JP3819608B2 - Electronic document falsification prevention system and recording medium - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention prevents falsification of electronic documents such as data and documents, and in particular, an electronic document falsification prevention system characterized by a part that secures the evidence capability of the electronic document and recoding media It is about.
[0002]
[Prior art]
Conventionally, documents such as transaction records, quality records, and contracts have been written on paper using black ink, ballpoint pens, and the like for signature and seal in order to prevent suspicion of document tampering.
[0003]
In this way, what is written in ink on paper cannot be easily tampered with even if the description or date is later tampered with. Since the quality of paper changes as it ages, it can be discriminated even if a new fake document is created. Because of these characteristics of paper and ink, all important documents have traditionally been stored on paper.
[0004]
Recently, digital signature technology has been developed, which can prove the person who created the document. This electronic signature will be described.
[0005]
FIG. 53 is a diagram showing a conventional method for signing an electronic document and determining its identity.
[0006]
As shown in the figure, first, feature data 203D is extracted from the electronic document 201a by the feature extraction unit 202. Next, the feature data 203D is encrypted by the encryption means 205 using the secret key 204 to create encrypted data 206D. The encrypted data 206D is transmitted to the recipient as a signed electronic document 201b together with the original electronic document 201a.
[0007]
The recipient retrieves the encrypted data 206D from the received electronic document 201b ′ and uses the sender's public key 216 to retrieve the feature data 218D by the decryption means 217. On the other hand, the electronic document 201a ′ corresponding to the original electronic document 201a is extracted from the electronic document 201b ′, and the feature data 221 is extracted by the feature extraction unit 220. The feature data 221 is collated with the previous feature data 218D by the collation means 22, and it is confirmed that there is no difference between the original electronic document.
[0008]
If it is such an electronic document, it can be confirmed that the document creator is definitely the person. However, the creator himself can freely modify the created document. Therefore, the creator himself may cause problems such as deliberately shifting the date of the computer to protect the document creation date.
[0009]
Here, according to “Electronic Document Processing System and Digital Signature Generation Method” described in Japanese Patent Application No. 5-303773, another author makes a partial change to create a new document. An authentication method is disclosed.
[0010]
However, using the created electronic document as evidence for conflicting parties other than the author who was involved in the creation of the document is possible if the author involved in the creation has falsified and falsified. Therefore, it is not appropriate. That is, the method disclosed in Japanese Patent Application No. 5-303773 is not familiar with digitizing documents as evidence documents and can be said to be digitized only when internal documents are used in-house.
[0011]
For example, according to the manufacturing process of a product, the person in charge for each process cannot apply to an assembly record or the like for signing and stamping his / her responsible process, and is operated on paper. Also, in the case of recording periodic inspections, when a few lines of inspection results are added to a recording sheet and signature stamping is performed, the operation is performed on paper. This is because it is necessary to use inspection records as evidence for product safety accidents, and electronic documents that can be falsified if conspired cannot be evidence.
[0012]
[Problems to be solved by the invention]
In this way, the document creator himself can perform document falsification, and thus cannot prove that the user has not falsified electronic documents such as transaction records, quality records or contracts. For this reason, the reliability of electronic documents is low in the current system, and important documents are still handled as paper.
[0013]
However, paper documents require a lot of storage space, and it takes time to retrieve the necessary documents. In addition, when it is necessary to have the same proof ability as that of this paper when sending it to a distant place, there is a problem that there is no method other than sending this paper.
[0014]
On the other hand, when a document is created by a word processor or the like with the recent development of a computer, it is more convenient to store it as an electronic document than to store it in paper form. This is because, for example, there is an advantage that a storage place is not required and retrieval of a necessary document is easy, and for this reason, digitization of a document has been advanced in general society.
[0015]
However, as described above, since the evidence ability of the electronic document is insufficient, the important document cannot be digitized, and even if it is digitized, a paper document having evidence ability is separately required as the main paper. For this reason, problems such as the need for a storage place for important documents are still not solved.
[0017]
The present invention has been made in consideration of such circumstances. Even if multiple people create one electronic document for multiple periods, it is not necessary to re-approve the changed document with all the parties concerned, and document falsification is prevented, so that the evidence ability exceeds the evidence ability of the paper document. Electronic document falsification preventing system capable of creating electronic document having recoding media To provide With the goal .
[0018]
[Means for Solving the Problems]
The essence of the present invention is that the feature data extracted from the electronic document is encrypted with the encryption key of the first party, and the encrypted feature data is further encrypted with the encryption key of the external certifier. The data is used as authentication data for electronic documents.
[0019]
The authentication data obtained in this way cannot be falsified by another person, nor can it be falsified by a malicious external certifier who has passed the encrypted feature data. That is, since the first party's encryption is applied to the feature data itself, if the external certifier tampers with it, it is detected that the electronic document is not valid. Furthermore, the authentication data once externally authenticated cannot be tampered by the first party himself / herself for encryption by the external certifier.
[0020]
On the other hand, when the original electronic document is falsified, the fact of falsification is detected by comparing the characteristic data from the falsified electronic document with the characteristic data included in the authentication data.
[0021]
As described above, according to the present invention, the electronic document or the authentication data is in any stage regardless of whether it is a malicious first party or a malicious external certifier. If falsified, the fact of falsification is detected regardless of the stage of falsification.
[0022]
More specifically, the solution of the above problem is realized by the following solution.
[0057]
Claim 1 The invention corresponding to An extraction means for extracting an electronic document and authentication data from an electronic document with authentication that has been authenticated for the author; From the authenticated electronic document In the extracted electronic document A document changing means for generating a new electronic document by adding changes, and the electronic document extracted from the authenticated electronic document Said A difference extracting means for extracting change points between the electronic document and the new electronic document to obtain changed portion data; Feature extraction is performed on the new electronic document to extract first feature data, and the first feature data is encrypted with the encryption key of the changer who generated the new electronic document. A first changer authentication unit that generates data, and generates changer authentication data based on the first encrypted feature data, and performs feature extraction on the changed portion data to extract second feature data; Second changer authentication means for generating second encrypted feature data by encrypting the second feature data with the encryption key, and generating changer differential authentication data based on the second encrypted feature data A combination means for generating combined authentication data based on the authentication data extracted by the extraction means and the changer authentication data generated by the first changer authentication means, and generated by the combination means The combined authentication data and the second changer authenticator changer differential authentication data generated by that Is sent to the external authentication system, In the external authentication system, the first external authentication data output by external authentication for the combined authentication data and the second external authentication data output by external authentication for the changer differential authentication data are output to the external Authentication means for generating a new authenticated electronic document based on the communication means received from the authentication system, the first external authentication data received by the communication means and the new electronic document generated by the document changing means Attached electronic document creation means, and changed part data creation means with authentication for generating new changed part data with authentication based on the second external authentication data and the changed part data; An electronic document falsification prevention system comprising:
[0058]
Since the present invention is provided with such means, it is possible to attach a new authentication to the changed electronic document, and also to authenticate only the data of the changed portion, thereby preventing falsification of the changed electronic document. In addition, it has high reliability because it has external authentication.
[0060]
The present invention is such Changer authentication Since the means is provided, it is possible to improve the security while leaving the feature of the authentication source in order to use the encrypted data of the feature data instead of the changed portion data and / or the new electronic document itself as the authentication data. Furthermore, the amount of authentication data can be reduced.
[0062]
The present invention is such Join Since the means is provided, the previous authentication data can be included in the authentication data attached to the new electronic document after the change, and a history for each change can be obtained. Moreover, each time authentication data can be held.
[0085]
Next, the claim 2 The invention corresponding to 1 is a recording medium on which a program for causing a computer to realize the invention corresponding to claim 1 is recorded.
[0086]
The computer controlled by the program read from the recording medium is claimed in claim 1 Functions as an electronic document falsification prevention system.
[0091]
DETAILED DESCRIPTION OF THE INVENTION
Next, an embodiment of the present invention will be described.
[0092]
[Explanation of the first to thirteenth embodiments]
FIG. 1 is a diagram showing an overall configuration of an electronic document falsification preventing system and method according to each embodiment of the present invention.
[0093]
A network 100 using a public line or a dedicated line is configured, and a document authentication system 101, an external authentication system 102 of an external authentication organization 99, and an authenticated document confirmation system 103 are connected to the network.
[0094]
The document authentication system 101 uses the external authentication system 102 via the network 100 for predetermined information (including a kind of user authentication that is encrypted by the user's key) created by the system user regarding the electronic document to be authenticated. And an authentication electronic document is created by receiving a reply of the information for authentication created by the external authentication system 102 based on the predetermined information. Further, as will be described later, the plurality of document authentication systems 101 are processed into different system users (encryption, addition of authentication information, etc., and substantial authentication is performed by each user). The predetermined information may be sent to the external authentication system 102.
[0095]
On the other hand, the authentication document confirmation system 103 is a system for confirming the validity of the authentication electronic document, and receives the authentication electronic document to be confirmed from the document authentication system 101 or the like via the network 100.
[0096]
The document authentication system 101, the external authentication system 102, and the authentication document confirmation system 103 are obtained by adding a display device, an input device, or a fingerprint reader, for example, to a computer such as a workstation or a personal computer. Different functions are realized by different operating programs. Therefore, as shown in FIG. 1, for example, the document authentication system 101 and the authenticated document confirmation system 103 may be configured on the same computer.
[0097]
Further, the document authentication system 101 and the external authentication system 102 can be configured on the same computer or a computer connected by a LAN or the like, and all authentication work can be performed in an external authentication organization.
[0098]
The electronic document falsification prevention system and method according to the present invention is a combination of these document authentication system 101, external authentication system 102, and authentication document confirmation system 103 as appropriate, or a combination of some functions thereof.
[0099]
Further, in the above case, the case is described on the assumption that information is instantaneously transferred via a network. However, as shown in FIG. 1, the document authentication systems 101 to 101 are connected via recording media 97 and 98 such as floppy disks. Necessary information (predetermined information and electronic document) can be exchanged between the external authentication systems 102 or between the document authentication system 101 and the authenticated document confirmation system 103.
[0100]
Each embodiment of the electronic document falsification preventing system and method having the above system configuration as a whole will be described below.
[0101]
(First embodiment)
The present embodiment relates to an electronic document creation system and method that can prevent tampering.
[0102]
FIG. 2 is a block diagram showing a hardware configuration example of a document authentication system applied to the electronic document falsification preventing system according to the first embodiment of the present invention.
[0103]
In the document authentication system, a display device 111, an input device 112, a printing device 113, an external storage device 114, a fingerprint reader 64, and a scanner 115 are connected to a computer 110.
[0104]
In the computer 110, a CPU 117, a ROM 118, and a RAM 119 are connected to the CPU bus 116, and further, a hard disk is connected via each interface unit 120, 121, 122, 123, 124, 125, 126, 127 connected to the CPU bus 116. A device 128, a communication device 121, a display device 111, an input device 112, a printing device 113, an external storage device 114, a fingerprint reader 64, and a scanner 115 are connected.
[0105]
The ROM 118 stores a boot processing program used to start the computer 110 and start up an operating system (OS) and the like.
[0106]
The hard disk device 128 is provided with a program storage unit 130 and a data storage unit 131. The program storage unit 130 stores an OS, a program for realizing the document authentication system 101, and the like, and the data storage unit 131 stores an electronic document, an electronic document with authentication, and various other information.
[0107]
The RAM 119 is used for so-called main memory. That is, a work area 132 for various processes by the CPU 117 is provided, and a document authentication program 133 for controlling the CPU 117 is stored.
[0108]
The document authentication program 133 is called from the program storage unit 130 of the hard disk device 128 and is stored in the RAM 119.
[0109]
The CPU 117 controls each unit according to the document authentication program 133 in the RAM 119 to realize the document authentication system 101. That is, the function realizing means of the document authentication system 101 is configured by combining software resources such as the RAM 119 (particularly the document authentication program 133) and the hard disk device 128 and the hardware resources of FIG. Each means (each process) or each means (each process) not shown in the process explanatory diagrams and flowcharts in the present embodiment and the following embodiments is such a function realization means, and is mainly a document authentication program. This is due to the operation of the CPU 117 according to 133.
[0110]
The communication device 129 communicates with the external authentication system 102 or with the authenticated document confirmation system 103. Electronic documents and various information are exchanged.
[0111]
The external storage device 114 stores an electronic document, an electronic document with authentication, and other various types of information in a portable recording medium, and particularly makes it easy and convenient to store and send the electronic document with authentication. As the external storage device 114, for example, a floppy disk device, a magneto-optical disk device (MO), a CD-R, a CD-R / W, or a DVD is used.
[0112]
The fingerprint reader 64 is a device that reads human fingerprint information. Used for system user authentication and encryption information creation.
[0113]
The scanner 115 is a device that reads a graphic such as a seal stamp as image information.
[0114]
Next, the hardware configuration of the external authentication system will be described.
[0115]
FIG. 3 is a block diagram showing a hardware configuration example of an external authentication system applied to the electronic document tampering prevention system of the present embodiment. The same parts as those in FIG. .
[0116]
The external authentication system 102 includes a computer system similar to the document authentication system 101. The difference from the document authentication system 101 is an operation program stored in the program storage unit 130 of the hard disk device 128. This operation program is called and stored in the RAM 119 as the external authentication program 134. The CPU 117 controls each unit according to the external authentication program 134, and the external authentication system 102 is realized. Further, the function realizing means is configured by combining software resources (particularly the external authentication program 134) and hardware resources as in the case of the document authentication system 101.
[0117]
Next, each function of the electronic document tampering prevention system will be described with reference to FIG. FIG. 4 is a diagram showing an example of a functional configuration and a processing flow of the electronic document falsification preventing system according to the present embodiment.
[0118]
This electronic document falsification prevention system includes a document authentication system 101 and an external authentication system 102.
[0119]
The document authentication system 101 extracts and encrypts the feature data 3D from the electronic document 1 to be authenticated, and receives the composite data 10 from the external authentication system 102 of the external certification authority that provides authentication for the encrypted data 6. An electronic document 12 with authentication is created by giving to the electronic document 1.
[0120]
For this purpose, the document authentication system 101 extracts and edits the headline 3H (not shown), the feature extraction unit 2 that performs feature extraction from the electronic document 1 and generates the feature data 3D, and the feature data 3D as the first feature data. Private key 4 (# 1) (Hereinafter, the same type of configuration and data that may exist are classified as # 1, # 2,... Or first, second,. Encryption means 6 for encrypting and generating encrypted data 6D (# 1), means for combining header 3H and encrypted data 6D (not shown), and combined encrypted data 6 with header Communication means (not shown) for transmitting to the external authentication system 102 and means for creating the electronic document 12 with authentication by adding the composite data 11 received from the external authentication system 102 to the electronic document 1 and storing it in the electronic medium (FIG. Not shown)
[0121]
On the other hand, the external authentication system 102 separates the header-attached encrypted data 6 received from the document authentication system 101 by a separating means (not shown), and assigns the external authentication data 7A (# 1) to the encrypted data 7D. After this is encrypted with the second secret key 8 (# 2) using the encryption means 9, the combined data 10 consisting of the encrypted data 10D and the header 10H is combined by a combining means (not shown). The data is transmitted to the document authentication system 101 by communication means (not shown).
[0122]
In the present embodiment, an RSA method using a secret key and a public key is used as an encryption method for each data, but other encryption methods (DES method or the like) may be used.
[0123]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIGS.
[0124]
FIG. 5 is a flowchart showing the operation of the electronic document tampering prevention system of this embodiment.
[0125]
First, the data of the electronic document 1 is read in the document authentication system 101 (S1), and a portion that can be used for the heading 3H data such as the document title and the date is extracted from the document data, and further edited to add a supplementary explanation. Is performed. In this way, the heading 3 is created (S2). The heading 3 includes, for example, an electronic seal stamp or electronic signature of the document creator described in the seventh embodiment.
[0126]
Next, features are extracted from the electronic document 1 by the feature extraction means 2 to create feature data 3D (S3). Here, the feature data 3D is data indicating the feature of the electronic document itself, which becomes a different value even if, for example, one bit of the electronic document changes. On the other hand, the heading 3H is data added to make it possible to know which electronic document the feature data 3D belongs to. The heading 3H and the feature data 3D are made to correspond as synthesized data (heading feature data 3).
[0127]
Next, the secret key 4 (# 1) is used by the encryption means 5, and the feature data 3D is encrypted to generate the first encrypted data 6D (S4). The first secret key 4 is a secret key held by the creator of the electronic document 1 and is not disclosed to others.
[0128]
Next, the header 6H and the encrypted data 6D are combined, and correspondence is taken as encrypted data 6 with a header (S5). The heading 6H is the same as the heading 3H. The header-added encrypted data 6 thus generated is transmitted to the external authentication system 102 of the external certification authority (S6). In this embodiment, this transmission is transmitted to the network 100 via a public line or a dedicated line. However, the transmission may be recorded on an electronic medium such as a floppy disk and mailed.
[0129]
On the other hand, the external certificate authority receives the encrypted data 6 with a header from the document authentication system 101 (S7).
[0130]
In the external authentication system 102, the encrypted data 6 with a header is decomposed into a header 7H and encrypted data 7D (S8). The external authentication data 7A is combined with the encrypted data 7D (S9). The external authentication data 7A is information indicating that an external authentication organization that is a third party has authenticated the data that the document authentication system 101 has requested for authentication, and includes date data for authentication.
[0131]
Next, the first encryption data 7D (# 1) and the external authentication data 7A (# 1) are collected by the encryption means 9 and encrypted with the secret key 8 (S10). Thus, the second encrypted data 10D # 2 is generated. As a result, the second encrypted data 10D (# 2) is double-keyed with the creator's private key 4 and the private key 8 of the external certification authority, and includes unique data.
[0132]
Further, the second encrypted data 10D is combined with the heading 10H to become the combined data 10, which can be easily handled (S11). The heading 10H has the same contents as the heading 3H. Then, the composite data 10 is returned from the external authentication system 102 to the creator's document authentication system 101 that requests third party authentication via the network 100 (S12).
[0133]
In the document authentication system 101, the composite data 10 is received as composite data 11 (S13). The composite data 11 is combined with the electronic document 1 to generate an electronic document 12 with authentication. Such a connection facilitates data handling. The generated electronic document with authentication 12 can be stored in an electronic medium at an arbitrary place, and the authentication function is exhibited no matter where the electronic document 12 is stored. Note that the term “combination” here includes various cases such as when the composite data 11 and the electronic document 1 are simply recorded on the same recording medium, or when other data indicating the association between the two is created. . This means for combining is also an example of means for obtaining authentication data of an electronic document in the claims.
[0134]
As described above, the falsification preventing system and method for an electronic document according to the embodiment of the present invention sets the certification date of the external certification authority by following the procedure for the external certification authority to authenticate the document digitally signed by the principal. It is proved that the person himself was writing the document. Even if there is no electronic signature, the feature data is encrypted with the secret key 4 of the document creator himself and decrypted with the corresponding public key. It is authenticated that the document is to be created by the document creator.
