JP3868171B2 - Document digital signature management method and document management apparatus - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a computerized document data management system using a computer apparatus, and more particularly to a method and apparatus for managing a structured document by adding a digital signature.
[0002]
[Prior art]
With the full-fledged progress of the information society, digitized document data created using word processors, personal computers, and the like is increasing at an explosive rate.
Along with the digitization of documents, instead of the conventional method of writing a signature on a paper document, a technique called a digital signature that gives electronic data called an electronic signature to an electronic file has begun to be used.
[0003]
The digital signature is a technique for proving that the creator of the document is the person himself / herself and that the content of the document is a legitimate one that has not been tampered with, and mainly uses an asymmetric cryptosystem.
As an example, an example of a digital signature using an electronic signature verification method will be described with reference to FIG.
In this method, first, the signer applies a one-way hash function to the file 101 to which a signature is to be added, compresses the file size, and generates a compressed file 102.
Further, the compressed file 102 is encrypted using a public key encryption private key, and an electronic signature (signature) 103 is generated.
The signer distributes the original file 101 and the electronic signature 103 as a set as a signature sentence with a signature.
[0004]
The authenticator receives a distributed file 104 that is a copy of the file 101 and a distributed electronic signature 105 that is a copy of the electronic signature 103.
Next, the authenticator applies the same one-way hash function that the signer used to compress the file 101 to the file 104 to compress the file size, and generates a compressed file 106.
In addition, the electronic signature 105 is decrypted using the public key of the certifier, and the decrypted file 107 is generated.
Next, the authenticator compares the contents of the file 106 and the file 107.
If both contents match, the file 104 is certainly created by the signer, and it is proved that the contents have not been changed since the time of signing.
[0005]
Digital signatures are described in detail, for example, in 4.6.7.2 of "Distributed Computing Environment-Implementation and Strategy-" (Raman Khanna, 1996, Prentice Hall Publishing).
Further, as a conventional technique related to a digital signature, there is an invention disclosed in Japanese Patent Application Laid-Open No. 9-311854 (hereinafter referred to as known example 1).
The present invention has a function of generating a digital signature from a document file, a function of transmitting and receiving a document file and a digital signature separately, and a function of authenticating a signature.
According to the present invention, a single file can be generated, transmitted / received, and authenticated to prove the identity as binary data.
[0006]
In addition, the digitization of documents takes the stage of simple mere cleansing means, creates documents that play an important role in the organization's business (mission critical documents) electronically, and manages the entire business that handles those documents. By making it digital, it is moving in the direction of realizing a significant improvement in business efficiency.
Such mission-critical documents are created as structured document data that can be easily machined using a document description language such as SGML (Standard Generalized Markup Language) or XML (eXtensible Markup Language). Various processes such as data extraction, creation of derived documents, and reuse by changing the display format are possible.
These document management systems that handle mission-critical structured documents have functions for storing and managing structured documents, referring to structure information, editing and revising document contents, managing version history, and the like.
In a document management system that handles mission critical documents centering on structured documents, it is desirable to have a function of adding a digital signature to a structured document and managing it as part of the security function.
[0007]
Here, the SGML document will be described with reference to FIG.
In SGML, a physical unit of data that constitutes a document (such as that stored in a file in a normal computer system) is called an entity.
An SGML document is a compound document composed of one or more text entities and an arbitrary number of binary entities (such as diagram data).
The SGML document shown in FIG. 2 is composed of four text entities and one binary entity.
In SGML, text entities that are the starting point for parsing are called SGML document entities, and other text entities and binary entities are referenced from there.
[0008]
In FIG. 2, entity 201 (file “doc.sgm”) is an SGML document entity, entity 202 (file “part1.sgm”), entity 203 (file “note.sgm”), and entity 205 (file “doc.sgm”). dtd ") is a text entity, and entity 204 (file" fig1.bmp ") is a binary entity.
In this example, SGML document entity 201 refers to other entities 202, 203, 204, and 205.
The text entity 203 is also referenced from the entity 202.
That is, the text entity 203 is referenced from both the entities 201 and 202 and is shared between the two.
Each entity is also called a document part in the sense of a part that constitutes an SGML document.
SGML documents have a single hierarchical logical structure throughout the document, and can be represented by a tree model.
FIG. 3 shows the logical structure of the SGML document shown in FIG. 2 as a tree structure.
In SGML, a mark called a tag is used as a mark indicating the range of each logical structure.
The name of the elements that make up the logical structure (element type name) <> And ">" enclosed in start tag, string " What is surrounded by </ "and">"is called an end tag, and the part enclosed by the start tag and end tag is the content of the element.
The tree structure shown in FIG. 3 is called an SGML document analysis tree.
In FIG. 3, an elliptical node represents an element, and a rectangular node represents content data (analyzed character string data or non-SGML data).
In the figure, each range surrounded by a dotted line represents a set of nodes.
Here, the node set 301 corresponds to the SGML document entity 201, the node set 302 corresponds to the text entity 202, the node sets 303 and 304 correspond to the text entity 203, and the node set 305 corresponds to the data entity 204.
As indicated by the correspondence between entities and node sets, the logical structure of the SGML document is obtained by expanding the content of the entity called by the entity reference to the call position and parsing the resulting expanded text. It is done.
[0009]
Unlike a simple file management system, a document management system with a structured document management function analyzes the logical structure of a registered document and divides the elements in the form of the analysis tree shown above. It is possible to provide fine-grained access to logical structural units.
Thus, a structured document can be composed of a plurality of entities in which text and binary data are mixed.
It is also possible to express a logical structure.
[0010]
SGML has meta information called document type definition (DTD) that defines the logical structure of a document.
The areas indicated by 206 and 207 in FIG. 2 are the document type definition of this document.
With this document type definition, a structured document can be created while maintaining the consistency of the logical structure of the entire document.
Documents that conform to the document type definition can be referenced and edited using a dedicated SGML processing system such as an SGML browser or SGML editor.
For example, in FIG. 3, when it is desired to edit the content character strings of the node sets 303 and 304, even if information corresponding to the node set 303 is simply extracted from the database as the text entity 203, the file of the text entity is a document. Since it does not contain a type declaration, it cannot be viewed with an SGML browser.
[0011]
As a method of avoiding this problem, a method of extracting not only the target entity but also the entire SGML document including the entity as a part from the database can be considered.
However, in this method, not only the target entity but all the entities are extracted from the database. Therefore, if the target document is a large document such as a manual or a book, it will be extracted and parsed after extraction. The time required is enormous, and a large amount of memory is required for parsing.
Therefore, the performance and the memory capacity are greatly affected, which is not practical.
As another workaround for the above problem, there is a method of extracting the target portion as a partial document in a closed format as an SGML document.
[0012]
As an invention for extracting and handling a part of an SGML document, there is an invention disclosed in Japanese Patent Application Laid-Open No. 10-143507 (hereinafter referred to as known example 2).
The invention shown in the known example 2 includes the following mechanism.
(1) A mechanism for storing SGML documents in element units and managing each element in association with meta information in the document type definition
(2) A mechanism that enables parsing of only the relevant part independently by temporarily generating a document type definition for partial editing corresponding to the part to be edited in the SGML document.
(3) Deletion of top-level element being edited, change of tag (generic identifier), and new before / after editing within the range that does not violate the document type definition for partial editing while allowing the upper element and the preceding and following elements to be editable Mechanism that allows additional elements to be added
With the above mechanism, it is possible to generate a document type definition corresponding to a partial range to be edited, and to output a partial document in that range in an editable format.
However, in order to validate the digital signature, it is necessary to take out the document to be signed with exactly the same content as at the time of registration, but the partial document obtained in the above-mentioned well-known example 2 is different from the content at the time of registration. The digital signature technique of the known example 1 cannot be applied.
[0013]
An invention disclosed in Japanese Patent Application No. 10-360110 (hereinafter referred to as well-known example 3) is an invention that holds each entity constituting a structured document as original data and enables reference of a logical structure. There is.
The invention of the known example 3 stores both the analyzed logical structure data and the physical structure data in the database at the time of document registration, and manages the correspondence between them, thereby accessing the analyzed logical structure data of the document, In addition, it is possible to retrieve and edit entities as they are in the original data.
Since the entity acquired in the known example 3 is the original data, the digital signature of the known example 1 can be applied.
However, since the entity acquired in the known example 3 does not include an SGML document entity that is essential when handled as an SGML document, it cannot be used as an SGML document.
[0014]
[Problems to be solved by the invention]
Although a method of adding a signature to a single file and managing it for the purpose of preventing falsification of the document and proof of authenticity by the prior art of the above-mentioned known example 1, a method for managing a signature for a structured document is shown. Is not shown.
An object of the present invention is to associate and manage a digital signature with a structured document.
Next, according to the invention shown in the known example 2, a partial document can be generated and extracted from a part of the logical structure of the SGML document and edited. In this known example, the entity structure of each SGML document and each entity It is not considered to maintain the contents as text, and a specific entity cannot be extracted as it is at the time of registration.
The invention shown in the above-mentioned well-known example 3 holds and manages the data of both the logical structure and the entity structure of the structured document, but can extract the contents of the entity as an SGML document that can be referred to and edited independently. Is not prepared.
