JP2003333038A - Electronic verification device, electronic verifying method, and program for executing the same method by computer - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve the efficiency of a process of verifying the existence and the completeness of an electronic document, and reduce the memory capacity. <P>SOLUTION: The electronic verifier 100 comprises a hash value calculator 104 for generating a hash value from a specified electronic document; an access- permitted area 111 for storing the electronic document; an access-limited area 112 for the hash value of the electronic document; a postscript processor 102 for generating the latest hash value from the electronic document with postscript information to update the hash value in the access-limited area 112 and the electronic document in the access-permitted area 111, each time the postscript information is attached to the electronic document; and a verifying unit 106 for verifying the existence of falsification of the electronic document in the access-permitted area 111, based on a verifying hash value generated from the electronic document in the access-permitted area 111 and the latest has value in the access-limited area 112. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic verification apparatus for verifying the existence and completeness of an electronic document, such as an approval document or a medical record, for which additional writing, approval and confirmation processing is sequentially performed from an original electronic document. , An electronic verification method and a program for causing a computer to execute the method.

[0002]

2. Description of the Related Art In recent years, regarding an electronic document (hereinafter referred to as "electronic document"), the electronic document has existed (existence) at a certain point in time, and the electronic document has not been tampered with. Technology has been developed to prove that (integrity). In particular, approval documents and medical records (diagnosis records)
For example, an electronic document that is stored for a certain period of time after the final approval or confirmation process has been added to the original electronic document, with the addition that the contents will be sequentially added and changed later. Existence and integrity verification techniques have been developed. As a method for verifying the existence and completeness of an electronic document to which such additional writing is added,
The time stamp method and the hysteresis signature method are conventionally known.

The time stamp method is a method in which a user obtains a time stamp for an electronic document from a time stamp server on the network and saves the time stamp every time the user performs generation, additional writing, and approval / confirmation processing of the electronic document. The stamp verifies the user who generated, added, and approved / confirmed the electronic document and the time.

In the hysteresis signature system, an electronic signature is given to the electronic document every time the user performs the electronic document generation, additional writing, and approval / confirmation processing, and the electronic signature for each processing is changed over time. The recorded signature history is saved, and the user and the time when the electronic document is generated, added, and approved / confirmed are verified by the signature history.

As described above, in the conventional method, each time the user makes, adds, and makes an approval / decision of an electronic document, a time stamp or signature is acquired, and the electronic stamp is added using the history of the time stamp or signature. Verifies the existence and completeness of the document.

[0006]

However, the conventional time stamp method and hysteresis signature method as described above have the following problems. First, in the case of the time stamp method, the step of obtaining the time stamp from the last writer or the authorizer / confirmer and the verification of the electronic document are performed before the user makes an addition, approval or confirmation process to the electronic document. It is necessary to perform a two-step process of steps. Further, in the case of the time stamp method, it is necessary to acquire the time stamp at that point from a time stamp server or the like via the network for each of the additional writing, the approval / confirmation processing. As described above, the time stamp method has a problem that the efficiency of verification processing of the existence and integrity of an electronic document is deteriorated. In addition, in the time stamp method, it is necessary to acquire a time stamp and save the acquired time stamp for each stage every time an electronic document is created, added, and approved / confirmed. There is a problem that the capacity of the storage device for storing the acquired time stamps increases by the number of times and the number of times of approval / decision.

Also, the hysteresis signature system, like the time stamp system, needs to be subjected to a two-step process of obtaining an electronic signature from the last writer or authorizer / confirmer and verifying the electronic document. Therefore, there is a problem that the efficiency of the verification process of the existence and completeness of the electronic document is deteriorated. Further, even in the case of the hysteresis signature method, since the signature history must be generated and saved by the electronic signature every time an electronic document is created, added, and approved / confirmed, the capacity of the storage device for saving the signature history. There is a problem that is increased. In particular, in the case of electronic documents such as approval documents and medical records that are subject to multiple additions and multiple approval / confirmation processes, the amount of data to be stored increases significantly, which seriously reduces the storage capacity. It becomes a problem.

The present invention has been made in view of the above, and it is possible to improve the efficiency of the processing for verifying the existence and completeness of an electronic document and reduce the storage capacity. It is an object to obtain a verification method and a program capable of causing a computer to execute the method.

[0009]

In order to achieve the above-mentioned object, the invention according to claim 1 specifies in an electronic verification device for verifying whether or not there has been tampering with an electronic document in which additional information is added to the original electronic document. Certifier generating means for generating a certifier information for the designated electronic document by performing a data compression encryption process on the generated electronic document, and certifier information generated corresponding to the electronic document and the electronic document And a storage means for storing the electronic document, and each time the electronic document is added with additional information, the electronic document with the additional information is designated to generate new authenticator information by the authenticator generating means, Write-once processing means for updating the authenticator information and the electronic document stored in the means with an electronic document to which the new authenticator information and the additional-write information are attached; and an electronic document stored in the storage means. The verification authenticator information is generated by the authenticator generating means, and is stored in the storage means based on the authenticator information and the verification authenticator information stored in the storage means. And a verification means for verifying whether or not the electronic document has been tampered with.

According to the first aspect of the present invention, each time the additional writing processing means adds the additional writing information to the electronic document, the electronic document to which the additional writing information is added is designated and the authenticator generating means performs new authentication. The child information is generated, the authenticator information and the electronic document stored in the storage means are updated by the electronic document to which the new authenticator information and the additional write information are added, and the verification means stores the child information in the storage means. By specifying the electronic document, the authenticator generating means generates verification authenticator information, and based on the authenticator information stored in the storage means and the verification authenticator information, the electronic document stored in the storage means is stored. By verifying the presence or absence of tampering, the authenticator information generated is updated and the previous authenticator information does not remain even if the electronic document is additionally written many times, so that the storage capacity can be reduced.

According to the first aspect of the invention, since verification can be performed if the authenticator information stored in the storage means exists, verification information such as a time stamp is separately added every time additional recording is performed. The acquisition process is unnecessary, and the processing efficiency of verifying the existence and integrity of the electronic document can be improved.

The postscript information in the present invention includes not only new information (data) added to the original electronic document, but also information obtained by changing a part or all of the information of the original electronic document.

Further, the authenticator generating means in the present invention is
Any means may be used as long as the data compression encryption processing is performed on the electronic document. For example, there is a means for encrypting a large-capacity electronic document into a small-capacity encrypted document or a fixed-length value, but is not limited to this. Not a thing. Further, the authenticator information in the present invention is identification information necessary for verifying an electronic document, and examples thereof include ciphertext having a small capacity and a fixed length value, but are not limited thereto.

The invention according to claim 2 is the same as claim 1.
In the electronic verification device described in paragraph 1,
Each time the confirmation information is attached, an electronic document to which the approval / confirmation information is attached is designated to generate new authenticator information by the authenticator generating means, and the authenticator information stored in the storage means. And a decision / decision processing means for updating the electronic document with the electronic document to which the new authenticator information and the decision / decision information are added.

According to the second aspect of the invention, every time the approval / confirmation processing means adds approval / confirmation information to the electronic document, the authenticator is designated by designating the electronic document with the approval / confirmation information. By generating new authenticator information by the generating means and updating the authenticator information and the electronic document stored in the storage means with the electronic document to which the new authenticator information and the approval / confirmation information are attached, Even when the document is approved and confirmed many times, the generated authenticator information is updated and the previous authenticator information does not remain, so that the storage capacity can be reduced.

Further, according to the second aspect of the present invention, since verification can be performed if there is authenticator information stored in the storage means, verification information such as a time stamp is obtained each time a decision is made and confirmed. It is not necessary to separately obtain a document, and the processing efficiency of verifying the existence and integrity of an electronic document can be improved.

The invention according to claim 3 provides the invention according to claim 2.
In the electronic verification device described in, after the additional writing process for the electronic document to which the final additional writing information is attached or the finalization and finalization process for the electronic document to which the final approval / confirmation information is attached, the current time information and Saving processing means for saving the final additional record information or the electronic document with the approval / confirmation information and the authenticator information for the final additional record information or the electronic document with the approval / confirmation information in the storage means Is further provided.

According to the third aspect of the present invention, the saving processing means performs the additional writing process for the electronic document to which the final additional writing information is added or the finalizing / decision process for the electronic document to which the final decision / finalizing information is added. After completion, store the current time information, the electronic document with the final postscript information or the approval / confirmation information, and the authenticator information for the electronic document with the final postscript information or the approval / confirmation information By storing in the means, the time information, the electronic document, and the authenticator information thereof can be stored as a set, and the existence and integrity verification processing of the electronic document can be performed more efficiently.

The invention according to claim 4 relates to claim 1
In the electronic verification device according to any one of 1 to 3, the authenticator generating unit performs a data compression encryption process on the designated electronic document, and generates a fixed-length hash value as the authenticator information. It is characterized by calling a one-way function that

According to the fourth aspect of the present invention, the authenticator generating means performs the data compression type encryption process on the designated electronic document to generate a fixed length hash value as the authenticator information. By calling, the authenticator information that is updated becomes a fixed-length hash value even when additional writing, approval / confirmation is performed multiple times, and the storage capacity can be further reduced.

