As an anonymous information providing method (communication method in which an information providing source is hidden) in which an information provider provides information to, for example, a research company which is an information provided destination by utilizing a computer system, while anonymity is maintained, there has conventionally been used a method in general in which a reliability confirming person is set as a third party that verifies an information provider's identification and BBS (stored public information service) for offering public services of stored information is also set, and after the information provider requests the information provider's identification to the reliability confirming person to verify the identification, the information provider transmits the information to the research company via an anonymous communication channel, while in the research company, if it is necessary to specify the information provider after receiving the information from the information provider, inquiry for verifying the identification of the information provider is made to the reliability confirming person, and thus, the information provider can be specified.
In this method, however, difficulty to build a reliable third party causes serious problems on actual operation.
Various proposals and product developments for preserving communication contents from tapping, alteration, or the like of malicious users have been made with the spread of the Internet.
Meanwhile, necessity for hiding not only the communication contents but also the destination or the source is often pointed out. Addresses of the destination and the source can be traced by tapping header information or tracing information on a router through which the information has routed.
Hence, necessity of hiding the header information, such as an IP address or the like, arises, but when a hiding technique, such as encryption or the like, is directly applied to the header, it will become impossible for the information to pass through telecommunication equipment, such as a router and the like. In order to solve such problems, various techniques have been increasingly proposed in these days.
Accordingly, an anonymity communication method using onion routing has been proposed as a devised representative method (Patent Document 1). Hereinafter, this method will be described briefly.
FIG. 1 is a flow chart for explaining the anonymity communication method in which the onion routing is used. Adr1 to AdrN−1 used at each step from S0 to S5 are addresses (destinations) of communication apparatuses (they are hereinafter referred to as servers) in a route for connecting an information provider and an information provided destination. The information providing source is represented as Adr0, while the information provided destination is represented as AdrN.
In this Figure, contents enclosed with parentheses ( ) are encrypted, and each server has a key that can decrypt the encryption within the parentheses ( ). This key is represented as KyJ. It is to be noted that symbols I and J are counters for explaining this flow chart, and are not required for actual communication.
At Step S0, the address (destination) of Adr0 is an address of the information providing source. The information providing source transmits (Adr2 (Adr3 . . . (AdrN) . . . )) which is onion routing information to the server of address Adr1 to be first sent, together with providing information which is desired to be provided to the information provided destination.
In a state of I=N−1 and J=1 which is a first step of Step S1, the destination is the server of the address Adr1, and the Adr1 server has a decryption key Ky1 and decrypts the encryption within the parentheses ( ) using this Ky1 to thereby acquire information indicating that Adr2 is the next destination.
Subsequently, at Step S2, (Adr3 (Adr4 . . . (AdrN) . . . )) which is the next onion routing information is sent to the next Adr2 server, together with the received providing information. Step S3 and Step S4 are a counter addition/subtraction, which is set for explanation of this flow chart, and its determination, respectively.
As described above, the providing information is hereinafter sent to Adr3 and Adr4 sequentially, and is finally transmitted to the apparatus of the address AdrN.
At this time, Adr1 to AdrN are encrypted so as for the decryption keys Ky1 to KyN to decrypt them, respectively. As a result of performing such information transmission, the intermediate server knows only the addresses of its previous and following servers. In order to specify Adr0 of the information providing source, the information must be acquired from all the servers, and as the result, the information providing source is hidden.    Patent Document 1: Japanese Unexamined Patent Publication (Kokai) No. 2004-229071