Therefore, either of the known example 2 and the known example 3 or a combination thereof, one of the entities constituting the registered SGML document is externalized in the form of an independent SGML document without changing its contents. In addition, after editing the extracted SGML document, it is not possible to update the database by associating the contents of the changed entity with the signature for the contents.
Also, the digital signature gives an electronic signature to the file. If even one character of the file contents is changed, it is detected that the file has been tampered with.
Therefore, if each entity of the compound document is managed by adding a signature, in order to retrieve, refer to, edit, and update these entities individually, the specified entity must be externally changed without changing any character. It must be able to re-register the edited content (and the signature attached to the updated content) of the entity without taking out, referencing and editing, and affecting other entities.
Another object of the present invention is to extract an individually specified entity to the outside without changing any character, and to reference / edit it, and to edit the content after editing the entity (and without affecting other entities) The signature added to the updated content) can be re-registered.
[0015]
[Means for Solving the Problems]
In order to achieve the above object, the present invention provides:
A document digital signature management method in a document management system comprising a processing device, a storage device, and an input / output device,
The process of registering a document in the processing device is performed for each document part constituting the document.
A step of reading the content data of the designated document part and storing it in the storage means; a step of reading an electronic signature corresponding to the designated document part and storing it in the storage means; and the content data of the stored document part and the electronic signature Storing the electronic signature correspondence data indicating the correspondence relationship in the storage means, and the document part group management step of managing these document parts groups for each document in the storage means,
The process of referring to the document in the processing device is
A step of reading out and outputting content data of a document part to be referenced from the storage means, and a step of reading out and outputting an electronic signature corresponding to the document part to be referenced from the storage means using the electronic signature correspondence data Have
The process of updating the document in the processing device includes:
The step of referring to the content data of the document part to be updated and the electronic signature of the document part by the same process as the process of referring to the document, the step of reading the content data of the edited / updated document part, and the read Replacing the content data of the document part stored in the storage means with the content data, reading an electronic signature corresponding to the content data of the edited / updated document part, and stored in the storage means The step of replacing the electronic signature with the read electronic signature and the electronic signature correspondence data indicating the correspondence between the content data of the updated document part and the updated electronic signature are stored in the storage unit. A step of replacing the electronic signature correspondence data is provided.
[0016]
Further, a management method with a digital signature of a document in a document management system including a processing device, a storage device, and an input / output device,
The process of registering a document in the processing device is performed for each document part constituting the document.
A step of reading the content data of the designated document part and storing it in the storage means, a step of generating an electronic signature from the read content data using the signer's private key, and storing the generated electronic signature in the storage means Storing in the storage means electronic signature correspondence data indicating the correspondence between the content data of the stored document parts and the electronic signature, and storing the document parts group together for each document. Has a document parts group management step to manage,
The process of referring to the document in the processing device is
A step of reading out and outputting the content data of the document part to be referred to from the storage means, the public key of the signer, the content data of the document part read from the storage means using the electronic signature correspondence data, and the storage means A step of authenticating the signature with respect to the electronic signature read from
The process of updating the document in the processing device includes:
By reading the content data of the document part to be updated and authenticating the signature by the same process as the process of referring to the document, by reading the content data of the edited / updated document part, and by the read content data A step of replacing the content data of the document part stored in the storage means, an electronic signature generation step of generating an electronic signature from the read content data using a signer's private key, and a storage means The step of replacing the stored electronic signature with the generated electronic signature and the electronic signature correspondence relationship data indicating the correspondence relationship between the content data of the updated document part and the updated electronic signature in the storage means A step of replacing the electronic signature correspondence data stored in the electronic signature.
[0017]
Further, a management method with a digital signature of a document in a document management system including a processing device, a storage device, and an input / output device,
The process of registering a document in the processing device is performed for each document part constituting the document.
The step of reading the content data of the designated document part and storing it in the storage means, the step of reading the electronic signature corresponding to the designated document part and storing it in the storage means, the content data of the stored document part and the electronic signature The step of storing the electronic signature correspondence relationship data indicating the correspondence relationship in the storage means, the document component group management step for managing these document parts groups for each document and managing them in the storage means, and the parsing of the registration target document Performing the step of extracting the logical structure of the document with reference to the result of the parsing and storing the analyzed logical structure data in the storage means; and referring to the analyzed logical structure data to The correspondence between the logical structure and the physical structure is extracted, and the physical logic between each entity (document part) constituting the document and the partial range in the logical structure data is extracted. Comprising the step of storing the response related data in the storage means,
The process of referring to the document in the processing device is
A step of reading out and outputting content data of a document part to be referenced from the storage means, and a step of reading out and outputting an electronic signature corresponding to the document part to be referenced from the storage means using the electronic signature correspondence data Generating a document structure definition having an entity (document part) to be output with reference to the analyzed logical structure data, the generated document structure definition, and the analyzed logical structure data And generating and outputting a document entity that refers to the entity (document part) to be output as document contents, and the entity (document part) to be output with reference to the analyzed logical structure data. ) Read content data of entities (document parts) directly or indirectly referenced from the storage means Comprising the step of outputting,
The process of updating the document in the processing device includes:
A step of performing a process similar to the process of referring to the document with respect to an update target document part, and all logical structure partial ranges corresponding to the updated entity (document part) with reference to the physical logical correspondence data A corresponding sub-range set determining step for obtaining a set of documents, a step of reading the content data of the edited / updated document part, and replacing the content data of the document part stored in the storage means by the content data; Reading the electronic signature corresponding to the updated content data of the document part, replacing the electronic signature stored in the storage means with the electronic signature, and updating the updated content data of the document part The electronic signature correspondence data stored in the storage means is stored by electronic signature correspondence data indicating the correspondence with the electronic signature. A step of performing syntax analysis of the updated entity (document part) content data, and extracting logical structure data contained in the updated entity (document part) with reference to the result of the syntax analysis And replacing the logical structure data corresponding to all the logical structure partial ranges obtained in the corresponding partial range determination step stored in the storage means by the extracted logical structure data, and referring to the result of the parsing Then, the correspondence between the logical structure and physical structure of the update target entity (document part) is extracted, and the correspondence data between the update target entity (document part) and the partial range in the logical structure data is stored in the storage means. There is a step of storing.
[0018]
Further, a management method with a digital signature of a document in a document management system including a processing device, a storage device, and an input / output device,
The process of registering a document in the processing device is performed for each document part constituting the document.
A step of reading the content data of the designated document part and storing it in the storage means; a step of reading an electronic signature corresponding to the designated document part and storing it in the storage means; and the content data of the stored document part and the electronic signature Storing in the storage means electronic signature correspondence data indicating the correspondence between the document, a document parts group management step for managing the document parts group for each document in the storage means, and parsing the document to be registered The logical structure of the document is extracted by referring to the result of the parsing, and the document description in the document description language in the document description language is added to the content character string and the structure information included in the document. A step of storing the analyzed logical structure data including all the syntax information necessary for reproduction in the storage means, and a registration target with reference to the result of the syntax analysis The correspondence between the logical structure and the physical structure of the document is extracted, and physical logical correspondence data between each entity (document part) constituting the document and a partial range in the logical structure data is stored in the storage means. Has steps,
The process of referring to the document in the processing device is
For the document part to be referred to, reading the analyzed logical structure data from the storage unit, referring to the analyzed logical structure data, generating and outputting content data of the original entity (document part); Using the electronic signature correspondence data, and reading out and outputting an electronic signature corresponding to the document part to be referenced from the storage means,
The process of updating the document in the processing device includes:
For the document part to be updated, reading the analyzed logical structure data from the storage means, referring to the analyzed logical structure data, generating and outputting content data of the original entity (document part); Using the electronic signature correspondence data, a step of reading out and outputting an electronic signature corresponding to a document part to be referred to from a storage unit; and referring to the physical logical correspondence data and the updated entity (document part) ) Corresponding partial range set determination step for obtaining a set of all logical structure subranges corresponding to), a step of parsing the content data of the updated entity (document part), and a result of the parsing The logical structure data included in the updated entity (document part) is extracted, and the extracted entity ( The logical structure data corresponding to all the logical structure partial ranges obtained in the corresponding partial range determination step is replaced with the analyzed logical structure data including the content character string, structure information, and syntax information included in the book part). The correspondence between the update target entity (document part) logical structure and the physical structure is extracted with reference to the step and the result of the parsing, and the update target entity (document part) and the partial range in the logical structure data are extracted. Replacing the physical logical correspondence data stored in the storage means with the corresponding relation data, and reading an electronic signature corresponding to the contents data of the edited / updated document part. Replacing the electronic signature stored in the document, the updated content data of the document part, the updated electronic signature, By an electronic signature correspondence data indicating the correspondence between, and to have a step of replacing the digital signature correspondence data stored in the storage means.
