JP4970178B2 - Face-to-face business system, face-to-face control server device, and program - Google Patents

Description

  The present invention relates to a face-to-face business system that stores trail information that is evidence that face-to-face work has been performed.

  Conventionally, in the courier service, the bank window service, the insurance visit service, the audit service, etc., the business is performed face-to-face by the provider and the user.

  In face-to-face work, it is required from the viewpoint of compliance, such as internal control response and social responsibility (CSR), to carry out the work in an appropriate procedure and leave the evidence.

  As a method of leaving evidence that the work has been performed, there is a method of recording the work contents on a medium such as paper one by one. However, the method of recording business contents one by one is not accurate and costly. Another possible method is to record the state of face-to-face work with a video camera or the like and save the moving image information. However, with this method, it is not possible to confirm whether or not the business is being performed in an appropriate procedure.

  On the other hand, from the user's standpoint, even if illegal door-to-door sales are made, it is difficult to prove the damage unless the evidence of face-to-face work is kept.

In view of these points, in the face-to-face work, for example, it is considered to use a business procedure content check technique disclosed in Patent Document 1.
Japanese Patent Laid-Open No. 2005-250809

  However, in the technique according to Patent Document 1, only a person who is registered in advance on the side providing the business is allowed to operate. Therefore, even if a record of the executed work is left, it is difficult to provide a proof that the provider and the user have performed the face-to-face work. In addition, it cannot be left as evidence whether the face-to-face work has been executed according to the prescribed procedure.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a face-to-face business system capable of storing trail information as evidence that face-to-face work has been performed.

  The present invention takes the following means in order to solve the above problems.

  The invention corresponding to claim 1 is a face-to-face business system comprising a face-to-face control server device, a provider device, and a user device, wherein the face-to-face control server device stores a server secret key; Means for storing history information including user history information and provider history information, and a first signature with a server signature added to the history information by the server secret key in association with the workflow ID and the provider ID When trail information storage means for storing trail information and a trail information transmission request from the provider device or the user device are received together with a workflow ID, the trail information with the first signature corresponding to the workflow ID is received as the trail information. Means for reading from the storage means and transmitting to the request source of the transmission request; and from the provider device, a signature encrypted with a user secret key and a provider secret key. When the third signature-added trail information including information is received together with the provider ID, the signature verification means for verifying the signature information with the provider public key and the user public key, and the validity of each signature by the signature verification means Is verified, means for generating a fourth signed trail information by adding a server signature by the server secret key to the third signed trail information, and the fourth signed trail information as the trail information storage means Means for storing the user information, means for storing the user secret key, user history information storage means for storing user history information, and transmission of the trail information to the face-to-face control server device. Means for transmitting the request together with the workflow ID, and when the trail information with the first signature is received in response to the transmission request for the trail information, the server signature added to the trail information with the first signature When the validity of the server signature is verified by means of verifying the authenticity by the server public key, the user history information included in the trail information with the first signature and the user history information storage means are stored. When the comparison result matches the means for comparing the user history information and the comparison result, the server signature added to the trail information with the first signature is encrypted with the user private key to generate the second signature information And means for transmitting the second signature information to the provider apparatus by proximity communication, wherein the provider apparatus stores means for storing a provider secret key and provider for storing provider history information. The history information storage means, the means for transmitting the trail information transmission request to the face-to-face control server device together with the workflow ID, and the first signature-added trail information in response to the trail information transmission request is received. In the case, the first verification means for verifying the validity of the server signature added to the trail information with the first signature by using a server public key, and the trail information with the second signature is received from the user device by proximity communication. In this case, the second verification means for verifying the validity of the user signature added to the trail information with the second signature using the user public key, and the validity of each signature by the first verification means and the second verification means Is verified, the means for comparing the provider history information included in the trail information with the first signature and the provider history information stored in the provider history information storage means match the result of the comparison. In this case, the second signature information is encrypted with the provider private key to generate third signature information, and the third signature is attached from the third signature information and the history information included in the trail information with the first signature. Generate trail information And a means for transmitting the third signed trail information together with a provider ID to the face-to-face control server.

  The invention corresponding to claim 2 is a face-to-face business system comprising a face-to-face control server device, a provider device, and a user device, wherein the face-to-face control server device stores a server secret key; Means for storing history information including user history information and provider history information, and a first signature with a server signature added to the history information by the server secret key in association with the workflow ID and the provider ID When trail information storage means for storing trail information and a trail information transmission request from the user apparatus are received together with a workflow ID, the trail information with the first signature corresponding to the workflow ID is read from the trail information storage means. Means for transmitting to the user device, and a third signed certificate including signature information encrypted by the user private key and the provider private key from the provider device. When the information is received together with the provider ID, the signature verification means for verifying the signature information with the provider public key and the user public key, and when the validity of each signature is verified by the signature verification means, Means for generating a fourth signed trail information by adding a server signature by the server private key to the three signed trail information, and writing the fourth signed trail information in the trail information storage means, The user apparatus transmits a request for transmitting the trail information together with the workflow ID to the means for storing the user secret key, the user history information storage means for storing the user history information, and the face-to-face control server apparatus. And when the first signed trail information is received in response to the trail information transmission request, the validity of the server signature added to the first signed trail information is determined by the server public key. When the validity of the server signature is verified with the means for verifying, the user history information included in the trail information with the first signature is compared with the user history information stored in the user history information storage means Means for generating second signed trail information by adding a user signature based on the user private key to the first signed trail information when the comparison result matches, and the second signature Means for transmitting attached trail information to the provider device by proximity communication, the provider device storing means for storing a provider secret key, provider history information storage means for storing provider history information, When the trail information with the second signature is received from the user device by proximity communication, the validity of the user signature and the server signature added to the trail information with the second signature is determined as the user public key and the server public key. And by When the validity of each of the verification means and the user signature and the server signature is verified, the history information is stored in the provider history information and the provider history information storage means included in the trail information with the second signature. Means for comparing the provider history information to the second signature information, and if the result of the comparison is the same, the provider signature by the provider private key is added to the second signature-added trail information to add the third signature A face-to-face business system comprising means for generating trail information and means for sending the third-signed trail information together with a provider ID to the face-to-face control server.

