JP2003091649A - Electronic document transmission program, electronic document reception program, electronic document transmission method, electronic document reception method, electronic document transmission device, and electronic document reception device - Google Patents

Abstract

(57) [Summary] [Problem] When sending and receiving an electronic document for electronic commerce, even if the contact person of the business partner or the business partner is changed, it is possible to smoothly and surely continue the business transaction. I do. SOLUTION: Role information 12a indicating a role in a predetermined commercial transaction, person information 12b for specifying a person in charge of this role, a validity period 12c of the person in charge, and certificate information 12d on a certificate 13 of the person in charge. Management information 12 for association and sharing and management by business partners and business partners
Is stored (step S4), and when the electronic document 11 subjected to the security processing is received (step S5), the management information 12 on the sender or the receiver of the electronic document 11 is stored.
And one or more certificates 13 corresponding to the management information 12
The security processing is inspected based on the contents of the above (step S6).

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic document transmission program, a transmission method and a transmission device for transmitting an electronic document for electronic commerce through a network, an electronic document reception program, a reception method and a reception for receiving this electronic document. Regarding the device.

[0002]

2. Description of the Related Art In recent years, electronic commerce between companies using a network environment such as the Internet, so-called B2
B (Business to Business) is drawing attention. This B2
In B, most of the transactions are carried out by electronically communicating business documents by a plurality of companies, and the agreement by face-to-face contact of the persons in charge between the companies is minimized to improve the efficiency of transactions.

When electronically exchanging business documents, security processing such as electronic signature addition processing and encryption processing is performed in order to safely operate the business. For example, an electronic signature plays a role of a seal stamp in a conventional business document, and guarantees that the sender of the business document is a legitimate transaction partner. Further, in order to prevent tampering with a signed document, a method of encrypting an electronic document in advance and sending it is adopted.

Generally, when encrypting electronic data,
A cryptographic algorithm and a cryptographic key corresponding to it are required. There are several types of encryption keys depending on the use of electronic data and encryption algorithms.For example, a secret key that is basically managed by only a specific person and a public key that is disclosed to any person other than the person himself. An asymmetric key consisting of and is known.

In this encryption method using an asymmetric key, in order to prevent the use of an illegal encryption key, it is necessary to guarantee the correspondence between the public key and its owner, and a certificate is used as a means therefor. Has been. The certificate includes the public key, the name of the owner, the email address, the expiration date of the certificate, and the so-called CA (Certification Auth) that issues the certificate.
ority) Information of the station is described. The format of this certificate is
It is defined by the X509 digital certification standard by the ITU (International Telecommunications Union).

Here, an example of a communication method of an electronic document added with an electronic signature generated using an asymmetric key will be shown. The transmission source first generates hash data of the electronic document to be signed, and encrypts the hash data based on the private key of the person who signs the signature to generate signature data. Then, the signature data is added to the electronic document and sent to the trading partner. On the other hand, when receiving the electronic document, the transmission destination first identifies the certificate of the person who signed the document and acquires the public key described in this certificate. Then, of the received data, the hash data is generated from the portion other than the signature data, that is, the electronic document itself, and the received signature data is decrypted based on the public key, and the hash generated from the decrypted data and the electronic document is generated. Compare with the data. That is, if these pieces of data match, it is found that the electronic document from a proper person has been correctly received.

Here, the hash is a mechanism for generating a random numerical value of a fixed length based on a long character string.
For example, when there are two character strings S1 and S2, the function that generates the hash data for each character string is H
If ASH (S1) and HASH (S2), then S1 and S
If 2 does not match, HASH (S1) and HASH (S
There is a relationship that 2) does not match. Therefore, in the communication method using the asymmetric key as described above, if the hash data obtained from the received electronic document and the hash data obtained by decoding do not match, it is confirmed that the electronic document has been tampered with. I can know.

A communication method using such a digital signature is S / MINE (Secure / Multipurpose Internet M
ail Extensions) and XML (eXtensible Markup Langua)
ge) Used in signature standards for electronic documents such as signatures.

An example of a cryptographic communication method using an asymmetric key is as follows. That is, the sender of the electronic document is
Encrypt the electronic document using the recipient's public key,
Send this. The recipient decrypts the received electronic document using his / her private key.

[0010]

By the way, the signature given to a document is for an individual to approve the content of the document based on his / her position, responsibility, etc., and its role is electronic. Electronic signatures are used for documents. However, with digital signatures, it is difficult to perform operations that match the actual conditions between organizations such as companies, because the acts that were originally performed using seals and signatures were digitized between individuals in this way. There is a face.

For example, in the case of operating the above-described conventional encrypted communication method, it is premised that the receiving side of the electronic document has an appropriate certificate for the transmitting side in advance. However, in the operation between companies, the person in charge of the transaction may change due to personnel changes within the company, etc. It will be necessary to distribute it. If the certificate is not redistributed to the supplier,
When the electronic document is sent, the receiving side does not have the certificate of the new person in charge, so the received document cannot be decrypted.

Further, the electronic document is encrypted by using the public key in the certificate of the person at the destination, and the encrypted electronic document can be decrypted only by the person at the destination. However, if the person in charge of the business partner is changed, the encrypted electronic document may be mistakenly sent to the predecessor, which causes a problem from the viewpoint of document confidentiality.

Here, an example of an actual procedure for reissuing a certificate due to a change in the person in charge of A company in an electronic transaction between A company and B company will be described. First, Company A notifies the person in charge of Company B that the person in charge will be changed on a predetermined date by, for example, electronic mail. Upon receipt of this notification, the person in charge of company B confirms that there is no error in the notification to company A by some method such as e-mail. After this procedure, Company A
The certificate of the new person will be distributed to the person in charge of the company by e-mail, etc. Company B registers the received certificate in its management server.

As in the above-mentioned procedure example, when the person in charge of electronic transaction is changed, the procedure between companies is, for example, from Company B which has been notified of the change of person in charge to Company A. A major problem is that procedures such as confirmation are complicated to ensure accuracy and management costs such as personnel costs are high. Also, the cost increases as the number of customers increases. Furthermore, such procedures for changing the person in charge must be completed by the deadline and may be concentrated at a specific time such as the end of the year.
The burden on the system administrator also increases.

On the other hand, when the person in charge of transaction is changed, the following two methods are conceivable in addition to redistributing the certificate from the side of the change to the counterparty of the transaction each time.
The first method is a method in which a certificate is basically obtained from a specific server. In this case, the latest certificate is centrally managed by a specific server,
When verifying the electronic signature, the server is accessed through the network and the certificate is obtained.

This method has the advantage that the certificate can always be kept up to date, but has the following problems. For example, as a performance issue, before inspecting the electronic signature,
Since the latest certificate is always acquired via the network, inconvenience may occur due to the communication speed when inspecting the electronic signature, the processing speed of the server, and the like.

There is also a problem regarding the cost for constructing a server for managing certificates. For example, such a management server is considered to be installed in each company, but the time when the customer tries to obtain the certificate from the management server is arbitrary, and the management server must be running at this time. Therefore, the management server generally operates for 24 hours. Therefore, constructing such a system for each customer has a problem of high cost except for large-scale companies. However, a system in which the management server is centrally managed as a server of a CA station and each customer obtains the latest certificate from this server is conceivable, and in this case, the problem of cost is reduced.

Further, there may be an operational problem of the management server. For example, there is a case where a certain company inspects electronic documents transacted in the past in a specific case such as at the time of audit or at regular intervals. In this case, when the electronic signature is checked, the transaction document cannot be inspected unless the business partner or the management server of the CA station is operating. Therefore, the business of the company depends on other companies or external servers, and it becomes impossible for the company to independently perform the business. Therefore, it is desirable that the certificate information can be managed by the company.

Next, the second method is a method of attaching a certificate together with an electronic signature to a document to be sent. In this method, the electronic signature and the certificate are always received as a pair, so there is little discrepancy between them. However, there may be confusion if the trading partners change. For example, if you receive a document after the person in charge of the trading partner has changed, you should be able to determine that the document is normal by checking the electronic signature based on the attached certificate. However, at this time, if you have not been notified of the change of the person in charge of the other party, you may be checked out.

For example, in the communication regulations using the electronic signature defined by S / MINE, the transmitting side encrypts and transmits the electronic document itself together with the electronic signature, and the receiving side decrypts the electronic document and then the electronic document. The sender's mail address recorded in the MINE format is taken out. In general, the person having the sender's email address corresponds to the signer, so the sender can be recognized from the retrieved email address. Therefore, in such a case, if the change of the person in charge of the transaction partner has not been notified in advance, it is judged that there is an error in the signature because the retrieved mail address belongs to another person, and the checkout is performed.

Further, even when the person in charge of the receiving side of the electronic document has changed, if this is not transmitted to the transmitting side, the transmitting side encrypts the document with the public key of the person in charge in the past and transmits it. As a result, the receiving company is in a situation where the original person in charge receives this document for a while even though the person in charge is changed.
This is not preferable in terms of document confidentiality.

As in the first and second methods described above, a method other than redistributing the certificate to the trading partner each time the person in charge of the trading partner changes is used. Various problems will arise in order to smoothly operate the communication of documents between companies regardless of the change of the person in charge.

The present invention has been made in view of the above problems, and when transmitting an electronic document for electronic commerce, even if the person in charge of the supplier or the supplier is changed, It is an object of the present invention to provide an electronic document transmission program capable of reliably continuing commercial transactions.

Another object of the present invention is to smoothly and surely continue the commercial transaction even when the person in charge of the business partner or the transaction source is changed when receiving the electronic document for the electronic commercial transaction. It is to provide an electronic document reception program capable of performing the above.

