JP2014127034A - Electronic contract system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce an operation load of an electronic contract service introduction company or a business client, and allow the business client to securely conclude an electronic contract with the service introduction company.SOLUTION: An electronic contract system assisting in a conclusion of an electronic contract between a first transaction entity and a second transaction entity includes: an electronic signature section 130 that executes an electronic signature to a document relating to the electronic contract for each first transaction entity; a signature application process section 120 that performs an authorization process upon execution of the electronic signature; and a document TB 171 that holds the document. The signature application process section 120 is configured to: receive an application of the electronic signature to the document from the first transaction entity; generate a one-time password for each authorization person; prepare an electronic mail including the one-time password; transmit the electronic mail to each authorization person; receive return mails from all of the authorization persons, and, when a corresponding one-time password is included in each return mail, the electronic signature is executed to the document by the corresponding electronic signature section 130.

Description

  The present invention relates to an electronic commerce technology, and more particularly to a technology effective when applied to an electronic contract system that supports an electronic commerce contract between companies.

  Electronic transactions using electronic certificates have become widespread in transactions involving various contracts such as sales contracts associated with ordering of products and the like, particularly continuous transactions between companies. Here, a company, a user, a terminal, a document, or the like, which is the subject of an electronic commerce contract, is authenticated or certified by an electronic certificate (or an electronic signature using the electronic certificate).

  As a technology related to this, for example, Japanese Patent Application Laid-Open No. 2011-45016 (Patent Document 1) discloses a terminal certificate issued in common to a plurality of terminal devices and a service certificate that enables provision of a predetermined service. Contract information associated with a contract identification code that can individually identify a contract for providing a predetermined service is stored in advance, and a service certificate corresponding to the contract identification code received from the terminal device authenticated by the terminal certificate is stored in the terminal device. When the server certificate to be transmitted to and the terminal certificate are stored in advance, the contract identification code established after the provision contract of the predetermined service is established, and authenticated from the server apparatus using the terminal certificate, A communication system including a terminal device that receives a service certificate corresponding to a contract identification code is described. As a result, when providing a service via the Internet, it is possible to authenticate the service provider and the device used to provide the service using an electronic certificate, and to communicate safely and easily between the device and the server. To do.

  Also, in Japanese Patent Laid-Open No. 10-327147 (Patent Document 2), contract information including contract details is transmitted from a service providing apparatus to a service receiving apparatus of each service receiver who is a contractor, and each contract information received is received. The service receiving device creates one-party signed contract information in which the service receiver's signature is added to the contract information and transmits the contract information to the service providing device. The service providing device transmits the one-party signed contract information transmitted from each service receiving device. E-commerce in an open network environment by creating and storing service provider-signed contract information signed by the service provider, storing it, and sending it to each service receiving device. Describes the technology to realize the authentication and notarization services required for.

JP 201145016 A Japanese Patent Laid-Open No. 10-327147

  When building an electronic contract system to support contract processing in electronic commerce, a certificate authority that issues electronic certificates to authenticate and certify users, terminals, and documents using electronic certificates In this case, there are cases where a so-called certified certificate authority is used and a non-certified certificate authority is used.

  The accredited certificate authority refers to a certificate authority that has been accredited by a certification business accreditation system under the so-called electronic signature law. In general, when using a certificate authority, the security and reliability of the electronic certificate itself is relatively high, but the certificate acquisition procedure is complicated, expensive, and the burden on the acquirer is high, making it difficult to spread widely. is there. On the other hand, when using non-accredited certificate authorities other than accredited certificate authorities, safety and reliability may be inferior. Although it depends on the operating company, it is relatively easy, so it is superior in terms of ease of use.

  When constructing an electronic contract support system that performs contract processing using an electronic signature using an electronic certificate, a non-certified certification authority considering the ease of use in terms of cost and flexible response as the certificate issuer The following problems may arise even when using. For example, in a company or the like, a process is often performed in which a person in charge of a subordinate or the like makes a decision on behalf of an agent (for example, electronically signs a contract) instead of a busy decision-making authority directly making a decision. At this time, the other party does not know whether the decision (electronic signature) was actually made by the decision-maker or based on the intention of the decision-maker Therefore, the other party is forced to conclude a contract while taking the risk that the contract will be denied.

  For companies that introduce electronic commerce mechanisms and services based on electronic contracts, for example, every time a basic contract is signed with a business partner to make the service available, the electronic certificate for that business partner is not certified. It is necessary to obtain and pass it from the station (or to obtain it separately from the non-certified certification authority), and the operation becomes complicated. In addition, when there are multiple companies that have signed a basic contract for a business partner, if these companies have different systems and systems for electronic commerce by electronic contract, it is necessary to use a different system for each company. And the operation becomes complicated.

  Accordingly, an object of the present invention is to provide an electronic contract system that reduces the operational load on companies that introduce electronic contract services and business partners, and that enables business partners to securely conclude electronic contracts with service introduction companies. It is to provide.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  An electronic contract system according to a representative embodiment of the present invention is a system that supports the conclusion of an electronic contract between a first transaction entity and a second transaction entity in an electronic commerce transaction. For each first business entity, an electronic signature unit that electronically signs a document related to an electronic contract for the first business entity, and an electronic signature for the document for the first business entity A signature application processing unit that performs an approval process, and a document recording device that holds the document for each of the first transaction entities.

  The signature application processing unit accepts an application for an electronic signature for the document from the first transaction entity, and for each one or more first approval rights holders in the first transaction entity included in the application Generating a first one-time password, creating a first e-mail containing information identifying the first one-time password and the document, and sending the first e-mail to each first authorized person; Content that matches the first one-time password assigned to the corresponding first approval authority in a response received from the first approval authority for the first e-mail Is included, the electronic signature unit corresponding to the first transaction entity performs an electronic signature on the document.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  In other words, according to a typical embodiment of the present invention, the operation load of a company that introduces an electronic contract service and a business partner is reduced, and the business partner securely concludes an electronic contract with the service introduction company. Is possible.

