Cryptography – Key management
Reexamination Certificate
1999-03-11
2002-04-23
Peeso, Thomas R. (Department: 2132)
Cryptography
Key management
C380S279000, C380S284000
Reexamination Certificate
active
06377692
ABSTRACT:
TECHNICAL FIELD
The present invention relates to an electronic signature key control method which can update the contents of a key for electronic signature without limiting issuance of electronic signatures, an offer of various services based on the electronic signatures or the like, and to a system suitable for carrying out such a key control method.
Here, the electronic signature represents an electronic signature for proving the identity of a user by using a key peculiar to the user.
BACKGROUND ART
For example, in a party (or a society) where members are identified by membership cards, it is quite important for the running of the party to make it possible to mutually evaluate the legitimacy of the membership cards among the members. Recently, it has been attempted that a membership card is issued in the form of a high-security medium, such as an IC card, so as to be an electronic identification card which can be possessed only by a member, or issued as a member register certificate (electronic identification card) or an electronic ticket, which is difficult to be forged, using an electronic signature technique.
The member register certificate, the electronic ticket or the like (referred to as “member register certificate” for convenience in the following description) is required to make it possible not only to evaluate genuineness of the contents, but also to correctly confirm that a person using the member register certificate is a genuine member. Therefore, it has been carried out, using an electronic signature which can be produced only by the genuine member, to confirm whether the member register certificate is forged, or whether a person having the member register certificate is a right member.
In the electronic signature, an encryption technique based on a public key system is normally utilized. Specifically, a given member register organization executes electronic signatures using its own secret key (signature key), and distributes a public key (confirmation key) corresponding to the signature key to all the members. When authenticating the electronic signature, each member confirms the electronic signature using the confirmation key.
Since the confirmation key itself does not include information showing that it is a legitimate public key of the member register organization, it is necessary to confirm the legitimacy of the confirmation key separately in advance.
In the foregoing public key system, one of the grounds for security relies on the large calculation amount upon decoding. Accordingly, it leads to lowering of the security to continue using the same signature key and confirmation key over a long period of time, so that it is preferable to update each key at every given time period. Therefore, in general, it has been that the signature key can be updated periodically and, thereupon, each member can obtain the confirmation key updated synchronously with the updating of the signature key.
As a means for procuring the updated confirmation key, it is considered that the member register organization distributes the new confirmation key to all the members simultaneously. It is also considered to register the new confirmation key at a given public key certificate issuing center.
In the latter case, the public key certificate issuing center signs signature object data using its own secret key (center secret key) to obtain a public key certificate, and properly distributes this public key certificate to the members. The members distributed with it confirm the electronic signature using a public key (center public key) of the public key certificate issuing center notified in advance.
When a certain member wishes a third party to confirm a member register certificate of his/her own, the member acquires a public key certificate and attaches the acquired public key certificate to the member register certificate. This makes it possible at the side confirming an electronic signature to easily confirm the legitimacy of a new public key of the member register organization.
The public key certificate is not necessarily always attached to the electronic signature, and it is sufficient to attach it only once when a signature key and a confirmation key are updated.
When a certain member transmits a member register certificate to another member through on-line, it may be omitted to attach a public key certificate for reducing the data amount upon the transmission. In this case, the public key certificate is acquired at the side of a receiver member.
In any case, when using a public key certificate, it is necessary for a member utilizing a member register certificate or a member confirming the member register certificate to access the public key certificate issuing center so as to obtain the public key certificate every time a confirmation key is updated.
As described above, when the signature key is updated, any of the following actions is carried out between the member register organization and the member or between the members:
(1) The member register organization distributes a new confirmation key to all the members;
(2) When a certain member first uses a member register certificate, a public key certificate is acquired and attached;
(3) A public key certificate is properly acquired at the side of a member confirming an electronic signature.
However, in the foregoing three cases, the following problems are caused, respectively:
In the case (1), when the member register organization performs a key updating process, since all the users simultaneously access the member register organization to acquire a new confirmation key, corresponding processes are concentrated to a system provided at the side of the member register organization so that an operation of the system may become unstable. Particularly, when the number of the members is quite large, it is necessary to stop issuance of member register certificates after the updating of the key until the new key has been distributed to all the users.
In the case (2), the data amount upon transmission/reception is increased, and a time for acquiring the public key certificate is additionally required. Further, if the public key certificate is forged, a false center public key is distributed, and thus, the risk relies on security of a center public key in the public key certificate issuing center.
In the case (3), a member confirming an electronic signature, for example, a member which offers some service after confirming a member register certificate of a certain member, acquires a public key certificate after reception of the member register certificate of the certain member. Therefore, when the certain member first requests confirmation of the member register certificate after the updating of the key, the other member has to limit the offering of service until acquiring the public key certificate and confirming the member register certificate. For on-line accessing the public key certificate issuing center or the member register organization to Immediately acquire the public key certificate, the communication cost increases correspondingly.
As described above, there have been such disadvantages that an operation of some of the systems is adversely affected or the service utilization by the members is limited every time the signature key is updated.
It is an object of the present invention to provide an electronic signature key control method with no such disadvantages, and a system suitable for carrying out such a key control method.
DISCLOSURE OF INVENTION
A key control method of the present invention which accomplishes the foregoing object is characterized by preparing a plurality of keys whose contents are updated periodically at mutually different times; switching the plurality of keys one by one per switching cycle shorter than an updating cycle of each key; and using the switched key as a signature key for electronic signature. It is effective for facilitating the key updating that the foregoing switching cycles are set to, for example, the same time length with respect to all the keys.
Another key control method of the present
Moribatake Hidemi
Takahashi Yoshio
Lerner David Littenberg Krumholz & Mentlik LLP
NTT Data Corporation
Peeso Thomas R.
LandOfFree
Method and system for controlling key for electronic signature does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for controlling key for electronic signature, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for controlling key for electronic signature will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2851012