According to a fifth aspect of the present invention, an electronic document for verifying whether or not the electronic document, which has additional information added to the original electronic document, is tampered with by a request from one or a plurality of user terminals connected to the network. A verification device, which performs a data compression encryption process on a specified electronic document to generate authenticator information for the specified electronic document, and corresponds to the electronic document and the electronic document. Storage means for storing the generated authenticator information, and each time the electronic document with the additional record information is received from the user terminal, the electronic document with the additional record information is designated to generate the authenticator New authenticator information is generated by the means, and the authenticator information and the electronic document stored in the storage means are updated by the electronic document to which the new authenticator information and the additional information are added. Write-once processing means that specifies the electronic document stored in the storage means, generates verification authenticator information by the authenticator generation means, and generates the authenticator information for verification and the verification information stored in the storage means. Verification means for verifying whether or not the electronic document stored in the storage means has been tampered with based on the user authentication information.

According to the fifth aspect of the invention, each time the additional write processing means receives an electronic document with additional write information from the user terminal, the electronic document with additional write information is designated to generate an authenticator. The new authenticator information is generated by the means, the authenticator information and the electronic document stored in the storage means are updated by the electronic document to which the new authenticator information and the additional information are added, and the verification means stores the new authenticator information in the storage means. The stored electronic document is designated to generate verification authenticator information by the authenticator generating means, and the verification authenticator information is saved in the storage means based on the authenticator information and the verification authenticator information saved in the storage means. By verifying whether or not the existing electronic document has been tampered with, the authenticator information that is generated is updated and the previous authenticator information does not remain even if the electronic document is added many times, so reduce the storage capacity. In That.

According to the invention of claim 5, the verification can be performed if there is the authenticator information stored in the storage means, and therefore verification information such as a time stamp is added to the network every time additional recording is performed. It is not necessary to separately request and receive via the processing, the processing efficiency of verifying the existence and integrity of the electronic document can be improved, and the load on the network can be reduced.

The invention according to claim 6 is the same as claim 5
In the electronic verification device described in (1), each time an electronic document with approval / confirmation information is received from the user terminal, an electronic document with approval / confirmation information is designated to generate a new one by the authenticator generating means. Approval / confirmation processing means for generating authenticator information and updating the authenticator information and the electronic document stored in the storage means with the new authenticator information and the electronic document to which the approval / confirmation information is attached. And is further provided.

According to the invention of claim 6, every time the approval / confirmation processing means receives an electronic document with approval / confirmation information from the user terminal, the approval / confirmation information is attached to the electronic document. The new authenticator information is generated by the specified authenticator generating means, and the authenticator information and the electronic document stored in the storage means are converted by the electronic document with the new authenticator information and the approval / confirmation information. By updating, even if the electronic document is approved and confirmed many times, the generated authenticator information is updated and the previous authenticator information does not remain, so that the storage capacity can be reduced.

Further, according to the invention of claim 6, the verification can be performed if there is the authenticator information stored in the storage means. Therefore, the verification information such as the time stamp is obtained each time the approval / decision is made. It is possible to improve the processing efficiency of verifying the existence and integrity of the electronic document, and reduce the load on the network, since there is no need to separately request and receive the document via the network.

The invention according to claim 7 is the same as claim 5
Alternatively, in the electronic verification device according to the sixth aspect, the storage unit includes an access permitted area in which the unspecified user terminal can access and an access restricted area in which only the specified user terminal can access. The electronic document is stored in the access permitted area, and the authenticator information is stored in the access restricted area.

[0028] According to the invention of claim 7, the storage means has an access permitted area in which the unspecified user terminal can access and an access restricted area in which only the specified user terminal can access. Since the electronic document is stored in the access-permitted area and the authenticator information is stored in the access-limited area, an electronic document in the access-permitted area is accessed by an unspecified user terminal that cannot access the access-limited area. Even if the document is tampered with, the authenticator information in the access restricted area cannot be changed from the user terminal, so it is possible to easily verify whether the electronic document has been tampered with by using the authenticator information. Can be done more efficiently.

The invention according to claim 8 is the invention according to claim 7.
In the electronic verification device described in (1), based on the authenticator information after completion of the additional writing process for the electronic document with the final additional writing information or the final approval / determining process for the electronic document with the final approval / confirmation information Time information acquisition means for receiving current time information from a time server connected to the network, time information received by the time information acquisition means, and the final postscript information or the final approval / confirmation information are added. And an electronic document and authenticator information for the electronic document to which the final postscript information or the final approval / confirmation information is attached, in the access restricted area. To do.

According to the invention of claim 8, the time information is recorded after completion of the additional writing process for the electronic document to which the final additional writing information is added or the final decision / confirmation process for the electronic document to which the final approval / confirmation information is attached. The acquisition unit receives the current time information based on the authenticator information from the time server connected to the network, and the storage processing unit receives the received time information and the final postscript information or the final decision / approval.
The time information based on the authenticator information is saved by storing the electronic document with the finalized information and the authenticator information for the final postscript information or the electronic document with the final approval / confirmation information in the access restricted area. The electronic document and its authenticator information can be stored as a set in an inaccessible state from an unspecified user terminal, and the existence and completeness verification process of the electronic document can be performed more efficiently. .

The invention according to claim 9 provides the invention according to claim 7.
Alternatively, in the electronic verification device described in the paragraph 8, the verification means specifies an electronic document stored in the access permitted area, generates verification authenticator information by the authenticator generation means, and stores the verification authenticator information in the access restricted area. When the stored authenticator information and the verification authenticator information are compared, and the authenticator information and the verification authenticator information do not match,
It is characterized in that the electronic document is judged to have been tampered with.

According to the invention of claim 9, the verification means compares the verification authenticator information generated from the electronic document stored in the access permitted area with the authenticator information stored in the access restricted area. By deciding that the electronic document has been tampered with when the two do not match, it is possible to easily verify the tampering of the electronic document stored in the accessible area from an unspecified user terminal. It is possible to improve the processing efficiency of the verification of the existence and completeness of the electronic document in the allowable area.

According to a tenth aspect of the present invention, in the electronic verification apparatus according to the seventh or eighth aspect, the verification means includes the authenticator information, the electronic document, and the electronic document stored in the access restricted area. Based on the time information, the time information is verified by a predetermined protocol to verify whether the electronic document stored in the access restricted area has been tampered with.

According to the invention of claim 10, the verification means verifies the time information by a predetermined protocol based on the authenticator information, the electronic document and the time information stored in the access restricted area. By verifying whether the electronic document stored in the access restricted area has been tampered with, the tampering of the electronic document in the access restricted area can be easily verified, and the existence of the electronic document in the access restricted area can be verified. And the processing efficiency of integrity verification can be improved.

The invention according to claim 11 is the electronic verification apparatus according to any one of claims 5 to 10, wherein the authenticator generating means is a data compression type encryption for the designated electronic document. It is characterized in that a unidirectional function for performing a process and generating a fixed-length hash value as the authenticator information is called.

According to the eleventh aspect of the present invention, the one-way function for subjecting the designated electronic document to data compression encryption processing by the authenticator generating means to generate a fixed-length hash value as the authenticator information. By calling, the authenticator information that is updated becomes a fixed-length hash value even when additional writing, approval / confirmation is performed multiple times, and the storage capacity can be further reduced.

According to a twelfth aspect of the present invention, in the electronic verification apparatus according to the eleventh aspect, a new one-way function different from the one-way function from the electronic document stored in the access permitted area is used. Generate the first authenticator information according to the above, store it in the access restricted area, and save the second authenticator information from the electronic document saved in the access restricted area by the saving processing means by the new one-way function. A function updating unit is further provided which generates and acquires time information from the time server based on the second authenticator information, and saves the acquired time information and the second authenticator information in the access restricted area. It is characterized by that.

According to the twelfth aspect of the present invention, the function updating means generates the first authenticator information from the electronic document stored in the access permitted area by the new one-way function and stores it in the access restricted area. Then, the second authenticator information is generated by the new one-way function from the electronic document stored in the access restricted area by the storage processing unit, and the time information is acquired from the time server based on the second authenticator information. By storing the acquired time information and the second authenticator information in the access restricted area, even if the one-way function is changed to a new function at the timing when alteration of the electronic document is expected, a new function is created. Since the authenticator information, the time information, and the electronic document of the electronic document corresponding to the one-way function are generated in the access restricted area, the process associated with the change of the one-way function can be easily performed. That.

According to the thirteenth aspect of the present invention, an electronic document for verifying whether or not the electronic document in which the additional information is added to the original electronic document is tampered with is requested by one or more user terminals connected to the network. A verification method,
Data compression encryption processing is applied to the specified electronic document,
An authenticator generating step of generating authenticator information for the specified electronic document, and specifying an electronic document with the additional information every time an electronic document with additional information is received from the user terminal. Generate new authenticator information,
A write-once processing step of updating the authenticator information and the electronic document stored in the storage means with an electronic document to which the new authenticator information and the additional write-on information are added; and an electronic document stored in the storage means. Verification verifier information is generated from the verification means and verifies whether or not the electronic document stored in the storage means has been tampered with, based on the verification code information and the verification authenticator information stored in the storage means. And a verification step to perform.

