[go: up one dir, main page]

WO2008059898A1 - Appareil d'ajout de moment d'authentification, procédé d'ajout de moment d'authentification, et programme - Google Patents

Appareil d'ajout de moment d'authentification, procédé d'ajout de moment d'authentification, et programme Download PDF

Info

Publication number
WO2008059898A1
WO2008059898A1 PCT/JP2007/072128 JP2007072128W WO2008059898A1 WO 2008059898 A1 WO2008059898 A1 WO 2008059898A1 JP 2007072128 W JP2007072128 W JP 2007072128W WO 2008059898 A1 WO2008059898 A1 WO 2008059898A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
mail
authentication time
time information
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2007/072128
Other languages
English (en)
Japanese (ja)
Inventor
Katsuji Nakajima
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Seiko Precision Inc
Original Assignee
Seiko Precision Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Seiko Precision Inc filed Critical Seiko Precision Inc
Publication of WO2008059898A1 publication Critical patent/WO2008059898A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Definitions

  • the present invention relates to an authentication time adding device, an authentication time adding method, and a program.
  • the transmission date and time given to the header of an electronic mail depends on the date and time set in the machine (personal computer or the like) that is the transmission source of the electronic mail. For this reason, if the date and time set for a personal computer or the like is incorrect, an incorrect date and time is also given to the e-mail transmission date and time. For this reason, even if the originality of the e-mail text can be secured by technology such as S / MIME, the reliability of the transmission date / time will be impaired.
  • Patent Document 1 discloses a technique for adding a reliable time stamp to the body of an electronic mail. According to this technology, even if a file is attached to the received e-mail! /, It is added to the body of the e-mail! / Can be obtained with reliability.
  • Patent Document 1 Japanese Translation of Special Publication 2005-531995
  • Patent Document 1 the technique disclosed in Patent Document 1 is that the attached file is sent when the attached file is stored in a different storage location from the electronic mail text separated from the electronic mail text.
  • the date and time received can not be specified directly based on the attached file.
  • the recipient needs to search for the email with the file attached and specify the date and time of transmission based on the reliable timestamp given to the email body. It was.
  • the present invention has been made in view of the above circumstances, and an object thereof is to easily obtain highly reliable time information regarding a file attached to an e-mail.
  • an authentication time adding device includes an e-mail acquisition unit that acquires an e-mail to which a file is attached, and an e-mail acquired by the e-mail acquisition unit.
  • a file authentication time information adding means for adding authentication time information indicating an authenticated time to a file attached! / Song, and a file to which the authentication time information is added by the file authentication time information adding means are attached.
  • e-mail output means for outputting e-mail.
  • the file authentication time information adding means includes an authentication time information request data transmitting means for transmitting authentication time information request data for requesting authentication time information to a time authentication server for performing time authentication, and the authentication Authentication time information receiving means for receiving authentication time information according to the authentication time information request data transmitted by the time information request data transmitting means from the time authentication server, and authentication time information received by the authentication time information receiving means May be configured to include reception authentication time information adding means for adding to a file attached to the e-mail acquired by the e-mail acquisition means.
  • the authentication time information request data transmission means includes a file electronic signature data acquisition means for acquiring electronic signature data of a file attached to the electronic mail acquired by the electronic mail acquisition means!
  • Hash value generation means for generating a hash value of the electronic signature data acquired by the file electronic signature data acquisition means
  • authentication time information request data for generating authentication time information request data including the hash value generated by the hash value generation means Generating means
  • hash value transmitting means for transmitting the authentication time information request data including the hash value generated by the authentication time information request data generating means to the time authentication server
  • the authentication time information receiving means includes a time stamp token including time information and a hash value included in authentication time information request data transmitted by the hash value transmission means from the time authentication server, and the time stamp.
  • the electronic signature data of the token, and the reception authentication time information adding means receives the time stamp token received by the authentication time information receiving means and the electronic signature data of the time stamp token by the electronic mail acquisition means.
  • the authentication time information may be added to a file attached to the acquired e-mail.
  • the e-mail acquisition means includes a transmission e-mail acquisition means for acquiring an e-mail attached with a file from a transmission e-mail server that performs e-mail transmission processing, and the transmission e-mail acquisition A file extracting means for taking out a file attached to the e-mail from the e-mail acquired by the means;
  • the file authentication time information adding means adds authentication time information to the file extracted by the file extracting means
  • the e-mail output means includes a file attachment means for attaching the file to which the file authentication time information addition means has added the authentication time information to the electronic mail from which the file has been extracted by the file extraction means, and the file attachment
  • the unit may be configured to include a transmission e-mail output unit that outputs an e-mail attached with a file to the transmission e-mail server.
  • the e-mail output means further includes e-mail authentication time information adding means for adding authentication time information to the e-mail to which the file attachment means has attached a file,
  • the transmission e-mail output means may be configured to output an e-mail to which the e-mail authentication time information addition means has added authentication time information to the transmission e-mail server.
  • the format discriminating unit and the format discriminating unit discriminate that the file format is not the additional information storage format.
  • the file authentication time information adding means may be configured to record the authentication time information in an additional information storage area of the file whose format has been converted by the format conversion means.
  • conversion condition specifying means for specifying a conversion condition for converting the format of a file attached to an e-mail acquired by the e-mail acquiring means, and conversion specified by the conversion condition specifying means
  • Format conversion means for converting the format of the file into a format according to conditions
