1. Field of the Invention
The present invention relates to an information processing apparatus, a key update method, and a program.
2. Description of the Related Art
Typically, creators of documents place signatures, seals, or the like (hereinafter, signatures) on the documents in order to prove the creators thereof. The signatures explicitly indicate that the signers are held responsible for the contents of the documents. For paper documents, the creators of the documents sign them manually. For electronic documents, on the other hand, it is difficult to affix stamps to the electronic documents or it is difficult for the signers to manually sign the electronic documents. Thus, a method for attaching data called an electronic signature to an electronic document is commonly used in order to uniquely identify the signer on the basis of the electronic signature. In recent years, various documents have been computerized and the electronic signatures are becoming increasingly important. Under such a situation, electronic-signature resistance to forgery becomes an issue in many cases. Although this is also true for signatures attached to paper documents, the electronic data generally calls for more caution since electronic data can be easily copied.
One example of an electronic signature scheme is the ElGamal signature scheme, which is based on the difficulty of solving the discrete logarithm problem. In the ElGamal scheme, first, a signer generates a signature key for generating an electronic signature and a verification key for verifying the validity of the electronic signature. The signer then makes the verification key publicly available. The signer generates an electronic signature by using the signature key and the electronic document and supplies the electronic signature, together with the electronic document, to a verifier. The verifier then can verify the electronic signature by using the publicly available verification key. In the case of the ElGamal signature scheme, when an attempt is made to generate the signature key or the electronic signature from the verification key, it is necessary to solve the discrete logarithm problem, which is difficult to solve computationally. This is also true for a case in which an attempt is made to generate the signature key from the electronic signature.
However, if the signature key is exposed to a third party for some reason, the third parity can freely forge the electronic signature. Thus, if the signature key is exposed, it is difficult to distinguish between the electronic signature of the true signer and an electronic signature forged by the third parity using the exposed signature key. In the case of a signature attached to an electronic document, it is possible to easily distinguish between a duplicate and the original document, but in the case of electronic data, it is difficult to distinguish between a duplicate and the original document since they are identical. Therefore, measures for invalidating the electronic signature, the signature key, and the verification key are taken at the stage when the signature-key exposure is found out. In this case, the electronic document to which the electronic signature is attached is virtually invalidated as well.
Various systems have been conceived in order to reduce damages resulting from such signature-key exposure. For example, Japanese Patent No. 3640785 discloses a method in which a validity period is set for each signature key and the signature key whose validity period is expired is revoked (see FIG. 21). With the method, if a signature key is exposed, signature keys associated with periods before and after the period associated with the exposed key can be kept valid. Thus, it is not necessary to invalidate an electronic signature generated in a period other than the period associated with the exposed signature key and an electronic document to which the electronic signature is attached. As a result, it is possible to reduce the amount of electronic documents to be invalidated.