JP2017098697A - Signature verification system and signature verification method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a signature verification system and a signature verification method for realizing transaction signature without using a hardware token dedicated to transaction signature. A terminal device includes a first hashing unit that hashes first information to be signed to obtain a first hash value, and a transmission unit that transmits the first hash value and confidential information to the signing device. The web browser device verifies the signature and the first information, including a signature generator that generates a signature from the signature key for the first hash value and the secret information, and a transmitter that sends the signature to the terminal device. The verification device includes a transmission unit that transmits to the device, and the verification device uses a second hashing unit that hashes the first information to obtain a second hash value, and a secret information, a verification key, a signature, and a second hash value. Includes a verification unit that verifies whether the first information has been tampered with. [Selection diagram] Fig. 1

Description

  The present invention relates to a signature verification system and a signature verification method.

  At present, electronic commerce and electronic financial transactions are actively performed with the development of the Internet. Among them, the MITB (Man-in-the-Browser, see Non-Patent Document 1) attack has recently become a problem. Attention is focused on a transaction signature (see Non-Patent Document 2) that is said to be highly secure, although there are several methods for dealing with the MITB attack.

  The transaction signature is applied to the bank account of the transfer destination, so that the bank can complete the transaction while ensuring the authenticity of the transfer destination. For the signing of the transaction signature, a hardware token is currently used in many cases.

"What is a MITB attack?" [Online], October 20, 2009, [November 10, 2015 search], Internet <URL: http://securityblog.jp/words /790.html> “What is transaction signature?” [Online], November 25, 2014, [Search November 10, 2015], Internet <URL: http: //securityblog.jp/words/transaction_signatures.html>

  In a conventional transaction signature, a service provider such as a financial institution (hereinafter also simply referred to as “provider”) distributes a hardware token in which a signature key is previously placed in a tamper-resistant area. A service user (hereinafter also referred to as a “user”) enters the transaction contents into the hardware token, generates a signature, and inputs the signature to a personal computer or the like.

  However, this method requires the provider to manufacture and distribute hardware tokens in advance. In other words, the provider costs for the production and distribution of hardware tokens.

  The user also needs a hardware token to use the service. Therefore, in order to realize a transaction on the go, it is necessary to carry a hardware token, which is extremely inconvenient. For example, to maintain a state where transactions can be made at any time, a hardware token must always be carried.

  Furthermore, since the hardware token for each financial institution is different, the management cost of the hardware token increases for the user.

  It is an object of the present invention to provide a signature verification system and a signature verification method that realize a transaction signature without using a hardware token dedicated to transaction signature.

  To solve the above problems, according to one aspect of the present invention, a signature verification system includes a web browser device operated by a user, and a terminal device including a storage unit operated by the user and storing secret information. And a signature device including a storage unit in which a signature key is stored, and a verification device in which secret information and a verification key are stored. The terminal device includes a first hashing unit that obtains a first hash value by hashing the first information to be signed, and a transmission unit that transmits the first hash value and the secret information to the signature device. A signature generation unit that generates a signature from the signature key for the first hash value and the secret information, and a transmission unit that transmits the signature to the terminal device. The web browser device verifies the signature and the first information. Including a transmission unit that transmits to the device, the verification device uses a second hashing unit that hashes the first information to obtain a second hash value, the secret information, the verification key, the signature, and the second hash value, A verification unit that verifies whether or not the first information has been tampered with.

  In order to solve the above problems, according to another aspect of the present invention, a signature verification method includes a web browser device operated by a user and a terminal including a storage unit operated by the user and storing confidential information. An apparatus, a signature apparatus including a storage unit in which a signature key is stored, and a verification apparatus in which secret information and a verification key are stored are used. A first hashing step in which the terminal device hashes the first information to be signed to obtain a first hash value; a transmission step in which the terminal device transmits the first hash value and the secret information to the signature device; and a signature A signature generation step in which the device generates a signature from the signature key for the first hash value and the secret information; a transmission step in which the signature device transmits the signature to the terminal device; and a web browser device in which the signature and the first A transmitting step for transmitting information to the verification device, a second hashing step in which the verification device hashes the first information to obtain a second hash value, and the verification device includes the secret information, the verification key, the signature, and the second A verification step of verifying whether the first information has not been tampered with using the hash value.

