(51) Int Cl.: H04L 9/32 ( ) G09C 1/00 ( ) G06F 21/33 ( ) H04L 29/06 ( )

Transcription

1 (19) TEPZZ Z48B_T (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION (4) Date of publication and mention of the grant of the patent: Bulletin / (21) Application number: (22) Date of filing: (1) Int Cl.: H04L 9/32 (06.01) G09C 1/00 (06.01) G06F 21/33 (13.01) H04L 29/06 (06.01) (86) International application number: PCT/JP11/0917 (87) International publication number: WO 11/ ( Gazette 11/39) (4) MEASUREMENT DATA MANAGEMENT METHOD AND MEASUREMENT DATA MANAGEMENT SYSTEM MESSDATENVERWALTUNGSVERFAHREN UND MESSDATENVERWALTUNGSSYSTEM PROCÉDÉ DE GESTION DE DONNÉES DE MESURE ET SYSTÈME DE GESTION DE DONNÉES DE MESURE (84) Designated Contracting States: AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR () Priority: JP (43) Date of publication of application: Bulletin 13/0 (73) Proprietor: Kei Communication Technology Inc. Kobe-shi, Hyogo (JP) (72) Inventor: AWATA Takao Kobe-shi Hyogo (JP) (74) Representative: Laufhütte, Dieter et al Lorenz-Seidler-Gossel Widenmayerstrasse München (DE) (6) References cited: WO-A1-01/63927 JP-A JP-A JP-A JP-A US-A US-A US-A SCHNEIER B ED - SCHNEIER B: "Applied Cryptography, Protocols, Algorithms, and Source Code in C, TIMESTAMPING SERVICES", 1 January 1996 ( ), APPLIED CRYPTOGRAPHY, PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, JOHN WILEY & SONS, INC, NEW YORK, PAGE(S) 7-78, XP , ISBN: * the whole document * EP B1 Note: Within nine months of the publication of the mention of the grant of the European patent in the European Patent Bulletin, any person may give notice to the European Patent Office of opposition to that patent, in accordance with the Implementing Regulations. Notice of opposition shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention). Printed by Jouve, 7001 PARIS (FR)

2 1 EP B1 2 Description Technical Field [0001] The present invention relates to a measurement data management method for managing measurement data associated with measured values of an electricity meter, a gas meter and the like, and to a measurement data management system for implementing the measurement data management method. Background Art [0002] In recent years, advancement in communication network technology has led to a suggestion of a computer system in which various meters installed at remote places, such as electricity meters and gas meters, exchange various types of data with a center device via communication networks, and the center device can thus centrally manage measurement data associated with measured values acquired by the meters. [0003] For example, Patent Document 1 discloses a remote management system that includes a plurality of terminal devices divided into a plurality of groups and a center device. In this remote management system, a specific terminal device in each group collects meter reading data of other terminal devices belonging to the same group and transmits the collected meter reading data to the center device all at once. This remote management system can alleviate the load on the center device compared to the case where each terminal device individually transmits meter reading data to the center device, thus allowing for efficient collection of meter reading data. Citation List Patent Document [0004] Patent Document 1: JP A Summary of Invention Problem to be Solved by the Invention [000] In the case of remote management using communication networks, there is a risk that someone may tamper with data during communication. It is therefore necessary to provide a mechanism for detecting the occurrence of such data tampering. When using the Internet, which has a high risk of tampering, a demand for such a mechanism is considered to be even higher. [0006] However, the above remote management system cannot guarantee the validity of the collected data because it does not have means for detecting the occurrence of data tampering during communication between the center device and the terminal devices or during communication among the terminal devices. [0007] The present invention has been made in view of the above issues. A main object of the present invention is to provide a measurement data management method that can solve the above problem using time data, and a measurement data management system for implementing the measurement data management method. [0008] Document US 06/06433 discloses a measurement data management system, consisting of a remote meter (i.e. the terminal device) for performing measurements, a data collection server (i.e. a measurement data management device) and a meter certification authority (i.e. authentication authority). The remote meter generates measurement data and provides the measurement data with a cryptographic signature using its private key. The data is then sent to the data collection server, where data is stored and further processed. For verifying the authenticity of the measurement data received from the remote meter, the data collection server can send the received measurement data to the meter certification authority, where the authenticity is verified using the meter s public key. A verification result is then sent from the meter certification authority to the data collection server. [0009] Document US 07/ discloses a terminal apparatus (i.e. terminal device) and a time certification server (i.e. time authentication authority). The terminal apparatus sends a request for time certification, the request comprising a terminal ID and a time, to the time certification server. The time certification server acquires temporal change information (like a weather report), and hashes this information. Subsequently, a second hash is formed over the concatenation of the first hash and the terminal ID received from the terminal. This latter code is referred to as "time certification code", and it is sent to the terminal apparatus, as well as stored in a time certification code memory of the time certification server in correlation with time. The terminal apparatus then attaches the time, terminal ID and time certification code to a "product". When the "product" is acquired by a second terminal, it sends the time certification code to the time certification server. The server looks up the time certification code in its time certification code memory, and returns to the second terminal an associated time as well as a terminal ID. The second terminal can then compare the terminal ID and time attached to the acquired "product" with the terminal ID and time received from the time certification terminal. Means for Solving Problem [00] In order to solve the above problem, a measurement data management method according to one aspect of the present invention manages measurement data using a terminal device, a measurement data management device, an authentication device, and a time authentication authority. The measurement data includes a measured value acquired through measurement processing executed by a meter. The terminal de- 2