According to the thirteenth aspect of the invention, each time the electronic document to which the additional write information is added is received from the user terminal by the additional write processing step, the electronic document to which the additional write information is added is designated and new authentication is performed. Child information is generated, and the authenticator information and the electronic document stored in the storage unit are updated by the electronic document to which the new authenticator information and the additional information are added,
The verification step generates verification authenticator information from the electronic document stored in the storage means, and based on the authenticator information and the verification authenticator information stored in the storage means,
By verifying whether the electronic document stored in the storage unit has been tampered with, the authenticator information generated is updated and the previous authenticator information does not remain even if the electronic document is added many times. The storage capacity can be reduced.

According to the thirteenth aspect of the present invention, since verification can be performed if there is authenticator information stored in the storage means, verification information such as a time stamp is added to the network every time additional recording is performed. It is not necessary to separately request and receive via the processing, the processing efficiency of verifying the existence and integrity of the electronic document can be improved, and the load on the network can be reduced.

According to a fourteenth aspect of the present invention, in the electronic verification method according to the thirteenth aspect, the approval / confirmation information is added each time an electronic document with the approval / confirmation information is received from the user terminal. New authenticator information is generated from the generated electronic document, and the authenticator information and the electronic document stored in the storage unit are converted by the electronic document to which the new authenticator information and the approval / confirmation information are attached. It is characterized by further including a decision / decision processing step of updating.

According to the invention of claim 14, every time the electronic document to which the approval / confirmation information is attached is received from the user terminal by the approval / confirmation processing step, the electronic document to which the approval / confirmation information is attached. By generating new certifier information from the certifier, and updating the certifier information and the electronic document stored in the storage means with the electronic document to which the new certifier information and the approval / confirmation information are attached. Even if the electronic document is approved and confirmed many times, the generated authenticator information is updated and the previous authenticator information does not remain, so that the storage capacity can be reduced.

According to the fourteenth aspect of the present invention, verification can be performed if there is authenticator information stored in the storage means. Therefore, verification information such as a time stamp is obtained each time a decision is made. It is possible to improve the processing efficiency of verifying the existence and integrity of the electronic document, and reduce the load on the network, since there is no need to separately request and receive the document via the network.

According to a fifteenth aspect of the present invention, in the electronic verification method according to the thirteenth or fourteenth aspect, the storage means stores the electronic document and is accessible from an unspecified user terminal. An access permission area and an access restriction area in which the authenticator information is stored and only access from the specific user terminal is permitted,
After the completion of the postscript processing for the electronic document with the final postscript information or the approval / finalization process for the electronic document with the final decision / decision information, a request to obtain the current time based on the authenticator information is sent to the network. A time information acquisition step of transmitting to a time server that manages time and receiving the time information from the time server; the time information received by the time information acquisition step; and the final postscript information or the final addition information. A storage processing step of storing the electronic document to which the approval / confirmation information is attached and the authenticator information for the final postscript information or the electronic document to which the final approval / confirmation information is attached in the access restricted area; And are further included.

According to the fifteenth aspect of the present invention, the storage means has an access permitted area in which the unspecified user terminal can access and an access restricted area in which only the specified user terminal can access. Since the electronic document is stored in the access-permitted area and the authenticator information is stored in the access-limited area, an electronic document in the access-permitted area is accessed by an unspecified user terminal that cannot access the access-limited area. Even if the document is tampered with, the authenticator information in the access restricted area cannot be changed from the user terminal, so it is possible to easily verify whether the electronic document has been tampered with by using the authenticator information. Can be done more efficiently.

Further, according to the invention of claim 15, after completion of the additional writing process for the electronic document to which the final additional writing information is added, or the approval / fixing process for the electronic document to which the final decision / fixing information is added, In the time information acquisition step, the current time information based on the authenticator information is received from the time server connected to the network, and the storage processing means receives the received time information and the final postscript information or the final decision / approval. The time information based on the authenticator information is saved by storing the electronic document with the finalized information and the authenticator information for the final postscript information or the electronic document with the final approval / confirmation information in the access restricted area. The electronic document and its authenticator information can be stored as a set in an inaccessible state from an unspecified user terminal. It is possible to perform sexual verification process more efficient.

According to a sixteenth aspect of the present invention, in the electronic verification method according to the fifteenth aspect, the verification step generates verification authenticator information from the electronic document stored in the access permitted area, The authenticator information stored in the access restricted area is compared with the verification authenticator information, and if the authenticator information and the verification authenticator information do not match, the electronic document has been tampered with. It is characterized by determining that there is.

According to the sixteenth aspect of the invention, in the verification step, the verification authenticator information is generated from the electronic document stored in the access permitted area, and the verification information and the verification information stored in the access restricted area are verified. If the authenticator information and the verification authenticator information do not match, it is determined that the electronic document has been tampered with, and thus the electronic document stored in the access permitted area It is possible to easily verify tampering from an unspecified user terminal, and it is possible to improve the processing efficiency of verifying the existence and integrity of the electronic document in the access permitted area.

The invention according to claim 17 is the electronic verification method according to claim 15 or 16, wherein in the verification step, the authenticator information, the electronic document and the electronic document stored in the access restricted area are stored. Based on the time information, the time information is verified by a predetermined protocol to verify whether the electronic document stored in the access restricted area has been tampered with.

According to the seventeenth aspect of the invention, the time information is verified by a predetermined protocol in the verification step based on the authenticator information, the electronic document and the time information stored in the access restricted area. By verifying whether the electronic document stored in the access restricted area has been tampered with, the tampering of the electronic document in the access restricted area can be easily verified, and the existence of the electronic document in the access restricted area can be verified. And the processing efficiency of integrity verification can be improved.

The invention according to claim 18 is a program for causing a computer to execute the method according to any one of claims 13 to 17.
Any one of the 17 operations can be performed by a computer.

[0053]

BEST MODE FOR CARRYING OUT THE INVENTION Preferred embodiments of an electronic verification apparatus, an electronic verification method, and a program for causing a computer to execute the method will be described in detail below with reference to the accompanying drawings.

(Embodiment 1) Embodiment 1 of the present invention
The electronic verification device 100 is an electronic document to which additional information is sequentially added by the user from the original document such as the approval document and the medical record (diagnosis record), and the approval and confirmation are made by the approver / confirmer. It verifies the existence as to whether such electronic document existed at a certain time and the integrity as to whether or not the electronic document was tampered with. In addition,
The electronic verification device 100 according to the first embodiment includes a control device such as a CPU, a storage device such as a ROM and a RAM, and a hard disk (HD) 110, an external storage device such as a CD-ROM drive, and a WS (Workstati).
on) and PC (Personal Computer)
Has become a normal computer hardware configuration such as.

FIG. 1 is a block diagram showing the functional configuration of the electronic verification apparatus 100 according to the first embodiment. As shown in FIG. 1, the electronic verification device 100 according to the first embodiment includes a draft processing unit 101, a postscript processing unit 102, and a decision / approval unit.
It has a software configuration including a confirmation processing unit 103, a hash value calculation unit 104, a storage processing unit 105, and a verification unit 106. Further, the HD 110 has an access permission area 111 accessible by unspecified general users,
An access restricted area 112 that can be accessed only by a specific user such as a system administrator is secured.

The draft processing unit 101 stores the original electronic document such as the approval document and the medical chart generated by the user (former) in the access permitted area 111 of the HD 110, and is calculated from the electronic document M. The latest hash value H is stored in the access restriction area 112.

When the user (adder) adds the additional information to the original electronic document M _t or the additional electronic document, the additional write processing unit 102 adds the additional electronic document M _{t + n.}
To update the electronic document stored in the access permitted area 111 of the HD 110, and to update the current hash value stored in the access restricted area 112 with the latest hash value H _{t + n} calculated from the electronic document M _{t + n} . The latest hash value H _t is updated to H _{t + n} . Here, the additional record information is a description item to be added to the electronic document, a partial change item of the electronic document, information for identifying the user of the additional record person, and the like. The user who is the postscript may be different from the originator who generated the original electronic document.

The approval / confirmation processing unit 103 determines the user (approval
・ Electronic document M to which the confirmer is added _{t + n}(Or Oriji
Naru's electronic document M_t) To confirm / confirm and then confirm / confirm information
Electronic document M with approval / confirmation information attached
_{t + n + m}(Or M_{t + m}) Allows access to HD 110
Electronic document M stored in the permissible area 111_{t + n}(Or oh
Original electronic document M_t), And the decision
Electronic document M with definite information_{t + n + m}(Or M_{t + m})
The latest hash value H calculated from_{t + n + m}(Or H_{t + m}) To
Therefore, it is currently stored in the restricted access area 112.
Latest hash value H of_{t + n}(Or H_t) To update
Is. Here, the approval / confirmation information indicates the approval / confirmation information.
It is a description, information for identifying the authorizer / determiner, and the like.
The user who is the authorizer / confirmer is the original electronic
It may be different from the person who created the document and the person who added it.

