JP3638910B2 - Electronic signature apparatus, electronic signature method, electronic signature program, and recording medium on which electronic signature program is recorded - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an electronic signature apparatus, an electronic signature method, an electronic signature program, and a recording medium on which an electronic signature program is recorded for adding an electronic signature to a structured document using a computer system or the like.
[0002]
[Prior art]
In recent years, the information-oriented society has made remarkable progress, and along with that, paperlessness is progressing at a rapid pace. As a result, all documents are digitized, and even documents such as contracts that were previously signed and stamped on paper documents are being digitized, so it is called an electronic signature equivalent to the significance of conventional signature stamping. Technology is being developed. The electronic signature is verification data for proving that the signer of the document is the principal and that the document has not been tampered with.
[0003]
FIG. 8 shows a configuration of a conventional electronic signature apparatus. In the figure, reference numeral 1001 denotes a document creation means for creating a document to which a signature is to be added, 1002 is a document input unit for inputting the document from outside without creating the document by this apparatus, and 1003 is a document creation unit. A compression unit 1004 compresses a document obtained by 1001 or the document input unit 1002 using a predetermined hash function, and 1004 encrypts the compressed document with a secret key owned by the signer to generate an electronic signature. An electronic signature generation unit. Reference numeral 1005 denotes a combining unit that combines the original document obtained by the document creation unit 1001 or the document input unit 1002 and the electronic signature obtained by the electronic signature generation unit 1004 to generate one file. Reference numeral 1006 denotes an output unit that outputs the file obtained by the combining unit 1005. Reference numeral 1007 denotes a display unit that includes a display device that displays various files. Reference numeral 1008 denotes an input unit to which a document with an electronic signature is sent from a user other than the user, and 1009 denotes an electronic part of the document input to the input unit 1008. A decrypting unit that decrypts a signature part with a public key paired with the signer's private key (the part of the original document to which the electronic signature is to be assigned in the document input to the input unit 1008 Is compressed by the compression unit 1003). Reference numeral 1010 indicates whether the signature is the original by comparing the document input to the input unit 1008 and compressed by the compression unit 1003 with the decrypted file input to the input unit 1008 and obtained by the decryption unit 1009. And a verification unit that verifies whether or not tampering has occurred.
[0004]
FIG. 9 is a diagram for explaining the flow of the electronic signature file on the signer side and the certifier side. A conventional digital signature processing flow will be briefly described with reference to FIGS. 8 and 9. First, the operation of the signer will be described. The signer obtains a file A100, which is a document to which a signature is desired, by using the document input unit 1002 or the document creation unit 1001. Next, the compression unit 1003 performs a file compression process on the file A100 using a predetermined hash function to create a message digest (compressed file) 101. Next, the electronic signature generation unit 1004 encrypts the message digest (compressed file) 101 using a secret key owned by the signer, and generates a file B102. This file B is called an electronic signature. The signer combines a copy of the original file A100 and a copy of the file B (electronic signature) 102 as a document with a signature by the combining unit 1005 to form one file, and outputs the file via the output unit 1006. Sent to the certifier side.
[0005]
Next, the operation of the authenticator will be described. When the authenticator receives the copy 103 of the file A and the copy 104 of the file B (electronic signature) by the input unit 1008, the authenticator first uses the compression of the file A100 for the copy 103 of the file A. A compression process is performed by the compression unit 1003 using the same hash function, and a message digest (compressed file) 105 is generated. Next, the authenticator uses the decryption unit 1009 to decrypt the copy 104 of the file B (electronic signature) using the public key owned by the authenticator, and generates a decrypted file 106. Next, the authenticator compares the message digest (compressed file) 105 and the decrypted file 106, and if the two contents match, the file A103 is surely signed by the signer himself. It is proved that it is and has not been tampered with.
[0006]
As another method of authentication, if a signer transmits an original document and an electronic signature with electronic certificate data attached, the electronic certificate can be transmitted via a communication network such as the Internet. Connect to the certificate authority verification server that issued the certificate, verify the validity of the digital certificate data, and verify the identity of the signer and whether it has been tampered with based on the response from the certificate authority verification server You may make it do.
[0007]
[Problems to be solved by the invention]
The above is the basic concept of an electronic signature. In a PDF document (registered trademark of Adobe Systems) or a Word document (registered trademark of Microsoft), the file A is a macro or the like as shown in FIG. May be a file including invisible data 100a. This invisible data 100a is not displayed only by a normal operation, and cannot be viewed or confirmed without a specific operation. However, there is a possibility that the signer will judge the file contents only from the visible data 100b displayed on the screen in the normal operation, and will perform an electronic signature for the entire file A100.
[0008]
In the unlikely event that there is data that causes a dispute in the invisible data 100a, it is very difficult to specify whether or not the signature target range by the person's intention includes the invisible data 100a at the time of the dispute. It is estimated that the situation will be difficult.