3 3 EP B vice is connected to the meter. The measurement data management device is communicably connected to the terminal device and manages the measurement data. The authentication device authenticates the measurement data managed by the measurement data management device. The time authentication authority authenticates time. The terminal device executes: an electronic signature step of generating electronic signature data based on measurement information including the measured value acquired through the measurement processing executed by the meter, measurement date and time when the measurement processing is executed, and an identifier for identifying the meter; and a transmission step of transmitting the electronic signature data generated in the electronic signature step and the measurement information to the measurement data management device. The measurement data management device executes: an electronic signature data verification step of verifying the electronic signature data received from the terminal device; a hash value generation step of, when the verification of the electronic signature data has succeeded in the electronic signature data verification step, generating a hash value of the measurement information received from the terminal device; a hash value transmission step of transmitting the hash value generated in the hash value generation step to the time authentication authority; a time stamp acquisition step of acquiring, from the time authentication authority, a time stamp token including a time stamp generated by the time authentication authority based on the hash value and the hash value; and a measurement data storage step of storing measurement data including the measurement information, the electronic signature data, and the time stamp token acquired in the time stamp acquisition step. The authentication device executes: a measurement data acquisition step of acquiring the measurement data from the measurement data management device; and a time stamp verification request step of transmitting the time stamp token included in the measurement data acquired in the measurement data acquisition step to the time authentication authority so as to request the time authentication authority to verify the time stamp included in the time stamp token. The time authentication authority executes: a time stamp token storage step of storing the time stamp token that has been generated based on the hash value acquired as a result of the hash value transmission step; a time stamp verification step of verifying the time stamp included in the time stamp token that has been acquired from the authentication device as a result of the time stamp verification request step based on the hash value included in the time stamp token stored in the time stamp token storage step; and a verification result transmission step of transmitting a result of the verification of the time stamp verification step to the authentication device. [0011] In the measurement data management method according to the above aspect, the measurement data management device may further execute a measurement data transmission step of transmitting the measurement data stored in the measurement data storage step to an external device, and the time stamp included in the measurement data may be verified by the external device that has received the measurement data from the measurement data management device and the time authentication authority. [0012] Furthermore, in the electronic signature step according to the above aspect, the terminal device may acquire the measurement date and time from an external NTP server. [0013] In the measurement data management method according to the above aspect, the terminal device may further execute a determination step of acquiring the measured value from the meter multiple times and determining whether or not the multiple measured values thus acquired match, and may execute the electronic signature step when it has been determined that the multiple measured values match in the determination step. [0014] A measurement data management system according to one aspect of the present invention includes a terminal device, a measurement data management device, an authentication device, and a time authentication authority. The terminal device is connected to a meter. The measurement data management device is communicably connected to the terminal device and manages measurement data that includes a measured value acquired through measurement processing executed by the meter. The authentication device authenticates the measurement data managed by the measurement data management device. The time authentication authority authenticates time. The terminal device includes: an electronic signature means for generating electronic signature data based on measurement information including the measured value acquired through the measurement processing executed by the meter, measurement date and time when the measurement processing is executed, and an identifier for identifying the meter; and a transmission means for transmitting the electronic signature data generated by the electronic signature means and the measurement information to the measurement data management device. The measurement data management device includes: an electronic signature data verification means for verifying the electronic signature data received from the terminal device; a hash value generation means for, when the electronic signature data verification means has succeeded in the verification of the electronic signature data, generating a hash value of the measurement information received from the terminal device; a hash value transmission means for transmitting the hash value generated by the hash value generation means to the time authentication authority; a time stamp acquisition means for acquiring, from the time authentication authority, a time stamp token including a time stamp generated by the time authentication authority based on the hash value and the hash value; and a measurement data storage means for storing measurement data including the measurement information, the elec- 3

4 EP B1 6 tronic signature data, and the time stamp token acquired by the time stamp acquisition means. The authentication device includes: a measurement data acquisition means for acquiring the measurement data from the measurement data management device; and a time stamp verification request means for transmitting the time stamp token included in the measurement data acquired by the measurement data acquisition means to the time authentication authority so as to request the time authentication authority to verify the time stamp included in the time stamp token. The time authentication authority includes: a time stamp token storage means for storing the time stamp token that has been generated based on the hash value acquired from the measurement data management device; a time stamp verification means for verifying the time stamp included in the time stamp token that has been acquired from the authentication device based on the hash value included in the time stamp token stored by the time stamp token storage means; and a verification result transmission means for transmitting a result of the verification by the time stamp verification means to the authentication device. [00] In the measurement data management system according to the above aspect, the measurement data management device may further include a measurement data transmission means for transmitting the measurement data stored by the measurement data storage means to an external device that verifies the time stamp included in the measurement data together with the time authentication authority. [0016] In the measurement data management system according to the above aspect, the electronic signature means may be configured to acquire the measurement date and time from an external NTP server. [0017] In the measurement data management system according to the above aspect, the terminal device may further include a determination means for acquiring the measured value from the meter multiple times and determining whether or not the multiple measured values thus acquired match, and the electronic signature means may be configured to generate the electronic signature data when the determination means has determined that the multiple measured values match. Effect of the Invention [0018] The measurement data management method and the measurement data management system according to the present invention can check whether or not the measurement data has been tampered with in the course of communication among devices. Brief Description of Drawings [0019] Fig. 1 is a block diagram showing a configuration of a measurement data management system according to an embodiment of the present invention. Fig. 2 is a block diagram showing a configuration of a meter reading data management server according to an embodiment of the present invention. Fig. 3 shows a data structure of meter reading data stored in a meter reading data DB of a meter reading data management server according to an embodiment of the present invention. Fig. 4 is a flowchart of start-up processing for a remote meter reading terminal device, which is executed by remote meter reading terminal devices according to an embodiment of the present invention. Fig. is a flowchart of live check processing for a remote meter reading terminal device, which is executed by remote meter reading terminal devices according to an embodiment of the present invention. Fig. 6 is a flowchart of meter reading processing executed by a measurement data management system according to an embodiment of the present invention. Fig. 7 is a flowchart of time stamp verification processing executed by an authentication center and a TSA server. Description of Embodiments [00] The following describes a preferred embodiment of the present invention with reference to the drawings. It should be noted that the following embodiment presents examples of a method and a device for embodying the technical ideas of the present invention, and does not limit the technical ideas of the present invention. Various modifications may be made to the technical ideas of the present invention within a technical scope described in the claims. [0021] The present invention can be implemented using data acquired by meters that measure various types of measurement targets, such as electricity meters and gas meters. Specifically, the present embodiment discusses an example in which data acquired by electricity meters is used. [Configuration of Measurement Data Management System] [0022] Fig. 1 is a block diagram showing a configuration of a measurement data management system according to an embodiment of the present invention. As shown in Fig. 1, the measurement data management system according to the present embodiment includes a meter reading data management server 1 and a plurality of remote meter reading terminal devices 2. The meter reading data management server 1 and the remote meter reading terminal devices 2 are connected via the Internet 0 such that they can communicate with one another. Communication among the meter reading data management server 1 and the remote meter reading terminal devices 2 is performed via a virtual private network (VPN) 4

