In recent years, with the spread use of the internet in general households, a variety of services are increasingly provided such as sales of a product via a network and delivery of digital contents like music and movie. In providing such a service, the service provision side needs to obtain user's personal information from the user. As for the sales of a product via a network, for example, a name, an address, and a telephone number of the user may be required for delivering the product, and a credit card number may be also required for charging the product. Further, an age, an occupation and the like of the user may be required so that purchase trends of the product can be studied and then used in future sales activities. Moreover, in obtaining personal information from the user, the service provision side desires to confirm that contents of the obtained personal information are correct, namely that the user has declared correct personal information of his or her own without falsity. Meanwhile, the user side desires not to provide the service provision side with his or her personal information more than necessary. For satisfying the desires of both the service provision side and user side, it is desirable to realize a mechanism where personal information more than necessary does not need to be provided to the service provision side, while the validity of the personal information provided by the user side is secured.
As a conventional method for realizing such a mechanism, a method called an “electronic black-out method” is disclosed (see Patent Document 1). FIG. 1 is a block diagram showing an authentication system using the electronic black-out method. This authentication system includes: a signature generator 90 which authenticates contents of a message and adds a digital signature, to generate a message with a signature; an electronic black-out performer 91 which accepts the message with the signature and, if necessary, “electronically blacks out” the message and sends the message to a signature verifier 92; and the signature verifier 92 which verifies the validity of the “electronically blacked out” message with the signature received from the electronic black-out performer 91.
In this authentication system, a series of procedures of adding a signature to a message, performing electronic black-out, and verifying the signature is as follows. First, the signature generator 90 generates a digital signature S with respect to a message M made up of several data blocks. “A message M made up of several data blocks” here means that, for example when the message M is a sentence that “criminal TARO YAMADA pleaded guilty”, this message can be divided into four data blocks of “criminal”, “TARO YAMADA”, “pleaded”, and “guilty”. Next, the electronic black-out performer 91 having received the message M and the digital signature S verifies the digital signature if necessary, and subsequently “blacks out” some of the four data blocks in the message M. For example, when the message M is a sentence made up of the four data blocks cited in the above example, it is assumed that the electronic black-out performer 91 electronically blacks out “TARO YAMADA”. At this time, the portion “TARO YAMADA” is made invisible (blacked out) in the message M as representing “criminal •••• •••••• pleaded guilty”. A message Ms after blacked out as thus generated and the signature S having been added to the original message M are then sent to the signature verifier 92. The signature verifier 92 verifies that a constant relation is established between the blacked-out message Ms and the signature S to verify the validity of the blacked-out message Ms. Here, the signature verifier 92 is capable of confirming that the message Ms has been generated by blacking out a part of the original message M, but it is incapable of finding out the original contents of the blacked-out data block (“TARO YAMADA” in this example). As thus described, according to the electronic black-out method, the validity of a message can be authenticated while a part of the original message is concealed. In this example, the validity of a content of the message (that the criminal pleaded crime) can be confirmed, while personal privacy (the name of the criminal) is protected, by concealing the part of the message.
Another example is a message made up of three data blocks of “name=TARO YAMADA”, “age=23 years old”, and “address=Kadoma City, Osaka Prefecture”. In the case where only the name and address are needed while the age is not needed, the “age=23 years old” is “electronically blacked out”. The use of the “electronic black-out method” makes it possible to confirm that the contents of the message with a digital signature are correct by verifying the other items (the name and the address) other than the age.    Patent Document 1: Japanese Unexamined Application Publication No. 2005-51734