Further, another object of the present invention is to smoothly and surely continue the commercial transaction even when the person in charge of the business partner or the transaction source is changed when transmitting the electronic document for the electronic commercial transaction. It is to provide an electronic document transmission method capable of performing the above.

Another object of the present invention is to smoothly and surely continue the commercial transaction even when the person in charge of the business partner or the transaction source is changed when receiving the electronic document for the electronic commercial transaction. It is an object of the present invention to provide a method of receiving an electronic document.

Further, another object of the present invention is to smoothly and surely continue the commercial transaction even when the person in charge of the business partner or the transaction source is changed when transmitting the electronic document for the electronic commercial transaction. It is to provide an electronic document transmitting device capable of

Another object of the present invention is to smoothly and surely continue the commercial transaction even when the person in charge of the business partner or the transaction source is changed when receiving the electronic document for the electronic commercial transaction. It is to provide an electronic document receiving apparatus capable of

[0029]

In order to solve the above problems, the present invention provides an electronic document transmission program for causing a computer to execute the processing shown in FIG. This electronic document transmission program is an electronic document transmission program for transmitting the electronic document 11 for electronic commerce through the network 3, and includes role information 12a indicating a role of a window in a predetermined commercial transaction and a person in charge of the role. Person information 12b to be identified, validity period 12c for the identified person, and certificate 13 certifying the relationship between the electronic document 11 to be received and the identified person who is the sender or the receiver thereof. The certificate information 12d is associated with the management information 12 to be shared and managed by the supplier and the supplier (step S
1), based on the management information 12 about the sender or the recipient of the electronic document 11 to be transmitted and the contents of the one or more certificates 13 corresponding to the management information 12 of the electronic document 11. A security process for ensuring security is performed (step S2), and the electronic document 11 is transmitted (step S3).

Through such processing, the computer functions as the electronic document transmitting apparatus 1. In the electronic document transmitting apparatus 1, the management information 12 in which the role information 12a corresponding to a predetermined commercial transaction, the person in charge 12b, the valid period 12c, and the certificate information 12d are associated with each other is stored in advance, and the electronic document 11 is transmitted. At times, the electronic document 11 is subjected to security processing and transmitted based on the contents of the one or more certificates 13 corresponding to the stored management information 12. In the management information 12, for example, a plurality of person-in-charge information 12b and a plurality of certificate information 12d can be associated with the role information 12a according to the validity period 12c.
Since the management information 12 is shared between the transaction partner and the transaction source of a predetermined commercial transaction, that is, the transmission destination and the transmission source of the electronic document 11, even when one person in charge of each commercial transaction is changed, the other person in charge It is possible to reliably obtain the certificate 13 required by the.

Further, the present invention provides an electronic document receiving program for causing a computer to execute the processing shown in FIG. This electronic document receiving program is an electronic document 11 for electronic commerce through the network 3.
A role information 12a indicating a role of a window in a predetermined commercial transaction, person information 12b for identifying a person in charge of performing the role, a valid period 12c for the identified person in charge, and,
Certificate 1 certifying the relationship between the electronic document 11 to be received and the specified person who is the sender or the receiver
The certificate information 12d related to No. 3 is associated, the management information 12 for sharing and managing it between the business partner and the business partner is stored (step S4), and the electronic document 11 subjected to the security processing is received (step S5). And the management information 1 about the sender or the recipient of the electronic document 11.
The security processing is inspected based on 2 and the contents of one or more certificates 13 corresponding to the management information 12 (step S6).

Through such processing, the computer functions as the electronic document receiving device 2. In this electronic document receiving device 2, the management information 12 in which the role information 12a corresponding to a predetermined commercial transaction, the person in charge 12b, the valid period 12c, and the certificate information 12d are associated in advance is stored, and the electronic document 11 is received. At times, based on the contents of the one or more certificates 13 corresponding to the stored management information 12, the security process performed on the electronic document 11 is inspected. In the management information 12, for example, a plurality of person-in-charge information 12b and a plurality of certificate information 12d can be associated with the role information 12a according to the validity period 12c. Since the management information 12 is shared by the transaction partner and the transaction source of a predetermined commercial transaction, that is, the transmission destination and the transmission source of the electronic document 11, even if the person in charge of each commercial transaction is changed, the person in charge is required to prove. The calligraphy 13 can be surely acquired.

Further, according to the present invention, in an electronic document transmitting method for transmitting an electronic document for electronic commerce through a network, role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role are specified. Associating contact information, a validity period for the specified contact person, and certificate information regarding a certificate certifying the relationship between the electronic document to be received and the sender or the specified contact person who is the receiver. , The management information about the sender or the recipient of the electronic document that stores and sends the management information to be shared and managed by the business partner and the business partner, and one or more of the certifications corresponding to the management information. A security process for ensuring the security of the electronic document is performed based on the content of the document, and the electronic document is transmitted. Electronic document transmission method is provided.

In such an electronic document transmitting method, management information in which role information corresponding to a predetermined commercial transaction, its person in charge information, effective period, and certificate information are associated with each other is stored in advance, and when transmitting an electronic document, Based on the contents of one or more certificates corresponding to the stored management information, the electronic document is subjected to security processing and transmitted. Since the management information is shared between the transaction partner and the transaction partner of a predetermined commercial transaction, that is, the transmission destination and the transmission source of the electronic document, even if the person in charge of each commercial transaction is changed, the person in charge can obtain the required certificate. You can definitely get it.

Further, in the present invention, in an electronic document receiving method for receiving an electronic document for electronic commerce through a network, role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role are specified. Associating contact information, a validity period for the specified contact person, and certificate information regarding a certificate certifying the relationship between the electronic document to be received and the sender or the specified contact person who is the receiver. , Storing management information to be shared and managed by a supplier and a supplier, and receiving the security-treated electronic document, the management information about the sender or the receiver of the electronic document, and An electronic document characterized by inspecting the security processing based on the contents of one or more certificates corresponding to management information. Shin method is provided.

In such an electronic document receiving method, the management information in which the role information corresponding to a predetermined commercial transaction, the person in charge of the role information, the effective period, and the certificate information are associated with each other is stored in advance. Based on the contents of the one or more certificates corresponding to the stored management information, the security process performed on the electronic document is inspected. Since the management information is shared between the transaction partner and the transaction partner of a predetermined commercial transaction, that is, the transmission destination and the transmission source of the electronic document, even if the person in charge of each commercial transaction is changed, the person in charge can obtain the required certificate. You can definitely get it.

Further, according to the present invention, in the electronic document transmitting apparatus for transmitting the electronic document for electronic commerce through the network, the role information indicating the role of the window in a predetermined commercial transaction and the person in charge of the role are specified. Associating contact information, a validity period for the specified contact person, and certificate information regarding a certificate certifying the relationship between the electronic document to be received and the sender or the specified contact person who is the receiver. , Management information storage means for storing management information shared and managed by a supplier and a supplier, the management information about a sender or a receiver of the electronic document to be transmitted, and 1 corresponding to the management information. Security processing means for performing processing for ensuring the security of the electronic document based on the contents of one or more of the certificates. Electronic document transmission apparatus according to claim is provided.

Here, the management information storage means stores in advance management information in which the role information corresponding to a predetermined commercial transaction, the person in charge of the role information, the valid period, and the certificate information are associated, and the security processing means manages the management information. Security processing is performed on the electronic document based on the contents of one or more certificates corresponding to the management information stored in the information storage means. Since the management information is shared between the transaction partner and the transaction partner of a predetermined commercial transaction, that is, the transmission destination and the transmission source of the electronic document, even if the person in charge of each commercial transaction is changed, the person in charge can obtain the required certificate. You can definitely get it.

Further, according to the present invention, in an electronic document receiving device for receiving an electronic document for electronic commerce through a network, role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role are specified. Associating contact information, a validity period for the specified contact person, and certificate information regarding a certificate certifying the relationship between the electronic document to be received and the sender or the specified contact person who is the receiver. , A management information storage unit that stores management information to be shared and managed by a supplier and a transaction source, and when the electronic document subjected to security processing is received, the sender or the receiver of the electronic document is described as follows. A security check for the security process based on management information and the contents of one or more certificates corresponding to the management information. Electronic document receiving apparatus; and a utility inspection means.

Here, the management information storage means stores in advance management information in which the role information corresponding to a predetermined commercial transaction, the person in charge of the role information, the valid period, and the certificate information are associated, and the security inspection means manages the management information. Based on the contents of the one or more certificates corresponding to the management information stored in the information storage means, the security processing performed on the received electronic document is inspected. Since the management information is shared between the transaction partner and the transaction partner of a predetermined commercial transaction, that is, the transmission destination and the transmission source of the electronic document, even if the person in charge of each commercial transaction is changed, the person in charge can obtain the required certificate. You can definitely get it.

[0041]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a principle configuration diagram for explaining the principle of the present invention.

As shown in FIG. 1, the present invention is roughly classified into
It is realized in a system including an electronic document transmitting apparatus 1 that transmits the electronic document 11 and an electronic document receiving apparatus 2 that receives the transmitted electronic document 11. This system
For example, the electronic document transmitting device 1 and the electronic document receiving device 2 are for performing electronic commerce between companies, and are operated by, for example, a company that performs a predetermined commerce, and an electronic document 11 for commerce is provided between the companies. Used to send and receive in.

The electronic document transmitting apparatus 1 and the electronic document receiving apparatus 2 are connected by the network 3. The electronic document 11 is transmitted from the electronic document transmitting apparatus 1 to the electronic document receiving apparatus 2 as, for example, an electronic mail. Further, when transmitting the electronic document 11, the electronic document transmitting apparatus 1 performs security processing such as addition of an electronic signature or encryption.

