JP4764655B2 - Electronic information disclosure certification system - Google Patents

Description

  The present invention relates to an electronic information disclosure certification system that certifies that electronic information has been published on the Internet.

  With the spread of the Internet, official gazettes and corporate financial reports that have been published on paper are now being made electronically. The contents disclosed on the Internet have been left to the discretion of the caller, but in recent years a mechanism has been proposed that can be proved by a third party.

  In Patent Document 1, which is one of the proposals, an electronic publication published on the network is collected and recorded via the network, and the electronic publication is later disclosed. It is to be able to prove that.

Patent Document 2 and Patent Document 3 refer to the fact that the change history of electronic publications can be tracked and managed in addition to Patent Document 1 and the search can be facilitated.
Japanese Patent No. 3420472 JP 2001-154988 A JP 2001-154989 A

  However, in the method described in Patent Document 1, since the applicant who requests the certification only specifies the URL to be certified, the electronic publication published on the designated URL varies with time. In such a case, there is a problem that different data is obtained every time the data is collected.

  In addition, although it is mentioned that a plurality of hierarchies related to a hyperlink are collected at once, there is no need to prove if one of the hyperlinks is linked to the top page, for example. There is a problem that even such extra items are included in the proof object.

  The techniques described in Patent Document 2 and Patent Document 3 refer to the ability to track and manage the change history of electronic publications in addition to Patent Document 1 and to facilitate the search. There is the same problem as that of Patent Document 1 in the sense of the method.

  The present invention has been made in view of such problems, and an object thereof is to provide an electronic information public certification system that performs public certification only on necessary electronic information.

  In order to solve the above-mentioned problems, the present invention provides an electronic information disclosure certification system that certifies to a web server that publishes electronic information that the web server publishes the electronic information on a network. Access means for accessing information by a predetermined method, and based on the identification information indicating that the electronic information acquired by accessing includes certification target data that is certification target electronic information, only the certification target data is obtained. Proof object cutout means cut out from the electronic information, time proof means for obtaining time proof for the proof object data, access result recording means for recording an access result including the proof object data and the time proof, and the access Certificate generating means for generating a certificate for certifying that the data to be certified has been made public based on the result; Characterized in that it has.

  In order to solve the above problem, the present invention is characterized in that the electronic information is a web page described in HTML, and the identification information indicates a range of the certification target data in the web page. To do.

  In order to solve the above problem, the present invention is characterized in that when the identification information is present in an HTML header portion of the web page, the range is the entire web page.

  In order to solve the above problem, the present invention is characterized in that the identification information indicates whether or not the certification target data includes electronic information of a link destination existing within the range.

  In order to solve the above problem, the present invention is characterized in that the identification information is a tag.

  In order to solve the above problem, the present invention is characterized in that the identification information is a comment.

  In order to solve the above problem, the present invention is characterized in that the certificate includes a time certificate of the certificate itself.

  In order to solve the above problem, the present invention is characterized in that the certificate is given an electronic signature of an electronic information disclosure certification system.

  ADVANTAGE OF THE INVENTION According to this invention, the electronic information public certification system which performs public certification only with respect to required electronic information can be provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  First, the mechanism of a general electronic information disclosure certification system that proves that electronic information has been disclosed on the Internet will be described with reference to FIG. FIG. 1 shows a requester 10, a public certification server 11, an access result DB 12, an access agent 13, a time certification server 14, and a web server 15.

  The client 10 is a person who wants to prove that the web server 15 has released electronic information on the Internet. The public certification server 11 is a server that certifies that the public certification server has made it public by exchanging with the client and the access agent. The access result DB 12 is a database in which the access result of the access agent 13 accessing the web server accessing the web server is recorded. The time certification server 14 is a server that certifies the time to be given to the downloaded data accessed. The web server 15 is a server that publishes electronic information. There are one or more access agents.

  In this configuration, the requester 10 requests the public certification server 11 by designating the URL of the electronic information to be certified (hereinafter referred to as the certification target URL) and the period (certification period) desired to be certified.

  Based on the request, the public certification server 11 communicates the certification target URL and certification period to each access agent. Each access agent accesses the certification target URL designated at random timing during the designated certification period, and continues to send the access result to the public certification server 11. The public certification server 11 records the sent access result in the access result DB 12, creates a certificate based on the recorded access result DB 12, and sends it to the requester 10.

