1. Field of the Invention
The present invention relates to a folder type time stamping system and a distributed time stamping system that enable to prove that digital documents are not altered since a time of the time stamp and definitely existed at a time of the time stamp in a service for time stamping digital documents.
2. Description of the Background Art
Under the first to invent system of the U.S. patent practice, it is possible to use a dated research notebook as an evidence for establishing the priority date, and a date housekeeping book can be used as a record of disbursement for the final income tax return, for example. On the other hand, in conjunction with the increasing utilization of a PC on a daily basis, it has become popular to keep a daily record such as the research notebook and the housekeeping book by using a PC.
However, in the case of electronic digital records made on a PC, it has been difficult to prove the recorded content including the recorded date and time to a third person because such electronic digital records can be altered easily, unlike the records using papers as recording medium.
In this regard, there has been a proposition of a service for time stamping digital documents using a personal date/time notary device as disclosed in U.S. Pat. No. 5,422,953. In this personal date/time notary device, a time stamping device is incorporated into a smart card or the like and the time stamping is carried out at a time of the digital signature.
There has also been a proposition of a public/key date-time notary facility as disclosed in U.S. Pat. No. 5,001,752 and U.S. Pat. No. 5,136,643, in which a time stamping device is provided as a single hardware platform such that a document creator can carry out the time stamping using that device.
Both of these propositions are based on a scheme where a document creator carries out the time stamping so that the time stamp can be easily forged and there is no reliability as they do not amount to a proof by a third party.
There has been a proposition of an electronic notary as disclosed in U.S. Pat. No. 5,022,080, in which the time stamping is carried out by producing a compressed document using CRC (Cyclic Redundancy Check), parity and checksum for the original document in combination. For the compressed document produced in this scheme, it is easier to forge a digital document that has the same compressed document, compared with a compressed document produced by the hash function (such as MD5 or SHA-1, for example) that is currently widely used as the cryptographic technique.
There has also been a proposition of a digital document time-stamping scheme as disclosed in U.S. Pat. No. 5,136,646 and U.S. Pat. No. 5,136,647, in which a time stamp certificate is produced independently by an external time stamping agency. In this time stamping scheme, the external agency can easily forge the certificate.
In order to remedy these problems, there has been a proposition of a scheme for producing a time stamp certificate by digitally signing a compressed document obtained by applying a hash function to a digital document in which a received time stamping request is combined with an immediately previously issued time stamp certificate of the external agency. In this scheme, it is practically impossible for the external agency to forge the time stamp certificate, but the order among different rounds (constant periods for issuing time stamp certificates) cannot be verified.
Also, in order to prove that the time stamp certificate is authentic, the certificates issued up to that point will be necessary. Namely, it is impossible to prove the time stamp certificate as authentic unless either all the time stamp certificates issued by the external agency or those time stamp certificates that are necessary in tracing back to the value of the time stamp certificate at a time of the periodic public disclosure are stored. For this reason, the system requires an enormous memory capacity and an enormous amount of time in proving the authenticity.
Currently, the IETF (Internet Engineering Task Force) is in a process of standardizing a protocol in which a digital document compressed by the hash function is sent to an external agency, and a time stamp certificate is produced for this compressed digital document at the external agency. This proposed scheme already has a problem that it is impossible to eliminate a possibility for forging the time stamp certificate and a possibility for a malicious third party who is not permitted to acquire the time stamp certificate to illegally acquire the time stamp certificate.
On the other hand, Japanese Patent Application No. 11-35761 (1999) discloses a time-stamping device in which a single time stamping agency has partial secret keys that are equivalent to subdivided secret keys of the public key cryptosystem, and each partial signing agency which is a third party agency generates a partial signature independently, rather than generating a digital signature at a single time stamping agency, such that the forgery of the time stamp certificate by the time stamping agency is prevented.
In this time stamping device, it is possible to prove the existence of a digital document at high reliability by regularly producing a document creation log at a client side who wishes to utilize the time stamping agency, and producing a time stamp certificate regarding that document creation log at the time stamping agency.
Also, on the server side, the secret key of the time stamping device is distributed in division among a plurality of digital signature units and each digital signature unit generates a digital signature independently, in order to eliminate a possibility of having the secret key stolen that is present in the case where the external time stamping agency generates a digital signature using a single secret key, and a possibility of forging the time stamp of the past time by the conspiracy of the digital document author and the external time stamping agency.
In this way, it is possible to operate the external time stamping agencies to provide a safe and reliable time stamping service in which there is no risk of having the secret key stolen and the forgery of the time stamp is impossible unless the time stamping agency is in conspiracy with all the parties for generating digital signatures. Also, there is no need to store the time stamp certificates issued in the past at all, so that it is possible to reduce a required memory capacity considerably compared with the above described conventional method.
However, in the case where distributed time stamping agencies are to carry out the time stamping and generate the digital signature independently by using partial secret keys with respect to the same digital document, it is impossible to verify the digital signatures by using the public key corresponding to the distributed secret keys unless all the time stamping agencies attach the exactly identical time to the digital document before generating the digital signatures.