[0009]
The electronic signature method is a law that handles signatures on electromagnetic media by the person's intention in the same way as paper media stamps and signatures. However, paper media usually cannot handle invisible data, so the range of seals and signatures is easy. Therefore, it is necessary to solve problems peculiar to electromagnetic media.
[0010]
The present invention has been made in order to solve such problems, and an electronic signature device, an electronic signature method, an electronic signature program, and a recording in which an electronic signature program is recorded, which can clearly specify the signing target range of a signer The purpose is to obtain a medium.
[0011]
[Means for Solving the Problems]
The present invention is an electronic signature apparatus for performing an electronic signature on a structured document that may contain invisible data, and extracts a visible data portion that is a signature target range of the structured document and converts it into image data Visible data converting means, display means for displaying the contents of the visible data portion, and the image data obtained by the visible data converting means is encrypted with a predetermined first secret key to obtain a first electronic signature. The first electronic signature generation means to be generated, the image data obtained by the visible data conversion means, and the first electronic signature obtained by the first electronic signature generation means are combined into one file. A first combining unit that generates the original structured document, and a second combining unit that combines the original structured document and the file obtained by the first combining unit into one file; A second electronic signature generating means for generating a second electronic signature by encrypting the file obtained by the second combining means by using a predetermined second secret key; and the second combining means. A third combining unit that combines the obtained file and the second electronic signature obtained by the second electronic signature generation unit to generate one file, and a third combining unit that obtains the file. Output means for outputting the above-mentioned file, the identity verification of the signer and the proof of the signature target range in the structured document by the first electronic signature, and invisibility by the second electronic signature. An electronic signature device that verifies whether the entire structured document including a data portion has been tampered with.
[0012]
The first electronic signature generation means compresses the image data obtained by the visible data conversion means, performs the encryption after the compression process, and the second electronic signature generation means The file obtained by the second combining means is compressed, and the encryption is performed after the compression process.
[0013]
The first secret key and the second secret key are the same.
[0014]
The first secret key and the second secret key are different.
[0015]
In addition, the information processing apparatus further includes signature execution command input means for inputting a command as to whether or not to execute a signature after the display means displays the contents of the visible data portion.
[0016]
The present invention is also an electronic signature device for performing an electronic signature on a structured document that may contain invisible data, extracting a visible data portion that is a signature target range of the structured document, and image data To generate an image file, and at the time of the generation, visible data conversion means for adding predetermined wording data indicating that only the visible data portion is within a signature target range, and contents of the visible data portion A first combining means for combining the original structured document and the image data file obtained by the visible data converting means into one file, An electronic signature generating means for generating an electronic signature by encrypting the file obtained by one combining means using a predetermined secret key; and the first combining means A second combining unit configured to combine the obtained file and the electronic signature obtained by the electronic signature generating unit to generate one file; and the file obtained by the second combining unit. Output means for outputting, and certifying the scope of the signature by the predetermined wording, and verifying the identity of the signer and whether or not the entire structured document including the invisible data portion has been altered by the electronic signature. This is an electronic signature device that performs certification.
[0017]
The electronic signature generation means compresses the file obtained by the first combining means, and performs the encryption after the compression process.
[0018]
Further, the visible data conversion means extracts the visible data portion, adds the predetermined word data to the visible data, and then converts it into image data.
[0019]
The visible data converting means extracts the visible data portion and converts it into image data to generate an image data file, and generates another image data file from the predetermined word data, These image data files are combined to generate one image data file.
[0020]
The display unit further includes a signature execution command input unit for inputting a command as to whether or not to execute the signature after the contents of the visible data portion and the predetermined wording are displayed by the display unit.
[0021]
The present invention is also an electronic signature method for performing an electronic signature on a structured document that may contain invisible data, wherein a visible data portion that is a signature target range of the structured document is extracted to obtain image data A visible data conversion step for converting the data into a visible data portion, a display step for displaying the contents of the visible data portion, and a first electronic key obtained by encrypting the image data obtained by the visible data conversion step with a predetermined first secret key. A first electronic signature generation step for generating a signature, the image data obtained by the visible data conversion step, and the first electronic signature obtained by the first electronic signature generation step are combined to form 1 A first combining step for generating two files, the original structured document, and the file obtained by the first combining step are combined into 1 And a second electronic step for generating a second electronic signature by encrypting the file obtained by the second combining step using a predetermined second secret key. A third file for generating one file by combining the file obtained by the signature generation step, the second combination step and the second electronic signature obtained by the second electronic signature generation step. A combination step; and an output step for outputting the file obtained by the third combination step. The first electronic signature verifies the identity of the signer and the proof of the signature target range in the structured document. And an electronic signature method for verifying whether the entire structured document including the invisible data portion has been tampered with by the second electronic signature.
