1273517 (1) 玖、發明說明 【發明所屬之技術領域】 本發明係有關一種X.5 0 9型憑證之儲存及傳輸方法 【先前技術】 例如X . 5 0 9型憑證等的電子憑證是與以電子方式識 別持有人有關的所有事項之一組資訊。係由承擔識別擁有 此種控憑證的持有人的身分之公認管理機構提供此種憑證 〇 這就是提供該憑證的管理機構可根據其所保證的程度 而要求憑證持有人保證其身分(例如,由一公證人確認其 身分)之原因。 大致係由對應於憑證發出機構的一部分及對應於憑證 持有人的一部分(此部分被稱爲“明示的”(“explicit”) 部分)構成該憑證。 對應於該管理機構的該部分對該管理機構所提供的所 有憑證而言都是相同的。該部分被稱爲“默示的”( “implicit”)部分。 爲了使這兩部分成爲不可分離的狀態,一憑證包含針 對這兩部份而利用該管理機構的私密金鑰所撰寫的一數位 簽章。 當亦一儲存伺服器接收到此種憑證時,利用憑證發出 機構的公開金鑰來驗證該數位簽章。可在自該憑證發出機 -6- (2) 1273517 構發出的憑證中找到該公開金鑰。如前文所述,該數位簽 章可讓相關人員驗證憑證內容的可信賴性。通常係將這些 憑s登以及作爲該憑證發出機構的憑證之根憑證(root certificate)儲存在一電腦的一儲存單元中。 因此,大家關注到處理一被儲存在一抽取式支援儲存 媒體的一憑證而可以身分鑑定模組之方式運用之方法。 因此,一簡單的軟碟即足以運送該憑證,而支援隨時 將此種憑證傳送給一使用者。 然而,該原則並未使私密金鑰的儲存有足夠的安全性 ,而私密金鑰也是線上交易作業所必需的。 【發明內容】 這就是本發明的目的在於保證電子憑證的可攜帶性及 私密金鑰的安全性之原因。 事實上,重要的是不得將該憑證用於諸如身分篡奪( identity usurpation)、非所需交易之授權、或交易複製 (重複交易)等的憑證持有人所無法控制的用途。 一種用於電子憑證的儲存及傳輸方法達到了上述的目 的,該憑證具有一用於憑證發出機構的一管理機構部分、 用於憑證持有人的一持有人部分、及該憑證發出機構所決 定的一數位簽章部分,該方法之特徵在於:該持有人部分 的全部或部分係被存放在一抽取式安全模組中,且至少該 管理機構部分係被存放在一主電腦中。 該方法也有減少該安全模組中儲存的資訊量之優點。 (3) 1273517 該模組的形式可以是一微晶片卡、具有PCMCIA或 U S B介面之一模組,甚至可以是無須接觸的一傳輸模組 〇 網際網路上的交易程式需要藉由一 X. 5 09型憑證而 進行身分鑑定。已制定該憑證的一部分可以是許多的使用 者所共有的,並代表了發出此種憑證的管理機構所適用的 該部分(默示的部分)。 因此,本發明之優點在於只將每一使用者所適用的部 分(明示的部分)儲存在該抽取式支援儲存媒體中,而在 本發明的例子中,該安全模組是一微晶片卡。此種方式避 免了資料的冗餘,因而可更有效地使用記憶體。 事實上,在這些模組中,具有契約型內容的資料儲存 是較佳的,例如由持有人所進行之交易。 雖然該憑證被分成若干部分,但是憑證發出機構對該 管理機構部分及持有人部分整體的數位簽章可重新建立這 兩個資料項間之關係。 因此,如果這兩部分中之一個部分被修改了,則唯一 映射値(unique image )不會與利用該憑證發出機構的公 開金鑰對該數位簽章計算出的身分鑑定値相同。 我們可藉由數位簽章而了解在決定該數位簽章所考慮 的資料之一唯一映射値(利用諸如雜湊函數(Hash function))並以簽署該數位簽章的實體的私密金鑰將該 唯一映射値加密之程序。建立該數位簽章所用的演算法是 一種非對稱型的加密。 -8 - (4) 1273517 驗證此種數位簽章時,係利用該實體的公開金繪將所 接收的數位簽章解密,然後將該値與對該資料所進行的唯 一映射値之結果比較,以便執行身分鑑定。如果該解密値 與該唯一映射値相同,則將該憑證視爲可信賴的,且該憑 證具有資料完整性。 【實施方式】 圖1示出由安全模組SM提取根憑證的公開金鑰 之程序。 根憑證 RCA是憑證發出機構的憑證。該單元要求 STB主機單元傳送與持有人的憑證 TCI1相關聯之根憑 證 RC A。該根憑證包含該憑證發出機構的公開金鑰 CAPU。該金鑰可以持有人的憑證之默示部分及明示部分 來鑑定該持有人的重新構成之憑證。該 STB主機單元將 該根憑證傳送到該安全模組 SM,以便提取該公開金鑰 CAPU。在將該持有人的憑證安裝到該安全模組時,該安 全模組保存係爲雜湊函數對該根憑證 RCA運算結果的 映射値 Η 5。 在提取公開金鑰 CAPU (請參閱模組 X)的同時, 在方塊 B中以雜湊函數對該根憑證的明示資料及默示資 料執行運算(明示資料=憑證發出機構的部分,默示資 料=爲該憑證發出機構簽證的管理機構之部分),並將 所得結果 H5 ’與原始儲存的參考値 H5比較。如果這 兩個値不同,則停止該身分鑑定作業,並通知該主機單元 -9- (5) 1273517 當這兩個値H5及H5,相等時,即保證了該憑證 發出機構的公開金鑰,且可將該公開金鑰用於該持有人的 重新構成之憑證的身分鑑定作業。 如果該STB主機單元並無該根憑證,則該STB主 機單兀可經由網際網路向諸具有一憑證目錄(C D i r )且容 許擷取所需憑證(CAl,CA2,CAn)的一網站要求該根憑證 〇 在圖2中,示出了 一第一智慧卡SM1,係將持有 人的明示部分 TCE1及其密鑰 TS1儲存在該第一智慧 卡SM1。該STB主機單元內設有目前被稱爲瀏覽器的 網際網路接取軟體 B R。 論及身分鑑定功能,該程式具有可與該智慧卡溝通的 女全軟體 S A。亦可完整傳輸該憑證,因此,該憑證包含 管理機構部分 T C11的資料。 該STB主機單元亦經由網際網路而連結到世界上的 其他區域,例如連結到伺服器 P S 1、P S 2,以便取得憑證 發出機構的資料 CauD、與時間有關的資訊 TS An、以及 與根憑證目錄有關的資料 CDir。 在該安全模組 SM與該 STB主機單元之間進行傳 輸時,係根據大部分在該安全模組上開始的一程序,而將 與該持有人部分 TCE 1有關的資料傳送到該主機單元。 下文中將更詳細地說明該作業。 係以圖3所示之程序來驗證該憑證的完整性。在本 -10- (6) 1273517 文中以S T B方塊來代表的多媒體單元或主機單元傳輸該 安全模組S Μ的目的地主機單元中存放的憑證之資料。 爲了達到此目的,如果該 S ΤΒ主機單元中存放了完整的 “管理機構”部分(默示部分),則亦可將該“使用者” 部分(明示部分)儲存在該主機單元,其餘的部分則被放 置在該安全模組 SM。 係將該S Τ Β主機單元所供應的資料及該安全模組的 記憶體的資料 TCE1所供應的資料編排在模組 Α中。 此處請務必注意,不只是將該安全模組的資料 T C E 1傳 送到該STB主機單元而已,而且還有控制該作業的安全 模組 SM。 模組 A重新構成之資料被重新導向該 s TB主機單 元,且構成將被傳送到一服務提供者的憑證CERT。模組 A係以一同步器之方式作業,並根據所構成的成分區段 TCE、TCI、SCAT所揭示之預定格式,而重新構成該憑 證。 在模組 A中重新構成之憑證中,係自來自該s TB 主機單元的該持有人之憑證提取數位簽章 SCAT (請參閱 模組 X )。 將不包含數位簽章 SCAT的所收集資料傳送到模組 B,該模組 B的工作是決定來自這些資料的集合之一唯 一映射値。 一雜湊函數(單向且不會有映射衝突(collision)的 雜湊函數)按照一精確的順序對該資料集執行運算 Η = -11- (7) 1273517 f(TCEl,TCIl),而得到該映射値。我們當了解,不會有 任何不同的資料集在該函數運算下產生相同的結果。