[0135]
Further, when the document body is altered, the feature data to be extracted from the altered document changes, and is different from the feature data 3D previously extracted for authentication, thereby detecting the fact of alteration of the original document. it can. On the other hand, since the feature data 3D previously extracted for authentication is encrypted with the authentication data private key 8 together with the authentication data 7A of the external authentication authority, the encrypted data 11D attached to the authenticated electronic document 12 is encrypted. No tampering is possible. Therefore, even if it is the person himself, the document cannot be altered after the external authentication.
[0136]
As a result, it is possible to generate an electronic document with evidence ability that can prove the validity of the document at a trial place, and it is possible to digitize an important document or an evidence document that has been stored on paper. In addition, advanced technology is required to determine whether or not a conventional paper document has been tampered with, but the electronic document tampering prevention system according to the present invention confirms whether or not tampering has occurred by simply following an electronic procedure. Because it can, it can be easily proved whether or not tampering. Furthermore, electronic storage reduces the number of storage locations, and document transmission to remote locations can be performed instantaneously, enabling retrieval by a computer. In this way, it is possible to improve the credibility of commercial transactions and speed up transactions.
[0137]
In the document tampering prevention system of this embodiment, since the transmission data is encrypted in the document authentication system 101 and the external authentication system 102, it is safe to use a public line as the network 100.
[0138]
Furthermore, since the external authentication data authenticated by the external certification authority is combined with the original electronic document and managed in the form of the authenticated electronic document 12, handling of the electronic document is facilitated.
[0139]
(Second Embodiment)
In the present embodiment, a system for confirming that the authenticated electronic document 12 authenticated in the first embodiment is authentic and retrieving authentication information such as an authentication date attached by an external certification authority will be described.
[0140]
This electronic document falsification preventing system is configured as the authenticated document confirmation system 103 shown in FIG.
[0141]
FIG. 6 is a block diagram showing a hardware configuration example of an authenticated document confirmation system applied to the electronic document falsification preventing system according to the second embodiment of the present invention. A description thereof will be omitted.
[0142]
The authenticated document confirmation system 103 includes a computer system similar to the document authentication system 101. The difference from the document authentication system 101 is an operation program stored in the program storage unit 130 of the hard disk device 128. This operation program is called and stored in the RAM 119 as the authentication document confirmation program 135. The CPU 117 controls each unit in accordance with the authentication document confirmation program 135, and the authentication document confirmation system 103 is realized. Further, the function realizing unit is configured by combining software resources (particularly the authentication document confirmation program 135) and hardware resources, as in the case of the document authentication system 101.
[0143]
Next, each function of the electronic document falsification prevention system will be described with reference to FIG. FIG. 7 is a diagram showing an example of the functional configuration and processing flow of the authenticated document confirmation system 103 applied to the electronic document falsification preventing system of the present embodiment. The same parts as those in FIG. Is omitted.
[0144]
The authenticated document confirmation system 103 collates the feature data 18D extracted from the authenticated electronic document 12 with the feature data 21 extracted from the electronic document 19 obtained by removing the composite data 11 from the authenticated electronic document 12, and the electronic document At the same time, the fact of authentication by the external certification authority 99 and its certification date are confirmed from the external certification data 15A extracted from the certification data (encrypted data 11D).
[0145]
For this purpose, the authenticated document confirmation system 103 includes means (not shown) for retrieving the header 11H and the encrypted data 11D from the authenticated electronic document 12 stored in the external storage device 114 or the hard disk device 128, and the encrypted data 11D as an external device. Decryption means 14 for decrypting with the second public key 13 (# 2) of the authentication system 102, date authentication 15A-D and external authentication data 15A (# 1) of the data obtained by this decryption, and A means (not shown) for confirming the authentication of the external authentication authority 99 and the encrypted data 15D out of the data decrypted by the decrypting means 14 are received by the first public key 16 (# 1) of the document authentication system 101. Decoding means 17 for decoding is provided. Further, feature extraction means 20 for extracting the feature data 21 from the electronic document 19 from which the authentication data has been removed, the feature data 21, and feature data 18 D extracted from the feature data 18 with the header decrypted by the decryption means 17. Collation means for collating and performing identity determination 22 -J of whether or not the electronic document 19 is the same as the electronic document 1 is provided.
[0146]
In this embodiment, the RSA method is used as the encryption using the secret key and the public key, but other encryption methods (DES method or the like) may be used. 7 may be the system of the creator of the electronic document 1 or a third party system.
[0147]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIGS.
[0148]
FIG. 8 is a flowchart showing the operation of the electronic document falsification preventing system of this embodiment.
[0149]
First, the electronic document 12 is read from the external storage device 114 and the hard disk device 128 or via the network 100 (T1), and the composite data 11 is extracted (T2).
[0150]
Second encrypted data 11D (# 2) that functions as authentication data is further extracted from the combined data 11 (T3). Decryption is performed by the decryption means 14 using the second public key 13 (# 2) (T4). The second public key 13 (# 2) is a public key of the external authentication organization 99, and corresponds to the second secret key 8 (# 2). Thus, the first encrypted data 15D (# 1) and the external authentication data 15A (# 1) are extracted.
[0151]
Next, the encrypted data 15D and the external authentication data 15A are separated from the header-attached authentication data 15 (T5). The encrypted data 15D has the same contents as the encrypted data 6D in FIG. The external authentication data 15A has the same contents as the external authentication data 7A in FIG. Further, the header data 15H has the same contents as the header data 3H of FIG.
[0152]
Next, the date authentication data 15A-D is taken out from the decrypted external authentication data 15A, and the date when the external authentication authority authenticates the composite data 6 is confirmed (T6).
[0153]
On the other hand, the first encrypted data 15D (# 1) is decrypted by the decryption means 17 with the first public key 16 (# 1) (T6), and the first feature data 18D is generated. The first public key 16 (# 1) is the public key of the creator of the electronic document, and corresponds to the first secret key 4 (# 1). The feature data 18D has the same contents as the first feature data 3D (# 1).
[0154]
Next, the electronic document 19 excluding the composite data 11 is extracted from the electronic document 12 (T8). This electronic document 19 corresponds to the original electronic document 1. Further, feature data 21 is extracted from the electronic document 19 by the feature extraction means 20 (T9). The feature extraction unit 20 is the same unit as the feature extraction unit 2, and the same feature data is generated if the content of the electronic document 19 is the same as that of the electronic document 1.
[0155]
Next, the feature data 18D and the feature data 21 are collated by the collating means 22 (T10), and an identity determination result 22-J indicating whether the collation results are the same is output. If the identity determination result 22-J is good (coincidence) (T11), it is proved that the document is a person-created document authenticated on the date of the date authentication data 15A-D. Then, the fact that the documents are the same is displayed on the display device 111 together with the date authentication extracted in step T6 (T13).
[0156]
On the other hand, if the identity determination result 22-J is a determination failure (mismatch) (T11), a mismatch is displayed.
[0157]
As described above, the electronic document falsification prevention system and method according to the embodiment of the present invention can be applied to an external document of an external certificate authority from an electronic document that has been subjected to the addition of encrypted feature data, the personal digital signature, and the authentication of the external certificate authority. By retrieving the authentication data and comparing the added feature data with the feature data from the electronic document main body using the document creator's public key 16, the person himself / herself can confirm the document on the authentication date of the external certification authority. It is proved that it was made.
[0158]
When the electronic document body is falsified, the feature data 21 extracted from the electronic document 19 is changed. On the other hand, the first feature data 3D and 18D are prevented from being falsified by the external certification authority 99. However, document tampering is not possible after external authentication. As a result, it is possible to prove the validity of the document at the trial site, and it is possible to digitize the important document and the evidence document that have been stored in the conventional paper.
[0159]
Further, a high level technique is required to determine whether or not a conventional paper document is falsified. However, the electronic document falsification prevention system can easily prove whether or not falsification has occurred by the above collation processing. Further, the storage location can be reduced by computerization, and power can be instantaneously transmitted to a remote place via a network. Therefore, a search by a computer is also possible.
[0160]
In the document tampering prevention system of this embodiment, since the transmission data is encrypted in the document authentication system 101 and the external authentication system 102, it is safe to use a public line as the network 100.
[0161]
Furthermore, by combining the authentication data authenticated by the external certificate authority with the original electronic document, handling when storing the document becomes easier.
[0162]
(Third embodiment)
In the falsification preventing system and method of the electronic document according to the present embodiment, external authentication data is further added to the composite data 11 attached to the electronic document 12 with authentication once created, and encryption is performed again. As a result, an electronic document with enhanced tampering prevention is generated, and the confidentiality of the authentication data after a long period of time since the creation of the authenticated electronic document 12 is maintained.
[0163]
FIG. 9 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification preventing system according to the third embodiment of the present invention. The same parts as those in FIG. 4 and FIG. Description is omitted. Further, the document authentication system 101 and the external authentication system 102 shown in FIGS. 2 and 3 are used in the system of this embodiment, and the unique functional part of this embodiment is the document authentication program 133 or the external authentication program. This is due to the modification to 134.
[0164]
This electronic document falsification preventing system includes a document authentication system 101 and an external authentication system 102 shown in FIG.
[0165]
The document authentication system 101 takes out the composite data 11 from the electronic document 12 and sends it to the external authentication system 102 (not shown), and removes the authentication data 11 from the electronic document 12 into the original electronic document. A means (not shown) for adding the encrypted data with header 27 received from the authentication system 102 as authentication data to form an electronic document with authentication 28 is added, and the configuration is the same as in the first embodiment.
[0166]
On the other hand, the external authentication system 102 adds the external authentication data 23A to the composite data 11 from the document authentication system 101, and converts the encrypted data 23D (same as the encrypted data 11D) and the external authentication data 23A to the third secret key 24. Encryption means 25 for encrypting in (# 3) and means (not shown) for transmitting the encrypted data with header 26 consisting of the encrypted encrypted data 26D and the header 26H to the document authentication system 101 are added. Other configurations are the same as those in the first embodiment. The third secret key 24 (# 3) is another secret key of the external certification authority 99.
[0167]
Next, the operation of the electronic document falsification preventing system configured as described above according to the embodiment of the present invention will be described with reference to FIGS.
[0168]
FIG. 10 is a flowchart showing the operation of the electronic document falsification preventing system of this embodiment.
[0169]
First, in the document authentication system 101, the electronic document 12 is read from the external storage device 114 and the hard disk device 128 or via the network 100 (U1), and the composite data 11 as authentication data is extracted (U2). The composite data 11 is transmitted to the external authentication system 102 of the external authentication authority 99 via the network 100 (U3).
[0170]
).
[0171]
Next, the external authentication system 102 receives the composite data 11 (authentication data) transmitted in step U3. Next, the received composite data 11 is separated into a header 23D and encrypted data 23D (U5). Here, the external authentication data 23 A is added to the header-attached authentication data 23. The external authentication data 23A is the same as the external authentication data 7A of the first embodiment, and includes information such as the authentication date.
[0172]
Next, the encrypted data 23D and the external authentication data 23A are combined (U6), and the combined data is encrypted with the secret key 24 (# 3) to generate encrypted data 26D (U7). The secret key 24 is a secret key of the external certification authority 99 and corresponds to, for example, the RSA method.
[0173]
Next, encrypted data 26, which is authentication data formed by combining the heading 26H and the encrypted data 26D, is generated (U8), and the data 26 is transmitted to the document authentication system 101 via the network 100 (U9).
[0174]
The encrypted data 26 transmitted from the external authentication authority 99 is received by the document authentication system 101 (U10). This is used as the header-attached encrypted data 27 and is combined with the original electronic document obtained by removing the encrypted data 11 from the electronic document 12 to generate the authenticated electronic document 28 (U11). In this way, an electronic document with enhanced tampering prevention is generated. The electronic document 28 can be stored in the external storage device 114, the hard disk device 128, or any other electronic medium.
[0175]
As described above, the falsification preventing system and method for an electronic document according to the embodiment of the present invention re-authenticates the external certification authority 99 to the composite data 11 extracted from the electronic document 12 and re-encrypts the data with authentication. Since the electronic document 28 is generated, the document 28 with enhanced tampering prevention can be created.
[0176]
Therefore, with the advancement of encryption technology, it is possible to strengthen the prevention of falsification of the document 1 with a new cipher before the years when the first cipher may be decrypted, even if long-term electronic document storage is performed. Also, the legitimacy of the document can be proved in the courtroom.
[0177]
In the present embodiment, the case of re-authenticating an electronic document that has been authenticated once, such as the electronic document 12, has been described. However, the electronic document 28 may be further re-authenticated using the method of the present embodiment. . In this way, by repeating re-authentication and accumulating the number of times of authentication, the storage period of the electronic document 1 can be extended, and the length can be practically infinite. Therefore, in the present embodiment, the case where the authentication is performed using the public key method (RSA) encryption method has been described. However, the re-authentication (re-encryption) may be appropriately performed using the encryption method that is most difficult to decipher at that time. Is appropriate.
[0178]
(Fourth embodiment)
In this embodiment, it is confirmed that the electronic document 28 with authentication, which is re-authenticated in the third embodiment and strengthens falsification prevention, is authentic, and authentication information such as each authentication date attached by the external certification authority is taken out. The system will be described.
[0179]
FIG. 11 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification preventing system according to the fourth embodiment of the present invention. The same parts as those in FIGS. The description is omitted. In addition, the system of the present embodiment uses the authenticated document authentication system 103 shown in FIG. 6, and the unique functional part of the present embodiment is due to the modification to the authenticated document confirmation program 135. is there.
[0180]
This electronic document falsification preventing system is configured as the authenticated document confirmation system 103 shown in FIG.
[0181]
The authenticated document confirmation system 103 performs decryption processing three times on the authentication data extracted from the authenticated electronic document 28 to extract the feature data 18D, and collates with the feature data 21 extracted from the electronic document 19, and the process Thus, for the two authentications by the external certification authority 99, confirmation of each authentication date and the external authentication is performed.
[0182]
For this purpose, the authentication document confirmation system 103 receives the encrypted data 27D by means (not shown) for extracting the header-attached encrypted data 27 from the authenticated electronic document 28 and the public key 29 (# 3) of the external authentication authority 99. In addition to the decryption means 30 for decryption and the means (not shown) for confirming the authentication of the external certification authority 99 from the decrypted external authentication data 31A and extracting the date authentication 31A-D, there are shown in FIG. The configuration is the same as in the second embodiment. The data decrypted by the decrypting means 14 is encrypted data 31D.
[0183]
Next, the operation of the electronic document falsification preventing system configured as described above according to the embodiment of the present invention will be described with reference to FIGS.
[0184]
FIG. 12 is a flowchart showing the operation of the electronic document falsification preventing system of this embodiment.
[0185]
First, in the authenticated document confirmation system 103, the electronic document 28 with authentication is read from the external storage device 114, the hard disk device 128, or via the network 100 (V1). Next, the header-attached encrypted data 27, which is authentication data, is extracted from the electronic document 28 (V2). Further, the encrypted data 27D is separated from the encrypted data 27 with a header (V3). The decrypted means 30 decrypts the separated encrypted data 27D with the public key 29 (# 3) of the external certification authority (V4). As a result, composite data of the encrypted data 31D and the second external authentication data 31A is generated. If there is no falsification in the authentication data, the encrypted data 31D is the same as the encrypted data 11D or 10D, and the second external authentication data 31A is the same as the external authentication data 23A.
[0186]
Next, the encrypted data 31D and the second external authentication data 31A are separated (V5). Further, the date authentication 31A-D is taken out from the external authentication data 31A, and this second authentication of the external certification authority 99 is confirmed (V6). On the other hand, the encrypted data 31D is decrypted by the decryption means 14 using the public key 13 (# 2) of the external authentication authority 99, and composite data of the encrypted data 15D and the external authentication data 15A is generated (V7). If there is no falsification in the authentication data, the encrypted data 15D is the same as the encrypted data 6D or 7D, and the external authentication data 15A is the same as the first external authentication data 7A.
[0187]
Next, the composite data is separated into external authentication data 15A and encrypted data 15D (V8), and date authentication data 15A-D is taken out from external authentication data 15A (V9). As a result, the first authentication by the external certification authority 99 is confirmed.
[0188]
Next, the encrypted data 15D is decrypted by the decryption means 17 using the creator's public key 16 (# 1), and the feature data 18 with a header is generated (V10). Further, the heading 18H and the feature data 18D are separated (V11).
[0189]
On the other hand, the encrypted data 27 with header is removed from the electronic document with authentication 28, and the feature data 21 is extracted from the original electronic document 19 by the feature extraction means 20 (V12). Then, the feature data 18D separated in step V11 and the feature data 21 are collated by the collating means 22, and identity determination data 22-J is generated (V13).
[0190]
Whether or not the electronic document 19 and the electronic document 1 are the same is determined based on the identity determination data 22-J that is the collation result (V14). If it is determined that they do not match, the display device 111 displays a mismatch ( V15). On the other hand, if it is determined that they are the same, the authentication dates 31A-D and 15A-D are displayed, and further the display indicating that they are the same is performed (V16). In this way, the identity determination of the electronic document with enhanced falsification prevention is completed.
[0191]
As described above, the electronic document falsification preventing system and method according to the embodiment of the present invention is related to the authenticated electronic document 28 that has been authenticated and encrypted twice by the external certification authority 99 for a period of time. Since the identity is verified and the external authentication is confirmed, it is possible to easily determine the identity of the electronic document 28 with enhanced tampering prevention. In addition, since it is possible to prevent falsification of documents with new encryption before the years when there is a risk of decryption, even if long-term electronic document storage is performed, the validity of the document can be proved at the venue of trial Become.
[0192]
In the present embodiment, an example has been described in which the identity of the electronic document 28 that has been re-authenticated once (total of two times of external authentication), such as the electronic document 28, is determined. You may determine identity. When the number of authentications is repeated, the identity of the electronic document can be determined by increasing the number of times of decryption.
[0193]
(Fifth embodiment)
In the present embodiment, an electronic contract document creation system using the electronic document falsification prevention system described in the first or third embodiment will be described.
[0194]
FIG. 13 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification preventing system according to the fifth embodiment of the present invention, and the same parts as those in FIGS. 4, 7, 9 and 11 are the same. Reference numerals are assigned and explanations thereof are omitted. Further, the document authentication system 101 and the external authentication system 102 shown in FIGS. 2 and 3 are used in the system of this embodiment, and the unique functional part of this embodiment is the document authentication program 133 or the external authentication program. This is due to the modification to 134.
[0195]
This electronic document falsification prevention system includes a document authentication system 101 (hereinafter also referred to as “System A 101a”) used by one of the contractors and a document authentication system 101 (hereinafter referred to as “secondary” of the contractor). , Which is also referred to as a second system 101b) and an external authentication system 102. This electronic document falsification prevention system is also an electronic contract preparation system for making a contract between Party A and Party B. In addition, the former system 101a, the second system 101b, and the external authentication system 102 are connected by a network as shown in FIG.