[0019]
Further, the process of referring to the document in the processing device is
A step of generating a document structure definition that defines the structure of a structured document having an entity (document part) as an output target with reference to the analyzed logical structure data, the document structure definition, and the analyzed Referring to the logical structure data, generating and outputting a document entity that refers to the output target entity (document part) as the document content, and directly or indirectly referring from the reference target entity (document part) And generating the content data of the entity (document part) according to the original document with reference to the analyzed logical structure data, and outputting the entity (document part) group,
The process of updating the document in the processing device is
Generating a document structure definition that defines a structure of a structured document having an entity (document part) to be updated with reference to the analyzed logical structure data; the document structure definition; and the analyzed structure Referencing the logical structure data, generating and outputting a document entity that refers to the entity (document part) to be updated as document contents, and directly or indirectly referring to the entity (document part) to be referenced For the group of entities (document parts) to be processed, the content data of the entities (document parts) according to the original document is generated with reference to the analyzed logical structure data and output.
[0020]
The document management device includes a processing device, a storage device, and an input / output device, and stores and manages a document composed of a plurality of document parts.
The processing device for registering a document, for each document part constituting the document,
Means for reading and storing the content data of the designated document part in the storage means, means for reading and storing the electronic signature corresponding to the designated document part in the storage means, the content data of the stored document part and the electronic signature; A means for storing the electronic signature correspondence data indicating the correspondence relationship in the storage means, and a document parts group management means for managing these document parts groups for each document in the storage means,
The processing device for referring to a document;
Means for reading out and outputting content data of a document part to be referenced from the storage means; and means for reading out and outputting an electronic signature corresponding to the document part to be referenced from the storage means using the electronic signature correspondence data With
The processing device for updating a document comprises:
Means for referring to the content data of the document part to be updated and the electronic signature of the document part, and means for reading the content data of the edited / updated document part by the same process as the process of referring to the document; Means for replacing the content data of the document part stored in the storage means with the content data, means for reading an electronic signature corresponding to the content data of the edited / updated document part, and stored in the storage means The means for replacing the electronic signature with the read electronic signature, and the electronic signature correspondence data indicating the correspondence between the content data of the updated document part and the updated electronic signature are stored in the storage means. Means for replacing the electronic signature correspondence data is provided.
[0021]
A document management device for storing and managing a document composed of a plurality of document parts, comprising a processing device, a storage device, and an input / output device;
The processing device for registering a document, for each document part constituting the document,
Means for reading the content data of the designated document part and storing it in the storage means, means for generating an electronic signature from the read content data using the signer's private key, and storing the generated electronic signature in the storage means Means for storing the electronic signature correspondence data indicating the correspondence between the content data of the stored document parts and the electronic signature in the storage means, and storing the document parts group together for each document. Document part group management means to manage inside,
The processing device for referring to a document;
Means for reading out and outputting the content data of the document part to be referred to from the storage means, the public key of the signer, the content data of the document part read from the storage means using the electronic signature correspondence data, and the storage means A means for authenticating the signature with respect to the electronic signature read from
The processing device for updating a document comprises:
By means of reading the content data of the document part to be updated and authenticating the signature by the same process as the process of referring to the document, means for reading the content data of the edited / updated document part, and by the read content data A means for replacing the content data of the document part stored in the storage means, an electronic signature generation means for generating an electronic signature from the read content data using a signer's private key, and a storage means In the storage means, the means for replacing the stored electronic signature with the generated electronic signature and the electronic signature correspondence data indicating the correspondence between the content data of the updated document part and the updated electronic signature Means for replacing the electronic signature correspondence data stored in the electronic signature.
[0022]
Also, a computer-readable recording medium recording a document management program,
The document management program
For each document part constituting the document as document registration processing,
A procedure for reading and storing the content data of the designated document part in the storage means, a procedure for reading and storing the electronic signature corresponding to the designated document part in the storage means, the content data of the stored document part, and the electronic signature; A procedure for storing the electronic signature correspondence data indicating the correspondence relationship in the storage means, and a document parts group management procedure for managing these document parts groups for each document in the storage means,
As document reference processing,
A procedure for reading out and outputting content data of a document part to be referenced from the storage means, and a procedure for reading out and outputting an electronic signature corresponding to the document part to be referenced from the storage means using the electronic signature correspondence data Have
As a document update process,
The procedure for referring to the content data of the document part to be updated and the electronic signature of the document part, the procedure for reading the content data of the edited / updated document part by the same process as the process of referring to the document, and the read A procedure for replacing the content data of the document part stored in the storage means with the content data, a procedure for reading an electronic signature corresponding to the content data of the edited / updated document part, and a procedure stored in the storage means The procedure of replacing the electronic signature with the read electronic signature, and the electronic signature correspondence relationship data indicating the correspondence relationship between the content data of the updated document part and the updated electronic signature, and stored in the storage unit A procedure for replacing the electronic signature correspondence data is provided.
[0023]
Also, a computer-readable recording medium recording a document management program,
The document management program
For each document part constituting the document as document registration processing,
A procedure for reading the content data of the designated document part and storing it in the storage means, a procedure for generating an electronic signature from the read content data using the signer's private key, and storing the generated electronic signature in the storage means A procedure for storing the electronic signature correspondence data indicating the correspondence between the content data of the stored document parts and the electronic signature in the storage means, and storing the document parts group together for each document. Has document part group management procedure to manage inside,
As document reference processing,
A procedure for reading out and outputting content data of a document part to be referenced from the storage means, a signer's public key, content data of the document part read from the storage means using the electronic signature correspondence data, and storage means A procedure for authenticating the signature of the electronic signature read from
As a document update process,
According to the procedure of reading the content data of the update target document part and authenticating the signature by the same process as the process of referring to the document, the procedure of reading the content data of the edited / updated document part, and the read content data , A procedure for replacing the content data of the document part stored in the storage means, an electronic signature generation procedure for generating an electronic signature from the read content data using a signer's private key, and a storage means In the storage means, the stored electronic signature is replaced by the generated electronic signature, and the electronic signature correspondence data indicating the correspondence between the content data of the updated document part and the updated electronic signature. The electronic signature correspondence relationship data stored in is replaced with a procedure.
[0024]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, a first embodiment to which the present invention is applied will be described with reference to the drawings.
First, the system configuration of the present embodiment will be described.
FIG. 4 is a diagram showing the overall configuration of the document management system in the first embodiment.
As shown in FIG. 4, the document management system includes a document management server 401, a document management client 402, a business processing system 403, and a network 404.
[0025]
The document management server 401 registers and stores managed documents and corresponding electronic signatures, references and updates the structure and content data of registered documents, searches for documents having specific attributes or content strings, and deletes registered documents The main processing related to document management is executed.
The document management client 402 provides a GUI (Graphical User Interface) for operating a document group managed by the document management server 401, and processes such as document registration, reference, update, and signature authentication according to instructions from the user. The command and data for performing the above are transferred to the document management server 401 via the network 404, and the command is executed.
The business processing system 403 transfers commands and data to the document management server according to instructions from the user in the same manner as the document management client 402, and executes the commands. Providing users with a dedicated GUI to execute
The network 404 is a local network (LAN) or a wide area network (WAN) and provides a means for connecting a plurality of computer devices and transferring commands and data to each other.
[0026]
4 shows a configuration example in which two computers, the document management client 402 and the business processing system 403, are used as clients for the document management server 401. However, the configuration may be such that only one client is used. You may take the structure more than a stand.
Further, the client may be only the document management client or only the business processing system.
In FIG. 4, the network 404 is used as means for transferring commands and data from the document management client 402 and the business processing system 403 to the document management server 401. Instead, a floppy disk, a magneto-optical disk, and a write-once optical disk are used. A configuration using a portable medium such as the above may be used, or a configuration using a portable medium and a network together may be used.
Alternatively, the client may be executed on the same computer as the document management server 401 and no data transfer may be performed.
[0027]
Hereinafter, a document management server that is an application target of the structured document management method according to the present invention and is a main component of the present embodiment, that is, 401 in FIG. 4 will be described.
FIG. 5 is a diagram showing the configuration of the document management server 401 in this embodiment.
A document management server 401 shown in FIG. 5 includes a display 501, a keyboard 502, a central processing unit (CPU) 503, a floppy disk drive 504, a floppy disk 505, a communication control device 506, a main memory 507, a magnetic disk device 508, and a system bus 509. Consists of
[0028]
A display 501 displays an execution status of processing in the server.
The keyboard 502 receives an input of a command for instructing activation / termination of the document management server.
The central processing unit 503 reads out and executes various programs constituting the server stored in the main memory 507.
The floppy disk drive 504 is used to read / write data from / to the floppy disk 505.
The floppy disk 505 is used for exchanging data with other systems such as a document to be registered.
The communication control device 506 communicates with the document management client 402 and the business processing system 403 via the network 404 and is used for exchanging commands and data.
The main memory 507 holds various programs and temporary data for executing processing in the server.
The magnetic disk device 508 is used as means for storing registered document data and various data used by the server for document management.
A system bus 509 connects these various devices to each other.
[0029]
In the main memory 507, a document registration control program 510, a document reference control program 511, a document update control program 512, a document space management program 513, a database management system 514, and an operating system 515 are held.
In the magnetic disk device 508, a document space database storage area 516, a program storage area 517, and a data file storage area 518 are secured.