  • the file authentication time information adding means may be configured to record the authentication time information in an additional information storage area of the file whose format has been converted by the format conversion means.
  • the file authentication time information adding means is an authentication time information recording file for generating an authentication time information recording file in which authentication time information of a file attached to an e-mail acquired by the e-mail acquiring means is recorded.
  • an authentication time information recording file attachment means for attaching the authentication time information recording file generated by the authentication time information recording file generation means to the electronic mail acquired by the electronic mail acquisition means,
  • the e-mail output means may be configured such that the authentication time information record file attachment means outputs an e-mail attached with an authentication time information record file.
  • it further includes an attachment condition designating unit for designating an attachment condition for designating whether to generate the authentication time information recording file and attach it to an e-mail,
  • the e-mail output means may be configured such that the authentication time information record file attachment means outputs an e-mail attached with an authentication time information record file according to a condition designated by the attachment condition designation means. .
  • correspondence information adding means for adding correspondence information for associating the authentication time information recording file and the electronic mail to a header of the electronic mail
  • the electronic mail output means includes the correspondence information E-mail added to the header It may be configured to force.
  • time information related to a file attached to an electronic mail can be obtained with high reliability and reliability.
  • FIG. 1 is a diagram showing an overall configuration of a time stamp addition system according to a first embodiment of the present invention.
  • FIG. 2 is a diagram showing a circuit configuration of a time stamp adding device.
  • FIG. 3A is a diagram showing an example of a data structure of conversion format information.
  • FIG. 3B is a diagram showing an example of a data structure of a file according to a time stamp addition format.
  • FIG. 4A is a diagram schematically showing a process of generating a signature value for an attached file.
  • FIG. 4B is a diagram schematically showing a process of generating a time stamp request hash value.
  • FIG. 4C is a diagram schematically showing data exchange between the time stamp adding device and the TSA server.
  • FIG. 5 is a flowchart showing time stamp addition processing by the time stamp addition apparatus of the first embodiment.
  • FIG. 6 is a flowchart showing file electronic signature processing.
  • FIG. 7 is a flowchart showing a file time authentication process.
  • FIG. 8 is a flowchart showing a file time stamp verification process when the time stamp of a file attached to an e-mail is verified on the receiving side.
  • FIG. 9A is a diagram showing a first example of an e-mail data structure reconstructed by an e-mail reconstructing unit included in the time stamp addition apparatus of the second embodiment.
  • FIG. 9B is a diagram showing a second example of the data structure of the email reconstructed by the email reconstruction unit included in the time stamp addition apparatus of Embodiment 2.
  • FIG. 10 is a block diagram showing an internal configuration of a time stamp adding apparatus according to the third embodiment.
  • FIG. 11 An example of a data structure of time stamp additional information according to the third embodiment. Explanation of symbols
  • the time stamp addition system of Embodiment 1 includes a user terminal 1, a mail server 2, a time stamp addition device 3, a TSA (Time Stamping Authority) server 4, and a network 5.
  • User terminal 1, mail server 2, time stamp adding device 3, and TSA server 4 They are connected to each other via work 5.
  • the network 5 may be any network that can send and receive data, such as the Internet, an intranet, and a public network.
  • the user terminal 1, the mail server 2, and the time stamp adding device 3 may be connected to the same intranet.
  • the user terminal 1 is composed of a personal computer (PC) or the like, and executes a process according to a user operation. For example, the user terminal 1 executes creation of an electronic mail, attachment of a file to the created electronic mail, transmission of an electronic mail with a file attached, and the like according to a user operation.
  • a file attached to an e-mail is referred to as an “attached file”
  • an e-mail having an attached file is referred to as an “attached file e-mail”.
  • the mail server 2 is composed of a server device or the like, and performs transmission / reception processing of electronic mail. For example, the mail server 2 transmits an electronic mail created by the user terminal 1 to a mail sano (not shown) of another user at the transmission destination. In addition, the mail server 2 receives an electronic mail transmitted from the other user terminal (not shown) to the user terminal 1 via the network 5 and holds it until a reception request is received from the user terminal 1.
  • the mail server 2 once transmits the e-mail to the time stamp adding device 3 before sending the e-mail supplied from the user terminal 1 to the transmission destination.
  • This operation is to request the time stamp adding device 3 to attach a time stamp authenticated by the TSA server 4 to the attached file when an attached file is attached to the e-mail! Is called.
  • the time stamp adding device 3 is constituted by a server device, for example, and assigns a time stamp to the electronic mail transmitted from the mail server 2 and the attached file of the electronic mail.
  • the “time stamp” is information indicating the time (date and time) authenticated by the TSA server 4.
  • the time stamp adding device 3 determines whether or not an attached file is attached to the email received from the mail server 2 and attaches the time stamp to each attached file. Then, the attached e-mail with the attached file is supplied to the mail server 2.
  • the time stamp adding device 3 is a time stamp for requesting the time stamp issuance.
  • a tamping request message is transmitted to the TSA server 4, and the time stamp issued by the TSA server 4 is attached to the attached file in response to the request.
  • the TSA server 4 is configured by a server device or the like, and functions as a time stamping authority (TSA).
  • TSA server 4 issues a time stamp in response to a request from the time stamp adding device 3 and supplies the time stamp to the time stamp adding device 3.
  • the time certification authority for example, authenticates the time of electronic data created by the user in response to a request from the user and issues a time stamp.
  • time authentication operator it is referred to as a “time authentication operator”.
  • the TSA server 4 is connected to a TA sano (not shown) provided in a time authority (TA) via a predetermined network.
  • the TSA server 4 maintains the reliability of the issued time stamp by receiving a highly accurate time distribution based on the standard time from the TA server.
  • the TSA server 4 issues a time stamp in accordance with the time stamp protocol format using PKI (Public Key Infrastructure).
  • the time stamp adding device 3 includes a control unit 30, a communication unit 31, and a storage unit 32.
  • the control unit 30 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and controls the time stamp adding device 3 as a whole. For example, the control unit 30 executes a time stamp addition process for adding a time stamp to the attached file of the e-mail. When performing various arithmetic processes and control processes, the control unit 30 causes the CPU to execute the control program stored in the ROM while temporarily storing various data in the RAM.