  According to the present invention, there is an effect that a transaction signature can be realized without using a hardware token dedicated to the transaction signature.

FIG. 3 is a layout diagram of devices included in the signature verification system according to the first embodiment. The functional block diagram of the personal computer which concerns on 1st embodiment. The functional block diagram of the smart phone which concerns on 1st embodiment. The functional block diagram of the transaction server which concerns on 1st embodiment. The figure which shows the example of the data hold | maintained at the verification key management means which concerns on 1st embodiment. The functional block diagram of the signature server which concerns on 1st embodiment. The figure which shows the example of the data hold | maintained at the signature key management means which concerns on 1st embodiment. The figure which shows the flowchart of a user registration process. The sequence diagram of a user registration process. The figure which shows the flowchart of a service provision process. The sequence diagram of a service provision process.

  Hereinafter, embodiments of the present invention will be described. In the drawings used for the following description, constituent parts having the same function and steps for performing the same process are denoted by the same reference numerals, and redundant description is omitted.

<Points of first embodiment>
In order to realize a transaction signature without using a hardware token, a method for realizing a transaction signature on a general-purpose information terminal such as a smartphone (hereinafter referred to as “smartphone”) is proposed. At this time, a method of mounting (storing) a signature key for performing a transaction signature on the smartphone can be considered. However, it is difficult to secure a safe area for smartphones. Therefore, in the present embodiment, only a part for generating a signature (for example, MAC (Message Authentication Code)) from the management of the signature key and the transaction content is transferred to an external server (hereinafter also referred to as “signature server”) having a secure area. . The smartphone is used as a user interface part for generating a signature, and the user can operate the smartphone so that a hardware token function is included. The transaction server verifies the signature sent from the user and the transaction content, and executes the transaction after confirming the authenticity of the transaction content.

  At this time, MAC (message authentication code) is used as an example of a method for generating an authentication code (signature), but any method can be used as long as it can detect tampering (for example, a tampering detection method based on signature and verification).

  At this time, since it is possible to increase the number of transaction servers to communicate with, a transaction signature can be made with a plurality of transaction servers with a single smartphone. Moreover, at this time, when transmitting the MAC acquired by the smartphone to the transaction server, the input means to the personal computer is not limited. For example, manual input may be used.

<Signature Verification System According to First Embodiment>
FIG. 1 is a layout diagram of devices included in the signature verification system 100 according to the first embodiment.

  The signature verification system 100 includes a personal computer (hereinafter also referred to as “web browser device”) 110, a smartphone (hereinafter also referred to as “terminal device”) 120, a transaction server (hereinafter also referred to as “verification device”) 130, a signature. Server (hereinafter also referred to as “signature device”) 140. Each device can communicate with each other via the network 1.

<PC 110>
The personal computer 110 includes web browser means 111 (see FIG. 2). The web browser unit 111 functions as a browser for use of the World Wide Web (WWW). A browser is software that displays information on a computer for a certain purpose and allows browsing. The personal computer 110 includes an input device (for example, a mouse, a keyboard, and a touch panel) and an output device (for example, a display and a touch panel) (not shown). The user can operate the personal computer by operating the input device while browsing the output device.

<Smartphone 120>
The smartphone 120 includes an input / output unit 121, an encryption / decryption unit 122, a seed management unit 123, a hashing unit 124, and a communication unit 125 (see FIG. 3).

  The input / output unit 121 receives input from a user through a touch panel or the like, and presents information to the user using the touch panel or the like.

  The encryption / decryption means 122 performs encryption and decryption for exchanging encrypted information in order to protect communication contents with the transaction server 130 and the signature server 140 from threats on the path. The web browser means 111 of the personal computer 110 is assumed to have a function of performing encryption and decryption provided in a conventional web browser. For example, encryption and decryption are performed using SSL (Secure Sockets Layer).

  The seed management means 123 identifies and holds a seed (hereinafter also referred to as “secret information”) that is shared information with the transaction server for each service. For example, a combination of a service used by the user of the smartphone 120 and a seed corresponding to the service is stored.

  The hashing means 124 hashes the information (for example, transaction contents) whose signature is inputted by the user using a hash function.