The programs (510 to 513) held in the main memory 507 are transferred from the program storage area 517 by the operating system 515.
[0030]
The document registration control program 510 reads a registration target document and an electronic signature described using the document description language SGML from the floppy disk 505, the data file storage area 518, or the network 404, parses the document, and registers the registration target document. Are stored in the document space database storage area 516. The entity data, logical structure data, and the corresponding relationship between them, the electronic signature corresponding to the entity data of the registration target document, and the corresponding relationship between them are stored.
The document reference control program 511 reads the registered document entity data and / or electronic signature stored in the document space database storage area 516, extracts part or all of the information constituting the data, The data is output to the disk 505 or the data file storage area 518, or transferred to the requesting client (document management client 402 or business processing program 403) via the network 404.
The document update control program 512 performs a process of updating the data contents of the entity data, electronic signature, or both of the registered document stored in the document space database storage area 516.
[0031]
The document space management program 513 receives a command from the client (the document management client 402 or the business processing program 403) via the network 404, and corresponds to the type of the command, a document registration program 510, a document reference control program 511, Alternatively, the document update control program 512 is activated to execute processing according to the contents of the command.
In addition, a process for generating a folder object for classifying and organizing a registered document group and storing it in the document space database storage area 516, a process for deleting a part of the registered document from the document space database storage area 516, etc. This processing is executed by the document space management program 513 itself.
[0032]
The database management system 514 controls all processing related to data storage, update, deletion, and search for the document space database storage area 516.
All programs that access the document space database storage area 516 perform all processing via the database management system 514.
The operating system 515 provides basic functions for executing each program constituting the server on the computer, such as system startup / initialization and data transfer with various peripheral devices.
[0033]
The document space database storage area 516 is a database for storing data related to all documents registered in the server and all related data necessary for the server to manage documents.
The program storage area 517 stores all programs constituting the server.
The data file storage area 518 stores data files used by the operating system 515 or various utility programs executed on the server.
In this embodiment, the floppy disk 505 is used as a portable medium for exchanging data. However, another type of portable medium such as a magneto-optical disk or a write-once optical disk may be used.
In this embodiment, the document data and the document management data are stored in the database. However, these data may be stored in the data file storage area 518 as a file without using the database management system. .
[0034]
Next, a basic processing procedure of the document management system in the present embodiment will be described. FIG. 6 is a PAD (Problem Analysis Diagram) diagram showing a schematic processing procedure of the document space management program 513 that controls the operation of the entire document management system.
First, the document space management program 513 is activated by a server activation command or the like from the keyboard 502.
The program receives a command from a client (document management client 402 or business processing system 403) as a server and enters a loop for performing the processing (step 601).
This loop continues until a command to stop the server is input from the keyboard 502.
The loop of step 601 repeats the process of receiving a command from the client (step 602) and the process of determining the type of the received command and branching to a process corresponding to the type (step 603).
[0035]
In step 603, the type of the received command is determined, and one of the processes from step 604 to step 606 is selected and executed according to the type of the command.
Here, if the command is a command to request registration of a new document, the document registration control program 510 is executed to store the designated document in the document space database storage area 516 (step 604).
If the command is a command for requesting reference to content data of a specific registered document, the document reference control program 511 is executed to read the requested data from the document space database storage area 516, and The data is output to the floppy disk 505 or the data file storage area 518 or returned to the requesting client via the network 404 (step 605).
If the command is a command to update the content data of a specific registered document, the content of the registered document stored in the document space database storage area 516 is executed by executing the document update control program 512. Data is updated (step 606).
[0036]
Next, the operation procedure of the document registration control program 510 in this embodiment will be described. FIG. 7 is a PAD showing a schematic processing procedure of the document registration control program 510.
This program is called from the document space management program 513 in response to a command from a client requesting registration of a document.
When called, the program first obtains a list of entities constituting the registration target document as a call parameter (step 701).
Here, the list includes a resource name of a resource holding content data of each entity constituting the registration target document, a resource name of an electronic signature corresponding to each entity, and registration target documents from a plurality of entities. When configured, it contains information identifying which one is an SGML document entity.
The resource from which the entity content data and the electronic signature are obtained is a data file stored on the floppy disk 505 or the data file storage area 518, a network resource accessible via the network 404, or a document space database storage area 516. Registered entities and registered digital signatures stored in can be used.
As the resource name, if the resource is a data file, its path name, if it is a resource on the network, its location information (URL, etc.), if it is a registered entity or a registered electronic signature, the entity Specifies an entity identifier or an electronic signature identifier that uniquely distinguishes the URL from other registered entities.
[0037]
FIG. 8 shows a document parts list file 801 as an example of the list.
The document part list file 801 includes two types of entries, a DOCUMENT entry and a SYSTEM entry.
A DOCUMENT entry is an entry corresponding to an SGML document entity, and has two parameters starting with the keyword "DOCUMENT" and enclosed in double quotations.
The first parameter indicates the resource name (location information) of the SGML document entity in the registered document, and the second parameter indicates the resource name (location information) of the electronic signature corresponding to the SGML document entity. Yes.
A DOCUMENT entry 802 corresponds to the SGML document entity 201 of FIG.
An entry corresponding to an entity other than the SGML document entity is a SYSTEM entry, which has three parameters starting with the keyword "SYSTEM" and enclosed in double quotations.
The first parameter indicates the system identifier of the entity, the second parameter indicates the resource name (position information) of the entity, and the third parameter indicates the resource name (position of the electronic signature corresponding to the entity Information).
SYSTEM entries corresponding to the entities 202, 203, 204, and 205 in FIG. 2 are SYSTEM entries 803, 804, 805, and 806, respectively.
[0038]
Next, a document identifier for uniquely identifying the document to be registered is assigned (step 702).
Next, the syntax is analyzed starting from the SGML document entity of the registration target document (step 703).
In this parsing process, an entity identifier that uniquely identifies the entity is assigned to all entities other than the registered entity among the entities constituting the registration target document.
Further, in this parsing, data including information indicating the range of each entity is generated in addition to the logical structure information shown in FIG.
[0039]
Next, with reference to the entity list information obtained in step 701 and the data generated by the syntax analysis processing in step 703, for all entities constituting the registration target document, steps 705 to 711 are performed. This process is repeatedly executed (step 704).
Here, in step 705, it is determined whether or not the content data of the entity to be processed has already been registered.
If not registered, Steps 706 and 707 are executed.
Here, in step 706, the content data of the entity to be processed is read from the corresponding resource.
In step 707, the entity identifier correspondence table 901 that is a pair of the entity identifier of the entity to be processed and its content data, and the content data itself are stored in the document space database storage area 516 to register the entity. .
FIG. 9 shows an example in which each document part of the SGML document of FIG. 2 is stored.
[0040]
In step 708, it is determined whether the electronic signature corresponding to the entity to be processed has already been registered.
If not registered, Steps 709 and 710 are executed.
Here, in step 709, the electronic signature corresponding to the entity to be processed is read from the corresponding resource.
In step 710, an electronic signature identifier that uniquely identifies an electronic signature corresponding to an entity to be processed is assigned, and as shown in FIG. 10, an electronic signature identifier corresponding to a pair of the electronic signature identifier and the electronic signature is supported. The table 1001 and the electronic signature itself are stored in the document space database storage area 516 to register the electronic signature.
FIG. 10 shows an example in which an electronic signature corresponding to each document part of the SGML document of FIG. 2 is stored.
[0041]
In step 711, each record of the entity configuration table 1105 representing a list of registration target entities shown in FIG. 11 is generated and stored in the document space database storage area 516.
Here, FIG. 11 is a diagram showing a correspondence relationship between a registered document, a list of entities constituting the document, and analyzed logical structure data.
A description of the entity configuration table will be described later.
Next, in step 712, the analyzed logical structure data 1111 of the registration target document shown in FIG. 11 is generated with reference to the result of the syntax analysis processing in step 703.
In the present embodiment, the analyzed logical structure data is generated by referring to the result of the syntax analysis processing performed in step 703 in step 712. However, in step 703, the analysis has been performed in parallel with the syntax analysis processing. A processing procedure for generating logical structure data may be used.
Next, in step 713, a registered document list including a set of a document identifier 1102 assigned to a registration target document, a reference 1103 to the entity configuration table, and a reference 1104 to the analyzed logical structure data shown in FIG. 1101 is stored in the document space database storage area 516 to register the document, and the process ends.
[0042]
Next, the entity configuration table 1105 in FIG. 11 will be described.
The entity configuration table 1105 is data in which an entity type 1106, an entity name 1107, an entity identifier 1108, a resource name 1109, and an electronic signature identifier 1110 are collected in a tabular format for all entities constituting the registration target document.
Here, the item “entity type” indicates by a symbol whether the entity is a document entity (DOC), a text entity (TEXT), a non-SGML data entity (NDATA), or a document type definition (DTD).
The item “entity name” indicates an entity name used for referring to the entity in the registration target document as a character string.
However, if the entity is an SGML document entity or an external DTD referenced from the DOCTYPE declaration, this item is blank.
The item “entity identifier” indicates an entity identifier assigned to the entity.