  • a CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • control unit 30 includes an attached file existence determination unit 301, a format determination unit 302, a format conversion unit 303, an electronic signature unit 304, a time authentication unit 305, and an e-mail reconstruction unit 306. . Details of each unit 30;! To 306 will be described later.
  • the communication unit 31 includes a communication interface and the like, and communicates with an external device via the network 5. For example, the communication unit 31 communicates with the mail server 2 via the intranet. Data communication with the TSA server 4 via the network 5. When the communication unit 31 receives an e-mail scheduled to be transmitted to the transmission destination (destination) by the mail server 2 from the mail server 2, the communication unit 31 supplies the e-mail to the attached file existence determination unit 301.
  • the storage unit 32 includes an auxiliary storage device such as a ROM (Read Only Memory), a RAM (Random Access Memory), and a hard disk, and stores various types of information, programs, and the like.
  • the storage unit 32 stores conversion format information 321, secret key management information 322, and the like.
  • conversion format information 321 associates “time stamp non-addition format Fn” with “time stamp addition format Fa”.
  • “Time stamp non-addition format Fn” is a format that has been subjected to format conversion by the format conversion unit 303, and is a format that the control unit 30 does not add a time stamp to! /. is there.
  • the “time stamp addition format Fa” is a format that has been subjected to format conversion by the format conversion unit 303 and is a format to which the control unit 30 can assign a time stamp.
  • the file converted into the time stamp addition format Fa has a “main data area DA” and an “additional information area IA”.
  • the “main data area” is an area for storing the main data of the file
  • the “additional information area” is an area for storing additional information about the file such as an electronic signature and a time stamp. It is.
  • data indicating the contents of the document is stored if the attached file of the conversion source is a document file, and image data is stored if the attached file is an image file.
  • time stamp non-addition format Fn does not have an additional information area! /, A file format, or even if it has an additional information area, information such as a time stamp is included in that area. This is a file format that runs out of capacity when stored.
  • the private key management information 322 stores the private key of the person who created the electronic mail to which the time stamp is added by the time stamp adding device 3.
  • the secret key management information 322 stores the secret key of the user who creates an email by the user terminal 1.
  • the attached file existence determining unit 301 determines whether or not an attached file is attached to the e-mail supplied from the communication unit 31. If it is attached, the attached file existence determination unit 301 separates and extracts the attached file from the electronic mail. When a plurality of attached files are attached to the e-mail, the attached file existence determining unit 301 extracts each attached file separately from the e-mail. If the attached file is not attached to the electronic mail, the attached file existence determining unit 301 supplies the electronic mail to the electronic signature unit 304.
  • the format discriminating unit 302 indicates that the file format of each attached file extracted by the attached file existence discriminating unit 301 is a difference between the time stamp non-addition format Fn and the time stamp addition format Fa! /. Is determined. For example, the format discriminating unit 302 discriminates the file format based on an extension for identifying the type of the attached file, file type information attached to the attached file, or the like.
  • the format conversion unit 303 refers to the conversion format information 321 shown in FIG. 3A, and converts the format of the attached file that has been determined by the format determination unit 302 to be the non-timestamping format Fn. Convert to additional format Fa.
  • the attached file after the format conversion is subject to digital signature and time authentication.
  • the format conversion unit 303 converts the file format C to the file format A.
  • the format conversion unit 303 does not perform the format conversion process of the attached file.
  • the electronic signature unit 304 attaches the electronic signature to them.
  • the electronic signature unit 304 uses the private key stored in the private key management information 322 to generate the signature value of the file of the e-mail or the time stamp addition format Fa.
  • the signature value refers to digital signature data based on a digital signature procedure specified by PRCS (Public Key Cryptography Standards) 7 or the like, for example.
  • PRCS Public Key Cryptography Standards
  • the time authentication unit 305 attaches the time stamp issued by the TSA server 4 to the electronic mail to which the electronic signature is given by the electronic signature unit 304 and the attached file of the electronic mail. Then, the time authentication unit 305 supplies the electronic mail to which the time stamp is given to the electronic mail reconstruction unit 306.
  • the e-mail reconstructing unit 306 re-attaches the e-mail by reattaching each attached file to which the time stamp is given by the time authenticating unit 305 to the e-mail separated by the attached file existence determining unit 301. Constitute. Then, the email reconstructing unit 306 supplies the reconstructed email to the electronic signature unit 304.
  • the electronic signature unit 304 of the control unit 30 is first stored in the main data area of the attached file using a predetermined hash function (for example, MD5, SHA-1, SHA-256, etc.).
  • a message digest (hash value) corresponding to the stored data is generated.
  • the electronic signature unit 304 encrypts the message digest with the secret key of the creator of the email with the attached file, and generates a signature value for the attached file.
  • the electronic signature unit 304 stores the signature value in the additional information area of the attached file.
  • time authentication unit 305 generates a “time stamp request hash value” based on the signature value of the attached file generated by the electronic signature unit 304.
  • the “time stamp request hash value” is information used when the time authentication unit 305 requests the TSA server 4 to issue a time stamp.
  • the time authentication unit 305 reads the signature value of the attached file generated by the electronic signature unit 304 from the additional information area of the attached file to which the time stamp is to be attached. Subsequently, as shown in FIG. 4B, the time authentication unit 305 generates a hash value corresponding to the signature value based on a predetermined hash function, and determines the hash value as a hash value for time stamp request.
  • the time authentication unit 305 requests the TSA server 4 to issue a time stamp using the hash value for requesting time stamp.
  • the time authentication unit 305 includes a time stamp request message in a predetermined format including a hash value for time stamp request. The message is generated and the message is transmitted to the TS A server 4 via the communication unit 31.
  • the TSA server 4 on the receiving side When receiving the time stamp request message from the time stamp adding apparatus 3, the TSA server 4 on the receiving side generates a time stamp token.