因而 係由一單向且不會有雜湊型映射衝突的雜湊函數產生該映 射値。所使用的演算法可以是 SHA- 1或 MD5 型,且 該映射値表示了該資料集的唯一性。 憑證中指定了所要使用的演算法類型。將該映射値保 存在模組 B 1中,以供未來使用。 爲了驗證該憑證的兩個部分是否爲構成整體所必需的 且爲可信賴的,該安全模組 SM提取該憑證的數位簽章 SCAT ,並利用憑證發出機構的公開金鑰 CAPU在模組 C 中將該數位簽章 SCAT 解密。 對於該作業而言,要考慮到該憑證中包含的參數,而 該等參數描述了簽章類型及金鑰的長度。 在模組 D 中,計算基準値 B 1 ’,並將該基準値 B 1 ’與該唯一映射値 B 1比較。如果這兩個値相符,則該 憑證是可信賴的,且可將該憑證用於模組 E所揭示的未 來作業中。如果這兩個値不相符,則該智慧卡 SM將拒 絕每一交易作業,並將通知該STB主機單元。 圖 4示出將於下文中說明的授權一交易之作業。如 果對該憑證的身分鑑定測試結果是肯定的(請參閱圖3 之模組 D及 E ),則該 STB主機模組可將有數位簽 章的交易傳送到伺服器 p s 1、p s 2。存放有接受規則的安 全模組 SM之模組 F可過濾一交易 Q。事實上,可決 定一最大量或列舉一份機構淸單,而該最大量或該份機構 -12- (8) 1273517 淸單都是該安全模組 SM的持有人可接受的。這些條件 可包括該持有人的憑證之有效期限日期。 一旦該交易已成功地通過了模組 F的過濾器,則該 交易將出現在模組 B,而模組 B將以一雜湊函數 H2 對該交易 的組合進行計算。儲存結果 B 2 ,以供後續 的使用。然後以私密金鑰 T S 1簽署該値 H2 ,以便形成 交易簽章 SQTM。模組 A2組合交易 Q的資料及該交 易的簽章 S Q TM ,以便將組合後的資料傳送到該 S TB 主機單元。根據本發明的一變形,可將由時間 TM作判 定基準的該交易之有效期限加入該交易 Q。 決定該時間的一種方式是使用可以是現在時間的一時 戳 T,並加上有效持續時間?T。因而可以 TM = T + ?T 來表示該時間 TM。 在模組 B中決定該雜湊函數時以及在模組 A2中 決定該資料集時,將該有效期限 TM加入交易 Q。當服 務供應商接收到該交易時,該服務供應商將驗證是否未超 過該期限。 根據本發明的一變形,如果到達某一交易量,則可使 有效期限 TM的使用成爲一種必須事項。 在圖5中,將說明該S TB主機單元所提供的時間 鑑定作業,這些時間資料包含該時戳 T、一隨機部分 R 、及對前兩項資料的一數位簽章。將該時戳 T以及該隨 機部分 R及數位簽章 STA傳送到該安全模組 SM。以 該時戳 T作爲開始,將該時戳 T加上有效持續時間 -13- (9) 1273517 ? T,而決定有效期限TM。利用該期限來界定可以該時間 標示一交易的最長持續時間。 可以與前文所述作業相同之方式執行該鑑定,亦即, 在模組 A中組合該時戳 T及該隨機部分 R之後,以 一雜湊函數對該組合後的資料進行計算。 將中間結果儲存在模組 B 3中,以供後續的使用。 於決定 B 3 ’値時(模組 C ),將使用係爲提供該時 間的管理機構的公開金鑰之金鑰 TSPU。 若安全模組 S Μ中並未存有該金鑰 T S P U ,則經由 該 STB主機單元而傳送一要求,以便尋找與包含該金鑰 的與該時間 T的發出機構有關之憑證。 然後將該計算出的 B ’ 3値與資料 T及 R的唯一 映射値比較(模組 D ),以便決定該時間是否爲可信賴 的。 在圖 6中,示出了憑證及交易(以及或有的時間及 與交易有關的其他資料)之組合作業。係在模組 A中組 織該憑證的先前値 B 1、該交易 B、及時間 B 3 ,並將該 等値傳送到模組 B ,以便決定雜湊函數。然後以持有人 的密鑰 TS1簽署該値。其結果是數位信封(envel〇pe) 、憑證組合、交易、及時間的數位簽章 SETM。 該數位信封係示於圖 7。 由於記憶體的管理是一安全模組中之一重要面向,所 以係根據由每一步驟的雜湊函數而求得的値來決定該包封 訊息的數位簽章S E T Μ。前文所述之方式可連結所有的資 -14 -1273517 (1) 玖 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 发明 】 】 】 】 】 X X X X X X X X X X X X X X X X X X X X X X X X X X Electronically identify group information for all of the holder's related matters. This certificate is provided by a recognized regulatory body that assumes the identity of the holder of the possession of such a voucher. This is the authority that provides the voucher to require the voucher holder to assure his or her identity (eg The reason for the identity of a notary public. The voucher is generally constituted by a portion corresponding to the voucher issuing authority and a portion corresponding to the voucher holder (this portion is referred to as an "explicit" portion). This part corresponding to the management is the same for all the documents provided by the management. This part is called the "implicit" part. In order to make the two parts inseparable, a voucher contains a digital signature written for the two parts using the authority's private key. When the storage server receives such a voucher, the voucher issuing institution's public key is used to verify the digital signature. The public key can be found in the voucher issued from the voucher issuing machine -6- (2) 1273517. As mentioned earlier, this digital signature allows relevant personnel to verify the trustworthiness of the voucher content. These root certificates are usually stored in a storage unit of the computer. Therefore, attention has been paid to a method of processing an authentication