5 7 EP B1 8 and therefore maintains high security. [0023] The remote meter reading terminal devices 2 are installed in buildings and the like with electricity generation equipment such as photovoltaic equipment, and are connected to electricity meters 3 that measure the amount of electricity generated by the electricity generation equipment. The electricity meters 3 output a telegraph in a predetermined format including a meter reading value to the remote meter reading terminal devices 2. The remote meter reading terminal devices 2 generate meter reading information using the telegraph received from the electricity meters 3 in a manner described later, and transmit the generated meter reading information to the meter reading data management server 1. The specifics of a configuration of the meter reading data management server 1 will be described later. [0024] The remote meter reading terminal devices 2 include a display unit (not shown in the figures) constituted by, for example, a liquid crystal display. The display unit displays various types of information such as a meter reading value acquired from the electricity meters 3. The remote meter reading terminal devices 2 also include a storage unit (not shown in the figures) constituted by, for example, a nonvolatile memory. The storage unit stores therein various types of information such as meter reading information generated based on the telegraph acquired from the electricity meters 3. [002] A time stamping authority (TSA) server 4, a network time protocol (NTP) server, a user terminal device 6 and an authentication center 7 are connected to the Internet 0. The TSA server 4 is a time authentication authority that performs time authentication according to an archiving method. The NTP server transmits time information to other devices connected to the Internet 0. The user terminal device 6 is operated by a user who uses the measurement data management system according to the present embodiment. The authentication center 7 authenticates measurement data managed by the measurement data management system according to the present embodiment. [Configuration of Meter Reading Data Management Server] [0026] The following describes the specifics of a configuration of the meter reading data management server 1 according to the present embodiment. [0027] Fig. 2 is a block diagram showing a configuration of the meter reading data management server 1 according to an embodiment of the present invention. As shown in Fig. 2, the meter reading data management server 1 includes a CPU 11, a main storage device 12, an auxiliary storage device 13, and a communication interface (I/F) 14. Note that the CPU 11, the main storage device 12, the auxiliary storage device 13, and the communication I/F 14 are connected by a bus. [0028] The CPU 11 executes computer programs stored in the auxiliary storage device 13. This enables the meter reading data management server 1 to execute various types of processing described later while controlling the operations of various types of devices. [0029] The main storage device 12 is constituted by an SRAM, a DRAM, or the like, and is used to read the computer programs stored in the auxiliary storage device 13. The main storage device 12 is also used as a work area for the CPU 11 when the CPU 11 executes the computer programs. [00] The auxiliary storage device 13 is constituted by a nonvolatile storage device such as a flash memory and a hard disk, and stores therein, for example, various types of computer programs to be executed by the CPU 11, and data used for the execution of these computer programs. The auxiliary storage device 13 includes a meter reading data DB 13A which will be described later. [0031] The communication I/F 14 is an interface device for communicating with various types of devices via the Internet 0. Because the communication among the meter reading data management server 1 and the remote meter reading terminal devices 2 is performed via the VPN as mentioned earlier, the communication I/F 14 has a function of a VPN router. [0032] Fig. 3 shows a data structure of meter rending data stored in the meter reading data DB 13A of the meter reading data management server 1 according to an embodiment of the present invention. As shown in Fig. 3, the meter reading data is constituted by meter reading information 1, signature data 2, a hash value 3, and a time stamp 4. The meter reading information 1 includes a meter reading value acquired from an electricity meter 3. The signature data 2 is generated by a remote meter reading terminal device 2. The hash value 3 is generated by the meter reading data management server 1 based on the meter reading information 1. The time stamp 4 is generated by the TSA server 4. [0033] As shown in Fig. 3, the meter reading information 1 is constituted by an electricity meter ID (e.g. a manufacturing number) 111 for identifying an electricity meter 3, meter reading date and time 112 indicating the date and time when the electricity meter 3 performed the meter reading, and a cumulative electricity amount 113 which is a meter reading value acquired from the electricity meter 3. As will be described later, the electricity meter ID 111, the meter reading date and time 112, and the cumulative electricity amount 113 are transmitted from the remote meter reading terminal device 2 to the meter reading data management server 1. [Operations of Measurement Data Management System] [0034] A description is now given of the operations of the measurement data management system according to the present embodiment, configured in the above-described manner, with reference to flowcharts. Main processing executed by the measurement data management system according to the present embodiment is as

6 9 EP B1 follows: (1) start-up processing for a remote meter reading terminal device, which is executed by the remote meter reading terminal devices 2 upon start-up, (2) live check processing for a remote meter reading terminal device, for notifying the meter reading data management server 1 that the remote meter reading terminal devices 2 are operating normally, and (3) meter reading processing executed by the meter reading data management server 1 and the remote meter reading terminal devices 2. The following describes the specifics of each processing listed above. (1) Start-up Processing for Remote Meter Reading Terminal Device [003] Fig. 4 is a flowchart of start-up processing for a remote meter reading terminal device, which is executed by remote meter reading terminal devices according to an embodiment of the present invention. [0036] Upon start-up, a remote meter reading terminal device 2, namely a simple network management protocol (SNMP) agent, transmits a cold start trap to the meter reading data management server 1, namely an SNMP manager (S1). [0037] Next, the remote meter reading terminal device 2 acquires, from the electricity meter 3 connected thereto, an electricity meter ID that is information unique to that electricity meter 3 and a meter multiplying factor (S2). The remote meter reading terminal device 2 also acquires the current time from the NTP server via the Internet 0 (S3). This completes the start-up processing for the remote meter reading terminal device. (2) Live Check Processing for Remote Meter Reading Terminal Device [0038] After the start-up processing for the remote meter reading terminal device has been executed in the above-described manner, the remote meter reading terminal device 2 does not access the meter reading data management server 1 until the meter reading date and time. Therefore, in the case where the meter reading is performed at relatively long intervals, such as once a month or once a year, it is necessary to check whether or not the remote meter reading terminal device 2 is operating normally. This is the object of the live check processing for the remote meter reading terminal device described below. [0039] Fig. is a flowchart of live check processing for a remote meter reading terminal device, which is executed by remote meter reading terminal devices according to an embodiment of the present invention. [00] While operating, a remote meter reading terminal device 2 repeatedly determines whether or not a predetermined time period (e.g. five minutes) has elapsed (S111). When determining that the predetermined time period has elapsed (the YES branch of S111), the remote meter reading terminal device 2, namely the SNMP agent, transmits a live check trap to the meter reading data management server 1, namely the SNMP manager (S112). Upon receiving this live check trap, the meter reading data management server 1 can confirm that the remote meter reading terminal device 2, which is the transmission source of the live check trap, is operating normally. [0041] In the case where the meter reading data management server 1 detects an abnormality, such as when the live check trap is damaged for a predetermined consecutive number of times, the meter reading data management server 1 warns an administrator by outputting warning information indicative of the abnormality. In this case, the administrator investigates, for example, whether or not a network failure has occurred and whether or not the operation of the remote meter reading terminal device 2 has stopped. (3) Meter Reading Processing [0042] Fig. 6 is a flowchart of the meter reading processing executed by the measurement data management system according to an embodiment of the present invention. For example, this meter reading processing is executed at a timing when the meter reading data management server 1 receives a request for acquisition of meter reading data from the user terminal device 6. When the user terminal device 6 thus transmits a request for acquisition of meter reading data to the meter reading data management server 1, the request for acquisition includes an identifier of an electricity meter 3 (or of a remote meter reading terminal device 2 connected to that electricity meter 3). Upon receiving the request for acquisition, the meter reading data management server 1 executes processing described later on the remote meter reading terminal device 2 connected to the electricity meter 3 identified by the identifier (or on the remote meter reading terminal device 2 identified by the identifier). As a result, each user can acquire meter reading data of a desired electricity meter 3. [0043] First, the meter reading data management server 1 transmits a meter reading information transmission request for requesting a transmission of meter reading information to the remote meter reading terminal device 2 (S121). The meter reading data management server 1 waits for the meter reading information to be transmitted from the remote meter reading terminal device 2 in response to the meter reading information transmission request for a predetermined time period (e.g. approximately one minute) (S122). When the predetermined time period has elapsed without the meter reading data management server 1 receiving the meter reading information from the remote meter reading terminal device 2 (the YES branch of S122), the meter reading management server 1 re-transmits the meter reading information transmission request to the remote meter reading terminal device 2 (S121). For example, when the meter reading information is still not received from the remote meter read- 6

