Abstract: According to the invention, techniques for authenticating that a digitally signed document is genuine. Specific embodiments according to the present invention can determine whether a digital signature was generated by a digital signature generator, or if the digital signature was generated by a third party posing as the digital signature generator. Specific embodiments can provide independent verification of digital signer identity based upon prior signed messages, time/date stamps, and the like. Techniques according to the present invention can be embodied in methods, apparatus, computer software and systems.

Abstract: According to the present invention, techniques, including a method and system, for restoring and/or validating data and/or associated signature log entries are provided. One embodiment of the present invention provides a method for validating a restored message, having an entry generated in a signature log for a message, where the entry includes cryptographic information associated with the message. Next, when said message is lost, the restored message is generated responsive to a request; and the restored message is validated using the signature log. In another embodiment a method for validating a selected log entry by using a signature log having a plurality of recorded log entries is provided. The method includes: computing a cryptographic value for the selected log entry; and determining if the cryptographic value is part of another recorded log entry.

Abstract: An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together.

Abstract: An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together.

Abstract: A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n?2) issue a certificate n by using a private key n? corresponding to certificate n? generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.

Abstract: According to the invention, techniques for authenticating that a digitally signed document is genuine. Specific embodiments according to the present invention can determine whether a digital signature was generated by a digital signature generator, or if the digital signature was generated by a third party posing as the digital signature generator. Specific embodiments can provide independent verification of digital signer identity based upon prior signed messages, time/date stamps, and the like. Techniques according to the present invention can be embodied in methods, apparatus, computer software and systems.

Abstract: A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.

Abstract: Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.

Abstract: According to the invention, techniques for authenticating that a digitally signed document is genuine. Specific embodiments according to the present invention can determine whether a digital signature was generated by a digital signature generator, or if the digital signature was generated by a third party posing as the digital signature generator. Specific embodiments can provide independent verification of digital signer identity based upon prior signed messages, time/date stamps, and the like. Techniques according to the present invention can be embodied in methods, apparatus, computer software and systems.

Abstract: A time stamp generating system has a time distribution server for generating time data depending on time and a user PC for holding time certification objective digital data. The time distribution server generates time data corresponding to a time point and distributes the time data. The user PC calculates time stamp generating data by using the time certification objective data as an input, acquires the time data generated by the time distribution server, and processes the time data on the basis of the time stamp generating data to obtain a time stamp.

Abstract: A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.

Abstract: According to the present invention, techniques, including a method and system, for restoring and/or validating data and/or associated signature log entries are provided. One embodiment of the present invention provides a method for validating a restored message, having an entry generated in a signature log for a message, where the entry includes cryptographic information associated with the message; Next, when said message is lost, the restored message is generated responsive to a request; and the restored message is validated using the signature log. In another embodiment a method for validating a selected log entry by using a signature log having a plurality of recorded log entries is provided. The method includes: computing a cryptographic value for the selected log entry; and determining if the cryptographic value is part of another recorded log entry.

Abstract: According to the present invention, techniques, including a method and system, for restoring and/or validating data and/or associated signature log entries are provided. One embodiment of the present invention provides a method for validating a restored message, having an entry generated in a signature log for a message, where the entry includes cryptographic information associated with the message. Next, when said message is lost, the restored message is generated responsive to a request; and the restored message is validated using the signature log. In another embodiment a method for validating a selected log entry by using a signature log having a plurality of recorded log entries is provided. The method includes: computing a cryptographic value for the selected log entry; and determining if the cryptographic value is part of another recorded log entry.

Abstract: The signer obtains the validity check information on the electronic certificate from the certification authority when it puts the digital signature on data and delivers the signed data, electronic certificate, and validity check information to the verifier. At this time, the certification authority creates validity check information on the electronic certificate in response to a validity check request from the signer and sends it to the signer. The term of validity of the validity check information is defined as necessary. The verifier verifies the signature and, using the validity check information sent from the signer, checks the validity of the electronic certificate.

Abstract: This invention provides a method for identifying a purchaser who purchased content from which an illegal copy was produced. A provider system encrypts a content purchased by the purchaser using a public key of a purchaser system and sends the encrypted content to the purchaser system. The purchaser system creates a digital signature of the content with the use of a private key of its own and embeds the created digital signature into the received content. When an illegal copy is found, the provider system verifies the digital signature, embedded in the illegal copy as a digital watermark, to identify the purchaser who purchased the content from which the illegal copy was produced.

Abstract: A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n?2) issue a certificate n by using a private key n? corresponding to certificate n? generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.

Abstract: An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together.

Abstract: In a signature generating method where not necessarily all of a plurality of signature generating devices work together each time to generate signatures, the present invention seeks to correctly and securely reflect data relating to previous signatures. When generating signatures, the data used for the next signature is sent beforehand to the other signature generating devices. Also, when generating signatures, at least one of the devices is used consecutively, thus allowing history data to be shared during signature generation.

Abstract: A time stamp generating system has a time distribution server for generating time data depending on time and a user PC for holding time certification objective digital data. The time distribution server generates time data corresponding to a time point and distributes the time data. The user PC calculates time stamp generating data by using the time certification objective data as an input, acquires the time data generated by the time distribution server, and processes the time data on the basis of the time stamp generating data to obtain a time stamp.

Abstract: This invention provides a method for identifying a purchaser who purchased content from which an illegal copy was produced. A provider system encrypts purchased by the purchaser using a public key of a purchaser system and sends the encrypted content to the purchaser system. The purchaser system creates a digital signature of the content with the use of a private key of its own and embeds the created digital signature into the received content. When an illegal copy is found, the provider system verifies the digital signature, embedded in the illegal copy as a digital watermark, to identify the purchaser who purchased the content from which the illegal copy was produced.