The hash value calculation unit 104 constitutes the authenticator generation means in the present invention, and the hash value of the electronic document designated by the draft processing unit 101, the additional recording processing unit 102, and the approval / confirmation processing unit 103 is calculated by a hash function. Is generated. Here, the hash value is the message
Also called a digest, it is a fixed-length value generated by applying data compression type encryption processing to the contents of an electronic document,
It constitutes the authenticator information in the present invention.

Further, the hash function constitutes the one-way function in the present invention, and if the hash function is h (),
It is a collision-resistant function in which it is difficult to obtain a pair of values (x, y) such that h (x) = h (y). In the present embodiment, an existing hash function that outputs a 160-bit hash value is used. SHA-1 is used. In addition to this,
The hash function RIPEMD-160 may be used.

The electronic verification program executed by the electronic verification apparatus 100 according to the present embodiment is a file in an installable format or an executable format, and is read by a computer such as a CD-ROM, a flexible (FD), or a DVD. It is provided by being recorded in a possible recording medium. Further, the verification of the present embodiment may be stored in a computer connected to a network such as the Internet and provided by being downloaded via the network.

The electronic verification program according to the present embodiment is loaded into the main storage device by the electronic verification device 100 reading from the storage medium and executing it.
Each unit described in the software configuration is generated in the main storage device.

FIG. 2A is an explanatory diagram showing an example of the content of the document input to the hash function SHA-1.
2B is a hash function SHA-1 from the document of FIG.
It is explanatory drawing which shows the example of the hash value calculated by.
FIG. 2C is an explanatory diagram showing an example of the hash value when the date of the third line of the document of FIG. 2A is tampered with from March 29th to March 28th. As shown in FIGS. 2 (b) and 2 (c), it can be seen that the hash value varies greatly even if "9" in the document is changed to "8".

The save processing unit 105 acquires the time stamp of the current time after completing all the additional recording processing and the approval / confirmation processing, and acquires the acquired time stamp and the latest hash value (additional processing or approval / confirmation. The hash value calculated in the processing) and the electronic document currently stored in the access permitted area 111 are combined into a set to set the access restricted area 11
It is to be stored in 2. Here, the time stamp constitutes the time information in the present invention. In addition, the first embodiment
In the electronic verification device 100 according to the above, the time stamp is
It may be generated in the own device or acquired via the network.

The verification unit 106 uses the access permitted area 111.
Electronic documents and access restricted area 1 stored in
It verifies the existence (whether it existed at a certain time) and the integrity (whether it has not been tampered with) of the electronic document stored in 12.

Next, the structure of a target electronic document in the electronic verification apparatus 100 according to the first embodiment will be described. The electronic document according to the first embodiment is an electronic document obtained by digitizing an original document, an electronic document with a postscript in which postscript information is added to the original electronic document or an electronic document with a postscript, or an original electronic document or with an additional postscript. An electronic document in which payment / confirmation information is added to the electronic document is included. FIG. 3A is an explanatory diagram showing the structure of the electronic document, and FIGS. 3B and 3C are explanatory diagrams showing the structure of the electronic document to which the additional write information is added.

In the present embodiment, as shown in FIG. 3A, it is considered that the electronic document is composed of a set of one or more elements (description items). Note that N represents the total number of elements in the document, and t represents the creation time t of the element. Each element of the electronic document is composed of the description content and an ID for identifying the document. This allows restructuring of elements into electronic documents.

The additional writing of the electronic document is considered to be added to the element (entry item) in the document. That is, as for the additional writing, as shown in FIG. 3B, an element (additional information 301:
Elements N _{t + 1} ) in time series, or FIG.
As shown in (c), a new element (additional information 3
02: Element N + 1 _{t + 1} ) can be regarded as being added. As an example of FIG. 3 (b), a deletion operation such as addition or double-line entry is applicable, and as an example of FIG. 3 (c),
Append operations such as appending information (including documents) are applicable.

Next, the first embodiment configured as described above
The additional writing to the electronic document, the additional writing when the approval / confirmation is made, and the approval / confirmation process will be described. First, a document to which additional information such as a approval document and a medical record is attached is generally processed in the order of drafting, additional writing, approval / confirmation, and saving.

For example, in the case of a document such as a request for approval,
After the drafter has drafted (created) a request for approval, a postscript is added to the approval request and a decision is made by the definite person. Then, after the final approval and confirmation, the approval request is time-stamped and stored for a long time.

On the other hand, in the case of a document such as a medical record (diagnosis record), after the medical record is issued by the doctor, the medical record is written by the medical staff or other postscripts, and then the medical record is written by the doctor. An approval / determination of the chart is made by an approval / determination person. Then, additional writing and approval / confirmation are repeated until final approval / confirmation is made to the medical record. After the final approval / confirmation of the medical record, the medical record is time stamped and saved.

Electronic Verification Device 100 According to First Embodiment
Then, processing is performed on an electronic document obtained by digitizing a document having such a property. Figure 4
It is a flow chart which shows the procedure of additional writing and settlement / confirmation processing.

[0073] First, if the original electronic document slip issuance (product) is performed in a predetermined area of HD110 by slip issuance person, the slip issuance processing unit 101, the time t to the original electronic document M _t Is added to the hash value calculation unit 104.
The hash value H _t is calculated from the original document M _t (step S401). At this time, the hash value calculation unit 104 outputs the hash value by designating the original electronic document M _t and calling the hash function. Then, the electronic document M _t is stored in the access permitted area 111 of the HD 110, and the hash value H _t is stored in the access restricted area 112 as the latest hash value (step S402). Then, it waits until additional writing of the electronic document is performed (step S403).

When the electronic document is changed in the predetermined area of the HD 110, it is determined whether the electronic document has been additionally written, or whether the approval / confirmation has been made, by a notification from the user or the like (step S404). ). When it is determined that the additional writing has been performed (step S404: additional writing), the additional writing processing unit 102 adds the time t + 1 to the electronic document M _{t + 1} to which the additional writing information is added, and the hash value calculation unit 104.
Thus, the hash value H _{t + 1} is calculated from the electronic document M _{t + 1} to which the additional write information is added (step S405). Then, the electronic document M _t stored in the access permitted area 111 of the HD 110 is updated with the electronic document M _{t + 1} , and the latest hash value stored in the access restricted area 112 is changed from the hash value H _t to the hash value. It is updated to H _{t + 1} (step S406). Then, it stands by until additional writing or approval / confirmation is made to the electronic document. If additional recording is performed, the processes of steps S405 and S406 are repeated. Therefore, the electronic document and the hash value are updated each time additional writing is performed. That is, the access permission area 1
The electronic document 11 is updated to the electronic document M _{t + n,} and the hash value of the access restricted area 112 is the latest hash value H _{t + n.}
Will be updated. Therefore, the previous electronic document and hash value do not remain in each area of the HD 110.

If it is determined in step S404 that the electronic document has been approved and confirmed (step S4)
04: Approval / confirmation), the approval / confirmation processing unit 103 adds time t + n + m to the electronic document M _{t + n + m} to which the approval / confirmation information is added, and the hash value calculation unit 104 outputs the approval / confirmation information. A hash value H _{t + n + m} is calculated from the attached electronic document M _{t + n + m} (step S407). Then, the electronic document M _{t + n} stored in the access permitted area 111 of the HD 110 is updated with the electronic document M _{t + n + m} , and the latest hash value stored in the access restricted area 112 is set to the hash value H. _The hash value H _{t + n + m} is updated from _{t + n} (step S408). Then, until the final approval / determination is made by the finalizer (step S409),
The additional recording process or the processes of steps S407 and S408 are repeated. Therefore, the electronic document and the hash value are updated each time the approval / decision is made, and the previous electronic document and the hash value do not remain in each area of the HD 110.

When the final decision / decision is made / decided by the electronic document (step S409: Yes)
s), by the storage processing unit 105, the electronic verification device 100
The current time is acquired via a timer inside the network or via a network to generate a time stamp (step S41).
0). Then, the storage processing unit 105 further generates the time stamp, the approved and confirmed electronic document, and the latest hash value for the approved and confirmed electronic document (the hash value calculated by the final approval and confirmation). And are stored as a set in the access restricted area 112 (step S411). FIG. 5 is an explanatory diagram showing the storage states in the access permitted area 111 and the access restricted area 112. As a result, a series of additional writing, approval / confirmation processing, and storage processing are completed, and thereafter, the electronic document is stored in the access restricted area 112 inaccessible to an unspecified general user for a desired period as shown in FIG. Will be saved. In the description of FIG. 4, but settlement-decision process with respect to the electronic document M _{t + n} where additional information is attached to the original electronic document M _t is an example to be made, the original electronic document M _t The present invention is also applied to the case where the approval / confirmation processing is immediately performed without additional writing, and the electronic document M _t is updated to the electronic document M _{t + m} and the hash value H _t is updated to the latest hash value H _{t + m.} It goes without saying that you can do it.