[0196]
The former system 101a uses the former secret key 4 (first party) as the secret key 4 (# 1), and transmits the encrypted data 6 with a header to the second system 101b instead of the external authentication system 102. Further, the former system 101a receives the encrypted data 40 with the header as the composite data 11 received from the external authentication system 102, attaches it to the electronic document 1 and creates the authenticated electronic document 41 which is an electronic contract, The configuration is the same as that of the document authentication system 101 of the third embodiment.
[0197]
On the other hand, the second system 101b generates combined data obtained by adding the second authentication data 32A to the encrypted data 32D in the encrypted data 6 with header received from the former system 101a, and creates means for generating the authentication data 32 with header (FIG. (Not shown), the encryption means 34 for encrypting the combined data with the secret key 33 (second) of the second party, the header 32H (35H) of the authentication data 32 with the header, and the encrypted data encrypted by the encryption means 34 In addition to means (not shown) for creating an electronic signature 35 by combining with 35D, and means (not shown) for transmitting the electronic signature 35 to an external authentication system via a network, the first or first The configuration is the same as the document authentication system 101 of the third embodiment.
[0198]
In addition, the former system 101a and the second system 101b may be a system capable of executing the same processing by combining the functions described above.
[0199]
Further, the external authentication system 102 is configured to perform the same processing as that of FIG. 4 on the authentication data 36 with header instead of the authentication data 7 with header, and further, the encrypted data with header is sent to the former system 101a instead of the second system 101b. In addition to transmission, the configuration is the same as in the first or third embodiment. That is, the authentication data with header 36 is the authentication data 7 with header in FIG. 4, the encrypted data 36D is the encrypted data 7D in FIG. 4, the external authentication data 36A is the external authentication data 7A in FIG. 4, and the header 36H is in the header 7H in FIG. Correspond. Also, the encrypted data 39 with header corresponds to the composite data 10 in FIG. 4, the header 39H corresponds to the header 10H in FIG. 4, and the encrypted data 39D corresponds to the encrypted data 10D in FIG. Further, the encryption means 38 corresponds to the encryption means 9 of FIG. 4, and the secret key 37 corresponds to the secret key 8 of FIG. The encrypted data 36D is authentication data of A and B encrypted by each of A and B, and the encrypted data 39 is obtained by further applying external authentication to the authentication data of A and B.
[0200]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIGS.
[0201]
FIG. 14 is a flowchart showing the operation of the electronic document falsification preventing system of this embodiment.
[0202]
First, in the former system 101a, the electronic document 1 is read from the external storage device 114, the hard disk device 128, or via the network 100 (W1). Next, the headline part is taken out from the electronic document 1, the money amount information and the stamp tax payer name are entered, and other necessary items are edited to become the headline 3H (W2).
[0203]
Next, feature data 3D is extracted from the electronic document 1 by the feature extraction means 2 (W3). Further, the characteristic data 3D is encrypted by the encryption means 5 using the secret key 4 (the former) of the contractor A, and the encrypted data 6D is generated (W4). The headline 3H (6H) and the encrypted data 6D are combined to generate the encrypted data 6 with a headline that is the electronic signature data of the contractor A (W5).
[0204]
The electronic signature data of the contractor A is transmitted together with the electronic document 1 from the system A to the system 101b used by the contractor (W6). The reason why the electronic document 1 is transmitted to the second party is that the second party can confirm the contents of the document when the second party authenticates.
[0205]
In the second system 101b, first, the electronic signature of the contractor A (encrypted data 6 with a header) and the electronic document 1 are received (W7). The received electronic signature data is separated into a header 32H and encrypted data 32D (W8).
[0206]
Next, the second authentication data 32A is combined with the encrypted data 32D to generate combined data (W9). This authentication data 32A includes the name and date of the second party. Next, the encrypted data 32D and the authentication data 32A are encrypted by the encryption means 34 using the secret key 33 of the second party, and the encrypted data 35D is generated (W10).
[0207]
The headline 32H (35H) and the encrypted data 35D are combined to form the electronic signature 35 (encrypted data 35 with the headline) of Party A and B (W11). The electronic signature 35 includes a part encrypted with the private key 4 (Class A) of the first party and a part encrypted with the secret key 33 (Class B) of the party B, and the name of the party B is also included in the header 6H and the authentication data 32A. Because they are included, they are substantially both electronic signatures. In addition, the legitimate electronic signature of Party B may be included in the header 35H or the encrypted data 35D.
[0208]
The electronic signature 35 of Party A and Party B generated in this way is transmitted to the external authentication system 102 of the external certification authority 99 via the network 100 (W12).
[0209]
In the external authentication system 102, the electronic signatures 35A and B are received (W13). Next, the electronic signature 35 of Party A and Party B is separated into a heading 36H and encrypted data 36D (W14). Further, the external authentication data 36A of the external certification authority is combined with the encrypted data 36D (W15). The external authentication data 36A includes the name and date of the external certification authority 99 and an article for which the stamp tax has been paid. Regarding payment of stamp duty, Party A makes a contract with external certification body 99 in advance.
[0210]
Next, the encrypted data 36D and the authentication data 36A are encrypted by the encryption means 38 using the private key 37 of the external authentication authority 99, and the encrypted data 39D is generated (W16). Further, the header 36H (39H) and the encrypted data 39D are combined to complete the header-added encrypted data 39 that is an electronic signature of Party B and the external certification authority 99 (W17). This electronic signature is transmitted to the former system 101a via the network (W18).
[0211]
In the former system 101a, the header-attached encrypted data 39, which is an electronic signature, is received as the header-attached encrypted data 40 (W19). Then, the encrypted data 40 with a headline that is an electronic signature is combined with the electronic document 1 to complete an electronic contract 41 (an electronic document 41 with authentication).
[0212]
As described above, in the electronic document falsification preventing system and method according to the embodiment of the present invention, authentication is performed with respect to the electronic document 1 by the user A, the user B, and the external authentication authority 99, and the authentication data is used with the respective secret keys. Is encrypted, it is possible to prevent falsification of the created electronic contract and to make it an electronic document with proof ability.
[0213]
In other words, when the electronic contract is falsified, the feature data of the electronic document 1 changes, and the feature data 3D extracted first is encrypted by the contractor A and all of the external certification bodies. Since electronic contracts can always be discovered when falsified, contracts can be made using electronic documents instead of paper. Furthermore, although a conventional paper document requires advanced technology to determine whether or not tampering has occurred, the tampering prevention system for electronic documents according to the present invention can easily prove tampering. In addition, the storage location can be reduced by computerization, and power transmission to a remote location can be performed instantaneously, and search by a computer can be performed.
[0214]
In addition, in paper contracts, there was a bad practice of stamping out slashes in order to correct lexical errors, but electronic conversion makes it possible to exchange documents instantly between contractors. Even if it is corrected immediately, it becomes possible to re-sign, and troubles between contractors can be prevented. Since the contract amount and the stamp tax payer name are described in the electronic signature 35, it is not necessary to send the electronic document itself to the external certification body, and the electronic contract can be used even when there is a matter to be kept secret.
[0215]
Further, in the present embodiment, the feature data is extracted from the electronic document 1 and is given authentication by Party B and an external certification authority. However, the present invention is not limited to such a case. For example, if the person who is related to the document creator or the boss adds data corresponding to the boss seal or the like to the original electronic document 1 itself, and the feature data 3D is extracted from the electronic document 1 to which the boss seal is added, In particular, it is possible to take out the electronic document 1 to which the boss's authentication is given. This is because if the original electronic document is falsified, the feature data changes.
[0216]
Further, for example, in the present embodiment, the case where the contractor is two persons, the former and the second, has been described, but the present invention is not limited to such a case. For example, if the contractor has three parties, Party A, Party B, and Samurai, if the Step of Party B in FIG. A similar electronic contract can be created. Also, if the contractor has more dings, this step can be repeated even if the tying is attached. Therefore, an electronic contract can be created and used regardless of the number of contractors.
[0217]
(Sixth embodiment)
In the present embodiment, a system for confirming that the electronic contract created in the fifth embodiment is authentic and retrieving authentication information such as each authentication date assigned by the contractor or the external certification body will be described.
[0218]
FIG. 15 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification prevention system according to the sixth embodiment of the present invention, which is the same as FIG. 4, FIG. 7, FIG. 9, FIG. Are denoted by the same reference numerals, and the description thereof is omitted. In addition, the system of the present embodiment uses the authenticated document authentication system 103 shown in FIG. 6, and the unique functional part of the present embodiment is due to the modification to the authenticated document confirmation program 135. is there.
[0219]
This electronic document falsification prevention system is configured as the authentication document confirmation system 103 shown in FIG. 1 and is also an electronic contract verification system.
[0220]
The authentication document confirmation system 103 applies the public key 42 (recognition) of the external certification authority 99 and the public key 45 (subscriber's public key 45) to the encrypted data 40 with a header attached to the electronic contract 41 (electronic document 41 with authentication). B) and the contractor A's public key 48 (A) are decrypted, the authentication fact and date of the external certification body, the authentication fact and date of B are taken out and the authentication is confirmed, and the feature data 50 is taken out, On the other hand, the feature data 52 is taken out from the electronic document 1 from which the header-attached encrypted data 40 is removed, and the feature data 50 and 52 are collated to determine the identity.
[0221]
For this purpose, the electronic document falsification prevention system includes means (not shown) for extracting the encrypted data 40 with a header from the electronic contract document 41, and the encrypted data 40D included therein is used as the public key 42 (authorized) of the external certification authority. ), A means (not shown) for taking out the authentication fact and authentication date of the external certification authority as date authentication 44A-D from the external authentication data 44A decrypted by the decryption means 43, and decryption And decryption means 46 for decrypting the encrypted data 44D decrypted by the decryption means 43 with the public key 45 (second party) of the second party. Further, a means (not shown) for extracting the authentication fact and authentication date of the user as date authentication 47A-D from the authentication data 47A decrypted by the decryption means 46, and the encryption decrypted by the decryption means 46 Decryption means 49 for decrypting the data 47D with the public key 48 (Class A) is provided. On the other hand, a feature extraction unit 51 that performs feature extraction from the original electronic document 1 from which the encrypted data 40 with the header is removed from the electronic contract 41 and generates the feature data 52, and the feature data 52 and the decryption unit 49 Collation means 53 is provided for collating the decrypted feature data 50D with the electronic document identity determination 53-J.
[0222]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIG.
[0223]
First, the electronic contract 41 is read from the external storage device 114 and the hard disk device 128 or via the network 100, and the header-attached encrypted data 40, which is authentication data, is extracted. The encrypted data 40D is taken out from the encrypted data 40 with the header, and is decrypted by the decrypting means 43 using the public key 42 of the external certification authority to generate encrypted data 44D and authentication data 44A. The encrypted data 44D corresponds to the encrypted data 36D in FIG. 13, and the external authentication data 44A corresponds to the external authentication data 36A in FIG.
[0224]
Date authentication 44A-D is taken out from the external authentication data 44A. The encrypted data 44D is decrypted by the decrypting means 46 using the contractor's public key 45, and the encrypted data 47D and the authentication data 47A are taken out. The encrypted data 47D corresponds to the encrypted data 32D in FIG. 13, and the authentication data 47A corresponds to the second authentication data 32A in FIG.
[0225]
The date authentication 47A-D of the second party is taken out from the authentication data 47A. The encrypted data 47D is decrypted by the decrypting means 49 using the contractor's public key 48, and the feature data 50D is taken out.
[0226]
On the other hand, the data obtained by removing the authentication data 40 from the electronic document 41 corresponds to the data of the electronic document 1. Feature data 52 is obtained by extracting features from the data corresponding to the electronic document 1 by the feature extraction means 51.
[0227]
The matching means 53 compares the feature data 50D with the feature data 52 to obtain the identity determination 53-J. If the identity determination 53-J indicates the same, the electronic document has not been tampered with. If not, tampering has been performed.
[0228]
In addition, the certification facts of the external certification body and B for the electronic document 1 prepared by Party A and the certification date are displayed, and the validity of the contract is confirmed.
[0229]
As described above, the falsification preventing system and method for an electronic document according to the embodiment of the present invention is the same as that for determining the identity based on the feature data 50D and 52 and the authentication fact and authentication of the external certification authority and the second party for the electronic document 1 created Since the date is confirmed, it is possible to effectively determine the identity of the electronic contract and to prove the validity of the document at the trial site.
[0230]
In this embodiment, the case where the contractor is the party A and the party B has been described, but the present invention is not limited to this case. When the contractor becomes three parties of Party A, Party B, and Samurai, even if the Step of Party B in FIG. In addition, if the contractor has more dings, it is only necessary to repeat step B even if they are attached. Therefore, it is possible to confirm an electronic contract document exchanged among a plurality of persons regardless of the number of contractors.
[0231]
(Seventh embodiment)
In the present embodiment, a specific example of the editing unit for the heading 11H in FIGS. 4 and 7 in each of the above embodiments will be described, and the display editing unit for displaying or printing the authenticated electronic document 12 will be described. .
[0232]
FIG. 16 is a diagram showing an example of a functional configuration and a processing flow of the electronic document falsification preventing system according to the seventh embodiment of the present invention, and FIG. 4, FIG. 7, FIG. 9, FIG. The same parts are denoted by the same reference numerals, and the description thereof is omitted. In the system of this embodiment, the document authentication system 101 shown in FIG. 2 or the authenticated document confirmation system 103 shown in FIG. 6 is used. The unique functional part of this embodiment is due to the modification of the document authentication program 133 or the authentication document confirmation program 135.
[0233]
This electronic document falsification prevention system is obtained by adding the following means to the document authentication system 101 or the authentication document confirmation system 103 shown in FIG. Hereinafter, a case of the document authentication system 101 will be described as an example.
[0234]
The document authentication system 101 of this embodiment includes a display printing unit in addition to the same configuration as that of the first, third, and fifth embodiments, and specifically shows a headline editing unit.
[0235]
As the headline editing means, when editing the headline 11H, a scanner 115 (FIG. 2 and the like) that captures the display object on which the seal stamp or the like is pressed as an image stamp 54 that is image information, and this seal stamp 54 is one of the electronic seal stamps 60. Means (not shown) to be added to the part, feature extraction means 55 for extracting feature from the seal impression 54 to generate feature data, encryption means 58 for encrypting the feature data 56 with the secret key 4, and encryption Means (not shown) for adding the encrypted seal stamp 59 to a part of the electronic seal stamp 60, input means (input device 112) for adding a name or the like to the electronic seal stamp 60, and the completed electronic seal stamp 60 as a heading 11H (3H) Means (not shown) for adding to the feature data 3 with headings (combined data 11 in FIG. 16) is provided. The electronic seal stamp 60 is formed by combining the seal 54, the encrypted seal 59, and the name of the owner.
[0236]
On the other hand, the display printing means includes means (not shown) for extracting date / signature / imprint information 61 from the heading 11H of the composite data 11, and means 62 for shaping these data so as to be within the display area. A means (not shown) for taking out the electronic document 1 from the electronic document 12 with authentication, a tag described in the taken-out electronic document 1 and date / signature / imprint information formed into the display area information 1T. Means for superimposing (not shown) and means for printing or displaying the superimposed display document 63 (display device 111, printing device 113) are provided.
[0237]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIG. 16, FIG. 17, FIG.
[0238]
First, processing for generating the electronic seal stamp 60 will be described with reference to FIGS. 16 and 17.
[0239]
FIG. 17 is a flowchart showing electronic seal stamp generation processing of the electronic document tampering prevention system according to this embodiment.
[0240]
First, the owner name of the electronic seal stamp is input by the input device 112 (X1). Next, the seal impression data 54 is read (X2). As the seal impression data, data obtained by pressing a seal stamp on paper and reading it with a scanner 115 is used.
[0241]
Next, features are extracted from the seal impression data 54 by the feature extraction means 55 to generate feature data 56 (X3). The feature data 56 is encrypted by the encryption means 58 using the owner's private key 4 to generate an encrypted seal 59 (X4). The seal stamp data 54, the encrypted seal stamp 59, and the owner name input in step X1 are collected as one data to generate an electronic seal stamp 60 (X5). And the electronic seal stamp 60 is put into the header data 3H of FIG. 1 of 1st Embodiment. As a result, the data of the electronic seal stamp 60 is stored in the header 11H of the electronic document 12 with authentication in FIG. 16 (X6).
[0242]
Next, referring to FIG. 18, an electronic seal stamp verification process in which falsification is prevented will be described.
[0243]
FIG. 18 is a flowchart showing an electronic seal collation process of the electronic document falsification preventing system of the present embodiment.
[0244]
This collation process is performed separately from the identity determination of the electronic document 1 itself, and evaluates the validity of the electronic seal stamp (electronic signature) included in the heading 11H. This processing means is not particularly shown in FIG. 16, but the means is realized by the document authentication program 133 or the authentication document confirmation program 135 and the system hardware, and realizes the processing shown in FIG. To do.
[0245]
First, an owner name is input (Y1). According to the owner name, the owner's public key is read from the external storage device 114, the hard disk device 128, or via the network 100 (Y2). Next, the encrypted seal stamp in the electronic seal stamp 60 is decrypted using the public key (Y3).
[0246]
On the other hand, feature extraction is performed from the seal stamp data in the electronic seal stamp 60 (Y4). Next, the feature data decoded in step Y3 and the feature data extracted in step Y4 are collated (Y5).
[0247]
This collation result is determined (Y6), and if the seals do not match, this is displayed on the display device 111. On the other hand, if the seals match, a message to that effect is displayed.
[0248]
Next, a process of editing a document and a headline so that an electronic seal stamp or date can be displayed or printed on the electronic document will be described with reference to FIGS.
[0249]
FIG. 19 is a flowchart showing document headline editing processing of the electronic document falsification preventing system of this embodiment.
[0250]
First, the electronic document 1 is edited (Z1). This process is a creation work of the electronic document 1 itself and a work by the system user. Further, a display area is set in the electronic document 1 by the work of the system user (Z2). At this stage, a place for displaying date / signature / imprint information is determined.
[0251]
Next, a tag and display area information 1T are embedded in the display area created in step Z2 inside the electronic document 1 (Z3).
[0252]
The headline editing is entered from here, and the date / signature / imprint information 61 is edited (Z4). Further, title information to be embedded in the header data 11H is input, or a title portion in the electronic document is designated and the value is taken into the header 11H (Z5). Then, the heading 11H is saved (Z6).
[0253]
Next, the electronic document 1 is stored (Z7). Since the headline 11H itself is not embedded in the electronic document 1, the document may be stored in step X7 immediately after the tag and display area information 1T are embedded in the electronic document 1 in step Z3.
[0254]
The above processing records in which case the date / signature / imprint information 61 should be displayed in the electronic document 1. Therefore, when the electronic document 1 is displayed or printed, as shown in FIG. The display document 63 can be formed by superimposing the date, signature, and seal on the screen.
[0255]
As a result, the electronic seal stamp 60 that prevents falsification is attached to the electronic document 12 that is prevented from being falsified, and is further displayed or printed as a display document 63 in which these are superimposed.
[0256]
As described above, in the electronic document falsification preventing system and method according to the embodiment of the present invention, the electronic seal stamp 60 encrypted by performing feature extraction is added to the heading 3H. It is possible to determine whether or not the electronic document exists, and it is possible to paste an imprint that prevents tampering on the electronic document.
