JP2000059356A - Business message transmission / reception processing method - Google Patents

Abstract

(57) [Summary] (Modified) [Problem] To enable a transmission person on the transmission side to confirm the legitimacy of a business message on the reception side without holding a master signature key. SOLUTION: In a transmission / reception process of a message, a key manager Z on a transmission side has a master signature key A on a transmission side, a reception side has a master decryption key B corresponding to the master signature key A, and a key on a transmission side. The administrator Z creates a seal certificate for the business decryption key b corresponding to the business signature key a of the transmission person Y on the transmission side using the master signature key A, and the transmission person Y creates the business signature key a Sends the business message digitally signed in step 1 to the receiver, and the receiver checks the received seal seal certificate and master decryption key B.
Is used to confirm that the business decryption key b is definitely sent from the transmission side, and the business decryption key b is used to decrypt the signature of the business telegram, thereby confirming the validity of the business decryption key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for transmitting and receiving a business message with a signature using a computer. The present invention relates to a transmission / reception processing method for a business message with a signature, which is suitable for transmitting and receiving a business message with an external person using a signature.

[0002]

2. Description of the Related Art In general, in a process of transmitting and receiving an electronic message by a computer, a technology of performing an electronic signature using an encryption key technology has been put to practical use in order to authenticate a partner. A typical example of this message is a business message (hereinafter, referred to as a “business message”) used in an electronic transaction between companies.

At the time of transmission / reception processing of a business message, the transmitting side transmitting the business message performs an electronic signature (electronic signature) on the business message using an encryption key, and receives the business message with the electronic signature. The receiving side decrypts the electronic signature using the encryption key (decryption of the signature), thereby confirming that the business message is definitely based on the will of the transmitting side (validity confirmation). Have been.

Further, as disclosed in Japanese Patent Application Laid-Open No. 10-32570, only a specific computer is provided with a function for performing a signature key and an electronic signature, and for example, the signature key is hardly leaked. Like that.

[0005]

In the above-described conventional electronic message transmission / reception processing by a computer, in order for a company to guarantee the validity of a business message transmitted by a person in charge of transmission, a company master signature key is distributed and transmitted. The person in charge needed to have it.

However, if the master signature key is distributed and possessed, it becomes easy for the person in charge of transmission to lose or leak the master signature key. The major problem is that if you use the master signing key to do anything in the name of the company, and if you revoke the master signing key to invalidate that action, you will not be able to do anything with the entire company There was a point.

[0007] It is the cause of the above fatal situation,
As a method of improving the distribution and holding of the master signature key, as disclosed in Japanese Patent Application Laid-Open No. 10-32570, it has been proposed to specify a computer having a function of performing a master signature key and an electronic signature.

However, when a computer having a function of performing a master signature key and an electronic signature is specified as described above, it is necessary to send a business message to an intra-company communication line, and the load of the specified computer becomes heavy. Further, after it has stopped functioning due to a failure or the like, it was not possible to transmit a business message digitally signed with the master signature key of the company.

SUMMARY OF THE INVENTION It is therefore an object of the present invention to eliminate the disadvantages of maintaining and maintaining the master signature key.

[0010] Another object of the present invention is to eliminate the disadvantage of centrally storing a master signature key.

Still another object of the present invention is to provide a business message processing method having both the advantages of the master signature key being distributed and held and the advantage of centralized management of the master signature key.

[0012]

In order to solve the above-mentioned problems, in the present invention, a key for signature on the transmitting side is divided into a master key and a business key and used. Master key is "company seal" of company
For example, it is assumed that it is held in a computer in a department that manages a company seal, such as a secretary section, and is not accessed by other people in the company. People in other departments use their own business keys when transmitting business messages on behalf of the company for their business, but receive the seal certificate from the secretary section for the business keys. This seal certificate may be provided with a term or with a limitation on the target business. The receiving side can know from the seal certificate that the business person in charge is a person authorized in the company.

More specifically, according to the present invention, a master decryption key, which is an encryption key previously agreed between the transmitting side and the receiving side, and a master decrypting key, for performing the validity check at the receiving side. A master signature key, which is an encryption key for generating an electronic signature that can be decrypted by the decryption key, is prepared. Further, a business decryption key, which is an encryption key for actually decrypting the signature of a business message, and this business decryption key A business signature key, which is an encryption key for generating an electronic signature that can be decrypted by the key, is prepared, and the transmitting side transmits a key management unit controlled by a key manager that manages the master signature key, and a business message. The key manager uses a master signature key to ensure that the above-mentioned business decryption key has been sent from the sender without any doubt. is there Reception processing method business message which is adapted to generate the seal certificate data certifying the door is provided.