  Here, the processing of each access agent will be described. Each access agent accesses the designated certification target URL at random timing during the designated certification period. A hash value is calculated based on the accessed and downloaded data (certification target URL data), and the hash value is passed to the time certification server to obtain the time certification. Then, the access result combining the certification target URL data and the time certification is sent to the public certification server. Each access agent performs this process every time it accesses.

  The above is the mechanism of a general electronic information disclosure certification system. This mechanism makes it possible to prove that the electronic information in the certification target URL has been made public.

  However, in the above configuration, it is not possible to prove only a part of the electronic information in the certification target URL. This is a problem when dynamically generated information such as an access counter is included in the electronic information of the certification target URL.

  When different electronic information is downloaded each time an access agent accesses, it is interpreted that different information is released, even though the same content is actually released. Become. In this case, only the main part excluding the access counter part is to be proved, but the above configuration is not a mechanism for enabling it.

  In order to solve this problem, the present embodiment adds the following mechanism to the above configuration. The client marks in advance in the public electronic information which part of the electronic information published in the certification target URL is to be certified.

  When the access agent accesses the certification target URL and downloads the certification target URL data, the content of the downloaded data is analyzed (Parse), and the marked certification target part is cut out. Then, a hash value is calculated for the certification target part, a time certification is obtained, and the result is sent to the public certification server.

  The public certification server records the received access result, generates a certificate based on the access result, and sends it to the client. Hereinafter, specific examples of how to mark the electronic information will be described, and the proof target range extraction process will be specifically described.

  FIG. 2 shows an original web page (hereinafter referred to as an original web page) before a range is designated by identification information (hereinafter also referred to as a mark). The side requesting the public certification incorporates in advance a mark for designating the scope of certification target data (hereinafter referred to as certification target) on the certification target web page posted on its own website. This mark is a tag or a comment. This mark is incorporated into the original web page as shown in FIG.

  FIG. 3 is a diagram showing an example in which a mark is incorporated in an original web page, and tags 501 and 502 are inserted in the original page. The tag <CERT_TARGET LINK = “TRUE”> of the tag 501 is the starting point of the range to be certified. The corresponding end tag is </ CERT_TARGET> of the tag 502, and this tag 502 is an example of the end point of the range of data to be certified.

  LINK = “TRUE” specified as a tag attribute means that the link destination is included in the certification target.

  In other words, LINK = “TRUE” is not limited to the range enclosed by <CERT_TARGET> as a certification target, but “20040831.pdf” linked by the sentence 503 included in the enclosed range is also a certification target. It shows that it becomes. If the link destination is not included in the certification target, write LINK = ”FALSE”.

  FIG. 3 described so far has only one proof object. Next, the incorporation of marks in the case of a plurality of certification targets will be described with reference to FIG. FIG. 4 is a diagram showing a web page when there are two certification targets. In FIG. 4, a set of tags 510 and 511 is shown. The sentence sandwiched between these tag pairs is the subject of certification. In this way, a plurality of certification targets can be included in one HTML.

  Next, the incorporation of a mark when the entire original web page is to be proved will be described with reference to FIG. FIG. 5 is a diagram showing a web page when the certification target is the entire original web page. When the entire web page is to be proved, as shown in FIG. 5, a tag 515 indicating that the page is to be proved is inserted in the header portion of HTML.

  Next, an example of inserting a comment will be described with reference to FIG. FIG. 6 is a diagram showing a web page when a comment is inserted.

  The reason for using a comment in this way is that if a special tag is inserted, the tag may be displayed in an unintended manner depending on the HTML browser. As an example of specifying a range so as not to affect the display, an example in which a range is specified using a comment is a web page shown in FIG.

  In FIG. 6, the place where the comment 520 is inserted is the starting point of the certification target, and the place where the comment 521 is inserted is the end point of the certification target.

  As explained above, the public certification system can specify the certification target by specifying the web page published by the public certification requester on its web server with a tag or comment. Public proofs can be made only for those parts.

  Next, the internal configuration of the access agent 13 will be described. Note that the same processing is basically performed when a tag is inserted and when a comment is inserted, and therefore, a processing method for a case where a tag indicating a certification target is inserted will be described below.

  FIG. 7 is a diagram showing an internal configuration of the access agent 13 in the present embodiment. The access agent 13 includes a time certification unit 20, an access agent main control unit 21, a certification target cutout unit 22, and an access unit 23.