It is the figure which showed the outline | summary about the structural example of the electronic contract system which is Embodiment 1 of this invention. It is the figure which showed the outline | summary about the structural example of the electronic contract service using the non-certified certification authority in Embodiment 1 of this invention. It is the flowchart which showed the outline | summary about the example of the flow of a process until the service introduction company in Embodiment 1 of this invention becomes able to use an electronic contract service. It is the figure which showed the outline | summary about the example of the flow of a process when the service introduction company in Embodiment 1 of this invention receives an estimate request from a potential customer. It is the figure which showed the outline | summary about the example of the flow of a process in case the service introduction company in Embodiment 1 of this invention has concluded the basic contract of a transaction with a new customer. It is the figure which showed the outline | summary about the example of the flow of a process in case the contract of an individual transaction is concluded between the service introduction company and customer in Embodiment 1 of this invention. It is the figure which showed the outline | summary about the example of the flow of an electronic signature application process for obtaining the predetermined | prescribed approval required in order to perform an electronic signature on the document in Embodiment 1 of this invention. It is the figure which showed the outline | summary about the example of the flow of the electronic signature application process in Embodiment 2 of this invention. It is the figure which showed the outline | summary about the example of the flow of a process when the service introduction company in Embodiment 3 of this invention concludes the basic contract of a transaction with a new customer. It is the figure which showed the outline | summary about another example of the flow of a process when the service introduction company in Embodiment 3 of this invention has concluded the basic contract of a transaction with a new customer. It is the figure which showed the outline | summary about the structural example of the electronic contract service using the accredited certification authority in a prior art. It is the figure which showed the outline | summary about the structural example of the electronic contract service using the non-certified certificate authority in a prior art. It is the figure which showed the outline | summary about the other structural example of the electronic contract service using the non-certified certificate authority in a prior art.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted. In the following, in order to make the features of the present invention easier to understand, the description will be made in comparison with the prior art.

  FIG. 11 is a diagram showing an outline of a configuration example of an electronic contract service using a certified certificate authority in the prior art. In this case, a service introduction company ("Company A (300a ')" in the figure) that has concluded a basic transaction contract for performing electronic commerce by an electronic contract and a customer ("Customer 2 (402'" in the figure)). ) ") Can conclude a contract through the electronic contract system 101 by concluding a contract for use of the electronic contract service with a service vendor that operates the electronic contract system 101, respectively.

  At this time, the service introduction company and the business partner individually apply for an electronic certificate acquisition to the authorized certificate authority 201 and acquire an electronic certificate for use in the electronic contract service. In the case where another company (such as “Company B (300b ′)”, “Business Partner 1 (401 ′)”, “Business Partner 3 (403 ′)”, etc.) newly uses the electronic contract service. Enters into a contract for using an electronic contract service with a service vendor that individually operates the electronic contract system 101, and obtains an electronic certificate from the authorized certificate authority 201. In this way, it is necessary for service introduction companies and business partners using the electronic contract service to individually perform electronic certificate acquisition processing, which is a heavy burden in terms of costs and procedures.

  FIG. 12 is a diagram showing an outline of a configuration example of an electronic contract service using a non-certified certificate authority in the prior art. In this example, a service introduction company (“Company A” to “C Company” in the figure) that introduces an electronic contract service and conducts electronic commerce by electronic contract is individually developed by the system vendor 101 ′. Each of the business partners ("Business Partner 1 (401 '" in the figure) that has concluded a basic transaction contract by the contract system ("Company A Electronic Contract System (100a)", "Company B Electronic Contract System (100b)"). ) ”To“ Business Partner 3 (403 ′) ”) to conclude an electronic contract for electronic commerce. The electronic certificate used for the electronic contract is acquired from the non-certified certificate authority 200 by each service introduction company (electronic contract system). It is also possible to adopt a configuration in which a registration operation is performed in which an electronic certificate used by each business partner that has concluded a basic transaction contract is acquired and issued.

  In the example of FIG. 12, “Business Partner 2 (402 ′)” has concluded a basic transaction contract with both “Company A” and “Company B”, and electronic commerce can be performed with both parties through an electronic contract. Is possible. However, since the “Company A electronic contract system (100a)” and the “Company B electronic contract system (100b)” are separately developed systems, their interfaces and specifications are not necessarily the same. Therefore, it is complicated for “customer 2 (402 ′)” to use different electronic contract systems depending on whether the other party of the transaction is “Company A” or “Company B”.

  FIG. 13 is a diagram showing an outline of another configuration example of an electronic contract service using a non-certified certificate authority in the prior art. In this example, the functions of the electronic contract systems ("Company A electronic contract system (100a)", "Company B electronic contract system (100b)") individually owned by each service introduction company in the configuration of FIG. Is configured so that the system vendor 101 'provides it as a service via the network as an ASP (Application Service Provider). Although the system operation load of the service introduction company ("Company A (300a ')" and "Company B (300b')" in the figure) is reduced, "Business Partner 2 (402 ')" is the electronic contract system. The necessity for proper use is the same as in the example of FIG.

<Embodiment 1>
In order to deal with the above-described problems, the electronic contract system according to the first embodiment of the present invention performs a certificate registration operation (identification and certificate issuance request and distribution) with respect to a non-certified certificate authority. This reduces the system operation load of service-introducing companies by carrying out all of the services on behalf of the business partners. Further, by configuring the system as a system that can be used in common by all service introduction companies, it is not necessary for the customer to use the electronic contract system separately regardless of the service introduction company of the other party of the transaction. In addition, when a service-introducing company or a business partner uses a digital certificate to digitally sign documents such as contracts stored in the electronic contract system, approval must be made based on the intention of the approval authority. By having an electronic signature application process that guarantees the above, it is possible for a business partner to securely conclude an electronic contract with a service introduction company.

[System configuration]
FIG. 1 is a diagram showing an outline of a configuration example of an electronic contract system that is Embodiment 1 of the present invention. The electronic contract system 100 is an information processing system that is operated by, for example, a company such as a system vendor that provides an electronic contract service, and includes a server device and a virtual server in a cloud computing environment.