[0022]
The present invention is an electronic signature method for applying an electronic signature to a structured document that may contain invisible data, and extracts a visible data portion that is a signature target range of the structured document and converts it into image data. The image data file is generated, and at the time of the generation, a visible data conversion step of adding predetermined wording data indicating that only the visible data portion is within a signature target range, and the contents of the visible data portion are A display step for displaying together with the predetermined wording, a first combining step for combining the original structured document and the image data file obtained by the visible data converting means into one file, and the first An electronic signature generating step of generating an electronic signature by encrypting the file obtained by the combining step using a predetermined secret key; A second combining step for generating one file by combining the file obtained in the first combining step and the electronic signature obtained in the electronic signature generating step; and the second combining step. An output step for outputting the file obtained in step (i), certifying the scope of the signature by the predetermined wording, and verifying the identity of the signer and the invisible data portion by the electronic signature. This is an electronic signature method that proves whether or not the whole has been tampered with.
[0023]
The present invention is also an electronic signature program for performing an electronic signature on a structured document that may contain invisible data, wherein a visible data portion that is a signature target range of the structured document is extracted to obtain image data A visible data conversion step for converting the data into a visible data portion, a display step for displaying the contents of the visible data portion, and a first electronic key obtained by encrypting the image data obtained by the visible data conversion step with a predetermined first secret key. A first electronic signature generation step for generating a signature, the image data obtained by the visible data conversion step, and the first electronic signature obtained by the first electronic signature generation step are combined to form 1 A first combining step that generates two files, the original structured document, and the file obtained by the first combining step A second combining step for making a single file, and a second electronic signature generated by encrypting the file obtained by the second combining step using a predetermined second secret key. The first digital signature generating step, the second file obtained by the second combining step, and the second electronic signature generated by the second combining step are combined to generate one file. 3 is an electronic signature program for causing a computer to execute a combination step 3 and an output step for outputting the file obtained in the third combination step, and the signer's identity is obtained by the first electronic signature. Confirmation and proof of the scope of signature in the structured document, and the second electronic signature allows the entire structured document including the invisible data part to be altered. Is an electronic signature program to perform the certification.
[0024]
The present invention is an electronic signature program for applying an electronic signature to a structured document that may contain invisible data, and extracts a visible data portion that is a signature target range of the structured document and converts it into image data The image data file is generated, and at the time of the generation, a visible data conversion step of adding predetermined wording data indicating that only the visible data portion is within a signature target range, and the contents of the visible data portion are A display step for displaying together with the predetermined wording, a first combining step for combining the original structured document and the image data file obtained by the visible data converting means into one file, and the first The digital signature generation step for generating an electronic signature by encrypting the file obtained by the combining step using a predetermined secret key. And a second combining step for generating one file by combining the file obtained by the first combining step and the electronic signature obtained by the electronic signature generating step, and the second An electronic signature program for causing a computer to execute an output step for outputting the file obtained by the combining step, and performing a specific proof of a signature target range by the predetermined wording, and the electronic signature An electronic signature program for verifying the identity of the signer and verifying whether the entire structured document including the invisible data portion has been tampered with.
[0025]
The present invention is also a computer-readable recording medium that records an electronic signature program for performing an electronic signature on a structured document that may contain invisible data, and the electronic signature program stores the structured document. A visible data conversion step for extracting a visible data portion to be a signature target range and converting it into image data, a display step for displaying the contents of the visible data portion, and the image data obtained by the visible data conversion step A first electronic signature generating step for generating a first electronic signature by encrypting with a predetermined first secret key; the image data obtained by the visible data converting step; and the first electronic signature generating step. A first combining step of combining the first electronic signature obtained by the above to generate one file; A second combining step that combines the structured document and the file obtained in the first combining step into a single file; and the file obtained in the second combining step is converted into a predetermined first A second electronic signature generating step for generating a second electronic signature by encrypting using the second private key, the file obtained by the second combining step, and the second electronic signature generating step. For causing the computer to execute a third combining step for combining the second electronic signature thus generated to generate one file and an output step for outputting the file obtained by the third combining step. The electronic signature program of the above-mentioned method performs identity verification of the signer and proof of the signature target range in the structured document using the first electronic signature, and the second electronic signature program. The electronic signature, a recording medium which records a digital signature program for proof of existence of tampering of the entire structured document including invisible data portion.