  The access agent main control unit 21 performs overall control of the access agent 13. The time certification unit 20 communicates with the time certification server 14 and performs processing related to time certification. The certification target cutout unit 22 cuts out the part of the certification target that has been published on the web server 15. The access unit 23 accesses the web server 15.

  Among these, the processing of the access agent main control unit 21 will be described with reference to the flowchart of FIG.

  The access agent main control unit 21 receives the certification target URL and certification period from the public certification server 11 (step S101). Next, an access timing schedule for randomly accessing during the certification period is created (step S102). Next, it is determined whether it is during the certification period (step S103). If it is not during the certification period, the process ends. If it is during the certification period, the process proceeds to step S104.

  The access unit 23 is instructed to access the certification target URL according to the schedule (step S104). Next, proof object data is acquired from the acquired proof object URL data by the proof object clipping unit 22 (step S105).

  The time certification unit 20 obtains the time certification for the certification target data (step S106). The certification target data and the time certification are combined to obtain an access result (step S107). The access result is sent to the public certification server (step S108).

  Next, the processing of the access unit 23 will be described using the flowchart of FIG. First, a certification target URL is received from the access agent main control unit 21 (step S201). Next, the certification target URL is accessed (HTTP GET) (step S202). The web page data of the certification target URL is downloaded (step S203).

  Next, the processing of the certification target clipping unit 22 will be described with reference to the flowchart of FIG. The certification target URL data is received from the access agent main control unit 21 or the access unit 23 (step S301). Next, it is determined whether the certification target URL data is HTML (step S302). If it is not HTML, the entire certification target URL data is added to the certification target data as cut-out data (step S319), and the process ends.

  When the certification target URL data is HTML, the processing from step S303 to step S318 is repeated until the reading position reaches the end of the certification target URL data. The reading position means a position that is read while being shifted in order to search for a character string because the processing of the certification target cutout unit 22 performs a process of searching for a character string of a tag or a comment.

  The certification target URL data is parsed to search for a CERT_TARGET start tag (step S303). Next, it is determined whether or not a CERT_TARGET start tag is found (step S304). If the start tag is not found, the process of step S303 is performed again.

  When the start tag is found, it is determined whether or not the CERT_TARGET start tag is present in the HTML header portion (step S305). If it exists in the header part, it is added to the certification target data as data obtained by cutting out the entire certification target URL data (step S306).

  If the start tag does not exist in the header part in step S305, this time, a CERT_TARGET end tag is searched (step S307). Next, it is determined whether a CERT_TARGET end tag is found (step S308). When the end tag is found, the section from the CERT_TARGET start tag to the CERT_TARGET end tag is cut out (step S309). Then, the extracted data is added to the certification target data (step S310).

  If it is determined in step S308 that the end tag is not found, the section from the CERT_TARGET start tag to the end of the certification target URL data is cut out (step S311). Then, the cut out data is added to the certification target data (step S312).

  Next, the link attribute specified in the CERT_TARGET start tag is acquired (step S313). Then, it is determined whether TRUE is specified as the link attribute (step S314). If TRUE is not specified as the link attribute, the process of step S303 is performed again.

  If TRUE is specified as the link attribute, the link destinations in the cut out data are listed (step S315). The processing from the next step S316 to step S318 is repeated for the number of link destinations listed.

  First, the URL data of the certification target is acquired by the access unit with the link destination as the certification target (step S316). Next, the processing of the certification target cutout unit is executed on the acquired certification target URL data (step S317). Then, the data obtained by execution is added to the certification target data (step S318).

  The loop process from step S316 to step S318 ends, and the process ends when the loop process from step S303 to step S318 ends.

  Next, the processing of the time certification unit 20 will be described with reference to FIG. The certification target data is received from the access agent main control unit 21 (step S401). A hash value is calculated for the certification target data (step S402). The hash value is sent to the time certification server (step S403). A time certificate is acquired from the time certificate server (step S404).

  The hash value may be calculated using a hash algorithm such as SHA-1 (Secure Hash Algorithm 1) or MD5 (Message Digest 5). Further, the exchange with the time certification server 14 is preferably performed according to RFC3161 Time-Stamp Protocol. Furthermore, it is preferable to use a time certification format that is specified as a time stamp token in RFC3161 or ISO18014-1. Since the time stamp token generation method is described in RFC3161 and ISO18014-1, the mechanism of the time certification server is not specifically described here.