  The invention corresponding to claim 3 is a face-to-face business system corresponding to claim 1 or claim 2, wherein the face-to-face control server device stores session information including a provider ID and a user ID. A workflow unit for recording storage means, provider history information indicating the processing content of the provider device, and user history information indicating the processing content of the user device so as to be writable in a predetermined work process order. A workflow information storage unit that stores the workflow ID in association with the workflow ID, and when the provider ID and the workflow ID are received together with the workflow start request from the provider device, the workflow unit corresponding to the workflow ID is the workflow information. A user ID corresponding to the provider ID is read from the storage means and the session ID is A workflow setting unit configured to set a provider device and a user device to be recorded in the workflow unit based on the provider ID and the user ID read from the information storage unit; and the workflow setting unit. When the provider device and the user device are set in the workflow unit, means for transmitting work instruction information to the provider device and the user device in the order of the work steps of the workflow unit, and according to the work instruction information When the provider history information or the user history information is received from the provider device or the user device, writing means for writing the history information to the workflow unit, and the workflow in which the history information is written By adding a server signature with the server private key to the unit, the trail information with the first signature is added. A trail information generating means for generating, when the user device receives the work instruction information from the face-to-face control server device, a means for transmitting user history information for the work instruction information, When the provider device receives the work ID information from the meeting control server device and means for transmitting the provider ID and the workflow ID to the meeting control server device together with a workflow start request, the work instruction information A face-to-face business system provided with means for transmitting provider history information for.

  The invention corresponding to claim 4 is the face-to-face business system corresponding to claim 3, wherein the trail information generating means of the face-to-face control server device is configured to perform all of the work steps defined in the workflow unit by the writing means. In the face-to-face business system, when the history information is written, the server signature by the server secret key is added to the workflow unit to generate the trail information with the first signature.

  The invention corresponding to claim 5 is the face-to-face business system corresponding to claim 3 or claim 4, wherein the writing means of the face-to-face control server device performs the work process of the user device and the provider device. In the face-to-face business system, the status information shown and the date and time when the processing of the work process is completed are written in the workflow unit.

  In the invention corresponding to claim 6, the user device that generates the second signed trail information by adding the user signature to the first signed trail information, and the second signed trail information from the user device are close to each other. A face-to-face control server device that communicates with both the device that receives the communication and adds the provider signature to the second-signed trail information to generate the third-signed trail information. Means for storing a secret key; means for storing history information including user history information and provider history information; and a server signature for the history information using the server secret key in association with a workflow ID and a provider ID. When the trail information storage means for storing the trail information with the first signature added with the signature information and the transmission request of the trail information from the provider device or the user device are received together with the workflow ID, the workflow Means for reading out the first signed trail information corresponding to D from the trail information storage means and sending it to the request source of the transmission request; and a user signature and a provider signature added from the provider device. 3 When the trail information with the signature is received together with the provider ID, the signature verification means for verifying the provider signature and the user signature with the provider public key and the user public key, and the signature verification means Means for generating a fourth signed trail information by adding a server signature based on the server secret key to the third signed trail information when the validity is verified; and converting the fourth signed trail information into the trail information. A face-to-face control server device comprising means for writing to a storage means.

  The invention corresponding to claim 7 is a user device that generates a second signed trail information by adding a user signature to the first signed trail information, and the second signed trail information from the user device A computer that is a face-to-face control server device that communicates with both the device that receives the communication and adds the provider signature to the second signed trail information to generate the third signed trail information; A function for storing a server secret key, a function for storing history information including user history information and provider history information, and a server in the history information by the server secret key in association with a workflow ID and a provider ID. When the trail information storage function for storing the first signature-added trail information with the signature and the trail information transmission request from the provider device or the user device are received together with the workflow ID A function of reading the trail information with the first signature corresponding to the workflow ID from the trail information storage means and transmitting it to the request source of the transmission request, and a user signature and a provider signature are added from the provider device. When the trail information with the third signature is received together with the provider ID, the signature verification function for verifying the provider signature and the user signature with the provider public key and the user public key, and the signature verification function A function for generating a fourth signed trail information by adding a server signature by the server private key to the third signed trail information when the validity of the signature is verified; and This is a program for realizing the function of writing in the trail information storage means.

  In the present invention, a collection of devices is expressed as a “system”. However, the present invention is not limited to this, and each device may be expressed as a “device” or a “program”. It may be expressed as “method”. That is, the present invention can be expressed in any category.

<Terminology>
The meaning of terms in the present invention will be described below.

  “Business” refers to professional work that is carried out on a daily basis.

  “Work” means an individual action in a certain business.

  “Workflow” defines the contents of work and the order of work in a certain business.

<Action>
Therefore, the present invention has the following effects by taking the above-described means.

  In the invention corresponding to claim 1, the face-to-face control server apparatus is encrypted by means for transmitting the trail information with the first signature to the request source of the transmission request, and the user private key and the provider private key from the provider apparatus. When the third signature-added trail information including the signature information is received, the signature verification means for verifying the signature information, and when the validity of each signature is verified, the server signature is added to the third signature-added trail information. And a means for generating the trail information with the fourth signature and a trail information storage means for storing the trail information with the fourth signature, and the user device authenticates the server signature added to the trail information with the first signature. , Means for encrypting the server signature added to the trail information with the first signature with the user private key, and generating the second signature information, and transmitting the second signature information to the provider device by proximity communication And providing means When the apparatus receives first signature means for verifying the validity of the server signature added to the trail information with the first signature and second signature information from the user apparatus by proximity communication, the validity of the second signature information is Second verification means for verifying the authenticity, encryption of the second signature information with the provider private key to generate third signature information, and the third signature information and the history information included in the trail information with the first signature Means for generating the third-signed trail information and means for transmitting the third-signed trail information to the face-to-face control server device, and a so-called ring signature is added to the trail information, so face-to-face work is performed. It is possible to save the trail information that proves that.

  According to the second aspect of the present invention, the face-to-face control server device transmits the first signature-added trail information to the user device that is the request source of the transmission request, and from the provider device to the user secret key and the provider secret key. When the third signature-added trail information including the signature information encrypted by the above is received, the signature verification means for verifying the signature information, and when the validity of each signature is verified, the third signature-added trail information A means for generating trail information with the fourth signature by adding a server signature and a trail information storage means for storing the trail information with the fourth signature, and the user device is added to the trail information with the first signature Means for verifying the validity of the server signature, means for adding the user signature to the trail information with the first signature to generate the trail information with the second signature, and the provider device with the trail information with the second signature by proximity communication Means for transmitting to Means for verifying the validity of the user signature added to the second signed trail information and the server signature when the user device receives the second signed trail information from the user device by proximity communication; Means for generating third signed trail information by adding a provider signature with a provider private key to the two-signed trail information, and means for transmitting the third signed trail information to the face-to-face control server device. In addition, since a so-called ring signature is added to the trail information, the trail information that proves that the face-to-face operation has been performed can be stored.