[0026]
The present invention is a computer-readable recording medium that records an electronic signature program for performing an electronic signature on a structured document that may contain invisible data, and the electronic signature program is a signature object of the structured document. A visible data portion that is a range is extracted, converted into image data, and an image data file is generated. At the time of generation, predetermined text data indicating that only the visible data portion is a signature target range is obtained. A visible data conversion step to be added, a display step for displaying the contents of the visible data portion together with the predetermined wording, the original structured document, and an image data file obtained by the visible data conversion means, A first combining step to form one file and the file obtained by the first combining step; Are encrypted using a predetermined private key to generate an electronic signature, the file obtained by the first combining step, the electronic signature obtained by the electronic signature generation step, An electronic signature program for causing a computer to execute a second combining step for generating one file by combining the above and an output step for outputting the file obtained by the second combining step, A computer that records a digital signature program that certifies the scope of the signature according to a predetermined wording, and that verifies the identity of the signer and whether the entire structured document including the invisible data portion has been tampered with by the electronic signature. It is a readable recording medium.
[0027]
DETAILED DESCRIPTION OF THE INVENTION
Embodiment 1 FIG.
FIG. 1 shows the configuration of an electronic signature device of the present invention. In FIG. 1, only the configuration for performing a signature is described, and the description for the configuration for performing authentication is omitted. In FIG. 1, 1 is a document creation means for creating a document (structured document) to be given an electronic signature, and 2 is a document input unit for inputting the document from outside without creating the document with this apparatus. 3 is a visible data conversion unit that cuts out the visible data portion of the document obtained by the document creation unit 1 or the document input unit 2 and converts it into image data, and 4 represents the image data obtained by the visible data conversion unit 3. A first compression unit 5 that performs compression processing using a predetermined hash function is a first electronic signature generation unit that encrypts compressed image data with a secret key owned by the signer. Reference numeral 6 denotes a first combining unit that combines the image data obtained by the visible data conversion unit 3 and the electronic signature obtained by the first electronic signature generation unit 5 to generate one file.
[0028]
Reference numeral 7 denotes a second combination unit that combines the original document obtained by the document creation unit 1 or the document input unit 2 and the file obtained by the first combination unit 6 into one file, A second compression unit 8 compresses the file obtained by the second combination unit 7 using a predetermined hash function. Here, the hash function used in the first compression unit 4 and the hash function used in the second compression unit 8 may be the same, but the present invention is not limited to this, and different ones may be used. Good. Reference numeral 9 denotes a second electronic signature generation unit that encrypts the file compressed by the second compression unit using a secret key owned by the signer. Here, the secret key used in the first electronic signature generation unit 5 and the second electronic signature generation unit 9 may be the same, or different ones may be used. When using a different one, for example, in the first electronic signature generation unit 5, the signature target range signed by the signer is clearly indicated, so a secret key having a legal effect is used. On the other hand, since the second electronic signature generation unit 9 is merely for confirming that no falsification has been performed, a relatively simple secret key for falsification check may be used. Reference numeral 10 denotes a third combining unit that combines the file obtained by the second combining unit and the electronic signature obtained by the second electronic signature generating unit 9 to generate one file. Reference numeral 11 denotes an output unit that outputs a file obtained by the third combining unit 10, and reference numeral 12 denotes a display unit that includes a display device that displays various files.
[0029]
Next, the operation will be described with reference to FIGS. FIG. 2 is a flowchart showing the processing flow of the electronic signature apparatus of the present invention, and FIG. 3 is an explanatory diagram showing the files generated in each step of FIG. When electronically signing a file A20 having a data structure having invisible data 20a, as shown in FIGS. 2 and 3, first, the signer displays the file A20 on the display unit 12, and the screen of the display unit 12 displays the file A20. By pressing a displayed electronic signature button (not shown), a command for performing an electronic signature is input (step S1). Next, the visible data part file B20b is cut out from the file A20 (step S2), converted into the image data file C21 by the visible data conversion unit 3 (step S3), and the signature range confirmation provided in the display unit 12 is confirmed. The image data file C21 is displayed in the window 12a (see FIG. 7, which will be described later), and the signature target range is confirmed (step S4). At this time, since an input button (Yes, No) for confirming whether or not the signature is acceptable is displayed in the signature range confirmation window 12a, the signer confirms the contents of the signature target range and signs the signature. Yes, if not signed, click No (step S5). In the case of No, the process is ended as it is. In the case of Yes, the first compression unit 4 uses the predetermined hash function to calculate the hash value of the image data file C21 and generate the digest 22, and then the first electronic signature generation unit 5 The signature data file D is generated by encryption with the signer's private key (step S6). Next, the first combining unit 6 combines the image data file C21 and the signature data file D to generate a signed file E24 (step S7).
[0030]
Next, the second combining unit 7 embeds the signed file E24 as a new object in the original file A20 to generate a file A′25 (step S8). After the second compression unit 8 calculates a hash value of the file A ′ 25 using a predetermined hash function and generates a digest 26, the second electronic signature generation unit 5 uses the signer's private key. The signature data file F27 is generated by encryption (step S9). Next, the third combining unit 10 combines the file A′25 and the signature data file F27 to generate a signed file G28 (step S10). The signed file G28 obtained in this way is output from the output unit 11.