module by storing it in a removable storage medium. Therefore, a simple floppy disk is sufficient to carry the voucher, and support for transmitting such voucher to a user at any time. However, this principle does not make the security of the private key secure enough, and the private key is also required for online trading operations. SUMMARY OF THE INVENTION This is the purpose of the present invention to ensure the portability of electronic vouchers and the security of private keys. In fact, it is important that the voucher not be used for purposes beyond the control of the credential holder such as identity usurpation, authorization for unwanted transactions, or transaction duplication (repetitive transactions). The above object is achieved by a method for storing and transmitting an electronic voucher having a management mechanism portion for a voucher issuing institution, a holder portion for a voucher holder, and a voucher issuing institution In the digital signature portion of the decision, the method is characterized in that all or part of the holder portion is stored in a removable security module, and at least the management portion is stored in a host computer. This method also has the advantage of reducing the amount of information stored in the security module. (3) 1273517 The module can be in the form of a microchip card, a module with PCMCIA or USB interface, or even a transmission module that does not need to be touched. The transaction program on the Internet needs to be used by an X. 5 Identification of the type 09 voucher. A portion of the certificate that has been developed may be common to many users and represents the portion (implicit portion) to which the regulatory agency that issued the certificate applies. Accordingly, an advantage of the present invention is that only a portion (expressed portion) to which each user applies is stored in the removable support storage medium, and in the example of the present invention, the security module is a microchip card. This approach avoids redundancy of data and allows for more efficient use of memory. In fact, among these modules, data storage with contractual content is preferred, such as transactions conducted by the holder. Although the voucher is divided into parts, the voucher issuing authority may re-establish the relationship between the two items of information for the management unit and the overall digital signature of the holder portion. Therefore, if one of the two parts is modified, the unique map will not be the same as the identity identification calculated for the digital signature using the public key of the issuing authority. We can use the digital signature to understand the unique mapping of one of the materials considered in determining the digital signature (using a hash function, such as a hash function) and the unique key of the entity signing the digital signature. A program that maps to encryption. The algorithm used to create the digital signature is an asymmetric encryption. -8 - (4) 1273517 When verifying such a digital signature, the received digital signature is decrypted using the entity's public gold, and then the result is compared to the unique mapping of the data. In order to perform identity identification. If