  The communication means 125 communicates necessary information with the signature server 140 and the transaction server 130. The web browser means 111 of the personal computer 110 has a communication function that a conventional web browser has, and can communicate at least the necessary information with the transaction server 130.

<Transaction server 130>
The transaction server 130 includes a user management unit 131, a seed generation unit 132, an encryption / decryption unit 133, a verification key management unit 134, a time acquisition unit 135, a hashing unit 136, a verification unit 137, a service Providing means 138 and communication means 139 are provided (see FIG. 4).

  The user management unit 131 identifies and holds a user profile.

  The seed generator 132 generates a seed, which is confidential information with the user, using a random number generator.

  The encryption / decryption means 133 performs encryption / decryption for exchanging encrypted information in order to protect communication contents with the personal computer 110, the smartphone 120, and the signature server 140 from threats on the path.

  The verification key management unit 134 identifies and holds a verification key for each user. FIG. 5 shows an example of data held in the verification key management unit 134.

  The time acquisition unit 135 acquires the current time.

  The hashing means 136 hashes the transaction contents (transfer account number etc.).

  The verification means 137 verifies the signature part of the transaction content with a signature sent from the smartphone 120 and confirms the authenticity of the transaction content.

  The service providing unit 138 provides a service that the provider mainly wants to provide. For example, in the case of a financial institution, an account system that is a settlement function corresponds to the service providing means 138.

  The communication unit 139 exchanges necessary information with the personal computer 110, the smartphone 120, and the signature server 140.

<Signature server 140>
The signature server 140 includes a signature key management unit 141, a user management unit 142, a time acquisition unit 143, a signature generation unit 144, an encryption / decryption unit 145, and a communication unit 146 (see FIG. 6).

  The signature key management unit 141 identifies and holds a signature key for signing transaction contents for each user and service. FIG. 7 shows an example of data held in the signature key management unit 141.

  The user management unit 142 identifies and holds the service used by the user.

  The time acquisition unit 143 acquires the time.

  The signature generation unit 144 generates a signature (for example, MAC) from the signature key corresponding to the user and the service for the hashed transaction content, seed, and time provided from the user's smartphone 120.

  The encryption / decryption means 145 performs encryption / decryption for exchanging encrypted information in order to protect the communication content with the smartphone 120 and the transaction server 130 from threats on the route.

  The communication unit 146 exchanges necessary information with the smartphone 120 and the transaction server 130.

<Implementation flow>
In the present embodiment, a financial institution is assumed as the transaction server, but it goes without saying that the signature verification system can be applied to various services using transaction signatures. First, it is necessary to register a user before providing a service. It is assumed that data is transmitted / received via the communication function of the web browser unit 111 of the personal computer 110, the communication unit 125 of the smartphone 120, the communication unit 139 of the transaction server 130, and the communication unit 146 of the signature server 140. Further, the encryption / decryption function provided in the web browser unit 111 of the personal computer 110, the encryption / decryption unit 122 of the smartphone 120, the encryption / decryption unit 133 of the transaction server 130, and the encryption / decryption unit 145 of the signature server 140, It is assumed that data is encrypted at the data transmission source and decrypted at the data transmission destination.

<User registration process>
The user performs user registration to use the service. FIG. 8 is a flowchart of the user registration process, and FIG. 9 is a sequence diagram of the user registration process.

  The web browser means 111 of the personal computer 110 accesses the service provider's transaction server 130 and makes a registration application to the transaction server 130 by a user operation. Further, the web browser means 111 displays a registration application screen. For example, the registration application screen includes a field for inputting the SMS number of the smartphone 120 used for signing. The SMS number of the smartphone 120 is input to the web browser unit 111 by a user operation. The web browser means 111 transmits the input SMS number to the transaction server 130 (S1).

  The transaction server 130 receives the SMS number and transmits a registration URL via the SMS to the smartphone 120 corresponding to the received SMS number (S2). The registration URL is different for each SMS number. For example, a message such as “Please click on the registration URL below to proceed with the registration procedure” is sent via SMS.

  The smartphone 120 accesses the registration URL by a user operation via the input / output unit 121 and makes a registration application to the transaction server 130 (S3). The transaction server 130 confirms the existence of the smartphone 120 associated with the SMS number by confirming access to the registration URL. In addition, the registration application is performed twice from the personal computer 110 and the smartphone 120 together. The registration application from the personal computer 110 is performed for user registration, and the registration application from the smartphone 120 is performed in order to reliably associate the smartphone 120 with the user.