  • This time stamp token includes time information indicating the exact time when the TSA server 4 authenticated the attached file, and a hash value for the time stamp request in the received time stamp request message.
  • the TSA server 4 After the time stamp token is generated, the TSA server 4 generates a signature value corresponding to the time stamp token by substantially the same processing as the processing of the electronic signature unit 304 shown in FIG. 4A. That is, the TSA server 4 generates a signature value corresponding to the token by encrypting the hash value of the time stamp token obtained by a predetermined hash function with the secret key of the TSA server 4. Further, the TSA server 4 generates a “response message” including a time stamp token and the signature value of the token in accordance with a predetermined format, and transmits it to the request time stamp adding device 3.
  • the time stamp adding device 3 can acquire a response message including the exact time when the attached file is authenticated by the TSA server 4.
  • the signature value in the response message is decrypted with the public key of TSA server 4 to obtain the hash value of the token obtained by TSA server 4, and a predetermined hash function is used.
  • the hash value of the time stamp token in the response message is obtained.
  • the token is a token generated by the legitimate TSA server 4. What is necessary is just to discriminate
  • the time authentication unit 305 refers to the response message received by the communication unit 31 and verifies the time stamp issued by the TSA server 4. Specifically, (1) the presence or absence of an error message in the response message, (2) the presence or absence of a time stamp token in the response message, and (3) whether the time stamp token was generated by a legitimate TSA server 4 (4) Hash value power S included in the time stamp token, the time set by the time authentication unit 305 It is verified whether or not the hash value for the time stamp request matches.
  • the time authentication unit 305 writes the time stamp token in the response message and the signature value of the token in the additional information area of the attached file.
  • the electronic signature unit 304 and the time authentication unit 305 determine the time stamp addition position in the additional information area, the hash target data range in the main data area, and the like according to the file format of each attached file. A signature process and a time authentication process suitable for each are executed.
  • the e-mail reconstructing unit 306 converts each attached file into an e-mail that has been separated by the attached file existence determining unit 301. Attach it again and reconstruct a new email with attachments. Further, the e-mail reconstructing unit 306 supplies the reconfigured e-mail to the electronic signature unit 304.
  • the electronic signature unit 304 assigns an electronic signature to the new attached file-attached email by substantially the same processing as the processing shown in FIG. 4A, and sends the electronic signature to the time authentication unit 305. Supply.
  • the electronic signature unit 304 creates a message digest (hash) for the entire new email with an attached file (including the attached file) excluding the header part. Value). After the generation, the electronic signature unit 304 encrypts the hash value with the private key of the electronic mail creator in the private key management information 322, and generates a signature value corresponding to the entire new attached-attached electronic mail.
  • the electronic signature unit 304 encodes the signature value into character string data in accordance with a method such as BASE64, and writes the character string data in the header part of the email, thereby providing the electronic signature to the email.
  • the signature value is not limited to be written in the header part, but may be linked to electronic mail as electronic signature data. If the attached file existence discriminating unit 301 determines that an attached file is attached to the email! /, Te! /, Na! /, The electronic signature unit 304 creates an electronic signature for the body of the email. Apply.
  • the time authentication unit 305 adds a time stamp to the new electronic mail with attached file, and sends the e-mail with the time stamp to the e-mail reconstruction unit 306. Supply.
  • the time authentication unit 305 determines a hash value for requesting a time stamp by substantially the same processing as in FIG. 4B. Then, a time stamp request message including the hash value is generated and transmitted to the TS A server 4.
  • the time authentication unit 305 determines whether or not the response message is normal. If the response message is normal, the time stamp in the response message is determined. The token and its signature value are added to the header part of the e-mail. Note that the storage location of the time stamp token etc. is not limited to the header part, but may be the non-signature attribute area of the electronic signature data! /.
  • the email reconstruction unit 306 Upon receipt of the reconstructed attached email with the time stamp added from the time authentication unit 305, the email reconstruction unit 306 sends the email to the mail server 2 via the communication unit 31. Output. Note that an electronic signature may be attached only to the body of an email even if it is an email with an attached file. In this case, the electronic signature unit 304 determines whether or not an electronic signature is received in the electronic mail received from the mail server 2, and if there is no electronic signature, the electronic signature may be added to the electronic mail.
  • time stamp addition process in which the time stamp adding apparatus 3 having the above-described configuration adds a time stamp to the email received from the mail server 2 and the email with the attached file will be described.
  • This time stamp addition processing is started when the communication unit 31 of the time stamp addition device 3 receives an e-mail before being transmitted from the mail server 2 to the transmission destination.
  • the mail received by the time stamp adding device 3 is an electronic mail created by the user terminal 1.
  • the attachment file existence determination unit 301 determines whether or not a file is attached to the electronic mail received by the communication unit 31 (step S 101).
  • step S101 If no file is attached to the e-mail (step S101; No), the control unit 30 moves the process to step S109 in order to apply an electronic signature and time authentication to the e-mail body. If it is attached (step S 101; Yes), the attached file existence determination unit 301 separates the attached file and the body of the email attached to the email! /, And removes the attached file from the email. Extract (step S102).
  • the format determination unit 302 adds a time stamp to the extracted file. It is determined whether or not the format is for use Fa (step S103).
  • step S103 If it is the time stamp addition format Fa (step S103; Yes), the process skips step S104 and proceeds to step S105.
  • step S1 03 if the attached file is not the time stamp addition format Fa (step S1 03; No), the format conversion unit 303 sets the format of the attached file for time stamp addition based on the conversion format information 321. Convert to format Fa (step S104). Then, the control unit 30 moves the process to step S105.
  • the electronic signature unit 304 executes a file electronic signature process (step S105). As shown in FIG. 6, in the file electronic signature process, first, the electronic signature unit 304 determines whether or not an electronic signature has already been added to the attached file (step S201). If it has already been assigned (step S201; Yes), the control unit 30 ends the file digital signature process as it is, and the process returns to FIG.