[0031]
The signature range confirmation window 12a will be described. For example, the “signature” item is selected from the menu and displayed. FIG. 7 is an explanatory diagram showing an example of the signature range confirmation window 12a. As shown in FIG. 7, a button for inputting Yes and No is displayed in the upper part of the window 12a together with a message “Do you want to sign the following contents?”. In the lower part of the window 12a, visible data (file B) 20b is displayed as an image.
[0032]
As described above, in the present embodiment, since the signature target range is converted into an image data file format in which invisible data cannot be absolutely retained, an electronic signature is performed on the format, so The signer's signature target range can be clearly identified, and the signature target range can be easily identified even during disputes, thereby preventing major confusion. Also, by signing the file A'25 that holds all the data of the original file A20 having invisible data, it is possible to prevent the original file A20 containing invisible data from being falsified. In this case, it can be detected immediately at the time of authentication, and secondary use of invisible data or the like is enabled.
[0033]
In the present embodiment, it may be configured so that at the beginning of the processing of the electronic signature apparatus, it is confirmed whether the signer is signed only with a visible part or with an invisible part. At this time, the processing shown in FIG. 2 is performed only when only the visible portion is signed.
[0034]
Note that the authentication method in the digital signature device of the present invention conforms to one of the methods described in the related art, and the description thereof is omitted here.
[0035]
Embodiment 2. FIG.
In the above-described embodiment, the signature processing is required twice. Therefore, in the present embodiment, in order to simplify the user operation, a process for signing two files by one signature act will be described. FIG. 4 shows the configuration of the electronic signature apparatus of the present invention. In FIG. 4, only the configuration for performing the signature is described, and the description for the configuration for performing the authentication is omitted. In FIG. 4, 41 is a document creation means for creating a document to which an electronic signature is to be assigned, 42 is a document input unit for inputting the document from outside without creating the document by this apparatus, and 43 is a document creation unit. The visible data conversion unit 44 that cuts out the visible data part of the document obtained by the unit 1 or the document input unit 2 and adds a predetermined wording to be described later, and converts it into image data. This is a proof word storage unit that stores words to be added to the extracted visible data part (for example, “the signature target range is this visible data part”). 45 is a first combination unit 46 that combines the original document obtained by the document creation unit 1 or the document input unit 2 and the image data file obtained by the visible data conversion unit 43 into one file; Is a compression unit that compresses the file obtained by the first combining unit 45 using a predetermined hash function, and 47 is a file compressed by the compression unit 46 using a secret key owned by the signer. This is an electronic signature generation unit for encryption. Reference numeral 48 denotes a second combining unit that combines the file obtained by the first combining unit 45 and the electronic signature obtained by the electronic signature generating unit 47 to generate one file. Reference numeral 49 denotes an output unit that outputs a file obtained by the second combining unit 48, and reference numeral 50 denotes a display unit that includes a display device that displays various files.
[0036]
Next, the operation will be described with reference to FIGS. FIG. 5 is a flowchart showing the processing flow of the digital signature apparatus of this embodiment, and FIG. 6 is an explanatory diagram showing the files generated in each step of FIG. When electronically signing a file A60 having a data structure having invisible data 60a, first, as shown in FIGS. 5 and 6, the signer displays the file A60 on the display unit 50 and displays the file A60 on the screen of the display unit 50. By pressing a displayed electronic signature button (not shown), a command for performing an electronic signature is input (step S21). Next, the visible data conversion unit 43 cuts out the visible data portion file B60b from the file A60 (step S22), and proves that the signature target range stored in the proof text storage unit 44 is only the visible data portion. Is added to the image data file C21 (step S23), and the image data file C61 is displayed in the signature range confirmation window 12a (see FIG. 7) provided in the display unit 50 to sign the signature. The target range is confirmed (step S24). At this time, since an input button (Yes, No) for confirming whether or not the signature is possible is displayed on the screen of the display unit 50, the signer confirms the contents of the signature target range and signs the signature. Yes, click No if not signing (step S25). In the case of No, the process is ended as it is. In the case of Yes, the first combining unit 45 embeds the image data file C61 with the above words as a new object in the original file A60, and generates a file A′62 (step S26). Next, after calculating the hash value of the file A ′ 62 by using the predetermined hash function by the compression unit 46 and generating the digest 63, the digital signature generation unit 47 encrypts it with the private key of the signer. A signature data file D64 is generated (step S27). Next, the second combining unit 48 combines the file A′62 and the signature data file D64 to generate a signed file E65 (step S28). The signed file E65 obtained in this way is output from the output unit 49.