  The user management means 131 of the transaction server 130 registers user information after confirming the existence of the user's smartphone (S4). For example, as user information, information related to a smartphone (IP address, MAC address, SMS number, etc.) and user ID (if the user only needs to be identified, the user may input some identifier, and the user management unit 131 is already present. It may be generated so as not to overlap with the user ID, or the above MAC address, SMS number, etc. may be used as the user ID) and user profile (name, address, phone number, age, gender, occupation, etc.) Register a combination with. At this time, the verification key management unit 134 generates a verification key for each user and holds a combination of the user ID and the verification key (see FIG. 5). Therefore, the user information includes at least a user ID. In this embodiment, it is assumed that signature and verification are performed using a common key cryptosystem, and the verification key and the signature key are common.

  Transaction server 130 transmits the URL of signature server 140 to smartphone 120 (S5).

  Moreover, the transaction server 130 sends the user information corresponding to the user (at least the user ID may be included) and the signature key to the signature server 140 (S6).

  The smartphone 120 receives the URL of the signature server 140, displays it on the input / output unit 121, accesses the signature server 140 by a user operation via the input / output unit 121, and makes a registration application (S7). For example, the input / output means 121 displays a message such as “continuely click on the following registration URL to proceed with the registration procedure”.

  The signature server 140 confirms the presence of the user by detecting an access from the smartphone 120, and registers the service information and the user information when the user confirmation is obtained (S8). The service information includes a service ID (an identifier for uniquely identifying the service). For example, the signature key management unit 141 registers and holds a combination of a user ID included in user information and a service ID and signature key included in service information (see FIG. 7). The signature key and the user ID are those received from the transaction server 130 (S6). Regarding the service ID, if the transaction server 130 provides only one service, the ID of the transaction server 130 may be used as the service ID as it is, or if the transaction server 130 provides two or more services, In S6, a service ID usable by the user may be received together with the user ID and the signature key.

  When the registration process is completed, the signature server 140 transmits a registration completion guide to the smartphone 120 (S9), and redirects the smartphone 120 to the transaction server 130 after a few seconds.

  The input / output unit 121 of the smartphone 120 displays a registration completion guide and is redirected to the transaction server 130 after a few seconds. The smartphone 120 requests a seed (hereinafter also referred to as “secret information”) from the transaction server 130 after the redirection (S10). Note that access to the transaction server 130 of the smartphone 120 may be regarded as a seed request, or the transaction server 130 causes the input / output unit 121 of the smartphone 120 to display a button corresponding to the seed request, so that the user can When the input / output unit 121 is operated and the button or the like is pressed (clicked), it may be considered that the seed is requested.

  When a seed is requested, the seed generation unit 132 of the transaction server 130 randomly generates a seed that does not overlap with a past seed (S11) and transmits the seed to the smartphone 120 (S12). The verification key management unit 134 of the transaction server 130 stores a combination of a randomly generated seed, a user ID, and a verification key (see FIG. 5).

  The smartphone 120 receives the seed via the communication unit 125, and the seed management unit 123 identifies and holds the received seed for each service.

  With the above processing, user registration is completed. Next, the service providing process will be described.

<Service provision processing>
FIG. 10 is a flowchart of the service providing process, and FIG. 11 is a sequence diagram of the service providing process.

  The web browser means 111 of the personal computer 110 accesses the transaction server 130 and makes a transaction application (S21).

  The transaction server 130 displays the signature on the web browser means 111 of the personal computer 110 so as to input the signature (S22).

  The user operates the input / output unit 121 of the smartphone 120 to input the transaction content or a part thereof (for example, an account number) into the smartphone 120. The hashing unit 124 of the smartphone 120 hashes the input transaction contents or a part thereof. Furthermore, the smartphone 120 extracts the seed corresponding to the service from the seed management unit 123, and transmits the hashed transaction content (hereinafter also referred to as “hash value”) and the extracted seed to the signature server 140 (S23).