  • step S201 if the electronic signature is not added (step S201; No), the electronic signature unit 304 uses the user's private key stored in the private key management information 322 to store the attached file. A signature value is generated, and the signature value is added to the file as an electronic signature (step S202). After the addition, the process returns to FIG.
  • the time authentication unit 305 executes the file time authentication process shown in FIG. 7 in order to add a time stamp to the file (step S106).
  • the time authentication unit 305 generates a time stamp request hash value for the signature value added to the attached file (step S301). .
  • the time authentication unit 305 generates a time stamp request message including the hash value for time stamp request shown in FIG. 4B (step S302), and sends the time stamp request message to the communication unit 31.
  • the TSA server 4 step S303.
  • Time authentication unit 305 determines whether or not a response message to the transmitted time stamp request message has been received from TSA server 4 via communication unit 31 (step S304). If the response message has not been received (step S304; No), the time authentication unit 305 waits until the response message is received. [0071] If the response message has been received (step S304; Yes), the time authentication unit 305 determines whether the time stamp (time stamp token and its signature value) included in the response message is normal or not. (Step S305).
  • step S 305 If the time stamp is not normal (step S 305; No), the process returns to step S 303, and the time authentication unit 305 transmits the time stamp request message to the TSA server 4 again.
  • the time stamp adding device 3 When the number of times that the time stamp is determined to be not normal in step S305 reaches a predetermined value, the time stamp adding device 3 notifies the user terminal 1 and the mail server 2 of an error, and the time stamp adding process is performed. You may make it complete
  • step S305 If the time stamp is normal (step S305; Yes), the time authentication unit 305 adds the time stamp acquired from the TSA server 4 via the communication unit 31 to the attached file (step S306). Then, the control unit 30 ends the file time authentication process, and the process returns to FIG.
  • the control unit 30 determines whether or not a time stamp has been added to all the attached files whose e-mail power is also extracted in step S102 (step S107). . If time stamps are not added to all the files (step S107; No), the control unit 30 returns the process to step S103, and performs steps S103 to S106 for each file to which no time stamp is added. Execute the process.
  • step S107 When time stamps are added to all files (step S107; Yes), the e-mail reconstruction unit 306 adds all files with time stamps to step S102! /, Then, it is attached again to the email once separated from the attached file, and a new email with the attached file is reconstructed (step S108).
  • the electronic signature unit 304 is substantially the same as the file electronic signature process shown in FIG.
  • the electronic mail electronic signature process (step S109) of 5 is executed.
  • step S201 Yes
  • the added electronic signature is not for an e-mail including the time stamp of the attached file. Therefore, the process is as shown in Figure 6.
  • step S202 the electronic signature unit 304 generates a new signature value for the entire electronic mail including the time stamp of the attached file and adds it to the electronic mail.
  • the time authentication unit 305 performs substantially the same processing as that of the file time authentication processing shown in FIG. 7 in order to add a time stamp to the email.
  • Time authentication processing (step S110) is performed.
  • the time authentication unit 305 attaches the time stamp issued by the TSA server 4 to the attached email with attached signature value based on the signature value.
  • the authentication time information is added to each attached file and the entire electronic mail including each attached file.
  • the control unit 30 transmits the electronic mail to which the electronic signature and the authentication time are given to the mail server 2 via the communication unit 31 (Step S111). The time stamp addition process is thus completed.
  • This file time stamp verification process is performed, for example, when a user who receives an e-mail with an attached file separates the attached file from the e-mail and saves it on the file saving PC. To start verifying the time stamp of the file.
  • the file storage PC first reads the time stamp recorded in the additional information area in the attached file (step S401). As a result, the file saving PC obtains the “time stamp token” and “signature value of the time stamp token” stored in the time stamp.
  • the file storage PC determines whether the time stamp token has been tampered with (step S402).
  • the method for determining the presence or absence of tampering is arbitrary. For example, a value obtained by decrypting the obtained signature value with the public key of the TSA server 4, the obtained time stamp token force, and a predetermined hash function are used. This can be determined by comparing the obtained hash value. If these values do not match, it is determined that the time stamp token has been tampered with (step S402; No), and processing is performed to notify the user that the time stamp is invalid.
  • Reason (Ma step S409i proceed.
  • the file storage PC determines that the time stamp token is a legitimate token that has not been tampered with (step S402; Yes). In this case, the hash value contained in the time stamp token is read to extract the hash value from the time stamp (step S403).
  • the file storage PC reads the signature value of the attached file attached to the attached file! /, And uses the same hash function as the hash function used by the time stamp adding device 3, A hash value of the signature value of the file is generated (step S404). After the generation, the file storage PC determines whether or not the generated hash value matches the hash value extracted from the time stamp in step S403 (step S405). If the hash values do not match each other (step S405; No), the process proceeds to step S409 to notify the user that the time stamp is invalid.
  • step S405 If the hash values match each other (step S405; Yes), it is considered that the time stamp has been detected normally, and then the file storage PC verifies the electronic signature of the file (step S406). ). For example, the file storage PC confirms the validity of the electronic certificate and determines whether the attached file has been tampered with (step S407). If there is no tampering (step S407; Yes), the file storage PC notifies the user that the time stamp is valid (step S408), and the processing ends, assuming that the file transmission date / time has been proved.
  • step S407 if the attached file has been tampered with (step S407; No), the file storage date / time PC notifies the user that the time stamp is invalid (step S407; No). S409), the file time stamp verification process is completed. Note that this file time stamp verification processing may verify the electronic signature attached to the attached file before determining whether the time stamp attached to the attached file has been tampered with.
  • the file storage PC when the file storage PC receives the e-mail, it reads a time stamp described in a state encoded in character string data at a predetermined location (for example, a header portion) of the e-mail. (Step S401).
  • a time stamp described in a state encoded in character string data at a predetermined location (for example, a header portion) of the e-mail.