  Next, the public certification server 11 will be described. FIG. 12 is a diagram showing an internal configuration of the public certification server 11. As shown in FIG. 12, the public certification server 11 includes a certificate generation unit 30, a public certification server main control unit 31, and an access result recording unit 32. The public certification server main control unit 31 directly communicates with the client and performs processing such as sending a certificate to the client. The certificate generation unit 30 generates a certificate. The access result recording unit 32 records the access result in the access result DB 12.

  Among these, the process of the public certification server main control part 31 is demonstrated using the flowchart of FIG. First, a certification request is received from the requester (step S501). Next, the certification target URL and certification period are acquired from the contents of the certification request (step S502). The certification target URL and certification period are sent to a plurality of access agents (step S503). It is determined whether the certification period is over (step S504).

  If the certification period has not expired, an access result is received from the access agent (step S505). Then, the received access result is recorded in the access result recording unit 11.

  If the certification period has expired, the certificate generation unit 30 generates a certificate based on the access result recorded in the access result recording unit 11 (step S507). Then, the generated certificate is sent to the requester (step S508).

  This certificate may be sent, for example, by taking out an e-mail address from a certification request from a client and sending the e-mail to that address.

  Next, processing of the access result recording unit 32 will be described with reference to the flowchart of FIG. The access result including the certification target data and the time certification is received (step S601). A hash value A of the certification target data included in the received access result is calculated (step S602). It is determined whether a record for the same certification target URL has already been recorded in the access result DB 12 (step S603).

  If no record is recorded, the certification target URL, certification target data, hash value A, and time certification are recorded as a record of the access result DB 12 (step S608). When it is determined in step S603 that a record is recorded, the hash value A is compared with the hash value B of the record recorded for the same URL last time (step S604).

  It is determined whether the hash value A and the hash value B are equal (step S605). If they are equal, the certification target URL, the hash value A, and the time certification are recorded as records in the access result DB 12 (step S606). If they are different, the certification target URL, certification target data, hash value A, and time certification are recorded as records in the access result DB 12 (step S607).

  Next, the record structure of the access result DB 12 will be described with reference to FIG. As shown in FIG. 15, the record structure of the access result DB 12 has a structure including a certification target URL, certification target data, a hash value, and a time certification. In the access result DB 12, all the certification target URL data downloaded by the access unit 23 may be recorded, or the certification target data itself is held by the requester and is not recorded at all. It doesn't matter if you do.

  Next, the processing of the certificate generation unit 30 will be described with reference to the flowchart of FIG. 16 and FIG. FIG. 17 is a diagram showing how a certificate is generated, and corresponds to the steps of FIG.

  First, of the access result for the certification target URL, only the hash value and the time certification part are received (step S701). Next, a list of hash values and time certificates is created (step S702). FIG. 17 shows a list including a hash value and a time certificate.

  A hash value X is calculated for the data 40 combining the certification target URL, the certification period, and the list (step S703). FIG. 17 shows how the hash value X is generated from the list, the certification period, and the whole certification target URL.

  The hash value X is encrypted with the internal secret key of the public certification server to form an electronic signature (step S704). An electronic signature is attached to the data 40, and a hash value Y is further calculated for the data 41 (step S705). The hash value Y is sent to the time certification server, and the time certification Y is acquired (step S706). The time proof Y is given to the data 41 to make the certificate 42 (step S707). This certificate 42 is returned (step S708).

  To calculate an electronic signature, SHA-1 or MD5 is used as a hash algorithm, and RSA, DSA, or elliptical encryption is used as a public key encryption algorithm.

  As described above, according to the present embodiment, since it can be determined whether or not to be a certification target based on the presence or absence of identification information, it is not necessary to prove an unnecessary web page as a certification target. As a result, for example, the requester can designate and request his / her entire website as a certification target, and can embed identification information only in a web page that really requires public certification to be the certification target.

  In addition, the identification information can be embedded in HTML, which is a description language of general web pages, by the same description as that of ordinary HTML, so that affinity with HTML can be improved.

  Furthermore, when viewed with a web browser, the web page in which the identification information is embedded can be made to look the same as a web page not embedded.

  Also, even if the web page to be certified contains counters or character strings that are dynamically generated by scripts on the web server side, etc., it is unnecessary to remove that part from the certification target of public certification. Not only does it not prove the part publicly, but it can also prevent the web page as a whole from being interpreted differently as if it were electronically released each time.

  In addition, it becomes possible for the requester to select for each certification target whether or not the link destination included in the certification target is included in the certification target, and only an appropriate link destination can be included as the certification target.

