1. Technical Field
The present invention relates to an information processing device and an information processing program, and for example, to a technique for processing long-term signature data.
2. Background Art
In order to certify unfalsification (authenticity) of electronic data, an electronic signature is widely used in which electronic data is encrypted with a secret key to perform the electronic signature, and then electronic data is decrypted with a public key corresponding to the secret key to verify the electronic signature.
Electronic data is decrypted with the public key, and thus it can be confirmed that electronic data is encrypted with the secret key corresponding to the public key. However, since a signatory has the secret key, it can be certified that electronic data is generated by the signatory. For example, the secret key functions as a seal, and the public key functions as a certificate of the seal.
The public key is distributed by a public key certificate which is issued by a certificate authority, and when the public key is distributed, the authenticity of the public key can be confirmed by the certificate.
Meanwhile, the electronic signature has an expiration date which is set so as to cope with a compromise or the like of an encryption algorithm used in the signature or the like.
Even before the expiration date, the electronic signature may be expired according to signatory's convenience or all certificates following a root certificate may be expired if the secret key is omitted.
Accordingly, in order to cope with the above-described problem, as in PTL 1, an electronic signature format (hereinafter, referred to as long-term signature format) for perpetuating the validity of an electronic signature is specified.
In the long-term signature format, an archive time stamp (ATS) which is a time stamp having an expiration date longer than an electronic signature is applied to electronic data to be stored and the electronic signature, thereby securing the legitimacy of the electronic data even after the expiration date of the electronic signature has elapsed.
Before the expiration date of the archive time stamp elapses, a second-generation archive time stamp having an expiration date longer than the archive time stamp is applied to extend the expiration date. Hereinafter, the expiration date is extended to the third-generation, the fourth-generation, . . . , making it possible to verify unfalsification of electronic data over a long period of time.
In this way, in regard to long-term signature data, before the expiration date of a final archive time stamp is off, the next-generation archive time stamp is applied to extend the expiration date.
Meanwhile, in general, since the expiration date of the archive time stamp is long to be 10 years, even if long-term signature data or original data is destructed, or the validity of the archive time stamp is lost, there is a possibility that destruction or expiration is noticed after 10 years.
For this reason, it is necessary to perform expiration date extension processing at an appropriate timing while constantly confirming that the long-term signature data is valid.
In regard to the verification, it is necessary to confirm non-destruction of data or the validity of the final archive time stamp.
However, if the verification is done for all pieces of stored long-term signature data, there is a problem in that a lot of cost and time is required for computation processing.
For example, in confirming the validity of the final archive time stamp, verification of a hash value of a time stamp, verification of a signature, verification of expiration information, verification of an authentication path, and verification of an expiration date are required.