In the partner authentication in the message transmission / reception processing method according to the present invention, the person in charge of transmission performs an electronic signature on the business message using the signature key, and the receiving side decrypts the key corresponding to the signature key. Can be used to decrypt the signature of a business message.

Hereinafter, the present invention will be described in detail with reference to an embodiment shown in the drawings.

[0016]

FIG. 1 is a block diagram showing an embodiment of an electronic bidding system to which the present invention is applied as a typical example of a business message transmission / reception system using a computer.

The electronic bidding system is a system in which an organization called an electronic exchange that manages electronic transactions on the Internet from a neutral standpoint performs bidding between companies.

In the electronic bidding system shown in FIG. 1, first, a company that wants to procure parts (not shown) registers information such as the specifications of the parts in the electronic exchange ED as a bidding item, and the electronic exchange ED generally uses the information. Publish.

One or more parts manufacturers (FIG. 1
Representatively, as a part manufacturer X), if there is a desire to supply a publicly-available bid item, the information of the selling price is registered in the electronic exchange ED as bidding information. The electronic exchange ED performs a bidding process based on a bidding rule of selecting, for example, one company with the lowest selling price from the component manufacturers X that have registered bid information for each bidding item.
One component maker is selected and the results are made public.

The part maker X has a sales person Y and a secretary section person Z. The sales person Y is authorized to perform a bidding process on behalf of the part maker, and is in charge of the secretary section. The person Z manages the company seal registered on the electronic exchange.

The sales person Y and the secretary section person Z have different computers 10 and 20, respectively. The computer 10 of the sales rep Y is a member ID for bidding
It has a number α and an electronic signature mechanism 11. The computer 20 of the secretary section staff Z has a master signature key A for the component maker X and an electronic signature mechanism 21.

Reference numeral 40 denotes a communication line connecting 10 and 20.

The computer 30 of the electronic exchange ED stores the member ID number α of the part maker X and the master decryption key B of the part maker X in a correspondence database (member ID number / master decryption key) between the member ID number and the master decryption key. Key correspondence D
B) Stored in advance in 31 corresponding to
It has a signature decryption mechanism 32.

Reference numeral 50 denotes a communication line which connects the devices 10 and 30 via the Internet.

Next, the electronic bidding process by the system of FIG. 1 will be described with reference to the flowchart of FIG. FIG. 2A
FIG. 2B is a flow of preparing and storing a seal seal certificate, and FIG. 2B is a flow of transmitting and receiving a business message.

First, in the preparation and storage flow of the seal certificate shown in FIG. 2A, the salesperson Y generates a business signature key a and a business decryption key b corresponding to the business signature key a used in the bidding process in advance.
Further, an expiration date c of the business decryption key b and a use target business d of the business decryption key b are created (step 101).

The salesperson Y sends the business decryption key b, the expiration date c of the business decryption key b, and the business d to be used by the business decryption key b to the secretary section Z, and sends a request for creating a seal certificate. Perform (Step 102).

The secretary section Z creates a seal certificate using the master signature key A and the electronic signature mechanism 21 and transmits it to the computer 10 of the sales representative Y who has requested creation (step 103).

As shown in the seal certificate data format shown in FIG.
Signature data including the business decryption key b, the expiration date c of the business decryption key b, and the business d to be used by the business decryption key b, which are sent from the computer 10 of the third embodiment, and furthermore, the entirety thereof is electronically signed with the master signature key A Contains SA.

The sales representative Y stores the seal certificate received from the secretary section Z in the computer 10 of the sales representative Y (step 104).

Next, transmission and reception of a business message performed using the seal stamp illumination will be described with reference to FIG. 2B.

In FIG. 2B, when the sales representative Y determines the bidding item to be bid and the bid amount and executes the bidding process, the business signature key data a and the electronic signature mechanism 11 are used for the business message. Is performed (step 105).

As shown in the data format of the signed business message in FIG. 4, the signed business message has a member ID number α,
It contains the bid item ID number β and the bidding price γ, and further includes signature data Sa that is electronically signed with the entirety using the business signature key a.

The salesperson Y transmits the signed business message to the computer 30 of the electronic exchange ED (step 106). The salesperson Y continuously transmits the stored seal certificate to the computer 30 of the electronic exchange ED (step 107). The electronic exchange searches the member ID / master decryption key correspondence DB 31 using the member ID α extracted from the received signed business message as a key to acquire the master decryption key B (step 108).