Next, the access permitted area 111 is
The process of verifying the existence and integrity of the electronic document stored in will be described. FIG. 6 is a flowchart showing a procedure of verification processing of existence and integrity of an electronic document stored in the access permitted area 111 by the verification unit 106.

First, the verification unit 106 determines that the access permitted area is
Read the electronic document stored in 111 and
The hash value calculation unit 104 hashes of the stored electronic document.
Value H _{t + n + m}'Is calculated (step S601). Next inspection
The certification unit 106 is stored in the access restricted area 112.
Hash value H_{t + n + m}Is read (step S60
2), hash value H_{t + n + m}'And the hash value H_{t + n + m}Togaichi
It is checked whether or not there is a match (step S603).

When the two hash values match (step S603: Yes), it is determined that the electronic document in the access permitted area 111 exists at the time of the final execution time t + n + m, and this electronic document has not been tampered with. ,
A notification message of verification success is output (step S
604). On the other hand, the hash value H _{t + n + m} 'and the hash value H _{t
If + n + m} do not match (step S603: N
o), it is determined that the electronic document in the access-permitted area 111 has been tampered with, and a message indicating that tampering has occurred is output (step S605). This completes the process of verifying the existence and completeness of the electronic document in the access permitted area 111.

Next, a process of verifying the existence and completeness of the electronic document stored in the access restricted area 112 will be described. Since the general user cannot access the access restricted area 112, it is generally impossible for the general user to tamper with the electronic document in the access restricted area 112, but the tampering possibility is not zero.
It is necessary to prove its existence and completeness. For this reason,
The electronic verification device 100 according to the present embodiment is capable of verifying an electronic document in the access restricted area 112.

FIG. 7 is a flowchart showing the procedure of the verification process of the existence and completeness of the electronic document stored in the access restricted area 112 by the verification unit 106. The verification unit 106 first reads the electronic document, the latest hash value, and the time stamp stored in the access restricted area 112 (step S701). Then, the data necessary for verifying the time stamp is acquired (step S7).
02). Although the data stored in the electronic verification device is used for the acquisition of the data, the data may be acquired by requesting the time stamp server on the other network.

When the verification unit 106 acquires the data necessary for the time stamp, it verifies the time stamp according to the time stamp protocol (step S70).
3). The time stamp protocol is a known protocol, and the data required for the time stamp is determined according to the time stamp protocol.

Next, the verification unit 106 judges the verification result of the time stamp (step S704), and if the verification result is successful (step S704: Yes), the access restriction area 112 is set at the time stamp acquisition time. It is determined that the electronic document exists in the document and the electronic document has not been tampered with, and a notification message indicating that the verification is successful is output (step S705). On the other hand, if the verification result is unsuccessful (step S704: No), it is determined that the electronic document in the access restricted area 112 has been tampered with, and a message indicating that there is tampering is output (step S70).
6). This completes the process of verifying the existence and integrity of the electronic document in the access restricted area 112.

As described above, in the electronic verification apparatus 100 according to the first embodiment, the additional write processing unit 102 and the approval / confirmation processing unit 103 add additional information or approval / decision information to an electronic document.
Each time the confirmation information is added, a new hash value is generated from the electronic document to which the additional write information or the approval / confirmation information is added, and the latest hash value stored in the access restricted area 112 is newly generated. Since the electronic document stored in the access permitted area 111 is updated with the value, and the electronic document added with the additional information or the approval / confirmation information is added, the electronic document can be additionally recorded, approved / confirmed multiple times. Even if it is done, the generated hash value is constantly updated and the previous hash value does not remain, so the storage capacity can be reduced.

For example, the number of postscripts after the draft is issued is n,
Consider a case where an electronic document of size Q whose number of confirmations is m is subjected to the above-described processing by the conventional method and the electronic verification apparatus 100 according to the first embodiment.

In the case of the conventional time stamp method, if the size per time stamp is ts, the required storage capacity is Q + ts (1 + n + m). Further, in the case of the conventional hysteresis signature method, assuming that the size per electronic signature is sig, the required storage capacity is Q + sig (1 + n + m), and in the conventional method, the number of additional recordings and the number of approvals / confirmations are The required storage capacity increases as the number increases. For example, electronic document 1
Number of additional recordings n = 30, number of approvals / confirmations m = 1
0, size per time stamp ts = 160b
If it (20 bytes), the storage capacity required in the time stamp method is the document size Q + 820 bytes.
It becomes e. Further, in the case of the hysteresis signature method, the size per electronic signature sig = 320 bits
Assuming (40 bytes), the storage capacity required for each electronic document is the document size Q + 1640 bytes. When there are a plurality of electronic documents, the required storage capacity further increases.

On the other hand, in the method of the first embodiment, since the hash value is updated every time additional writing, approval or confirmation is made, the storage capacity required for the processing is the number of additional writes and the approval when the size of the hash value is h.・ Q + h regardless of the number of confirmations. When a hash function that outputs a 160-bit hash value is used as in this embodiment, the number of additional recordings,
It can be seen that the storage capacity required for each electronic document is the document size Q + 20 bytes regardless of the number of approvals / confirmations, which is smaller than the conventional methods.

Further, in the electronic verification apparatus 100 according to the first embodiment, if the latest hash value stored in the access restricted area 112 exists, the existence and completeness of the electronic document can be verified. It is not necessary to separately obtain verification information such as a time stamp each time additional recording or approval / confirmation is made, and the processing efficiency of verifying the existence and integrity of an electronic document can be improved.

In this embodiment, the access permitted area 111 and the access restricted area 112 are both in the HD 110.
Although the electronic document, the latest hash value and the time stamp are stored in the HD 110, the electronic document, the latest hash value and the time stamp are stored in the memory by securing the above areas in the memory such as RAM. The stamp may be stored.

(Second Embodiment) Although the electronic verification apparatus 100 according to the first embodiment performs processing by a stand-alone computer, the electronic verification apparatus 800 according to the second embodiment further includes a network. The electronic document is received from the above user terminal 801, the time stamp is acquired from the server on the network, and the verification process is performed. FIG. 8 is a network configuration diagram of an electronic verification system including the electronic verification device 800 according to the second embodiment. In the electronic verification system according to the present embodiment, the electronic verification device 800 is connected to the network 810 such as the Internet.
, Time management server 803, and time stamp server 8
02 is connected. A plurality of user terminals 801 are connected to the electronic verification device 800 by a network 820 such as Ethernet (registered trademark), and the electronic verification device 800 and the plurality of user terminals 801 are connected.
A LAN environment is constructed by.

The electronic verification device 800 performs an additional writing process, an approval / confirmation process, and a verification process for an electronic document.
In addition, the electronic verification device 800 has a terminal authentication function for preventing access from a terminal that misrepresents the user terminal 801 on the LAN.

The time management server 803 manages and provides accurate time, and is a server computer managed by a trusted third party that cannot collude with an attacker.

The time stamp server 802 receives the time stamp acquisition request from the electronic verification apparatus 800,
It is a server computer that issues a time stamp and transmits it to the electronic verification device 800, and is managed by a trusted third party that cannot collude with an attacker. The time stamp server 802 constitutes the time server of the present invention.

The electronic verification device 800, the time management server 803, and the time stamp server 802 are all C
WS (Workst) including a control device such as a PU, a storage device such as a ROM and a RAM, and an external storage device such as a hard disk (HD) 110 and a CD-ROM drive.
ation) and PC (Personal Computer)
er) is a normal computer hardware configuration.

Next, the functional configuration of the electronic verification device 800 will be described. FIG. 9 is a block diagram showing a functional configuration of the electronic verification device 800 according to the second embodiment. As shown in FIG. 9, the electronic verification apparatus 800 according to the second embodiment includes a transmission / reception unit 909, a draft processing unit 901, a postscript processing unit 902, a decision / confirmation processing unit 903, and a hash value calculation unit 904. A storage processing unit 905 and a verification unit 906.
And a time stamp acquisition unit 908 and a hash function update unit 907. The HD 110 also includes the electronic verification device 10 of the first embodiment.
Similar to 0, an access permitted area 111 accessible by an unspecified general user and an access restricted area 112 accessible only by a specific user such as a system administrator are secured.

The transmission / reception unit 909 receives the electronic document from the user terminal 801, and determines whether it is the original electronic document, the electronic document to which the additional write information is added, or the electronic document to which the approval / confirmation information is added.

The draft processing section 901 receives the original electronic document M _t such as the approval document and the medical chart generated by the user (former) from the user terminal 801 and receives the HD 11
The hash value H _t calculated from the electronic document M _t is stored in the access restriction area 112 as the latest hash value.