the decryption 値 is the same as the unique mapping ,, the voucher is considered trustworthy and the voucher has data integrity. [Embodiment] FIG. 1 shows a procedure for extracting a public key of a root certificate by a security module SM. Root certificate RCA is the certificate of the certificate issuing authority. The unit requires the STB master unit to transmit the root certificate associated with the holder's certificate TCI1, RC A. The root certificate contains the public key CAPU of the credential issuing authority. The key may identify the holder's reconstituted voucher by the implied portion and the unambiguous portion of the holder's voucher. The STB master unit transmits the root certificate to the security module SM to extract the public key CAPU. When the holder's credentials are installed in the security module, the security module is saved as a hash function mapping 値 Η 5 to the root certificate RCA operation result. While extracting the public key CAPU (see module X), perform the operation on the explicit data and the implied data of the root certificate by the hash function in block B (expressive data = part of the certificate issuing institution, implied data = A part of the governing body that issued the institutional visa for the voucher) and compares the result H5' with the original stored reference 値H5. If the two defects are different, the identity authentication operation is stopped, and the host unit is notified to -9 (5) 1273517. When the two 値H5 and H5 are equal, the public key of the certificate issuing institution is guaranteed. The public key can be used for the identity authentication of the holder's reconstituted voucher. If the STB host unit does not have the root certificate, the STB host unit can request the website to have a credential directory (CD ir ) and allow the required credentials (CAl, CA2, CAn) to be retrieved via the Internet. Root certificate In FIG. 2, a first smart card SM1 is shown, in which the holder's explicit portion TCE1 and its key TS1 are stored in the first smart card SM1. The STB host unit has an Internet access software B R, which is currently called a browser. Regarding the identity authentication function, the program has a female full software S A that can communicate with the smart card. The voucher can also be transferred in its entirety, so the voucher contains information from the T C11 section of the management body. The STB host unit is also connected to other areas in the world via the Internet, for example, to the servers PS 1 and PS 2, in order to obtain the document CauD of the certificate issuing institution, the time-related information TS An, and the root certificate. Directory related information CDir. When the security module SM and the STB host unit transmit, the data related to the holder part TCE 1 is transmitted to the host unit according to a majority of the program started on the security module. . This operation will be explained in more detail below. The integrity of the credential is verified by the procedure shown in Figure 3. In the text of this -10- (6) 1273517, the multimedia unit or the host unit represented by the S T B block transmits the information of the voucher stored in the destination host unit of the security