  In the invention corresponding to claim 3, in addition to the actions corresponding to claims 1 and 2, the face-to-face control server device stores session information including a provider ID and a user ID, and a provider Workflow information storage means for storing in association with a workflow ID a workflow unit for recording history information and user history information so as to be writable in a predetermined work process order, and work instruction information in the work process order of the workflow unit. And a trail information generating means for generating trail information with a first signature by adding a server signature to the workflow unit in which the history information is written, to the provider device and the user device, When the user device receives the work instruction information from the face-to-face control server device, the user history information for the work instruction information is And when the provider apparatus receives the work instruction information from the face-to-face control server apparatus, the provider apparatus includes means for transmitting provider history information for the work instruction information. The face-to-face operation can be executed according to the procedure specified by the user, and processing history information associated with the execution can be saved.

  In the invention corresponding to claim 4, in addition to the operation corresponding to claim 3, the trail information generating means of the face-to-face control server device is configured such that the history information is written in all the work steps defined in the workflow unit. Since the signature is added to the workflow unit to generate the first signed trail information, the first signed trail information can be automatically generated when all work steps of the workflow are completed.

  In the invention corresponding to claim 5, in addition to the actions corresponding to claims 3 and 4, the writing means of the face-to-face control server device includes status information indicating the work process of the user device and the provider device, and Since the date and time when the process is completed is written in the workflow unit, it is possible to save a record indicating how and when the workflow is processed without being falsified.

  In the inventions corresponding to claims 6 and 7, when a transmission request for trail information is received from both the provider device and the user device that exchange information by proximity communication, the request source of the trail information with the first signature is received. And signature verification means for verifying the provider signature and the user signature when the third signature-added trail information to which the user signature and the provider signature are added is received from the provider device. And a means for generating a fourth signed trail information by adding a server signature to the third signed trail information when it is verified by the signature verification means, and a so-called ring signature is included in the trail information. Since it is added and saved, it is possible to leave evidence that the face-to-face work has been performed.

  According to the present invention, it is possible to store trail information that is evidence that a face-to-face operation has been performed.

Embodiments of the present invention will be described below with reference to the drawings.
(First embodiment)
First, a first embodiment of the present invention will be described.
A person involved in the face-to-face business system according to the first embodiment of the present invention will be described. The main participants of the face-to-face business system are service providers and service users.

  A service provider is a person who provides or executes services or services to service users. For example, a business operator that operates an insurance business or a delivery business is a service business operator. A person who supports a service provided by a service provider, for example, an employee who has a duty to face a user in particular, is hereinafter referred to as a provider. The provider may be, for example, an insurance sales representative or a delivery service delivery person.

  A service user is a person who provides services or services by a service provider or provider. This person is hereinafter referred to as a user. The user may be a general consumer or a third party.

  FIG. 1 is a block diagram showing a configuration example of a face-to-face business system according to the first embodiment of the present invention.

  This face-to-face business system includes a face-to-face control server device 1, a provider device 2, a user device 3, a user identification medium 4, and CA5. The face-to-face control server device 1, the provider device 2, and the user device 3 are devices such as a computer.

The face-to-face control server device 1 is a server device operated by a service provider.
The provider device 2 is a communication terminal device for the provider to access the face-to-face control server device 1, and is a notebook PC, PDA, mobile phone, or the like distributed to the provider by the service provider.
The user device 3 is a communication terminal device that is always carried at hand for the convenience of the user, regardless of the service provided by the service provider, and the processing necessary for the face-to-face business system on the user device 3 A mobile phone or PDA in which a program for performing is installed.

  The provider device 2 and the user device 3 can communicate with the face-to-face control server device 1 via communication networks 10a and 10b such as the Internet. Further, the provider device 2 and the user device 3 have a function of performing short-range wireless communication via the short-range communication path 20.

The provider identification medium 4 is a card-like identification card of the provider. The provider identification medium 4 is distributed from the service provider to the provider, and is always carried by the provider during face-to-face operations. For example, a two-dimensional code such as a QR code is attached to the provider identification medium 4. The user device 3 performs short-range communication with the provider identification medium 4 via the short-range communication path 30 by reading the two-dimensional code of the provider identification medium 4. The provider identification medium 4 may be attached with a medium different from the two-dimensional code, for example, an RFID, and the user device 3 may perform near field communication by reading the RFID.
The CA 5 is an information system operated by a certificate authority that is not related to the service provider, and manages user certificates.

Hereinafter, the configurations of the face-to-face control server device 1, the provider device 2, and the user device 3 will be described.
FIG. 2 is a block diagram showing a configuration example of the face-to-face control server device of the face-to-face business system according to the first embodiment of the present invention.

  As shown in FIG. 2, the face-to-face control server device 1 includes a communication unit 101, a program storage unit 102, a provider authentication control unit 110, a provider authentication unit 111, a provider information storage unit 112, a certification unit 120, and a certificate storage. Unit 121, key storage unit 122, signature unit 123, user authentication control unit 130, provider information providing unit 140, user authentication unit 150, encryption communication management unit 170, time management unit 175, nonce management unit 180, nonce generation Unit 181, session management unit 190, session information storage unit 192, history management unit 195, and history storage unit 196.

  The communication unit 101 of the face-to-face control server device 1 is an interface device that performs transmission / reception processing with the provider device 2, the user device 3, and the CA5. The program storage unit 102 is a storage medium such as a hard disk drive or a non-volatile memory, for example, and stores a program for realizing processing of each unit in the facing control server device 1.

  The provider authentication control unit 110 controls authentication processing between the provider device 2 and the face-to-face control server device 1. The certification unit 120 proves the validity of the face-to-face control server device 1 to the provider.

  The provider information storage unit 112 is a storage medium such as a hard disk drive or a non-volatile memory, and stores attribute information including identification information of the provider. FIG. 3 is a diagram showing an example of storage contents of the provider information storage unit of the face-to-face control server device of the face-to-face business system according to the first embodiment of the present invention. As shown in FIG. 3, the provider identification information is information associated with an employee number, password, affiliation, name, telephone number, and facial photo.

The provider authentication unit 111 verifies the validity of the identification / authentication information received from the provider by checking the stored content of the provider information storage unit 112.
The certification unit 120 performs certification from the certificate storage unit 121 to prove the validity of the facing control server device 1 to the provider device 2 or the user device 3 connected to the facing control server device 1. Obtain and send the certificate information. The signature unit 123 generates a response to the given challenge.