The additional recording processing unit 902 receives from the user terminal 801 the user (additional person) an original electronic document M _t or an electronic document in which additional recording information is added to the additional electronic document, and the additional recording is performed. HD110 by _{t + n}
Of the electronic document stored in the access-allowed area 111, and the latest hash value H _{t + n} calculated from the electronic document M _{t + n is used} to update the electronic document stored in the access-restricted area 112. It has a value H _t .

The approval / confirmation processing unit 903 determines the user (approval
・ Electronic document M to which the confirmer is added _{t + n}(Or Oriji
Naru's electronic document M_t) To confirm / confirm and then confirm / confirm information
Electronic document M with_{t + n + m}(Or M_{t + m}) To the user terminal
Electronic document received from 801 with approval / confirmation information
M_{t + n + m}(Or M_{t + m}), HD110 access
Update the electronic document stored in the permissible area 111,
Electronic document M with such approval / confirmation information_{t + n + m}(Ma
Or M_{t + m}) Latest hash value H calculated from_{t + n + m}(Ma
Or H_{t + m}Stored in the access restricted area 112 by
The current latest hash value H_{t + n}(Or H_t)
Is to be updated.

The hash value calculation unit 904 constitutes the authenticator generation means in the present invention, and is designated by the draft processing unit 901, the additional writing processing unit 902, and the approval / confirmation processing unit 903, as in the first embodiment. A hash value is generated from an electronic document by a hash function.

The time stamp acquisition unit 908 generates a time stamp acquisition request message including the latest hash value, transmits it to the time stamp server 802, and receives the time stamp of the current time from the time stamp server 802. The time stamp acquisition unit 908 constitutes time information acquisition means in the present invention.

The hash function updating unit 907, which constitutes the function updating means in the present invention, acquires the time stamp when the hash function is updated, the acquired time stamp, the hash value of the electronic document by the new hash function,
The electronic document is stored in the access restricted area 112.

As in the first embodiment, the storage processing unit 905 receives the time stamp acquired by the time stamp acquisition unit 908 and the latest hash value (decision (Hash value calculated in the confirmation process) and the current accessible area 111
The electronic documents stored in 1 are stored as a set in the access restricted area 112.

The verification unit 906, like the first embodiment,
To verify the existence (whether it existed at a certain time) and the integrity (whether it has not been tampered with) of the electronic document stored in the access permitted area 111 and the electronic document stored in the access restricted area 112 Is.

Next, the second embodiment configured as described above
The additional writing to the electronic document, the additional writing when the approval / confirmation is made, and the approval / confirmation process will be described. FIG. 10 is a flowchart showing the procedure of additional writing, approval / confirmation processing.

First, the transmission / reception unit 909 receives the original electronic document M _t, which has been drafted by the drafter, from the user terminal 801 (step S1001). Then, the draft processing unit 901 adds the time t to the original electronic document M _t , and the hash value calculation unit 904 calculates the hash value H _t from the original electronic document M _t (step S1002). At this time, the first embodiment
Similarly, the hash value calculation unit 904 outputs the hash value by designating the original electronic document M _t and calling the hash function. Then, the electronic document M _t is recorded in HD
The access limit area 112 stores the hash value H _t as the latest hash value.
(Step S1003). Then, it waits until the electronic document is additionally written (step S100).
4).

When the electronic document changed by the transmitting / receiving unit 909 is received from the user terminal 801, the electronic document is received (step S10).
05), it is determined whether the electronic document has been additionally written, or whether the approval / confirmation has been made (step S100).
6). When it is determined that the additional recording has been performed (step S
1006: additional writing), as in the first embodiment, the additional writing processing unit 902 attaches the time t + 1 to the electronic document M _{t + 1} to which the additional writing information is attached, and the hash value calculating unit 904
Hash value H _{t + 1} from electronic document M _{t + 1 with additional} information
Is calculated (step S1007). And HD11
The electronic document M _t stored in the access permitted area 111 of 0 is updated with the electronic document M _{t + 1} , and the access restricted area 112
The latest hash value stored in the hash value H _t
To hash value H _{t + 1} (step S100)
8). Then, it stands by until additional writing or approval / confirmation is made to the electronic document. When additional writing is performed, the processes of steps S1007 and S1008 are repeated. As a result, as in the first embodiment, the electronic document in the access permitted area 111 is updated to the electronic document M _{t + n,} and the hash value in the access restricted area 112 is updated to the latest hash value H _{t + n} . Therefore, the electronic document and the hash value are updated each time additional writing is performed, and the previous electronic document and the hash value do not remain in each area of the HD 110.

If it is determined in step S1006 that the electronic document has been approved and confirmed (step S1006).
1006: Approval / confirmation), as in the first embodiment, the approval / confirmation processing unit 903 adds the time t + n + m to the electronic document M _{t + n + m} to which the approval / confirmation information is added, and the hash value calculation unit The hash value H _{t + n + m} is calculated from the electronic document M _{t + n + m} to which the approval / confirmation information is attached by 904 (step S1009). Then, the electronic document M _{t + n} stored in the access permitted area 111 of the HD 110 is replaced with the electronic document M
updated with _{t + n + m,} the most recent hash value stored in the access control area 112, and updates the hash value H _{t + n} to the hash value H _{t + n + m} (step S1010). Then, the additional recording process or the processes of steps S1009 and S1010 are repeated until final approval / determination is made by the finalizer (step S1011). Therefore, the electronic document and the hash value are updated each time the approval / decision is made, and the previous electronic document and the hash value are updated to HD.
It does not remain in each region of 110.

When the final approval / confirmation by the finalizer / confirmator has been made to the electronic document (step S1011: Yes)
s), the time stamp acquisition unit 908 generates a time stamp acquisition request message including the latest hash value, and transmits the generated time stamp acquisition request message to the time stamp server 802, thereby requesting the time stamp acquisition. Do (step S101
2).

When the time stamp is received from the time stamp server 802 (step S1013), the storage processing unit 905 confirms the received time stamp and
The access-restricted area 112 includes a set of the confirmed electronic document and the latest hash value (hash value calculated by the final determination / confirmation) for the confirmed / confirmed electronic document.
(Step S1014). As a result, a series of additional writing, approval / confirmation processing, and storage processing are completed, and thereafter, the electronic document is stored in the access restricted area 112 inaccessible to unspecified general users for a desired period. Note that, also in the present embodiment, as in the case of the first embodiment, the present invention can be applied to the case where the original electronic document M _t is immediately subjected to the approval / confirmation processing without additional writing. Further, the electronic document M _{t at} this time is the electronic document M _{t + m} , and the hash value H _t is the latest hash value H.
It will be updated to _{t + m} respectively.

Next, the process of verifying the existence and integrity of the stored electronic document will be described. The verification processing of the electronic document stored in the access permitted area 111 is the same as the processing described in FIG. 6 in the first embodiment.

FIG. 11 is a flowchart showing the procedure of the verification process of the existence and completeness of the electronic document stored in the access restricted area 112 by the verification unit 906.
The verification unit 906 first reads the electronic document, the latest hash value, and the time stamp stored in the access restricted area 112 (step S1101). Then, in order to acquire the verification data necessary for verifying the time stamp, the verification data acquisition request is transmitted to the time stamp server 802 (step S1102). Verification unit 906
When the verification data is received from the time stamp server 802 (step S1103), the verification of the time stamp is performed according to the time stamp protocol (step S1104), as in the first embodiment.

Next, the verification unit 906 judges the verification result of the time stamp (step S1105), and if the verification result is successful (step S1105: Yes),
It is determined that the electronic document exists in the access restriction area 112 at the time of obtaining the time stamp and the electronic document has not been tampered with, and a notification message indicating that the verification is successful is output (step S1106). On the other hand, if the verification result is unsuccessful (step S1105: No), it is determined that the electronic document in the access restricted area 112 has been tampered with, and a message indicating that there is tampering is output (step S1107). As a result, the access restriction area 112
The process of verifying the existence and integrity of the electronic document in is completed.

Next, the hash function update process performed when the hash function is updated will be described. When the hash function needs to be updated, for example, when the cryptographic algorithm of the hash function is broken, that is, it becomes more likely that the one-way hash function cannot be maintained, or when the hash function is upgraded. Therefore, it is possible that the version upgrade has started.

FIG. 12 is a flow chart showing the procedure of the hash function update processing by the hash function update section 907. As a premise of the hash function update processing, it is assumed that there is no collusion between the system administrator of the electronic verification apparatus 800 and the attacker. In addition, before the hash function update processing is started, access from the user terminal 801 to the electronic verification device 800 is temporarily blocked, and the verification unit 906 verifies the existence and integrity of the electronic document so that the electronic document is not tampered with. Then, the new hash function h ′ () is calculated by the electronic verification device 8
It is premised on the state of being incorporated into 00. Note that a new hash function may be automatically incorporated from a management server or the like on the network via the network.

The hash function updating unit 907 first uses the new hash function h ′ () to access the accessible area 11
The hash value SH1 is calculated from the electronic document in 1 (step S1201), and the new hash function h ′ () is used to store the electronic document stored in the access restricted area 112 (final settlement / confirmation processing is performed, A hash value SH2 is calculated from the electronic document for which the time stamp has been acquired (step S1202).