[0037]
As described above, in the present embodiment, the image data file C that cannot hold invisible data includes a word that proves that the signature target range is only the visible data portion, and the image data file C is converted into the original file. By applying an electronic signature to the file A ′ embedded in A, it is possible to clearly identify the signing target range of the signer. Further, by signing the file A ′ that holds all the data of the original file A having invisible data, the original file A including the invisible data can be prevented from being tampered with, and secondary data such as invisible data can be obtained. Make it available.
[0038]
In the present embodiment, it may be configured so that at the beginning of the processing of the electronic signature apparatus, it is confirmed whether the signer is signed only with a visible part or with an invisible part. At this time, the processing shown in FIG. 5 is performed only when only the visible portion is signed.
[0039]
In the second embodiment, the example in which the text is added to the image data file C as image data has been described. However, the present invention is not limited to this example, and only the text is attached to the file C as one object. You may make it do. In this case, the same effect can be obtained.
[0040]
In the second embodiment, the example in which the words are stored in the proof word storage unit 44 has been described. However, the present invention is not limited to this example, and a word input unit is provided so that the user inputs from the outside. It may be. Furthermore, the user may be able to correct, delete, add, update, and store the words in the proof word storage unit 44.
[0041]
In the first and second embodiments, an example in which a document to be digitally signed is input from the outside or created is described. However, the present invention is not limited to this. Since it is assumed that documents such as contracts are often in the same format, documents entered or created in the past are stored in a predetermined storage means, read from there, and digitally signed May be performed.
[0042]
In the first and second embodiments, the example in which the compression process is performed before the encryption has been described. However, the present invention is not limited to this, and the encryption may be performed without performing the compression process.
[0043]
【The invention's effect】
The present invention relates to an electronic signature device, method, program, and recording medium for recording an electronic signature for a structured document that may contain invisible data, and a visible range that is a signature target range of the structured document. A data portion is extracted, converted into image data, the contents of the visible data portion are displayed, the image data obtained by the conversion is encrypted with a predetermined first secret key, and a first electronic signature The image data obtained by conversion and the first electronic signature obtained by encryption are combined to generate one file, and the original structured document and the file are combined. The file obtained by combining is encrypted using a predetermined second secret key to generate a second electronic signature, and the file and the second electronic signature are combined. The Two files are generated, and the file obtained by combining is output. The first electronic signature verifies the identity of the signer and certifies the signature target range in the structured document. Since the digital signature of 2 is used to verify whether the entire structured document including the invisible data portion has been tampered with, the signature target range can be clearly identified.
[0044]
The present invention also relates to an electronic signature apparatus, method, program, and recording medium for recording an electronic signature for a structured document that may contain invisible data, and within the scope of signature of the structured document. A certain visible data part is extracted, converted into image data, and an image data file is generated. At the time of the generation, predetermined text data indicating that only the visible data part is a signature target range is added. The contents of the visible data portion are displayed together with the predetermined wording, and the original structured document and the image data file obtained by the visible data converting means are combined into one file, The obtained file is encrypted using a predetermined private key to generate an electronic signature, and the file obtained by the combination and the electronic signature are generated. The name is combined to generate one file, and the file obtained by the combination is output. Therefore, the signature target range is proved by the predetermined wording and the signature is signed by the electronic signature. Since the verification of the identity of the user and the presence / absence of falsification of the entire structured document including the invisible data portion is performed, it is possible to clearly identify the signature target range.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of an electronic signature device according to Embodiment 1 of the present invention.
FIG. 2 is a flowchart showing a processing flow of the electronic signature device according to the first embodiment of the present invention.
FIG. 3 is an explanatory diagram illustrating each file generated in each step of FIG. 2;
FIG. 4 is a block diagram showing a configuration of an electronic signature device according to a second embodiment of the present invention.
FIG. 5 is a flowchart showing a processing flow of the electronic signature device according to the second embodiment of the present invention.
6 is an explanatory diagram illustrating each file generated in each step of FIG. 5. FIG.
FIG. 7 is an explanatory diagram showing an example of a signature range confirmation window displayed on the display unit of the electronic signature device according to the first embodiment of the present invention.
FIG. 8 is a block diagram showing a configuration of a conventional electronic signature device.
FIG. 9 is an explanatory diagram showing a flow of processing of a conventional electronic signature device.
FIG. 10 is an explanatory diagram showing an example in which a digital signature is applied to a document including invisible data in a conventional digital signature device.
[Explanation of symbols]
1, 41, 1001 Document creation unit, 2, 42, 1002 Document input unit, 3, 43 Visible data conversion unit, 4 First compression unit, 5 First electronic signature generation unit, 6, 45 First combination unit , 7, 48 Second coupling unit, 8 Second compression unit, 9 Second electronic signature generation unit, 10 Third coupling unit, 11, 49, 1006 Output unit, 12, 50, 1007 Display unit, 44 Proof word storage unit, 46,1003 compression unit, 47,1004 electronic signature generation unit, 1005 combination unit, 1008 input unit, 1009 decryption unit, 1010 verification unit.