The signature generation unit 144 of the signature server 140 receives the hash value h ₁ and the seed, and extracts the signature key held in the signature key management unit 141. At this time, the user ID may be received by some method and the corresponding signature key may be extracted. For example, when a MAC address is used as the user ID, a configuration in which the MAC address is automatically transmitted when the smartphone 120 accesses the signature server 140 can save the user from inputting the user ID. Can do. Moreover, it is good also as a structure which requests | requires input of a user ID at the time of use start of a service (at the time of login). If there is a possibility that one user uses two or more services with one user ID, the service ID is also transmitted together with the user ID. For example, when inputting transaction details, it may be displayed on the input / output unit 121 so as to select a service to be used. Further, the signature generation unit 144 of the signature server 140 acquires a time t ₁ from the time acquisition unit 143 and outputs a control signal so as to be transmitted to the signature generation unit 144 of the signature server 140.

The signature generation unit 144 of the signature server 140 generates a signature from the signature key corresponding to the user ID and the service ID for the seed, the hash value h _1, and the time t ₁ (S 24), and transmits the signature to the smartphone 120. (S25). For example, a signature is generated by encrypting a value obtained by arranging the hash value h ₁ , the seed, and the time t ₁ in a predetermined order using a signature key.

  The input / output unit 121 of the smartphone 120 displays a signature. The web browser means 111 of the personal computer 110 receives a signature by a user operation (for example, by an input device such as a keyboard) (S26), and transmits the signature to the transaction server 130 together with the input transaction content (S27).

The transaction server 130 receives the transaction content and the signature, and the hashing unit 136 of the transaction server 130 hashes the transaction content to obtain a hash value h ₂ and outputs it to the verification unit 137.

  The verification unit 137 of the transaction server 130 takes out the seed and verification key held in the verification key management unit 134. When receiving the transaction contents and the signature, the verification unit 137 receives the user ID and extracts the seed and verification key corresponding to the user ID.

The verification unit 137 of the transaction server 130 acquires the time t ₂ in the time acquisition unit 135 and outputs a control signal so as to be transmitted to the verification unit 137.

The verification means 137 of the transaction server 130 verifies whether or not the transaction content has been tampered with using the hash value h ₂ , the seed, the verification key, the signature, and the time t ₂ (S 28), and outputs the verification result. .

  For example, when the common key cryptosystem is used, the signature key and the verification key have a common value, and the following two verification methods are conceivable. Other verification methods may be used.

(1) The verification unit 137 generates a signature σ ₂ from the verification key for the hash value h ₂ , the seed, and the time t ₂ . For example, the signature σ ₂ is generated by encrypting the value obtained by arranging the hash value h ₂ , the seed, and the time t ₂ in a predetermined order (the same predetermined order as when generating the signature σ ₁ ) using the verification key. To do. It is verified whether or not the signature σ ₂ and the signature σ ₁ match, and if they match, it is determined that the signature has not been tampered with. For example, at time t ₁ and time t ₂ , only the unit of “hour” or more is used (the unit of “minute”, the unit of “second” is not used), for example, at 3:30 pm The generated signature σ ₁ and the signature σ ₂ generated from 3:30 pm to 3:59 pm have the same value, and the signature σ ₁ is different from the signature σ ₂ generated after 4 pm Become. With such a configuration, it is possible to determine whether the time from time t ₁ to time t ₂ exceeds a predetermined time, set the expiration date of the signature, and reduce the risk of decryption. Can be reduced. Note that the above-described method is an example of an expiration date setting method using time, and various conventional setting methods may be used.

(2) The verification unit 137 obtains a decryption result from the verification key for the signature. For example, the signature is decrypted using the verification key, and the decryption result is obtained. When properly be decoded, the decoding result includes a seed, a hash value h ₁ and the time t ₁ is. Therefore, whether or not the seed, the hash value h ₁ and the time t ₁ are included in the decryption result is verified, and if it is included, it is determined that the tampering has not been made. For example, when a signature is generated by encrypting a value obtained by arranging the hash value h ₁ , the seed, and the time t ₁ in a predetermined order using a signature key, the decryption result includes the hash value h in the same predetermined order. ₁ , seed and time t ₁ are lined up. Therefore, (i) whether or not the seed included in the decryption result (a value located at a position where the seed is expected to exist when decryption is properly performed) matches the seed extracted from the verification key management unit 134 ( ii) The hash value h ₁ included in the decryption result (the value located at the position where the hash value h ₁ is expected to exist when decrypted properly) matches the hash value h ₂ obtained by the hashing means 136. (Iii) time t ₁ (a value located at the position where time t ₁ is expected to exist when decoding is possible) and time t ₂ (for example, only units greater than “hour” as described above) Is used), and if all match, it is determined that it has not been tampered with. If either does not match, it is determined that the image has been tampered with. Regarding the condition (iii), for example, using a unit smaller than “hour”, it is verified whether or not the difference (t ₂ −t ₁ ) between time t ₁ and time t ₂ exceeds a predetermined time. However, if it does not exceed, it may be determined that it has not been tampered with. Even with this method, it is possible to set the expiration date of the signature.