The item “resource name” indicates the resource name of the resource holding the content data of the entity as a character string.
However, if the entity is a registered entity, this item is blank.
The item “electronic signature identifier” indicates an electronic signature identifier assigned to the electronic signature corresponding to the entity.
[0043]
FIG. 12 is a diagram showing a specific example of 1105 in FIG. 11, that is, an entity configuration table.
FIG. 12 shows the state of the entity configuration table generated as a result of parsing the SGML document shown in FIG.
The rows 1201, 1202, 1203, 1204, and 1205 in FIG. 12 correspond to the entities 201, 202, 203, 204, and 205 shown in FIG.
[0044]
FIG. 13 is a diagram showing the data structure of the analyzed logical structure data generated by referring to the result of the syntax analysis process in step 712 of the document registration control program 510.
In this figure, the analyzed logical structure data generated when the SGML document shown in FIG. 2 is processed as a registration target document is shown as an example.
As shown in FIG. 13, the analyzed logical structure data 1301 is expressed as a tree structure.
In FIG. 13, an elliptical node represents an element, and a character string in the node indicates an element type of the element.
A rectangular node represents content data, and a character string in the node indicates a type of content data (analyzed character string data PCDATA or non-SGML data NDATA).
A diamond-shaped node represents an entity transition, and a character string in the node represents an entity identifier.
Here, a part obtained by removing all subtrees rooted at a lower entity transition node from a subtree rooted at a certain entity transition node becomes a part included in the entity corresponding to the entity transition node. .
That is, the analyzed logical structure data generated by the document registration control program 510 of the present embodiment includes a correspondence relationship between the logical structure and the physical structure (entity configuration) in the form of an entity transition node.
In the example of FIG. 13, a part obtained by removing all subtrees rooted at the lower entity E0003 entity transition node from the subtree rooted at the entity transition node E0002 has contents in the entity corresponding to the entity transition node. Will be included as part. That is, the partial range 1302 surrounded by the chain line corresponds to the content of the entity E0002 (text entity 1202 shown in FIG. 12).
[0045]
Next, the operation procedure of the document reference control program 511 in this embodiment will be described.
FIG. 14 is a PAD diagram showing a schematic processing procedure of the document reference control program 511.
This program is called from the document space management program 513 in response to a command from a client that requests document reference.
[0046]
The program first obtains information on the entity to be referred to (step 1401).
Here, the information includes the document identifier and entity identifier for identifying the reference target entity, the resource name of the resource that is the output destination of the reference target entity, and the resource name of the resource that is the output destination of the corresponding electronic signature. Contains.
Further, as the resource to which the entity content data and the electronic signature are output, a data file stored on the floppy disk 505 or the data file storage area 518 or a network resource accessible via the network 404 can be used.
As the resource name, if the resource is a data file, its path name is specified, and if it is a resource on the network, its location information (URL or the like) is specified.
In step 1402, the content data of the entity designated as the reference target is read from the document space database storage area 516 with reference to the registered document list 1101, the entity configuration table 1105, and the entity identifier correspondence table 901, and the read data Is output to the output destination resource of the reference target entity obtained in step 1401.
The content data of the entity specified as the reference target is, for example, the SGML document entity 201 and the text entity 202 shown in FIG.
In step 1403, the entity structure table 1105 and the electronic signature identifier correspondence table 1001 are referred to obtain an electronic signature corresponding to the entity designated as a reference target, read out from the document space database storage area 516, and read out electronic The signature is output to the output destination resource of the electronic signature obtained in step 1401.
[0047]
In step 1404, the entity type 1106 of the entity configuration table 1105 is referred to determine the entity type of the reference target entity, and either of the processing in step 1405 or step 1407 is executed according to this type, or nothing is done. Select whether or not to execute.
Here, if an SGML document entity is designated, step 1405 is executed.
If a text entity is specified, step 1408 and step 1409 are executed.
If a non-SGML data entity is specified, do nothing.
[0048]
In step 1405, referring to the entity configuration table 1105, step 1406 is executed for all document parts registered in the configuration table.
In step 1406, the content data of the target entity is read from the document space database storage area 516, and the read data is output to the same directory as the output destination resource of the reference target entity obtained in step 1401.
However, the file name is the value of the resource name 1109 in the entity configuration table 1105.
[0049]
For example, when the SGML document entity 201 of FIG. 2 is designated as the SGML document entity, the content data of the entity output in the above step 1406 is each text entity pointed to by the arrow from the SGML document entity 201. Content data of 202, 203, 204, and 205.
[0050]
In step 1408, the analyzed logical structure data is referred to generate a temporary SGML document entity that refers to the entity designated as the reference target, and this is the same as the output destination resource of the reference target entity obtained in step 1401. Output to a directory.
The procedure for generating the temporary SGML document entity generated here will be described later with reference to FIG.
In addition, a file name that does not match a file name existing in the resource name 1109 list of the entity configuration table 1105 is generated, and this is used as a temporary SGML document entity file name.
In step 1408, referring to the entity configuration table 1105 and the analyzed logical structure data, step 1409 is repeatedly executed for document parts that are directly or indirectly referenced from the reference target entity.
Here, the document part referred to from the target entity is found by searching for the node of the entity reference while tracing the node of the tree structure corresponding to the reference target entity of the analyzed logical structure data.
In step 1409, the content data of the entity specified in step 1408 is read from the document space database storage area 516, and the read data is output to the same directory as the output destination resource of the reference target entity obtained in step 1401.
However, the file name is the value of the resource name 1109 in the entity configuration table 1105.
The content data of the entity output in the above step 1409 is, for example, the content data of the text entity 203 pointed to by the arrow from the text entity 202 when the text entity 202 of FIG. It is.
The process ends when step 1404 ends.
It should be noted that the digital signature may be authenticated by the external program of the output destination for the entity content data and the electronic signature output to the external area in steps 1402 and 1403.
As a result, it is possible to verify the authenticity of the entity output in this process.
[0051]
Next, details of step 1408 in FIG. 14, that is, processing for generating a temporary SGML document entity and outputting it to the external area with reference to the analyzed logical structure will be described.
FIG. 15 is a PAD diagram showing the procedure of this processing.
Here, the case where the text entity 202 in FIG. 2 is a reference target entity is taken as an example, and an SGML document entity to be generated is indicated by 1601 in FIG.
In step 1501, the analyzed logical structure data and the entity configuration table 1105 are referenced to generate the head part of the DOCTYPE declaration (part indicated by the area 1602).
Here, the element type name of the top-level element is an element type name that does not exist as an element type name included in the original document (an element type name that does not match the element type name included in the original document). Generate and use temporarily.
In step 1502, an element type declaration of the dummy element is generated.
This uses the analyzed logical structure data 1302 to generate, as a content model, the element type names of the highest-level nodes included in the logical structure corresponding to the reference target entity, separated by “,”. .
The top node included in the logical structure 1302 corresponding to the text entity 202 is two elements having the element type name sec.
Therefore, a content model is generated in which “(sec, sec)” in which the element types sec are separated by “,” and arranged, and the generated element type declaration is an element type shown in an area 1603 in FIG. Declaration.
[0052]
In step 1503, the contents of the internal DTD subset in the SGML document entity of the original document are copied. (Data generated by this step is an area 1604 in FIG. 16).
In step 1504, the end part of DOCTYPE declaration (part indicated by area 1605) is generated.
In step 1505, the start tag (part indicated by the area 1606) of the dummy element is generated.
In step 1506, an entity reference (portion indicated by the area 1607) to the reference target entity is generated.
In step 1507, the end tag of the dummy element (portion indicated by the area 1608) is generated.
In step 1508, the SGML document entity data generated by the processing from step 1501 to step 1507 is output.
The output destination and output file name are as shown in step 1407 above.
The process ends when step 1508 ends.
[0053]
Next, the operation procedure of the document update control program 512 in this embodiment will be described.
FIG. 17 is a PAD showing a schematic processing procedure of the document update control program 512.
This program is called from the document space management program 513 in response to a command from a client that requests document update.
In the process of updating the analyzed logical structure data corresponding to the selected entity shown in FIG. 17, in order to prevent the same analyzed logical structure data from being updated simultaneously by a plurality of users, the update target entity is first locked. Setting is made (step 1701).
Next, it is checked whether or not the setting of the lock is successful (step 1702). If the lock setting is successful, the update processing from step 1703 to step 1715 is executed.
If unsuccessful, an error code indicating that the lock has already been set and cannot be updated is returned, and the process is terminated (step 1716).
[0054]
In step 1703, the document component group and the electronic signature necessary for the update process are output to an editable area using an external program.
This step can be realized by the same procedure as the document reference processing shown in the PAD diagram shown in FIG.
However, “reference target entity” in FIG. 14 means “update target entity”.
In step 1704, the output contents data is edited by an external program (for example, SGML editor) and the end of generation of the electronic signature is awaited.
When the notification that the editing by the external program and the generation of the electronic signature have been completed is received, the process proceeds to step 1705.
In step 1705, the edited content data is read from the area output in step 1703, and the content data of the update target entity is replaced with the read data and stored in the document space database storage area 516.