Claims (16)

An electronic signature device for performing an electronic signature on a structured document that may contain invisible data,
Visible data conversion means for extracting a visible data part that is a signature target range of the structured document and converting it into image data;
Display means for displaying the contents of the visible data portion;
First electronic signature generation means for generating a first electronic signature by encrypting the image data obtained by the visible data conversion means with a predetermined first secret key;
A first combining unit that combines the image data obtained by the visible data conversion unit and the first electronic signature obtained by the first electronic signature generation unit to generate one file;
A second combining unit that combines the original structured document and the file obtained by the first combining unit into one file;
Second electronic signature generation means for generating a second electronic signature by encrypting the file obtained by the second combining means using a predetermined second secret key;
Third combining means for combining the file obtained by the second combining means and the second electronic signature obtained by the second electronic signature generating means to generate one file;
Output means for outputting the file obtained by the third combining means,
The first electronic signature verifies the identity of the signer and the signature target range in the structured document, and the second electronic signature indicates whether the entire structured document including the invisible data portion has been tampered with. An electronic signature device characterized by performing proof. The first electronic signature generation means performs a compression process of the image data obtained by the visible data conversion means, performs the encryption after the compression process,
The said 2nd electronic signature production | generation means performs the compression process of the said file obtained by the said 2nd coupling | bonding means, The said encryption is performed after the said compression process, The said encryption is performed. Electronic signature device. 3. The electronic signature device according to claim 1, wherein the first secret key and the second secret key are the same. 3. The electronic signature device according to claim 1, wherein the first secret key and the second secret key are different. 5. A signature execution command input unit for inputting a command for determining whether or not to execute a signature after displaying the contents of the visible data portion by the display unit. An electronic signature device according to any one of the above. An electronic signature device for performing an electronic signature on a structured document that may contain invisible data,
The visible data part that is the signature target range of the structured document is extracted, converted into image data, and an image data file is generated. At the time of generation, only the visible data part is the signature target range. Visible data conversion means for adding predetermined wording data indicating
Display means for displaying the contents of the visible data part together with the predetermined word;
First combining means for combining the original structured document and the image data file generated by the visible data converting means into one file;
An electronic signature generating means for generating an electronic signature by encrypting the file obtained by the first combining means using a predetermined secret key;
Second combining means for combining the file obtained by the first combining means and the electronic signature obtained by the electronic signature generating means to generate one file;
Output means for outputting the file obtained by the second combining means,
An electronic system characterized by verifying a signature target range by the predetermined wording and verifying whether or not the entire structured document including the invisible data portion has been tampered with by the electronic signature. Signature device. 7. The electronic signature apparatus according to claim 6, wherein the electronic signature generation unit performs a compression process on the file obtained by the first combining unit, and performs the encryption after the compression process. . The visible data conversion means is
8. The digital signature apparatus according to claim 6, wherein the visible data portion is extracted, the predetermined word data is added to the visible data, and then converted into image data. The visible data conversion means is
The visible data portion is extracted and converted into image data to generate an image data file, and another image data file is generated from the predetermined word data, and these image data files are combined to generate 1 8. The electronic signature apparatus according to claim 6, wherein two image data files are generated. The signature execution command input means for inputting a command as to whether or not to execute a signature after the contents of the visible data portion and the predetermined wording are displayed by the display means. The electronic signature device according to any one of 6 to 9. An electronic signature method for electronically signing a structured document that may contain invisible data, comprising:
A visible data conversion step of extracting a visible data part that is a signature target range of the structured document and converting it into image data;
A display step for displaying the contents of the visible data portion;
A first electronic signature generation step of generating a first electronic signature by encrypting the image data obtained by the visible data conversion step with a predetermined first secret key;
A first combining step of combining the image data obtained by the visible data conversion step and the first electronic signature obtained by the first electronic signature generation step to generate one file;
A second combining step that combines the original structured document and the file obtained in the first combining step into one file;
A second electronic signature generating step of generating a second electronic signature by encrypting the file obtained by the second combining step using a predetermined second secret key;
A third combining step of generating one file by combining the file obtained by the second combining step and the second electronic signature obtained by the second electronic signature generating step;
An output step for outputting the file obtained by the third combining step,
The first electronic signature verifies the identity of the signer and the signature target range in the structured document, and the second electronic signature indicates whether the entire structured document including the invisible data portion has been tampered with. An electronic signature method characterized by performing proof. An electronic signature method for electronically signing a structured document that may contain invisible data, comprising:
The visible data part that is the signature target range of the structured document is extracted, converted into image data, and an image data file is generated. At the time of generation, only the visible data part is the signature target range. A visible data conversion step of adding predetermined wording data indicating
A display step for displaying the contents of the visible data part together with the predetermined word;