  Further, by including a time certificate in the certificate, it becomes possible to prove when the electronic publication was made public.

  In addition, by giving an electronic signature of the public certification system itself, it is possible to guarantee that the certificate is indeed created by the public certification system.

  Then, it is possible to guarantee when the certificate was created by giving a time guarantee after giving the electronic signature of the public certification system.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the specific embodiment which concerns, In the range of the summary of this invention described in the claim, various deformation | transformation * It can be changed.

It is a figure which shows an electronic information public certification system. It is a figure which shows an original web page. It is a figure which shows the example which incorporated the mark in the original web page. It is a figure which shows a web page in case there exist two certification | authentication objects. It is a figure which shows a web page in case the certification | authentication object is the whole original web page. It is a figure which shows the web page at the time of inserting a comment. It is a figure which shows the internal structure of an access agent. It is a flowchart which shows the process of an access agent main control part. It is a flowchart which shows the process of an access part. It is a flowchart which shows the process of a certification | authentication object extraction part. It is a flowchart which shows the process of a time certification | authentication part. It is a figure which shows the internal structure of a public certification server. It is a flowchart which shows the process of a public certification server main control part. It is a flowchart which shows the process of an access result recording part. It is a figure which shows the record structure of access result DB. It is a flowchart which shows the process of a certificate production | generation part. It is a figure which shows a mode that a certificate is produced | generated.

Explanation of symbols

10 Client 11 Public certification server 12 Access result DB
DESCRIPTION OF SYMBOLS 13 Access agent 14 Time certification | authentication server 15 Web server 20 Time certification | authentication part 21 Access agent main control part 22 Proof object extraction part 23 Access part 30 Certificate generation part 31 Public certification server main control part 32 Access result recording part 40, 41 Data 42 Certificate 501, 502, 515 Tag 503 Sentence 510, 511 Tag set 520, 521 Comment

Claims (6)

To a web server for publishing the electronic information, an electronic information publishing certificate system to prove that the web server exposes the electronic information to the network,
Access means for accessing the electronic information in a predetermined manner;
Based on the acquired electronic information, the identification information indicating that contain certification target data which is electronic information certification target by accessing the certification target clipping means for extracting only the certification target data from the electronic information,
Time certification means for obtaining time certification for the certification target data;
Access result recording means for recording an access result including the certification object data and the time certification;
Based on the access result, they possess a certificate generation means for generating a certificate to prove that the certification target data has been published,
The identification information includes a flag indicating whether or not the certification target data includes electronic information of a link destination existing within the range of the certification target data,
When the identification information includes the flag, the access means accesses the electronic information of the link destination existing within the range of the certification target data,
The certification target cutout means cuts out only the certification target data from the electronic information of the link destination based on the identification information of the electronic information of the link destination acquired by accessing,
An electronic information disclosure certification system characterized by The electronic information is a web page described in HTML,
The electronic information disclosure certification system according to claim 1, wherein the identification information indicates a range of the certification target data in the web page.   3. The electronic information disclosure certification system according to claim 2, wherein when the identification information is present in an HTML header portion of the web page, the range is the entire web page. During the certification period for proving that the web server has released the electronic information to the network, the access means randomly accesses the electronic information in a predetermined manner.
The electronic information disclosure certification system according to any one of claims 1 to 3. When the access result recording means records an access result including the certification target data and the time certification,
Calculate a hash value from the data to be proved,
When the access result for the same electronic information is not already recorded, the URL of the electronic information, the certification target data, the time certification, and the calculated hash value are recorded,
When the access result for the same electronic information is already recorded, if the previously recorded hash value is equal to the calculated hash value, the URL of the electronic information, the time certification, and the calculated hash value are recorded. When the previously recorded hash value and the calculated hash value are different, recording the URL of the electronic information, the certification target data, the time certification, and the calculated hash value;
The electronic information disclosure certification system according to any one of claims 1 to 4. The certificate is
Among the access results of the URL of the same electronic information recorded by the access result recording means, all the hash value and time proof are obtained, and the hash value X is obtained for the data including the URL of the electronic information and the certification period. Calculate
The calculated hash value X encrypted with the secret key of the electronic information public certification system is used as an electronic signature, and the hash value Y is calculated for the electronic signature and the data,
The certificate hash time Y is given the time certificate of the certificate itself,
The electronic information disclosure certification system according to claim 5 .

Images