Further, in the present invention, the management information 12 generated for each commercial transaction is stored in both the electronic document transmitting apparatus 1 and the electronic document receiving apparatus 2, and the electronic document 1 is stored.
The security process and its inspection are performed with reference to the transmission and reception of 1. In this management information 12, role information 12a, person-in-charge information 12b, valid period 12c, and certificate information 12d are stored in association with each other.

The role information 12a is information indicating the role of a window in a predetermined commercial transaction, and is represented by, for example, the department name in charge. Further, the person-in-charge information 12b is the role information 12
This is information for identifying the person in charge who plays the role indicated by a, and for example, the name or company name of the person in charge is described. That is, the person in charge means a person who is responsible for a contact with a business partner in a predetermined commercial transaction. In the effective period 12c, the start date and the end date when the role of the person in charge specified in the person in charge information 12b becomes effective are described.

The certificate 13 is information provided for security processing performed on the electronic document 11,
The relationship between the electronic document 11 to be transmitted and received and the person in charge who is the sender or the receiver thereof is proved. For example, when an electronic signature is used as the security process, the certificate proves that the electronic signature added to the electronic document 11 is surely signed by the sender. Further, when the electronic document 11 is encrypted, it is proved that the encryption keys respectively used for encryption and decryption are certainly for the recipient.

The certificate information 12d is information relating to the certificate 13 corresponding to the person in charge identified by the person in charge information 12b. When the certificate information 12d is given, the certificate information 12d is stored in the certificate 13 corresponding to the person in charge. Information can be obtained. For example, when the certificate of the employee of the company is published on the Internet homepage or the like, the certificate information 12d includes the URI (Uniform Reload) of the certificate 13 of the person in charge.
source Identifiers) are described.

In the above management information 12, the role of a window for a predetermined commercial transaction, the person in charge of the window, and the information about the certificate 13 for security processing are managed in association with each other. Therefore, the management information 12 is generated for each commercial transaction, for example. Also, a plurality of person-in-charge information 12b having different person-in-charge names, an effective period 12c, and certificate information 12d can be associated with the role information 12a in accordance with the effective period 12c, thereby making it possible to recognize the change of the person in charge. Becomes

Further, in the management information 12, not only the person in charge of the company but also the customer is stored and shared among the companies in a predetermined commercial transaction. As a result, it becomes possible for each company to clarify the role of a certain commercial transaction window and the person in charge of fulfilling that role, and it is also possible to recognize the change in the person in charge of the customer by describing the effective period 12c. Become. Therefore, by always being able to obtain the certificate 13 corresponding to the person in charge of both the supplier and the supplier, it is possible to accurately and smoothly perform the security processing on the electronic document 11.

Next, the operation of transmitting and receiving the electronic document 11 will be described. In the electronic document transmitting device 1, the management information 12 corresponding to a predetermined commercial transaction is stored in advance (step S1). The electronic document transmitting apparatus 1 stores not only the management information 12 about the person in charge of the transmitting side of the electronic document 11 but also the person in charge of the receiving side. The contents of the certificate 13 for the person in charge on the receiving side are stored in advance based on the certificate information 12d described in the management information 12, for example.

Next, when transmitting the electronic document 11, the stored management information 12 is referred to and the electronic document 1
Based on the management information 12 about the sender or the receiver of 1 and the contents of the certificate 13 corresponding to this management information 12,
Security processing is performed on the electronic document 11 (step S2).

For example, when the sender's electronic signature is added to the electronic document 11, the sender's certificate 13 is acquired from the corresponding management information 12, the electronic signature is generated based on the contents, and the electronic document 11 is generated. Added to. In this case, for example, certificate 1
An encryption key such as the sender's private key is described in 3, and an electronic signature is generated using this encryption key. Further, when the electronic document 11 is encrypted and transmitted, the certificate 13 of the recipient of the supplier is acquired from the corresponding management information 12. In this case, for example, the certificate 13 describes the recipient's public key, and the electronic document 11 is encrypted using this public key.

Next, the electronic document 11 which has been subjected to the security processing is transferred to the electronic document receiving device 2 via the network 3.
(Step S3). Similar to the electronic document transmitting device 1, the electronic document receiving device 2 stores the management information 12 corresponding to a predetermined commercial transaction in advance (step S4). At this time, not only the reception side of the electronic document 11 but also the person in charge of the transmission side is stored. Regarding the contents of the certification 13 of the person in charge on the transmission side, for example, based on the certificate information 12d described in the management information 12,
The corresponding certificate 13 is acquired in advance from the homepage where the sender publishes the certificate 13 and stored.

Next, when the security-processed electronic document 11 is received (step S5), the stored management information 12 is referred to, and the management information 12 about the sender or the receiver of this electronic document 11 is referred to. And this management information 1
2 based on the contents of the certificate 13 corresponding to 2
An inspection is performed on the security processing performed on the (step S6).

For example, when inspecting the electronic signature by the sender added to the electronic document 11, the corresponding management information 1
The sender's certificate 13 is acquired from 2, and the electronic signature is inspected based on the content. In this case, for example, the certificate 13 describes an encryption key such as the sender's public key, and the electronic signature is inspected using this encryption key to evaluate the validity of the electronic document 11. Further, when the electronic document 11 is encrypted, the certificate 13 of the recipient of the business partner is acquired from the corresponding management information 12. In this case, for example, the private key of the recipient is described in the certificate 13, and the electronic document 11 is decrypted using this private key.

In the above processing, the electronic document 11 is processed based on the management information 12 and the corresponding certificate 13 which are shared and stored between the electronic document transmitting apparatus 1 and the electronic document receiving apparatus 2. Since the security process and its inspection are performed, the electronic document 11 is reliably exchanged between the persons in charge,
The security processing is reliably canceled in the electronic document receiving device 2. Therefore, regardless of the changes made by both parties,
It becomes possible to operate electronic commerce efficiently and reliably.

Note that both the electronic document transmitting apparatus 1 and the electronic document receiving apparatus 2 create new management information 12 about the person in charge when a person in charge of the company in a predetermined commercial transaction is changed or added. It may be stored in memory and automatically transmitted to the customer. As such an example, when the certificate 13 corresponding to the management information 12 transmitted to the supplier has reached a certain time before the expiration date and time, new management information 12 is sent to the supplier. You may make it transmit automatically.

Further, the customer who has received the new management information 12, that is, the other device, receives and automatically stores the new management information 12 about the person in charge of the customer. Further, when the received management information 12 is stored, the URI described in the certificate information 12d may be accessed to acquire and store the content of the corresponding certificate 13 from the home page.

As described above, when the person in charge of a predetermined commercial transaction is changed or a new commercial transaction occurs, the newly generated management information 12 is automatically delivered to the business partner, and the business partner sends it. By automatically storing the information, it is possible to always store accurate information about the person in charge of the transaction partner and its certificate 13, and to send and receive the electronic document 11 without trouble.

Next, FIG. 2 is a diagram showing a configuration example of an electronic document transmitting / receiving system to which the present embodiment is applied. The electronic document transmitting / receiving system 100 shown in FIG. 2 is a system for transmitting / receiving electronic documents for electronic commerce between companies, and is configured by electronic document processing devices 110, 120 and 130 respectively owned by companies A, B and C. To be done.
The electronic document processing devices 110, 120 and 130 are
Each is connected by the network 140.

Each of the electronic document processing devices 110, 120 and 130 sends an electronic document to which another electronic document processing device 110, 120 or 130 has been subjected to security processing such as addition of an electronic signature or encryption, for example, an electronic mail. And so on. In addition, another electronic document processing device 110,
The electronic document transmitted from 120 or 130 is received, security processing is checked, and this is released.

Furthermore, each electronic document processing device 110, 12
0 and 130 store the management information for sharing and managing the roles of the transaction source and the transaction partner in the commercial transaction and the information of each person in charge and the certificate, and based on this management information, security processing and Perform the inspection. When this management information is newly created or the content is updated, the new management information is sent through the network 140 to the electronic document processing device 110, 120 or 1 of the customer.
Send to 30. In addition, another electronic document processing device 1
The new management information received from 10, 120 or 130 is stored.

Further, the electronic document processing apparatuses 110, 120, and 130 publish the certificate of the person in charge of their own company in the commercial transaction on the homepage, and access the homepages of other companies to obtain the desired certificate.

In the following description, the management information is "ROL".
I will call it "E". The network 140 is a wide area network such as the Internet. In FIG. 2, as an example, the three companies A, B, and C are
Although only one is shown, the network 14 is not limited to this.
0 may be connected to electronic document processing devices of more than one company.

Next, FIG. 3 is a diagram showing a hardware configuration example of the electronic document processing apparatus 110 used in the embodiment of the present invention. As shown in FIG. 3, the electronic document processing apparatus 110
Is a CPU (Central Processing Unit) 110a, RA
M (Random Access Memory) 110b, HDD 110
c, a graphic processing unit 110d, an input I / F (interface) 110e, and a communication I / F 110f, which are mutually connected via a bus 110g.

The CPU 110a uses the electronic document processing device 11
Takes control of 0 as a whole. RAM110b is C
At least a part of the program executed by the PU 110a and various data necessary for processing by this program are temporarily stored. The HDD 110c has an OS (Operatin
g System), application programs, and various data such as ROLE information.