  • the file storage PC decodes the read time stamp (encoded character string data) by a predetermined method (for example, BASE64), and acquires the time stamp token and its signature value. Further, the file storage PC verifies whether or not the time stamp token has been tampered with, and determines whether or not the time stamp token is genuine (step S402).
  • a predetermined method for example, BASE64
  • the file saving PC confirms the validity of the time stamp attached to the entire e-mail including the attached file by substantially the same processing as that in steps S404 to S409 of the file time stamp verification processing. Determine.
  • the file storage PC determines, for example, whether or not the entire electronic mail has been tampered with based on the verification result of the validity of the electronic certificate.
  • the file storage PC determines whether or not the entire electronic mail has been falsified based on the verification result of the electronic signature.
  • the recipient of the email with the attached file can separate the attached file from the email and store or distribute it while maintaining the originality of the attached file.
  • the time stamp adding device 3 is a time certification business operator (T that functions as a time certification authority under that business operator).
  • T time certification business operator
  • the time stamp issued by the SA server 4 is added to each attached file of the e-mail.
  • the time authentication unit 305 obtains the hash value of the time stamp token obtained by decrypting the signature value in the time stamp acquired from the TSA server 4 and a predetermined hash function. By comparing the hash value of the time stamp token obtained by itself with the hash value, it is determined whether the time stamp has been tampered with. If there is no alteration, a time stamp is attached to the attached file. As a result, it is possible to secure the non-falsification of this attached file.
  • the time authentication unit 305 stores the time stamp in the additional information area of the file. As a result, the various processes executed based on the data stored in the main data area of the attached file are not affected, and it is possible to maintain consistency with the existing application program.
  • time stamp adding apparatus can be variously modified without departing from the gist of the present invention, which is not limited to the above embodiment.
  • a “time stamp” that functions as a time certificate indicating the information of the authenticated time is not limited to being recorded in the additional information area of the attached file, but the time certificate is linked to the attached file. May be.
  • the time stamp adding device 3 attaches the time stamp generated by the TSA server 4 to the attached file.
  • the time stamp adding device 3 may newly generate a time proof file in which the time certificate is recorded, and attach this time proof file together with the attached file to the email text to be transmitted.
  • the time stamp adding apparatus 3 according to the second embodiment for performing such an operation will be described.
  • the time / time IJ authentication unit 305 includes a time value (time information), a hash value of the attached file (hash value for time stamp request), and a time signature (time stamp).
  • a “time certificate (time stamp)” including the token signature value) is acquired from the TSA server 4 via the communication unit 31. After the acquisition, the time authentication unit 305 generates a time certification file including the authentication time information indicated by the time certificate.
  • the time authentication unit 305 uses the file name excluding the extension of the time certification file as the time Set the file name to be the same as the file name excluding the extension of the attached file that is subject to certification, and set the extension of the attached file to an extension that indicates that it is a time certification file
  • the e-mail reconstructing unit 306 When the e-mail reconstruction unit 306 reattaches the attached file to the e-mail and reconfigures it, the e-mail reconstructing unit 306 also attaches the time certification file corresponding to the attached file to the e-mail.
  • the e-mail reconstruction unit 306 in the second embodiment attaches the attached file and the time certification file to the e-mail.
  • the extension tst in Fig. 9A is an extension to indicate that the file with the extension tst is a time certification file.
  • the time proof file corresponding to the attached file fflea.xxx in Fig. 9A is the file fflea.tst
  • the time proof file corresponding to the attached file ffleb.yyy is the file ffleb.tst. It can be identified from the file name of the attached file.
  • the file storage PC that received the e-mail with the attached file and the time certificate file, when the attached file is saved separately from the e-mail, the time corresponding to the attached file based on the file name excluding the extension Identify the certification file and save the time certification file along with the attached file.
  • the file storage PC verifies the time stamp of the attached file, it is recorded in the time certification file corresponding to the attached file.
  • the format discriminating unit 302 As a result, it is not necessary to provide the format discriminating unit 302, the format converting unit 303, and the conversion format information 321 shown in FIG. 3, and the configuration of the time stamp adding device 3 can be simplified.
  • the electronic signature unit 304 adds a new electronic signature to the attached file, the electronic signature data may be recorded together with the time certification file.
  • an associated file for associating the attached file with a time proof file that proves the time of the attached file is created. You may make it attach to an email.
  • the file name assigned to the time certification file may be arbitrary.
  • the correspondence information for associating the attached file with the time certification file may be described in the header of the e-mail.
  • the operation of the time stamp adding device described in the first and second embodiments may be used properly.
  • a rule indicating how to add a time stamp is specified in advance for each format of the attached file. For example, the ability to convert the format and attach a time stamp in the attached file as in Embodiment 1, or the ability to associate the time certification file in which the time stamp was recorded without converting the format as in Embodiment 2; Rules such as, etc. are established for each format. Based on this rule, a time stamp is added to the attached file.
  • the time stamp adding apparatus 3 is basically the same as the example of FIG. 3 described in the first and second embodiments.
  • the control unit 30 includes a time stamp addition rule specifying unit 307.
  • the storage unit 32 of the third embodiment stores time stamp additional information 323 instead of the conversion format information 321.
  • Time stamp addition information 323 associates a file format with a time stamp addition rule indicating a method of adding a time stamp.
  • the time stamp addition rule specifying unit 307 reads the time stamp addition rule associated with the determined format from the time stamp addition information 323 and applies it to the attached file. To do.
  • this time stamp addition information 323 stores, for each file format, a time stamp addition rule applied to an attached file in that format.
  • the attached file is a text file
  • the text data of the file Force A time stamp is added to the converted PDF file that can be automatically converted to an SPDF file (Adobe Acrobat (registered trademark) file) and a time stamp can be added.
  • SPDF file Auto-Program (registered trademark) file