  This electronic contract system 100 is an individual service introduction company that is an individual system of a non-certified certificate authority 200 or a service introduction company ("Company A" to "C" in the figure) via a network such as the Internet (not shown). System 300 (collectively referring to “Company A individual system (300a)” to “C Company individual system (300c)” in the figure), suppliers of each service introduction company (in the figure, “customer 1” to “customer” 5 "), which is an individual system, can be connected by communication with a customer system 400 (collectively" customer 1 system (401) "to" customer 5 system (405) "in the figure).

  The electronic contract system 100 includes, for example, an interface unit 110, a signature application that is implemented as a software program that runs on middleware such as an OS (Operating System), a DBMS (DataBase Management System), and a Web server program (not shown). Processing unit 120, electronic signature unit 130 (collectively referring to “Company A electronic signature unit (130a)” to “C company electronic signature unit (130c)”), certificate registration processing unit 140, supplier management unit 150 , A user management unit 160, a document management unit 170, and the like. Note that these units may be implemented as a subsystem of the electronic contract system 100 or as an independent system.

  The interface unit 110 has a function of providing a user interface such as an operation screen for a user of an electronic contract service by the electronic contract system 100. For example, a screen is displayed on a Web browser on an information processing terminal used by a user using a Web server program (not shown).

  The signature application processing unit 120 accepts an application for an electronic signature for a document stored in the electronic contract system 100 from a service introduction company, a business partner system, or a person in charge, and requests an approval from a designated approval authority. It has a function of performing a series of signature application processes in which an electronic signature is applied to a target document by an electronic signature unit 130, which will be described later, when approved by all approval rights holders. The approval status such as the approval request and approval result for each approval authority is recorded in the approval status table (TB) 123 implemented by a database or file table. Details of the signature application process will be described later.

  The signature application processing unit 120 further includes a one-time password (OTP) processing unit 121 having a function of generating a one-time password used in the signature application processing, and a document designated for a designated mail address. Is further provided with a mail processing unit 122 having a function of a general mail server for sending a message by e-mail. For these functions, general known servers, programs, libraries, and the like can be used as appropriate.

  The electronic signature unit 130 is a target service introducing company when the document application related to the electronic contract for each introducing company of the electronic contract service is approved by each approval authority by the signature application processing unit 120 described above. It has a function to automatically perform electronic signatures. For this purpose, each electronic signature unit 130 receives an electronic certificate from the non-certified certificate authority 200 by the certificate registration processing unit 140 described below prior to the start of service provision for the target service introduction company. This shall be retained. In this embodiment, the electronic signature unit 130 is individually implemented for each service introducing company. However, if the electronic signature can be individually provided for each service introducing company, the electronic signature unit 130 should be implemented collectively. Is also possible.

  The certificate registration processing unit 140 receives a request for issuing an electronic certificate from a service introducing company, and performs a registration operation for requesting the non-certified certification authority 200 to issue an electronic certificate for the service introducing company or its business partner. It has the function of. The certificate registration processing unit 140 may further include a form creation unit 141 that creates and outputs a form in a predetermined format required when making a certificate issuance request to the non-certified certificate authority 200. Good.

  The supplier management unit 150 holds, in the supplier table (TB) 151, information on suppliers that each service introduction company that uses the electronic contract service by the electronic contract system 100 has concluded a basic transaction contract and registers. And a function for managing updates and the like. By referring to this business partner TB 151, the electronic contract system 100 is used to conclude an electronic contract only between each service introducing company and a business partner that has concluded a basic business contract with them. Control can be performed so that a commercial transaction can be performed.

  For a user who can access the electronic contract system 100, the user management unit 160 stores attribute information such as name and company, authentication information such as a user ID and password, and information such as access authority in the user table (TB) 161. In addition to holding, it has a function of managing registration and updating. The users here include, in addition to the administrator of the electronic contract system 100, etc., each service introduction company, the person in charge of the business partner, the approval right holder at the time of electronic signature, and the like.

  The document management unit 170 stores in the document table (TB) 171 an original document related to the electronic contract concluded through the electronic contract system 100 and permits reference to an access request from a user having access authority. It has a document management function. For this function as well, general known document management systems and programs can be used as appropriate.

  The non-accredited certificate authority 200 is, for example, a JCAN (registered trademark) root certificate authority that issues a public certificate of the JCAN (registered trademark) specification operated by JIPDEC (registered trademark: Japan Information Economy, Society and Society Association). By using, it is possible to issue an electronic certificate at a low cost. At this time, it is also possible for the operating company of the electronic contract system 100 to receive an authorization (LRA authorization) from JIPDEC (registered trademark) and register an electronic certificate of JCAN (registered trademark) specifications. Instead of using such a public certificate, the operating company of the electronic contract system 100 may construct the non-certified certificate authority 200 and issue a private electronic certificate.

  Each service introduction company individual system 300 ("Company A individual system (300a)" to "C company individual system (300c)" in the figure), for example, presents a quote from a request for a quotation with a business partner, and contracts. It is an information processing system such as a core cooperation system that carries out a series of electronic commerce transactions from the conclusion to the transaction. Similarly, for each supplier system 400 ("partner 1 system (401)" to "partner 5 system (405)" in the figure), for example, an estimate request can be made with a service introduction company. This is an information processing system that carries out a series of electronic commerce transactions from receipt, contract conclusion, and transaction. In addition, as business partners, for example, not only suppliers of products etc. for service introduction companies, but also sales partners such as customers and consignees such as maintenance companies, etc., companies that are counterparties to conclude electronic contracts, etc. included.

  FIG. 2 is a diagram showing an outline of a configuration example of an electronic contract service using a non-certified certificate authority in the present embodiment. Here, the electronic contract system 100 receives a request from a service introducing company (“Company A (300a ′)”, “Company B (300b ′)” in the figure) and performs certificate registration for the non-certified CA 200. By adopting a configuration in which the service introduction company and the business partner (in the figure, “Business Partner 1 (401 ′)” to “Business Partner 3 (403 ′)”) are individually received from the non-certified CA 200 It is not necessary to perform processing to receive certificate issuance.