[0257]
In addition, the imprint that prevents falsification can be displayed and printed together with an electronic document that can prevent falsification and determine whether or not falsification has occurred. The operation similar to that of a conventional paper document is possible. While the same operation as a conventional paper document is possible, the effect is very great because the document can be sent to a remote place instantly by transmission. In this case, the electronic document displayed on the display document 63 is more effective if an electronic document that has been subjected to identity determination and authentication confirmation is used.
[0258]
In the present embodiment, the case where one electronic seal stamp 60 is included in the heading 3H has been described, but the present invention is not limited to this. Since the heading data can be edited, it can be used not only in the cases shown in FIGS. 4 and 7, but also in the cases shown in FIGS. 13 and 15. You can put your date, signature and seal. In this case, it goes without saying that the electronic document 1 itself is not falsified.
[0259]
Further, in the above description, it is assumed that a stamp impressed on a sheet of paper is read and digitized by the scanner 115, but an electronic signature obtained by handwriting a signature on the paper and digitized by the scanner 115 may be used. .
[0260]
(Eighth embodiment)
In the present embodiment, an example of the configuration operation of the feature extraction unit used in the first to seventh embodiments will be described.
[0261]
FIG. 20 is a diagram for explaining a feature extraction method in the electronic document tampering prevention system according to the eighth embodiment of this invention.
[0262]
FIG. 21 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification prevention system of the present embodiment, and FIG. 4, FIG. 7, FIG. 9, FIG. The same parts are denoted by the same reference numerals, and the description thereof is omitted. In the system of this embodiment, the document authentication system 101 shown in FIG. 2 or the authenticated document authentication system 103 shown in FIG. 6 is used. The unique functional part of this embodiment is due to the modification of the document authentication program 133 or the authentication document confirmation program 135.
[0263]
This electronic document falsification prevention system is configured by providing the means described below as feature extraction means in the document authentication system 101 or the authentication document confirmation system 103 shown in FIG. Hereinafter, a case of the document authentication system 101 will be described as an example.
[0264]
As illustrated in FIG. 21, the feature extraction unit 2 (20, 51, 55) of the document authentication system 101 or the authentication document confirmation system 103 generates feature data 3D from the electronic document 1.
[0265]
The feature extraction means 2 is provided with a portion for storing data S_sum, 256 arrays for storing data IS_sum, and processing means (not shown). This processing means is a function realizing means for realizing the processing described below.
[0266]
First, FIG. 20 shows the data flow of the feature extraction means.
[0267]
In the figure, data itself such as an electronic document or a file, that is, Stream, forms an electronic document data sequence S. This electronic document data sequence S is an electronic document data sequence portion S1, S2, S3,. . , Sn.
[0268]
S_sum_stream generated from this stream forms a total data array S_s_stream. This total data arrangement S_s_stream includes total data arrangement portions SS1, SS2, SS3,. . Consists of SS1 is S1, S2, S3,. . , S256 is a total of 256 data. Similarly, in SS2, the total values of S257 to S512 are arranged as data.
[0269]
On the other hand, a stream of data IS is generated from Stream as an Interval String. This spaced data array IS is a spaced data array portion IS1, IS2, IS3,. . , ISn. Here, IS1 is S1, S2, S3,. . , S256, 256 pieces of head data are sequentially arranged, and IS2 is S1, S2, S3,. . , S256 is obtained by sequentially arranging 256 pieces of the second data. Similarly, IS3 to IS256 are configured. IS257 is one in which 256 head data of S257 to S512 are sequentially arranged. The same applies hereinafter.
[0270]
IS_sum_stream generated from this Interval String forms a total data array IS_s_stream at intervals. This spaced total data sequence IS_s_stream is divided into spaced total data sequence portions ISS1, ISS2, ISS3,. . Consists of The total data arrangement portions ISS1, ISS2, ISS3,. . Is generated from the data arrangement portions IS1 to ISn at intervals, and the generation method is S1 to Sn to SS1, SS2, SS3,. . Is the same as the method of generating
[0271]
Finally, the total data sequence S_s_stream and the total data sequence IS_s_stream with an interval become the feature data 3D.
[0272]
Here, the relationship between FIG. 20 and FIG. 21 will be described as follows.
[0273]
S1 is an array of 256-byte data. The total value of the data of S1 is stored in S_sum in FIG. 21, and the value of S_sum is output to S_s_stream. Even if S_s_stream is a word (16 bits) data array and a total value of 256 bytes is taken, no digits are lost. Similarly, the total value is output to S_s_steram for the data sequence S2 following S1. Thereafter, the same operation is performed from S3 to Sn.
[0274]
IS1 is an array of 256-byte data, followed by the first 1 byte of S1, the first 1 byte of S2, and the first 1 byte of S3, and the first 1 byte of S256 is stored. Similarly, IS2 is an array of 256-byte data, and the second byte of S1, the second byte of S2, the second byte of S3, and so on up to the second byte of S256 are stored. Similarly, IS3 similarly stores 256 bytes of data, and stores the third byte of S1, the third byte of S2, the third byte of S3, and the third byte of S256. IS256 follows the 256th byte of S1, the 256th byte of S2, the 256th byte of S3, and the 256th byte of S256 is stored. The data from IS1 to IS256 is summed and stored in IS_sum [0] to IS_sum [255] in FIG. 21, and the sequence of IS_sum is output to IS_s_stream. Even if IS_s_stream takes a total value of 256 bytes in the word data array, no digits are lost.
[0275]
In this way, feature data composed of S_s_stream and IS_s_stream is obtained. Next, the flow of this processing will be described with reference to FIG.
[0276]
FIG. 22 is a flowchart showing an example of the feature data extraction process of the electronic document falsification prevention system of this embodiment.
[0277]
First, all data are initialized (A1). Next, it is checked whether there is data of the electronic document data array S (A2).
[0278]
If there is data, the process moves to step A3, where 1 byte is read from S. On the other hand, if there is no data, the process proceeds to step A4, where an end process is performed.
[0279]
After reading 1 byte from S in step A3, the read value is added to S_sum and IS_sum [i] (A5).
[0280]
Next, it is checked whether i is 255 (A6). If i is not 255, i is incremented by 1 (A7), and the process returns to step A2. On the other hand, when i is 255 (A6), the value of S_sum is output to S_s_stream and i is returned to zero (A8).
[0281]
Next, it is checked whether j is 255 (A9). If j is not 255, j is incremented by 1 (A10), and the process returns to step A2. On the other hand, if j is 255 (A9), the values from IS_sum [1] to IS_sum [255] are output to IS_s_stream, j is returned to zero (A11), and the process returns to step 2.
[0282]
By such processing, the data of the electronic document is sequentially read byte by byte, and the data (S_s_stream, IS_s_stream) in FIG. 20 is continuously generated and output as feature data 3D until all the data is processed.
[0283]
When S_s_stream and IS_s_stream are used as feature data, any one byte value of S_s_stream changes even if any one-byte value of electronic document data array S (electronic document 1, seal 54, etc.) changes. Further, even if any two bytes of the electronic document data array S are exchanged, one word of IS_s_stream changes.
[0284]
For example, when data is exchanged within the data portion of S1, the total value of S1 does not change, but some value from IS_sum [0] to IS_sum [255] necessarily changes. As a result, the fact of falsification is found no matter which data of the electronic document 1 is falsified. Further, since the 256-byte data of S1 is compressed into one word and the 256-byte data of IS1 is compressed into one word, the data is compressed to 1/64 size of the original data. Further, the feature data generated in this way is compressed in one direction, and the original data cannot be reproduced from the feature data.
[0285]
As described above, the electronic document falsification prevention system and method according to the embodiment of the present invention generates S_s_stream and IS_s_stream as shown in FIG. 20 as feature data by the feature extraction unit. Regardless of how any part of the data changes, the change can be discovered. In addition, the feature data has a significantly smaller data size than the original data and is easy to handle. In addition, the feature data can be easily extracted, and the calculation can be performed at high speed.
[0286]
Further, since the original data cannot be reproduced from the feature data, when it is not desired to disclose the electronic document 1 to the external certification authority 99, the electronic document can be authenticated without disclosing the authentication target. This is because the method using the feature data does not require delivery of the document itself for authentication of the electronic document.
[0287]
(Ninth embodiment)
In the present embodiment, another example of the configuration operation of the feature extraction unit used in the first to seventh embodiments will be described.
[0288]
FIG. 23 is a diagram for explaining a feature extraction method in the electronic document tampering prevention system according to the ninth embodiment of this invention. The same parts as those in FIG. .
[0289]
Further, the electronic document falsification preventing system of the present embodiment uses the document authentication system 101 shown in FIG. 2 or the authenticated document authentication system 103 shown in FIG. 6, and the following means is provided as the feature extraction means. ing. The unique functional part of the present embodiment is due to a modification to the document authentication program 133 or the authentication document confirmation program 135.
[0290]
The feature extraction in this embodiment is performed in the same manner as in the eighth embodiment until S_s_stream and IS_s_stream are extracted. Also, S_s_stream ′ is generated from S_s_stream, and IS_s_stream ′ is generated from IS_s_stream, and these S_s_stream ′ and IS_s_stream ′ are used as final feature data 3D. Note that S_s_stream ′ and IS_s_stream ′ are composed of long words (32 bits).
[0291]
Specific processing is as follows.
[0292]
First, the steps up to the generation of SS1 and the like and ISS1 and the like are the same as in the eighth embodiment. In the eighth embodiment, SS1 etc. and ISS1 etc. are output as they are as S_s_stream and IS_s_stream without being divided in units of 256 words in the actual processing. On the other hand, in FIG. 23, S1, S2, S3,. . , Sn is summed up 256 bytes at a time, and a longword string of the total value of SS1, SS2,..., SS256 in 256 words is output to S_s_stream ′. Also, IS1, IS2, IS3,. . , IS256 is output to IS_s_stream ′.
[0293]
In other words, S_s_stream ′ includes SS1, SS2,. . Each total value is sequentially output as a data array, and similarly, IS_s_stream ′ includes ISS1, ISS2,. . Each total value is sequentially output as a data list.
[0294]
Accordingly, in FIG. 20, S_s_stream is a word stream, but in FIG. 23, S_s_stream ′ is a longword stream. Similarly, in FIG. 20, IS_s_stream is a word stream, but in FIG. 23, IS_s_stream is a longword stream. As a result, the data amount is further compressed to 1/128, and becomes the first 1/8192 size.
[0295]
As described above, the electronic document falsification preventing system and method according to the embodiment of the present invention generates S_s_stream ′ and IS_s_stream ′ as shown in FIG. 23 as feature data by the feature extraction unit. In addition to the same effects as those of the eighth embodiment, the feature data can be made more compact than in the case of the eighth embodiment.
[0296]
In the ninth embodiment, the total of 256 pieces of data is performed once more than in the eighth embodiment, but the data may be compressed not only once but repeatedly. In this way, the feature data can be made more compact.
[0297]
(Tenth embodiment)
In the present embodiment, still another example of the configuration operation of the feature extraction unit used in the first to seventh embodiments will be described.
[0298]
FIG. 24 is a diagram for explaining a feature extracting method in the electronic document falsification preventing system according to the tenth embodiment of the present invention.
[0299]
FIG. 25 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification prevention system of the present embodiment, and FIGS. 4, 7, 9, 11, 13, 15, and 16. The same parts are denoted by the same reference numerals, and the description thereof is omitted. In the system of this embodiment, the document authentication system 101 shown in FIG. 2 or the authenticated document authentication system 103 shown in FIG. 6 is used. The unique functional part of this embodiment is due to the modification of the document authentication program 133 or the authentication document confirmation program 135.
[0300]
This electronic document falsification prevention system is configured by providing the means described below as feature extraction means in the document authentication system 101 or the authentication document confirmation system 103 shown in FIG. Hereinafter, a case of the document authentication system 101 will be described as an example.
[0301]
As shown in FIG. 25, the feature extraction means 2 (20, 51, 55) of the document authentication system 101 or the authentication document confirmation system 103 generates feature data 3D from the electronic document 1.
[0302]
The feature extraction means 2 is provided with a separator table 2T and a word array 2W.
[0303]
On the other hand, in FIG. 24, the electronic document 1 is composed of a sequence of words and separators. A separator separates words such as white space and punctuation marks in a document. The word array 2W is composed of a sequence of word data and their order. On the other hand, the feature data 3D is composed of an order data sequence of the word array 2W.
[0304]
In addition, the separator table 2T is registered in advance for use as a separator. On the other hand, the word array 2W includes an area for storing words and the order of the array.
[0305]
Next, feature extraction processing in the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described.
[0306]
First, as shown in FIG. 24, data is sequentially read from the beginning of the electronic document 1 composed of words and separators, and data delimited by the separators and separators is regarded as words. Of the found words, a new one is registered in the word array 2W, and the array number of the word is written in the feature data 3D. That is, the sequence number itself is the feature data.
[0307]
That is, one character read by the feature extraction means 2 is compared with the data in the separator table 2T, and if it is not a separator, the next one character is read. Reading is performed sequentially, and a character string obtained by continuing reading is detected as a word. In this case, it is determined whether or not the character string is a new word. In the case of a new word, it is registered in the character array 2W and the registration number is written out as feature data 3D. In the case of a word that has already appeared, the registration number is written in the feature data 3D.
[0308]
This process will be described more specifically with reference to FIG.
[0309]
FIG. 26 is a flow chart showing an example of feature data extraction processing of the electronic document falsification prevention system of this embodiment.
[0310]
First, all data is initialized (B1). Next, it is checked whether there is data of the electronic document 1 (B2). If there is data, one character is read (B3). If there is no data (B2), end processing is performed (B4).
[0311]
Next, whether or not the read one character is a separator is determined by comparison with the data in the separator table 2T (B5). When the read one character is a separator (B5), the separator table 2T is compared with the separator (B6). On the other hand, if the read one character is not a separator (B5), the character is put in the buffer and the process returns to step B2 (B7).
[0312]
After step B6, the table data (hash table) in the array 2W is compared with the buffer data (B8). Step B6 determines the type of the separator itself, and step B8 determines the type of word configured in the buffer.
[0313]
Next, if the table data (array 2W) and the separator are not the same as the result of step B6 (B9), the data is registered in the table 2W (B10) and the process proceeds to step B11. On the other hand, if they are the same (B9), the process proceeds to step B11 without performing step B10.
[0314]
In step B11, if the table data (array 2W) and the buffer data are not the same, the buffer data is registered in the hash table 2W (B12), and the process moves to step B13. On the other hand, in the same case (B11), the process moves to Step B13 without performing Step B12.
[0315]
In step B13, the table numbers of the separators and words determined in steps B9 to B12 are output to the feature data 3D. Thereafter, the process returns to step B2.
[0316]
As described above, the features of the electronic document 1 are extracted as the table number sequence of the hash table and obtained as the feature data 3D.
[0317]
As described above, in the electronic document falsification preventing system and method according to the embodiment of the present invention, the arrangement of the table numbers of words and separators is extracted as feature data by the feature extraction unit. Regardless of how any part changes, the change can be discovered. In addition, the data size is significantly smaller than the original data, and handling is easy. Furthermore, since the original data cannot be reproduced from the feature data, the electronic document can be authenticated even if it is not desired to disclose the electronic document to an external certification authority.
[0318]
(Eleventh embodiment)
This embodiment confirms the system user when using each document authentication system 101, external authentication system 102, and authenticated document confirmation system 103 in the electronic document falsification prevention system described in the first to seventh embodiments. A means for generating information for generating information and generating an encryption key (secret key, public key, etc.) used in each system will be described.
[0319]
FIG. 27 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification preventing system according to the eleventh embodiment of the present invention, and FIG. 4, FIG. 7, FIG. 9, FIG. The same parts as those in FIG. 16 are denoted by the same reference numerals, and the description thereof is omitted. In the system of this embodiment, the document authentication system 101 shown in FIG. 2, the external authentication system 102 shown in FIG. 3, or the authenticated document authentication system 103 shown in FIG. 6 is used. The unique functional part of this embodiment is due to the modification of the document authentication program 133, the external authentication program 134, or the authentication document confirmation program 135.
[0320]
This electronic document falsification prevention system is configured by adding the following means to the same configuration as the document authentication system 101, the external authentication system 102, or the authenticated document confirmation system 103 shown in FIG. Hereinafter, a case of the document authentication system 101 will be described as an example.
[0321]
A document authentication system 101 shown in FIG. 27 reads a fingerprint of a system user and extracts features, and uses the feature data 67, a password 68 and a random number that are separately input, and encryption keys 71, 74, 75, 77S, and 77K. And the user authentication data 78 from the user name, ID (identification information), password, fingerprint, and generated encryption key. This personal authentication data 78 is used to confirm the system user in a twelfth embodiment described later.
[0322]
In order to generate the personal authentication data 78, the document authentication system 101 is input from a fingerprint reader 64, feature extraction means 66 for extracting feature data 67 from the fingerprint 65 read as image data, and the input device 112. Among the password 68 and the name / ID 69, the encryption key generation means 70 for generating the encryption key 71 from the password 68 and the feature data 67, the random number generator 72, the random number generated from the random number generator 72, the password 68 and the feature data 67 Private key public key generating means 73 for generating the private key 74 and the public key from the encryption key, and encryption means for generating the encrypted private key 77S and the encrypted encryption key 77K from the encryption key 71 and the private key 74. . Further, the document authentication system 101 receives the fingerprint 65, the encrypted secret key 77S, the encrypted encryption key 77K, the password 68 and the name / ID 69, and the fingerprint 78F, the encrypted secret key 78S, the encrypted encryption key 78K, and the password 78P. And means (not shown) for creating the personal authentication data 78 including the name / ID 78N.
[0323]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIGS. 27 and 28. FIG.
[0324]
FIG. 28 is a flowchart showing the operation of the electronic document falsification prevention system of this embodiment.
[0325]
This operation is a procedure for creating personal authentication data when the document authentication system 101 is activated.
[0326]
For this purpose, first, the name / ID data 69 and the password 68 are first input by the input device 112 and the system is activated (C1). Next, the fingerprint reader 64 is activated to read the fingerprint (C2). Thereby, fingerprint data 65 is obtained.
[0327]
Next, feature data 67 is extracted from the fingerprint data 65 by the feature extraction means 66 (C3). Further, the password 68 and the characteristic data 67 are used, and the encryption key 71 is generated by the encryption key generation means 70 (C4).
[0328]
Next, the password 68, the random number generator 72, and the feature data 67 are used, and the secret key public key generation means 73 generates a secret key 74 and a public key 75 (C4). In the present embodiment, the private key public key generating means 73 is compatible with the RSA method. DES or the like may be used.
[0329]
Next, the encryption key 71 and the secret key 74 are encrypted by the encryption means 76, and an encrypted secret key 77S and an encrypted encryption key 77K are generated (C6). In the present embodiment, the encryption unit 76 uses the DES method, which is one of the common key encryption methods, and uses the encryption key 71 as the encryption key. The encryption key 71 is encrypted by itself (generation of the encrypted encryption key 77K).
