| CPC H04L 9/3247 (2013.01) [G06F 21/86 (2013.01); H04L 9/3073 (2013.01); H04L 9/3213 (2013.01); H04L 9/3268 (2013.01)] | 20 Claims |
|
1. An electronic signature system of a remote signing type comprising:
a signing system which includes one or more than one tamper resistant devices each comprising one or more processors configured to generate and manage signature keys and a key management server comprising one or mere processors configured to control the one or more than one tamper resistant devices; and
terminal devices through which users or signers operate, wherein
said one or more than one tamper resistant devices are configured to generate a key pair of a public key and a secret key acting as the signature key, store the generated signature key together with authentication information indicating a use authority for the signature key, decrypt a crypto token including an encrypted authentication information or a crypto token including the encrypted authentication information and an encrypted signature object data using a decryption key, verify the decrypted authentication information or verify the decrypted authentication information and the decrypted signature object data, and digitally sign the signature object data using the signature key based on the verification result, and wherein
said terminal device comprises a means for inputting the authentication information, and an encryption software for encrypting the authentication information or the authentication information and the signature object data using an encryption key to generate the crypto token, and wherein
said one or more than one tamper resistant devices generate the key pair of the public key and the secret key in response to a key pair generation request sent from the terminal device, the secret key of the generated key pair is stored in the one or more than one tamper resistant devices in relation with the user's authentication information, and the public key of the key pair is transmitted to the terminal device and is stored therein, and wherein
the public key of the key pair stored in the terminal device functions as the encryption key for encrypting the authentication information or the authentication information and the signature object data, and the secret key stored in the one or more than one tamper resistant devices functions as the decryption key for decrypting the crypto token, and wherein
upon digitally signing, the terminal device encrypts the authentication information or the authentication information and signature object data to generate the crypto token, and wherein
a signing request which includes at least the crypto token and signature key identification information which specifies the signature key is entered into the one or more than one tamper resistant devices, and wherein
said one or more than one tamper resistant devices decrypt the crypto token included in the signing request using the decryption key, verify the matching between the decrypted authentication information and the authentication information stored in relation with the signature key identified by the signature key identification information, and digitally sign the signature object data.
|