  In addition, each service introduction company can perform processing related to the electronic contract by the electronic contract system 100 by concluding the use contract of the electronic contract service with the operating company of the electronic contract system 100. It becomes possible to reduce the system operation load. Further, by adopting a configuration for centrally managing information on business partners who have concluded business basic contracts for each service introduction company in the business partner TB 151, a business partner ("business partner 2 (402 ')" in the figure). ), The same electronic contract system 100 can be used regardless of the service introduction company of the other party.

[Process flow]
FIG. 3 is a flowchart showing an outline of an example of a processing flow until the service introduction company can use the electronic contract service. First, the service introduction company applies for the use contract of the electronic contract service to the operating company of the electronic contract system 100 (S01), and if the predetermined requirement is satisfied, the contract is concluded (S02). The above processing has been described as being performed manually by the service introducing company and the operating company of the electronic contract system 100. However, the processing is systematically performed between the individual system 300 of the service introducing company and the electronic contract system 100. May be.

  When the service contract is concluded, in the electronic contract system 100, the company information such as the attributes of the target service introducing company is manually or automatically by the administrator or the like, a table such as a service introducing company master (not shown), the customer TB 151, etc. (S03). When the business partner of the target service introduction company is known in advance, the information may be registered in the business partner TB 151 at this time. Further, the corresponding electronic signature unit 130 is mounted for the target service introducing company (S04). For example, a program, a module, a server, etc. for the target service introducing company are appropriately installed.

  Thereafter, the service introduction company uses the electronic contract system based on an instruction (for example, an instruction made by accessing the electronic contract system 100 using a Web browser or the like) via the information introduction terminal of the service introduction company individual system 300 or a person in charge. An application for issuing an electronic certificate for the service introducing company is made to 100 (S05). In the electronic contract system 100 that has accepted the issuance application, the certificate registration processing unit 140 creates an application form by the form creation unit 141 as necessary, and then issues an electronic certificate to the non-certified certification authority 200. A request is made (S06).

  The non-accredited certificate authority 200 that has received the issue request issues a digital certificate after performing predetermined determination processing on the application content (S07) and sends it to the electronic contract system 100 (S08). The electronic contract system 100 stores the received electronic certificate so that the electronic signature unit 130 corresponding to the target service introducing company can use it (S09). An electronic certificate may be sent to a service introduction company so that the service introduction company can independently sign an electronic signature.

  FIG. 4 is a diagram showing an outline of an example of the flow of processing when a service introduction company receives an estimate request from a potential business partner. First, in a potential business partner, based on an instruction (for example, an instruction made by accessing the service introducing company individual system 300 using a Web browser or the like) via the information processing terminal such as the business partner system 400 or a person in charge A request for an estimate of a product or the like is made to the introduced company individual system 300 (S11). In the service introduction company individual system 300, an estimate is created automatically or manually by the person in charge based on the contents of the request (S12), and this is automatically sent to the electronic contract system 100 or based on an instruction via the information processing terminal of the person in charge. Upload and request registration (S13). In the electronic contract system 100, the document management unit 170 registers the uploaded estimate in the document TB 171 (S14).

  Furthermore, in the service introducing company individual system 300, a predetermined approval necessary for electronically signing the uploaded quotation to the electronic contract system 100 based on an instruction through an information processing terminal of the person in charge or automatically. An electronic signature application process, which is a process for obtaining the above, is performed (S15). The contents of the electronic signature application process will be described later.

  When approval by a predetermined approval authority is obtained in the service introduction company that created the estimate by the electronic signature application process, the electronic contract system 100 uses the electronic signature unit 130 corresponding to the target service introduction company to An electronic signature is given to the estimate (S16), and access authority etc. are set so that it can be viewed from the target customer system 400 or a person in charge (S17). At this time, the customer system 400 or the person in charge may be notified by e-mail or the like that the estimate with the electronic signature is registered and can be viewed.

  In the example of FIG. 4, when the electronic signature application process is completed (S15), an electronic signature is applied to the estimate (S16), which can be viewed (S17), but the estimate is registered (S14). An electronic signature may be provided in advance so that the electronic signature can be viewed (access restriction is released) when the electronic signature application process is completed.

  After the estimate can be browsed, for example, the person in charge of the supplier makes a browse request for the estimate stored in the electronic contract system 100 using the information processing terminal (S18). Here, for example, a browsing request can be made to the electronic contract system 100 via the Web site of the service introducing company individual system 300 using a Web browser or the like on the information processing terminal. In the electronic contract system 100, the requested estimate is obtained from the document TB 171 and output (step S19), and the person in charge of the supplier browses it using the information processing terminal (step S20). .

  FIG. 5 is a diagram showing an outline of an example of the flow of processing when a service introducing company concludes a basic transaction contract with a new business partner. First, a service introduction company and a business partner conclude a basic contract for the transaction (S21). The contract here is made in writing, etc., but if possible, the service introduction company or the person in charge of the business partner accesses the service introduction company individual system 300 or the customer system 400 using the information processing terminal. This may be done systematically.

  When the basic transaction contract is concluded, the service introduction company makes an agreement about the target supplier with respect to the electronic contract system 100 based on an instruction via the information introduction terminal such as the service introduction company individual system 300 or the person in charge. An information registration request is made (S22). In the electronic contract system 100 that has received the request, the business partner management unit 150 registers the information of the target business partner with the target service introduction company in the business partner TB 151 (S23).

  Thereafter, the service introducing company applies to the electronic contract system 100 for issuing an electronic certificate for the target business partner based on the instruction through the information processing terminal of the service introducing company individual system 300 or the person in charge. Perform (S24). The electronic contract system 100 that has accepted the issuance application receives an issuance of an electronic certificate from the non-certified certification authority 200 by the same process as the process in steps S06 to S09 in the example of FIG. 3 based on the application content (S25). This is sent to the supplier (or supplier system 400) (S26).

  The supplier system 400 stores the received electronic certificate so that it can be used for electronic signatures (S27). Note that the above certificate distribution process is only performed for the first time when a service-introducing company enters into a basic contract with a new business partner, and is not required after the electronic certificate has been distributed to the business partner. .

