The present invention relates to an electronic signature key control method which can update the contents of a key for electronic signature without limiting issuance of electronic signatures, an offer of various services based on the electronic signatures or the like, and to a system suitable for carrying out such a key control method.
Here, the electronic signature represents an electronic signature for proving the identity of a user by using a key peculiar to the user.
For example, in a party (or a society) where members are identified by membership cards, it is quite important for the running of the party to make it possible to mutually evaluate the legitimacy of the membership cards among the members. Recently, it has been attempted that a membership card is issued in the form of a high-security medium, such as an IC card, so as to be an electronic identification card which can be possessed only by a member, or issued as a member register certificate (electronic identification card) or an electronic ticket, which is difficult to be forged, using an electronic signature technique.
The member register certificate, the electronic ticket or the like (referred to as xe2x80x9cmember register certificatexe2x80x9d for convenience in the following description) is required to make it possible not only to evaluate genuineness of the contents, but also to correctly confirm that a person using the member register certificate is a genuine member. Therefore, it has been carried out, using an electronic signature which can be produced only by the genuine member, to confirm whether the member register certificate is forged, or whether a person having the member register certificate is a right member.
In the electronic signature, an encryption technique based on a public key system is normally utilized. Specifically, a given member register organization executes electronic signatures using its own secret key (signature key), and distributes a public key (confirmation key) corresponding to the signature key to all the members. When authenticating the electronic signature, each member confirms the electronic signature using the confirmation key.
Since the confirmation key itself does not include information showing that it is a legitimate public key of the member register organization, it is necessary to confirm the legitimacy of the confirmation key separately in advance.
In the foregoing public key system, one of the grounds for security relies on the large calculation amount upon decoding. Accordingly, it leads to lowering of the security to continue using the same signature key and confirmation key over a long period of time, so that it is preferable to update each key at every given time period. Therefore, in general, it has been that the signature key can be updated periodically and, thereupon, each member can obtain the confirmation key updated synchronously with the updating of the signature key.
As a means for procuring the updated confirmation key, it is considered that the member register organization distributes the new confirmation key to all the members simultaneously. It is also considered to register the new confirmation key at a given public key certificate issuing center.
In the latter case, the public key certificate issuing center signs signature object data using its own secret key (center secret key) to obtain a public key certificate, and properly distributes this public key certificate to the members. The members distributed with it confirm the electronic signature using a public key (center public key) of the public key certificate issuing center notified in advance.
When a certain member wishes a third party to confirm a member register certificate of his/her own, the member acquires a public key certificate and attaches the acquired public key certificate to the member register certificate. This makes it possible at the side confirming an electronic signature to easily confirm the legitimacy of a new public key of the member register organization.
The public key certificate is not necessarily always attached to the electronic signature, and it is sufficient to attach it only once when a signature key and a confirmation key are updated.
When a certain member transmits a member register certificate to another member through on-line, it may be omitted to attach a public key certificate for reducing the data amount upon the transmission. In this case, the public key certificate is acquired at the side of a receiver member.
In any case, when using a public key certificate, it is necessary for a member utilizing a member register certificate or a member confirming the member register certificate to access the public key certificate issuing center so as to obtain the public key certificate every time a confirmation key is updated.
As described above, when the signature key is updated, any of the following actions is carried out between the member register organization and the member or between the members:
(1) The member register organization distributes a new confirmation key to all the members;
(2) When a certain member first uses a member register certificate, a public key certificate is acquired and attached;
(3) A public key certificate is properly acquired at the side of a member confirming an electronic signature.
However, in the foregoing three cases, the following problems are caused, respectively:
In the case (1), when the member register organization performs a key updating process, since all the users simultaneously access the member register organization to acquire a new confirmation key, corresponding processes are concentrated to a system provided at the side of the member register organization so that an operation of the system may become unstable. Particularly, when the number of the members is quite large, it is necessary to stop issuance of member register certificates after the updating of the key until the new key has been distributed to all the users.
In the case (2), the data amount upon transmission/reception is increased, and a time for acquiring the public key certificate is additionally required. Further, if the public key certificate is forged, a false center public key is distributed, and thus, the risk relies on security of a center public key in the public key certificate issuing center.
In the case (3), a member confirming an electronic signature, for example, a member which offers some service after confirming a member register certificate of a certain member, acquires a public key certificate after reception of the member register certificate of the certain member. Therefore, when the certain member first requests confirmation of the member register certificate after the updating of the key, the other member has to limit the offering of service until acquiring the public key certificate and confirming the member register certificate. For on-line accessing the public key certificate issuing center or the member register organization to Immediately acquire the public key certificate, the communication cost increases correspondingly.