A first combining step of combining the original structured document and the image data file obtained by the visible data conversion unit into one file;
An electronic signature generating step of generating an electronic signature by encrypting the file obtained by the first combining step using a predetermined secret key;
A second combining step for generating one file by combining the file obtained by the first combining step and the electronic signature obtained by the electronic signature generating step;
An output step for outputting the file obtained by the second combining step;
An electronic system characterized by verifying a signature target range by the predetermined wording and verifying whether or not the entire structured document including the invisible data portion has been tampered with by the electronic signature. Signature method. An electronic signature program for applying an electronic signature to a structured document that may contain invisible data,
A visible data conversion step of extracting a visible data part that is a signature target range of the structured document and converting it into image data;
A display step for displaying the contents of the visible data portion;
A first electronic signature generation step of generating a first electronic signature by encrypting the image data obtained by the visible data conversion step with a predetermined first secret key;
A first combining step of combining the image data obtained by the visible data conversion step and the first electronic signature obtained by the first electronic signature generation step to generate one file;
A second combining step that combines the original structured document and the file obtained in the first combining step into one file;
A second electronic signature generating step of generating a second electronic signature by encrypting the file obtained by the second combining step using a predetermined second secret key;
A third combining step of generating one file by combining the file obtained by the second combining step and the second electronic signature obtained by the second electronic signature generating step;
An electronic signature program for causing a computer to execute an output step of outputting the file obtained in the third combining step,
The first electronic signature verifies the identity of the signer and the signature target range in the structured document, and the second electronic signature indicates whether the entire structured document including the invisible data portion has been tampered with. An electronic signature program characterized by performing certification of An electronic signature program for applying an electronic signature to a structured document that may contain invisible data,
The visible data part that is the signature target range of the structured document is extracted, converted into image data, and an image data file is generated. At the time of generation, only the visible data part is the signature target range. A visible data conversion step of adding predetermined wording data indicating
A display step for displaying the contents of the visible data part together with the predetermined word;
A first combining step of combining the original structured document and the image data file obtained by the visible data conversion unit into one file;
An electronic signature generating step of generating an electronic signature by encrypting the file obtained by the first combining step using a predetermined secret key;
A second combining step for generating one file by combining the file obtained by the first combining step and the electronic signature obtained by the electronic signature generating step;
An electronic signature program for causing a computer to execute an output step of outputting the file obtained by the second combining step,
An electronic system characterized by verifying a signature target range by the predetermined wording and verifying whether or not the entire structured document including the invisible data portion has been tampered with by the electronic signature. Signature program. A computer-readable recording medium that records an electronic signature program for electronically signing a structured document that may contain invisible data,
The above electronic signature program is
A visible data conversion step of extracting a visible data part that is a signature target range of the structured document and converting it into image data;
A display step for displaying the contents of the visible data portion;
A first electronic signature generation step of generating a first electronic signature by encrypting the image data obtained by the visible data conversion step with a predetermined first secret key;
A first combining step of combining the image data obtained by the visible data conversion step and the first electronic signature obtained by the first electronic signature generation step to generate one file;
A second combining step that combines the original structured document and the file obtained in the first combining step into one file;
A second electronic signature generating step of generating a second electronic signature by encrypting the file obtained by the second combining step using a predetermined second secret key;
A third combining step of combining the file obtained by the second combining step and the second electronic signature obtained by the second electronic signature generating step to generate one file;
An electronic signature program for causing a computer to execute an output step of outputting the file obtained in the third combining step,
The first electronic signature verifies the identity of the signer and the signature target range in the structured document, and the second electronic signature indicates whether the entire structured document including the invisible data portion has been tampered with. A recording medium on which an electronic signature program is recorded. A computer-readable recording medium that records an electronic signature program for electronically signing a structured document that may contain invisible data,
The above electronic signature program is
The visible data part that is the signature target range of the structured document is extracted, converted into image data, and an image data file is generated. At the time of generation, only the visible data part is the signature target range. A visible data conversion step of adding predetermined wording data indicating
A display step for displaying the contents of the visible data part together with the predetermined word;
A first combining step of combining the original structured document and the image data file obtained by the visible data conversion unit into one file;
An electronic signature generating step of generating an electronic signature by encrypting the file obtained by the first combining step using a predetermined secret key;
A second combining step for generating one file by combining the file obtained by the first combining step and the electronic signature obtained by the electronic signature generating step;
An electronic signature program for causing a computer to execute an output step of outputting the file obtained by the second combining step,
An electronic system characterized by verifying a signature target range by the predetermined wording and verifying whether or not the entire structured document including the invisible data portion has been tampered with by the electronic signature. A storage medium that records a signature program.

Images