In step 1706, the electronic signature corresponding to the update target entity is read from the external area, and the electronic signature to be updated is replaced with the read electronic signature and stored in the document space database storage area 516.
In step 1707, the entity identifier of the update target entity, the entity content data, and the set of the electronic signature and the electronic signature identifier are stored in the document space database storage area 516 to update the entity and the electronic signature.
[0055]
In step 1708, the type of the update target entity is determined.
If the update target entity is a document entity or a text entity, the processing from step 1709 to step 1711 is executed, and if it is a non-SGML data entity, step 1712 is executed.
Here, in step 1709, the entire document including the updated content data of the update target entity is parsed.
At this time, content data is read from the document space database storage area 516 for entities other than the update target entity.
In step 1710, referring to the result of the parsing process, partial analyzed logical structure data corresponding to the updated content data of the update target entity is generated.
In this embodiment, the result of the syntax analysis is temporarily generated. However, the analyzed logical structure data may be generated in parallel with the syntax analysis processing in the syntax analysis processing.
In step 1711, the set of the entity identifier assigned to the update target entity and the partially analyzed logical structure data is stored in the document space database storage area 516 to register the document.
In step 1712, the updated content data itself is set as a partial element of the partial analyzed logical structure data.
[0056]
Next, in Step 1713, the logical structure data of all registered documents is searched, and all entity transition nodes corresponding to the update target entity (holding the entity identifier of the update target entity) are detected.
Then, Step 1714 is repeatedly executed for all detected entity transition nodes.
Here, in Step 1714, the partial logical structure data subordinate to the selected entity transition node is replaced with the partial analyzed logical structure data set in Step 1710 or Step 1712, and this is replaced with the document space. By storing in the database storage area, the logical structure data of the registered document corresponding to the updated entity is updated.
Finally, in step 1715, the lock set for the update target entity is released, and the process ends.
[0057]
In this embodiment, a structured document described using SGML is processed as a registration target document. However, structured documents described using other document description languages such as XML and HTML are managed. You may comprise so that it may become object.
In addition, although this embodiment is described on the assumption that the document type definition (DTD) is used as the structure definition, not only the document type definition but also other types of document structure definitions such as XSchema and DCD (Document Content Description). It is good also as a structure using.
[0058]
According to the present exemplary embodiment, when a reference / update target entity is extracted from the document management server for a structured document including a plurality of entities, a corresponding electronic signature can be extracted at the same time.
By authenticating the digital signature at the extraction destination, the authenticity of the extracted entity can be proved.
Furthermore, when referring to / updating a text entity, a temporary SGML document entity that refers to the extracted entity is generated, and related document parts are also extracted at the same time.
As a result, the content of the reference / update target entity can be handled as an independent SGML document and referenced / edited by the SGML processing system of the extraction destination.
[0059]
Hereinafter, a second embodiment to which the present invention is applied will be described with reference to the drawings.
In this embodiment, the system configuration and data structure are the same as those in the first embodiment, but the processing procedure of the program is different from that in the first embodiment.
This embodiment is different from the first embodiment.
In the first embodiment, it is assumed that the electronic signature of each entity has already been generated outside the system at the time of creation, and that authentication and electronic signature generation at the time of reference / update are performed outside the system. It is said.
In contrast, in this embodiment, an electronic signature is generated and authenticated for a registered document in the system based on parameters such as user information and a secret key given from outside.
As a result, only the user who has the authentication key can refer to the registered document.
[0060]
FIG. 18 is a PAD showing the processing procedure of the document registration processing control program 510 in this embodiment.
The processing procedure of FIG. 18 corresponds to the processing of FIG. 7 in the first embodiment.
Only the differences from the document registration control program (FIG. 7) in the first embodiment will be described here.
Step 1801 is a process corresponding to step 701.
However, in step 701, the resource name of the electronic signature corresponding to each entity was obtained, whereas in step 1801, the signer's private key used when generating the electronic signature is obtained as a call parameter.
Other processes such as reading of entity content data are the same as in step 701.
The processing from step 1802 to step 1807 is the same as the processing from step 702 to step 707.
In step 1808, an electronic signature is generated using the content data of the processing target entity and the signer's private key acquired in step 1801.
The processing in step 1809 is the same as the processing in step 710.
The processing of step 1810, step 1811, and step 1812 is the same as the processing of step 711, step 712, and step 713.
[0061]
Next, PAD diagrams showing the processing procedure of the document reference control program 511 in this embodiment are shown in FIGS.
FIG. 34 is a PAD diagram showing a schematic processing procedure of the document reference control program 511. This program is called from the document space management program 513 in response to a command from a client that requests document reference.
In step 3401, first, a document identifier and an entity identifier for identifying an entity to be referred to are obtained.
In step 3402, the entity type 1106 of the entity configuration table 1105 is referred to determine the entity type of the reference target entity, and depending on this type, either the process of step 3403 or step 3404 is executed, or what Also select whether to execute. Here, if the SGML document entity is designated, Step 3403 is executed. If a text entity is specified, step 3404 is executed. If a non-SGML data entity is specified, do nothing.
In step 3403, the entity configuration table 1105 is referenced to return a list of entity identifiers of all document parts other than the SGML document entity. In step 3404, the entity configuration table 1105 and the analyzed logical structure data are referred to, and the node of the entity reference is searched by tracing the node of the tree structure corresponding to the reference target entity of the analyzed logical structure data. Find the document parts that are directly or indirectly referenced from and return a list of entity identifiers for those document parts.
[0062]
The processing procedure of FIG. 19 corresponds to the processing of FIG. 14 in the first embodiment. Here, only the difference from the document reference control program (FIG. 14) in the first embodiment will be described.
Step 1901 is a process corresponding to step 1401. However, in step 1901, the following information is obtained as a call parameter.
-The document identifier and entity identifier of the reference target entity, the signer's public key, and the resource name of the output destination resource
・ List of correspondence between entity identifier and signer's public key of entity group that is document part of reference target entity
Here, the information obtained in step 3403 (or step 3404) is used for the entity group that is the document part of the reference target entity and the entity identifier of each entity.
In step 1902, the content data of the entity designated as the reference target is read from the document space database storage area 516.
In step 1903, the electronic signature corresponding to the reference target entity is read from the document space database storage area 516.
In step 1904, the digital signature is authenticated using the read content data of the reference target entity, the read electronic signature, and the public key. If the authentication fails, an error code indicating that the authentication has failed is returned and the process is terminated (step 1905).
In step 1906, the content data of the reference target entity read from the document space database storage area in step 1902 is output to the output destination resource of the reference target entity acquired in step 1901.
The processing in step 1907 is the same as the processing in step 1404.
Step 1908 executes Step 1909 for all the document part entities specified by the parameters of Step 1901.
Step 1909 is processing for authenticating and extracting a target document part. The procedure of this process will be described later with reference to FIG.
The processing in step 1910 is the same as the processing in step 1408.
Step 1911 executes Step 1912 for all document part entities specified by the parameters of Step 1901.
Step 1912 is processing for authenticating and extracting a target document part. The procedure of this process will be described later with reference to FIG.
[0063]
Next, the details of Step 1909 and Step 1912 in FIG. 19, that is, the authentication / retrieval processing of the target entity will be described. FIG. 33 is a PAD diagram showing the procedure of this processing.
In step 3301, the content data of the target entity is read from the document space database storage area 516.
In step 3302, the electronic signature corresponding to the target entity is read from the document space database storage area 516.
In step 3303, digital signature authentication is performed using the read content data of the target entity, the read digital signature, and the public key obtained in step 1901. If the authentication fails, an error code indicating that the authentication has failed is returned and the process is terminated (step 3304).
In step 3305, the content data of the reference target entity read from the document space database storage area in step 3301 is output to the same directory as the output destination resource of the reference target entity obtained in step 1901. However, the file name is the value of the resource name 1109 in the entity configuration table 1105.
[0064]
Next, FIG. 20 shows a PAD diagram showing an outline processing procedure of the document update control program 512 in this embodiment.
The processing procedure in FIG. 20 corresponds to the processing in FIG. 17 in the first embodiment.
Here, only the difference from the document update control program (FIG. 17) in the first embodiment will be described.
Steps 2001 and 2002 are the same as steps 1701 and 1702, respectively.
In step 2003, the document parts group required for the update process is output to an editable area using an external program.
This step can be realized by the same procedure as the document reference processing shown in the PAD diagram shown in FIG.
However, “reference target entity” in FIG. 19 means “update target entity”.
Steps 2004 and 2005 are the same as steps 1704 and 1705, respectively.
In step 2006, an electronic signature is generated using the content data of the update target entity and the signer's private key.
Then, the electronic signature to be updated is replaced with the generated electronic signature and stored in the document space database storage area 516.
The signer's private key used when generating the electronic signature is obtained as a call parameter.
The processing from step 2007 to step 2016 is the same as the processing from step 1707 to step 1716.
[0065]
According to this embodiment, when a public key of a signer is given to a structured document composed of a plurality of entities when a reference / update target entity is extracted from the document management server, the digital signature is authenticated inside the document management server. be able to.