A monitor 110h is connected to the graphic processor 110d. This graphic processing unit 1
The display unit 10d displays an image on the screen of the monitor 110h according to a command from the CPU 110a. Input I / F 11
A keyboard 110i and a mouse 110j are connected to 0e. This input I / F 110e is the keyboard 1
10i and mouse 110j output signals from the bus 110
It is transmitted to the CPU 110a via g. Communication I / F 11
0f is connected to the network 140, and the electronic document processing apparatuses 120 and 1 are connected via the network 140.
Data is transmitted / received to / from 30.

With the above hardware configuration,
The processing function of this embodiment can be realized. Note that the other electronic document processing apparatuses 120 and 130 can also be realized by a similar hardware configuration.

Next, FIG. 4 is a block diagram showing a functional configuration example of the electronic document processing apparatus 110. Since the electronic document processing apparatuses 110, 120 and 130 have the same functional configuration, only the electronic document processing apparatus 110 will be described here as a representative thereof.

As shown in FIG. 4, the electronic document processing device 11
Reference numeral 0 denotes a document processing management unit 111 that manages transmission / reception of electronic documents and transmission / reception of ROLE, and R that manages ROLE.
An OLE management unit 112, a security management unit 113 that manages security processing for electronic documents, and a transmission management unit 114 that manages transmission of electronic documents and ROLE.
And a network server 115 that sends and receives e-mails and publishes homepages through the network 140.
Composed by.

The document processing management unit 111 generates an electronic document and requests the security management unit 113 to perform security processing such as addition of an electronic signature and encryption on the electronic document. Then, the transmission management unit 114 is requested to transmit the security-processed electronic document through the network 140 through the network server 115. Also, the network server 1
The electronic mail received by 15 is acquired, and the security management unit 113 is requested to inspect the electronic document in the electronic mail for the security processing. Furthermore, the expiration date of the certificate for the person in charge of the company stored in the certificate management unit 113b, which will be described later, is monitored, and when the expiration date / time reaches a certain time, a new certificate is designated for the transmission management unit 114. Request that ROLE be distributed to suppliers.

The ROLE management unit 112 generates and stores the ROLE, and manages the ROLE such as addition, update, and deletion of the ROLE. Also, in response to a request from the document processing management unit 111, the transmission management unit 114, or the like, the R
Output OLE. This ROLE is for associating information indicating a role of a contact in a predetermined commercial transaction with information for identifying a person in charge of this contact and information about a certificate of the person in charge and managing the information in common with a business partner. Information. ROLE is XML (eXtensible Markup Languag
e) Format documents are stored and output.

The security management unit 113 generates, inspects, encrypts, and decrypts a digital signature. Also, generate a certificate, store it, and send this certificate to the supplier.
Request the transmission management unit 114. In addition, network 1
The certificate obtained from the supplier is stored through 40. To this end, the security management unit 113 includes a signature management unit 113a that generates and inspects a digital signature, and a certificate management unit 113b that stores a certificate.

The signature management unit 113a is the certificate management unit 11
An electronic signature to be added to the electronic document to be transmitted is generated based on the certificate acquired from 3b. In addition, the electronic signature added to the received electronic document is inspected based on the certificate, and the result is output.

The certificate management unit 113b generates a certificate and stores it, and at the same time, the network server 115
The security management unit 113 is requested to publish the certificate on the company's homepage operated by. Also,
The security management unit 113 is requested to send this certificate to the customer. Further, the corresponding certificate is output in response to the request.

Here, the certificate proves the relationship between the electronic document to be transmitted / received and the person in charge of the commercial transaction which is the sender or the receiver thereof. For example, when a digital signature is used as a security process, the certificate proves that the digital signature added to the electronic document is surely signed by the sender. In addition, the electronic document 11
If is encrypted, prove that the cryptographic keys used during encryption and decryption, respectively, are indeed the recipient's.

When transmitting an electronic document, the security management unit 113 requests the signature management unit 113a to generate an electronic signature in response to a request from the document processing management unit 111. Alternatively, a predetermined certificate is acquired from the certificate management unit 113b, and the electronic document is encrypted based on this. In addition, when the electronic document is received, the signature management unit 113a is requested to inspect the electronic signature added to the electronic document.
Alternatively, when the electronic document is encrypted, a predetermined certificate is acquired from the certificate management unit 113b and the electronic document is decrypted based on this.

Further, the security management unit 113 registers the certificate generated by the certificate management unit 113b in the electronic document processing device 120 or 130 of the customer when updating or adding the ROLE for the person in charge of the company. In order to do so, the transmission management unit 114 is requested to transmit this certificate. In addition, when the ROLE management unit 112 updates or adds a ROLE for a person in charge of a customer, the network server 115 acquires the certificate corresponding to the ROLE from the homepage of the customer.
The certificate management unit 113b is caused to store the acquired certificate.

The transmission management unit 114 is the ROLE management unit 11
A destination list, which is a list of addresses and e-mail addresses of persons in charge of business dealings using ROLE stored in No. 2, is stored. Then, based on the destination list, the network server 115 is requested to transmit the ROLE or the electronic document via the network 140 by electronic mail. Further, when the ROLE is transmitted, the state after the transmission of the ROLE is monitored, and when the transmission is not completed, this is notified to the destination.
In addition, when ROLE is received from the customer,
In response to the notification from the management unit 112, the supplier is notified that the reception is completed.

The network server 115 is an internet server that provides services on the internet such as a mail server and a WWW server. The network server 115 sends an electronic mail through the network 140 in response to a request from the sending management unit 114. Also,
In response to a request from the document processing management unit 111, the network 1
The e-mail received via 40 is output.

Further, regarding the certificate of the person in charge of the company stored in the certificate management unit 113b, the URI of this certificate is associated and made public on the home page, and another electronic document processing device via the network 140 In response to requests from 120 and 130, the certificate of the person in charge of the company stored in the certificate management unit 113b is transmitted to each device. In addition, in response to a request from the security management unit 113, the homepages disclosed by the electronic document processing apparatuses 120 and 130 of the other companies B and C are accessed and the certificate of the person in charge of the supplier is acquired.

In the electronic document processing device 110 described above, all the functional blocks do not necessarily have to be implemented in the same computer device, and one or a plurality of functional blocks may be implemented in another computer device. Good. In this case, the computer devices are connected by a network such as a LAN (Local Area Network), and data is transmitted and received between the functional blocks.

Next, FIG. 5 conceptually shows the data structure of ROLE. As described above, ROLE associates information indicating the role of a contact in a predetermined commercial transaction with the information identifying the person in charge of this contact and the information about the certificate of the person in charge and shares it with the business partner. This is information for managing. Therefore, as shown in FIG. 5, information indicating the role is described at the highest level in the data structure of ROLE.

In FIG. 5, as an example, role information "PC
Although it is described as "sales window," for other products, for example, "office software sales window""communication equipment sales window"
You can describe the role such as. On the contrary, for the side that purchases the product, it can be described as "PC purchasing counter", "office software purchasing counter", or the like. As a result, the ROLE is mainly generated each time a trade of a certain product is started or each time a trade of the same type of product is started. Further, ROLE is individually generated for both the supplier and the supplier of the transaction. Then, the ROL of both the supplier and the supplier generated individually
Both companies hold E.

Below this role is "ROLEPERS".
As "ON", the information that identifies the person in charge who plays a role is described. As this ROLEPERSON, as shown in FIG. 5, the name of the person in charge, the period of validity as the person in charge of fulfilling the above-mentioned role, and the company name of this person in charge are described. In FIG. 5, “Ichiro Suzuki” identified by ROLEPERSON plays a role of a PC sales window from “April 1, 1999” to “March 31, 2001”.
It is shown to be valid until "day". The validity period of the certificate may be described as the validity period here.

Further, under the ROLEPERSON, information regarding the certificate is described as "CERTIFICATE". As this CERTIFICATE, first, the publicized URI in which the certificate for the person in charge identified by ROLEPERSON is stored is described. Also, the certificate usually has the start date of the validity period,
Although the end date is described, this information is CERTIFI
It may be described in CATE.

In ROLEPERSON, since the effective period of the person in charge is shown, it is possible to assign a plurality of persons in one ROLE in accordance with the effective period. As an example, in FIG. 5, in addition to ROLEPERSON that specifies “Ichiro Suzuki” as the person in charge,
Second ROLEPERSON with "Kazuhiro Sasaki" specified
Is described. The validity period of the person identified by this second ROLEPERSON is "April 1, 2001.
From "Sun" to "March 31, 2003".
Therefore, it is indicated that the person in charge will be changed from April 1, 2001 due to personnel changes.

FIG. 6 shows an example of a DTD program list defining the data structure shown in FIG. ROLE
In the management unit 112, ROLE is stored in XML format. FIG. 6 shows an example of DTD (Document Type Definition) that defines the document type used in the XML format document. The same DTD as that of the customer is used in the commercial transaction.

In the program list of FIG. 6, a list of roles is defined in the 603rd line, and R is defined in the 604th line.
A role is defined as an attribute of OLE (ATTRIBUTE), and by doing so, it becomes possible to call a required ROLE by selecting a role from the list. Also,
In lines 606 to 608 and 611, the name, effective date, end date of expiration date, and company name are defined as the attributes of ROLEPERSON. In addition, at lines 609 and 610, CERTI
URI is defined as an attribute of FICAT.

Next, FIG. 7 shows an example of a program list in the XML format for ROLE that includes the information shown in FIG. In the program list of FIG. 7, the line 701 defines the PC sales window as a role. In addition, from line 702 to line 704, 1999 4
Information on ROLEPERSON and CERTIFICATE regarding "Ichiro Suzuki" who is valid as a person in charge from 1st to 31st March 2001 is described. In addition, in lines 705 to 707, 2001 4
ROLEPERSON and CERTI about "Kazuhiro Sasaki" valid from 1st of March to 31st of March 2003
The FIATE information is described.