Next, the hash function updating unit 907 stores the hash value SH1 in the access restricted area 112 (step S1203). That is, the access restriction area 11 for the electronic document stored in the access permission area 111
The hash value stored in 2 is replaced with the new hash value S
Update to H1. Further, the hash function updating unit 907
A time stamp acquisition request message is generated from the hash value SH2, and the generated time stamp acquisition request message is transmitted to the time stamp server 802 (step S1204).

When the hash function updating unit 907 receives the time stamp from the time stamp server 802 (step S1205), the hash function updating unit 907 retrieves the received time stamp, the hash value SH2, and the electronic document on which the final settlement / confirmation processing has been performed. The set is stored in the access restriction area 112 (step S1206). That is, the access restriction area 11
The hash value and the time stamp stored as a set in the electronic document stored in 2 (the electronic document for which the final settlement / confirmation processing has been performed and the time stamp has been acquired) are used as a new hash value SH2 and a new hash value SH2. Update to time stamp. As a result, when the hash function is updated to the new hash function h '(), the hash value, the time stamp, and the electronic document of the electronic document corresponding to the new hash function h' () can be easily stored. it can.

As described above, in the electronic verification apparatus 800 according to the second embodiment, the additional write processing unit 902 and the approval / confirmation processing unit 903 add additional information or approval / decision information to an electronic document.
Each time the confirmation information is added, a new hash value is generated from the electronic document to which the additional write information or the approval / confirmation information is added, and the latest hash value stored in the access restricted area 112 is newly generated. Since the electronic document stored in the access permitted area 111 is updated with the value, and the electronic document added with the additional information or the approval / confirmation information is added, the electronic document can be additionally recorded, approved / confirmed multiple times. Even if it is done, the generated hash value is constantly updated and the previous hash value does not remain, so the storage capacity can be reduced.

Further, in the electronic verification apparatus 800 according to the second embodiment, the existence and completeness of the electronic document can be verified if the latest hash value stored in the access restricted area 112 exists. It is not necessary to separately obtain verification information such as a time stamp via the network each time additional writing, approval or confirmation is made, and it is possible to improve the processing efficiency of verifying the existence and completeness of electronic documents, as well as the network. The load on the can be reduced.

In the electronic verification devices 100 and 800 according to the first and second embodiments, the access permitted area 111 is used.
Is defined as accessible to unspecified general users, but it is advisable to provide access authority using a password or the like. Further, in the second embodiment, access restriction may be set on the user terminal 801. If you do this,
It is possible to limit the users who can additionally write, make decisions and confirm electronic documents. For example, in the case of a medical record, only the doctor in charge can perform additional writing and confirmation processing in the access permission area 111.

In the electronic verification devices 100 and 800 according to the first and second embodiments, the access permitted area 111 is used.
The access restriction area 112 and the access restriction area 112 are both secured in the HD 110, and the electronic document, the latest hash value, and the time stamp are stored in the HD 110. It may be configured to store the document, the latest hash value and the time stamp.

[0123]

As described above, according to the first aspect of the invention, the authenticator information generated is updated and the previous authenticator information does not remain even if the electronic document is additionally written many times. Therefore, the storage capacity can be reduced.

According to the first aspect of the present invention, it is not necessary to separately obtain the verification information such as the time stamp each time additional recording is performed, and the processing efficiency for verifying the existence and integrity of the electronic document is improved. There is an effect that it can be improved.

According to the second aspect of the invention, even when the electronic document is approved and confirmed many times, the generated authenticator information is updated and the previous authenticator information does not remain. Thus, it is possible to reduce the storage capacity.

Further, according to the second aspect of the present invention, it is not necessary to separately obtain the verification information such as the time stamp each time the approval / decision is made, and the processing for verifying the existence and completeness of the electronic document is performed. An effect that efficiency can be improved is exhibited.

Further, according to the invention of claim 3, the time information, the electronic document and the authenticator information thereof can be stored as one set, and the existence and completeness verification processing of the electronic document can be more efficiently performed. There is an effect that it can be performed in a targeted manner.

Further, according to the invention of claim 4, the authenticator information to be updated becomes a fixed-length hash value even when the additional recording, the decision and the decision are made plural times, and the storage capacity can be further reduced. Has the effect.

Further, according to the invention of claim 5, the authenticator information generated is updated and the previous authenticator information does not remain even if the electronic document is additionally written many times, so that the storage capacity is reduced. There is an effect that can be done.

Further, according to the invention of claim 5, it becomes unnecessary to separately request and receive verification information such as a time stamp through the network every time additional recording is performed, so that the existence and integrity of the electronic document can be maintained. The verification processing efficiency can be improved, and the load on the network can be reduced.

According to the invention of claim 6, the generated authenticator information is updated and the previous authenticator information does not remain even if the electronic document is approved and confirmed many times. Thus, it is possible to reduce the storage capacity.

Further, according to the invention of claim 6, there is no need to separately request and receive verification information such as a time stamp through the network each time a decision is made and confirmed. As a result, it is possible to improve the processing efficiency of the property verification and reduce the load on the network.

Further, according to the invention of claim 7, it is possible to easily verify whether or not the electronic document has been tampered with by using the authenticator information, and it is possible to perform the verification process more efficiently. Play.

According to the present invention, the time information based on the authenticator information, the electronic document and the authenticator information are stored as a set in a state inaccessible from an unspecified user terminal. Therefore, it is possible to perform the verification process of the existence and completeness of the electronic document more efficiently.

Further, according to the invention of claim 9, it is possible to easily verify the alteration of the electronic document stored in the access permitted area from an unspecified user terminal, and the electronic document in the access permitted area can be verified. It is possible to improve the processing efficiency of the existence and integrity verification of the.

Further, according to the invention of claim 10,
It is possible to easily verify the falsification of the electronic document in the access restricted area and to improve the processing efficiency of verifying the existence and integrity of the electronic document in the access restricted area.

According to the invention of claim 11,
Even when the additional writing, the approval and the confirmation are performed a plurality of times, the updated authenticator information has a fixed-length hash value, and the storage capacity can be further reduced.

Further, according to the invention of claim 12,
Even if the one-way function is changed to a new function at the timing when tampering with the electronic document is expected, the authenticator information, time information, and electronic document of the electronic document corresponding to the new one-way function are set in the access restricted area. Since it is generated, the one-way function can be easily changed.

Further, according to the invention of claim 13,
Even if the electronic document is additionally written many times, the generated authenticator information is updated and the previous authenticator information does not remain, so that the storage capacity can be reduced.

Further, according to the invention of claim 13,
It is not necessary to separately request and receive verification information such as time stamps via the network each time additional recording is made, and it is possible to improve the processing efficiency of the verification of the existence and integrity of electronic documents, and the load on the network. The effect of being able to reduce.

According to the invention of claim 14,
Even if the electronic document is approved and confirmed many times,
Since the generated authenticator information is updated and the previous authenticator information does not remain, the storage capacity can be reduced.

According to the invention of claim 14,
It is not necessary to separately request and receive verification information such as a time stamp via the network each time a decision is made and confirmed, and it is possible to improve the processing efficiency of the verification of the existence and integrity of electronic documents. It is possible to reduce the load on the.

Further, according to the invention of claim 15,
It is possible to easily verify whether or not the electronic document has been tampered with using the authenticator information, and it is possible to perform the verification process more efficiently.

According to the invention of claim 15,
The time information based on the authenticator information, the electronic document and the authenticator information can be stored as a set in an inaccessible state from an unspecified user terminal, and verification processing of the existence and integrity of the electronic document can be performed. The effect that it can be performed more efficiently is exhibited.

Further, according to the invention of claim 16,
It is possible to easily verify the tampering of an electronic document stored in the access permitted area from an unspecified user terminal, and improve the processing efficiency of the existence and completeness verification of the electronic document in the access permitted area. There is an effect that can be.

Further, according to the invention of claim 17,
It is possible to easily verify the falsification of the electronic document in the access restricted area and to improve the processing efficiency of verifying the existence and integrity of the electronic document in the access restricted area.

Further, according to the invention of claim 18,
There is an effect that the operation according to any one of claims 13 to 17 can be executed by a computer.

[Brief description of drawings]

FIG. 1 is a block diagram showing a functional configuration of an electronic verification device according to a first embodiment.

FIG. 2 (a) is an explanatory diagram showing an example of the content of a document input to a hash function, and FIG. 2 (b) is FIG. 2 (a).
FIG. 6 is an explanatory diagram showing an example of a hash value calculated from the document by a hash function. FIG. 2C is an explanatory diagram showing an example of falsification of the document of FIG. 2A and an example of hash values of the falsified document.

FIG. 3A is an explanatory diagram showing a structure of an electronic document, and FIGS. 3B and 3C are explanatory diagrams showing a structure of an electronic document to which additional write information is added.

FIG. 4 is a flowchart showing a procedure of additional writing, approval / confirmation processing by the electronic verification device according to the first embodiment.

