1. Field of the Invention
The present invention relates to an electronic document processing system and, more particularly, to a technique for production and authentication of a digital signature which is added to electronic document data.
2. Description of the Related Art
For example, in the case where an electronic mail system is used and one document is sequentially circulated from a drafter to a plurality of persons concerned and an approval for the contents of the document is obtained from each person concerned, in order to make it possible to find out whether or not an illegal alteration has been executed in the correspondence relation between the approved document contents and the signature of the approver during the circulation or after the circulation, there has been known an application of "digital signature" which is obtained by enciphering digest data (hash total) derived by performing a hash total process to the document data and personal data of the approver.
As a technique for verifying validity of such a kind of electronic document data, for example, various kinds of techniques such as a technique disclosed in Japanese literature "Cryptography and Information Security", edited by Shigeo Tsujii and Masao Kasahara, published by Shokodo, pages 127 to 147 and the like have conventionally been proposed.
FIG. 14 shows an example of an authenticating method of an electronic document using a digital signature.
Reference numerals 10A to 10C denote terminals having the function to mutually communicate through a network. The user (signatory A) of the terminal 10A drafts a document 1301. A message in a form in which a digital signature SA of the signatory A was added to the document 1301 is transmitted to the terminal 10B. When the user (signatory B) of the terminal 10B approves the contents of the received document 1301, a message in a form in which a new digital signature SB of the signatory B was added to the document 1301 as to follow the digital signature SA which had been received from the terminal 10A is transmitted to the next terminal 10C on the document circulating route. There is now shown the operation in the case where the user C of the terminal 10C verifies the validities of the digital signatures SA and SB added to the above documents.
In the terminal 10A, the digital signature SA is formed in the following manner. First, a hash total of the document data 1301 is obtained by using a predetermined hash function 1302a as a one way function. Signature data 1303a is constructed by a hash total of the document data thus obtained and personal information (for example, data such as a name of the signatory A or the like) of the signatory A which was inputted from a keyboard. A digital signature SA: 1306a is obtained by enciphering (encipher process 1305a) the signature data 1303a by using a secret key 1304a of the signatory A.
In a manner similar to the digital signature SA of the signatory A, the digital signature SB of the signatory B in the terminal 10B is obtained by executing an encipher process 1305b using a secret key 1304b of the signatory B to signature data 1303b which is constructed by a hash total of the document 1301 obtained by using the same hash function 1302b as the hash function 1302a and the personal information of the signatory B.
The validities of the digital signatures 1306a and 1306b in the terminal 10C are verified in the following manner. First, the signature data 1303a and 1303b are obtained by executing decipher processes 1308a and 1308b using public keys 1307a and 1307b of the signatories A and B to the digital signatures 1306a and 1306b, respectively. After that, the hash total of the received document 1301 is produced by using the predetermined hash function 1302c same as the hash functions 1302a and 1302b and is compared with hash totals of the documents included in the signature data 1303a and 1303b (check functions 1309a and 1309b).
Since the above system uses a public key cryptosystem the digital signature can be formed by only the person himself who knows the secret key and a safety can be maintained.
In the case where a document is circulated to a plurality of persons and each person makes a signature indicating that he approves or verifies the contents of the document at each circulating destination location, there is a case where during the circulation, somebody needs to perform a partial change of the document contents such as addition of a comment, correction of wrong words, or the like. There is also a document such that a writing column for each division is previously provided in the document and the document is completed by circulating it to a plurality of divisions to fill up these column.
As mentioned above, by applying the above conventional digital signature to the document whose contents are changed during the circulation, the hash total of the document which is obtained by deciphering one of the digital signatures added to the original or former version before the contents are changed during the circulation does not coincide with the hash total produced from the document data of the latest version.
Therefore, in the case where the final verifier of the document or the signatory on the way of the circulation executes an authenticating operation to the digital signature added to the document by the method used for the terminal C, there is an inconvenience such that in spite of the correction or updating of the document based on a good faith, the result of the judgment indicating that there is an illegality in the document or signature is outputted.