Next, FIG. 8 shows an example of a program list (XML format) of ROLE when the certificate expires at a certain date. In the program list of Figure 8,
ROLEPE defined in lines 802 to 803
Since the validity period of the RSON certificate is March 31, 2001, the certificate of the same person in line 804 to line 807 must be valid after April 1, 2001. Is defined. ROLE like this
Is generated to notify that the same person will continue to be the person in charge after the expiration date, for example, when the expiration date of the certificate of the person in charge approaches. In this case, the generated R
The data of the certificate management unit 113b is updated by the OLE, this ROLE is transmitted to the customer, and the corresponding ROLE of the customer is also updated.

With the above data format, a plurality of persons in charge can be specified according to the expiration date of the person in charge who plays a role in ROLE. Therefore, even if the person in charge changes or the certificate expires, the transaction can be performed. For the future, it becomes possible to continue commerce smoothly without being aware of this.

When the ROLE is transmitted and received between the trading companies, the electronic signature “SIG” by the ROLE sender is added after the program list in FIGS. 7 and 8 above.
Information of "NATURE" is described. This electronic signature proves that the ROLE was indeed transmitted from the business partner. For this reason, for example, when conducting a commercial transaction with a new company, it is necessary to determine beforehand an agreement for the inspection of the electronic signature with respect to the person in charge of transmitting and receiving the ROLE.

Next, operations for various processes in the electronic document processing apparatus 110 will be described. First, the operation associated with the generation of ROLE will be described. ROLE is generated, for example, when a new commercial transaction occurs. This RO
The LE generation process is mainly executed by the ROLE management unit 112. In ROLE, for one commercial transaction, there is a ROLE for the role of the company, which is the transaction source, and a ROLE for the role of the customer.

ROLE for the role on the company side is executed according to the operation on the electronic document processing apparatus 110 by the system administrator. In addition to inputting the information described in ROLE, the system administrator may also input information regarding the content of the corresponding certificate. On the other hand, the ROLE for the role of the supplier side is generated in the electronic document processing device 120 or 130 of the supplier company and transmitted via the network 140. Electronic document processing device 11
0 automatically transmits the transmitted ROLE to the ROLE management unit 1
12, and the corresponding certificate is acquired from the supplier and stored in the certificate management unit 113b.

In the following description, as an example, company A
A case will be described in which the electronic document is transmitted and received to and from the company B. FIG. 9 is a flowchart showing the processing in the ROLE management unit 112 when generating a ROLE for the role of the company.

At the start of the flowchart of FIG. 9,
The electronic document processing apparatus 110 has a system administrator R
A request to create or update an OLE is made, and in response to this,
The ROLE management unit 112 is activated. Step S901
At, the system administrator inputs the user ID and password, and the login check is performed for them. If this login check is successful, the system administrator can perform the ROLE creation work.

At step S902, the system administrator inputs the role in the commercial transaction.
Create a new ROLE. In step S903, the system administrator inputs the ROLEPERSON information and holds this input information.

At step S904, ROLEPE
Based on the name of the person in charge input as the RSON information, the security management unit 113 is requested to inspect whether or not a certificate corresponding to this person exists. In response to this request, the security management unit 113 causes the certificate management unit 113b to search for a corresponding certificate based on the given name of the person in charge, and returns the search result to the ROLE management unit 11
Notify 2. At this time, if the corresponding certificate is present, its URI and validity period are also set in the ROLE management unit 11.
Notify 2 at the same time.

In step S905, upon receipt of the notification from the security management unit 113, it is determined whether or not the corresponding certificate already exists. If it does not exist, the process proceeds to step S906, and if it exists, the process proceeds to step S907. . In step S906, the security management unit 113 is requested to generate a certificate for the new person in charge. In the security management unit 113, when a new certificate is generated, this certificate is published U
The validity period of the RI and the certificate is notified to the ROLE management unit 112. The certificate generation process in the security management unit 113 will be described with reference to FIG.

In step S907, the URI and the validity period information for the certificate of the new person in charge, which is notified from the security management unit 113, is received, and the CERTIFICATE information in the new ROLE is set based on these. In step S908, a user ID and password for browsing the new ROLE is generated.
This user ID and password are transmitted to the person in charge described in the new ROLE by e-mail or the like.

In step S909, the new ROLE set by the above processing is transferred to the HDD 110c or the like.
Store and register in ML format. If a ROLE describing the same role is already stored, new data is added to update the content. In step S910, the transmission management unit 114 is requested to notify the supplier that the ROLE has been added or changed, and the data in the new ROLE is transmitted to the transmission management unit 114.
Send to.

Next, by the processing of step S906 of FIG. 9, the security management unit 1 requested to generate the certificate.
13 and the processing in the certificate management unit 113b will be described. FIG. 10 is a flowchart showing a certificate generation process in the security management unit 113.

In step S1001, the security management unit 113 receives the certificate generation request from the ROLE management unit 112. In step S1002, the certificate management unit 113b is caused to generate a new certificate based on the name of the person in charge described in the new ROLE.

In step S1003, the system administrator inputs each data described in the certificate and holds these data. Here, as the information to be described in the certificate, in addition to the name and company name of the person to be certified, an ID and password for generation and inspection / approval of a digital signature, or for generation / inspection approval of a digital signature Each encryption key (eg, private key, public key), encryption key for encryption and decryption (eg, public key, private key), and certificate validity period (start date, end date) Information is entered.

In step S1004, the above information is supplied to the certificate management unit 113b and stored in the certificate, and a new certificate is stored and registered. Step S
In 1005, the certificate management unit 113b causes the network server 1 to publish the URI of this certificate in association with the home page in accordance with the registration of the new certificate.
Ask 15. In step S1006, the information of the registered new certificate URI and validity period is set to RO.
Notify the LE management unit 112.

Regarding the certificate of the person in charge on the company side, of the encryption keys for electronic signature and encryption, only the public key is disclosed to the outside through the network 140 by the home page.

Next, by the processing of step S910 in FIG. 9, the transmission management unit 11 requested to notify the change of ROLE.
The processing in 4 will be described. FIG. 11 is a flowchart showing the ROLE change notification process in the transmission management unit 114.

In step S1101, the transmission management unit 114 receives the request for the ROLE change notification from the ROLE management unit 112. In step S1102, the registered ROLE is registered by the ROLE management unit 112.
Receive newly set data from inside. In the case of a newly created ROLE, all its data is received.

In step S1103, the received new data is converted into the predetermined XML format data. In step S1104, a digital signature (SIGNATURE) for proving that it is a ROLE transmitted from a business partner is added to the converted XML data. At this time, for example, the security management unit 113 is requested to inspect whether or not the electronic signature is of a person responsible for transmitting and receiving the ROLE, such as a system administrator who created the ROLE.

In step S1105, the mail address of the notification destination is acquired from the destination list, and this mail address is designated. This e-mail address is stored in advance in the destination list as, for example, the e-mail address of the system administrator for the electronic document processing apparatus 120 of the company B as a business partner, or the e-mail address dedicated to ROLE updating in the electronic document processing apparatus 120. ing.
If the customer is a new company, the system administrator inputs the mail address.

In step S 1106, the XML document notifying the change of ROLE is sent as an electronic mail to the SMTP server included in the network server 115, and sent via the network 140.

By the processing shown in FIG. 9, FIG. 10 and FIG. 11 described above, when a new role is generated for the role of the company or when the role is changed, this role is automatically Is notified to the electronic document processing device 120. Therefore, irrespective of the actual transmission / reception of the electronic document, when the ROLE is changed, the contents of the change are surely transmitted to the business partner, and the commercial transaction can be smoothly performed.

When the validity period of the certificate corresponding to the ROLE sent to the customer is within a certain time, the electronic document processing apparatus 110 sends a new certificate to the customer. The described ROLE is automatically transmitted to the business partner. In the processing in this case, the expiration date of the certificate is monitored by the document processing management unit 111, and when the expiration date is within a certain time, the ROLE management unit 1
The ROLE in which the new effective period is described is acquired from 12, and the transmission management unit 114 is requested to transmit this. At this time, if a new ROLE is not stored in the ROLE management unit 112, an e-mail is sent to the transmission management unit 114 so that the current person in charge can register the new ROLE. Send it.

[0115] By such processing, the trading partner can always automatically update the ROLE and certificate of the trading partner it holds without expiring, and it is possible to smoothly continue the commercial transaction. .

Next, when a customer adds or changes ROLE, that ROLE is added to the network 140.
The processing when received through will be described. 12
9 is a flowchart showing processing in the document processing management unit 111 when ROLE is received.

The ROLE from the business partner is attached to the electronic mail, and the POP (Post O) of the network server 115 is attached.
ffice Protocol) server. This RO
A mail address for LE registration is defined in advance, and when the electronic document management unit 111 receives an electronic mail to this mail address, the document processing management unit 11
1 is activated, and the registration processing of the received ROLE is started.

In step S1201, the document processing management section 111 acquires an electronic mail from the POP server. In step S1202, the validity of the ROLE document format attached to the e-mail is checked. Here, it is checked whether or not the ROLE data transmitted in the XML format satisfies the predetermined DTD format as shown in FIG. 6, for example. In step S1203, based on the inspection result, if the predetermined document format is satisfied, the process proceeds to step S1204, and if not, the process proceeds to step S1209.