  • the attached file is originally a PDF file to which a time stamp can be added, the time stamp is added to the PDF file without any format conversion.
  • the attached file when the attached file is an e-mail message file, it is converted to the SPDF file with the body of the message file, and a time stamp is added to the converted PDF file.
  • the message when another e-mail is attached as an e-mail attachment, the message is converted to a PDF file by converting only the body of the attached message file in consideration of the distribution of the attached file. Authenticate.
  • the attached file is a CAD (Computer Aided Design) data file
  • a time certification file indicating a time stamp is created and attached to the e-mail. If a CAD data file is converted to a PDF file, the image accuracy may be reduced, and the correction work may be complicated.
  • SCAD data file with an attached file leave it as an attached file, create a time certificate file, and attach it to an e-mail separately.
  • the time stamp addition rule specifying unit 307 follows the time stamp addition rule determined for each format! /, Format conversion operation according to the format of each attached file, time certificate attachment operation, etc. Is specified. In other words, the time-stamped calor rule specifying unit 307 specified the conversion condition for converting the format, or specified the attachment condition for specifying whether to generate a time certificate file and attach it to the email. You The conditions specified here are applied to the attached file.
  • the time stamp addition rule specifying unit 307 if it is determined to add a time stamp by converting the time stamp addition rule format, format conversion unit 303, electronic signature unit 304 Then, the time authentication unit 305, the e-mail reconstruction unit 306, etc. are controlled to convert the attached file into a format to which a time stamp can be added in the same manner as in the first embodiment, and the time stamp is added to the converted file. Append. Time stamp addition rule force S If the time stamp is specified to be added without format conversion, the time stamp addition rule designating unit 307 directly adds the time stamp to the attached file.
  • the format conversion unit 303, the electronic signature unit 304, the time authentication unit 305, The e-mail reconstruction unit 306 and the like are controlled to create a time certification file as in the second embodiment described above.
  • the email reconstructing unit 306 when there is a time certificate file, displays the correspondence between the attached file and the time certificate file in the header of the email. Describe. It is also possible to create a file that shows such correspondences separately! / ⁇ .
  • the e-mail reconstructing unit 306 reconstructs the e-mail by attaching the attached file and the time certification file to the e-mail. Then, the electronic signature unit 304 or the time authentication unit 305 performs an electronic signature or time authentication on the entire electronic mail, respectively.
  • the time stamp adding device 3 transmits an e-mail in which the time stamp is added to the attached file by such processing to the mail server 2.
  • the time stamp additional information 323 stores a conversion operation determined by default.
  • the time stamp adding device 3 is provided with an input unit so that the rules in the time stamp additional information 323 can be changed, and conversion operations for individual file formats can be separately registered in the time stamp additional information 323. Good.
  • the time stamp adding device 3 has the secret key management information 322 for storing the secret key of the creator of the e-mail.
  • the storage location of the user's private key is not limited to the time stamp adding device 3 and may be the user terminal 1.
  • the electronic signature unit 304 determines that an electronic signature has not been added to the attached file, the attached file is temporarily transferred from the time stamp adding device 3 to the user terminal 1 that stores the private key. It is only necessary to transmit and receive the file with the electronic signature added by the user terminal 1.
  • the electronic signature unit 304 sends the reconstructed email to the user terminal 1 where the private key is stored, and the user terminal 1 sends the electronic signature.
  • An electronic mail with a signature may be acquired via the communication unit 31.
  • the mail server 2 and the time stamp adding device 3 are not limited to being configured as separate cases, but the mail server 2 and the time stamp adding device 3 may be configured as a single case.
  • the time stamp request message is not limited to storing the hash value of the signature value extracted from the attached file with the electronic signature, but may also store the hash value of the data in the main data area of the attached file. Good. In this case as well, it is possible to avoid affecting the processing executed based on the contents of the main data storage area of the attached file while ensuring the originality of the attached file. It is easy to maintain consistency.
  • the time certification authority is not limited to the time certification business that receives the time distribution from the TA, but the time certification business that receives the time distribution from other time sources by NTP (Network Time Protocol), etc. It may be a time certification company that captures the time of the atomic clock.
  • control unit 30 of the time stamp adding device 3 is not limited to software, and can also be realized by dedicated hardware. Further, the time stamp adding device 3 may be configured by a normal computer system.
  • the time stamp adding apparatus 3 has been described on the assumption that the operation program is stored in advance in a memory or the like.
  • the processing operation described above The program to be executed is stored and distributed on a computer-readable recording medium such as a flexible disk, CD—ROM (Compact Disk Read-Only Memory), DVD (Digital Versatile Disk), MO (Magneto-Optical disk), etc. Then, by installing the program in the computer, a device that executes the above processing operation may be configured.
  • the program may be stored in a disk device or the like of a predetermined server device on a communication network such as the Internet, and may be superposed on a carrier wave and downloaded to a computer.
  • the above-described processing can also be achieved by starting and executing a program while transferring it via a communication network.
  • OS Operating System
  • only the parts other than the OS are stored in the medium for distribution. It may also be downloaded to a computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Des informations temporelles hautement fiables relatives à un fichier joint à un courrier électronique sont facilement acquises. Lors de la réception d'un courrier électronique avant une transmission par un serveur de courriers électroniques, un appareil d'ajout de marquage temporel (3) détermine si un fichier est joint au courrier électronique à l'aide d'une section de détermination de présence de fichier joint (301) et, si c'est le cas, prend le fichier du courrier électronique. L'appareil d'ajout de marquage temporel (3) ajoute un marquage temporel à chaque fichier à l'aide d'une section de signature électronique (304), joint à nouveau le fichier auquel le marquage temporel a été ajouté au courrier électronique à l'aide d'une section de reconfiguration de courrier électronique (306), et le renvoie au serveur.
PCT/JP2007/072128 2006-11-14 2007-11-14 Appareil d'ajout de moment d'authentification, procédé d'ajout de moment d'authentification, et programme Ceased WO2008059898A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006307821 2006-11-14
JP2006-307821 2006-11-14