module S Μ. In order to achieve this, if the complete "management" part (the implied part) is stored in the host unit, the "user" part (expressed part) may also be stored in the host unit, and the rest. Then it is placed in the security module SM. The data supplied by the S Τ Β host unit and the data supplied by the memory module TCE1 of the security module are arranged in the module 。. It is important to note here that it is not just the data of the security module T C E 1 that is transmitted to the STB master unit, but also the security module SM that controls the operation. The reconstructed data of module A is redirected to the s TB host unit and constitutes the credential CERT to be delivered to a service provider. Module A operates as a synchronizer and reconstitutes the certificate based on the predetermined format disclosed by the constituent segments TCE, TCI, SCAT. In the reconstituted voucher in module A, the digital signature SCAT is extracted from the holder's voucher from the s TB host unit (see module X). The collected data that does not contain the digital signature SCAT is transmitted to Module B, whose job is to determine one of the collections from these materials. A hash function (a one-way and no hash function that does not have a collision) performs an operation on the data set in a precise order Η = -11- (7) 1273517 f(TCEl, TCIl), and the map is obtained value. We understand that there will not be any different data sets that produce the same result under this function. Thus the mapping is generated by a hash function that is unidirectional and does not have a hash-type mapping conflict. The algorithm used can be SHA-1 or MD5, and the mapping 値 indicates the uniqueness of the data set. The type of algorithm to be used is specified in the voucher. This mapping is saved in module B 1 for future use. In order to verify whether the two parts of the voucher are necessary and reliable for the whole, the security module SM extracts the digital signature SCAT of the voucher and uses the public key CAPU of the voucher issuing authority in the module C. Decrypt the digital signature SCAT. For this job, the parameters contained in the voucher are taken into account, and the parameters describe the signature type and the length of the key. In module D, the reference 値 B 1 ' is calculated and compared to the unique map 値 B 1 . If the two 値 match, the voucher is trustworthy and can be used in the future job disclosed by Module E. If the two 値 do not match, the smart card SM will reject each transaction job and will notify the STB host unit. Fig. 4 shows an operation for authorizing a transaction to be explained later. If the identity verification test result for the certificate is positive (see modules D and E of Figure 3), the STB host module can transmit the transaction with the digital signature to the servers p s 1 , p s 2. A module F that stores the security module SM that accepts the rules can filter a transaction Q. In fact, a maximum amount or an institutional order can be determined, and the maximum amount or the institution -12-(8) 1273517 is acceptable to the holder of the security module SM. These conditions may include the expiration date of the holder's voucher. Once the transaction has successfully