In step S1204, the electronic signature (SIGNATURE) added to the ROLE is checked,
Request the security management unit 113. This inspection prevents unauthorized registration of ROLE. In step S1205, the notification of the inspection result of the electronic signature is received, and if the ROLE is transmitted from the correct sender, the process proceeds to step S1206, and if not, the process proceeds to step S1209.

In step S1206, the ROLE management unit 112 is requested to register and update the ROLE. ROL
The E management unit 112 searches from the recorded ROLE whether or not the information described in the role is the same, and if there is not, it is registered as a new ROLE, and if there is, it is newly added. Add and update the information in the retrieved ROLE.

In step S1207, the received R
When the URI of the new certificate is described in the OLE, the network server 115 is requested to perform a process for acquiring the new certificate from this URI. The HTTP server of the network server 115 uses the specified URI.
Via the network 140 to download the information of the corresponding certificate. Of the information received at this time, only the public key is received as the encryption key for inspecting the electronic signature and performing the encryption process.

In step S1208, the security management unit 1 is configured to register the information of the acquired certificate.
Ask 13 In the security management unit 113, the certificate acquired by the certificate management unit 113b is registered.

In step S1203, the received R
If the OLE does not satisfy the predetermined document format, and if the inspection result of the electronic signature is incorrect in step S1205, the RO in step S1209.
A process of notifying an error to the sender of the LE is performed. This notification is transmitted from the transmission management unit 114 to the transmission source by electronic mail via the network server 115.

By the above processing, the ROLE and the certificate of the person in charge of the business partner can be held by the company side without synchronizing with the time of transmission / reception of the electronic document, and smooth transmission / reception of the electronic document can be achieved. Security processing can be canceled. In addition, even if personnel changes or organizational changes occur at the business partner, new ROLE and certificates associated with them are automatically registered on the company side, and the expiration date of the ROLE and certificate of the trading partner held is It is possible to smoothly continue the commercial transaction without being cut off.

Next, the processing for transmitting and receiving an electronic document will be described. When an electronic document for a predetermined commercial transaction is transmitted to a business partner, it is attached to an electronic mail and transmitted after security processing such as addition of the electronic document or encryption processing of the electronic document. The generation of the electronic document is performed by the execution of the document processing management unit 111, and the role name for specifying the ROLE at the transmission destination is described in the generated electronic document. Then, based on the security process execution request from the creator of this electronic document,
The security management unit 113 is requested to execute the requested security process.

FIG. 13 is a flow chart showing the processing in the document processing management unit 111 when adding a digital signature to an electronic document. In step S1301,
In order to acquire the ROLE corresponding to the creator of the generated electronic document, the user logs in to the ROLE management unit 112. When logging in, the user I
The following processing is started by inputting D and the password.

In step S1302, the relevant ROLE retrieved by the ROLE management unit 112 is acquired. In step S1303, the acquired ROLE
Get the URI or certificate name of the certificate described in. In step S1304, the U of the acquired certificate
The RI or the certificate name and the electronic document are transmitted to the security management unit 113 to request the generation of the electronic signature.

In response to the electronic signature generation request, the security management unit 113 first acquires the information of the corresponding certificate from the certificate management unit 113b based on the received URI or certificate name. Next, the ID and password for generating the electronic signature are passed to the signature management unit 113a from the information of this certificate, and the electronic signature is generated. When the digital signature is generated using the encryption key, the private key of the electronic document creator is acquired from the certificate, and the signature management unit 113
In a, after the HASH data of the electronic document is generated, this HASH data is encrypted based on the secret key to generate the electronic signature data.

In step S1305, the generated electronic signature and electronic document are matched with a predetermined XML format.
In step S1306, the electronic document added with the electronic signature is stored in the file.

In step S1307, the generated file is attached to the electronic mail and then the transmission management unit 114 is requested to transmit it to the business partner. Transmission management unit 114
Acquires the name of the person in charge who is valid at this time from the information of the customer's ROLE. Then, the mail address of this person in charge is specified from the destination list, assigned to the destination address of the received electronic mail, transferred to the SMTP server of the network server 115,
It is transmitted to the electronic document processing device 120. Here, since the transmission address of the electronic mail is specified by the name of the person in charge described in the ROLE, the electronic document is surely transmitted to the effective person at the time of transmission.

On the other hand, when the generated electronic document is encrypted and transmitted, the document processing management unit 111 acquires the ROLE of the customer from the ROLE management unit 112, and acquires this ROL.
Obtain the certificate name of the current person in charge from E. Next, the electronic document and the certificate name are passed to the security management unit 113 to request the encryption processing. Security management unit 11
In response to the request for encryption, 3 receives information on the corresponding certificate from the certificate management unit 113b based on the passed certificate name. Next, the public key of the person in charge of the business partner is acquired from the information of this certificate, and the electronic document is encrypted using this public key. The document processing management unit 111 attaches the encrypted electronic document to the electronic mail, and then requests the transmission management unit 114 to send the electronic document to the customer.

Through the above processing, the electronic document processing apparatus 1
At 10, security processing is performed using the correct ROLE corresponding to the commercial transaction and the certificate of the person in charge, and the electronic document is transmitted. Therefore, the business partner who receives this electronic document can smoothly cancel the applied security processing and acquire the content of the electronic document.

Next, the process when an electronic document is received from a supplier will be described. Electronic documents from suppliers are
It is received by the POP server of the network server 115. When the person in charge of commercial transaction in the company receives the e-mail to which the electronic document is attached, the person in charge of the business transaction requests the document processing management unit 111 to inspect the security processing. At this time, the ID and password for acquiring the ROLE for the person in charge of the business partner or himself are passed to the document processing management unit 111. When the e-mail addressed to the person in charge is received, the document processing management unit 1
11 may be activated and the inspection of the security processing may be automatically started.

Here, FIG. 14 is a flowchart showing the processing in the document processing management section 111 when inspecting the electronic signature added to the electronic document. Step S1401
At, the electronic document is received from the mail software of the person who received the electronic document or the POP server of the network server 115. In step S1402, the role name of the corresponding ROLE described in the electronic document is extracted. When the electronic signature is added to the electronic document, this ROLE is the ROLE for the person in charge of the business partner. At this time, for example, information on the company name of the customer and the date when the electronic signature was made is also taken out at the same time.

In step S1403, the ROLE management unit 112 is logged in to acquire the corresponding ROLE. The document processing management unit 111 uses the ID and password of the person in charge who received the electronic document, and the ROLE management unit 11
2 Log in to the role name extracted from the electronic document
It is delivered to the LE management unit 112. ROLE management unit 112
Searches for a ROLE having the received role name and delivers it to the document processing management unit 111.

In step S1404, the acquired R
From the OLE, the certificate name for the person who is valid on the signing date of the electronic signature is retrieved. In step S1405, the certificate name and the electronic signature are delivered to the security management unit 113, and the inspection of the electronic signature is requested. The processing in the security management unit 113 at this time will be described with reference to FIG.

In step S1406, the document processing management unit 111 receives a notification of the inspection result for the electronic signature from the security management unit 113, and notifies the recipient of the electronic document of the inspection result. The inspection result at this time is that the electronic signature is certainly signed by the person in charge of the business partner and that the contents of the document have not been tampered with. There may be cases where it has expired and cannot be inspected, or where the electronic document has been tampered with.

Next, FIG. 15 shows step S14 of FIG.
15 is a flowchart showing an electronic signature inspection process in the security management unit 113 when an electronic signature inspection is requested in 05.

In step S1501, an inspection request for an electronic signature is received from the document processing management section 111. At this time, the certificate name is received together with the electronic signature. Further, the received electronic document itself may be received. In step S1502, the certificate management unit 113b is searched for a certificate corresponding to the certificate name, and the certificate is acquired. The certificate acquired at this time belongs to the person in charge of the business partner.
In step S1503, the expiration date of the acquired certificate is checked, and if not expired, step S1504.
If it is expired, the process proceeds to step S1506.

In step S1504, the acquired certificate information is passed to the signature management unit 113a together with the electronic signature, and the electronic signature is inspected. Here, the signature management unit 11
3a inspects the electronic signature using, for example, the ID and password for the electronic signature described in the certificate. Alternatively, using the public key of the trading partner described in the certificate, the electronic signature is decrypted and the electronic document itself is
The HASH data is converted into SH data and the composite electronic signature is collated with the HASH data to perform the inspection.

In step S1505, the document processing management unit 111 is notified of the inspection result for the electronic signature. On the other hand, in step S1506, a process of reacquiring the certificate of the corresponding person in charge from the supplier is performed. The security management unit 113 passes the URI of the corresponding certificate to the HTTP server of the network server 115, and
Have the RI access and download the certificate. In step S1507, the expiration date of the reacquired certificate is checked, and if not expired, step S1504.
Proceed to step 2 to have the electronic signature checked using this certificate. If it has expired again, step S15.
Go to 08. In step S1508, the document processing management unit 111 is notified that the certificate of the person in charge of the supplier has expired and the electronic signature cannot be inspected.

If the received electronic document is encrypted, steps S1401 to S1404 in FIG.
Similar to the processing of step 1, the ROLE corresponding to the role described in the electronic document is acquired, and the certificate name is extracted. The ROLE acquired at this time is normally that of the company that received the electronic document. Then, the certificate name and the electronic document are passed to the security management unit 113 to request decryption.

The security management section 113 decrypts the electronic document based on the corresponding certificate. At this time, for example, the private key of the recipient of the electronic document is extracted from the certificate,
Decoding is performed using this. If the acquired certificate has expired, the recipient or system administrator is notified that the certificate has expired.