7 11 EP B1 12 ing terminal device 2 after repeating this re-transmission three times, the meter reading processing fails. [0044] When the remote meter reading terminal device 2 receives the meter reading information transmission request transmitted from the meter reading data management server 1 (S131), it acquires a telegraph including a cumulative electricity amount from the electricity meter 3 (S132). The remote meter reading terminal device 2 acquires a telegraph including a cumulative electricity amount from the electricity meter 3 again (S133), and determines whether or not the value of the cumulative electricity amount included in the first telegraph acquired in step S132 matches the value of the cumulative electricity amount included in the second telegraph acquired in step S133 by comparing the two cumulative electricity amounts (S134). [004] When the remote meter reading terminal device 2 determines that the cumulative electricity amounts included in the two telegraphs do not match in step S134 (the NO branch of S134), it returns to step S132, re-acquires a telegraph from the electricity meter 3 twice in a row, and determines whether or not the cumulative electricity amounts included in the two telegraphs match. For example, when the values of the two cumulative electricity amounts still do not match after repeating the above processes three times, the meter reading processing fails. By executing the above processes, the accuracy of the meter reading value of the electricity meter 3 can be ensured. [0046] When the remote meter reading terminal device 2 determines that the values of the cumulative electricity amounts included in the two telegraphs match in step S134 (the YES branch of S134), it acquires the current time from the NTP server via the Internet 0 (S13). The current time acquired from the NTP server in the above manner serves as the meter reading date and time of the electricity meter 3. In this way, the accuracy of the meter reading date and time of the electricity meter 3 can be ensured. [0047] Thereafter, the remote meter reading terminal device 2 generates signature data by applying electronic signature using the meter reading information constituted by the electricity meter ID acquired from the electricity meter 3 in the start-up processing, the meter reading date and time of the electricity meter 3 acquired in step S13, and the cumulative electricity amount included in the telegraphs acquired from the electricity meter 3 (S136). More specifically, the remote meter reading terminal device 2 generates signature data using, for example, an RSA encryption method whereby the meter reading information is encrypted with a private key having a predetermined length. The remote meter reading terminal device 2 transmits the signature data generated in the above manner to the meter reading data management server 1 together with the meter reading information (S137). [0048] When the meter reading data management server 1 receives the meter reading information and the signature data from the remote meter reading terminal device 2 (S123), it executes verification processing by decrypting the signature data with a public key (S124). The meter reading data management server 1 then determines whether or not this verification has succeeded (S12). Specifically, when the decryption has failed, or when the value obtained as a result of the decryption does not match the meter reading information, the meter reading data management server 1 determines that the verification of the signature data has failed (the NO branch of S12), returns to step S121, and repeats the subsequent processes (re-performs the meter reading). For example, the meter reading is re-performed only once; when the verification of the signature data fails again, the meter reading data management server 1 warns the administrator by outputting warning information indicative of the failure. [0049] On the other hand, when the value obtained as a result of the decryption matches the meter reading information, it is confirmed that the meter reading information has been received from the remote meter reading terminal device 2, and the meter reading data management server 1 determines that the verification of the signature data has succeeded (the YES branch of S12). In this case, the meter reading data management server 1 generates a hash value of the meter reading information using a predetermined hash function (S126). The meter reading data management server 1 then transmits the generated hash value to the TSA server 4 via the Internet 0 (S127). [000] When the TSA server 4 receives the hash value from the meter reading data management server 1, it generates a time stamp token by combining the hash value with the current time, and transmits the time stamp token to the meter reading data management server 1. Here, the TSA server 4 may apply electronic signature to the time stamp token. This makes it possible to verify that the TSA server 4 generated the time stamp token. [001] The TSA server 4 stores therein the time stamp token generated in the above manner so as to use it in time stamp verification processing that is executed afterward. In this way, both the meter reading data management server 1 and the TSA server 4 store therein the same time stamp token. Below, the time stamp token thus stored in the TSA server 4 is referred to as a verification time stamp token. [002] When the meter reading data management server 1 receives the time stamp token from the TSA server 4 via the Internet 0 (S 128), it stores the meter reading data constituted by the received time stamp token (the hash value and the time stamp) as well as the above-described meter reading information and signature data received from the remote meter reading terminal device 2 into the meter reading data DB 13A (S129). [003] By repeating the above meter reading processing, the meter reading data is accumulated in the meter reading data management server 1. [004] Note that when the above meter reading 7