  The service providing unit 138 provides a service when the verification result indicates that the verification result has not been falsified (passed the verification). For example, if the service content is a settlement function of a financial institution, a settlement process is performed and a transaction completion notice is transmitted (S28).

  When the verification result indicates falsification (not passing verification), an error message or the like is transmitted and the service is not provided.

<Effect>
With the above configuration, a transaction signature can be realized with the same level of security without using a hardware token dedicated to transaction signature. In today's society, many people carry smartphones. Therefore, it can be said that carrying a smartphone is more convenient than carrying a hardware token.

  In addition, since smartphones are activated by applications, multiple applications can be placed in the smartphone, or by supporting multiple financial institutions in the application itself, the user seems to have multiple hardware token functions in the smartphone. It is possible to perform transaction signatures for multiple financial institutions with just one smartphone.

  For the provider, the manufacturing cost and distribution cost of the hardware token can be saved. Instead of hardware token manufacturing costs, application creation costs are incurred, but once an application is created, there is no need to create a new application even if the number of users increases thereafter, and the cost can be reduced. it can. Further, since the providers can be distinguished by the service ID, a single application may be created by a plurality of providers and a common application may be used. In that case, the cost of creating an application for one service provider is even lower. In addition, for the user, it is possible to receive services from different providers through the same interface, which increases convenience.

<Modification>
In this embodiment, signature verification is performed using a common key recitation method, but a public key encryption method can also be used. When the public key cryptosystem is used, the signature key (secret key) and the verification key (public key) are different values, and the signature key management unit 141 of the signature server 140 uses the key generation algorithm to generate the signature key sk and the verification key. pk is generated, the signature key sk is secretly managed, and the verification key pk is disclosed. The verification key management means 134 of the transaction server 130 receives the publicized verification key pk and executes the above-described verification method (2).

  In this embodiment, time is used when generating a signature and when verifying the signature, but this is not always necessary. However, the risk of decoding can be reduced by setting the expiration date of the signature.

  In the present embodiment, the personal computer 110 and the smartphone 120 are described as separate devices, but may be integrated devices. Since the MITB attack hijacks the browser, if the transaction server 130 and the signature server 140 are accessed by an application different from the browser, the personal computer 110 and the smartphone 120 may be arranged in a single device. For example, the personal computer 110 may have the seed management unit 123 and the hashing unit 124, or the smartphone 120 may have the web browser unit 111. However, since a virus or the like that takes over control of the personal computer 110 is also conceivable, the security level becomes higher when configured as separate devices as in this embodiment.

<Other variations>
The present invention is not limited to the above-described embodiments and modifications. For example, the various processes described above are not only executed in time series according to the description, but may also be executed in parallel or individually as required by the processing capability of the apparatus that executes the processes. In addition, it can change suitably in the range which does not deviate from the meaning of this invention.

<Program and recording medium>
In addition, various processing functions in each device described in the above embodiments and modifications may be realized by a computer. In that case, the processing contents of the functions that each device should have are described by a program. Then, by executing this program on a computer, various processing functions in each of the above devices are realized on the computer.

  The program describing the processing contents can be recorded on a computer-readable recording medium. As the computer-readable recording medium, for example, any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be used.

  The program is distributed by selling, transferring, or lending a portable recording medium such as a DVD or CD-ROM in which the program is recorded. Further, the program may be distributed by storing the program in a storage device of the server computer and transferring the program from the server computer to another computer via a network.