Through the above processing, the security processing performed on the received electronic document is inspected. Between companies that conduct business transactions, R is usually used before sending and receiving electronic documents.
Since the OLE is shared and the certificate is obtained, the security process is normally canceled by referring to the ROLE corresponding to the role when the electronic document is received. Therefore, the electronic document can be transmitted and received smoothly without being aware of the change of the person in charge at the business partner. In addition, if the latest certificate has not been acquired in advance, this certificate is automatically re-acquired, so that an efficient commercial transaction can be performed.

As described above, in the electronic document processing apparatus 110, the role in the commercial transaction is associated with the person in charge of the commercial transaction and the whereabouts of the certificate by ROLE, and this information is shared and managed by the business partner so that the person in charge can manage the information. The changes can be recognized by each other and the whereabouts of the certificate can be revealed. Also, ROLE and certificates are managed not only on the company side but also on the other party's side, and addition and updating of ROLE are performed asynchronously with the actual transmission and reception of electronic documents. When identifying or obtaining a certificate,
Inconvenience due to performance such as communication speed of the network 140 does not occur. In addition, since it is possible to inspect electronic documents and certificates in the company's own device at the time of an audit or the like, it is possible to independently perform the work in the company without depending on an external device.

Further, since the system has a mechanism for automatically obtaining the ROLE and the certificate of the customer, it is possible to keep the latest information on the person in charge who plays the role and the information on the certificate. . As a result, the effective person in charge of the transaction partner can always be grasped, the electronic document is extremely unlikely to be sent to the wrong partner, and the security process can be released smoothly.

The processing functions of the electronic document processing apparatus 110 described above can be realized by a computer as described above. In that case, the electronic document processing apparatus 1
A program in which the processing content of the function that 10 should have is described is provided, and the processing function is realized on the computer by executing the program on the computer. The program describing the processing content can be recorded in a computer-readable recording medium.
Computer-readable recording media include magnetic recording devices, optical disks, magneto-optical recording media, semiconductor memories, and the like. The magnetic recording device includes an HDD, an FD (flexible disk), a magnetic tape, and the like. Optical discs include DVD (Digital Versatile Disk) and DVD-RA
M (Random Access Memory), CD-ROM (Compact Disk)
Read Only Memory), CD-R (Recordable) / RW (ReW
ritable) etc. MO (Magneto Magnet)
to-Optical disk).

In order to put the program into the market, for example, a DVD or a CD-ROM in which the program is recorded
Portable recording media such as. It is also possible to store the program in the storage device of the server computer and transfer the program from the server computer to another computer via the network.

The computer which executes the program stores, for example, the program recorded in the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. In addition, the computer can also sequentially execute processing according to the received program each time the program is transferred from the server computer.

(Supplementary Note 1) Role information indicating a role as a window in a predetermined commercial transaction, which is an electronic document transmitting program for causing a computer to execute a process of transmitting an electronic document for electronic commercial transaction through a network, Person information for identifying the person to be fulfilled, validity period for the identified person, and a certificate certifying the relationship between the electronic document to be transmitted and the identified person who is the sender or receiver of the electronic document. Corresponding to the management information and the management information about the sender or the receiver of the electronic document to be stored, which stores the management information for managing the certificate information associated with the related certificate information. Based on the contents of one or more of the certificates, a security process for ensuring the security of the electronic document is applied to the electronic document. An electronic document transmission program for causing a computer to execute a process of transmitting a document.

(Supplementary Note 2) In the management information, it is possible to associate a plurality of the person-in-charge information and the certificate information with the role information according to the validity period. Electronic document transmission program.

(Supplementary Note 3) When transmitting the electronic document,
2. The electronic document transmission program according to appendix 1, wherein an electronic signature is added to the electronic document based on the content of the certificate corresponding to the sender of the electronic document and the electronic document is transmitted.

(Supplementary Note 4) When transmitting the electronic document,
The electronic document transmission program according to appendix 1, wherein the electronic document is encrypted and transmitted based on the content of the certificate corresponding to the recipient of the electronic document.

(Supplementary Note 5) When the person in charge of the transaction source in the predetermined commercial transaction is changed or added, the new management information about the person in charge of the transaction source is created and stored, and The electronic document transmitting program according to appendix 1, which is automatically transmitted to a person in charge.

(Supplementary Note 6) Regarding the certificate corresponding to the management information transmitted to the supplier, when the certain time has passed before the expiration date and time, the new management for the supplier is performed. The electronic document transmission program according to attachment 5, wherein the information is automatically transmitted.

(Supplementary Note 7) When the person in charge of the customer in the predetermined commercial transaction is changed or added, the new management information about the person in charge of the customer is received and automatically stored. An electronic document transmission program according to appendix 1, characterized in that.

(Supplementary Note 8) The URI in which the certificate is disclosed is described in the certificate information, and when the management information is stored, the described URI is accessed by accessing the described URI. An electronic document transmission program according to appendix 7, characterized in that the document is acquired.

(Supplementary Note 9) Role information indicating a role of a window in a predetermined commercial transaction, which is an electronic document receiving program for causing a computer to execute a process of receiving an electronic document for electronic commercial transaction through a network, and the above-mentioned role. Person information identifying the person to be fulfilled, validity period for the identified person in question, and a certificate certifying the relationship between the electronic document to be received and the identified person in charge of the sender or the recipient. When the electronic document that has been subjected to the security processing is received by storing the management information for sharing and managing the certificate information relating to the supplier and the supplier, the sender or the receiver of the electronic document Inspecting the security process based on the management information and the contents of one or more certificates corresponding to the management information An electronic document receiving program, which causes the computer to execute a process.

(Supplementary Note 10) In the management information, it is possible to associate a plurality of the person-in-charge information and the certificate information with the role information according to the validity period. Electronic document receiving program.

(Supplementary Note 11) As the security processing, when the electronic signature received by the sender is attached to the received electronic document, the electronic signature is inspected based on the content of the certificate corresponding to the sender. The electronic document receiving program according to appendix 9, characterized in that.

(Supplementary Note 12) As the security processing, when the received electronic document is encrypted,
10. The electronic document receiving program according to appendix 9, which is decrypted based on the content of the certificate corresponding to the recipient of the electronic document.

(Supplementary Note 13) When the person in charge of the transaction source in the predetermined commercial transaction is changed or added, the new management information about the person in charge of the transaction source is created and stored, and is also stored in the supplier. The electronic document receiving program according to appendix 9, which is automatically transmitted to the electronic document receiving program.

(Supplementary Note 14) Regarding the certificate corresponding to the management information transmitted to the supplier, when the expiration date and time has reached a certain time, the new management for the supplier is added. 14. The electronic document receiving program as set forth in appendix 13, wherein the information is automatically transmitted.

(Supplementary Note 15) When the person in charge of the customer in the predetermined commercial transaction is changed or added, the new management information about the person in charge of the customer is received and automatically stored. An electronic document receiving program according to appendix 9, characterized by:

(Supplementary Note 16) The URI in which the certificate is disclosed is described in the certificate information, and when the management information is stored, the corresponding URI is accessed by accessing the described URI. An electronic document receiving program according to appendix 15, characterized in that the document is acquired.

(Supplementary Note 17) An electronic document transmitting method for transmitting an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role are specified. Contact information, validity period for the identified contact, and
Management information for associating and managing certificate information relating to a certificate that certifies the relationship between the electronic document to be transmitted and the identified person in charge who is the sender or the receiver and is shared by the business partner and the business partner Storing and transmitting the management information about the sender or recipient of the electronic document to be transmitted,
Electronic document transmission, wherein security processing for ensuring the security of the electronic document is performed based on the contents of one or more certificates corresponding to the management information, and the electronic document is transmitted. Method.

(Supplementary Note 18) An electronic document receiving method for receiving an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role are specified. Contact information, validity period for the identified contact, and
Management information for associating certificate information relating to a certificate that certifies the relationship between the electronic document to be received and the identified person in charge who is the sender or the recipient and is shared by the business partner and the business partner When the electronic document that has undergone security processing is received, the management information about the sender or the recipient of the electronic document and the contents of one or more certificates corresponding to the management information are stored. An electronic document receiving method, characterized in that the security processing is inspected based on the above.

(Supplementary Note 19) An electronic document transmitting device for transmitting an electronic document for electronic commerce through a network, which specifies role information indicating a role of a window in a predetermined commercial transaction and a person in charge of performing the aforementioned role. Contact information, validity period for the identified contact, and
Management information for associating and managing certificate information relating to a certificate that certifies the relationship between the electronic document to be transmitted and the identified person in charge who is the sender or the receiver and is shared by the business partner and the business partner Based on the management information storage means for storing the management information, the management information about the sender or the recipient of the electronic document to be transmitted, and the contents of one or more certificates corresponding to the management information. And a security processing unit that performs processing for ensuring the security of the electronic document transmitting apparatus.

(Supplementary Note 20) An electronic document receiving device for receiving an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role are specified. Contact information, validity period for the identified contact, and
Management information for associating certificate information relating to a certificate that certifies the relationship between the electronic document to be received and the identified person in charge who is the sender or the recipient and is shared by the business partner and the business partner And a management information storage unit that stores the security information, and the management information about the sender or the recipient of the electronic document when receiving the security-treated electronic document, and one or more proofs corresponding to the management information. An electronic document receiving device, comprising: a security inspection unit that inspects the security processing based on the content of the document.