FIG. 5 is an explanatory diagram showing storage states in an access permitted area and an access restricted area of the electronic verification device according to the first embodiment.

FIG. 6 is a flowchart showing a procedure of verification processing of existence and integrity of an electronic document stored in an access permitted area by the verification unit of the electronic verification device according to the first exemplary embodiment;

FIG. 7 is a flowchart showing a procedure of verification processing of existence and integrity of an electronic document stored in an access restricted area by a verification unit of the electronic verification device according to the first exemplary embodiment;

FIG. 8 is a network configuration diagram of an electronic verification system including an electronic verification device according to a second embodiment.

FIG. 9 is a block diagram showing a functional configuration of an electronic verification device according to a second embodiment.

FIG. 10 is a flowchart showing a procedure of additional writing, approval / confirmation processing by the electronic verification device according to the second embodiment.

FIG. 11 is a flowchart showing a procedure of verification processing of existence and integrity of an electronic document stored in an access restricted area by a verification unit of the electronic verification device according to the second exemplary embodiment;

FIG. 12 is a flowchart illustrating a procedure of hash function update processing by a hash function update unit of the electronic verification device according to the second embodiment.

[Explanation of symbols]

100,800 Electronic verification device 101,901 Voucher processing unit 102,902 Append processing unit 103,903 Approval / confirmation processing unit 104,904 Hash value calculation unit 105,905 Storage processing unit 106,906 Verification unit 110 HD (hard disk) 111 Access permitted area 112 Restricted access area 301,302 additional information 801 user terminal 802 Timestamp server 803 Time management server 810 Internet 820 Ethernet (registered trademark) 907 Hash function update unit 908 time stamp acquisition unit 909 Transmitter / receiver

Claims (18)

[Claims] 1. An electronic verification device for verifying whether or not an electronic document having additional information added to an original electronic document is tampered with, by applying a data compression type encryption process to the specified electronic document,
Authenticator generating means for generating authenticator information for the designated electronic document; storage means for storing the electronic document and authenticator information generated corresponding to the electronic document; and additional information to the electronic document Each time an asterisk is added, an electronic document to which additional information is added is specified, new certifier information is generated by the certifier generating unit, and the certifier information and the electronic document stored in the storage unit are combined. A write-once processing means for updating with an electronic document to which the new authenticator information and the additional write-on information are attached; and a verifying authenticator information by the authenticator generating means by designating an electronic document stored in the storage means. And a verification means for verifying whether or not the electronic document stored in the storage means has been tampered with, based on the authenticator information and the verification authenticator information stored in the storage means. Equipment An electronic verification device characterized by the above. 2. Every time the approval / confirmation information is added to the electronic document, a new authenticator information is generated by the authenticator generating means by designating an electronic document to which the approval / confirmation information is added. And further comprising an approval / confirmation processing means for updating the authenticator information and the electronic document stored in the storage means with the electronic document to which the new authenticator information and the approval / confirmation information are added. The electronic verification device according to claim 1, which is characterized in that. 3. A current time information and the final The electronic document to which the additional information or the approval / confirmation information is attached, and the authenticator information for the final additional information or the electronic document to which the approval / confirmation information is attached are further stored in the storage means. The electronic verification device according to claim 2, wherein the electronic verification device is provided. 4. The authenticator generating means performs a data compression encryption process on the designated electronic document, and calls a one-way function that generates a fixed-length hash value as the authenticator information. The electronic verification device according to claim 1. 5. An electronic verification device that verifies whether or not an electronic document, which has additional information added to an original electronic document, has been tampered with in response to a request from one or more user terminals connected to a network. Data compression encryption processing is applied to the electronic document,
Authenticator generating means for generating authenticator information for the designated electronic document, storage means for storing the electronic document and authenticator information generated corresponding to the electronic document, and additional information is added. Each time an electronic document is received from the user terminal, the electronic document to which the additional record information is added is designated to generate new authenticator information by the authenticator generating means, and the authenticator stored in the storage means. A write-once processing means for updating the information and the electronic document with an electronic document to which the new authenticator information and the additional write-on information are attached; and an authenticator generating means by designating an electronic document stored in the storage means. Whether or not the electronic document stored in the storage means is falsified based on the authenticator information and the verification authenticator information stored in the storage means. Electronic verification apparatus characterized by comprising a verification means for verifying. 6. Every time an electronic document with approval / confirmation information is received from the user terminal, an electronic document with approval / confirmation information is designated and new authenticator information is generated by the authenticator generating means. And a certification / confirmation processing means for updating the authenticator information and the electronic document stored in the storage means with the electronic document provided with the new certification information and the approval / confirmation information. The electronic verification device according to claim 5, further comprising: 7. The storage means has an access permitted area in which access is possible from an unspecified user terminal, and an access restricted area in which access only from a specified user terminal is allowed. 7. The electronic verification device according to claim 5, wherein the electronic document is stored in a permissible area, and the authenticator information is stored in the access restricted area. 8. The current time based on the authenticator information after completion of the postscript processing for the electronic document with the final postscript information or the approval / finalization process for the electronic document with the final postscript / decision information. Time information acquisition means for receiving information from a time server connected to a network, time information received by the time information acquisition means, and an electronic document to which the final postscript information or the final approval / confirmation information is attached And a save processing unit that saves the final recordable information or the authenticator information for the electronic document to which the final approval / confirmation information is attached in the access restricted area. Item 7. The electronic verification device according to Item 7. 9. The verification means specifies an electronic document stored in the access permitted area, generates verification authenticator information by the authenticator generation means, and stores the verification authenticator information in the access restricted area. Comparing the authenticator information with the verification authenticator information, and determining that the electronic document has been tampered with when the authenticator information and the verification authenticator information do not match. Item 7. The electronic verification device according to Item 7 or 8. 10. The verification means verifies the time information by a predetermined protocol based on the authenticator information, the electronic document, and the time information stored in the access restricted area. 9. The electronic verification device according to claim 7, wherein the electronic verification device verifies whether the electronic document stored in the access restricted area has been tampered with. 11. The authenticator generating means performs a data compression type encryption process on the designated electronic document and calls a one-way function for generating a fixed-length hash value as the authenticator information. The electronic verification device according to any one of claims 5 to 10. 12. The first authenticator information is generated from the electronic document stored in the access permitted area by a new one-way function different from the one-way function and stored in the access restricted area, Second authenticator information is generated from the electronic document stored in the access restricted area by the storage processing unit by the new one-way function, and time information is output from the time server based on the second authenticator information. 12. The electronic verification device according to claim 11, further comprising a function updating unit that acquires the acquired time information and the acquired second authenticator information in the access restricted area. 13. An electronic verification method for verifying, according to a request from one or a plurality of user terminals connected to a network, whether or not an electronic document having additional information added to an original electronic document has been tampered with. Data compression encryption processing is applied to the electronic document,
An authenticator generating step of generating authenticator information for the specified electronic document; and specifying an electronic document with the additional record information every time an electronic document with additional record information is received from the user terminal. A write-once processing step of generating new authenticator information and updating the authenticator information and the electronic document stored in the storage means with the electronic document to which the new authenticator information and the additional write information are attached, Verification authenticator information is generated from an electronic document stored in the storage means, and stored in the storage means based on the authenticator information and the verification authenticator information stored in the storage means. An electronic verification method comprising: a verification step for verifying whether or not an existing electronic document has been tampered with. 14. Every time an electronic document with approval / confirmation information is received from the user terminal, new authenticator information is generated from the electronic document with approval / confirmation information and stored in the storage means. 14. An approval / confirmation processing step of updating the certified authenticator information and the electronic document by the electronic document to which the new authenticator information and the approval / confirmation information are added, further comprising: Electronic verification method described in. 15. The storage means stores the electronic document, stores an access permitted area in which the unspecified user terminal can access, and the authenticator information, and accesses from the specified user terminal. Only after the completion of the postscript processing for the electronic document with the final postscript information or the final approval / finalization process for the electronic document with the final postscript approval / confirmation information, the authentication is performed. A time information acquisition step of transmitting a current time acquisition request based on the child information to a time server connected to the network and managing time, and receiving the time information from the time server, and received by the time information acquisition step Time information, an electronic document with the final postscript information or the final approval / confirmation information, the final postscript information or the electronic document The electronic verification method according to claim 13 or 14, further comprising: a storage processing step of storing, in the access restricted area, authenticator information for the electronic document to which the final approval / confirmation information is attached. . 16. The verification step generates verification authenticator information from an electronic document stored in the access permitted area, and the authenticator information and the verification authenticator stored in the access restricted area. 16. The electronic verification method according to claim 15, wherein the information is compared with each other, and when the authenticator information does not match the verification authenticator information, it is determined that the electronic document has been tampered with. 17. The verification step comprises verifying time information by a predetermined protocol based on the authenticator information, the electronic document, and the time information stored in the access restricted area. 17. The electronic verification method according to claim 15, further comprising verifying whether the electronic document stored in the access restricted area has been tampered with. 18. A program for causing a computer to execute the method according to any one of claims 13 to 17.