Data processing: presentation processing of document – operator i – Presentation processing of document – Layout
Reexamination Certificate
1999-08-02
2004-02-24
Hong, Stephen S. (Department: 2178)
Data processing: presentation processing of document, operator i
Presentation processing of document
Layout
C705S054000, C705S003000, C705S064000, C705S075000, C705S058000, C705S059000, C713S156000, C713S157000
Reexamination Certificate
active
06697997
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a system for electronically circulating various documents necessary for business transactions and, more particularly, to a method and apparatus for secure circulation of electronic tickets, electronic certificates and similar documents whose description contents change while in circulation.
With the recent expansion of electronic commerce, the electronic cash, electronic tickets, electronic certificates, purchase and order slips, and so forth have come to be exchanged between the participants of transactions over networks. To circulate such documents over the Internet or similar networks shared by an indefinite number of people, it is necessary to protect the documents from fraud, for example, alterations in the documents, wiretapping and impersonation. Typical technologies that have been proposed to prevent fraud are digital signature schemes such as the RSA scheme by RSA Data Security Inc. and ESIGN by Nippon Telegraph and Telephone Corporation. With the digital signature (hereinafter referred to simply as a signature) scheme, a signer encrypts a document using a secret key which no one but the signer knows and the recipient of the document decrypts it using a public key corresponding to the secret key, thereby verifying that the document has been duly signed by the signer himself and has not been altered.
However, since a change in the contents of a signed document breaks the signature, some contrivance is needed in the application of the digital signature scheme to a document, for example, an electronic ticket whose properties, such as a reservation status, a payment status and the ticket owner's identification, change dynamically while in circulation. In a simple scheme, as depicted in
FIG. 1
, upon each occurrence of a change, the document to be changed is attached with change information describing which property has been changed to what contents, and the document is signed again in its entirety. In
FIG. 1
the arrows each indicate the scope of application of the signature. That is, an issuer signature
103
is attached to an issuer ID
101
and the main body
102
, and then a changer-
1
signature
106
is attached to the issuer ID
101
, the main body
102
and the issuer signature
103
, a changer-
1
ID
104
and change information
105
. In this way, upon each occurrence of a change, all pieces of information attached to the document so far, a changer-n ID
107
and change information n are attached with a changer-n signature
109
.
With such a scheme, however, all pieces of the change information
1
(
105
), . . . , the change information n (
108
) need to be analyzed to obtain an ultimate or up-to-date value for a certain property of the main body
102
—this involves complex processing. Moreover, the multiple signatures attached to the document inevitably raise signature processing costs.
Furthermore, not everybody is usually allowed to freely change the properties or attributes of an electronic ticket, contract document or the like, but it may sometimes be desirable that the ticket or document be changed only by persons of particular capabilities; for example, the changer of a reservation status, payment status, or the owners is limited specifically to an issuer, a bank, or an agent, respectively. No general-purpose scheme for such capability control has been studied.
Moreover, an electronic ticket, contract or similar document is sometimes attached with another document while in circulation, and it may be desirable to limit the document to be attached to a particular type of document; for example, the change of the reservation status, payment status, or the owner need to be attached with a reservation ticket, a check, or transfer certificate, respectively. No general-purpose scheme for such control has been studied yet.
As described above, there has not been available any general-purpose scheme for allowing only a person of a particular capability to change a particular field or property of a document nor has there been available any general-purpose scheme for attaching only a particular kind of document to the original one; hence, in the case of circulating a document requiring such control, it has been necessary to develop special software for each application or for each kind of document to be circulated. And, to refer to an ultimate or up-to-date value of a document having a property that is changed while in circulation and signed for preventing alterations, all pieces of change information must be analyzed, giving rise to the problem of involving complex processing.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a recording medium having recorded thereon a signed hypertext capable of defining diverse capabilities of changing respective properties in a document, a recording medium having recorded thereon a hypertext capable of defining the type of document to be attached, a method for changing each property value or attaching a document, and a general-purpose method and apparatus for detecting a fraudulent or malicious alterations or attachment of a document.
According to a first aspect of the present invention, there is provided a recording medium having recorded thereon a hypertext made up of a plurality of linked documents, wherein:
at least one of said plurality of linked documents making up said hypertext comprises an identifier of said at least one document, an identifier of its issuer, at least one property definition part, and an issuer signature attached to said at least one document in its entirety; and
said at least one property definition part includes the value of the property defined therein, an identifier of a document located at the destination of the link (hereinafter referred to as a destination document), and a constraint definition part for defining constraints on said destination document.
In the recording medium with the signed hypertext recorded thereon, the constraint on the link-destination document may be a schema which defines its document type.
In the recording medium with the signed hypertext recorded thereon, the constraint on the destination document may be the value of a particular one of its properties.
In the recording medium with the signed hypertext recorded thereon, the constraint on the destination document may be its hash value.
According to a second aspect of the present invention, there is provided a method for creating a hypertext made up of a plurality of linked documents, which comprises the steps of:
(a) forming at least one of said plurality of linked documents by an identifier of said at least one document, an identifier of its issuer, at least one property definition part for defining the value of a property of said at least one document, and an issuer signature attached to said at least one document in its entirety;
(b) incorporating into said at least one property defining part, if it has a link, an identifier of a destination document and a constraint defining part for defining a constraint on said destination document;
(c) generating a unique document identifier for a document not yet instantiated at the destination of the link at the time of creating a source document, and incorporating said unique destination document identifier, as an identifier of a future destination document, in said at least one property definition part of said source document; and
(d) generating said destination document with said unique document identifier when the body of said destination document is instantiated.
According to a third aspect of the present invention, there is provided a method for verifying the validity of the signed hypertext which comprises the steps of:
(a) verifying whether said destination document satisfies said constraint defined in a source document which is said at least one document; and
(b) verifying the validity of an issuer signature of each document making up the hypertext.
According to a fourth aspect of the present invention, there is provided an apparatus for generating a signed hypertext
Hong Stephen S.
Ludwig Matthew
Nippon Telegraph and Telephone Corporation
LandOfFree
Recording medium with a signed hypertext recorded thereon... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Recording medium with a signed hypertext recorded thereon..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Recording medium with a signed hypertext recorded thereon... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3340661