JP2007027938A - Signature extension device, system, method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To obtain a signature extension device for extending the term of validity of a multiplex signature in which legitimacy can be extended inexpensively and easily over a long term for all signatures including a child signature. <P>SOLUTION: A signature time stamp T2 for a parent signature Sig(0), a public key certificate K2 used in each signature Sig(0), Sig(1, 1), Sig(1, 2), Sig(2), a public key certificate L2 up to the trusting point of the public certificate K2 and lapse information R2 for the public key certificate K2, L2 are acquired respectively. Furthermore, all references of the parent signature Sig(0), signature values, and a time stamp AT2 for the public key certificate and the lapse information are acquired. When the term of validity is extended, a new time stamp (an archive time stamp) AT2' is added and updated and legitimacy can be extended inexpensively and easily over a long term for all signatures including a child signature. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an apparatus, system, method, and program for extending an electronic signature.

  In recent years, in addition to electronic documents originally composed of electronic data, digitized documents obtained by digitizing paper documents have been legally protected by electronic signatures and time stamps. In April 2005, the e-Document Act was enacted, making it possible to read documents such as receipts that were previously required to remain as documents and store them as digitized data. became.

  However, some of these documents have a storage deadline, and the expiration date of the public key certificate used for the electronic signature attached at the time of digitization may not meet the storage deadline. In such a case, a procedure for extending the validity period of the electronic signature is required. On the other hand, the electronic signature must be performed for each input unit of the document, and it is necessary to perform an extension procedure for each unit. There is a problem that it is necessary to obtain a stamp, and the cost for obtaining the time stamp increases. In addition, it is necessary to store new signature data and its expiration date information in the initial data, and there is a problem that the amount of stored data increases.

  Therefore, Patent Document 1 discloses a conventional technique for solving such a problem. In Patent Document 1, in order to extend the expiration date before digital data such as a document or an image with an electronic signature expires due to the expiration of the electronic signature, the signature extension server, as shown in FIG. A hash group in which hashes of a plurality of signed data d1, d2,... Dn each having an expiration date obtained from a signature extension client are combined, a hash of data in which the signed data d1 to dn are combined, or a signature Data a1 such as a hash of signature data stored in each of the attached data d1, d2,... Dn is created, a new signature b1 is attached to the data a1, and other parameters c1 such as a signature algorithm are added. In addition, a signature extension certificate e1 is created. In this way, one signature extension certificate e1 having an expiration date later than any expiration date of each of the input signed data d1 to dn is generated, and the signature extension client, together with each signed data d1 to dn, The signature extension certificate e1 is stored.

  At the second time, as shown in FIG. 18, the signature extension client passes the signature extension certificate e1 to the signature extension server, and the signature extension server creates data a2 such as a hash of the signature extension certificate e1, and the data A new signature b2 is attached to a2 and other parameters c2 are combined to create a signature extension certificate e2. At this time, the signed data d1 to dn remain as they are.

The third extension is the same, and as shown in FIG. 19, the signature extension server creates data a3 such as a hash of the signature extension certificate e2, attaches a new signature b3 to the data a3, and other parameters. Together with c3, a signature extension certificate e3 is created. Therefore, as shown in FIG. 20, the data stored in the signature extension client by the three extensions as described above becomes the signature extension certificates e1 to e3 into the signed data d1 to dn, and the storage data amount is as follows. Has been reduced.
JP 2002-207428 A

  According to the above-described conventional technology, it is possible to extend the validity period of a plurality of digitized data collectively by holding a hash of a plurality of signed data with one signature extension certificate. However, this conventional technique has a problem in that it cannot cope with multi-signature data in which data is sequentially aggregated and signed each time. Specifically, for example, the signed data d1 is data obtained by scanning a quotation, the signed data d2 is data obtained by scanning an invoice, and the signed data d3 is data obtained by scanning a bill. In the case where the signed data d4 is the data with the signature of the data read from the receipt by the scanner, when the new document is read by the scanner, the new data is integrated with the previous data.

