1. Field of the Invention
This invention relates to a technique for managing the distribution of products, to each of which a data carrier is attached, by use of the information in the data carrier.
2. Description of the Related Art
There have been known conventional distribution management systems for improving the efficiency and consistency of distribution operation by use of a data carrier which is capable of electromagnetically reading/storing the data for management of products.
For example, Japanese Published Unexamined Patent Application No. Hei 5-298332 titled as “Distribution system using data carrier” discloses a distribution system using a non-contact type data carrier which is capable of reading/storing the information. The merchandise specific data are stored in the data carrier, for example, the name of the product, locality, and the number of products are stored. When a product is knocked down, the ID of the buyer is added to the data carrier. When a buyer buys a product to a retailer, the ID of the retailer, the number of products, the price, and the shipping data are added. A data carrier is also provided to a dolly or a track, the information of all the products loaded on the dolly such as the number of carloads is stored in advance in the data carrier. A product is loaded automatically on the target dolly with reference to the ID of the retailer, and then loaded on a target track having a data carrier which stores the same ID.
By using the method described hereinabove, misshipment due to wrong shipping address, shipping data, and shipping quantity is avoided. Furthermore, by using a data carrier as a checker for checking incoming from and outgoing to a market, a theft of the product is prevented.
Japanese Published Unexamined Patent Application No. Hei 10-324405 titled as “Merchandise shipping system” discloses a merchandise shipping system which is capable of confirming the content of a product correctly by use of an electronic tag. An electronic tag is attached to a product in advance, the product information is read out by means of a radio system from the electronic tag by a distributor side to prepare content information which indicates the product in the package, and the distributor gives the content information to a receiver. On the receiver side, the product information is received by the receiver by means of a radio system to check the product in comparison with the content information.
By using such a merchandise shipping system, because the content in the package is checked after packaging by means of an electronic tag attached to the product and the product information read out from the electronic tag in the package is compared with the content information which indicates the product list to check the product n the receiver side, the product is checked without involvement of a person, the shipping and approval of the product are performed correctly.
The reliability of merchandise shipping management is increased by improvement of such a distribution management system, but still now the problem that genuine products are replaced by fraudulent products in the distribution flow is not solved. According to the method described hereinabove, though the shipping work is automated consistently and the product is checked correctly, it is easy for distributors to replace genuine products by fraudulent products in the distribution flow fraudulently, and it is very difficult to find out who had replaced genuine products by fraudulent products when fraudulent products are mixed.
To exclude such a fraudulent practice, a modified method in which the information is stored together with a signature in an electronic tag (data carrier) has been proposed. An electronic tag is referred to as a data carrier hereinafter. Because a handling record and a signature for the handling record of distributors are stored in a data carrier, when some fraudulent products are found, it is possible to specify the distributor who has mixed the fraudulent products by specifying the distribution flow passage. If a signature on the handling information is not added or a signature is fraudulent, the distributor or the next distributor who has received the products from the distributor is suspected.
The digital signature technique has been known as a technique to put a signature on the distribution information as described hereinabove. As a representative example of such digital signature technique. ElGamal signature technique in which the difficulty of discrete logarithm problem is the base of the safety has been known. ElGamal signature technique is described hereunder.
A signature key is denoted by (x,y,p) and a verification key is denoted by (y,y,p) wherein p denotes a prime number and y denotes a positive constant smaller than p. These integers are in relation represented by the equation (1)(1)y=yx(mod p)  [Equation 1]
Calculation of the private integer x from the public integer y is a discrete logarithm problem, and it is difficult to get x by means of calculation if p is sufficiently large (500 bits or larger).
A prover generates a random number k which is mutually prime to p−1, and calculates a signature for a message m by use of the equations (2) and (3).(2)r=yk(mod p)  [Equation 2](3)s=(h(m)−xr)k−1(mod p−1)  [Equation 3]                wherein h denotes a one-way hash function. A prover sends the message m and signature (r, s) to a verification side.        
The verifier receives m and (r, s), and checks whether the equation (4) holds.(4)yh(m)=yrrs (mod p)  [Equation 4]
If the equation holds, then it is proved that m is a message prepared by the prover.
In addition to the above-mentioned technique, as the digital signature technique, DSA (Digital Signature Algorithm) in which the difficulty of discrete logarithm problem is the base of the safely, Schnorr signature technique, and G-Q (Guillou, Quisquater) based on zero knowledge certification, and RSA (Rivest, Shamir, and Adleman) signature technique which is well known have been known.
However, application of digital signature techniques to signature for the distribution information which is stored in the data carrier involves the problem described hereunder.
For application of digital signature technique, a certificate authority is required to be established to issue the certificate of a verification key to respective signature keys of distributors. It needs an enormous facility and cost to establish a large-scale certificate authority which is capable of supporting distributors in the country or in the world. When a signature on the distribution information is to be verified, a verifier needs certificates for the respective distributors who have put their signatures, it is required that the verifier gets a certificate of the prover who authenticates from a certification authority each time or stores it in advance in a table. The former technique in which a certificate is obtained each time is disadvantageous in that the verification takes a long time if singers are many, and on the other hand the latter technique in which the certificate is stored in a table is also disadvantageous in that the complex management for managing the term of validity and checking of invalidated certificate is needed. Furthermore, because the signature key is a private information, attention must be paid in management for security. As described hereinabove, application of the digital signature technique needs establishment of a certificate authority, management of the certificate, and ensure of security of distributors, and these requirement requires enormous facility and troublesome operation.
Generally in the case where digital signature technique is employed, because the signature key is managed by a signer, the number of times of signing cannot be restricted. In this case, it is possible to put the signature repeatedly plural times on the same product, therefore it is possible that a distributor who is a signer puts the same ID as put on the genuine product on fraudulent products and ships it to another receiver. At that time, the signature put on the fraudulent product will be successful in verification, therefore the fraudulent product will be retailed to consumers as the genuine product until the existence of the product which has the same ID is revealed. This is a problem.