passed the filter of module F, the transaction will appear in module B, and module B will calculate the combination of the transaction with a hash function H2. Store the result B 2 for subsequent use. The 値 H2 is then signed with the private key T S 1 to form the transaction signature SQTM. The module A2 combines the data of the Q and the signature of the transaction S Q TM to transfer the combined data to the S TB host unit. According to a variant of the invention, the validity period of the transaction based on the time TM can be added to the transaction Q. One way to determine this time is to use a time stamp T that can be the current time, plus the effective duration? T. Thus the time TM can be represented by TM = T + ?T. The expiration date TM is added to the transaction Q when the hash function is determined in the module B and when the data set is determined in the module A2. When the service provider receives the transaction, the service provider will verify that it has not passed the deadline. According to a variant of the invention, the use of the expiration date TM becomes a necessity if a certain transaction amount is reached. In Fig. 5, the time identification operation provided by the S TB master unit will be described. The time data includes the time stamp T, a random portion R, and a digital signature for the first two items. The time stamp T and the random portion R and the digital signature STA are transmitted to the security module SM. Starting with the time stamp T, the time stamp T is added to the effective duration -13-(9) 1273517 ? T, and the validity period TM is determined. This period is used to define the maximum duration that a transaction can be marked at that time. This authentication can be performed in the same manner as described above, that is, after combining the time stamp T and the random portion R in the module A, the combined data is calculated by a hash function. The intermediate results are stored in module B 3 for subsequent use. At the time of decision B 3 '値 (Module C), the key TSPU, which is the public key of the governing body providing the time, will be used. If the key T S P U is not present in the security module S, a request is transmitted via the STB master unit to find a voucher associated with the issuing institution that contains the key at the time T. The calculated B ′ 3 値 is then compared to the unique mapping 资料 of the data T and R (module D ) to determine if the time is trustworthy. In Figure 6, a combination of the voucher and the transaction (and contingent time and other information related to the transaction) is shown. The previous 値 B 1 of the voucher, the transaction B, and the time B 3 are organized in the module A, and the 値 is transmitted to the module B to determine the hash function. The 値 is then signed with the holder's key TS1. The result is a digital envelope (envel〇pe), voucher combination, transaction, and time digital signature SETM. The digital envelope is shown in Figure 7. Since the management of the memory is an important aspect of a security module, the digital signature S E T 该 of the envelope message is determined based on the hash obtained by the hash function of each step. The method described above can link all the funds -14 -