The session information storage unit 192 is a storage medium such as a hard disk drive or a nonvolatile memory, and stores session information. FIG. 4 is a diagram showing an example of storage contents of the session information storage unit of the face-to-face control server device of the face-to-face business system according to the first embodiment of the present invention.
The certificate storage unit 121 is a storage medium such as a hard disk drive or a nonvolatile memory, and stores certificate information issued to the face-to-face control server device 1.

FIG. 5 is a diagram showing an example of a certificate stored in the certificate storage unit of the meeting control server device of the meeting business system according to the first embodiment of the present invention.
The key storage unit 122 is a storage medium such as a hard disk drive or a nonvolatile memory, and stores the secret key of the face-to-face control server device 1. That is, this secret key is a secret key that is paired with a public key described in a certificate issued to the face-to-face control server device 1. The secret key is a key having specifications such as RSA 1024 bits.

  The signature unit 123 generates a response to the given challenge. The challenge is a random number that cannot be predicted before it is generated, and the response is information obtained by encrypting the challenge with a secret key.

  The user authentication control unit 130 controls authentication processing between the user device 3 and the face-to-face control server device 1. The certification unit 120 proves the validity of the face-to-face control server device 1 to the user device 3.

The provider information providing unit 140 acquires provider information to be provided to the user device 3 from the provider information storage unit 112.
The user authentication unit 150 verifies the validity of the user certificate. The user authentication unit 150 stores an issuer certificate of a certificate having the format shown in FIG. 5 in an internal memory in advance, and verifies a signature portion in the certificate by the issuer using the certificate.
In addition, the user authentication unit 150 generates a challenge and verifies a response generated for the challenge.

  The nonce management unit 180 causes the nonce generation unit 181 to generate a nonce, acquires the time from the time management unit 175, and stores it in the session information storage unit 192. A nonce is a random number that cannot be predicted before it is generated.

  The nonce management unit 180 determines whether the nonce received from the user device 3 is valid. The expiration date of the nonce is a predetermined constant value, for example, “10 seconds from the issue time”. At this time, for example, since the issue time of the nonce “538382379232” shown in the first line of the session information table shown in FIG. 4 is “20061019 10:23:34”, it is valid until “20061019 10:23:44”.

  The time management unit 175 maintains and manages the current time. The encryption communication management unit 170 manages encryption communication. The encrypted communication management unit 170 also has a function of sharing an encryption key with the provider device 2 and the user device 3, stores the shared key in the session information storage unit 192, and performs encrypted communication using the shared key.

  The session management unit 190 manages a communication session with the provider device 2 and the user device 3. Specifically, the session management unit 190 issues a session ID and stores it in the session information storage unit 192 in association with the connection destination ID of the provider device 2 or the user device 3. The session ID is information for identifying a partner with which the face-to-face control system is communicating at the same time. In the present embodiment, communication with the provider device 2 and the user device 3 is identified by one session ID.

  The history management unit 195 manages the processing history of the face-to-face control server device 1 itself. The history management unit 195 may also manage processing histories reported from the provider device 2 and the user device 3. At that time, the history management unit 195 stores the processing history in the history storage unit 196 in association with the session ID and the provider device 2 or the user device 3 that is the reporter or the face-to-face control server device 1.

The history storage unit 196 is a storage medium such as a hard disk drive or a nonvolatile memory, and stores history information.
The history management unit 195 extracts and presents information satisfying the specified condition from the history stored in the history storage unit 196.

FIG. 6 is a block diagram illustrating a configuration example of the provider device of the face-to-face business system according to the first embodiment of the present invention.
As shown in FIG. 6, the provider device 2 includes a communication unit 201, an authentication control unit 202, an authentication unit 203, a provider certification unit 204, a program storage unit 207, an encryption communication unit 210, a key storage unit 211, and a user invitation. Unit 220, display unit 221, history recording unit 240, and time management unit 250.

The communication unit 201 of the provider device 2 is an interface device that performs transmission / reception processing between the face-to-face control server device 1 and the user device 3.
The authentication control unit 202 controls authentication between the face-to-face control server device 1 and the provider device 2.
The connection destination authentication unit 203 verifies the certificate from the face-to-face control server device 1. Specifically, the connection destination authenticating unit 203 stores a certificate issuer's certificate in the internal memory in advance, and verifies the signature part in the certificate by the issuer based on the certificate. Also, a challenge is generated, transmitted to the facing control server device 1, a response is received from the facing control server device 1, and the response is verified with the certificate of the facing control server device 1.

  The provider certification unit 204 includes an operation unit for the provider to input identification authentication information. The provider certification unit 204 acquires the identification and authentication information of the provider according to the input by the provider, and transmits it to the face-to-face control server device 1.

  The program storage unit 207 is a storage medium such as a hard disk drive or a non-volatile memory, for example, and stores a program for realizing processing of each unit in the provider device 2.

  The user invitation unit 220 provides the user apparatus 3 with user invitation information serving as a means for connecting to the face-to-face control server apparatus 1. The display unit 221 displays user invitation information from the face-to-face control server device 1 as a two-dimensional image. Instead of displaying a two-dimensional image, user invitation information may be transmitted by infrared rays, or user invitation information may be transmitted by Bluetooth (registered trademark).

The user invitation unit 220 causes the history recording unit 240 to record that the process of displaying the two-dimensional image has been performed. The history recording unit 240 records the processing history of the provider device 2. The time management unit 250 maintains and manages the current time.
The encryption communication unit 210 controls encryption communication with the face-to-face control server device 1. The encryption communication unit 210 shares a key with the face-to-face control server device 1 and performs encryption communication using this key.

FIG. 7 is a block diagram illustrating a configuration example of the user device of the face-to-face business system according to the first embodiment of the present invention.
As shown in FIG. 7, the user apparatus 3 includes a communication unit 301, an invitation receiving unit 302, a display unit 303, a program storage unit 304, a connection destination authentication unit 310, a certificate storage unit 320, a signature unit 330, and a key storage unit. 331, an authentication control unit 350, a user certification unit 351, an encryption communication unit 360, a key storage unit 361, a provider identification information verification unit 370, a history recording unit 380, and a time management unit 382.

The communication unit 301 of the user device 3 is an interface device that performs transmission / reception processing between the face-to-face control server device 1 and the provider device 2.
The invitation receiving unit 302 extracts user invitation information from the two-dimensional image displayed by the provider device 2, extracts a nonce from the user invitation information, and transmits it to the face-to-face control server device 1. . The invitation receiving unit 302 includes a photographing device and an operation unit for reading a two-dimensional image. The program storage unit 304 is a storage medium such as a hard disk drive or a non-volatile memory, for example, and stores a program for realizing processing of each unit in the user device 3.

