In recent years, the Extensible Markup Language (XML) has come into wide use as a language which describes compatible data in a structured manner.
The following documents are considered:                (Non-Patent Document 1) D. Eastlake, J. Reagle, and D. Solo. ‘XML-Signature Syntax and Processing’. W3C Recommendation [online], 2002 [retrieved on 2003 Dec. 26]. Retrieved from the Internet: <URL: http://www.w3.org/TR/xmldsig-core>.        (Non-Patent Document 2) D. Eastlake and J. Reagle. ‘XML Encryption Syntax and Processing’. W3C Recommendation [online], 2002 [retrieved on 2003 Dec. 26]. Retrieved from the Internet: <URL: http://www.w3.org/TR/xmlenc-core>.        (Non-Patent Document 3) M. Hughes, T. Imamura, and H. Maruyama. ‘Decryption Transform for XML Signature’. W3C Recommendation [online], 2002 [retrieved on 2003 Dec. 26]. Retrieved from the Internet: <URL: http://www.w3.org/TR/xmlenc-decrypt>.        (Non-Patent Document 4) J. Barton, S. Thatte, and H. Nielsen. ‘SOAP Messages with Attachments’. W3C Note [online], 2000 [retrieved on 2003 Dec. 26]. Retrieved from the Internet: <URL: http://www.w3.org/TR/SOAP-attachments>.        
Technologies have been proposed to create a digital signature for data described in the XML (see Non-Patent Document 1), and a technology to encrypt data described in the XML (see Non-Patent Document 2).
For example, according to the technology in Non-Patent Document 1, a device on the digital signature verifying side can receive an input of information in which target data for digital signing and information concerning the digital signing (e.g., signature algorithm, value of a signature, key used for verification or the like of the signature, or the like) are combined as a single piece of data. The device can also receive an input of information in which the target data for digital signing and the information concerning the digital signing are separately provided. For example, the device can receive an input of information in which the target data for digital signing and the information concerning the digital signing are recorded on different Multipurpose Internet Mail Extension (MIME) parts. In this case, the information concerning the digital signing may have a pointer to the target data for digital signing, and may include information for designating the procedure for digital signature verification.
According to the technology in Non-Patent Document 2, a device which decrypts encrypted data can receive an input of information in which target data for encryption and information concerning the encryption (e.g., encryption algorithm, key used for decryption, or the like) are combined as a single piece of data. The device can also receive an input of information in which the target data for encryption and the information concerning the encryption are separately provided. In this case, the information concerning the encryption may have a pointer to the target data for encryption, and may include information for designating the procedure for decryption.
With the recent spread of computer networks and the like, not only information which has gone through processing of digital signing or encryption for only once, but also information which has gone through processing of digital signing or encryption for several times has been increasingly used. In this case, generally, all the digital signatures can be verified and the plaintext can be obtained only when digital signature verification, or decryption, is performed in reverse order to the processings performed when the plaintext was digitally singed or encrypted. Therefore, it is necessary for a sender of information or the like to correctly inform a receiver of the information or the like about the processing order in digital signing or encryption.
Hitherto, there has been proposed a method of properly managing the processing order in digital signing or encryption, as described in Non-Patent Document 3 for example. According to this technology, every time a device on the sending side executes processing of digital signing or encryption, the device records identification information on other processing of digital signing or encryption which has been already executed at the point when the digital signing or encryption in question is executed, while associating the identification information with information concerning the digital signing or encryption in question. Prior to executing digital signature verification or decryption, a device on the receiving side, among all the digital signatures or encrypted data created for target information, verifies the digital signatures or decrypts the encrypted data excluding a digital signature or encrypted data created by the processing indicated by the identification information recorded in association with the information concerning the digital signing or the like in question.
Non-Patent Document 4 will be described later. However, according to the technology in Non-Patent Document 3, the device on the receiving side requires, as input information, information for identifying processing of digital signing or encryption (hereinafter, referred to as encryption information). Accordingly, when the encryption information and the encryption target information are separately provided, the device cannot receive, as an input, only the encryption target information without receiving the encryption information. This will be described in more detail below.
FIG. 13 shows an example in which a digital signature has been created for attachment data. Specifically, the attachment data shown on the 38th to 48th lines are described in conformity with the SOAP attachment stated in Non-Patent Document 4. Moreover, the data shown on the 21st to 30th lines indicate information concerning the digital signature. More specifically, the text on the 23rd line indicates that target information for digital signing is the attachment data on the 38th to 48th lines. The text on the 25th line indicates a program for decrypting encrypted data based on the encryption information included in the target information for digital signing, prior to the verification of the digital signature. This program is, for example, a program for implementing the device on the receiving side according to the technology in Non-Patent Document 3.
FIG. 14 shows an example in which attachment data has been encrypted. The text on the 33rd to 37th lines indicates encryption information. The text on the 50th line indicates the attachment data encrypted. Here, the attachment data in FIG. 14 is encrypted after a digital signature for this attachment data has been created. Accordingly, it is necessary to decrypt the attachment data prior to the verification of the digital signature. However, a program designated by the text on the 25th line refers to the target information for encryption shown on the 45th to 52nd lines because an ID designated by the text on the 23rd line coincides with an ID on the 48th line. Therefore, the encryption information shown on the 33rd to 37th lines cannot be detected properly. As described above, conventionally, when encryption target information and encryption information are separately provided, proper decryption of encrypted data or proper verification of a digital signature cannot be executed.