This application relates to Japanese Patent Application Reference Nos. 11-301216 filed Oct. 22, 1999, 2000-081712, filed Mar. 17, 2000 and 2000-313123, filed Oct. 06, 2000, which will be soon filed as a U.S. Patent Application corresponding thereto, and the disclosures of which are incorporated herein by references for all purposes.
This application also relates to Japanese Patent Application Reference Nos. 2000-035631, filed Feb. 08, 2000, 2000-081713, filed Mar. 17, 2000 and 2000-313122, filed Oct. 06, 2000, which will be soon filed as a U.S. Patent Application corresponding thereto, and the disclosures of which are incorporated herein by references for all purposes.
The present invention relates to a technology for guaranteeing the legitimacy of multimedia data.
Digital signature technology provides a function corresponding to conventional signatures for electronic digitized data such as documents (also referred to as multimedia data).
In digital signature technology, a digital signature generator applies a private key, which the generator keeps secret, to a digitized data (hereinafter referred to as message) M to be signed or a hash value thereof, a hash value being a characteristic value for the message (also referred, to as a compression value or message digest). From this, a digital signature A for the message M is generated. The digital signature A is then added to the message M and made public. A digital signature verifier compares the message M or the hash value thereof to the result obtained from applying a public key corresponding to the private key to the digital signature A added to the message M. If the two do not match, the message M may have been tampered with after the digital signature A was generated. Thus, if the two do match, it confirms that the digital signature A was generated for the message M.
There is also a technology known as timestamping that uses digital signatures to guarantee that a message existed at a certain point in time. In this technology, a digital signature is generated for data formed by combining the message and the current time information. This guarantees that the message existed at that particular time.
A xe2x80x9cthreshold signaturexe2x80x9d technology has been proposed to allow operations to continue safely even if some devices have been rendered unusable due to malfunctions or the like. In this technology, a plurality of entities work together to generate a signature. If a fixed number of entities are available, a signature can be generated, but otherwise it will not be possible to correctly generate a signature.
Furthermore, a technology has been developed that prevents improper acts such as cases where the digital signature generator himself tampers with the message, generates a new digital signature, and replaces the original message and the digital signature.
In this technology, the digital signature generator generates a digital signature An for a message Mn by applying a private key, which is kept secret, to: the message Mn to be signed or a hash value thereof; data relating to the generation of a digital signature Anxe2x88x921; and time data. As a result, the digital signature An+1 generated after the digital signature An will reflect data relating to the previously generated digital signature An. If the digital signature generator himself tampers with the Mn, generates a new digital signature An, and uses these to replace the original message Mn and the digital signature An, there will be an inconsistency with the digital signature An+1.
The technology to prevent the improper act described above does not take into account the technology in which a plurality of devices work together to generate signatures. The combination of these technologies is desirable.
The present invention provides a technology that reliably prevents improper acts even when a plurality of devices work together to generate digital signatures.
the present invention also provides a method in which previously generated signatures are reflected and in which not all devices are needed when generating signatures.
the present invention also provides a technology that reliably prevents improper acts even if the data relating to the generation of the digital signature An and used in generating the digital signature An+1 is lost for some reason.
In other words, if a section of signature data forming a chain is lose, the present invention provides a method or a system for guaranteeing the sequential relationship between the signature data with the exception of the lost data.
the present invention also provides service system that uses the method described above and the devices used therein or a program that functionally implements the functions thereof.
Accordingly to the present invention, when signatures are generated with a plurality of devices, at least one signature generating device exists that is involved in consecutive signature generating operations.
More specifically, data involved in a signature generated by the plurality of devices and which is used in the generation of the next signature is stored in all the signature generating devices whether or not they were involved in generating the signature. This data can also be shared by being stored in a safe place and being accessible in a secure manner by all the signature generating devices.
With this implementation, no matter what combinations of signature generating devices are used to generate a signature, these signature generating devices will hold data relating to the previous signature generating operation.
Also, the present invention can be formed so that when a signature is generated, a plurality of data relating to previously generated signatures is used so that the chain (sequential relations) between individual signatures can be confirmed. As a result, if part of the chain cannot be confirmed due to data loss, the presence of an unauthorized party, or the like, the other links can be confirmed so that disrupting the chain of signatures extending from the past to the present is made difficult.
According to the present invention, techniques, including a method and system, for generating digital signatures using n devices and for verifying the digital signatures are provided.
In one embodiment of the present invention provides a method for sequentially generating digital signatures using n devices, each of the devices equipped with signature generator.
The method includes: generating a history data j when generating a j-th digital signature (jxe2x89xa71); storing, in m devices (1xe2x89xa7mxe2x89xa7n) out of the n devices involved in an i-th digital signature generating operation, the history data j; and generating an i-th digital signature i using at least one of the L (1xe2x89xa6L less than i) stored history data j1-jL.
In the method, the history data j may be either digital signature j generated by the j-th signature generating operation or data used when generating the digital signature j generated by the j-th signature generating operation.
In the method, the history data j may be generated in one of the m devices involved in an i-th digital signature generating operation.
In further embodiment of the present invention, the method for generating digital signatures may include: sending a most recent stored history data to mxe2x88x921 other devices; selecting most recent history data from m units of history data, formed from mxe2x88x921 units of history data sent by the mxe2x88x921 other devices and a most recent history data stored locally; and using the most recent history data as one of history data used when generating the i-th digital signature.
In further embodiment of the present invention, the history data j may be generated on one of the n-m devices, and the method may include: sending, in at least one device of the n-m devices, the history data j to the m devices; and storing, in the m devices, the sent history data.
In the method, a history data (ixe2x88x921) and at least one history data k (k less than ixe2x88x921) may be used as history data used in the step for generating a new i-th digital signature.
In further embodiment of the present invention, the method for generating digital signatures may include: generating an ixe2x80x2-th digital signature ixe2x80x2 (ixe2x80x2xe2x89xa0i, ixe2x80x2 greater than j) using the history data used in said step of generating an i-th digital signature.
In another embodiment of the present invention provides a method for verifying digital signatures generated by using the method for generating digital signatures.
The method includes: confirming that, when verifying the digital signature i, use of a plurality of history data, each of the history data used in the step for generating an i-th digital signature, satisfies a predetermined rule.
In the method for verifying digital signatures, the predetermined rule may be that all of the plurality of history data is used in the step for generating the i-th digital signature.
In the method for verifying digital signatures, the predetermined rule may be defined during system operation, during signature generation, or during signature verification.
In another embodiment of the present invention provides a method for verifying digital signatures generated by using the method for generating digital signatures.
The method includes: confirming that, when verifying the digital signature i, use of a history data i in at least one step for generating digital signature h(h greater than i), the history data i is generated in a step for generating the digital signature i, satisfies a predetermined rule.
In the method for verifying digital signatures, the predetermined rule may be that the history data i is used in all of the steps for generating digital signature h.
In the method for verifying digital signatures, the rule may be defined during system operation, during signature generation, or during signature verification.
These and other benefits are described throughout the present specification. A further understanding of the nature and advantages of the invention may be realized by reference to the remaining portions of the specification and the attached drawings.