8 13 EP B1 14 processing is executed in response to a request from the user terminal device 6, the meter reading data management server 1 transmits the meter reading data stored in step S129 to the user terminal device 6 and the authentication center 7. Subsequently, the authentication center 7 and the TSA server 4 execute processing for verifying the time stamp included in the meter reading data. The following describes this processing, i.e. (4) time stamp verification processing. (4) Time Stamp Verification Processing [00] Fig. 7 is a flowchart of the time stamp verification processing executed by the authentication center 7 and the TSA server 4. [006] When the authentication center 7 receives an instruction for executing the time stamp verification processing from the user terminal device 6, it generates a hash value of the meter reading information included in the meter reading data received from the meter reading data management server 1 using a predetermined hash function (the same as the hash function used by the meter reading data management server 1 in the aforementioned step S126) (S1). The authentication center 7 compares the generated hash value with the hash value included in the meter reading data (S2). When the authentication center 7 confirms that the two hash values match, it transmits verification request information including the time stamp token to the TSA server 4 (S3). [007] When the TSA server 4 receives the verification request information transmitted from the authentication center 7 (S211), the TSA server 4 executes the time stamp verification processing by comparing the time stamp token included in the received verification request information with the verification time stamp token that was stored earlier (S212). When the hash values included in the two time stamp tokens match, the verification succeeds. When they do not match, the verification fails. The TSA server 4 transmits verification result information indicative of whether or not the verification has succeeded to the authentication center 7 (S213). [008] The authentication center 7 receives the verification result information transmitted from the TSA server 4 (S4). When this verification result information indicates that the verification of the time stamp has succeeded, it means that the meter reading information existed at the time when the time stamp was generated and that the meter reading information was not tampered with between the time when the time stamp was generated and the current time. In this case, the authentication center 7 transmits information indicating that the meter reading data has been authenticated to the user terminal device 6. This allows the user to confirm that the meter reading information has not been tampered with. [009] Although the electricity meters have been described in the present embodiment as examples of meters, the present invention is not limited to the electricity meters, but may be applied to the cases where other meters such as gas meters or water meters are used. When these other meters are used, it is still possible to check, for example, whether the measurement data has not been tampered with in the course of communication as with the case of the present embodiment described above. [0060] As has been described above, communication among the meter reading data management server 1 and the remote meter reading terminal devices 2 is performed via the SNMP in the present embodiment. This, however, is merely an example. The communication among the meter reading data management server 1 and the remote meter reading terminal devices 2 may be performed using other communication protocols. Industrial Applicability [0061] A measurement data management method and a measurement data management system according to the present invention are useful as a measurement data management method and a measurement data management system for measurement data related to the amount of generated electricity and the like. Description of Reference Numerals [0062] 1 METER READING DATA MANAGEMENT SERVER 2 REMOTE METER READING TERMINAL DE- VICE 3 ELECTRICITY METER 4 TSA SERVER NTP SERVER 6 USER TERMINAL DEVICE 7 AUTHENTICATION CENTER 11 CPU 12 MAIN STORAGE DEVICE 13 AUXILIARY STORAGE DEVICE 13A METER READING DATA DB 14 COMMUNICATION INTERFACE 0 INTERNET 1 METER READING INFORMATION 2 SIGNATURE DATA 3 HASH VALUE 4 TIME STAMP 111 ELECTRICITY METER ID 112 METER READING DATE AND TIME 113 CUMULATIVE ELECTRICITY AMOUNT Claims 1. A measurement data management method for managing measurement data using a terminal device, a measurement data management device, an authentication device, and a time authentication authority, the measurement data including a measured value acquired through measurement processing execut- 8

9 EP B1 16 ed by a meter, the terminal device being connected to the meter, the measurement data management device being communicably connected to the terminal device and managing the measurement data, the authentication device authenticating the measurement data managed by the measurement data management device, and the time authentication authority authenticating time, wherein the terminal device is configured to execute: an electronic signature step of generating electronic signature data based on measurement information including the measured value acquired through the measurement processing executed by the meter, measurement date and time when the measurement processing is executed, and an identifier for identifying the meter; and a transmission step of transmitting the electronic signature data generated in the electronic signature step and the measurement information to the measurement data management device, the measurement data management device is configured to execute: an electronic signature data verification step of verifying the electronic signature data received from the terminal device; a hash value generation step of, when the verification of the electronic signature data has succeeded in the electronic signature data verification step, generating a hash value of the measurement information received from the terminal device; a hash value transmission step of transmitting the hash value generated in the hash value generation step to the time authentication authority; a time stamp acquisition step of acquiring, from the time authentication authority, a time stamp token including the hash value and a time stamp generated by the time authentication authority based on the hash value; and a measurement data storage step of storing measurement data including the measurement information, the electronic signature data, and the time stamp token acquired in the time stamp acquisition step, the authentication device is configured to execute: a measurement data acquisition step of acquiring the measurement data from the measurement data management device; and a time stamp verification request step of transmitting the time stamp token included in the measurement data acquired in the measurement data acquisition step to the time authentication authority so as to request the time authentication authority to verify the time stamp included in the time stamp token, and the time authentication authority is configured to execute: a time stamp token storage step of storing the time stamp token that has been generated based on the hash value acquired as a result of the hash value transmission step; a time stamp verification step of verifying the time stamp included in the time stamp token that has been acquired from the authentication device as a result of the time stamp verification request step based on the hash value included in the time stamp token stored in the time stamp token storage step; and a verification result transmission step of transmitting a result of the verification of the time stamp verification step to the authentication device. 2. The measurement data management method according to Claim 1, wherein the measurement data management device is further configured to execute a measurement data transmission step of transmitting the measurement data stored in the measurement data storage step to an external device, and the time stamp included in the measurement data is verified by the external device that has received the measurement data from the measurement data management device and the time authentication authority. 3. The measurement data management method according to Claim 1 or 2, wherein in the electronic signature step, the terminal device is configured to acquire the measurement date and time from an external NTP server. 4. The measurement data management method according to any of Claims 1 to 3, wherein the terminal device is further configured to execute a determination step of acquiring the measured value from the meter multiple times and determining whether or not the multiple measured values thus acquired match, and is configured to execute the electronic signature step when it has been determined that the multiple measured values match in the determination step.. A measurement data management system including a terminal device, a measurement data management device, an authentication device, and a time authentication authority, the terminal device being connected to a meter, the measurement data management device being communicably connected to the terminal device and managing measurement da- 9

10 17 EP B1 18 ta that includes a measured value acquired through measurement processing executed by the meter, the authentication device authenticating the measurement data managed by the measurement data management device, and the time authentication authority authenticating time, wherein the terminal device includes: an electronic signature means for generating electronic signature data based on measurement information including the measured value acquired through the measurement processing executed by the meter, measurement date and time when the measurement processing is executed, and an identifier for identifying the meter; and a transmission means for transmitting the electronic signature data generated by the electronic signature means and the measurement information to the measurement data management device, the measurement data management device includes: an electronic signature data verification means for verifying the electronic signature data received from the terminal device; a hash value generation means for, when the electronic signature data verification means has succeeded in the verification of the electronic signature data, generating a hash value of the measurement information received from the terminal device; a hash value transmission means for transmitting the hash value generated by the hash value generation means to the time authentication authority; a time stamp acquisition means for acquiring, from the time authentication authority, a time stamp token including the hash value and a time stamp generated by the time authentication authority based on the hash value; and a measurement data storage means for storing measurement data including the measurement information, the electronic signature data, and the time stamp token acquired by the time stamp acquisition means, the authentication device includes: a measurement data acquisition means for acquiring the measurement data from the measurement data management device; and a time stamp verification request means for transmitting the time stamp token included in the measurement data acquired by the measurement data acquisition means to the time authentication authority so as to request the time authentication authority to verify the time stamp included in the time stamp token, and the time authentication authority includes: a time stamp token storage means for storing the time stamp token that has been generated based on the hash value acquired from the measurement data management device; a time stamp verification means for verifying the time stamp included in the time stamp token that has been acquired from the authentication device based on the hash value included in the time stamp token stored by the time stamp token storage means; and a verification result transmission means for transmitting a result of the verification by the time stamp verification means to the authentication device. 6. The measurement data management system according to Claim, wherein the measurement data management device further includes a measurement data transmission means for transmitting the measurement data stored by the measurement data storage means to an external device that verifies the time stamp included in the measurement data together with the time authentication authority. 7. The measurement data management system according to Claim or 6, wherein the electronic signature means is configured to acquire the measurement date and time from an external NTP server. 8. The measurement data management system according to any of Claims to 7, wherein the terminal device further includes a determination means for acquiring the measured value from the meter multiple times and determining whether or not the multiple measured values thus acquired match, and the electronic signature means for generating the electronic signature data when the determination means has determined that the multiple measured values match. Patentansprüche 1. Messdatenverwaltungsverfahren zum Verwalten von Messdaten mithilfe einer Endvorrichtung, einer Messdatenverwaltungsvorrichtung, einer Authentifizierungsvorrichtung und einer Zeitauthentifizierungsinstanz, wobei die Messdaten einen Messwert umfassen, der durch eine durch ein Messgerät ausgeführte Messungsverarbeitung erworben wird, wobei die Endvorrichtung mit dem Messgerät verbun-