  FIG. 6 is a diagram showing an outline of an example of the flow of processing when an individual transaction contract is concluded between a service introducing company and a business partner. First, the supplier applies for a contract to the service introducing company individual system 300 based on an instruction via the information processing terminal such as the supplier system 400 or a person in charge, as in the case of the request for quotation (S31). ). In the service introduction company individual system 300, a contract is created automatically or manually by the person in charge based on the contents of the application and the estimate (S32), and the information processing terminal of the person in charge is automatically or electronically connected to the electronic contract system 100. The registration request is made by uploading based on the received instruction (S33).

  In the electronic contract system 100, document management is performed after confirming whether the target business partner is registered with reference to the business partner TB 151, that is, after confirming whether the target business partner can use the electronic contract service. The uploaded contract is registered in the document TB 171 by the unit 170 (S34). Further, in the service introducing company individual system 300, in order to electronically sign the uploaded contract document to the electronic contract system 100 automatically or based on an instruction from the person in charge, similar to step S15 in the example of FIG. The electronic signature application process is performed (S35).

  When approval by a predetermined approval authority is obtained in the service introduction company that created the contract by the electronic signature application process, the electronic contract system 100 uses the electronic signature unit 130 corresponding to the target service introduction company to An electronic signature is given to the contract (S36), and access authority etc. are set so that the contract can be viewed from the target customer system 400 or a person in charge (S37). At this time, the customer system 400 or the person in charge may be notified by e-mail or the like that the contract with the electronic signature has been registered and can be viewed.

  After the contract can be browsed, for example, the person in charge of the business partner is stored in the electronic contract system 100 via the website of the service introducing company individual system 300 using the information processing terminal. A browsing request for the contract is made (S38). At this time, it is also possible to request the electronic contract system 100 for a list of documents that can be browsed, and to select a contract to be browsed from the obtained list. In this case, in the electronic contract system 100, the document management unit 170 extracts and presents a list of documents for which the target business partner has access authority from the document TB171. The electronic contract system 100 that has received the browsing request obtains the requested contract from the document TB 171 and outputs it (S39), and the person in charge of the supplier uses the information processing terminal to present it. The contents are browsed and contents are added as necessary (S40).

  Thereafter, at the business partner, in order to electronically sign the contract for the electronic contract system 100 based on an instruction through the information processing terminal of the person in charge or automatically, the same as step S15 in the example of FIG. Electronic signature application processing is performed (S41). When the supplier obtains approval by a predetermined approval authority by the electronic signature application process, the supplier system 400 performs an electronic signature on the target contract (S42) and electronically converts the signed contract. The contract system 100 is requested to upload and store it as an original (S43). In the electronic contract system 100, the received contract document is stored in the document TB 171 as an original (S44).

  The electronic signature processing (S42) by the supplier is executed on the electronic contract system 100 in the same manner as in step S36, and is executed in cooperation with the approval result of the electronic signature application processing (S41). It may be.

  FIG. 7 is a diagram showing an outline of an example of a flow of an electronic signature application process for obtaining a predetermined approval necessary for applying an electronic signature to a document such as an estimate or a contract. This process is, for example, a process performed in step S15 in the above-described example of FIG. 4 and steps S35 and S41 in the example of FIG. Here, a case where a person in charge of contract work at a service introduction company or a business partner uses the information processing terminal to access the electronic contract system 100 and manually instruct the electronic signature application processing is shown as an example. .

  First, the person in charge makes an inquiry request for a list of documents to be digitally signed to the electronic contract system 100 using the person-in-charge terminal 311 (S51). In the electronic contract system 100, a document that can be digitally signed by the service introducing company or business partner to which the subject person in charge belongs (for example, a document that has access authority and has not yet been digitally signed) by the document management unit 170. Is extracted from the document TB 171 and acquired to present it to the person-in-charge terminal 311 (S52).

  The person in charge selects a document (estimate or contract) to be electronically signed from the list of documents presented on the person-in-charge terminal 311 (S53), and further requires approval when making the electronic signature. One or more authorized persons such as superiors are selected (S54). When selecting the approval right holder, for example, the user is selected from those who are registered in advance in the user TB 161 by the user management unit 160 in the electronic contract system 100 (that is, those who can access the electronic contract system 100). May be. Thereafter, an electronic signature application request is made to the electronic contract system 100 (S55). The request includes the target document and approval right holder information.

  In the electronic contract system 100 that has received the request for the electronic signature application, the signature application processing unit 120 assigns an application ID, registers an entry for tracking the approval status in the approval status TB 123, and then registers the OTP processing unit 121. Thus, a unique one-time password is generated and assigned to each authorized person (S56). After that, an approval request e-mail document including an application ID, information such as a file name identifying the target document, and one-time password information generated in step S56 is created for each approval authority, and this is processed by mail. The part 122 transmits the information to the e-mail address of each authorized person (S57).

  When each approval authority receives an approval request e-mail from the approval authority terminal 312 (S58), the electronic contract system 100 browses the target document based on the application ID and document specific information included therein. Each request is made (S59). Upon receiving the browsing request, the electronic contract system 100 obtains and outputs the requested document from the document TB 171 (S60), and each approval authority uses the approval authority terminal 312 to display the contents of the document. (S61).

  If there is no problem in the content of the document, each approval authority returns the approval request received in step S58 to the sender as it is (S62). When the electronic contract system 100 that is the transmission source receives the e-mail of the returned approval request, the one-time password included therein is combined with the one-time password assigned to the target approval authority in step S56. It is checked whether or not it is done, and the result is recorded in the approval status TB123 (S63).

  If replies to the approval request e-mail are received from all approval rights holders and the one-time password included therein matches the one assigned in step S56, it is assumed that the approval has been properly made. The process proceeds to the subsequent electronic signature processing by the electronic contract system 100 or the supplier system 400. Note that the one-time password did not match, for example, when the electronic contract system 100 did not receive a response to the e-mail of the approval request within a predetermined response time, or for reasons such as rejection of approval or impersonation by a third party. In such a case, the electronic signature is not performed because the electronic signature application is rejected.