[0330]
The fingerprint data 65, the encrypted secret key 77S, the encrypted encryption key 77K, the password 68, and the name / ID 69 are grouped together as the personal authentication data 78 (C7) and stored in the hard disk device 128 or the like (C8). . Of this information, the public key 75 is registered at a predetermined location (C9).
[0331]
As described above, since the electronic document falsification preventing system and method according to the embodiment of the present invention generates the encryption key based on the fingerprint data, the personal authentication can be ensured. In addition, the user does not need to know the encryption key data itself, and the system can be used easily. Further, since the encryption key itself is encrypted and the secret key is encrypted, the contents of the encryption key and the secret key cannot be known even if the personal authentication data 78 is stolen. , Extremely safe information management can be performed.
[0332]
In this embodiment, a password is required for the encryption key generation means 70, but the present invention is not limited to such a case. For example, the same effect can be obtained even if the encryption key is generated only from the feature data 67. Further, for example, the password 68 and the random number generator 72 are required for the private key public key generation means 73, but the same effect can be obtained without either one or both.
[0333]
Furthermore, in this embodiment, the fingerprint is used to generate the encryption key, but the present invention is not limited to the fingerprint, and various biometric data can be used as long as the person can be identified, such as a voiceprint or an iris. Can be used.
[0334]
(Twelfth embodiment)
In the present embodiment, the system user registered in the system of the eleventh embodiment can use the system. That is, when using each document authentication system 101, external authentication system 102, and authenticated document confirmation system 103 in the electronic document falsification prevention system described in the first to seventh embodiments, the system user is confirmed. The means for enabling the use of encryption keys (secret keys, public keys, etc.) used in each system will be described.
[0335]
FIG. 29 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification preventing system according to the twelfth embodiment of the present invention, and FIG. 4, FIG. 7, FIG. 9, FIG. 16 and FIG. 27 are denoted by the same reference numerals, and the description thereof is omitted. In the system of this embodiment, the document authentication system 101 shown in FIG. 2, the external authentication system 102 shown in FIG. 3, or the authenticated document authentication system 103 shown in FIG. 6 is used. The unique functional part of this embodiment is due to the modification of the document authentication program 133, the external authentication program 134, or the authentication document confirmation program 135.
[0336]
This electronic document falsification prevention system is configured by adding the following means to the same configuration as the document authentication system 101, the external authentication system 102, or the authenticated document confirmation system 103 shown in FIG. Hereinafter, a case of the document authentication system 101 will be described as an example.
[0337]
The document authentication system 101 shown in FIG. 29 generates a password 68 and a fingerprint 65 when a person who has a legitimate use right wants to use the electronic document falsification prevention system, and is generated in the eleventh embodiment. After confirming the identity with the fingerprint 78F and password 78P stored in the personal authentication data 78 in advance, the encryption key is taken out from the fingerprint 78F, password 78P and encryption encryption key 78K, and further the encryption private key 78S is obtained with this encryption key. And the private key 4 is extracted to make the electronic document falsification preventing system of the first to seventh embodiments usable.
[0338]
For this purpose, the document authentication system 101 includes a fingerprint reader 64, collation means 81 for collating the read fingerprint 65 with the fingerprint 78F in the personal authentication data 78, a password 68 input from the input device 112, A collation unit 80 for collating the password 78P in the personal authentication data 78 and a determination logic unit 82 for determining the personal authentication from the results of the collation units 80 and 81 are provided. Further, the document authentication system 101 receives the fact that the person has been authenticated from the determination logic means 82, and extracts the feature data 67 from the fingerprint 78F, and generates the encryption key 71 from the feature data 67 and the password 78P. The encryption key generating means 70, the decryption means 83 for decrypting the encrypted encryption key 78K with the encryption key 71 and retrieving the encryption key 84, the encryption key 71 and the encryption key 84 are collated, and the encryption key 71 is correctly extracted. A verification means 85 for confirming the fact, a decryption means 86 for extracting the secret key 4 used in the electronic document falsification prevention system (FIG. 4 and the like) from the encrypted secret key 78 using the extracted encryption key 71, Display means 79 for displaying ID 78N and the like is provided.
[0339]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described with reference to FIGS. 29 and 30. FIG.
[0340]
FIG. 30 is a flowchart showing the operation of the electronic document tampering prevention system of this embodiment.
[0341]
This operation is a procedure for performing identity verification and secret key generation when the system of the document authentication system 101 is started based on the data for personal authentication by inputting biometric data or the like.
[0342]
First, when a name is input from the input device 112 to perform personal authentication, the personal authentication data 78 is read from the hard disk device 128 and the name / ID is displayed by the display unit 111. The system user confirms the name and ID and inputs the password 68 (D1).
[0343]
Next, the password 78P in the personal authentication data 78 is compared with the password 68 that has just been entered (D2). If the collations match, the fingerprint reader 64 reads the fingerprint and generates a fingerprint 65 as image data (D3).
[0344]
Next, the fingerprint collation means 81 collates the fingerprint 78F with the read fingerprint 65 (D4). If the collation matches (D4), the fingerprint 78F is extracted from the personal authentication data 78, and feature extraction is performed by the feature extraction means 66 to generate feature data 67 (D5). The use of the fingerprint 78F in the personal authentication data 78 without using the fingerprint 65 read here is that the read fingerprint 65 cannot match the fingerprint 78F without any difference in one bit, and every time it is taken, a slight amount is obtained. This is to make a difference. On the other hand, as described in the eighth to tenth embodiments, feature extraction is performed as different feature data even if there is a slight difference as described in the eighth to tenth embodiments. Therefore, the encryption key is extracted using the fingerprint itself extracted in the eleventh embodiment. 71 is to be taken out.
[0345]
That is, the feature data 67 and the password 78P are used, and the encryption key generating means 70 generates the encryption key 71 (D6). Next, the encrypted encryption key 78K is extracted from the personal authentication data 78 and decrypted with the encryption key 71 generated in step D6 (D7).
[0346]
Further, the encryption key 84 decrypted in step ST7 and the encryption key 71 generated in step ST6 are collated by the collation means 85 (D8). If the verification matches, it is considered that the person has been authenticated. Then, the encrypted private key 78S is extracted from the personal authentication data 78 and decrypted by the decrypting means 86 using the encryption key 71 to generate the private key 4 (D9).
[0347]
In this manner, the electronic document falsification prevention system can be used, and the processing described in each embodiment such as document reading (D10), feature extraction (D11), and encryption of feature data using the secret key 4 (D12) is performed. It becomes.
[0348]
As described above, the electronic document falsification preventing system and method according to the embodiment of the present invention reads the fingerprint 65 of the system user and collates it with the personal authentication data 78. The secret key 4 can be extracted from 78. Here, since the private key and the encryption key are encrypted and stored in the personal authentication data 78, even if the personal authentication data is stolen, the private key and the encryption key cannot be known and are very safe. is there. Further, since the encryption key is generated from the fingerprint 78F stored in the personal authentication data, the same encryption data can be reliably reproduced, and it is not necessary to inform anyone of the encryption data itself, which is extremely safe.
[0349]
In this embodiment, a password is also used for the encryption key generation means 70. However, an encryption key may be generated using only the feature data 67 in correspondence with the modification of the eleventh embodiment. In this embodiment, a key encrypted using a fingerprint is dealt with. However, the present invention is not limited to a fingerprint, and various biometric data can be used as long as the person can be identified, such as a voiceprint or an iris. The user may be authenticated.
[0350]
(Thirteenth embodiment)
In the present embodiment, a means for generating a fingerprint 65 from information read by the fingerprint reader 64 and a feature extraction means 66 for extracting a feature from the fingerprint 65 in the systems of the eleventh and twelfth embodiments will be described.
[0351]
FIG. 31 is a diagram showing an example of the functional configuration and processing flow of the electronic document falsification preventing system according to the thirteenth embodiment of the present invention, and FIG. 4, FIG. 7, FIG. 9, FIG. 16, 27, and 29 are assigned the same reference numerals, and descriptions thereof are omitted. In the system of this embodiment, the document authentication system 101 shown in FIG. 2, the external authentication system 102 shown in FIG. 3, or the authenticated document authentication system 103 shown in FIG. 6 is used. The unique functional part of this embodiment is due to the modification of the document authentication program 133, the external authentication program 134, or the authentication document confirmation program 135.
[0352]
This electronic document falsification prevention system is configured by adding the following means to the same configuration as the document authentication system 101, the external authentication system 102, or the authenticated document confirmation system 103 shown in FIG. Hereinafter, a case of the document authentication system 101 will be described as an example.
[0353]
A document authentication system 101 shown in FIG. 31 includes a fingerprint data extraction unit 87 that generates a fingerprint 65 from original fingerprint data 87F from a fingerprint reader 64, and a feature extraction unit 66 that extracts feature data 67 from the fingerprint 65. ing.
[0354]
The fingerprint data extraction means 87 is provided with boundary extraction means 87A, embossing means 87E, contour extraction means 87L, and binarization means 87B.
[0355]
On the other hand, the feature extraction means 66 is generated by the area cutout means 66S for cutting out the data 66SD from the fingerprint 65, the matching means 66M for matching the cut out data 66SD and the pattern 66P prepared in advance, and the matching means 66M. Means (not shown) for generating feature data 67 from single-digit data 66D is provided.
[0356]
Next, the operation of the electronic document falsification preventing system configured as described above according to the embodiment of the present invention will be described with reference to FIGS. 31, 32, 33, 34 and 35. FIG.
[0357]
FIG. 32 is a diagram illustrating an example of the fingerprint data 65.
[0358]
FIG. 33 is a diagram showing an example of data 66SD cut out from the fingerprint data 65 into a rectangular area.
[0359]
FIG. 34 shows a part of an example of a pattern to be matched.
[0360]
FIG. 35 is a flowchart showing the operation of the electronic document falsification prevention system of this embodiment.
[0361]
In FIG. 35, fingerprint data is first read by the fingerprint reader 64, and original fingerprint data 87F is obtained (E1).
[0362]
Next, the boundary of the fingerprint data is clarified by the boundary extraction means 87A (E2), and the embossing of the data with the clarified boundary is taken by the embossing means 87E (E3). Next, data outline extraction is performed (E4), and the extracted data is further binarized to obtain fingerprint data 65 (E5). FIG. 32 shows a sample of fingerprint data 65 obtained in this way.
[0363]
Next, the data 66SD is cut out while the area is designated by the area cutout means 66S (E6). A sample of the data cut out in this way is shown in FIG.
[0364]
Next, pattern matching between the data 66SD and the pattern data 66P is performed by the matching means 66M (FIG. 35E7). FIG. 34 shows an example of a pattern for performing matching. When the pattern matching is established, the matching data is taken out from the matching means 66M and used as one digit data 66D (E8).
[0365]
Next, it is checked whether or not the number of digits necessary to generate the feature data has been read from the fingerprint 65. If there is still data, steps E6 to E8 are repeated (E9). When the necessary number of digits is read (E9), feature data 67 generated from the one-digit data 66D is output.
[0366]
Thus, the feature data 67 for generating the encryption key from the fingerprint data 65 is generated.
[0367]
As described above, the electronic document falsification preventing system and method according to the embodiment of the present invention can generate the feature data 67 for generating the encryption key from the fingerprint data 65. It can be used for the personal authentication and secret key decryption system in the twelfth embodiment, and its effect is very great.
[0368]
[Description of 14th to 17th Embodiments]
According to the inventions described in the first to thirteenth embodiments, by adding the authentication of an external certification body in addition to the person who created the document, it is possible to prevent the document from being falsified by the created person. Can be digitized.
[0369]
However, when another author changes a part of the created document to make a new document, the original author, the new author, and the external certification authority need to authenticate again.
[0370]
Therefore, in the following fourteenth to seventeenth embodiments, when an electronic document is changed by a changer other than the original author with respect to the change of the electronic document and data that have been authenticated to prevent falsification, the original document is changed. A method and system for enabling re-authentication of a modified electronic document while maintaining author authentication will be described. That is, in the following embodiment, a history document or the like that has been made only with conventional paper can be imparted with reliability while clarifying the change history of an electronic document created by a plurality of authors over a plurality of periods. Realize digitized change documents.
[0371]
FIG. 36 is a diagram showing the overall configuration of an electronic document falsification preventing system and method including document changes in the fourteenth to seventeenth embodiments of the present invention.
[0372]
As shown in the figure, a network 1100 using a public line or a dedicated line is configured, and a document authentication system 1101, an external authentication system 1102 of an external authentication organization 1099, a document change authentication system 1103, and an authenticated document confirmation system 1104 are included in the network. Is connected.
[0373]
The document authentication system 1101 is a system configured similarly to the document authentication system 101 described in the first to thirteenth embodiments. The external authentication system 1102 receives information to be authenticated from the document authentication system 1101 and returns an authentication result. Also, the external authentication system 1102 receives information to be authenticated from the document change authentication system 1103 via the network 1100, and returns an authentication result.
[0374]
There may be a plurality of document authentication systems 1101, document change authentication systems 1103, and authentication document confirmation systems 1104, and they are used by different users.
[0375]
Further, the document authentication system 1101, the external authentication system 1102, the document change authentication system 1103, and the authentication document confirmation system 1104 are a display device, an input device, or a fingerprint reader device, a scanner device, etc. on a computer such as a workstation or a personal computer. Basically, different functions are realized by different operation programs. Accordingly, the document authentication system 1101, the document change authentication system 1103, and the authenticated document confirmation system 1104 may be configured on one computer.
[0376]
Further, the document change authentication system 1103 and the external authentication system 1102 can be configured on the same computer or a computer connected by a LAN or the like, and the entire authentication work can be performed in an external authentication organization.
[0377]
The electronic document change authentication system and method according to the present invention is a combination of the document authentication system 1101, the external authentication system 1102, the document change authentication system 1103, and the authentication document confirmation system 1104, or a part of the functions. It consists of. Further, in this specification, for convenience, the description is divided into the first to thirteenth embodiments and the fourteenth to seventeenth embodiments, but the systems belonging to both the embodiment groups are appropriately combined or one of them. It is also possible to appropriately combine or incorporate the partial functions.
[0378]
In the above case, the case where the instantaneous transfer of information via the network is assumed is described. However, as shown in FIG. 36, the document change authentication system 1101 to the outside via the recording media 97 and 98 such as a floppy disk. Necessary information can also be exchanged between the authentication systems 1102, or between the document authentication system 1101 and the document change authentication system 1103, and between the document change authentication system 1103 and the authenticated document confirmation system 1104.
[0379]
The corresponding fifteenth to seventeenth embodiments of the electronic document falsification preventing system and method including the document change having the above system configuration as a whole will be described.
[0380]
(Fourteenth embodiment)
The present embodiment relates to an electronic document changing system and method that can prevent tampering.
[0381]
FIG. 37 is a block diagram showing a hardware configuration example of a document change authentication system applied to an electronic document falsification preventing system including a document change according to the fourteenth embodiment of the present invention.
[0382]
In the document change authentication system 1103, a display device 1111, an input device 1112, a printing device 1113, an external storage device 1114, a fingerprint reader 1064, and a scanner 1115 are connected to a computer 1110.
[0383]
The hardware configuration of the document change authentication system 1103 is the same as that of the document authentication system 101 shown in FIG. 2, and the description thereof is omitted here. That is, the computer 1110, the display device 1111, the input device 1112, the printing device 1113, the external storage device 1114, the fingerprint reader 1064, and the scanner 1115 are the computer 110, the display device 111, the input device 112, the printing device 113, and the external storage device, respectively. 114, fingerprint reader 64, and scanner 115.
[0384]
The same applies to the configuration in the computer 1110, and each component 1116 to 1133 of the document change authentication system 1103 corresponds to each component 116 to 133 of the document authentication system 101.
[0385]
However, of the software elements stored in the hard disk device 1128, the RAM 1119, etc., the part corresponding to the document change authentication system 1103 is unique to this embodiment. That is, the program storage unit 1130 stores a program for realizing the document change authentication system 1101, and the RAM 1119 stores the document change authentication program 1133. As in the first embodiment, the document change authentication program 1133 is called from the program storage unit 1130 of the hard disk device 1128 and stored in the RAM 1119.
[0386]
In addition, the CPU 1117 controls each unit according to the document change authentication program 1133 in the RAM 1119 to realize the document change authentication system 1103.
[0387]
Each means (each process) or each means (each process) not shown in the process explanatory diagrams and flowcharts in this embodiment and the following embodiments is realized mainly by the operation of the CPU 1117 according to the document change authentication program 1133. Means.
[0388]
Next, the hardware configuration of the external authentication system will be described.
[0389]
FIG. 38 is a block diagram showing an example of the hardware configuration of an external authentication system applied to the electronic document tampering prevention system including document changes according to this embodiment. The same parts as those in FIG. The description is omitted.
[0390]
The external authentication system 1102 includes a computer system similar to the document change authentication system 1103. The difference from the document change authentication system 1103 is an operation program stored in the program storage unit of the hard disk device 1128. This operation program is called and stored in the RAM 1119 as the external authentication program 1134. The CPU 1117 controls each unit according to the external authentication program, and the external authentication system 1102 is realized. Further, the point that the function realizing means is configured by combining software resources (particularly the external authentication program 1134) and hardware resources is the same as in the case of the document change authentication system 1103.
[0390]
Next, each configuration of the electronic document falsification preventing system including document changes will be described with reference to FIGS. 39 and 40. FIG.
[0392]
FIG. 39 and FIG. 40 are diagrams showing an example of the functional configuration and the processing flow of the electronic document falsification preventing system including document changes according to this embodiment.
[0393]
The electronic document falsification preventing system including the document change includes a document change authentication system 1103 and an external authentication system 1102.
[0394]
First, the configuration of FIG. 39 will be described.
[0395]
The document change authentication system 1103 includes a separating unit 1005, a changer #n change and authentication unit 1006, and a combining unit 1009 so as to generate the change history-added electronic document 1011 from the change history-added electronic document 1001. It has become.
[0396]
Here, the electronic document with change history 1001 is an electronic document that has been changed in the past or an electronic document that has not been changed in the past but will be changed in the future, and the original electronic document with authentication 1002 and n-1 from the first change. It consists of changed part data 1003 with authentication up to the first change, and an electronic document 1004 with changed authentication for the (n-1) th time.
[0397]
The separating unit 1005 separates the change history-added electronic document 1001 into each component.
[0398]
The changer #n change and authentication unit 1006 sends the (n-1) th change electronic document with authentication 1 004 to the external authentication system 102, and based on the response result, the changer #n changes the nth change point 1007, The nth changed electronic document 1008 by the changer #n is output.
[0399]
The combining unit 1009 includes the authenticated original electronic document 1002, the changed data portion 1003 with authentication from the first change to the (n-1) th change, the nth change location 1007 by the changer #n, and n by the changer #n. The electronic document 1011 with change history is generated by combining the electronic document 1008 with the second change. Here, the change history-added electronic document 1011 includes an original electronic document 1002 with authentication, a change location 1010 from the first to the n-th change, and an n-th change electronic document 1008.