11 19 EP B1 den ist, wobei die Messdatenverwaltungsvorrichtung mit der Endvorrichtung kommunizierbar verbunden ist und die Messdaten verwaltet, wobei die Authentifizierungsvorrichtung die durch die Messdatenverwaltungsvorrichtung verwalteten Messdaten authentifiziert und die Zeitauthentifizierungsinstanz Zeit authentifiziert, wobei die Endvorrichtung ausgelegt ist, um folgendes auszuführen: einen elektronischen Signaturschritt zum Erzeugen elektronischer Signaturdaten beruhend auf Messinformationen, die den Messwert, der durch die von dem Messgerät ausgeführte Messungsverarbeitung erfasst wird, umfassen, Messdatum und -zeit der Ausführung der Messungsverarbeitung und einem Identifikator zum Identifizieren des Messgeräts; und einen Übermittlungsschritt zum Übermitteln der in dem elektronischen Signaturschritt erzeugten elektronischen Signaturdaten und der Messinformationen zu der Messdatenverwaltungsvorrichtung, die Messdatenverwaltungsvorrichtung ausgelegt ist, um folgendes auszuführen: einen Schritt der Verifikation der elektronischen Signaturdaten zum Verifizieren der von der Endvorrichtung erhaltenen elektronischen Signaturdaten; einen Hashwerterzeugungsschritt zum Erzeugen eines Hashwerts der von der Endvorrichtung erhaltenen Messinformationen, wenn die Verifizierung der elektronischen Signaturdaten in dem Schritt der Verifikation der elektronischen Signaturdaten erfolgreich war; einen Hashwertübermittlungsschritt zum Übermitteln des in dem Hashwerterzeugungsschritt erzeugten Hashwerts zu der Zeitauthentifizierungsinstanz; einen Zeitstempelerfassungsschritt zum Erfassen eines Zeitstempel-Tokens von der Zeitauthentifizierungsinstanz, der den Hashwert und einen Zeitstempel umfasst, der von der Zeitauthentifizierungsinstanz beruhend auf dem Hashwert erzeugt wird; und einen Messdatenspeicherungsschritt zum Speichern von Messdaten, die die Messinformationen, die elektronischen Signaturdaten und das Zeitstempel-Token, der in dem Zeitstempelerfassungsschritt erfasst wird, umfassen, die Authentifizierungsvorrichtung ausgelegt ist, um folgendes auszuführen: einen Messdatenerfassungsschritt zum Erfassen der Messdaten von der Messdatenverwaltungsvorrichtung; und einen Zeitstempelverifizierungsaufforderungsschritt zum Übermitteln des Zeitstempel-Tokens, der in den in dem Messdatenerfassungsschritt erfassten Messdaten enthalten ist, zu der Zeitauthentifizierungsinstanz, um die Zeitauthentifizierungsinstanz aufzufordern, den in dem Zeitstempel-Token enthaltenen Zeitstempel zu verifizieren, und die Zeitauthentifzierungsinstanz ausgelegt ist, um folgendes auszuführen: einen Zeitstempel-Token-Speicherungsschritt zum Speichern des Zeitstempel-Tokens, der beruhend auf dem Hashwert erzeugt wird, der infolge des Hashwertübermittlungsschritt erfasst wird; einen Zeitstempelverifizierungsschritt zum Verifizieren des Zeitstempels, der in dem Zeitstempel-Token enthalten ist, der von der Authentifizierungsvorrichtung infolge des Zeitstempelverifizierungsaufforderungsschritts beruhend auf dem Hashwert erfasst wird, der in dem Zeitstempel-Token enthalten ist, der in dem Zeitstempel-Token-Speicherungsschritt gespeichert wird; und einen Verifizierungsergebnisübermittlungsschritt zum Übermitteln eines Ergebnisses der Verifizierung des Zeitstempelverifizierungsschritts zu der Authentifizierungsvorrichtung. 2. Messdatenverwaltungsverfahren nach Anspruch 1, wobei die Messdatenverwaltungsvorrichtung weiterhin ausgelegt ist, um einen Messdatenübermittlungsschritt zum Übermitteln der in dem Messdatenspeicherungsschritt gespeicherten Messdaten zu einer externen Vorrichtung auszuführen, und der in den Messdaten enthaltene Zeitstempel von der externen Vorrichtung, die die Messdaten von der Messdatenverwaltungsvorrichtung und der Zeitauthentifizierungsinstanz erhalten hat, verifiziert wird. 3. Messdatenverwaltungsverfahren nach Anspruch 1 oder 2, wobei bei dem elektronischen Signaturschritt die Endvorrichtung ausgelegt ist, um das Messdatum und die Messzeit von einem externen NTP-Server zu erfassen. 4. Messdatenverwaltungsverfahren nach einem der Ansprüche 1 bis 3, wobei die Endvorrichtung weiterhin ausgelegt ist, um einen Ermittlungsschritt zum mehrfachen Erfassen des Messwerts von dem Messgerät und Ermitteln, ob die so erfassten die mehreren Messwerte übereinstimmen, auszuführen, und ausgelegt ist, um den elektronischen Signaturschritt auszuführen, wenn ermittelt wird, dass die mehreren Messwerte in dem Ermittlungsschritt 11

