US 12,267,411 B2
Data delivery apparatus and method, data requesting apparatus and method, data delivery system, and computer readable medium
Batnyam Enkhtaivan, Tokyo (JP); and Pooja Dhomse, Tokyo (JP)
Assigned to NEC CORPORATION, Tokyo (JP)
Appl. No. 17/628,281
Filed by NEC Corporation, Tokyo (JP)
PCT Filed Jul. 31, 2019, PCT No. PCT/JP2019/030060
§ 371(c)(1), (2) Date Jan. 19, 2022,
PCT Pub. No. WO2021/019738, PCT Pub. Date Feb. 4, 2021.
Prior Publication US 2022/0271923 A1, Aug. 25, 2022
Int. Cl. H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 9/32 (2006.01); H04L 9/00 (2022.01)
CPC H04L 9/0825 (2013.01) [H04L 9/14 (2013.01); H04L 9/3242 (2013.01); H04L 9/3247 (2013.01); H04L 9/50 (2022.05)] 18 Claims
OG exemplary drawing
 
1. A data delivery apparatus comprising:
a first secure area and a first non-secure area;
wherein the first secure area includes:
at least one first memory storing first instructions, and
at least one first processor configured to execute the first instructions to:
generate a pair of a first signature key and a first verification key in the first secure area; and
output the first verification key to an area outside the first secure area in the data delivery apparatus,
wherein the first non-secure area includes:
at least one second memory storing second instructions, and
at least one second processor configured to execute the second instructions to:
install a secure program including the first instructions;
publish an interface specification of the secure program outside the data delivery apparatus;
publish the output first verification key outside the data delivery apparatus; and
acquire a second verification key that has been published, the second verification key being part of a pair also including a second signature key, the pair having been generated in a second secure area of a data requesting apparatus,
wherein the at least one first processor is further configured to execute the first instructions to:
sign, in the first secure area, in response to a data delivery request from the data requesting apparatus, processing target data using the first signature key, the processing target data including at least part of delivery target data provided by a data providing apparatus,
wherein the at least one second processor is further configured to execute the second instructions to:
transmit transmission data obtained through signing of the processing target data, to the data requesting apparatus;
receive, when a signature of the transmission data is successfully verified using the first verification key in the data requesting apparatus, certification data from the data requesting apparatus, the certification data being obtained by signing, in the second secure area, a verification result by using the second signature key, the verification result including identification information for identifying the processing target data;
verify a signature of the certification data using the second verification key; and
transmit, over a computer network and when the signature of the certification data is successfully verified using the second verification key, the certification data to the data providing apparatus, and
wherein the data providing apparatus:
acquires the second verification key published by the data requesting apparatus;
receives the certification data received from the data delivery apparatus; and
verifies that the delivery target data was transmitted from the data delivery apparatus to the data requesting apparatus by verifying the signature of the certification data using the second verification key.