  The authentication control unit 350 performs an authentication process between the user device 3 and the face-to-face control server device 1. The connection destination authentication unit 310 verifies the validity of the certificate from the face-to-face control server device 1. Specifically, the connection destination authenticating unit 310 stores a certificate issuer's certificate in the internal memory in advance, and verifies the signature unit in the certificate by the issuer based on the certificate. The connection destination authentication unit 310 generates a challenge, transmits it to the meeting control server apparatus 1, receives a response from the meeting control server apparatus 1, and proves the meeting control server apparatus 1 that has received the received response from the meeting control server apparatus 1. Verify by certificate.

The certificate storage unit 320 is a storage medium such as a hard disk drive or a non-volatile memory, and stores a certificate issued to the user.
The user certification unit 351 transmits the user certificate stored in the certificate storage unit 320 to the face-to-face control server apparatus 1, and in response to the challenge sent from the face-to-face control server apparatus 1, the signing section 330. A response is generated and sent to the face-to-face control server apparatus 1 to prove the validity of the user to the face-to-face control server apparatus 1.

  The key storage unit 331 is a storage medium such as a hard disk drive or a non-volatile memory, and stores a secret key that is paired with a public key described in a certificate issued to the user. In addition, the signature unit 330 generates a response to the given challenge.

The provider identification information verification unit 370 verifies the consistency between the provider identification information acquired from the face-to-face control server device 1 and the provider identification information acquired from the provider identification medium 4.
The encryption communication unit 360 controls encryption communication with the face-to-face control server device 1. Moreover, the encryption communication part 360 shares a key with the facing control server apparatus 1, and performs encryption communication with this key.
The history recording unit 380 records the processing history of the user device 3. The time management unit 382 maintains and manages the current time.

FIG. 8 is a diagram showing an example of the external appearance of the provider identification medium of the face-to-face business system according to the first embodiment of the present invention.
As shown in FIG. 8, the provider identification medium 4 has a two-dimensional code 4a. FIG. 9 is a diagram showing an example of the content of the two-dimensional code of the provider identification medium of the face-to-face business system according to the first embodiment of the present invention. The signature is a signature of the service provider, and is generated using a secret key stored in the key storage unit 122 of the meeting control server device 1. The subject of the signature is the affiliation, name, and employee number. Note that the private key stored in the key storage unit 122 may not be used if the signature is a signature that is clearly proved by the service provider.

  Hereinafter, processing of the face-to-face business system having such a configuration will be described. FIG. 10 is a flowchart showing an example of authentication processing between the face-to-face business server device and the provider device of the face-to-face business system according to the first embodiment of the present invention.

  First, as advance preparation, the service provider generates a public key and a private key of the face-to-face control server device 1 in advance, and has the CA 5 issue a certificate to the public key. This certificate is stored in the certificate storage unit 121 of the meeting control server device 1. The secret key is stored in the key storage unit 122. At this time, the portion of the target person in the certificate of the format shown in FIG. 5 becomes the identifier of the service provider.

  The service provider registers the identification information of the provider in the provider information storage unit 112 of the face-to-face control server device 1 in advance. In the example illustrated in FIG. 3, provider information for two persons is registered in the provider information storage unit 112.

  After information based on the information registered in the provider information storage unit 112 is stored in the provider identification medium 4, the provider identification medium 4 is distributed to the provider. The provider device 2 is also distributed to the provider.

  The user generates a public key and a private key of the user in advance, and asks the CA 5 to issue a certificate for the public key. This certificate is stored in the certificate storage unit 320 of the user device 3. The secret key is stored in the key storage unit 331.

Next, a process in which the provider authenticates the face-to-face control server device 1 will be described.
First, the authentication control unit 202 of the provider device 2 transmits a connection destination authentication request signal including the connection destination ID of the provider device 2 to the facing control server device 1 via the communication unit 201 (step S1).

  When the communication unit 101 of the face-to-face control server device 1 receives the authentication request signal from the provider device 2, the session management unit 190 starts managing a session with the provider device 2. Specifically, the session management unit 190 issues a session ID and stores it in the session information storage unit 192 in association with the connection destination ID of the provider device 2 (step S2). Hereinafter, it is assumed that a session ID is attached to information transmitted / received between devices.

  Next, the certification unit 120 of the facing control server device 1 reads the certificate from the certificate storage unit 121. The provider authentication control unit 110 transmits this certificate to the provider device 2 via the communication unit 101 (step S3).

  When the communication unit 201 of the provider device 2 receives the certificate from the face-to-face control server device 1, the authentication control unit 202 instructs the connection destination authentication unit 203 to verify the certificate. The connection destination authentication unit 203 verifies the validity of the certificate from the face-to-face control server device 1 (step S4).

  The connection destination authentication unit 203 generates a challenge if the certificate is valid. The authentication control unit 202 transmits the generated challenge to the facing control server device 1 via the communication unit 201 (step S5).

  When the communication unit 101 of the face-to-face control server device 1 receives a challenge from the provider device 2 (step S6), the provider authentication control unit 110 generates a response to the challenge in the signature unit 123 via the certification unit 120. Instruct.

  The signature unit 123 generates a response to the challenge from the provider device 2 based on the secret key stored in the key storage unit 122. The certification unit 120 outputs the generated response to the provider authentication control unit 110, and the provider authentication control unit 110 transmits the response to the provider device 2 via the communication unit 101 (step S7).

When the communication unit 201 of the provider device 2 receives the response from the face-to-face control server device 1, the authentication control unit 202 instructs the connection destination authentication unit 203 to verify the response. The connection destination authentication unit 203 verifies the response from the face-to-face control server apparatus 1 using the certificate of the face-to-face control server apparatus 1 acquired earlier (step S8).
This completes the authentication of the face-to-face control server device 1 by the provider.

Next, the authentication of the provider by the facing control server device 1 will be described.
First, when the connection destination authenticating unit 203 verifies the validity of the response, it notifies the authentication control unit 202 of this. Upon receiving the notification from the connection destination authentication unit 203, the authentication control unit 202 causes the display unit 221 to display an input screen for provider identification and authentication information.