  However, for example, as shown in FIG. 21 (FIG. 21 summarizes three signatures Sig (2), Sig (1), and Sig (0)), the public key attached at each signature stage. Certificates (certificates used for signing) are UC2, UC1, and UC0, and certificates up to the trust point are RC2, MC2; RC1, MC1; RC0, MC0 (RC is a root certificate, MC is an intermediate certificate) ) And the revocation information ARL2, CRL2; ARL1, CRL1; ARL0, CRL0 (ARL is the revocation information for the certificate of the certificate authority, CRL is the revocation information for the user certificate), among them, the parent signature Sig (0 ) Are securely stored in the certificates UC0, RC0, MC0 and the revocation information ARL0, CRL0 up to the trust point in the parent signature Sig (0). Certificates UC1, RC1, MC1; UC2, RC2, MC2 and revocation information ARL1, CRL1; ARL2, CRL2 with names Sig (1) and Sig (2) are not securely stored and must be subjected to signature extension processing. For example, there is a problem that the authenticity of the data cannot be secured. Therefore, extension processing must be performed for each individual child signature, which increases the cost of acquiring a time stamp and takes time.

  An object of the present invention is to provide a signature extension apparatus, system, method, and program capable of easily extending the authenticity of data of multiple signatures over a long period of time at low cost.

  The signature extension apparatus according to the present invention multiplexes a child signature attached to a plurality of signature target data each having an expiration date into a parent signature, and extends the expiration date of the signature extension apparatus. The function to obtain the key certificate, the function to obtain the public key certificate up to the trust point of the public key certificate used for each signature, and the public key certificate and the trust point used for each signature It includes a function of acquiring revocation information for each key certificate and a function of acquiring time stamps for all reference destinations, signature values, public key certificates, and revocation information of the parent signature.

  According to the above configuration, when extending the validity period of the data of the multiple signature, the public key certificate used for the final multiplexed parent signature, the root certificate to the trust point, and the revocation information are time stamped. Is recorded as the extension information of the expiration date, and the public key certificate in each child signature, the root certificate to the trust point, the revocation information, and the like are also stored as the extension information of the expiration date by the time stamp.

  Therefore, after that, by adding a new time stamp (archive time stamp) to the extension information of the expiration date and updating it, the authenticity of all signatures including child signatures is improved. It can be extended over a long period of time at low cost and easily.

  In the signature extension apparatus of the present invention, the multiplexing includes a function of creating a signature value of the child signature of the previous layer and reference information for the signature target data of the child signature of the previous layer, It includes a function of creating a signature value from a hash value of all signature target data and a function of fetching the contents of a child signature of the previous hierarchy.

  According to the above configuration, a parent signature suitable for the above extension method can be created.

  Furthermore, the signature extension system of the present invention includes a signature extension client and a signature extension server in which each function in the signature extension device is divided, a public key certificate used for the signature, and a certificate up to the trust point thereof. A CRL distribution point for issuing revocation information of the public key certificate, and a time stamp authority for issuing a time stamp used for the signature. .

  According to the above configuration, a standard signature extension system can be constructed.

  The signature extension method of the present invention is used for each signature in the signature extension method in which a child signature attached to a plurality of signature target data each having an expiration date is multiplexed with a parent signature and the expiration date is extended. Obtain the public key certificate, the public key certificate up to the trust point of the public key certificate used for each signature, and the public key certificate used for each signature and the trust point Revocation information for each certificate is acquired, and all reference destinations, signature values, public key certificates, and time stamps for the revocation information of the parent signature are acquired.

  According to the above configuration, when extending the validity period of the data of the multiple signature, the public key certificate used for the final multiplexed parent signature, the root certificate to the trust point, and the revocation information are time stamped. Is recorded as the extension information of the expiration date, and the public key certificate in each child signature, the root certificate to the trust point, the revocation information, and the like are also stored as the extension information of the expiration date by the time stamp.