  Such a process ensures that the approval process is performed by the predetermined approval authority (or based on the intention of the predetermined approval authority) without placing a burden on the approval authority. It is possible to prevent a person from signing an electronic signature without obtaining approval from the approver.

  As described above, according to the electronic contract system 100 according to the first embodiment of the present invention, the certificate registration work for the non-certified certificate authority 200 can be performed collectively on behalf of the service introduction company and the business partner. Thus, it is possible to reduce the system operation load of the service introducing company. In addition, by configuring the system as a system that can be used in common by all service introduction companies, it is not necessary for the customer to use the electronic contract system separately regardless of the service introduction company of the other party of the transaction. In addition, when a service introduction company or a business partner uses a digital certificate to electronically sign a document such as a contract stored in the electronic contract system 100, approval is performed based on the intention of the approval right holder. By having an electronic signature application processing process that guarantees this, it becomes possible for a business partner to securely conclude an electronic contract with a service introduction company.

<Embodiment 2>
The above-described electronic contract system 100 according to the first embodiment has a mechanism for guaranteeing that approval is performed based on the intention of the approval authority by having the electronic signature application process as shown in the example of FIG. doing. However, in the electronic signature application process as shown in the example of FIG. 7, for example, the approval request e-mail from the signature application processing unit 120 is received by the approval authority, for example, the e-mail address of the approval authority is erroneously registered. If it is erroneously transmitted to a person other than the above, it cannot be excluded that a person other than the person with the authorization right simply approves the electronic mail.

  In view of this, the electronic contract system 100 according to the second embodiment of the present invention avoids a problem in the case of erroneous transmission of an e-mail by adopting a method in which the authorization right person himself inputs and approves the one-time password to the system. It is possible to do. The system configuration and processing contents are basically the same as the contents shown in the above-described first embodiment. Therefore, the re-description is omitted, but the flow of electronic signature application processing that is a difference is described below. explain.

  FIG. 8 is a diagram showing an outline of an example of the flow of the electronic signature application process in the present embodiment. In the electronic signature application process, the person in charge first selects a document to be signed using the person-in-charge terminal 311, and further selects one or more authorized persons (assuming that the approval order is also set). FIG. 7 of the first embodiment up to where the signature application request is made to the electronic contract system 100 (S75) and until the electronic contract system 100 that has received the signature application request generates a one-time password (S76). Since this is the same as steps S51 to S55 and S56 of the electronic signature application process shown in the example of FIG.

  Thereafter, the mail processing unit 122 of the electronic contract system 100 displays the application ID, the one-time password generated in Step 76, the approval right holder so far (if any), and the approval-only screen provided by the interface unit 110. An approval request e-mail document including URL (Uniform Resource Locator) information for accessing is sent to the e-mail address of the next approval authority in the approval order (S77).

  When the target approval authority receives the approval request e-mail from the approval authority terminal 312 (S78), it accesses the URL of the approval screen included therein and logs in to the approval screen (S79). At this time, it is assumed that the approval authority inputs a normal login ID and password for the electronic contract system 100 and a one-time password included in the approval request e-mail. It is also possible to enter the one-time password by accessing the URL itself by making the URL for the approval-only screen a unique URL that is generated each time, for example, including the one-time password. is there.

  In the electronic contract system 100, based on the user TB 161 and the approval status TB 123, verification of the login ID and password, confirmation of the authorization right person, and verification for verifying the one-time password by the signature application processing unit 120 or the like Processing is performed (S80). If there is no problem with the authentication result, the approval status TB 123 is referred to, and an unapproved document or a list of cases for the target approval authority is displayed and presented on the approval authority terminal 312 (S81).

  The approval authority identifies the approval target case from the list of unapproved cases displayed on the approval authority terminal 312 and inputs approval / non-approval (S82). At this time, as in steps S59 to S61 in the example of FIG. 7, processing for browsing a document related to the target case may be performed. Information on the approval result is registered in the approval status TB 123 by the signature application processing unit 120 of the electronic contract system 100 (S83).

  If the case is approved, a new one-time password is generated in the same manner as step S76 in order to perform the approval process for the next approval authority (S84), and an e-mail requesting approval is sent to the next approval authority. Is transmitted (S85). The subsequent processing (S86-) is the same as the above-described steps S78-S83).

  In this way, the workflow of the approval process can be configured by repeating the series of processes in steps S76 to S83 in order for each approval authority. As for the approval status in the workflow, for example, the person in charge can access the electronic contract system 100 using the person-in-charge terminal 311 to check the approval status obtained based on the contents of the approval status TB 123 as needed. Note that when the last approval right holder of the workflow, that is, the approval right holder who owns the electronic certificate issued from the electronic contract system 100, performs the approval process, for example, on the approval-only screen, It is desirable to display a confirmation message such as "Are you sure?"

  In the example of FIG. 7 in the first embodiment, an approval request e-mail is sent to a plurality of approval right holders at the same time, and each approval right person performs an approval process individually, and the approval is obtained when everyone approves. Although an asynchronous procedure is taken, it is also possible to apply a synchronous procedure by a workflow according to the approval order as in this embodiment to the electronic signature application processing in the first embodiment. Conversely, the asynchronous procedure as in the first embodiment can be applied to the electronic signature application process in the present embodiment.

  As described above, according to the electronic contract system 100 according to the second embodiment of the present invention, an approval-dedicated screen is provided for each item or document, and information on the URL for this is embedded in the approval request. The login ID and password for the system, and the one-time password are input. That is, the approval process cannot be performed unless these pieces of information are available. As a result, for example, even if the user ID and password are leaked or the latest one-time password is leaked, it is possible to prevent the approval process from being performed by accessing the approval-only screen, It is possible to avoid the problem at the time of erroneous transmission of an approval request e-mail, etc. by guaranteeing that it is performed.

<Embodiment 3>
In the electronic contract system 100 according to the first embodiment described above, the person in charge of the service introduction company, when the service introduction company has concluded a basic contract of transaction with a new business partner, by the process shown in the example of FIG. Have a mechanism for registering information of business partners in the electronic contract system 100 and issuing an electronic certificate. This improves the convenience of the system.