As described above, there have been such disadvantages that an operation of some of the systems is adversely affected or the service utilization by the members is limited every time the signature key is updated.
It is an object of the present invention to provide an electronic signature key control method with no such disadvantages, and a system suitable for carrying out such a key control method.
A key control method of the present invention which accomplishes the foregoing object is characterized by preparing a plurality of keys whose contents are updated periodically at mutually different times; switching the plurality of keys one by one per switching cycle shorter than an updating cycle of each key; and using the switched key as a signature key for electronic signature. It is effective for facilitating the key updating that the foregoing switching cycles are set to, for example, the same time length with respect to all the keys.
Another key control method of the present invention is characterized by dividing an updating period of each of a plurality of keys, whose contents are updated periodically at mutually different times, into three periods; setting first and third divided periods as preliminary periods and an intermediate divided period as a use period for using as a signature key for electronic signature; and switching the use periods of the respective keys so as to continue in time with each other but not to overlap with each other.
Another key control method of the present invention is characterized by preparing a first key updated periodically and a second key updated periodically at different times as compared with the first key; using either of the first and second keys as a signature key for electronic signature by alternately switching them per switching cycle shorter than an updating cycle of each key; making public in pair a third key which is updated synchronously with an updating time of the first key and becomes a confirmation key when the first key is the signature key, and a fourth key which is updated synchronously with an updating time of the second key and becomes a confirmation key when the second key is the signature key; and offering the third and fourth keys for confirming the electronic signature. In this case, a use termination time may be added to each of the third and fourth keys.
The foregoing updating cycle is set to no longer than a time period derived by subtracting an effective term of an electronic signature produced based on the corresponding key from an average time over which security of the corresponding key can be ensured.
Another key control method of the present invention comprises a step of preparing M (M represents a natural number greater than one) signature keys updated periodically at mutually different times, and making public M confirmation keys at the same time, the M confirmation keys updated synchronously with updating times of the signature keys, respectively; a step of executing an electronic signature with respect to given signature object data by selecting one of the prepared M signature keys per cycle shorter than an updating cycle of the corresponding signature key in a given order; and a step of confirming the electronic signature using one of the M confirmation keys made public.
Each of the foregoing key control methods can be carried out by an electronic signature key control system comprising a key holding means for holding a plurality of keys to be used as signature keys for electronic signature; a key updating means for cyclically updating the contents of the plurality of keys at mutually different times; and a signature means for reading out the key, whose contents were updated by the key updating means, from the key holding means according to a given rule, and executing an electronic signature with respect to given signature object data using the read-out key as the signature key.
A key control system comprising a key holding means for holding a first key and a second key which are used as signature keys for electronic signature; a key updating means for updating the contents of the first key and the second key in the same cycle at mutually different times; and a signature means for reading out the key, whose contents were updated by the key updating means, from the key holding means according to a given rule, and executing an electronic signature with respect to given signature object data using the read-out first or second key as the signature key, is also preferable for carrying out each of the key control methods of the present invention.
It is preferable that the foregoing key control system further comprises a key holding means for holding a third key which is updated synchronously with the first key and becomes a confirmation key when the first key is the signature key, and a fourth key which is updated synchronously with the second key and becomes a confirmation key when the second key is the signature key, wherein when the electronic signature is carried out using the first or second key, the third and fourth keys are made public at the same time.
The present invention further provides an electronic signature authentication system which, upon receiving an electronic signature and confirmation keys, can judge whether the electronic signature in question is legitimate.
This authentication system is characterized by comprising a signature receiving means for receiving an electronic signature produced with one of M (M represents a natural number greater than one) signature keys, and M confirmation keys which are updated synchronously with updating the M signature keys including the signature key used for the electronic signature; and a signature confirming means for confirming the received electronic signature with one of the M confirmation keys, wherein the electronic signature confirmed by the signature confirming means is judged to be legitimate.
It may be arranged that the signature receiving means receives a plurality of electronic signatures produced with signature keys, updated at different times, of M signature keys, and M confirmation keys which are updated synchronously with updating the M signature keys including the signature keys used for the electronic signatures. When the confirmation is achieved by this authentication system, it is easily seen that the electronic signature in question is produced at least at the key control system of the present invention.