  Therefore, after that, by adding a new time stamp (archive time stamp) to the extension information of the expiration date and updating it, the authenticity of all signatures including child signatures is improved. It can be extended over a long period of time at low cost and easily.

  Furthermore, the signature extension program of the present invention includes a signature extension program for multiplexing a child signature attached to a plurality of signature target data each having an expiration date with a parent signature and extending the expiration date. Obtaining the public key certificate used for each signature, obtaining the public key certificate up to the trust point of the public key certificate used for each signature, and the public key certificate used for each signature and Obtaining revocation information for each of the public key certificates up to the trust point, and obtaining time stamps for all reference destinations, signature values, public key certificates, and revocation information of the parent signature. Features.

  According to the above configuration, when extending the validity period of the data of the multiple signature, the public key certificate used for the final multiplexed parent signature, the root certificate to the trust point, and the revocation information are time stamped. Is recorded as the extension information of the expiration date, and the public key certificate in each child signature, the root certificate to the trust point, the revocation information, and the like are also stored as the extension information of the expiration date by the time stamp.

  Therefore, thereafter, before the expiration of the expiration date, the time stamp acquisition step is performed again, and all reference destinations, signature values, public key certificates, revocation information, and previous time stamps of the parent signature are updated. By acquiring a simple time stamp (archive time stamp), the authenticity can be easily extended over a long period of time at a low cost for all signatures including child signatures.

  In the signature extension program according to the present invention, the parent signature is created by setting one of the input data to be signed and one of a plurality of signature target data and a past signature as a parent signature and the other as a child signature. A step of setting reference information for a child signature as a signature, a step of calculating a hash value based on all signature target data, and a step of calculating the signature value from the hash value. It is characterized by repeating recursively until there are no child signatures included in the parent signature.

  According to the above configuration, the parent signature can include the reference destination of the parent signature and all the child signatures, the signature value, the public key certificate, and the revocation information, and the archive timestamp is acquired as described above. A parent signature that can extend the authenticity of all signatures including child signatures can be created.

  As described above, the signature extension apparatus, system, method, and program of the present invention multiplex child signatures attached to a plurality of signature target data each having an expiration date into a parent signature and extend the expiration date. In addition to recording the public key certificate used for the final multiplexed parent signature, the root certificate to the trust point, and revocation information as time-stamp extension information, the public key certificate in each child signature A certificate, a root certificate up to the trust point, revocation information, and the like are stored together as extension information of the expiration date by the time stamp.

  Therefore, after that, by adding a new time stamp (archive time stamp) to the extension information of the expiration date and updating it, the authenticity of all signatures including child signatures is improved. It can be extended over a long period of time at low cost and easily.

[Embodiment 1]
FIG. 1 is a block diagram showing an overall configuration of a signature extension system according to an embodiment of the present invention. In this system, although the signature extension client 1 and the signature extension server 2 are connected via the network 3, it is not always necessary to have a client-server configuration, and can be realized by a single signature extension device. Further, how to divide each function of the signature extension processing described later into the client and the server is arbitrary.

  The signature extension client 1 scans a document as necessary to obtain the digitized data D, and obtains the root certificate of the certificate authority P3, the certificate of the certificate authority P1 and the certificate acquired from the certificate authority P1 acquired in advance by a reliable method. The revocation information CRL and ARL are acquired from the signer's certificate and the CRL distribution points P2 and P4, and transmitted to the signature extension server 2 together with the signature Sig and the data D.

  In response to this, the signature extension server 2 acquires the certificate of the time stamp authority P5 and the root certificate of the root certificate authority P6 that is the trust point, which have been acquired in a reliable manner in advance, and the CRL. The revocation information from the distribution points P2 and P4, the certificate related to the signature, and the certificate up to the trust point are attached with an archive time stamp to be described later and stored together with the data D as a signature file F.

  When performing multiple signatures, the signature extension client 1 performs the above-described processing on the aggregated data D and signature Sig, and the signature extension server 2 attaches an archive time stamp to be described later thereto. The signature file F is stored as a long-term signature file.