  However, in a system that allows a service introduction company to freely register a business partner in the electronic contract system 100 and issue an electronic certificate at its own responsibility, for example, registration of a fictitious business partner or internal credit review Registration as a business partner of a company that has not passed is possible, and the security of the electronic contract system 100 is impaired.

  Therefore, the electronic contract system 100 according to the third embodiment of the present invention prevents the unlimited registration of business partners through an approval process when a service introducing company newly registers business partners, and the safety of the system. It is to secure the sex. Since the system configuration and processing contents are basically the same as the contents shown in the first embodiment, the re-description is omitted. The flow of processing related to will be described below.

  FIG. 9 is a diagram showing an outline of an example of the flow of processing when a service introduction company has concluded a basic contract of transaction with a new business partner in the present embodiment. Here, an example is shown in which the target business partner has already concluded a basic contract with another service introduction company and has been issued an electronic certificate via the electronic contract system 100.

  First, similarly to step S21 in the example of FIG. 5 of the first embodiment, the service introducing company and the business partner conclude a basic transaction contract (S91). When the basic transaction contract is concluded, the service introduction company makes an agreement about the target supplier with respect to the electronic contract system 100 based on an instruction via the information introduction terminal such as the service introduction company individual system 300 or the person in charge. A registration information confirmation request is made (S92). Here, for example, the target business partner is specified by inputting the ID of the electronic certificate already owned by the target business partner or the e-mail address of the owner. In the electronic contract system 100 that has received the request, information of the target supplier is acquired from the supplier management unit 150 and presented (S93). The service introduction company confirms the contents of the registered information of the supplier based on the instruction via the information introduction terminal such as the individual service introduction company system 300 or the person in charge (S94).

  After that, based on the instruction through the information processing terminal such as the service introduction company individual system 300 or the person in charge, one or more approval right holders (assuming the approval order is also set) for the registration of the business partner are selected. (S95). Note that the approval right holder includes the owner of the electronic certificate issued from the electronic contract system 100. For each selected approval right holder, a series of steps subsequent to step S75 in the signature application process shown in FIG. 8 of the second embodiment (in this embodiment, the approval request is not a signature application request but a supplier registration). By the same processing as the above processing, approval processing for approving the registration of business partners in order by the workflow is performed by a plurality of approval right holders (S96). When each approval authority approves, for example, a confirmation message such as “Do you confirm that you are a legitimate business partner who passed credit review etc. in the company?” Is displayed on the approval screen. Is desirable.

  When approval is given by the final approval right holder (that is, the owner of the electronic certificate), the electronic contract system 100 is registered as a business partner with respect to the business partner system 400 or the information processing terminal of the person in charge of the business partner. A request for consent to be made is made (S97). For example, the request can be made by sending an e-mail by the mail processing unit 122. At this time, for example, it is desirable to display a confirmation message such as "Are you sure you want to be registered as a business partner by (service introduction company)?"

  The supplier accepts input of consent / disapproval for registering as a business partner based on an instruction via the information processing terminal of the business partner system 400 or the approval right holder (that is, the owner of the electronic certificate). A response is made to the electronic contract system 100 (S98). In the electronic contract system 100, when a response of acceptance is received, the supplier management unit 150 newly registers the target customer as a customer of the target service introduction company and registers it in the customer TB 151 (S99).

  FIG. 10 is a diagram showing an overview of another example of the flow of processing when the service introduction company has concluded a basic transaction contract with a new business partner in the present embodiment. Here, an example is shown in which the target business partner has not yet concluded a basic contract with any service introduction company and has not received an electronic certificate issued via the electronic contract system 100. Yes.

  First, similarly to step S21 in the example of FIG. 5 of the first embodiment, the service introducing company and the business partner conclude a basic transaction contract (S101). When the basic transaction contract is concluded, the service introduction company, as in step S22 in the example of FIG. 5, uses the electronic contract system based on an instruction through the information introduction terminal such as the service introduction company individual system 300 or a person in charge. 100 is requested to register information about the target business partner (S102). The information on the target business partner includes, for example, an electronic mail address of an electronic certificate issuance partner and company information. In the electronic contract system 100 that has received the request, the supplier management unit 150 temporarily registers the information of the target supplier in association with the target service introduction company in the supplier TB 151 (S103).

  After that, approval similar to the series of processing of steps S95 and S96 shown in the example of FIG. 9 is performed in order to approve the registration of business partners in order by a workflow by one or more approval right holders selected in the service introducing company. Processing is performed (S104, 105).

  When the final approval right holder (that is, the owner of the electronic certificate) approves, the electronic contract system 100 sends the electronic contract system 100 to the customer system 400 or the information processing terminal of the person in charge of the customer. Notification is made by e-mail or the like to access (S106). This notification includes, for example, information such as a temporary login ID and password issued by the user management unit 160 and an access destination URL.

  The supplier accesses the electronic contract system 100 via the information processing terminal of the person in charge and performs the first login process (S107). In the electronic contract system 100, when the login is successful, the electronic contract system 100 requests the supplier system 400 or the information processing terminal of the person in charge of the supplier to consent to being registered as the supplier (S108). For example, the request can be made by electronic mail as in step S97 in the example of FIG. The request may be displayed on the screen after login. At this time, for example, it is desirable to display a confirmation message such as "Are you sure you want to be registered as a business partner by (service introduction company)?"

  Based on an instruction through the information processing terminal such as the business partner system 400 or a person in charge, the business partner accepts an input of consent / non-consent for registration as a business partner and responds to the electronic contract system 100. (S109). In the electronic contract system 100, when receiving a response of acceptance, the supplier management unit 150 changes the temporary registration registered in the supplier TB 151 in step S103 to the main registration for the target supplier (S110). Thereafter, in the same manner as the processing from step S24 onward in FIG. 5, based on the instruction via the information processing terminal such as the service introducing company individual system 300 or a person in charge, Is issued (S111), and issuance of an electronic certificate is received.

