The present invention relates to a system for electronically circulating various documents necessary for business transactions and, more particularly, to a method and apparatus for secure circulation of electronic tickets, electronic certificates and similar documents whose description contents change while in circulation.
With the recent expansion of electronic commerce, the electronic cash, electronic tickets, electronic certificates, purchase and order slips, and so forth have come to be exchanged between the participants of transactions over networks. To circulate such documents over the Internet or similar networks shared by an indefinite number of people, it is necessary to protect the documents from fraud, for example, alterations in the documents, wiretapping and impersonation. Typical technologies that have been proposed to prevent fraud are digital signature schemes such as the RSA scheme by RSA Data Security Inc. and ESIGN by Nippon Telegraph and Telephone Corporation. With the digital signature (hereinafter referred to simply as a signature) scheme, a signer encrypts a document using a secret key which no one but the signer knows and the recipient of the document decrypts it using a public key corresponding to the secret key, thereby verifying that the document has been duly signed by the signer himself and has not been altered.
However, since a change in the contents of a signed document breaks the signature, some contrivance is needed in the application of the digital signature scheme to a document, for example, an electronic ticket whose properties, such as a reservation status, a payment status and the ticket owner""s identification, change dynamically while in circulation. In a simple scheme, as depicted in FIG. 1, upon each occurrence of a change, the document to be changed is attached with change information describing which property has been changed to what contents, and the document is signed again in its entirety. In FIG. 1 the arrows each indicate the scope of application of the signature. That is, an issuer signature 103 is attached to an issuer ID 101 and the main body 102, and then a changer-1 signature 106 is attached to the issuer ID 101, the main body 102 and the issuer signature 103, a changer-1 ID 104 and change information 105. In this way, upon each occurrence of a change, all pieces of information attached to the document so far, a changer-n ID 107 and change information n are attached with a changer-n signature 109.
With such a scheme, however, all pieces of the change information 1 (105), . . . , the change information n (108) need to be analyzed to obtain an ultimate or up-to-date value for a certain property of the main body 102xe2x80x94this involves complex processing. Moreover, the multiple signatures attached to the document inevitably raise signature processing costs.
Furthermore, not everybody is usually allowed to freely change the properties or attributes of an electronic ticket, contract document or the like, but it may sometimes be desirable that the ticket or document be changed only by persons of particular capabilities; for example, the changer of a reservation status, payment status, or the owners is limited specifically to an issuer, a bank, or an agent, respectively. No general-purpose scheme for such capability control has been studied.
Moreover, an electronic ticket, contract or similar document is sometimes attached with another document while in circulation, and it may be desirable to limit the document to be attached to a particular type of document; for example, the change of the reservation status, payment status, or the owner need to be attached with a reservation ticket, a check, or transfer certificate, respectively. No general-purpose scheme for such control has been studied yet.
As described above, there has not been available any general-purpose scheme for allowing only a person of a particular capability to change a particular field or property of a document nor has there been available any general-purpose scheme for attaching only a particular kind of document to the original one; hence, in the case of circulating a document requiring such control, it has been necessary to develop special software for each application or for each kind of document to be circulated. And, to refer to an ultimate or up-to-date value of a document having a property that is changed while in circulation and signed for preventing alterations, all pieces of change information must be analyzed, giving rise to the problem of involving complex processing.
It is therefore an object of the present invention to provide a recording medium having recorded thereon a signed hypertext capable of defining diverse capabilities of changing respective properties in a document, a recording medium having recorded thereon a hypertext capable of defining the type of document to be attached, a method for changing each property value or attaching a document, and a general-purpose method and apparatus for detecting a fraudulent or malicious alterations or attachment of a document.
According to a first aspect of the present invention, there is provided a recording medium having recorded thereon a hypertext made up of a plurality of linked documents, wherein:
at least one of said plurality of linked documents making up said hypertext comprises an identifier of said at least one document, an identifier of its issuer, at least one property definition part, and an issuer signature attached to said at least one document in its entirety; and
said at least one property definition part includes the value of the property defined therein, an identifier of a document located at the destination of the link (hereinafter referred to as a destination document), and a constraint definition part for defining constraints on said destination document.
In the recording medium with the signed hypertext recorded thereon, the constraint on the link-destination document may be a schema which defines its document type.
In the recording medium with the signed hypertext recorded thereon, the constraint on the destination document may be the value of a particular one of its properties.
In the recording medium with the signed hypertext recorded thereon, the constraint on the destination document may be its hash value.
According to a second aspect of the present invention, there is provided a method for creating a hypertext made up of a plurality of linked documents, which comprises the steps of:
(a) forming at least one of said plurality of linked documents by an identifier of said at least one document, an identifier of its issuer, at least one property definition part for defining the value of a property of said at least one document, and an issuer signature attached to said at least one document in its entirety;
(b) incorporating into said at least one property defining part, if it has a link, an identifier of a destination document and a constraint defining part for defining a constraint on said destination document;
(c) generating a unique document identifier for a document not yet instantiated at the destination of the link at the time of creating a source document, and incorporating said unique destination document identifier, as an identifier of a future destination document, in said at least one property definition part of said source document; and
(d) generating said destination document with said unique document identifier when the body of said destination document is instantiated.
According to a third aspect of the present invention, there is provided a method for verifying the validity of the signed hypertext which comprises the steps of:
(a) verifying whether said destination document satisfies said constraint defined in a source document which is said at least one document; and
(b) verifying the validity of an issuer signature of each document making up the hypertext.
According to a fourth aspect of the present invention, there is provided an apparatus for generating a signed hypertext of the above structure when a document at the destination of the link has not been instantiated at the time of defining a source document, which comprises:
means for generating a unique document identifier for a yet-to-be instantiated document;
means for storing therein said unique document identifier as an identifier of a future destination document to generate the source document; and
means for generating said document at the destination of the link with said unique document identifier when said destination document is instantiated, said instantiated document being linked as the destination document to said source document.
According to a fifth aspect of the present invention, there is provided an apparatus for verifying the validity of the signed hypertext of the above structure, which comprises:
means for verifying whether the identifier of a destination document is the same as a destination document identifier defined in a source document;
means for verifying whether the destination document satisfies the constraint defined in the source document; and
means for verifying the validity of the issuer signature of each document making up the hypertext.