  FIG. 2 is a diagram for explaining a signature multiplexing method according to the present invention. FIG. 2 corresponds to the form of FIG. 21 described above, and shows how the signatures Sig (2), Sig (1), and Sig (0) for the three document data digitized in order are collected. ing. As in FIG. 21, at the stage of creating each signature file, public key certificates (certificates used for signature) UC2, UC1, UC0 used for signature and certificates RC2, MC2; RC1 up to their trust points. , MC1; RC0, MC0 (RC is a root certificate, MC is an intermediate certificate) and their revocation information ARL2, CRL2; ARL1, CRL1; ARL0, CRL0 (ARL is the revocation information for the certificate authority certificate, CRL is (Revocation information for user certificate).

  It should be noted that, in the present invention, when extending the parent signature Sig (0), not only the certificates UC0, RC0, MC0 and the revocation information ARL0, CRL0 in the parent signature Sig (0) Certificates UC1, RC1, MC1; UC2, RC2, MC2 and revocation information ARL1, CRL1; ARL2, CRL2 in signatures Sig (1), Sig (2) are also included in the long-term signature file and are extended together. Is Rukoto.

  Before the parent signature Sig (0) is performed, the certificate UC1 with the signature Sig (1) at that stage is similarly applied to Sig (1) which is the parent signature for the child signature Sig (2). , RC1, MC1 and revocation information ARL1, CRL1, as well as certificates UC2, RC2, MC2 and revocation information ARL2, CRL2 in the child signature Sig (2) are extended. Here, the expressions of signatures Sig (2), Sig (1), and Sig (0) do not represent the generation of signature extension, but indicate the hierarchy in the multiple signature.

  Thus, even if the extension process is not performed for each individual child signature Sig (2), Sig (1), the information necessary for extending the authenticity of the child signatures Sig (2), Sig (1) is the parent signature. Since it is stored in Sig (0), the authenticity of the child signatures Sig (2) and Sig (1) can be ensured only by performing the signature extension process of the parent signature Sig (0), and the time stamp It is possible to save the cost of acquiring the cost and the trouble of the extension process.

  The signature multiplexing process and extension process according to the present invention will be described in detail below. The example of FIG. 3 shows an example in which signature target data is generated in order as in the estimate, invoice, and invoice, and these signature target data are denoted by reference numerals Rd (2) and Rd (1), respectively. , Rd (0), and the signature target data Rd (2), Rd (1), Rd (0) are sequentially collected and attached with signatures Sig (2), Sig (1), Sig (0), respectively. Thus, the basic signature part B1 is created.

  The signature extension unit E1 created when extending the aggregated parent signature Sig (0) in this way includes a signature time stamp T1 for the signature of the parent signature Sig (0), and each signature Sig (0), Sig (1). , Sig (2), and public key certificate L1 up to the trust point of the public key certificate used for each signature Sig (0), Sig (1), Sig (2) And the revocation information R1 for the public key certificate used for each signature Sig (0), Sig (1), Sig (2) and the public key certificate up to the trust point, other parameters, signature time stamp, Sig (0) signature value, Sig (0) reference data (including signature values of Sig (1), Sig (2), Rd (0), Rd (1), Rd (2)) Archive times Pump) constructed and a AT1. In this figure and the following figures, [SOO] indicates a step number of the corresponding process in the flowchart described later. The public key certificates K1, L1 correspond to the certificates UC, MC, RC up to the trust point, and the revocation information R1 corresponds to the revocation information CRL, ARL.

  A long-term signature file F1 'obtained by extending the signature file F1 shown in FIG. 3 once is as shown in FIG. The signature extension unit E1 ′ includes the time stamp AT1, the other parameters, the signature time stamp, the signature value of Sig0, and the reference destination data of Sig (0) in accordance with one extension. A time stamp (archive time stamp) AT1 ′ for the signature values of Sig (1) and Sig (2), including Rd (0), Rd (1), and Rd (2) is added.