FIG. 11 is a diagram showing an example of an input screen for identification / authentication information in the provider device of the face-to-face business system according to the first embodiment of the present invention.
According to this screen, when the provider inputs the ID and password, which are identification and authentication information, in the areas f1 and f2 on the screen, respectively, using the provider certification unit 204, the provider certification unit 204 displays the inputted information. Output to the authentication control unit 202. The authentication control unit 202 transmits this identification and authentication information to the facing control server device 1 via the communication unit 201 (step S9). In this example, the identification authentication information is communicated through a communication path that is not encrypted. However, an encryption communication path may be established prior to identification and authentication.

  When the communication unit 101 of the face-to-face control server device 1 receives the identification authentication information from the provider device 2 (step S10), the provider authentication control unit 110 instructs the provider authentication unit 111 to verify the identification authentication information. . The provider authentication unit 111 verifies the validity of the identification authentication information by confirming whether the identification authentication information from the provider device 2 and the identification authentication information stored in the provider information storage unit 112 are the same. Verification is performed (step S11).

When the identification authentication information is valid, the provider authentication unit 111 outputs the employee number associated with the identification authentication information stored in the provider information storage unit 112 to the provider authentication control unit 110. The provider authentication control unit 110 instructs the session management unit 190 to reflect the employee number in the session information.
The session management unit 190 associates the employee number that received the instruction with the current session ID on the session information database stored in the session information storage unit 192.

  Next, key distribution between the facing control server device 1 and the provider device 2 will be described. Here, a Diffie-Hellman key distribution method is shown, but the present invention is not limited to this method.

First, the encryption communication management unit 170 of the meeting control server device 1 generates a prime number p. Next, the cryptographic communication management unit 170 selects one primitive element g in the remainder group Zp * formed by the entire reversible element of the remainder ring Zp with the prime p of the integer ring Z.
The encryption communication management unit 170 generates a random number x and calculates the following equation (1).

a = g ^ x mod p-1 Formula (1)
The encryption communication management unit 170 transmits the calculated random number a, the prime number p, and the primitive element g to the provider device 2 via the communication unit 101 (step S12). The prime number p and the primitive element g may be made public so that anyone can obtain them.

  When the communication unit 201 of the provider device 2 receives the random number, the prime number p, and the primitive element g from the face-to-face control server device 1 (step S13), the cryptographic communication unit 210 generates a random number y, and the following equation (2 ).

b = g ^ y mod p-1 Formula (2)
The cryptographic communication unit 210 transmits b, which is the calculated random number, to the facing control server device 1 via the communication unit 201 (step S14).
When the communication unit 101 of the face-to-face control server device 1 receives a random number from the provider device 2 (step S15), the encryption communication management unit 170 performs the calculation of the following equation (3).

ka = b ^ x mod p (3)
The encryption communication management unit 170 uses the calculated ka as an encryption key and outputs it to the session management unit 190 (step S18). The session management unit 190 associates this encryption key with the current session ID on the session information database stored in the session information storage unit 192 as the provider encryption communication key.

In addition, the encryption communication unit 210 of the provider device 2 performs the calculation of the following formula (4).
kb = a ^ y mod p (4)
The encryption communication unit 210 stores the calculated kb as an encryption key in the key storage unit 211 (step S16).
These generated ka and kb are always equal. Let it be k.

The encryption communication management unit 170 of the face-to-face control server apparatus 1 starts encryption communication using k as a key (step S19).
Further, the encryption communication unit 210 of the provider device 2 starts encryption communication using k as a key (step S17).

  Next, user invitation processing will be described. FIG. 12 is a flowchart showing an example of communication processing of user invitation information by the face-to-face business system according to the first embodiment of the present invention.

First, the user invitation part 220 of the provider apparatus 2 transmits a user invitation information request signal to the facing control server apparatus 1 via the communication part 201 (step S31).
When the communication unit 101 of the face-to-face control server device 1 receives a request signal from the provider device 2 (step S32), the session management unit 190 notifies the nonce management unit 180 of this. The nonce management unit 180 instructs the nonce generation unit 181 to generate a nonce.

  Then, a nonce generation unit 181 nonce is generated and output to the nonce management unit 180 (step S33). The nonce management unit 180 outputs this nonce to the session management unit 190. When the nonce is input, the session management unit 190 outputs the current time managed by the time management unit 175 together with the nonce as the nonce issuance time.

  When session manager 190 receives the nonce and issue time from nonce manager 180, session manager 190 associates the nonce and issue time information with the currently communicating session ID in the session information database stored in session information storage 192. .

  The session management unit 190 transmits user invitation information including connection destination information and nonce to the provider device 2 via the communication unit 101 (step S34). The connection destination information is connection destination information unique to the face-to-face control server device 1.

  When the communication unit 201 of the provider device 2 receives the user invitation information from the face-to-face control server device 1 (step S35), the user invitation unit 220 confirms the reception and then obtains the two-dimensional code of this information. Generated and displayed on the display unit 221.

FIG. 13 is a diagram showing an example of a display screen of user invitation information in the provider device of the face-to-face business system according to the first embodiment of the present invention.
The invitation receiving unit 302 of the user device 3 acquires the user invitation information by reading the two-dimensional code displayed on the display unit 221 of the provider device 2 while directing the imaging device to be displayed on the display unit 303. (Steps S36, 37). FIG. 14 is a diagram showing an example of a user invitation information display screen in the user device of the face-to-face business system according to the first embodiment of the present invention. The user operates the operation unit of the invitation receiving unit 302 while referring to the display screen, and selects the icon labeled “read” on the screen to read the two-dimensional code. The two-dimensional coding of the user invitation information may be performed by the provider device 2 as described above, or the face-to-face control server device 1 two-dimensionally codes the user invitation information and transmits it to the provider device 2. May be.

  When the invitation receiving unit 302 of the user device 3 acquires the user invitation information, the nonce and the connection destination ID of the user device 3 are given to the face-to-face control server device 1 which is a device corresponding to the connection destination information included in this information. The verification request signal including it is transmitted via the communication unit 301 (step S38).

  When the communication unit 101 of the face-to-face control server device 1 receives a signal from the user device 3 (step S39), the session management unit 190 is included in the database stored in the session information storage unit 192 and the received signal. The nonce is collated, and it is verified whether or not the received nonce exists in the database. When the received nonce exists in the database, the nonce management unit 180 is instructed to determine whether the nonce is valid.

  Then, the nonce management unit 180 acquires the current time managed by the time management unit 175, compares the current time with the issued nonce issued time, and if the current time has not passed 10 seconds from the issuance time. It is determined that the nonce is within the expiration date (step S40). In this way, by setting the nonce validity period to about 10 seconds, a difficult process is realized without facing each other.

