customers through the communications channels, has such disadvantages that the equipment cost rises high and also number of the customers are restricted.
Therefore, it is an object of the invention to provide an inquiry system for confirming the identity of the information retained in each other by exchanging only a part of the electronic information.
It is another object of the invention to provide an inquiry system for confirming the genuineness of the electronic information retained by one self by asking only small parts of the information deposited in an authentication party.
It is a further object of the invention to provide an inquiry system for obtaining a genuine electronic information by putting together the information furnished from the authority who retained only a part of the electronic information and the information held by one""s self which is the other part of the electronic information.
According to the electronic information inquiry method of this invention, the parties concerned as a reference, or a collator divides the recorded electronic information into more than one information element, and selects some elements from the divided ones for a transmittal information block. Furthermore, the reference generates division/selection data recorded with the dividing manner into the information elements, the generating manner of the transmittal information block and the selected information elements. Then the reference sends the transmittal information block and the division/selection data to the inquirer who requests the collation.
A division/selection data is necessary data for dividing and combining to form the transmittal information block, and the division/selection data is transmitted with the transmittal information block. The division/selection data includes information of location, length and so on, as well as a sum check data of the individual information elements included in the transmittal information block. The division/selection data may be accompanied with each of the information elements. The information elements may be relocated with a random order in the information block. The transmittal information block may be formed with more than one information block, and the individual information blocks may be transmitted separately.
The inquirer receives the transmittal information block or blocks and the division/selection data, divides the electronic information file recorded in his device according to the division/selection data, replaces the parts by the transmittal information located corresponding to their locations, and rearranges and integrates the information elements according to the division/selection data in order to retrieve the information content.
A transmittal information block is formed by combining some elements arbitrarily selected from the discretely divided information elements. Therefore, even a part of any information block includes some portion relating to any part of the whole information. The transmittal information blocks are not available unless they are retrieved as like a paper media treated by a shredder. Therefore, the transmittal information is safe because anyone without a retrieving means cannot utilize the information blocks as a useful information.
When the information recorded by the inquirer is not agree with the information recorded in the reference, the information content which is retrieved from the inquirer""s electronic information file partly replaced with the information elements in the transmittal information block is seldom or never equal to the information content recorded by the inquirer, even though the different part of the information is not transmitted.
Especially when information elements which are formed by dividing the electronic information at arbitrary physically defined points are used, it is impossible to know its content by obtaining some of the divided information elements. Even if there is very little difference between the both information, at least some information elements have a difference because the later part of the information differs from each other. Therefore, a meaningful content cannot be obtained by replacing with information elements in the transmittal information block to retrieve the whole information, so that it is easily made sure if there is difference unless comparing the retrieved information with the original.
The both parties commonly may store the same division/selection algorithm, so that the both parties may obtain the same division/selection meanings if the same argument is applied. This manner makes simpler the division/selection data to be transmitted, and the argument itself unusable by a person who does not know the algorithm. A numerical value relating to the time of inquiry may be used as the argument. When the argument functions as a time stamp, time of alteration can be roughly estimated because the time of collation may be confirmed by each other. The argument may be selected corresponding to the address of reference. The address settles the law which the contract should conform. Thus, the inquiry method of the invention prevents a dispute with regard to the result of the contract, because the parties confirm and agree with each other the contract content, place and time of the conclusion, and so on.
As described above, according to the method of this invention, transmission of very little portion of information to be collated makes sure of the equality of the inquirer""s information to the reference""s information. And the danger to leak the information as meaningful information during communication is decreased.
Moreover, the method of the invention requires little capacity of the communication channel for collation and little capacity of the calculating ability, so that an organization having a large number of collations such as a certification office may simplify its facilities and enforce its handling ability.
When the electronic information inquiry method of this invention is applied to written contracts, there are less burdens for communication and treating facilities and less dangers to leak the content, of contract to the third parties, because an electronic information file is to be exchanged which includes very little portion of the contract arranged in subtraction order or rearranged in random order, and moreover they can confirm if the recorded content of the contract maintains the same original content.