[0400]
Next, the detailed configuration of the changer #n and authentication unit 1006 and the schematic configuration of the external authentication system 1102 will be described with reference to FIG.
[0401]
The changer #n change and authentication unit 1006 includes a document change unit 1021, a difference extraction unit 1023, changer authentication units 1025A and 1025B, and a combining unit 1028.
[0402]
The document changing unit 1021 converts the changed electronic document 1020 into the changed electronic document 1022 by the changer #n. The difference extraction unit 1023 extracts the difference between the changed electronic document 1020 and the changed electronic document 1022 by the changer #n, and generates the nth changed portion 1024 composed of the difference data.
[0403]
The changer authentication means 1025A and 1025B authenticate the change electronic document 1022 and the change location 1024 with the changer authentication data, and output the changer authentication data 1026A and the changer difference authentication data 1026B.
[0404]
The combining unit 1028 combines the authentication data 1027 and the changer authentication data 1026A, and outputs combined authentication data 1029.
[0405]
Although not shown in particular, the change and authentication means 1006 of the changer #n further includes means for taking out the changed electronic document 1020 and the authentication data 1027 from the changed electronic document 1004 with authentication for the (n-1) th authentication, and the change location 1024 and authentication. Means for combining the data 1032B to generate the changed portion 1007 and means for combining the changed electronic document 1022 and the authentication data 1032A to generate the changed electronic document 8 are provided.
[0406]
On the other hand, the external authentication system 102 authenticates the authentication data 1029 by the external authentication authority to the external authentication unit 1030A that generates the authentication data 1031A by performing authentication by the external authentication authority and the changer differential authentication data 1026B. External authentication means 1030B for generating authentication data 1031B.
[0407]
The authentication data 1029 and the changer differential authentication data 1026B are transmitted from the document change authentication system 1103 to the external authentication system 1102, and the authentication results 1031A and 1031B are returned from the external authentication system 1102.
[0408]
Next, change of the changer #n and the changer authentication unit 1025A of the authentication unit 1006 will be described with reference to FIG.
[0409]
FIG. 41 is a diagram showing the configuration of the changer authentication means in the change and authentication means of the changer #n.
[0410]
The change authentication unit 1025A holds the secret key 1025A-3 and the header 1026A-H of the changer #n, and includes a feature extraction unit 1025A-1 and an encryption unit 1025A-4.
[0411]
The feature extraction unit 1025A-1 extracts the feature data 1025A-2 from the changed electronic document 22 and delivers it to the encryption unit 1025A-4. The encryption unit 1025A-4 encrypts the feature data 1025A-2 with the secret key 1025A-3 of the changer #n to generate encrypted data 1026A-D.
[0412]
The change authentication unit 1025A adds the header 1026A-H to the encrypted data 1026A-D to generate the changer authentication data 1026A.
[0413]
Although the changer authentication unit 1025B is not particularly illustrated, it is configured in the same manner as the changer authentication unit 1025A.
[0414]
FIG. 42 is a diagram showing the configuration of the external authentication means in the external authentication system.
[0415]
The external authentication unit 1030A holds external authentication data 1030A-A including an authentication execution ID and a private key 1030A-2 of the external authentication organization, and includes a combining unit 1030A and an encryption unit 1030A-3.
[0416]
The combined authentication data 1029 transmitted from the document change authentication system 1103 is composed of changer authentication data 1026A composed of headings 1026A-H and encrypted data 1026A-D, and authentication data 1027. This combined authentication data 1029 is separated into headings 1031A-H, encrypted data 1026A-D, and authentication data 1027 by the external authentication means 1030A.
[0417]
The encryption unit 1030A combines the external authentication data 1030A-A, the encryption data 1026A-D, and the authentication data 1027, and the encryption unit 1030A-3 encrypts the combination result with the secret key 1030A-2.
[0418]
The authentication data 1031A of the external certification authority that is finally generated by the external authentication unit 1030A includes a header 1031A-H and encrypted data 1031A-D encrypted by the encryption unit 1030A-3.
[0419]
The external authentication unit 1030B is not shown or described in particular, but this is the same as the replacement of A and B in the external authentication unit 1030A.
[0420]
Next, the operation of the electronic document tampering prevention system configured as described above according to the embodiment of the present invention will be described with reference to FIGS.
[0421]
FIG. 43 is a flowchart showing the operation of the electronic document falsification prevention system of this embodiment.
[0422]
First, the document change authentication system 1103 reads the change history-added electronic document 1001 (SS1).
[0423]
Next, the separation unit 1005 separates the original electronic document with change history 1002, the changed portion 1003 up to the (n−1) th change history, and the changed electronic document 1004 with the change history (n−1) (SS 2).
[0424]
Processing from the next step SS3 to SS7 is performed by the change and authentication means 1006. That is, as shown in FIG. 39 and FIG. 40, the changer #n (hereinafter, the same type of configuration and data that may exist may include # 1, # 2,. The change and authentication means 6 used by the change / authentication means 6 changes the retrieved n-1st authenticated change electronic document 1004 and authenticates the changer #n. n authentication data is transmitted to the external authentication system 1102.
[0425]
Specifically, first, the (n-1) th change electronic document 1020 is extracted from the (n-1) th change electronic document 1004 with authentication. further. The change unit 1021 changes the (n-1) th change electronic document 1020 by the input operation of the changer #n, and the nth change electronic document 1022 is generated (SS3).
[0426]
Next, the difference extraction unit 1023 extracts differences between the (n−1) th changed electronic document 1020 and the nth changed electronic document 1022 and extracts difference data of the nth changed portion 1024 (SS4, FIG. 40).
[0427]
This process (SS4) is performed as follows. That is, each electronic document is binary data composed of 0 and 1 where it is jammed. The difference extraction unit 1023 extracts the difference between these binary data and outputs the nth changed portion data 1024. As a result, in the n-th change location data 1024, which data is deleted at which location between the n-1st change electronic document 1020 and the n-th change electronic document 1022, which data is inserted at which location, Information on which data was replaced at which location is stored.
[0428]
Next, authentication after completion of the document change by the changer #n is performed, and the changer authentication data 1026A of the nth change electronic document and the change of the nth change place from the nth change electronic document 1022 and the nth change place 1024, respectively. The person authentication data 1026B is generated (S S5, FIG. 40).
[0429]
That is, the nth changed electronic document 1022 is given to the changer authentication means 1025A, and the nth changer authentication data 1026A is generated.
For this purpose, first, feature data 1025A-2 of the n-th change / change electronic document 1022 is extracted by the feature extraction means 1025A-1 (FIG. 41). This characteristic data 1025A-2 is data indicating the characteristics of the electronic document itself such that the value changes even if any one bit of the nth change / change electronic document 1022 changes. On the other hand, the headings 1026A-H are data added to make it possible to recognize that the feature data 1025A-2 is data belonging to the nth change / change electronic document 1022.
[0430]
Next, the feature data 1025A-2 is encrypted by the encryption unit 1025A-4 using the secret key 1025A-3 of the changer #n, and is output as encrypted data 1026A-D. The secret key 1025A-3 of the changer #n is literally a key that is not notified to anyone other than the changer #n, and is paired with the public key of the changer #n. The headings 1026A-H and the encrypted data 1026A-D correspond to each other and are collectively output as the changer authentication data 1026A.
[0431]
Similarly, the changer authentication means 1025B extracts features from the nth change portion data 1024 and generates nth changer difference authentication data 1026B.
[0432]
Next, the n-1th changed electronic document authentication data 1027 extracted from the n-1th changed electronic document with authentication 1004, the changer authentication data 1026A of the nth changed electronic document, and the combining means 28 are combined. Then, the n-th combined authentication data 1029 is generated (SS6, FIG. 40).
[0433]
Next, the n-th combined authentication data 1029 and the n-th change portion changer authentication data 1026B are transmitted to the external authentication system 1102 via the network 1100 via the communication device 1129 of the document change authentication system 1103 (SS7). .
[0434]
The processing from the next step SS8 to SS10 is performed in the external authentication system 1102.
[0435]
First, the external authentication system 1102 receives the changer combination authentication data 1029 and the nth changer differential authentication data 1026B of the nth changed document sent from the document change authentication system 1103 (SS8).
[0436]
Next, in the external authentication system 1102, the n-th combined authentication data 1029 and the n-th change place changer authentication data 1026B are authenticated by the external authentication means 1030A and 1030B, respectively, and the authentication data 1031A and 1031B are respectively authenticated. (SS9, FIG. 40). This process will be described below.
[0437]
For this purpose, first, the header 1031A-H is extracted from the changer combined authentication data 1029 of the nth changed document by the external authentication unit 1030A. Subsequently, the remaining encrypted data / authentication data 1026A-D / 1027 is provided to the combining means 1030A-1 (FIG. 42).
[0438]
The external authentication data 1030A-A (authentication execution ID) of the external certification authority is combined with the encrypted data / authentication data 1026A-D / 1027 by the combining means 1030A-1. In principle, the authentication execution ID as the authentication execution identification information is different for each authentication, and the authentication execution ID to which authentication is assigned is stored in the external authentication organization 1099.
[0439]
Next, this combined data is encrypted by the encryption means 1030A-3 using the private key 1030A-2 of the external certification authority, and encrypted data 1031A-D is generated.
[0440]
Here, the external authentication data 1030A-A is information indicating that a third party external authentication organization has authenticated the data requested by the document change authentication system 1103 for authentication, and includes date data for authentication. . The headings 1031A-H and the encrypted data 1031A-D are associated with each other and output as the nth changed electronic document authentication data 1031A.
[0441]
Similarly, the changer differential authentication data 1026B is also given external authentication by the external authentication means 1030B and is output as the nth differential authentication data 1031B. The processing of the external authentication means 1030B in this case will be described by replacing A in FIG.
[0442]
That is, when the external authentication means 1030B receives the data from the nth changer differential authentication data 1026B instead of receiving the changer combined authentication data 1029 of the nth change document, the external authentication unit 1030B extracts the heading 1031B-H and extracts the remaining encrypted data. 1026B-D is provided to the coupling means 1030B-1. The external authentication data 1030B-A of the external certification authority is combined with the encryption data 1026B-D by the combining means 1030B-1, and encrypted by the encryption means 1030B-3 using the private key 1030B-2 of the external certification authority. Data 1031B-D is generated. Here, the external authentication data 1030B-A is information indicating that an external certification authority, which is a third party, has authenticated the data requested by the document change authentication system 1103, and includes date data for authentication. . The heading 1031B-H and the encrypted data 1031B-D are associated with each other as the n-th difference authentication data 1031B.
[0443]
The n-th changed electronic document authentication data 1031A and the n-th difference authentication data 1031B generated in this way are transmitted to the document change authentication system 1103 through the network 1100 via the communication device 1129 of the external authentication system 1102 (SS10).
[0444]
The document change authentication system 1103 receives the data sent from the external authentication system 1102 as authentication data 1032A and 1032B, and gives the received data to the change and authentication means 1006 (SS11).
[0445]
Next, the change and authentication unit 1006 associates the n-th changed electronic document authentication data 1031A with the n-th changed electronic document 1022, and the n-th changed electronic document 1008 with authentication is generated and output. Similarly, the n-th differential authentication data 1031B is related to the n-th changed portion data 1024, and the n-th differential authentication data with authentication 1007 is generated and output (SS12, FIG. 40).
[0446]
Next, the changed portion data 1007 is combined with the changed portion data 1003 with authentication from the first change to the (n-1) th change by the combining means 1009, and from the first to the nth time each related. It becomes the changed part data 1010 with authentication. Further, the combining unit 1009 generates the original electronic document 1002 with authentication, the changed portion data 1010 with authentication from the first time to the nth time, and the electronic document 1011 with the nth change history associated with the changed electronic document 1008 with the nth authentication. It is generated (S S13, FIG. 39).
[0447]
Note that when performing the change of n + 1, if the electronic document with change history 1001 is the n-th change history-added electronic document, the (n + 1) th change history-added electronic document is obtained as the change history-added electronic document 1011. .
[0448]
As described above, the falsification preventing system and method for a modified electronic document according to the embodiment of the present invention performs additional authentication in accordance with a procedure in which an external certification authority authenticates a modified document digitally signed by a changer. As a result, it is proved that the changer created the change document exactly on the certification date of the external certification body. Even if there is no electronic signature, feature data is encrypted with the document modifier's private key and decrypted with the corresponding public key. It is authenticated that it is a document to be changed.
[0449]
Further, when the altered document body is altered, the feature data to be extracted from the altered document changes, and becomes different from the feature data 1025A-2 previously extracted for authentication. The fact of tampering can be detected. On the other hand, the feature data 1025A-2 previously extracted for authentication is encrypted with the certification authority private key 1030A-2 together with the certification data 1030A-A of the external certification authority. It is impossible to tamper with the authentication data 1032A. Therefore, even if it is the person himself, the document cannot be altered after the external authentication.
[0450]
As a result, it is possible to generate a modified electronic document with evidence ability that can prove the validity of the document at a trial place. Therefore, it becomes possible to digitize important documents and evidence documents that have been stored on paper. In addition, advanced technology is required to determine whether or not a conventional paper document has been tampered with, but the electronic document tampering prevention system according to the present invention confirms whether or not tampering has occurred by simply following an electronic procedure. Because it can, it can be easily proved whether or not tampering.
[0451]
In addition, the storage location can be reduced by computerization, and document transmission to a remote location can be performed instantaneously, and search by a computer can be performed. In this way, it is possible to improve the credibility of commercial transactions and speed up transactions.
[0452]
In the modified document falsification preventing system of this embodiment, transmission data is encrypted in the document change authentication system 1103 and the external authentication system 1102, so that it is safe to use a public line as the network 1100.
[0453]
Furthermore, in the modified document falsification preventing system of the present embodiment, data exchanged between the document change authentication system 1103 and the external authentication system 1102 is not document data, but is document data characteristics (difference data or the like). The content of the document data itself does not need to be sent to the network 1100 or the external authentication system 1102, and the document data can be kept secret.
[0454]
Furthermore, since the external authentication data authenticated by the external certification authority is combined with the original changed electronic document and the changed part and managed in the form of a document with change history 1011 with authentication, the handling when storing the electronic document is performed. Becomes easier.
[0455]
(Fifteenth embodiment)
In the present embodiment, a description will be given of a system for confirming that the changed electronic document with authentication 1011 authenticated in the fourteenth embodiment is authentic, and retrieving authentication information such as an authentication date attached by an external certification authority.
[0456]
This altered electronic document falsification preventing system is configured as an authenticated document confirmation system 1104 shown in FIG.
[0457]
FIG. 44 is a block diagram showing a hardware configuration example of an authenticated document confirmation system applied to the altered electronic document falsification preventing system according to the fifteenth embodiment of the present invention. Components identical with those shown in FIG. The description is omitted.
[0458]
The authenticated document confirmation system 1104 includes a computer system similar to the document change authentication system 1103. The difference from the document change authentication system 1104 is an operation program stored in the program storage unit 1130 of the hard disk device 1128. This operation program is called and stored in the RAM 1119 as an authenticated document confirmation program 1135. The CPU 1117 controls each unit in accordance with the authentication document confirmation program 1135, and the authentication document confirmation system 1104 is realized. Further, the point that the function realizing means is configured by combining software resources and hardware resources is the same as in the case of the document change authentication system 1103.
[0459]
Next, the functional configuration of the electronic document falsification prevention system will be described with reference to FIGS.
[0460]
FIG. 45 is a diagram showing an example of the functional configuration and processing flow of the authenticated document confirmation system applied to the altered electronic document falsification preventing system of this embodiment, and the same parts as those in FIG. Is omitted.
[0461]
In the figure, the changed electronic document 1011B subject to authentication confirmation includes the original electronic document 1002B, the changed electronic document 1008B, and the changed portions 1007B # 1 to 1007B # n-1 and 1007B from the first time to the nth time. This corresponds to the changed electronic document 1011 in the fourteenth embodiment.
[0462]
On the other hand, the authentication document confirmation system 1104 includes an nth authentication confirmation unit 1040, an n-1th authentication confirmation unit 1040 # n-1, a date confirmation unit 1041, 1041 # n-1, and an identity determination unit. 1042 and 1042 # n-1. Further, the authentication document confirmation system 1104 includes an authentication confirmation unit 1043 similar to the authentication confirmation unit 1040 as a repeated part, an authentication confirmation unit 1044 similar to that in the first to thirteenth embodiments, and a date confirmation unit 1045. And identity determination means 1046 are provided.
[0463]
The authenticated document confirmation system 1104 includes an electronic document with change history 1011B to an original electronic document with authentication 1002B and changed data with authentication 1007B # 1, 1007B # 2,... 1007B # from the first change to the nth change. Means (not shown) are provided for taking out n-1, 1007B and the n-th authenticated electronic document 1008B with authentication and disassembling it into authentication data, document data, and changed portion data.
[0464]
Next, each functional configuration of the authentication confirmation unit constituting the authentication document confirmation system 1104 will be described with reference to FIGS. 46 and 47. FIG.
[0465]
FIG. 46 is a diagram showing a detailed configuration of the authentication confirmation unit 1040, and FIG. 47 is a diagram showing a detailed configuration of the authentication confirmation unit 1040 # n-1.
[0466]
The authentication confirmation unit 1040 includes an authentication confirmation unit 1040A that confirms the authentication of the n-th authenticated electronic document 1008B and an authentication confirmation unit 1040B that confirms the authentication of the n-th authentication-changed part 1007B.
[0467]
In the authentication confirmation means 1040A, authentication data 1401A, public key 1402A of the external certificate authority 1099, changer combined authentication data 1404A including a headline, changer authentication data 1406A, previous authentication data 1407A, changer's public key 1408A, features Data 1410A and feature data 1412A are held. Further, a decoding unit 1403A, a separation unit 1405A, a decoding unit 1409A, a feature extraction unit 1411A, and a collation unit 1413A are provided.
[0468]
Here, the changer combined authentication data 1404A including a headline is composed of a headline 1401A-H and encrypted data 1401A-D. Further, the changer combined authentication data 1404A including the headline is composed of a headline 1404A-H and a changer combined authentication data 1404A-D. The changer combined authentication data 1404A-D further includes the changer combined authentication data 1404A-D1. It consists of authentication data 1404A-D2 of the external authentication organization 1099. The previous authentication data 1407A is composed of a heading and an authentication data body.
[0469]
On the other hand, the authentication confirmation means 1040B holds the authentication data 1401B, the public key 1402B of the external certification authority 1099, the changer authentication data 1404B including the headline, the changer public key 1408B, the feature data 1410B, and the feature data 1412B. . Further, a decoding unit 1403B, a decoding unit 1409B, a feature extraction unit 1411B, and a collation unit 1413B are provided.
[0470]
Here, the changer authentication data 1401B including a headline includes a headline 1401B-H and encrypted data 1401B-D. The changer authentication data 1404B including the headline includes a headline 1404B-H and a changer authentication data 1404B-D. The changer authentication data 1404B-D further includes the changer authentication data 1404B-D1 and the authentication data of the external certification authority 1099. 1404B-D2.