  Further, the session management unit 190 associates the connection destination ID of the user device 3 with the current session ID on the session information database stored in the session information storage unit 192.

  Next, the flow of authentication of the face-to-face control server device 1 by the user will be described. FIG. 15 is a flowchart showing an example of authentication processing between the face-to-face business server device and the user device of the face-to-face business system according to the first embodiment of the present invention.

  First, the certification unit 120 of the meeting control server device 1 reads the certificate from the certificate storage unit 121. The user authentication control unit 130 transmits this certificate to the user device 3 via the communication unit 101 (step S51).

  When the communication unit 301 of the user device 3 receives the certificate from the face-to-face control server device 1, the authentication control unit 350 instructs the connection destination authentication unit 310 to verify the certificate. The connection destination authenticating unit 310 verifies the validity of the certificate from the face-to-face control server device 1 (step S52).

  The connection destination authentication unit 310 generates a challenge if the certificate is valid. The connection destination authenticating unit 310 outputs the generated challenge to the authentication control unit 350. The authentication control unit 350 transmits this challenge to the facing control server device 1 via the communication unit 301 (step S53).

  When the communication unit 101 of the face-to-face control server device 1 receives a challenge from the user device 3 (step S54), the user authentication control unit 130 generates a response to the challenge in the signature unit 123 via the certification unit 120. Instruct.

  The signature unit 123 generates a response to the challenge from the user device 3 based on the secret key stored in the key storage unit 122. The certification unit 120 outputs the generated response to the user authentication control unit 130, and the user authentication control unit 130 transmits this response to the user device 3 via the communication unit 101 (step S55).

When the communication unit 301 of the user device 3 receives the response from the face-to-face control server device 1, the authentication control unit 350 instructs the connection destination authentication unit 310 to verify the response. The connection destination authenticating unit 310 verifies the response from the face-to-face control server apparatus 1 using the certificate of the face-to-face control server apparatus 1 acquired earlier (step S56).
This completes the authentication of the face-to-face control server device 1 by the user.

  Next, key distribution between the facing control server device 1 and the user device 3 will be described. First, the encryption communication unit 360 of the user device 3 calculates a random number a in the same procedure as the key distribution between the face-to-face control server device 1 and the provider device 2 described above, and this a is transmitted via the communication unit 301. It transmits to the facing control server apparatus 1 (step S57).

  When the communication unit 101 of the face-to-face control server device 1 receives a random number from the user device 3 (step S58), the cryptographic communication management unit 170 generates a random number y and calculates the random number b according to the above-described equation (2). Then, b is transmitted to the user device 3 via the communication unit 101 (step S59).

  When the communication unit 301 of the user device 3 receives the random number from the face-to-face control server device 1 (step S60), the encryption communication unit 360 calculates ka according to the above-described equation (3), and uses this ka as the encryption key. Is stored in the key storage unit 361 (step S63).

  Further, the encryption communication management unit 170 of the face-to-face control server apparatus 1 calculates kb according to the above-described equation (4), and outputs this kb to the session management unit 190 as an encryption key (step S61). The session management unit 190 associates this encryption key with the current session ID on the session information database stored in the session information storage unit 192 as the user encryption communication key.

The encryption communication management unit 170 of the face-to-face control server device 1 starts encryption communication using k as a key (step S62).
Also, the encryption communication unit 360 of the user device 3 starts encryption communication using k as a key (step S64).

  Next, the flow of user authentication processing will be described. FIG. 16 is a flowchart showing an example of the provider identification information communication process by the face-to-face business system according to the first embodiment of the present invention.

  First, a process in which a user authenticates a provider will be described. The session management unit 190 of the face-to-face control server device 1 reads out the employee number associated with the session ID of the current communication stored in the session information storage unit 192 and notifies the provider authentication control unit 110 of the employee number. Then, the provider authentication control unit 110 instructs the user authentication control unit 130 to read the provider information corresponding to the employee number.

  Then, the user authentication control unit 130 instructs the provider information providing unit 140 to acquire provider information. Then, the provider information providing unit 140 reads out the information on the affiliation, name, telephone number, and face photograph associated with the employee number on the provider information database stored in the provider information storage unit 112, together with the employee number. The data is output to the user authentication control unit 130. The user authentication control unit 130 transmits these pieces of information as provider identification information to the user device 3 via the communication unit 101 (step S71).

  When the communication unit 301 of the user device 3 receives the provider identification information from the face-to-face control server device 1 (step S72), the invitation receiving unit 302 receives the employee number, affiliation, name, telephone number, and face photo. Is displayed on the display unit 303. In addition, the provider identification information verification unit 370 holds the received provider identification information in the internal memory.

FIG. 17 is a diagram showing an example of a display screen of provider identification information in the user device of the face-to-face business system according to the first embodiment of the present invention.
Here, it is assumed that the user requests the provider to present the provider identification medium 4.
The invitation receiving unit 302 of the user device 3 reads the two-dimensional code attached to the provider identification medium 4 (Step S73).

  The provider identification information verification unit 370 verifies the signature attached to the read two-dimensional code. Next, the provider is confirmed by collating the affiliation, name, and employee number corresponding to this signature with the provider identification information received from the face-to-face control server device 1 as described above (step S74). Also, the provider identification information verification unit 370 displays the read information on the display unit 303, so that the user can visually confirm the provider.

  Next, the process in which the face-to-face control server device 1 authenticates the user will be described. First, the user certification unit 351 of the user device 3 reads the user certificate from the certificate storage unit 320. The user certification unit 351 outputs this certificate to the authentication control unit 350. The authentication control unit 350 transmits this certificate to the facing control server device 1 via the communication unit 301 (step S75).

  When the communication unit 101 of the face-to-face control server device 1 receives the certificate from the user device 3, the user authentication control unit 130 instructs the user authentication unit 150 to verify the certificate. The user authentication unit 150 verifies the validity of the certificate from the user device 3 (step S76).

  If the certificate is valid, the user authentication unit 150 generates a challenge. The user authentication control unit 130 transmits the generated challenge to the user device 3 via the communication unit 101 (step S77).

  When the communication unit 301 of the user device 3 receives the challenge from the face-to-face control server device 1 (step S78), the authentication control unit 350 generates a response to the challenge in the signature unit 330 via the user certification unit 351. Instruct.