  On the other hand, FIG. 5 shows an example in which a part of the signature target data is generated at the same time, such as a quote, a delivery note, a delivery slip, and an invoice, and each of the signature target data is represented by Rd (2). Rd (1,1), Rd (1,2); Rd (0), the data to be signed Rd (2); Rd (1,1), Rd (1,2); Rd (0) Are sequentially attached to each of the signatures Sig (2); Sig (1,1), Sig (1,2); Sig (0) to create a basic signature part B2.

  The signature extension E2 created when extending the aggregated parent signature Sig (0) in this way includes a signature time stamp T2 for the signature of the parent signature Sig (0), and each signature Sig (0), Sig (1, 1), public key certificate K2 used for Sig (1, 2), Sig (2) and signatures Sig (0), Sig (1, 1), Sig (1, 2), Sig (2) The public key certificate L2 up to the trust point of the public key certificate used for the signature and the public used for each signature Sig (0), Sig (1,1), Sig (1,2), Sig (2) Revocation information R2 for each of the key certificate and the public key certificate up to the trust point, other parameters, signature time stamp, signature value of Sig (0), reference destination data of Sig (0) (Sig (1,1), Signature of Sig (1,2), Sig (2) , Rd (0), Rd (1,1), Rd (1,2), constituted by a time stamp (archive timestamp) AT2 for Rd containing (2)).

  The long-term signature file F2 'obtained by extending the signature file F2 shown in FIG. 5 once is as shown in FIG. Similar to the signature extension E1 ′, the signature extension E2 ′ includes the time stamp AT2, other parameters, signature time stamp, Sig (0) in the signature extension E2 in accordance with one extension. Signature value of Sig, reference data of Sig (0) (signature values of Sig (1,1), Sig (1,2), Sig (2), Rd (0), Rd (1,1), Rd (1 , 2), including Rd (2)), a time stamp (archive time stamp) AT2 ′ is added.

  Further, the long-term signature file F2 ″ obtained by extending one more time becomes as shown in FIG. 7, and the signature extension portion E2 ″ has the contents of the signature extension portion E2 ′ along with the second extension. , Time stamps AT2, AT2 ′, other parameters, signature time stamp, signature value of Sig (0), reference data of Sig (0) (Sig (1,1), Sig (1,2), Sig (2) ) Including a signature value Rd (0), Rd (1,1), Rd (1,2), Rd (2)) is added.

  FIG. 8 shows a specific configuration of the parent signature Sig (0) in the multiplexed signature file F2 shown in FIG. In this state, the parent signature Sig (0) includes the reference information RV (Sig (0)), the hash value H (0) in the parent signature Sig (0), and the signature value SV (Sig (0)). And the contents of the child signatures Sig (1, 1) and Sig (1, 2) which are the previous hierarchy.

  Specifically, the reference information RV (Sig (0)) is the signature value SV (Sig (1) of all the previous child signatures Sig (1,1), Sig (1,2), Sig (2). , 1)), URI to SV (Sig (1, 2)), SV (Sig (2)) and URI to signature target data Rd (1, 1), Rd (1, 2), Rd (2) And a URI to the signature target data Rd (0) of the parent signature Sig (0) of this time.

  The hash value H (0) is the signature target data Rd (0), Rd (1,1) of all the signatures Sig (0), Sig (1,1), Sig (1,2), Sig (2). ), Rd (1,2), Rd (2) by one-way hash calculation, for example, by SHA1 calculation.

  The signature value SV (Sig (0)) is obtained by a hash calculation from the hash value H (0). Note that the hash value H (0) does not necessarily have to be in the signature format in order to realize the present invention, but is described in the format for implementation in order to maintain compatibility. When this hash value H (0) is not described, the signature value SV (Sig (0)) is set to all signatures Sig (0), Sig (1,1), Sig (1,2), Sig ( It becomes a hash value of the hash value by the signature target data Rd (0), Rd (1,1), Rd (1,2), Rd (2) of 2).