The electronic exchange ED uses the master decryption key B and the signature decryption mechanism 32 to decrypt the signature of the received seal certificate (FIG. 3), and obtains the business decryption key b, the expiration date c of the business decryption key b,
Check the target business d using the business decryption key b (step 1
09). After the confirmation, the electronic exchange ED decrypts the signature of the received signed business message (FIG. 4) using the business decryption key b and the signature decryption mechanism 31 (step 110).

As described above, according to the embodiment shown in FIGS. 1 to 4, the component maker X does not distribute the master signature key A corresponding to the company seal
As a result, it will be possible to carry out the bidding business properly.

A business message (member I) is placed between the computer 10 of the salesperson Y and the computer 20 of the secretary section Z.
Dα, bid item ID β, bidding price α) do not need to be flown, the load on the computer 20 of the secretary section Z is small, and the sales representative Y once executes the stamping certificate from the secretary section Z to execute the bidding business. Sometimes, even if the computer of the secretary section Z does not function due to, for example, a failure, the bidding information can be transmitted to the electronic exchange on behalf of the company.

[0038]

As described above, according to the present invention,
In a message transmission / reception process performed by a computer, a person in charge of transmission transmits a business message from a sender to a receiver without holding a master signature key of the sender, and the receiver can confirm the validity of the message.

Therefore, even if the person in charge of transmission loses the business signature key and cancels it, only the person in charge of transmission cannot perform transmission processing.

[Brief description of the drawings]

FIG. 1 is a system configuration block diagram showing an embodiment according to the present invention.

FIG. 2A is a flowchart showing preparation of a seal proof in a procedure of a message transmission process in FIG. 1;

FIG. 2B is a flowchart showing transmission and reception of a business message in the procedure of the message transmission process in FIG. 1;

FIG. 3 is a format diagram showing a data format of a seal certificate.

FIG. 4 is a format diagram showing a data format of a business message.

[Explanation of symbols]

10: Computer of sales rep of parts maker X, 20
... Computer of secretary section of parts maker X, 30 ... Computer of electronic exchange ED, 40, 50 ... Communication line, 1
1, 21: Electronic signature mechanism, 31: Member ID / master decryption key correspondence DB, 32: Signature decryption mechanism

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 15/28 BF Term (Reference) 5B049 BB11 BB37 CC05 CC31 EE05 GG04 GG07 GG10 5J104 AA09 AA16 EA02 JA21 LA03 LA06 NA02 PA07 PA10

Claims (6)

[Claims] When transmitting and receiving a business message, a sender performs an electronic signature on the business message using an encryption key, and a receiver decrypts the digitally signed business message using an encryption key. In a business message transmission / reception processing method for confirming that the business message is definitely based on the intention of the transmission side, a master decryption key previously agreed between the transmission side and the reception side and the master A master signature key for generating an electronic signature that can be decrypted by a decryption key is prepared, and a business decryption key for decrypting a business message signature and an electronic signature that can be decrypted by the business decryption key are generated. The transmission side has key management means for managing a master signature key and transmission means for electronically signing and transmitting a business message. The key management means -Using the signature key, seal signature data is generated to certify that the business decryption key was definitely sent from the transmitting side, and the transmitting unit electronically converts the business message using the business signature key. Sign and send to recipient,
The receiving side uses the master decryption key of the transmitting side and the seal certification data transmitted from the transmitting side to certify that the business decrypting key is definitely transmitted from the transmitting side,
A business message transmission / reception processing method, wherein the signed business message is decrypted by using the business decryption key, thereby confirming the validity of the signed business message. 2. The business message transmission / reception method according to claim 1, wherein the encryption system used for the digital signature and the signature decryption is a public key encryption system. 3. The function of the key management unit and the function of the transmission unit are composed of separate computers, and these computers are connected by a communication line. The transmission / reception processing method of the business message according to any one of the above. 4. When the key management means generates a seal certificate, the transmission means sends a business decryption key to the key management means via a communication line, and the key management means checks whether the transmission management means has a legitimate business management means. 4. The business message transmission / reception processing method according to claim 3, wherein a seal certificate is generated in the case of: 5. An expiration date of the seal certification is specified when certifying that the business decryption key is definitely sent from the transmission side by the seal certification. 2. The method for transmitting and receiving a business message according to claim 3 or claim 4. 6. The method according to claim 1, wherein when certifying that the business decryption key has definitely been sent from the transmitting side by the seal certificate, the business to which the seal certificate is to be used is specified. The message transmission / reception processing method according to any one of claims 2, 3, 4, and 5.