Publications (1)

Publication Number Publication Date
WO2008059898A1 true WO2008059898A1 (fr) 2008-05-22

Family

ID=39401702

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/072128 Ceased WO2008059898A1 (fr) 2006-11-14 2007-11-14 Appareil d'ajout de moment d'authentification, procédé d'ajout de moment d'authentification, et programme

Country Status (1)

Country Link
WO (1) WO2008059898A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011095803A (ja) * 2009-10-27 2011-05-12 Canon It Solutions Inc 情報処理装置、情報処理システム、制御方法、プログラム、及びプログラムを記録した記録媒体
JP7228735B1 (ja) 2022-07-21 2023-02-24 株式会社Akuodigital 情報処理装置、タイムスタンプ付与方法、タイムスタンプ付与プログラム、及び通信システム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004104596A (ja) * 2002-09-11 2004-04-02 Seiko Instruments Inc タイムスタンプメールサーバシステム
JP2006072774A (ja) * 2004-09-03 2006-03-16 Katsumasa Kenmochi 電子メール保管システム、電子メールシステム
JP2006245773A (ja) * 2005-03-01 2006-09-14 Murata Mach Ltd インターネットファクシミリ装置及びそのプログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004104596A (ja) * 2002-09-11 2004-04-02 Seiko Instruments Inc タイムスタンプメールサーバシステム
JP2006072774A (ja) * 2004-09-03 2006-03-16 Katsumasa Kenmochi 電子メール保管システム、電子メールシステム
JP2006245773A (ja) * 2005-03-01 2006-09-14 Murata Mach Ltd インターネットファクシミリ装置及びそのプログラム

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011095803A (ja) * 2009-10-27 2011-05-12 Canon It Solutions Inc 情報処理装置、情報処理システム、制御方法、プログラム、及びプログラムを記録した記録媒体
JP7228735B1 (ja) 2022-07-21 2023-02-24 株式会社Akuodigital 情報処理装置、タイムスタンプ付与方法、タイムスタンプ付与プログラム、及び通信システム
WO2024019083A1 (fr) * 2022-07-21 2024-01-25 株式会社Akuodigital Dispositif de traitement d'informations, procédé d'ajout d'estampille temporelle, programme d'ajout d'estampille temporelle, et système de communication
JP2024014104A (ja) * 2022-07-21 2024-02-01 株式会社Akuodigital 情報処理装置、タイムスタンプ付与方法、タイムスタンプ付与プログラム、及び通信システム

Similar Documents

Publication Publication Date Title
US20190372782A1 (en) Data Certification Device, Non-transitory Computer-readable Medium, and Method Therefor
JP4132530B2 (ja) 電子保存装置
JP3782259B2 (ja) 署名作成装置
JP4788212B2 (ja) デジタル署名プログラム及びデジタル署名システム
KR20200088995A (ko) 화상 형성 장치에서 블록체인을 기반한 문서의 보안 및 무결성 검증
JP2010081372A (ja) 電子文書登録システム、電子文書登録装置、電子文書登録方法およびコンピュータプログラム
JP5179319B2 (ja) 電子文書管理装置および電子文書管理方法
JP5043527B2 (ja) 文書検証方法、文書検証装置、文書検証プログラム、および文書検証プログラムを記憶した記憶媒体
JP2007288747A (ja) 画像処理システムおよび画像処理システムの制御方法および画像形成装置および画像再生装置
JP5700423B2 (ja) 長期署名用端末、長期署名用サーバ、長期署名用端末プログラム、及び長期署名用サーバプログラム
JP4788213B2 (ja) タイムスタンプ検証プログラム及びタイムスタンプ検証システム
EP2887247B1 (fr) Appareil et procédé de traitement d'informations et programme
JP2009026076A (ja) 文書管理システム
JP2005063268A (ja) 電子ファイル認証システムおよび電子ファイル認証サーバならびに電子ファイル認証方法
WO2008059898A1 (fr) Appareil d'ajout de moment d'authentification, procédé d'ajout de moment d'authentification, et programme
JP4742189B2 (ja) タイムスタンプ付加装置、タイムスタンプ付加方法、電子メール中継サーバ及びコンピュータプログラム
JP4901272B2 (ja) 情報生成処理プログラム、情報生成装置及び情報生成方法
JP2006050504A (ja) 画像処理装置およびその方法
JP5102881B2 (ja) タイムスタンプ付加装置、タイムスタンプ付加方法、電子メール中継サーバ及びコンピュータプログラム
JP3638910B2 (ja) 電子署名装置、電子署名方法、電子署名プログラムおよび電子署名プログラムを記録した記録媒体
JP2016163198A (ja) ファイル管理装置、ファイル管理システム、ファイル管理方法及びファイル管理プログラム
JP5661589B2 (ja) 認証管理装置および認証管理方法
JP2007181093A (ja) タイムスタンプサーバ装置、及びタイムスタンプ発行方法、及びタイムスタンプ発行プログラム
KR101355080B1 (ko) 컨텐츠 프로바이더를 위한 디지털 원본 컨텐츠 배포 시스템 및 방법
JP2003298575A (ja) 原本性保証システム、電子署名生成インタフェース方法、原本性検証インタフェース方法、プログラム、及び記録媒体

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07831858

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07831858

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)