  The contents of the child signatures Sig (1, 1) and Sig (1, 2) store the same contents as the parent signature Sig (0), and the contents of the child signature Sig (1, 1) are stored in the contents. Further stores the contents of the child signature Sig (2).

  FIG. 9 shows a specific configuration of a long-term signature Sig (0) ′ obtained by adding a signature extension E2 to the parent signature Sig (0) in the signature file F2 shown in FIG. Furthermore, FIG. 10 shows a specific configuration of the long-term signature Sig (0) ″ extended x times.

  Here, a method for setting the reference information RV (Sig (0)) will be described with reference to FIG. FIG. 11 shows an example of reference information to the signature value SV (Sig (1, 1)) and the signature target data Rd (1, 1) of the child signature Sig (1, 1). In this case, the child signature Sig (1, 1) has the reference destination http: //xxxxxxxx/rd1,1.pdf as the reference information RV (Sig (1, 1)), and the signature target data Rd (1 , 1) is signed with the signature value SV (Sig (1, 1)), the parent signature Sig (0) is the reference information RV (Sig (1)) of the child signature Sig (1, 1). 1,1)), that is, the URI to the signature value SV (Sig (1,1)) of the http: //xxxxxxxx/rd1,1.pdf and the child signature Sig (1,1), that is, http: // xxxxxxxx / sig1,1 # SV (Sig (1,1) is taken in. Then, when the signature value SV (Sig (0)) of the parent signature Sig (0) is actually calculated, the signature target data Rd (1 , 1) and the signature value SV (Sig (1, 1)) are the objects of the data to be signed.

  FIG. 12 is a flowchart for explaining the schematic operation of the signature extension system configured as described above. As described above, in this system, the functional division between the signature extension client 1 and the signature extension server 2 is arbitrary, and is described as the operation of a single signature extension apparatus. First, in step S1, the basic signature parts B1 and B2 are generated. Subsequently, in step S2, signature extension parts E1 and E2 necessary for extension are generated. Thereafter, whenever the time elapses and the extension process of the valid period becomes necessary, step S3 is performed each time, and the signature extension parts E2 ', E2 ", ... are generated. At this time, if it is necessary to include a child signature, the process returns to step S1.

  FIG. 13 is a flowchart for explaining in detail the generation processing of the basic signature parts B1 and B2 in step S1 described above. When one or a plurality of signature target data D (such as Rd (0)) is input, they are set as targets for a new signature in step S101. In step S102, one of the input signature target data D and a past signature is set as a parent signature Sig (0), and the other is a child signature (for example, the Sig (1, 1)). , The inclusion process to the parent signature Sig (0) is performed. Specifically, in step S103, the reference information RV (Sig (0)) is set for the child signature (said Sig (1, 1)) and the like, and in step S104, all the signature target data is used. The calculation process of the hash value H0 is performed, and in step S105, the calculation process of the signature value SV (Sig (0)) is performed from the hash value H0. The basic signature parts B1 and B2 of the parent signature Sig (0) are created by performing the processing of steps S102 to S105 for all the input signature target data D and sequentially including the child signatures. Is done.

  FIG. 14 is a flowchart for explaining in detail the generation processing of the signature extension units E1 and E2 in step S2. When the basic signature parts B1 and B2 of the new parent signature Sig (0) are created as shown in FIG. 13, the signature time stamps T1 and T2 for the parent signature Sig (0) are acquired in step S201. Done. In step S202, acquisition processing of all public key certificates K1 and K2 in the signature including the parent signature Sig (0) is performed. In step S203, acquisition processing of public key certificates L1 and L2 up to the trust point for the public key certificates K1 and K2 obtained in step S202 is performed. In step S204, revocation information R1 and R2 acquisition processing for steps S202 and S203 is performed. In step S205, acquisition processing (signature extension processing) of all reference destinations, signature values, and time stamps AT1 and AT2 for the steps S201, S202, S203, and S204 of the parent signature Sig (0) that is the latest generation is performed. Do. In this way, the long-term signature Sig (0) 'is created.

