The present invention relates to a traceability verification system, a method and a program for the same, and more specifically to a system for enabling verification, while maintaining a configuration of a supplier confidential in a supply chain, and a verifying method and a program for the same.
Traceability is known as a technique that can trace a supply chain, which is a targeted object, by associating a plurality of objects. The supply chain here is an operational flow such as acquisition/manufacturing/sales/distribution of materials and parts from acquisition of materials to delivery the materials to the end user acknowledged as a big supply chain.
For example, when a plurality of parts are combined to manufacture a certain product, traceability technique can trace where the parts of the product are provided from, what kinds of process contributed to manufacture the product by the signature or the like. In order to realize traceability of the traceability technique, methods for effectively manage or trace data such as parts or a process history to be traced are developed. The signature here is a certificate indicating a source of goods or a product.
However, by realizing traceability, there is a possibility that information the supplier originally never wanted to make known may be discovered in the tracing process. Therefore, an approach for applying a group signature (D. Chaum, E. van Heijst, “Group Signature”, Ad canves in Cryptology—EUROCRYPTO '91, pp. 257-265, Springer-Verlag, 1991) to a group which should be kept confidential and authenticating the group, while preventing a secret from being leaked, is considered.
As an example for applying a group signature to prevent a secret form being leaked, an anonymous authentication system of Japan Published Unexamined Patent Application No. 2004-320562 is known. With this system, a group signature is applied as an authentication basis for providing a service for an authenticated user without letting individual information known to a service provider. This system is appropriate for a scenario where members to be verified, service users, are not associated with each other and the member to be verified wants to protect his/her privacy and also wants to certify that he/she has an authority to use the service, and a scenario where a member administrator who manages all users of the group members has a high management authority.