12 21 EP B1 22 übereinstimmen. ein Mittel zur Verifikation der elektronischen Signaturdaten zum Verifizieren der von der Endvorrichtung erhaltenen elektronischen Signaturdaten; ein Hashwerterzeugungsmittel zum Erzeugen eines Hashwerts der von der Endvorrichtung erhaltenen Messinformationen, wenn das Mittel zur Verifikation der elektronische Signaturdaten bei der Verifizierung der elektronischen Signaturdaten erfolgreich ist; ein Hashwertübermittlungsmittel zum Übermitteln des von dem Hashwerterzeugungsmittel erzeugten Hashwerts zu der Zeitauthentifizierungsinstanz; ein Zeitstempelerfassungsmittel zum Erfassen eines Zeitstempel-Tokens von der Zeitauthentifizierungsinstanz, der den Hashwert und einen Zeitstempel umfasst, der von der Zeitauthentifizierungsinstanz beruhend auf dem Hashwert erzeugt wird; und ein Messdatenspeicherungsmittel zum Speichern von Messdaten, die die Messinformationen, die elektronischen Signaturdaten und das Zeitstempel-Token, der von dem Zeitstempelerfassungsmittel erfasst wird, umfassen,. Messdatenverwaltungssystem, welches eine Endvorrichtung, eine Messdatenverwaltungsvorrichtung, eine Authentifizierungsvorrichtung und eine Zeitauthentifizierungsinstanz umfasst, wobei die Endvorrichtung mit einem Messgerät verbunden ist, wobei die Messdatenverwaltungsvorrichtung kommunizierbar mit der Endvorrichtung verbunden ist und Messdaten verwaltet, die einen Messwert umfassen, der durch eine von dem Messgerät ausgeführte Messungsverarbeitung erfasst wird, wobei die Authentifizierungsvorrichtung die von der Messdatenverwaltungsvorrichtung verwalteten Messdaten authentifiziert und die Zeitauthentifizierungsinstanz Zeit authentifiziert, wobei die Endvorrichtung umfasst: die Authentifizierungsvorrichtung umfasst ein Messdatenerfassungsmittel zum Erfassen der Messdaten von der Messdatenverwaltungsvorrichtung; und ein Zeitstempelverifizierungsaufforderungsmittel zum Übermitteln des Zeitstempel-Tokens, der in den von dem Messdatenerfassungsmittel erfassten Messdaten enthalten ist, zu der Zeitauthentifizierungsinstanz, um die Zeitauthentifizierungsinstanz aufzufordern, den in dem Zeitstempel-Token enthaltenen Zeitstempel zu verifizieren, und die Zeitauthentifizierungsinstanz umfasst: ein elektronisches Signaturmittel zum Erzeugen elektronischer Signaturdaten beruhend auf Messinformationen, die den Messwert, der durch die von dem Messgerät ausgeführte Messungsverarbeitung erfasst wird, umfassen, Messdatum und -zeit der Ausführung der Messungsverarbeitung und einem Identifikator zum Identifizieren des Messgeräts; und ein Übermittlungsmittel zum Übermitteln der von dem elektronischen Signaturmittel erzeugten elektronischen Signaturdaten und der Messinformationen zu der Messdatenverwaltungsvorrichtung, die Messdatenverwaltungsvorrichtung umfasst: ein Zeitstempel-Token-Speicherungsmittel zum Speichern des Zeitstempel-Tokens, der beruhend auf dem Hashwert erzeugt wird, der von der Messdatenverwaltungsvorrichtung erfasst wird; ein Zeitstempelverifizierungsmittel zum Verifizieren des Zeitstempels, der in dem Zeitstempel-Token enthalten ist, der von der Authentifizierungsvorrichtung beruhend auf dem Hashwert erfasst wird, der in dem Zeitstempel-Token enthalten ist, der von dem Zeitstempel-Token- Speicherungsmittel gespeichert wird; und ein Verifizierungsergebnisübermittlungsmittel zum Übermitteln eines Ergebnisses der Verifizierung durch das Zeitstempelverifizierungsmittel zu der Authentifizierungsvorrichtung. 6. Messdatenverwaltungssystem nach Anspruch, wobei die Messdatenverwaltungsvorrichtung weiterhin ein Messdatenübermittlungsmittel zum Übermitteln der von dem Messdatenspeicherungsmittel gespeicherten Messdaten zu einer externen Vorrichtung umfasst, die den Zeitstempel, der in den Messdaten enthalten ist, zusammen mit der Zeitauthentifizierungsinstanz verifiziert. 7. Messdatenverwaltungssystem nach Anspruch oder 6, wobei das elektronische Signaturmittel ausgelegt ist, um das Messdatum und die Messzeit von einem externen NTP-Server zu erfassen. 8. Messdatenverwaltungssystem nach einem der Ansprüche bis 7, wobei die Endvorrichtung weiterhin ein Ermittlungsmittel zum mehrfachen Erfassen des Messwerts von dem Messgerät und Ermitteln, ob die so erfassten mehreren Messwerte übereinstimmen, umfasst und das elektronische Signaturmittel zum Erzeugen der elektronischen Signaturdaten, wenn das Ermittlungsmittel ermittelt, dass die mehreren Messwerte 12

13 23 EP B1 24 übereinstimmen. Revendications 1. Procédé de gestion de données de mesure destiné à gérer des données de mesure au moyen d un dispositif terminal, d un dispositif de gestion de données de mesure, d un dispositif d authentification, et d une autorité d authentification temporelle, les données de mesure comprenant une valeur mesurée acquise par un traitement de mesure exécuté par un appareil de mesure, le dispositif terminal étant connecté à l appareil de mesure, le dispositif de gestion des données de mesure étant connecté à des fins de communication au dispositif terminal et gérant les données de mesure, le dispositif d authentification authentifiant les données de mesure gérées par le dispositif de gestion de données de mesure, et l autorité d authentification temporelle authentifiant le temps, dans lequel le dispositif terminal est configuré pour exécuter : une étape de signature électronique consistant à générer des données de signature électronique sur la base d informations de mesure comprenant la valeur mesurée acquise par le traitement de mesure exécuté par l appareil de mesure, la date et l heure de la mesure auxquelles le traitement de mesure est exécuté et un identifiant pour identifier l appareil de mesure ; et une étape de transmission consistant à transmettre au dispositif de gestion de données de mesure les données de signature électronique générées dans l étape de signature électronique et les informations de mesure, le dispositif de gestion de données de mesure est configuré pour exécuter : une étape de vérification de données de signature électronique consistant à vérifier les données de signature électronique reçues du dispositif terminal ; une étape de génération de valeur de hachage consistant à, quand la vérification des données de signature électronique a réussi dans l étape de vérification de données de signature électronique, générer une valeur de hachage des informations de mesure reçues du dispositif terminal ; une étape de transmission de valeur de hachage consistant à transmettre à l autorité d authentification temporelle la valeur de hachage générée dans l étape de génération de valeur de hachage ; une étape d acquisition d estampille temporelle consistant à acquérir, auprès de l autorité d authentification temporelle, un jeton d estampille temporelle comprenant la valeur de hachage et une estampille temporelle générée par l autorité d authentification temporelle sur la base de la valeur de hachage ; et une étape de stockage de données de mesure consistant à stocker des données de mesure comprenant les informations de mesure, les données de signature électronique, et le jeton d estampille temporelle acquis dans l étape d acquisition d estampille temporelle, le dispositif d authentification est configuré pour exécuter : une étape d acquisition de données de mesure consistant à acquérir les données de mesure auprès du dispositif de gestion de données de mesure ; et une étape de demande de vérification d estampille temporelle consistant à transmettre à l autorité d authentification temporelle le jeton d estampille temporelle compris dans les données de mesure acquises dans l étape d acquisition de données de mesure de manière à demander à l autorité d authentification temporelle de vérifier l estampille temporelle comprise dans le jeton d estampille temporelle, et l autorité d authentification temporelle est configurée pour exécuter : une étape de stockage de jeton d estampille temporelle consistant à stocker le jeton d estampille temporelle qui a été généré sur la base de la valeur de hachage acquise comme résultat de l étape de transmission de valeur de hachage ; une étape de vérification d estampille temporelle consistant à vérifier l estampille temporelle comprise dans le jeton d estampille temporelle qui a été acquis auprès du dispositif d authentification comme résultat de l étape de demande de vérification d estampille temporelle sur la base de la valeur de hachage comprise dans le jeton d estampille temporelle stocké dans l étape de stockage de jeton d estampille temporelle ; et une étape de transmission de résultat de vérification consistant à transmettre au dispositif d authentification un résultat de la vérification de l étape de vérification d estampille temporelle. 2. Procédé de gestion de données de mesure selon la revendication 1, dans lequel le dispositif de gestion de données de mesure est en outre configuré pour exécuter une étape de transmission de données de mesure consistant à trans- 13