  A computer that executes such a program first stores, for example, a program recorded on a portable recording medium or a program transferred from a server computer in its storage unit. When executing the process, this computer reads the program stored in its own storage unit and executes the process according to the read program. As another embodiment of this program, a computer may read a program directly from a portable recording medium and execute processing according to the program. Further, each time a program is transferred from the server computer to the computer, processing according to the received program may be executed sequentially. Also, the program is not transferred from the server computer to the computer, and the above-described processing is executed by a so-called ASP (Application Service Provider) type service that realizes the processing function only by the execution instruction and result acquisition. It is good. Note that the program includes information provided for processing by the electronic computer and equivalent to the program (data that is not a direct command to the computer but has a property that defines the processing of the computer).

  In addition, although each device is configured by executing a predetermined program on a computer, at least a part of these processing contents may be realized by hardware.

Claims (8)

A web browser device operated by a user;
A terminal device operated by the user and including a storage unit in which confidential information is stored;
A signature device including a storage unit in which a signature key is stored;
A verification device in which the secret information and the verification key are stored,
The terminal device
A first hashing unit that obtains a first hash value by hashing the first information to be signed;
A transmitter that transmits the first hash value and the secret information to a signature device;
The signing device is:
A signature generation unit that generates a signature from the signature key for the first hash value and the secret information;
A transmission unit that transmits the signature to the terminal device,
The web browser device is:
A transmission unit for transmitting the signature and the first information to the verification device;
The verification device includes:
A second hashing unit that hashes the first information to obtain a second hash value;
A verification unit that verifies whether the first information has not been tampered with using the secret information, the verification key, the signature, and the second hash value;
Signature verification system. The signature verification system of claim 1, comprising:
The signing key and the verification key are common,
The verification unit generates a second signature from the verification key for the second hash value and the secret information, verifies whether the second signature and the signature match, and if they match Determines that has not been tampered with,
Signature verification system. The signature verification system of claim 1, comprising:
The verification unit obtains a decryption result from the verification key for the signature, verifies whether or not the secret information and the second hash value are included in the decryption result, and if included, tampering Judge that it is not,
Signature verification system. The signature verification system according to any one of claims 1 to 3,
The signing device is:
Including a first time acquisition unit for acquiring a first time;
The verification device includes:
Including a second time acquisition unit for acquiring a second time;
The signature generation unit generates a signature from the signature key for the secret information, the first time, and the first hash value,
The verification unit verifies whether the first information has not been tampered with using the secret information, the verification key, the signature, the second hash value, and the second time, and If the time from one time to the second time exceeds a predetermined time, it is determined that the tampering has occurred.
Signature verification system. A web browser device operated by a user;
A terminal device operated by the user and including a storage unit in which confidential information is stored;
A signature device including a storage unit in which a signature key is stored;
Using a verification device in which the secret information and the verification key are stored,
A first hashing step in which the terminal device obtains a first hash value by hashing the first information to be signed;
The terminal device transmits the first hash value and the secret information to a signature device; and
A signature generation step in which the signature device generates a signature from the signature key for the first hash value and the secret information;
A transmitting step in which the signature device transmits the signature to the terminal device;
The web browser device transmitting the signature and the first information to the verification device; and
A second hashing step in which the verification device hashes the first information to obtain a second hash value;
The verification device includes a verification step of verifying whether or not the first information has been tampered with using the secret information, the verification key, the signature, and the second hash value.
Signature verification method. The signature verification method according to claim 5, comprising:
The signing key and the verification key are common,
The verification step generates a second signature from the verification key for the second hash value and the secret information, verifies whether the second signature and the signature match, and if they match Determines that has not been tampered with,
Signature verification method. The signature verification method according to claim 5, comprising:
The verification step obtains a decryption result from the verification key for the signature, verifies whether or not the secret information and the second hash value are included in the decryption result, and if included, tampering Judge that it is not,
Signature verification method. The signature verification method according to any one of claims 5 to 7,
A first time acquisition step in which the signature device acquires a first time; and
The verification device includes a second time acquisition step of acquiring a second time;
The signature generation step generates a signature from the signature key for the secret information, the first time, and the first hash value,
The verification step verifies whether the first information has not been tampered with using the secret information, the verification key, the signature, the second hash value, and the second time, If the time from one time to the second time exceeds a predetermined time, it is determined that the tampering has occurred.
Signature verification method.

Images