[0471]
Next, the authentication confirmation unit 1040 # n-1 will be described with reference to FIG.
[0472]
The authentication confirmation unit 1040 # n-1 confirms the authentication of the authentication data 1027 for n-1 times, and the authentication confirmation for confirming the authentication of the changed portion 1007B # n-1 with authentication for the n-1th time. Means 1040B.
[0473]
Here, the authentication confirmation means 1040A and 1040B in FIG. 47 and the authentication confirmation means 1040A and 1040B in FIG. 46 use the same means, but the functions not used in the authentication confirmation of the authentication data 1027 n-1 times before are illustrated. Is omitted.
[0474]
Next, the operation of the electronic document falsification preventing system configured as described above according to the embodiment of the present invention will be described with reference to FIGS.
[0475]
In this authenticated document confirmation system 1104, authentication confirmation is repeated in order from the nth side toward the original document starting from the nth changed electronic document 1008B with authentication in the electronic document with change history 1011B. The identity of the original document, the final document, and the electronic documents of all the changes is checked. Further, the fact of authentication by the external certification authority 1099 and the authentication dates 1045, 1041 # 1, 1041 # 2,... 1041 # n-1, 1041 are confirmed from the external authentication data extracted from the authentication data.
[0476]
FIG. 48 is a flowchart showing the operation of the electronic document tampering prevention system of this embodiment.
[0477]
In the figure, first, the electronic document 1011B with change history is read from the external storage device 1114, the hard disk device 1128, or via the network 1100 (TT1). From the electronic document with change history 1011B, the original electronic document with authentication 1002B, the change location data with authentication 1007B # 1, 1007B # 2,... 1007B # n-1, 1007B from the first change to the n-th change, The authentication-changed electronic document 1008B for the nth time is taken out and further decomposed into authentication data, document data, and changed portion data (TT2).
[0478]
Next, the document change count N is set to the final change count n, and the authentication confirmation initial flag is set (TT3).
[0479]
Here, it is determined whether it is the first authentication confirmation (TT5). In the case of the first time, the authentication data of the Nth changed document data 1008B, the document data of the Nth changed document 1008B, the changed authentication data of the Nth changed portion 1007B, and the changed portion data of the Nth changed portion 1007B are sent to the authentication confirmation means 1040. Read (TT6).
[0480]
Subsequently, authentication confirmation is executed by the authentication confirmation means 1040, and the authentication data 1027 is output, and date authentication data 1041 including at least the date of the external certification authority and the authentication execution ID is generated (TT8).
[0481]
On the other hand, if it is not the first time in step TT5, any one of the (n-1) th change location 1007B # N-1 to the 1st change location 1007B # 1 is read into the authentication checking means 1040 according to the number of N ( TT7).
[0482]
Subsequently, authentication confirmation is executed by the authentication confirmation means 1040 # n-1, 1040 # n-2 ..., authentication data 1027 is output, and date authentication data 1041 # n-1, 1041 # n-2 ... are generated. (TT8). Here, the same authentication confirmation means is repeatedly called for the authentication confirmation means 1041 # n-1, 1041 # n-2.
[0483]
Here, a brief description will be given of the contents of the authentication in step TT8 for the nth, n-1th, and n-2th to first times.
[0484]
That is, first, the authentication confirmation unit 1040 performs authentication confirmation of the n-th authenticated electronic document 1008B with authentication and the n-th authenticated changed part 1007B. As a result, the authentication data 1027 up to the (n-1) th time is output, and the authentication date 1041 of the external certificate authority is output. Further, the identity of whether or not the n-th changed electronic document 1008B and the changed part 1007B with n-th authentication are the same as the n-th changed electronic document 1008 and the changed part 1007 with the n-th authentication of the electronic document with change history 1011. Decision 1042 is made.
[0485]
Further, the authentication confirmation of the changed portion 1007B # n-1 with authentication for the (n-1) th time is performed by the authentication confirmation means 1004 # n-1. That is, the authentication data 1027 # n-1 up to the (n-2) th time is output, and the authentication date 1041 # n-1 of the external certification authority is output. Further, identity determination 1042 # as to whether or not the changed portion 1007B # n-1 with the n-1th authentication is the same as the changed portion 1007 # n-1 with the n-1th authentication of the electronic document 1011 with the change history. n-1 is performed.
[0486]
Similarly, the authentication confirmation unit 1043 outputs the authentication data of each time and the authentication date of the external certification authority based on the changed locations 1007B # 1 to 1007B # n-2 with the authentication from the n-2th time to the first time. The Further, identity determination is performed as to whether or not the changed part with authentication 1007B # 1... 1007B # n-2 is the same as the changed part with authentication 1007 # 1... 1007 # n-2 of the electronic document with change history 1011. .
[0487]
After any of the above authentication confirmations (TT8) is executed, if the authentication execution ID mismatch or the identity determination unit 1042 does not determine (TT9), the Nth document mismatch is displayed on the display device 1111. To finish. Note that the processing may be terminated by outputting to the external storage device 1114, outputting to the hard disk device 1128, or outputting to the network 1100 (TT10).
[0488]
On the other hand, if the authentication execution IDs match and the determination by the identity determination means 1042 is true (TT9), the authentication confirmation initial flag is cleared and the change count N is decremented by 1 (TT11).
[0489]
Next, it is determined whether or not the number of changes N is 1 (TT12). If N is greater than 1, the process returns to step TT4, whether or not it is the first authentication confirmation (TT5), and steps TT5 to TT12 are repeated. It is.
[0490]
On the other hand, when the number of changes N is 1 (TT12), the authentication data and document data of the authenticated original electronic document 1002B are read into the authentication checking means 1044 (TT13). The authentication data given here is output from the authentication confirmation unit 1043, and the document data is obtained by removing the authentication part from the original electronic document with authentication 1002B.
[0491]
Subsequently, authentication confirmation is executed by the authentication confirmation means 1044, the date authentication data 1045 of the external certification body of the original document is output, and identity determination as to whether or not the original electronic document 1002B and the original electronic document 1002 are the same. 1046 is performed (TT14). The authentication confirmation process by the authentication confirmation unit 1044 is the same as that in the previous embodiment, and a description thereof will be omitted.
[0492]
If the identity determination unit 1046 determines NO (TT15), the fact that the original electronic document 1002B does not match is displayed on the display device 1111 and the process ends. Note that the processing may be terminated by outputting to the external storage device 1114, outputting to the hard disk device 1128, or outputting to the network 1100 (TT16).
[0493]
On the other hand, when the determination by the identity determination unit 1046 is true (TT15), the display device 1111 displays the document match and the modification date from the creation date of the original electronic document to the nth modified document. finish. Alternatively, it may be output to the external storage device 1114, output to the hard disk device 1128, or output to the network 1100, and the processing may be terminated (TT17). The authentication date may display both obtained by the authentication confirmation means 1040A, 10B, or one of them. Moreover, you may make it determine that both dates correspond.
[0494]
In step TT17, the creator of the original document, the name of each changer, etc. may be output.
[0495]
The above is the overall processing flow of the authenticated document confirmation system 1104 in this embodiment. Next, the process of step TT8 in FIG. 48, that is, the processes of the authentication confirmation means 1040 and 1040 # n−1 will be described more specifically.
[0496]
FIG. 49 is a flowchart showing the processing of the authentication confirmation unit 1040A in the authentication confirmation system of this embodiment.
[0497]
The figure shows both the processing of the authentication confirmation means 1040 and 1040 # n-1, but here, the case of the processing of the authentication confirmation means 1040 will be described as an example.
[0498]
First, the authentication data portion is input from the n-th authenticated electronic document 1008B with authentication to the authentication confirmation means 1040A. The authentication data 1401A is separated into a headline 1401A-H and an encrypted data 1401A-D that make it possible to recognize that the electronic document 1008B has been authenticated for the nth time (T801, FIG. 46). In the case of n-1... The first change, authentication data and headings before being output in steps T811 and T812, which will be described later, are used as the respective data.
[0499]
Among these, the encrypted data 1401A-D is decrypted by the decryption means 1403A using the public key 1402A of the external certification authority 1099, and the changer combined authentication data 1404A-D is output (T802, FIG. 46). At this time, the changer combined authentication data 1404A-D and the headers 1401A-H are related to each other and become authentication data 1404A (T803, FIG. 46).
[0500]
Next, at least date data and an authentication execution ID are extracted from the external authentication data 1404A-D2 in the changer combined authentication data 1404A-D, and are given to the date authentication means 1041 (T804, FIG. 46).
[0501]
On the other hand, the changer authentication data 1404A-D1 in the changer combined authentication data 1404A-D is given to the separating means 1405A, and the changer authentication data 1406A and the previous authentication data 1407A are separated (T805, FIG. 46). Here, the previous authentication data 1407A is data including authentication of the changed document up to n-1 times from the authentication of the original document. The previous authentication data 1407A is output as authentication data 1027 to be given to the authentication confirmation means 1040 # n-1.
[0502]
Next, an authentication confirmation initial flag is confirmed. If it is the first time, step T807 is executed, and if it is not the first time, the process proceeds to step T810 (T806).
[0503]
When Step T807 is executed, the decryption means 1409A decrypts the changer authentication data 1406A with the changer's nth public key 1408A to generate the nth feature data 1410A (T807, FIG. 46). ).
[0504]
On the other hand, in the last (n-th) change, the document data portion is received from the changed electronic document data 1008B, the feature of the document data is extracted by the feature extraction unit 1411A, and the feature data 1412A is output (T808, FIG. 46). In the case of n-1... The first change, feature data is extracted from the authentication data 1027, 1027 # n-1,.
[0505]
Next, the decrypted feature data 1410A and the feature data 1412A extracted for authentication confirmation are collated by the collating unit 1413A, and the result is output to the identity determining unit 1042 (T809). When the identity determination unit 1042 determines that the collation results match, it is proved that the changed electronic document 1008 and the changed electronic document 1008B match.
[0506]
Further, the previous authentication data 1407A is output as the authentication data 1027 (T811) and the headline 1404A-H related to the current change is output from the authentication confirmation unit 1040A (T812). These will be used for the authentication of the n-1 ... first change.
[0507]
Next, processing of the authentication confirmation unit 1040B of the authentication confirmation unit 1040 will be described.
[0508]
FIG. 50 is a flowchart showing the processing of the authentication confirmation unit 1040B in the authentication confirmation system of this embodiment.
[0509]
The figure shows both the processing of the authentication confirmation means 1040 and 1040 # n-1, but here, the case of the processing of the authentication confirmation means 1040 will be described as an example.
[0510]
First, the authentication data portion is input to the authentication confirmation means 1040B from the nth changed part 1007B with authentication. This input authentication data 1401B is separated into a headline 1401B-H and encrypted data 1401B-D that make it possible to recognize that this is the nth changed part 1007B with authentication (T821, FIG. 46).
[0511]
Next, the encrypted data 1401B-D is given to the decryption means 1403B, and decrypted using the public key 1402B of the external certification authority 1099, and the changer authentication data 1404B-D is generated (T822, FIG. 46). . Here, the public key 1402B has the same contents as the public key 1402A.
[0512]
Further, the changer authentication data 1404B-D and the headers 1404B-H are related to each other as authentication data 1404B (T823, FIG. 46).
[0513]
At least the date data of the external authentication organization 1099 and the authentication execution ID are extracted from the external authentication data 1404B-D2 in the changer authentication data 1404B-D, and are given to the date authentication means 1041 (T824, FIG. 46).
[0514]
On the other hand, the changer authentication data 1404B-D1 in the changer authentication data 1404B-D is given to the decryption means 1409B. In the decryption means 1409B, the public key 1408B of the n-th changer is used, the changer authentication data 1404 B-D1 is decrypted, and the feature data 1401B of the n-th change part is extracted (T827, FIG. 46). Here, the public key 1408B has the same contents as the public key 1408A.
[0515]
On the other hand, in the last (n-th) change, the changed portion data portion is received from the changed portion data 1007B, the features of the changed portion data are extracted by the feature extracting means 1411B, and the feature data 1412B is output (T828, FIG. 46). In the case of n-1... The first change, feature data is extracted from the changed portion data 1007, 1007 # n-1,.
[0516]
Next, the decrypted feature data 1410B and the feature data 1412B extracted for authentication confirmation are collated by the collating unit 1413B, and the result is output to the identity determining unit 1042 (T829). When the identity determination unit 1042 determines that the collation results match, it is proved that the changed portion 1007 and the changed portion 1007B match. More specifically, it is proved that there is no document falsification from the (n-1) th to the nth document change when the results of both verification means in the authentication confirmation means 1040A and B are the same determination. Is.
[0517]
Further, a headline 1404B-H relating to the current change is output from the authentication confirmation unit 1040B (T832).
[0518]
The above has mainly described the authentication confirmation processing (FIG. 48: step T8) by the authentication confirmation means 1040. However, the authentication confirmation processing by the authentication confirmation means 1040 # n-1 and 1043 has a slightly different part, and this part will be described with reference to FIGS. 47, 48, and 49. FIG.
[0519]
First, processing by the authentication confirmation unit 1040 # n-1 will be described.
[0520]
The authentication data 1027 of n-1 times output from the authentication confirmation means 1040 is given to the authentication confirmation means 1040A of the authentication confirmation means 1040 # n-1 as the authentication data 1401A in FIG. Except for the fact that there is only one comparison / collation result given to the identity determination means 1042 # n-1, the following processing is the same as that of the authentication confirmation means 1040. The authentication data 1407A in FIG. 47 is given as authentication data 1027 to the next authentication confirmation means 1043.
[0521]
Further, the authentication confirmation unit 1043 repeats the same processing as that of the authentication confirmation unit 1040 # n-1, and performs authentication confirmation from the n-2th time to the first time.
[0522]
As described above, the alteration electronic document falsification prevention system and method according to the embodiment of the present invention adds the original feature and the encrypted feature data from the change # 1 to the change #n, and the original creator and the changer #. The authentication data of the external certification authority is sequentially extracted from n to 1 from the changed electronic document in which the personal authentication from 1 to #n and the certification of the external certification authority are made, and the feature data of the added document data and Since the feature data of the changed part and the feature data from the electronic document body to be confirmed and the feature data of the changed part are collated using the public key from the document changer #n to # 1, the external data for each change At the certification date of the certification body, it is possible to prove that the changers # 1 to #n have made document changes.
[0523]
When the electronic document body is tampered with, the feature data 1411A extracted from the electronic document 1008B changes. On the other hand, the feature data 1410A is prevented from being tampered by the external certification authority 1099, so Even if it exists, document tampering is impossible after external authentication.
[0524]
When the changer #n replaces the electronic document 1008B, the date authentication 1041 indicates that the authentication execution ID data added by the external authentication unit 1099 by the external authentication unit 1030A and the external authentication unit 1030B is changed or lost. To be discovered. Therefore, the replacement is not possible. Further, since the authentication of the original text 1002B uses the authentication data 1027 # 1, it is impossible to alter or replace the original text 1002B itself.
[0525]
In this way, the electronic document with change history 1011B cannot be falsified not only by the changer itself but also by an external certification body or any other number.
[0526]
As a result, the validity of the document can be proved at all stages of the change history from the original document of the changed document at the trial site, and evidence is also given to the change records of multiple people with the same interest such as manufacturing records and inspection records. Documents can be digitized.
[0527]
In addition, since the authentication of the external certification authority is performed on the characteristic data, it is safe to use a public line as the network 1100 even for documents that need to keep secret from the outside.
[0528]
Furthermore, by combining the original document, the changed part, and the final document certified by the external certification body, handling when saving the document becomes easy.
[0529]
Further, since it is not necessary to perform authentication confirmation of each change of the changed document sequentially from the last document, it is possible to confirm the authentication at high speed.
[0530]
(Sixteenth embodiment)
In the present embodiment, a modified document authentication system, which is a modification of the fourteenth embodiment, will be described. More precisely, this is a modification of the changer #n change and authentication means 1006 in FIG.
[0531]
FIG. 51 is a diagram showing the functional configuration and processing flow of the change and authentication means in the electronic document tampering prevention system including the document change according to the sixteenth embodiment of the present invention. The description is omitted.
[0532]
The electronic document falsification preventing system including the document change shown in FIG. 51 includes a feature extraction unit 1033 and a changer authentication unit 1034 in the change / authentication unit 1006 of the changer #n instead of the changer authentication unit 1025A of FIG. Is configured in the same manner as in the fourteenth embodiment.
[0533]
Here, the feature extraction unit 1033 is a unit that extracts the feature of the changed document 1022. The changer authentication unit 1034 is a unit that authenticates the combined data output from the combining unit 1028 by encrypting it with the encryption key of the changer, and outputs authentication data 1029. Note that the changer authentication unit 1034 is similar to the changer authentication unit 1025A of FIG. 40, and instead of the feature data 1025A-2, the combined data output by the combining unit 1028 is encrypted without performing feature extraction. It is to become.
[0534]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described.
[0535]
First, it is the same as in the fourteenth embodiment until the n-th modified electronic document 1022 and the authentication data 1027 are obtained from the modified electronic document 1004 with authentication given to the modifying and authenticating unit 1006. is there.
[0536]
Next, the nth changed electronic document 1022 is input to the feature extraction unit 1033. The feature data generated by the feature extraction unit 1033 is combined with the authentication data 1027 by the combining unit 1028. The data combined by the combining means 1028 is given to the changer authentication means 1034 and encrypted, and the changer combined authentication data 1029 of the nth change document is created.
[0537]
Thereafter, processing similar to that in the fourteenth embodiment is performed.
[0538]
As described above, the alteration electronic document falsification prevention system and method according to the embodiment of the present invention has the same configuration as that of the fourteenth embodiment, and further includes the feature extraction unit 1033 and the changer authentication unit 1034. Therefore, in addition to the same effects as those of the fourteenth embodiment, when the altered document body is altered, the feature data to be extracted from the altered document changes, and the feature data 1033 previously extracted for authentication is changed. It becomes possible to detect the fact of alteration of the changed document body.
[0539]
On the other hand, the feature data 1033 extracted first for authentication is encrypted with the authentication authority private key 1030A-2 together with the authentication data 1030A-A of the external authentication authority, and is attached to the modified electronic document 1008 with authentication. It is impossible to tamper with the authentication data 1032A. Therefore, even if it is the person himself, the document cannot be altered after the external authentication.
[0540]
(Seventeenth embodiment)
In the present embodiment, a modified document authentication confirmation system, which is a modification of the fifteenth embodiment, will be described. More precisely, this is a modification of the authentication confirmation means 1040 and 1040 # n-1 in FIG.
[0541]
FIG. 52 is a diagram showing a functional configuration and a processing flow of the authentication confirmation means in the electronic document falsification preventing system including a document change according to the seventeenth embodiment of the present invention. In FIG. A description thereof will be omitted.
[0542]
The electronic document falsification preventing system including the document change shown in FIG. 52 is different from the authentication confirmation means 1040, 1040 # n-1, and 1043 in that a separation means 1414A is provided instead of the separation means 1405A, and the fifteenth embodiment. It is configured in the same way.