14 2 EP B1 26 mettre à un dispositif externe les données de mesure stockées dans l étape de stockage de données de mesure, et l estampille temporelle comprise dans les données de mesure est vérifiée par le dispositif externe qui a reçu les données de mesure du dispositif de gestion de données de mesure et par l autorité d authentification temporelle. 3. Procédé de gestion de données de mesure selon la revendication 1 ou 2, dans lequel dans l étape de signature électronique, le dispositif terminal est configuré pour acquérir la date et l heure de la mesure auprès d un serveur NTP externe. 4. Procédé de gestion de données de mesure selon l une quelconque des revendications 1 à 3, dans lequel le dispositif terminal est configuré en outre pour exécuter une étape de détermination consistant à acquérir la valeur mesurée auprès de l appareil de mesure plusieurs fois et déterminer si les plusieurs valeurs mesurées ainsi acquises concordent ou non, et est configuré pour exécuter l étape de signature électronique quand il a été déterminé dans l étape de détermination que les plusieurs valeurs mesurées concordent.. Système de gestion de données de mesure comprenant un dispositif terminal, un dispositif de gestion de données de mesure, un dispositif d authentification et une autorité d authentification temporelle, le dispositif terminal étant connecté à un appareil de mesure, le dispositif de gestion de données de mesure étant connecté à des fins de communication au dispositif terminal et gérant des données de mesure qui comprennent une valeur mesurée acquise par un traitement de mesure exécuté par l appareil de mesure, le dispositif d authentification authentifiant les données de mesure gérées par le dispositif de gestion de données de mesure et l autorité d authentification temporelle authentifiant le temps, dans lequel le dispositif terminal comprend : un moyen de signature électronique destiné à générer des données de signature électronique sur la base d informations de mesure comprenant la valeur mesurée acquise par le traitement de mesure exécuté par l appareil de mesure, la date et l heure de la mesure auxquelles le traitement de mesure est exécuté et un identifiant pour identifier l appareil de mesure ; et un moyen de transmission destiné à transmettre au dispositif de gestion de données de mesure les données de signature électronique générées par le moyen de signature électronique et les informations de mesure, le dispositif de gestion de données de mesure comprend : un moyen de vérification de données de signature électronique destiné à vérifier les données de signature électronique reçues du dispositif terminal ; un moyen de génération de valeur de hachage destiné à générer, quand le moyen de vérification des données de signature électronique a réussi à vérifier les données de signature électronique, une valeur de hachage des informations de mesure reçues du dispositif terminal ; un moyen de transmission de valeur de hachage destiné à transmettre à l autorité d authentification temporelle la valeur de hachage générée par le moyen de génération de valeur de hachage ; un moyen d acquisition d estampille temporelle destiné à acquérir, auprès de l autorité d authentification temporelle, un jeton d estampille temporelle comprenant la valeur de hachage et une estampille temporelle générée par l autorité d authentification temporelle sur la base de la valeur de hachage ; et un moyen de stockage de données de mesure destiné à stocker des données de mesure comprenant les informations de mesure, les données de signature électronique, et le jeton d estampille temporelle acquis par le moyen d acquisition d estampille temporelle, le dispositif d authentification comprend : un moyen d acquisition de données de mesure destiné à acquérir les données de mesure auprès du dispositif de gestion de données de mesure ; et un moyen de demande de vérification d estampille temporelle destiné à transmettre à l autorité d authentification temporelle le jeton d estampille temporelle compris dans les données de mesure acquises par le moyen d acquisition de données de mesure de manière à demander à l autorité d authentification temporelle de vérifier l estampille temporelle comprise dans le jeton d estampille temporelle, et l autorité d authentification temporelle comprend : un moyen de stockage de jeton d estampille temporelle destiné à stocker le jeton d estampille temporelle qui a été généré sur la base de la valeur de hachage acquise auprès du dispositif de gestion de données de mesure ; un moyen de vérification d estampille temporelle destiné à vérifier l estampille temporelle comprise dans le jeton d estampille temporelle qui a 14

15 27 EP B1 28 été acquis auprès du dispositif d authentification sur la base de la valeur de hachage comprise dans le jeton d estampille temporelle stocké par le moyen de stockage de jeton d estampille temporelle ; et un moyen de transmission de résultat de vérification destiné à transmettre au dispositif d authentification un résultat de la vérification par le moyen de vérification d estampille temporelle. 6. Système de gestion de données de mesure selon la revendication, dans lequel le dispositif de gestion de données de mesure comprend en outre un moyen de transmission de données de mesure destiné à transmettre les données de mesure stockées par le moyen de stockage de données de mesure à un dispositif externe qui vérifie l estampille temporelle comprise dans les données de mesure conjointement avec l autorité d authentification temporelle. 7. Système de gestion de données de mesure selon la revendication ou 6, dans lequel le moyen de signature électronique est configuré pour acquérir la date et l heure de la mesure auprès d un serveur NTP externe Système de gestion de données de mesure selon l une quelconque des revendications à 7, dans lequel le dispositif terminal comprend en outre un moyen de détermination destiné à acquérir la valeur mesurée auprès de l appareil de mesure plusieurs fois et déterminer si les plusieurs valeurs mesurées ainsi acquises concordent, et le moyen de signature électronique destiné à générer les données de signature électronique quand le moyen de détermination a déterminé que les plusieurs valeurs mesurées concordent

16 EP B1 16

17 EP B1 17

18 EP B1 18

19 EP B1 19

20 EP B1