As a result, the reference / update target entity can be extracted in a state where the authenticity of the entity is proved (guaranteed).
Regarding the generation of the SGML document entity, there is no functional difference from the case of taking the configuration of the first embodiment.
[0066]
Hereinafter, a third embodiment to which the present invention is applied will be described with reference to the drawings.
In this embodiment, the system configuration is the same as that of the first embodiment, but the data structure and the processing procedure of the program are different from those of the first embodiment.
The difference between this embodiment and the first embodiment will be described below.
In the first embodiment, as registered document data, both the content data of each entity and the analyzed logical structure data are held.
On the other hand, in this embodiment, only analyzed logical structure data is held, and entity content data is not held.
Instead, the parsed logical structure data is specified so that, at the time of retrieval, an arbitrary entity constituting the original document can be specified, and the content data that the entity has retained at the time of registration can be retrieved. In addition to the content string and structure information included in the document, the syntax information required for restoration (element type name as per the original document, entity reference (entity start information and entity end information), white space as syntax information ( White space), character reference, attribute default, character reference, marked section, processing instruction, comment declaration, literal delimiter type, attribute name / notation name / short reference table name / unique identifier (ID) -Entity name as original document, omitted tag information, abbreviated tag information, between element type name and attribute specification in start tag And the blank character string that separates attribute specifications from each other, the omitted data information corresponding to the REFC (;) at the end of the omitted entity reference, and the short reference) are identified and retained in the analyzed logical structure data To do.
[0067]
FIG. 21 is a PAD showing a processing procedure of the document registration processing control program 510 in this embodiment.
The processing procedure of FIG. 21 corresponds to the processing of FIG. 7 in the first embodiment.
Only the differences from the document registration control program (FIG. 7) in the first embodiment will be described here.
The processing from step 2101 to step 2104 is the same as the processing from step 701 to step 704.
The processing from step 2105 to step 2108 is the same as the processing from step 708 to step 711.
Step 2109 is processing corresponding to step 712.
However, in step 2109, in addition to the content character strings and structure information included in the registration target document, syntax information necessary for restoration is also stored as analyzed logical structure data so that the contents can be restored to the original document contents at the time of retrieval. To do.
The process of step 2110 is the same as the process of step 713.
[0068]
Next, a PAD diagram showing a processing procedure of the document reference control program 511 in this embodiment is shown in FIG.
The processing procedure of FIG. 22 corresponds to the processing of FIG. 14 in the first embodiment.
Here, only the difference from the document reference control program (FIG. 14) in the first embodiment will be described.
The process of step 2201 is the same as the process of step 1401.
In step 2202, the content data of the entity designated as the reference target is generated from the analyzed logical structure data, and the restored content data is output to the output destination resource of the reference target entity obtained in step 2201.
The procedure for generating and outputting the reference target entity generated here will be described later with reference to FIG.
The processing from step 2203 to step 2205 is the same as the processing from step 1403 to step 1405.
In step 2206, content data of the target entity is generated from the analyzed logical structure data, and the restored content data is output to the same directory as the output destination resource of the reference target entity obtained in step 2201.
However, the file name is the value of the resource name 1109 in the entity configuration table 1105.
The procedure for generating and outputting the reference target entity generated here will be described later with reference to FIG.
The processing of step 2207 and step 2208 is the same as the processing of step 1407 and step 1408.
Step 2209 is the same as step 2206.
[0069]
Next, FIG. 23 shows a PAD diagram showing an outline processing procedure of the document update control program 512 in this embodiment.
The processing procedure of FIG. 23 corresponds to the processing of FIG. 17 in the first embodiment.
Here, only the difference from the document update control program (FIG. 17) in the first embodiment will be described.
Steps 2301 and 2302 are the same as steps 1701 and 1702, respectively.
In step 2303, the document parts group necessary for the update process is output to an editable area using an external program.
This step can be realized by the same procedure as the document reference processing shown in the PAD diagram of FIG.
However, “reference target entity” in FIG. 22 means “update target entity”.
Step 2304 is the same as the processing of step 1704.
The processing from step 2305 to step 2315 is the same as the processing from step 1706 to step 1716.
However, the analyzed logical structure data generated in step 2309 is, in addition to the content character string and structure information included in the registration target document, so that it can be restored to the original document content at the time of retrieval, as in document registration, Syntax information necessary for restoration is also stored as analyzed logical structure data.
[0070]
FIG. 24 is a diagram showing the data structure of the analyzed logical structure data generated by the document registration control program 510 according to the present embodiment with reference to the result of the syntax analysis processing in step 2103.
In this figure, the analyzed logical structure data generated when the SGML document shown in FIG. 2 is processed as a registration target document is shown as an example.
The data structure of each node in the analyzed logical structure data in this embodiment is shown in FIGS.
There are six types of nodes, which are element nodes 2501, character string nodes 2601, line feed character nodes 2604, non-SGML data nodes 2607, entity reference nodes 2610, and character reference nodes 2616, respectively.
[0071]
A process for generating and outputting content data of a specified entity with reference to the analyzed logical structure data in this embodiment will be described below.
This process is a process for generating and outputting the content data of step 2202, step 2206, and step 2209 in the PAD diagram of FIG.
FIG. 27 is a PAD diagram showing a processing procedure for outputting content data of a specified entity to the outside.
Step 2701 is a process of repeatedly executing Step 2702 for each highest-order node in the analyzed logical structure data of the designated entity.
Step 2702 is processing for generating the contents of the target node.
The procedure of this process will be described later with reference to FIG.
In step 2703, the content data generated in steps 2701 and 2702 is output to the specified resource.
[0072]
Next, the details of step 2702 in FIG. 27, that is, the node content generation processing will be described.
FIG. 28 is a PAD diagram showing the procedure of this processing.
In step 2801, the node type (node types 2502, 2602, 2605, 2608, 2611, 2617 in FIGS. 25 and 26) of the target node is determined, and one of steps 2802 to 2807 is selected according to the node type. Select and execute the process.
If the node type is an element, the contents of the element are generated (step 2802).
The procedure of this process will be described later with reference to FIG.
If the node type is a character string, the content of the character string is generated using the content character string 2603 (step 2803).
If the node type is a line feed character, a line feed character is output using the line feed character code 2606 (step 2804).
If the node type is non-SGML data, a line feed character is output using the content data 2609 (step 2805).
If the node type is an entity reference, an entity reference is generated (step 2806).
Here, the entity reference is generated by generating the entity name 2612 and the reference end character “;” (if not omitted) following the “&” character.
If the node type is a character reference, a character reference is generated and output (step 2807).
Here, the character reference is generated by generating the function name 2619 or the character number 2620 following the “&#” character string.
The type 2618 is used to distinguish the function name and the character number.
After that, the reference terminator ";" is generated (unless omitted).
[0073]
Next, the details of step 2802 in FIG. 28, that is, the element content generation processing will be described.
FIG. 29 is a PAD diagram showing the procedure of this processing.
Step 2901 generates a start tag for the target element.
The procedure of this process will be described later with reference to FIG.
In step 2902, referring to reference 2510 to the lower node of the target element, step 2903 is executed for each lower node of the target element.
Here, step 2903 executes the processing of the PAD diagram shown in FIG.
That is, the PAD diagram of FIG. 28 is recursively executed.
Step 2904 generates an end tag for the target element.
The procedure of this process will be described later with reference to FIG.
[0074]
Next, the details of step 2901 in FIG. 29, that is, the process for generating the start tag of the target element will be described.
FIG. 30 is a PAD diagram showing the procedure of this processing.
In step 3001, it is determined whether or not the start tag of the designated element is omitted in the original document by referring to the data of the start tag omission 2504. If it is not omitted (if the value is NO), The processing from step 3002 to step 3010 is executed.
In step 3002, the start tag " Prints a <"character.
In step 3003, the element type name of the target element is output with reference to the generic identifier 2505 of the start tag.
In step 3004, the attribute list 2511 of the target element is referred to. If the target element has an attribute, step 3005 is executed for each attribute of the target element.
The procedure of this process will be described later with reference to FIG.
In step 3006, the blank character 2506 is referenced to generate a blank character existing at the corresponding position in the original document.
In step 3007, the ">" character of the start tag is generated.
[0075]
Next, details of step 3005 in FIG. 30, that is, the generation processing of each attribute of the target element will be described.
FIG. 31 is a PAD diagram showing the procedure of this processing.
In step 3101, the value of attribute omission 2512 is referenced to determine whether the target attribute has been omitted in the original document.
If not omitted, the processing from step 3102 to step 3109 is executed.
In step 3102, the blank character 2513 existing at the corresponding position of the original document is generated with reference to the blank character 2513.
In step 3103, the attribute name 2514 is referenced to generate the attribute name of the target attribute.
In step 3104, the blank character 2515 is referenced to generate a blank character existing at the corresponding position in the original document.
In step 3105, the "=" character is output.
In step 3106, the blank character 2517 is referenced to generate a blank character existing at the corresponding position in the original document.
In step 3107, the literal type 2518 is referenced to generate the same literal delimiter (LIT, LITA, or omitted) as the original document.