[0543]
Next, the operation of the electronic document falsification preventing system according to the embodiment of the present invention configured as described above will be described.
[0544]
First, it is the same as in the fifteenth embodiment until the modified combined authentication data 1404A is obtained in the authentication confirmation unit 1040A.
[0545]
Here, the changer combined authentication data 1404A-D is given to the decrypting means 1409A, and the changer combined authentication data is decrypted by the public key 1408A of the nth changer. The decrypted data is further separated by the separating means 1414A to become feature data 1410A and authentication data 1407A.
[0546]
Thereafter, the same processing as in the fifteenth is performed.
[0547]
Similar processing is performed also in the authentication confirmation means 1040 # n-1 and 1043.
[0548]
As described above, the alteration electronic document falsification preventing system and method according to the embodiment of the present invention has the same configuration as that of the fifteenth embodiment, and is provided with the separation unit 1414A instead of the separation unit 1405A. The same effects as those of the fifteenth embodiment can be obtained.
[0549]
In addition, this invention is not limited to said each embodiment, It can change variously in the range which does not deviate from the summary.
[0550]
For example, in each embodiment, only the electronic document 1 is expressed, but this electronic document is not limited to a document as long as it is electronic information. For example, it includes binary data such as video data, audio data, a program source file, and a program execution file.
[0551]
Furthermore, although the embodiment mainly describes the case of the public key cryptosystem, the present invention is not limited to this, and for example, a secret key cryptosystem may be used.
[0552]
The method described in the embodiment is a program (software means) that can be executed by a computer (computer), for example, a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a semiconductor, etc. It can be stored in a storage medium such as a memory, or transmitted and distributed via a communication medium. The program stored on the medium side includes a setting program for configuring software means (including not only the execution program but also a table and data structure) to be executed in the computer. A computer that implements the present apparatus reads the program recorded in the storage medium, constructs software means by a setting program in some cases, and executes the processing described above by controlling the operation by the software means.
[0553]
【The invention's effect】
As detailed above, according to the present invention, Even if multiple people create one electronic document for multiple periods, it is not necessary to re-approve the changed document with all the parties concerned, and document falsification is prevented, and the evidence ability is more than the evidence ability of paper documents Create electronic document Electronic document falsification prevention system made possible and recoding media Can be provided.
[0559]
In this way, it is possible to provide a modified electronic document that prevents falsification by the creator himself. Therefore, even for important documents and official documents that could not be operated without paper in the past, partial changes on the electronic document can be made. Operation becomes possible. In addition, various types of design materials, documents such as design drawings, production materials and production drawings, test materials and test data, test results, inspection materials and inspection results, and other documents that should not be disclosed outside the company. Because the contents and production time of those documents, and the contents and time of changes are proved, they can be used as very powerful trial materials when product accidents occur. In particular, in the design process, manufacturing process, inspection process, etc., check sheets, etc., in which contents are added to a piece of paper over multiple periods, will be digitized as materials that can prove legitimacy at the venue of the trial. .
[Brief description of the drawings]
FIG. 1 is a diagram showing an overall configuration of an electronic document creation system and method according to each embodiment of the present invention.
FIG. 2 is a block diagram showing a hardware configuration example of a document authentication system applied to the electronic document falsification preventing system according to the first embodiment of the present invention.
FIG. 3 is an exemplary block diagram showing a hardware configuration example of an external authentication system applied to the electronic document falsification preventing system according to the embodiment;
FIG. 4 is a diagram showing an example of a functional configuration and a processing flow of the electronic document falsification preventing system according to the embodiment;
FIG. 5 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 6 is a block diagram showing a hardware configuration example of an authenticated document confirmation system applied to an electronic document falsification preventing system according to a second embodiment of the present invention.
FIG. 7 is a diagram showing an example of a functional configuration and a processing flow of an authenticated document confirmation system applied to the electronic document falsification preventing system according to the embodiment;
FIG. 8 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 9 is a diagram illustrating an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to a third embodiment of this invention;
FIG. 10 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 11 is a diagram illustrating an example of a functional configuration and a processing flow of an electronic document tampering prevention system according to a fourth embodiment of this invention.
FIG. 12 is an exemplary flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 13 is a diagram illustrating an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to a fifth embodiment of this invention;
FIG. 14 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 15 is a diagram illustrating an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to a sixth embodiment of this invention;
FIG. 16 is a diagram illustrating an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to a seventh embodiment of this invention;
FIG. 17 is a flowchart showing electronic seal stamp generation processing of the electronic document falsification preventing system according to the embodiment;
FIG. 18 is a flowchart showing electronic seal verification processing of the electronic document tampering prevention system according to the embodiment;
FIG. 19 is a flowchart showing document headline editing processing of the electronic document falsification preventing system according to the embodiment;
FIG. 20 is a diagram for explaining a feature extraction method in the electronic document falsification preventing system according to the eighth embodiment of the present invention;
FIG. 21 is a diagram showing an example of a functional configuration and a processing flow of the electronic document falsification preventing system according to the embodiment;
FIG. 22 is an exemplary flowchart illustrating an example of feature data extraction processing of the electronic document falsification prevention system according to the embodiment;
FIG. 23 is a diagram for explaining a feature extraction method in the electronic document falsification preventing system according to the ninth embodiment of this invention;
FIG. 24 is a view for explaining a feature extracting method in the electronic document falsification preventing system according to the tenth embodiment of the present invention;
FIG. 25 is a diagram showing an example of a functional configuration and a processing flow of the electronic document falsification preventing system according to the embodiment;
FIG. 26 is a flowchart showing an example of feature data extraction processing of the electronic document falsification preventing system according to the embodiment;
FIG. 27 is a diagram showing an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to an eleventh embodiment of the present invention;
FIG. 28 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 29 is a diagram showing an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to a twelfth embodiment of the present invention.
FIG. 30 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 31 is a diagram showing an example of a functional configuration and a processing flow of an electronic document falsification preventing system according to a thirteenth embodiment of the present invention;
FIG. 32 is a diagram showing an example of fingerprint data.
FIG. 33 is a diagram illustrating an example of data cut out from fingerprint data into a rectangular area.
FIG. 34 is a diagram showing a part of an example of a pattern to be matched.
FIG. 35 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 36 is a diagram showing an overall configuration of a falsification preventing system and method for an electronic document including document changes according to fourteenth to seventeenth embodiments of the present invention.
FIG. 37 is a block diagram showing a hardware configuration example of a document change authentication system applied to an electronic document falsification preventing system including a document change according to a fourteenth embodiment of the present invention;
FIG. 38 is an exemplary block diagram showing an example of the hardware configuration of the external authentication system applied to the electronic document falsification preventing system including document changes according to the embodiment;
FIG. 39 is a diagram showing an example of a functional configuration and a processing flow of an electronic document falsification preventing system including document changes according to the embodiment;
FIG. 40 is a diagram showing an example of a functional configuration and a processing flow of an electronic document falsification preventing system including a document change according to the embodiment;
FIG. 41 is a diagram showing a configuration of changer authentication means in change and authentication means of changer #n.
FIG. 42 is a diagram showing a configuration of external authentication means in the external authentication system.
FIG. 43 is a flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 44 is a block diagram showing a hardware configuration example of an authenticated document confirmation system applied to the altered electronic document falsification preventing system according to the fifteenth embodiment of the present invention;
FIG. 45 is a diagram showing an example of a functional configuration and a processing flow of an authenticated document confirmation system applied to the altered electronic document falsification preventing system according to the embodiment;
46 is a diagram showing a detailed configuration of the authentication confirmation unit 1040. FIG.
FIG. 47 is a diagram showing a detailed configuration of authentication confirmation means 1040 # n-1.
FIG. 48 is an exemplary flowchart showing the operation of the electronic document falsification preventing system according to the embodiment;
FIG. 49 is a flowchart showing processing of an authentication confirmation unit 1040A in the authentication confirmation system of the embodiment;
FIG. 50 is a flowchart showing processing of authentication confirmation means 1040B in the authentication confirmation system of the embodiment;
FIG. 51 is a diagram showing a functional configuration and a processing flow of a change and authentication unit in a falsification preventing system for an electronic document including a document change according to a sixteenth embodiment of the present invention.
FIG. 52 is a diagram showing a functional configuration and a processing flow of an authentication confirmation unit in an electronic document falsification preventing system including a document change according to a seventeenth embodiment of the present invention;
FIG. 53 is a diagram showing a conventional method for signing an electronic document and determining its identity.
[Explanation of symbols]
1 ... Electronic document
2 ... Feature extraction means
2T ... Separator table
2W ... Word array
3 ... Feature data with headings
3H ... Heading
3D ... feature data
4 ... Secret key
5. Encryption means
6 ... Encryption data with headings
6H ... Heading
6D ... encrypted data
7 ... Authentication data with headings
7H ... Heading
7D: Encryption data
7A ... External authentication data
8 ... Secret key
9 ... Encryption means
10 ... Composite data
10H ... Heading
10D ... encrypted data
11 ... Composite data
11H ... Heading
11D: Encryption data
12 ... Electronic document with authentication
13 ... Public key
14: Decoding means
15 ... Authentication data with headings
15H ... Heading
15D ... Encryption data
15A ... External authentication data
15A-D ... Date authentication
16 ... Public key
17 Decoding means
18 ... Feature data with headings
18H ... Heading
18D ... feature data
19 ... Electronic document
20 ... Feature extraction means
21 ... Feature data
22: Verification means
22-J: Identity determination
23 ... Authentication data with headings
23H ... Heading
23D: Encryption data
23A ... External authentication data
24 ... Secret key
25. Encryption means
26 ... Encryption data with headings
26H ... Heading
26D: Encryption data
27 ... Encryption data with headings
27H ... Heading
27D: Encryption data
28 ... Electronic document with authentication
29 ... Public key
30: Decoding means
31 ... Authentication data with headings
31H ... Heading
31D: Encryption data
31A ... External authentication data
31A-D ... Date authentication
32 ... Authentication data with headings
32H ... Heading
32D ... Encryption data
32A ... External authentication data
33 ... Secret key
34 ... Encryption means
35 ... Encryption data with headings
35H ... Heading
35D: Encryption data
36 ... Authentication data with headings
36H ... Heading
36D: Encryption data
36A ... External authentication data
37 ... Secret key
38 ... Encryption means
39 ... Encryption data with headings
39H ... Heading
39D ... Encryption data
40 ... Encryption data with headings
40H ... Heading
40D: Encryption data
41 ... Electronic document with authentication
42 ... Public key
43. Decoding means
44 ... Authentication data with headings
44H ... Heading
44D: Encryption data
44A ... External authentication data
44A-D ... Date authentication
45 ... Public key
46. Decoding means
47 ... Authentication data with headings
47H ... Heading
47D ... Encryption data
47A ... External authentication data
47A-D ... Date authentication
48 ... Public key
49. Decoding means
50: Feature data with headings
50H ... Heading
50D ... feature data
51. Feature extraction means
52. Feature data
53. Verification means
53-J: Identity determination
54 ... Imprint
55. Feature extraction means
56 ... Feature data
58. Encryption means
59 ... Encryption seal
60 ... Electronic seal
61 ... Date signature imprint information
62 ... Shaping means
63 ... Document display means
64 ... Fingerprint reader
65 ... fingerprint
66. Feature extraction means
66S: Cutting means
66SD ... data
66M ... Matching means
66P ... Pattern
66D: 1 digit data
67 ... Feature data
68 ... Password
69 ... Name and ID
70: Encryption key generation means
71 ... Encryption key
72 ... Random number generator
73 ... Private key public key generation means
74 ... Secret key
75 ... Public key
76: Encryption means
77 ... Encryption private key
78 ... Personal authentication data
78F ... fingerprint
78S ... Encryption private key
78K ... Encryption key
78P ... Password
78N ... Name / ID
79 ... Display means
80: Verification means
81. Verification means
82 ... Judgment logic
83. Decoding means
84 ... Encryption key
85 ... collation means
86: Decoding means
87. Fingerprint data extraction means
87F ... Original fingerprint data
87A ... Boundary extraction means
87E ... embossing means
87L ... contour extraction means
87B ... binarization
97, 98 ... Recording medium
99 ... External certification body
100 ... Network
101 ... Document authentication system
102 ... External authentication system
103 ... Certified document confirmation system
110 ... Calculator
111 ... Display device
112 ... Input device
113 ... Printing apparatus
114: External storage device
115: Scanner
116 ... CPU bus
117 ... CPU
118 ... ROM
119 ... RAM
120, 121, 122, 123, 124, 125, 126, 127 ... interface means
128: Hard disk device
129. Communication device
130: Program storage unit
131: Data storage unit
132: Work area
133 ... Document authentication program
134: External authentication program
135 ... Certified document confirmation program
1001 ... Electronic document with change history
1002 ... Original electronic document
1002B ... Original electronic document subject to authentication confirmation
1003 ... Changes
1004 ... Change electronic document
1005 ... Separation means
1006 ... Change and authentication means
1007 ... Changes
1007B ... Changed n times
1007B # n-1 ... Changed n-1 times
1008 ... Change electronic document
1008B ... Change electronic document subject to authentication confirmation
1009 ... Coupling means
1010 ... Changed part
1011 ... Electronic document with change history
1011B ... Electronic document with change history subject to authentication confirmation
1020 ... Change electronic document
1021 ... Changing means
1022 ... Change electronic document
1023 ... Difference extracting means
1024 ... Changes
1025A, 1025B ... Changer authentication means
1025A-1 ... Feature extraction means
1025A-2 ... feature data
1025A-3 ... Changer #n private key
1025A-4 ... Encryption means
1026A, 1026B ... Changer authentication data
1026A-H ... Heading
1026A-D: Encryption data
1027 ... Authentication data
1027 # n-1 ... Authentication data
1028 ... Coupling means
1029 ... Combined authentication data
1030A, 1030B ... External authentication means
1030A-A ... External authentication data
1030A-1 ... Coupling means
1030A-2 ... External secret key
1030A-3. Encryption means
1031A, 1031B ... authentication data
1031A-D: Encryption data
1031A-H ... Heading
1032A, 1032B ... authentication data
1033: Feature extraction means
1034: Changer authentication means
1040: Authentication confirmation means
1040A, 1040B ... Authentication confirmation means
1040 # n-1 ... Authentication confirmation means
1041 ... Date authentication
1041 # n-1 ... Date authentication
1042 ... Identity determination
1042 # n-1 ... Identity determination
1043 ... Authentication confirmation (repeated)
1044 ... Authentication confirmation means
1045 ... Date authentication
1046 ... identity determination
1097, 1098 ... Recording medium
1099: External certification body
1100 Network
1101 ... Document authentication system
1102 ... External authentication system
1103 ... Document change authentication system
1104: Certified document confirmation system
1110: Calculator
1111: Display device
1112 ... Input device
1113: Printing device
1114: External storage device
1115: Scanner
1116: CPU bus
1117 ... CPU
1118 ... ROM
1119 ... RAM
1120-1127 ... interface means
1128. Hard disk device
1129: Communication device
1130: Program storage unit
1131 Data storage unit
1132: Work area
1133: Document change authentication program
1134: External authentication program
1135: Certified document confirmation program
1401A ... Authentication data
1401A-D: Encryption data
1401A-H ... Heading
1402A ... Public key of external certification body
1403A ... Decoding means
1404A ... Modifier combined authentication data
1404A-D ... Modifier combined authentication data
1404A-D1 ... Changer authentication data
1404A-D2 ... External authentication data
1404A-H ... Heading
1405A: Separation means
1406A ... Changer authentication data
1407A: Previous authentication data
1408A ... Changer's public key
1410A ... feature data
1411A ... Feature extraction means
1412A ... feature data
1413A, 1413B ... collation means
1414A ... Separation means
S ... Electronic document data list
S1, S2, S3 ... Electronic document data arrangement part
S_sum ... Total value
S_s_stream: Total data list
IS ... Data arrangement at intervals
IS1, IS2, IS3 ... Data arrangement part at intervals
IS_sum [0],. . , IS_sum [255] ... array of total values of spaced data
IS_s_stream: Total data array at intervals
i, j ... counter

Claims (2)

A retrieval means for retrieving an electronic document and authentication data from an electronic document with authentication that has been authenticated for the author;
A document changing unit that generates a new electronic document by changing the electronic document extracted from the authenticated electronic document by the extracting unit ;
A difference extracting means for obtaining the changes data by extracting the change point of the electronic document and the new electronic documents retrieved from the authentication with an electronic document,
Feature extraction is performed on the new electronic document to extract first feature data, and the first feature data is encrypted with the encryption key of the changer who generated the new electronic document. First changer authentication means for generating data and generating changer authentication data based on the first encrypted feature data;
Feature extraction is performed on the changed portion data to extract second feature data, the second feature data is encrypted with the encryption key to generate second encrypted feature data, and the second encryption data A second changer authentication means for generating changer difference authentication data based on the feature data;
Combining means for generating combined authentication data based on the authentication data extracted by the extracting means and the changer authentication data generated by the first changer authentication means;
The combined authentication data generated by the combining means and the changer differential authentication data generated by the second changer authentication means are sent to an external authentication system, and external authentication for the combined authentication data in the external authentication system Communication means for receiving, from the external authentication system, the first external authentication data that has been executed and output, and the second external authentication data that has been output by external authentication with respect to the changer differential authentication data;
An authenticated electronic document creating means for creating a new authenticated electronic document based on the first external authentication data received by the communication means and the new electronic document generated by the document changing means;
An altered part data creation unit with authentication for generating new altered part data with authentication based on the second external authentication data and the altered part data; system.   A retrieval means for retrieving an electronic document and authentication data from an electronic document with authentication that has been authenticated for the author;
  A document changing unit that generates a new electronic document by changing the electronic document extracted from the authenticated electronic document by the extracting unit;
Differential extraction means for extracting change points between the electronic document extracted from the authenticated electronic document and the new electronic document to obtain changed portion data;
Feature extraction is performed on the new electronic document to extract first feature data, and the first feature data is encrypted with the encryption key of the changer who generated the new electronic document. First changer authentication means for generating data and generating changer authentication data based on the first encrypted feature data;
Feature extraction is performed on the changed portion data to extract second feature data, the second feature data is encrypted with the encryption key to generate second encrypted feature data, and the second encryption data A second changer authentication means for generating changer difference authentication data based on the feature data;
  Combining means for generating combined authentication data based on the authentication data extracted by the extracting means and the changer authentication data generated by the first changer authentication means;
  The combined authentication data generated by the combining means and the changer differential authentication data generated by the second changer authentication means are sent to an external authentication system, and external authentication for the combined authentication data in the external authentication system Communication means for receiving, from the external authentication system, the first external authentication data that has been executed and output, and the second external authentication data that has been output by external authentication with respect to the changer differential authentication data;
  The first external authentication data received by the communication means and the document changing means An authenticated electronic document creation means for generating a new authenticated electronic document based on the new electronic document formed;
  As a change part data creation unit with authentication for generating new change part data with authentication based on the second external authentication data and the change part data
  A computer-readable recording medium storing a program for causing a computer to function.

Images