  Thereafter, before the expiration of the expiration date, the long-term signatures Sig (0) ", Sig (0)", ... are generated by repeating the step S205. In this case, however, the time stamp of the past time stamp (for example, AT1, AT2) is also acquired in step S205 and becomes a new time stamp (for example, AT1 ', AT2'). This is shown in FIG. In FIG. 15, the time stamp acquisition process is indicated by adding a suffix such as steps S205-1, S205-2, and S205-3 according to the number of times. In this case, the method for extending the expiration date as shown in steps S205-2 and S205-3 is described in, for example, ETSI TS 101 903.

  By adopting a configuration in which the expiration date is extended in this way, the signature target data is Rd (2); Rd (1, 1), Rd (1, 2); Rd (0) as shown in FIG. In this case, the data to be stored is as shown in FIG. When comparing FIG. 16 with FIG. 20 described above, the file capacity of the long-term signature Sig (0) ′ (repeating extension is Sig (0) ″, Sig (0) ′ ″...) Regardless, the amount of combined data of the signature extension certificates e1, e2, e3,.

  However, information necessary for extending the authenticity of the child signatures Sig (1, 1), Sig (1, 2), Sig (2) (the public key certificates K1, K2, the public key certificates L1, L2 and the revocation) Since the information R1, R2) is stored in the parent signature Sig (0), the archive signature such as the ETSI TS 101 903 is added to the parent signature Sig (0) to extend the validity period of the signature. Even if it is extended by the above method, the authenticity of the child signatures Sig (1,1), Sig (1,2), Sig (2) can be extended together. As a result, it is possible to eliminate the need to individually perform extension processing to ensure the authenticity of the child signatures Sig (1,1), Sig (1,2), Sig (2), and to obtain the time stamp acquisition cost and It is possible to save the trouble of the extension process.

  More specifically, in Patent Document 1, when the encryption algorithm used for signature extension certificate e2 is compromised, signature extension certificate e2 having the same value as the hash value calculated in signature extension certificate e1 could be forged. In this case, the authenticity of the signed data d1 to dn cannot be guaranteed.

  On the other hand, in the present invention, every time the time stamps AT1 ′, AT2 ′; AT1 ″, AT2 ″,. In addition to the parent signature Sig (0), the parent signature Sig (1,1), Sig (1,2), Sig (2) and the hash value of the reference destination data can be obtained. Since the information is collected in the signature Sig (0), its integrity can be guaranteed, and even if the encryption algorithm used in the past is compromised, the child signatures Sig (1,1), Sig (1,2), Even in Sig (2), high authenticity can be guaranteed.

  The present invention is not only configured as a signature extension system including the signature extension client 1 and the signature extension server 2 as described above, but may be configured as a single signature extension device. 1, signature time stamps T1 and T2 acquisition processing (S201), public key certificates K1 and K2 and public key certificates L1 and L2 up to their trust points (S202 and S203) and revocation information R1 and R2 The signature extension server 2 performs only the time stamps AT1 and AT2 (S205), and the function can be arbitrarily divided.