  As described above, according to the electronic contract system 100 according to the third embodiment of the present invention, when newly registering a business partner in a service introducing company, control is performed through an approval process by a workflow, and By obtaining approval from business partners, it is possible to prevent unlimited registration of business partners and to ensure the safety of systems and services.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiments. However, the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention. Needless to say. For example, the above-described embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to the one having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. . Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.

  Moreover, in each said figure, the control line and the information line have shown what is considered necessary for description, and do not necessarily show all the control lines and information lines on mounting. Actually, it may be considered that almost all the components are connected to each other.

  The present invention can be used in an electronic contract system that supports an electronic commerce contract between companies.

DESCRIPTION OF SYMBOLS 100, 101 ... Electronic contract system, 101 '... System vendor, 110 ... Interface part, 120 ... Signature application process part, 121 ... OTP process part, 122 ... Mail processing part, 123 ... Approval status table (TB), 130 ... Electronic Signature part, 130a-c ... Company A to Company C electronic signature part, 140 ... Certificate registration processing part, 141 ... Form creation part, 150 ... Supplier management part, 151, 151a, b ... Supplier table (TB), 160 ... user management unit, 161 ... user table (TB), 170 ... document management unit, 171 ... document table (TB),
200 ... Non-certified certificate authority, 201 ... Certified certificate authority,
300 ... Service introduction company individual system, 300a-c ... A company-C company individual system, 300a ', b' ... A company, B company,
400 ... supplier system, 401-405 ... supplier 1-5 system, 401'-403 '... supplier 1-3.

Claims (8)

An electronic contract system that supports the conclusion of an electronic contract between a first transaction entity and a second transaction entity in electronic commerce,
An electronic signature unit that performs an electronic signature on a document related to an electronic contract for the first transaction entity for each of the one or more first transaction entities;
A signature application processing unit for performing an approval process when performing an electronic signature on the document for the first transaction entity;
A document recording device for holding the document for each first transaction entity;
Have
The signature application processing unit
Accepting an application for an electronic signature for the document from the first transaction entity, and providing a first one-time password for each of one or more first authorization holders in the first transaction entity included in the application Generate and send a first e-mail containing the first one-time password and information identifying the document and send it to each first authorized person, from all the first authorized persons When a reply to the first email is received, and each reply includes content that matches the first one-time password assigned to the corresponding first approval authority, An electronic contract system for performing an electronic signature on the document by the electronic signature unit corresponding to a first transaction entity. An electronic contract system that supports the conclusion of an electronic contract between a first transaction entity and a second transaction entity in electronic commerce,
An electronic signature unit that performs an electronic signature on a document related to an electronic contract for the first transaction entity for each of the one or more first transaction entities;
A signature application processing unit for performing an approval process when performing an electronic signature on the document for the first transaction entity;
A document recording device for holding the document for each first transaction entity;
Have
The signature application processing unit
Approval included in the application for each one or more first approval right holders in the first transaction entity that receives an application for an electronic signature for the document from the first transaction entity In order based on the order, a first one-time password is generated, and a first e-mail including the first one-time password and the URL information of the first approval screen is created to generate the first approval The approval result input from the first approval authority via the first approval screen, and a result indicating that the approval is approved by the first approval authority in the final order. If acquired, the electronic signature unit corresponding to the first transaction entity performs an electronic signature on the document,
When receiving the approval result from the first approval authority, in addition to the authentication information necessary for the first approval authority to log in to the electronic contract system via the first approval screen. An electronic contract system that accepts an input of the first one-time password, and permits a login for inputting an approval result to the electronic contract system by the first approval authority when they match. The electronic contract system according to claim 1,
The signature application processing unit
For the document relating to the first transaction entity, the second transaction entity included in the application by accepting an application for an electronic signature for the document from the second transaction entity that is the counterpart of the corresponding electronic contract Generating a second one-time password for each of one or more second authorized persons in the system, creating a second e-mail including information identifying the second one-time password and the document Sent to the second authorized person, received replies to the second e-mail from all the second authorized persons, and included in each of the replies to the corresponding second authorized person An electronic contract system for causing the second transaction subject to perform an electronic signature on the document when content matching the assigned second one-time password is included. The electronic contract system according to claim 2,
The signature application processing unit
For the document relating to the first transaction entity, the second transaction entity included in the application by accepting an application for an electronic signature for the document from the second transaction entity that is the counterpart of the corresponding electronic contract A second one-time password is generated for each one or more second approval right holders in the order based on the approval order included in the application, and the second one-time password and the second approval screen are generated. The second e-mail including the URL information is sent to each second approval authority, and the approval result input from the second approval authority via the second approval screen And obtaining a result of approval by the second approval right holder in the final order, the electronic transaction is performed on the document in the second transaction entity,
When accepting the approval result from the second approval authority, in addition to the authentication information necessary for the second approval authority to log in to the electronic contract system via the second approval screen. An electronic contract system that accepts an input of the second one-time password, and permits a log-in for inputting an approval result to the electronic contract system by the second approval authority when they match. In the electronic contract system according to any one of claims 1 to 4,
Furthermore, each of the first transaction entities has a supplier recording device that holds information about the second transaction entity that can conclude an electronic contract via the electronic contract system,
The electronic signature for the document and the document for the first transaction entity only when the information of the second transaction entity that is the counterpart of the corresponding electronic contract is registered in the supplier recording device, and An electronic contract system that permits retention to document storage devices. The electronic contract system according to claim 5,
When the first transaction entity records information on the second transaction entity that can conclude an electronic contract via the electronic contract system in the supplier recording device, the first transaction entity The electronic contract system permits recording only when an input of approval by the third approval right holder in FIG. 2 and a fourth approval right holder in the second transaction entity is accepted. In the electronic contract system according to any one of claims 1 to 6,
Further, an electronic certificate from the first transaction entity to the second transaction entity that allows the first transaction entity or the first transaction entity to conclude an electronic contract via the electronic contract system. The certificate issuance request is received, the certificate authority is requested to issue the electronic certificate, and the issued electronic certificate is distributed to the first transaction entity or the second transaction entity. An electronic contract system having a certificate registration processing unit. The electronic contract system according to claim 7,
The electronic contract system, wherein the certificate authority is a non-certified certificate authority.

Images