In step 3108, the attribute value (including a list) of the target attribute is generated with reference to the attribute value 2519.
In step 3109, the literal type 2518 is referenced to generate the same literal delimiter (LIT, LITA, or omitted) as the original document.
[0076]
Next, the details of step 2904 in FIG. 29, that is, the generation processing of the end tag of the target element will be described.
FIG. 32 is a PAD diagram showing the procedure of this processing.
In step 3201, it is determined whether or not the start tag of the specified element is omitted in the original document by referring to the data of the end tag omission 2507. If it is not omitted (if the value is NO), The processing from step 3202 to step 3205 is executed.
In step 3202, the end tag "</"Character is generated.
In step 3203, the element type name of the target element is generated with reference to the generic identifier 2508 of the end tag.
In step 3204, the blank character 2509 is referenced to generate a blank character existing at the corresponding position in the original document.
In step 3205, the “>” character of the end tag is output.
[0077]
In the case of the present embodiment, in addition to the content character string and the structure information included in the registered document, the analyzed logical structure data also holds the syntax information necessary for restoration. Compared with the second embodiment, the amount of analyzed logical structure data is large.
Instead, the entity content data is centrally managed as analyzed logical structure data, and the double management of the content data and analyzed logical structure data as in the first embodiment is not performed. There is an advantage that the problem of inconsistency does not occur.
There is no functional difference between the case of the configuration of the present embodiment and the case of the configurations of the first embodiment and the second embodiment.
[0078]
【The invention's effect】
As described above, according to the method for managing a structured document with a digital signature according to the present invention, for each entity constituting the document, the electronic signature and the entity are associated with each other to manage each entity. By providing a signature, it is possible to realize a function of preventing falsification of documents in units of entities and a function of proving authenticity.
In addition, by providing a function for generating a temporary SGML document entity, the contents of the entity can be extracted as an SGML document that can be independently referenced and edited.
[Brief description of the drawings]
FIG. 1 is a diagram showing a mechanism of a digital signature authentication method.
FIG. 2 is a diagram illustrating an example of a structured document described in a document description language SGML.
FIG. 3 is a diagram illustrating an example of a logical structure obtained by analyzing an SGML document.
FIG. 4 is a diagram showing an overall configuration of the first embodiment.
FIG. 5 is a diagram showing a configuration of a document management server in the first embodiment.
FIG. 6 is a PAD diagram showing a schematic processing procedure of the document space management program in the first embodiment.
FIG. 7 is a PAD showing an outline processing procedure of a document registration control program in the first embodiment.
FIG. 8 is a diagram illustrating an example of a list format used for transferring a list of entities constituting a registration target document at the time of document registration in the document registration control program according to the first embodiment.
FIG. 9 is a diagram showing a correspondence relationship between the entity identifier correspondence table generated by the document registration control program and the registered entity content data in the first embodiment.
FIG. 10 is a diagram showing a correspondence relationship between an electronic signature identifier correspondence table generated by a document registration control program and a registered electronic signature in the first embodiment.
FIG. 11 is a diagram illustrating a data structure of a registered document list generated by a document registration control program according to the first embodiment.
FIG. 12 is a diagram showing a specific example of an entity configuration table that is a part of syntax analysis result data generated by the document registration control program in the first embodiment.
FIG. 13 is a diagram showing a data structure of analyzed logical structure data generated by the document registration control program in the first embodiment.
FIG. 14 is a PAD diagram showing a schematic processing procedure of the document reference control program in the first embodiment.
FIG. 15 is a PAD diagram showing a procedure of processing for generating and outputting an SGML document entity that is temporarily generated at the time of reference in the document reference control program in the first embodiment.
FIG. 16 is a diagram illustrating an example of an SGML document entity that is temporarily generated at the time of reference in the document reference control program according to the first embodiment.
FIG. 17 is a PAD diagram showing a schematic processing procedure of the document update control program in the first embodiment;
FIG. 18 is a PAD showing an outline processing procedure of a document registration control program in the second embodiment.
FIG. 19 is a PAD showing a schematic processing procedure of the document reference control program in the second embodiment.
FIG. 20 is a PAD diagram showing a schematic processing procedure of a document update control program in the second embodiment.
FIG. 21 is a PAD showing an outline processing procedure of a document registration control program in the third embodiment.
FIG. 22 is a PAD showing a schematic processing procedure of the document reference control program in the third embodiment.
FIG. 23 is a PAD showing a schematic processing procedure of a document update control program in the third embodiment.
FIG. 24 is a diagram showing a data structure of analyzed logical structure data generated by a document registration control program according to the third embodiment.
FIG. 25 is a diagram showing a data structure of element nodes of analyzed logical structure data generated by the document registration control program in the third embodiment.
FIG. 26 is a diagram showing a data structure of character string nodes, line feed character nodes, non-SGML data nodes, entity reference nodes, and character reference nodes of analyzed logical structure data generated by the document registration control program in the third embodiment. It is.
FIG. 27 is a PAD showing a processing procedure for generating and outputting content data from the analyzed logical structure data of the document reference control program in the third embodiment.
FIG. 28 is a PAD showing a processing procedure for generating content data according to the node type of each node in the analyzed logical structure data of the document reference control program in the third embodiment.
FIG. 29 is a PAD showing a processing procedure for generating contents from element nodes in the analyzed logical structure data of the document reference control program in the third embodiment.
FIG. 30 is a PAD showing a processing procedure for generating a start tag from an element node in the analyzed logical structure data of the document reference control program in the third embodiment.
FIG. 31 is a PAD showing a processing procedure for generating attribute information from element nodes in the analyzed logical structure data of the document reference control program in the third embodiment.
FIG. 32 is a PAD showing a processing procedure for generating an end tag from an element node in the analyzed logical structure data of the document reference control program in the third embodiment.
FIG. 33 is a PAD showing the authentication and retrieval processing procedure of the target entity of the document reference control program in the second embodiment.
FIG. 34 is a PAD showing an acquisition processing procedure for a document part group of a target entity of the document reference control program in the second embodiment.
[Explanation of symbols]
401 Document management server
402 Document management client
403 Business processing system
510 Document Registration Control Program
511 Document registration control program
512 Document update control program
513 Document Space Management Program
516 Document space database storage area
1101 List of registered documents
1105 Entity configuration table
1301 Analyzed logical structure data

Claims (2)

A document management device that includes a processing device, a storage device, and an input / output device, and stores and manages a document composed of a plurality of document parts,
The processing device for registering a document, for each document part constituting the document,
Means for reading the content data of the designated document part and storing it in the storage means;
Means for reading an electronic signature corresponding to the designated document part and storing it in the storage means;
Means for storing in the storage means electronic signature correspondence data indicating the correspondence between the stored content data of the document part and the electronic signature;
A document part group management means for managing these document parts group for each document in a storage means,
The processing device for referring to a document;
Means for reading out and outputting content data of a document part to be referenced from the storage means;
Using the electronic signature correspondence data, comprising means for reading out and outputting an electronic signature corresponding to the document part to be referenced from the storage means,
The processing device for updating a document comprises:
Means for reading out and outputting the content data of the document part to be updated from the storage means;
Means for reading out and outputting an electronic signature corresponding to a document part to be updated from the storage means using the electronic signature correspondence data;
Means for reading the contents data of the edited / updated document part;
Means for replacing the content data of the document part stored in the storage means with the read content data;
Means for reading an electronic signature corresponding to the content data of the edited / updated document part;
Means for replacing the electronic signature stored in the storage means with the read electronic signature;
Means for replacing the electronic signature correspondence data stored in the storage means with electronic signature correspondence data indicating the correspondence between the content data of the updated document part and the updated electronic signature;
Document management device with A document management device for storing and managing a document composed of a plurality of document parts, comprising a processing device, a storage device, and an input / output device,
The processing device for registering a document, for each document part constituting the document,
Means for reading the content data of the designated document part and storing it in the storage means;
Means for generating an electronic signature from the read content data using a signer's private key;
Means for storing the generated electronic signature in the storage means;
Means for storing in the storage means electronic signature correspondence data indicating the correspondence between the content data of the stored document parts and the electronic signature;
A document part group management means for managing these document parts group for each document in a storage means,
The processing device for referring to a document;
Means for reading out and outputting content data of a document part to be referenced from the storage means;
A signer's public key, content data of the document part read from the storage means using the electronic signature correspondence data, and means for authenticating the signature for the electronic signature read from the storage means,
The processing device for updating a document comprises:
Means for reading out and outputting the content data of the document part to be updated from the storage means;
A signer's public key; content data of a document part read from the storage means using the electronic signature correspondence data; means for authenticating a signature for the electronic signature read from the storage means;
Means for reading the contents data of the edited / updated document part;
Means for replacing the content data of the document part stored in the storage means with the read content data;
An electronic signature generation means for generating an electronic signature from the read content data using a signer's private key;
Means for replacing the electronic signature stored in the storage means with the generated electronic signature;
Means for replacing the electronic signature correspondence data stored in the storage means with electronic signature correspondence data indicating the correspondence between the updated content data of the document part and the updated electronic signature;
Document management device with

Images