(Supplementary Note 21) Role information indicating a role of a contact point in a predetermined commercial transaction, which is a computer-readable recording medium recording an electronic document transmission program for transmitting an electronic document for electronic commercial transaction through a network. Person information for identifying the person who plays the role, a validity period for the identified person, and
Management information for associating and managing certificate information relating to a certificate that certifies the relationship between the electronic document to be transmitted and the identified person in charge who is the sender or the receiver and is shared by the business partner and the business partner Storing and transmitting the management information about the sender or recipient of the electronic document to be transmitted,
Performing a process for ensuring the security of the electronic document and transmitting the electronic document based on the contents of one or more certificates corresponding to the management information, causing the computer to execute the process A recording medium having an electronic document transmission program recorded therein.

(Supplementary Note 22) Role information indicating a role as a window in a predetermined commercial transaction, which is a computer-readable recording medium recording an electronic document receiving program for receiving an electronic document for electronic commercial transaction through a network. Person information for identifying the person who plays the role, a validity period for the identified person, and
Management information for associating certificate information relating to a certificate that certifies the relationship between the electronic document to be received and the identified person in charge who is the sender or the recipient and is shared by the business partner and the business partner When the electronic document that has undergone security processing is received, the management information about the sender or the recipient of the electronic document and the contents of one or more certificates corresponding to the management information are stored. A recording medium having an electronic document receiving program recorded therein, which causes the computer to execute a process for checking the security process.

[0172]

As described above, in the electronic document transmission program of the present invention, the management information provides the role information in a predetermined commercial transaction, the person in charge thereof, the validity period, and the certificate information of the person in charge as the transaction partner. It is shared and managed by the transaction source. Therefore, even when one person in charge of each commercial transaction is changed, the other person in charge can surely obtain the necessary certificate, and the commercial transaction can be smoothly continued.

Further, in the electronic document receiving program of the present invention, the role information in a predetermined commercial transaction, the person in charge of it, the effective period, and the certificate information of the person in charge are shared by the business partner and the business partner by the management information. Managed. Therefore, even if one person in charge of each commercial transaction is changed,
The person in charge on the other side can surely obtain the required certificate, and the commerce can be continued smoothly.

Furthermore, in the electronic document transmitting method of the present invention,
By the management information, the role information in a predetermined commercial transaction, the person in charge of it, the effective period, and the certificate information of the person in charge,
It is shared and managed by the business partner and the business partner. Therefore, even when one person in charge of each commercial transaction is changed, the other person in charge can surely obtain the necessary certificate, and the commercial transaction can be smoothly continued.

Further, in the electronic document receiving method of the present invention, the management information allows the business partner and the business partner to share the role information in a predetermined commercial transaction, the person in charge thereof, the validity period, and the certificate information of the person in charge. Managed. Therefore,
Even if one person in charge of each commercial transaction is changed, the other person in charge can surely obtain the required certificate, and the commercial transaction can be smoothly continued.

Further, in the electronic document transmitting apparatus of the present invention, the management information storage means allows the role information in a predetermined commercial transaction, the person in charge thereof, the valid period, and the certificate information of the person in charge to be processed by the business partner and the business partner. It is shared and managed as management information. Therefore, even when one person in charge of each commercial transaction is changed, the other person in charge can surely obtain the necessary certificate, and the commercial transaction can be smoothly continued.

Further, in the electronic document receiving apparatus of the present invention, the management information storage means allows the role information in a predetermined commercial transaction, the person in charge thereof, the valid period, and the certificate information of the person in charge to be processed by the business partner and the business partner. It is shared and managed as management information. Therefore, even when one person in charge of each commercial transaction is changed, the other person in charge can surely obtain the necessary certificate, and the commercial transaction can be smoothly continued.

[Brief description of drawings]

FIG. 1 is a principle configuration diagram for explaining the principle of the present invention.

FIG. 2 is a diagram showing a configuration example of an electronic document transmission / reception system to which this embodiment is applied.

FIG. 3 is a diagram showing a hardware configuration example of an electronic document processing device used in the embodiment of the present invention.

FIG. 4 is a block diagram illustrating a functional configuration example of an electronic document processing device.

FIG. 5 is a diagram conceptually showing a data structure of ROLE.

FIG. 6 is a diagram showing an example of a DTD program list that defines the data structure shown in FIG.

7 is a diagram showing an example of a program list in XML format for ROLE including the information shown in FIG.

FIG. 8 is a diagram showing an example of a ROLE program list when a certificate expires on a certain date.

FIG. 9 is a flowchart showing the processing in the ROLE management unit when generating a ROLE for the role of the company.

FIG. 10 is a flowchart showing a certificate generation process in the security management unit.

FIG. 11 is a flowchart showing a ROLE change notification process in the transmission management unit.

FIG. 12 is a flowchart showing processing in the document processing management unit when ROLE is received.

FIG. 13 is a flowchart showing processing in a document processing management unit when adding a digital signature to an electronic document.

FIG. 14 is a flowchart showing processing in a document processing management unit when inspecting an electronic signature added to an electronic document.

FIG. 15 is a flowchart showing a digital signature inspection process in the security management unit.

[Explanation of symbols]

1 Electronic document transmitter 2 Electronic document receiver 3 network 11 electronic documents 12 Management information 12a Role information 12b Personnel information 12c Validity period 12d Certificate information 13 certificate

─────────────────────────────────────────────────── ─── Continued Front Page (51) Int.Cl. ⁷ Identification Code FI Theme Coat (Reference) G09C 1/00 640 G09C 1/00 640Z

Claims (10)

[Claims] 1. An electronic document transmission program for causing a computer to execute a process of transmitting an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person in charge of the role. Person information identifying a person, a validity period for the identified person, and a certificate regarding a certificate certifying the relationship between the electronic document to be transmitted and the identified person who is the sender or the receiver. The management information for associating the document information, storing the management information for sharing and managing with the business partner and the business partner, and the management information about the sender or the recipient of the electronic document to be transmitted, and one corresponding to the management information Based on the contents of the above certificate, security processing for ensuring the security of the electronic document is performed and the electronic document is transmitted. That the electronic document transmission program characterized by executing the process to the computer. 2. The electronic device according to claim 1, wherein the management information can associate a plurality of the person-in-charge information and the certificate information with the role information according to the validity period. Document sending program. 3. When the person in charge of the transaction source in the predetermined commercial transaction is changed or added, the management information of the person in charge of the transaction source is newly created and stored, and the person in charge of the transaction partner is also stored. The electronic document transmission program according to claim 1, wherein the electronic document transmission program automatically transmits the electronic document. 4. An electronic document receiving program for causing a computer to execute a process of receiving an electronic document for electronic commerce through a network, the role information indicating a role of a window in a predetermined commercial transaction, and a person in charge of the role. Person information identifying a person, a validity period for the identified person, and a certificate for certifying a relationship between the electronic document to be received and the identified person who is the sender or the recipient. Management information for associating the document information with each other, storing the management information for sharing and managing it between the business partner and the business partner, and receiving the security-treated electronic document, the management of the sender or the recipient of the electronic document Inspecting the security processing based on the information and the contents of the one or more certificates corresponding to the management information. An electronic document receiving program, which causes a computer to execute a process. 5. The electronic device according to claim 4, wherein in the management information, it is possible to associate a plurality of the person-in-charge information and the certificate information with the role information according to the validity period. Document receiving program. 6. When the person in charge of the transaction source in the predetermined commercial transaction is changed or added, the new management information about the person in charge of the transaction source is created and stored, and the management information is sent to the customer. The electronic document receiving program according to claim 4, which is automatically transmitted. 7. An electronic document transmitting method for transmitting an electronic document for electronic commerce through a network, comprising role information indicating a role of a window in a predetermined commercial transaction, and a person who specifies a person in charge of the role. Transactions are made by associating information, a validity period for the identified person in charge, and certificate information relating to a certificate certifying the relationship between the electronic document to be transmitted and the person in charge identified as the sender or the receiver. The management information for storing and managing the management information shared by the destination and the transaction source, and the management information about the sender or the recipient of the electronic document to be transmitted and one or more of the certificates corresponding to the management information. A method of transmitting an electronic document, characterized by performing security processing for ensuring the security of the electronic document based on the contents and transmitting the electronic document. . 8. An electronic document receiving method for receiving an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person in charge who specifies a person in charge of the role. Transactions by associating information, a validity period for the identified person in charge, and certificate information relating to a certificate certifying the relationship between the electronic document to be received and the person in charge identified as the sender or the recipient. When the electronic document that has been stored with the management information shared and managed by the destination and the transaction source is subjected to the security processing, the management information about the sender or the recipient of the electronic document and the management information The electronic document receiving method is characterized in that the security processing is inspected based on the contents of one or more certificates corresponding to. 9. An electronic document transmitting device for transmitting an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person in charge who specifies a person in charge of the role. Transactions are made by associating information, a validity period for the identified person in charge, and certificate information relating to a certificate certifying the relationship between the electronic document to be transmitted and the person in charge identified as the sender or the receiver. Management information storage means for storing management information to be shared and managed by destination and transaction source, the management information about the sender or the recipient of the electronic document to be transmitted, and one or more corresponding to the management information Security processing means for performing processing for ensuring the security of the electronic document based on the contents of the certificate of Electronic document transmission device. 10. An electronic document receiving device for receiving an electronic document for electronic commerce through a network, wherein role information indicating a role of a window in a predetermined commercial transaction and a person who specifies a person in charge of the role. Transactions by associating information, a validity period for the identified person in charge, and certificate information relating to a certificate certifying the relationship between the electronic document to be received and the person in charge identified as the sender or the recipient. Management information storage means for storing management information to be shared and managed by the recipient and the transaction source, and the management information on the sender or the recipient of the electronic document when the electronic document subjected to security processing is received. And a security inspector for inspecting the security process based on the contents of one or more certificates corresponding to the management information. When, the electronic document receiving apparatus characterized by having a.