It is a block diagram which shows the whole structure of the signature extension apparatus system which concerns on one Embodiment of this invention. It is a figure for demonstrating the multiplexing method of the signature of this invention. It is a figure which shows the data structure of the signature file which shows an example of the multiplexing and extension process of the signature of this invention. It is a figure which shows the data structure of the long-term signature file obtained by extending the signature file shown in the said FIG. 3 once. It is a figure which shows the data structure of the signature file which shows the other example of the multiplexing and extension process of the signature of this invention. FIG. 5 is a diagram showing a data structure of a long-term signature file obtained by extending the signature file shown in FIG. 4 once. FIG. 5 is a diagram showing a data structure of a long-term signature file obtained by extending the signature file shown in FIG. 4 twice. It is a figure which shows the specific structure of the parent signature in the multiplexed signature file shown in the said FIG. It is a figure which shows the specific structure of the long-term signature in the signature file shown in the said FIG. FIG. 6 is a diagram showing a specific configuration of a long-term signature obtained by extending the signature file shown in FIG. 5 x times. It is a figure for demonstrating the setting method of reference information in extending a signature. It is a flowchart for demonstrating schematic operation | movement of the signature extension system of this invention. It is a flowchart for demonstrating in detail the production | generation process of the basic signature part in the extension process shown in FIG. 13 is a flowchart for explaining in detail a signature extension part generation process in the extension process shown in FIG. 12; 13 is a flowchart for explaining in detail processing for generating a signature extension when repeating extension in the extension processing shown in FIG. It is a figure for demonstrating the structure of the data which should be memorize | stored by the signature extension process of this invention. It is a figure which shows the data structure of the signature extension certificate which shows the example of the conventional signature extension process. FIG. 18 is a diagram showing a data structure of a signature extension certificate obtained by extending the signature extension certificate shown in FIG. 17 once. FIG. 18 is a diagram showing a data structure of a signature extension certificate obtained by extending the signature extension certificate shown in FIG. 17 twice. It is a figure for demonstrating the structure of the data which should be memorize | stored by the conventional signature extension process. It is a figure for demonstrating the conventional multiplexing method of a signature.

Explanation of symbols

1 Signature extension client 2 Signature extension server 3 Network P1 Certificate authority P2, P4 CRL distribution point P3, P6 Root certificate authority P5 Time stamp authority

Claims (6)

In a signature extension device that multiplexes a child signature attached to a plurality of signature target data each having an expiration date into a parent signature and extends the expiration date,
The ability to obtain the public key certificate used for each signature;
A function to obtain a public key certificate up to the trust point of the public key certificate used for each signature,
The ability to obtain revocation information for each public key certificate used for each signature and public key certificate up to the trust point;
A signature extension apparatus comprising: a function for acquiring all reference destinations of a parent signature, a signature value, a public key certificate, and a revocation information time stamp. The multiplexing is
A function of creating a signature value of a child signature of the previous hierarchy and reference information to a signature target data of the child signature of the previous hierarchy;
A function to create a signature value from a hash value of all the data to be signed,
The signature extension apparatus according to claim 1, further comprising a function of fetching the contents of the child signature of the immediately preceding hierarchy.   3. A signature extension client and a signature extension server in which each function in the signature extension apparatus according to claim 1 is divided, and root authentication for issuing a public key certificate used for the signature and a certificate up to the trust point thereof A signature extension system comprising: a station, a CRL distribution point that issues revocation information of the public key certificate, and a time stamp authority that issues a time stamp used for the signature. In a signature extension method for extending a validity period by multiplexing a child signature attached to a plurality of signature target data each having an expiration date with a parent signature,
Get the public key certificate used for each signature,
Obtain the public key certificate up to the trust point of the public key certificate used for each signature,
Obtain revocation information for each public key certificate used for each signature and public key certificate up to the trust point,
A signature extension method comprising: obtaining time stamps for all reference destinations, signature values, public key certificates, and revocation information of a parent signature. In a signature extension program for extending a validity period by multiplexing a child signature attached to a plurality of data to be signed each having an expiration date with a parent signature,
Obtaining a public key certificate used for each signature;
Obtaining a public key certificate up to the trust point of the public key certificate used for each signature;
Obtaining revocation information for each of the public key certificate used for each signature and the public key certificate up to the trust point;
A signature extension program comprising: obtaining all reference destinations, signature values, public key certificates and revocation information of the parent signature. Creating the parent signature
Setting reference information for the child signature with one of the inputted one or more signature target data and a past signature as either one of the parent signature and the other as the child signature;
Calculating a hash value based on all data to be signed;
Calculating the signature value from the hash value,
6. The signature extension program according to claim 5, wherein the steps are recursively repeated until there are no child signatures included in the parent signature.

Images