When a system is used in which a third organization such as a certificate authority or a notary office certificates sameness of the electronic information in order to eliminate disputes among the parties concerned, the third organization holds the whole content of the contract and, according to the method of this invention, the organization forms the transmittal information block and transfers it at request of collation, so that small quantity of information is to be sent and load of the communication path may be decreased. And also the organization may hold only the first transmittal information block and collate them through the first made division/selection data. In this case, the third organization may work by maintaining very small amount of information.
Furthermore, the party concerned, the other party and/or the third party may share separate portions of the divided electronic information, and utilize the information on demand by transmitting the portion to each other and combining them. For example, a card records a part of a certification information is recorded and an authentication authority records the other part of the information, and when the first party inquires the authentication authority for collation, the authority sends the rest part of the information to the first party and the first party combines his held information and the sent information to retrieve the complete certification information, and the first party can confirm truth of a provided certificate by comparing with the retrieved information.
When the above-described method is applied to cipher keys or cryptograms, the third parties cannot embezzle the information because they cannot retrieve the original information unless he holds the part of the information which the first party shares and thus the information running on the communications channels has no value.
Sellers of Software can use the method of this invention to check change of the contents during on-line transmitting their programs and to periodically check alteration programs and databases delivered to their users. They can execute the checks very effectively because very little portion of the electronic information even though the programs or databases are vast enough.
Furthermore, using the method of this invention, miller information of the miller servers can be confirmed to be equal to the one in the original server by exchanging only a small portion of the information.
The method of this invention may be used as electronic check system. The bank issues an electronic checkbook to its client by transmitting one part of the check issue information which is divided in two parts, and the bank holds the remaining part of the information.
When the client uses the electronic check in a virtual shopping mall, the shop inquires the bank if the information on the received check is true. The bank sends the remaining information other than the check holds to the shop, and then the shop can confirm the truth of the check by combining the information in the electronic check and the information in the bank. In other way, the shop sends the bank the information in the check and the bank confirms truth of the information. Thus, highly reliable electronic checks may be utilized by exchanging only very small quantity of information. The client can carry a card recorded with the electronic check and use it in a real shop.
The inquiry system of this invention can be used in patient""s medical sheets. The patient holds a card recorded with a part of his medical information. When he sees a doctor in a journey, for example, the doctor inquires the remaining part of the medical information to the hospital which made the medical sheet and combines the received information with the recorded information in the card to complete the full medical information for the new doctor to consult it.
According to the above-mentioned inquiry system for medical information, even though a rather large portion of the medical information is recorded in a portable card, other persons cannot know the patient""s secret because they cannot recognize the contents by seeing the card""s information. A permitted doctor retrieves the full record gathering the most part from the card and rather small part from a person who made the medical information through the communications channel. Thus, it is an advantage of the system to decrease quantity of communication. And according to this inquiry system for medical information, the doctor may select the proper medical treatment after confirming the true holder of the card.
Furthermore, according to the inquiry system of the invention, it is not required to flow a privacy of the patient through communications channels, so that the hospitals using electronic medical sheets can operate the system through usual information terminals connecting communication networks without fearing invasion of patients"" privacy.
The second electronic information inquiry system of this invention is characterized that an electronic information is divided in two parts, an inquirer and a reference hold one part and the rest of the part respectively, the inquirer sends his held part of the information to the reference, the reference combines his held part of the information and the received part to conform a full body of electronic information, the reference checks if the combined information is the same as the original one and sends the check result to the inquirer.
Even in a case the inquirer or the reference does not keep the original electronic information as it was, one can easily recognize that the information fragments held each other originate from the same electronic information, by combining both of the information fragments for retrieval according to the invention, and checking if the retrieved electronic information has a meaningful content.