  The signature unit 330 generates a response to the challenge from the face-to-face control server device 1 based on the secret key stored in the key storage unit 331. The user certification unit 351 outputs the generated response to the authentication control unit 350, and the authentication control unit 350 transmits the response to the facing control server device 1 via the communication unit 301 (step S79).

  When the communication unit 101 of the face-to-face control server device 1 receives a response from the user device 3, the user authentication control unit 130 instructs the user authentication unit 150 to verify the response. The user authentication unit 150 verifies the response from the user device 3 based on the already received user certificate (step S80). This completes the user authentication by the face-to-face control server device 1.

  As described above, in the face-to-face business system according to the first embodiment of the present invention, the face-to-face control server device 1 generates a nonce according to an instruction from the provider device 2, transmits it to the provider device 2, and provides it. The person apparatus 2 transmits this nonce to the user apparatus 3 by short-range communication, and when the user apparatus transmits this nonce to the meeting control server apparatus 1, the meeting control server apparatus 1 receives the generated nonce. Match nonces. As a result, it is possible to correctly confirm that the service provider and the user have faced each other.

  In this embodiment, it has been described that the provider device 2 and the provider identification medium 4 are different from each other. However, the provider device 2 and the provider identification medium 4 are attached by attaching a two-dimensional code to the provider device 2. May be integrated.

(Second Embodiment)
Next, a second embodiment of the present invention will be described. In addition, description of the structure similar to the structure demonstrated in 1st Embodiment among the structures of the system which concerns on this embodiment is abbreviate | omitted.
FIG. 18 is a block diagram illustrating a configuration example of the provider device of the face-to-face business system according to the second embodiment of the present invention.

  The face-to-face control system according to the second embodiment of the present invention has a provider device 2b instead of the provider device 2. As shown in FIG. 18, the provider device 2b includes a provider certification unit 204b instead of the provider certification unit 204 provided in the provider device 2, and further includes a signature unit 205 and a key storage unit 206. The key storage unit 206 stores the provider secret key.

FIG. 19 is a diagram showing an example of the storage contents of the storage unit of the server device of the face-to-face business system according to the second embodiment of the present invention.
In the second embodiment, the face-to-face control server device 1 includes a storage unit 112b instead of the provider information storage unit 112. The storage unit 112b includes a certificate repository in addition to the provider information database stored in the provider information storage unit 112. The certificate repository stores the provider's certificate. In the provider information database, certificate IDs are managed instead of passwords.

  In the first embodiment, as shown in FIGS. 5 and 6, the authentication processing of the facing control server device 1 by the user and the authentication processing of the user by the facing control server device 1 are performed separately. In this embodiment, as will be described below, these processes can be performed with a small number of communications.

  In the first embodiment, the ID and password are used for authentication of the provider by the face-to-face control server device 1, but in the second embodiment, the face-to-face is provided using a provider private key instead of the ID and password. The control server device 1 authenticates the provider.

  Next, the authentication process of the face-to-face control server apparatus 1 by the user and the user authentication process by the face-to-face control server apparatus 1 will be described. FIG. 20 is a flowchart showing an example between various devices of the face-to-face business system according to the second embodiment of the present invention.

  First, the authentication control unit 350 of the user device 3 transmits a connection destination authentication request signal including the connection destination ID of the user device 3 to the facing control server device 1 via the communication unit 301 (step S91).

  When the communication unit 101 of the face-to-face control server device 1 receives the authentication request signal from the user device 3, the session management unit 190 starts managing a session with the user device 3. Specifically, the session management unit 190 issues a session ID and stores it in the session information storage unit 192 in association with the connection destination ID of the user device 3 (step S92).

Next, the session management unit 190 of the face-to-face control server apparatus 1 instructs the user authentication control unit 130 to transmit a certificate and a challenge. Then, the user authentication control unit 130 instructs the certification unit 120 to read the certificate, and instructs the user authentication unit 150 to generate a challenge.
Then, the certification unit 120 reads the certificate from the certificate storage unit 121. The user authentication unit 150 generates a challenge.

  The user authentication control unit 130 transmits the certificate read by the certification unit 120 and the challenge generated by the user authentication unit 150 to the user device 3 via the communication unit 101 (step S93). In FIG. 20, a certificate issued to the face-to-face control server apparatus 1 is denoted as “certificate (sa)”, and a challenge generated by the face-to-face control server apparatus 1 is denoted as “challenge (sa)”. Yes.

  When the communication unit 301 of the user device 3 receives the certificate or challenge from the face-to-face control server device 1 (step S94), the authentication control unit 350 instructs the connection destination authentication unit 310 to verify the certificate. The connection destination authenticating unit 310 verifies the validity of the certificate from the face-to-face control server device 1 (step S95).

  The connection destination authentication unit 310 notifies the authentication control unit 350 that the certificate is valid. Then, the authentication control unit 350 instructs the signature unit 330 to generate a response to the challenge from the face-to-face control server device 1 via the user certification unit 351 and instructs the user certification unit 351 to read out the user certificate. .

The signature unit 330 generates a response to the challenge from the face-to-face control server device 1 based on the secret key stored in the key storage unit 331 (step S96). The user certification unit 351 outputs the generated response to the authentication control unit 350.
Further, if the certificate is valid, the connection destination authenticating unit 310 generates a challenge and outputs it to the authentication control unit 350 (step S97).

  In addition, the user certification unit 351 reads the user certificate from the certificate storage unit 320 and outputs this certificate to the authentication control unit 350. The authentication control unit 350 transmits the read certificate, the generated response, and the challenge to the facing control server device 1 via the communication unit 301 (Step S98). In FIG. 20, a certificate issued to the user device 3 is denoted as “certificate (right)”, a challenge generated by the user device 3 is denoted as “challenge (right)”, and the user The response generated by the device 3 is described as “response (profit)”.

  When the communication unit 101 of the face-to-face control server device 1 receives the certificate, challenge, and response from the user device 3 (step S99), the user authentication control unit 130 verifies the certificate and response for user authentication. The unit 150 is instructed. The user authentication unit 150 verifies the validity of the certificate from the user device 3 (step S100).

In addition, the user authentication unit 150 performs response verification based on the verified certificate simultaneously with (or before and after) verification of the certificate.
The user authentication control unit 130 instructs the signature unit 123 to generate a response to the challenge from the user device 3 via the certification unit 120.

  The signature unit 123 generates a response to the challenge from the user device 3 based on the secret key stored in the key storage unit 122 (step S101). The certification unit 120 outputs the generated response to the user authentication control unit 130.

  When the user authentication control unit 130 inputs the response, the user authentication control unit 130 instructs the encryption communication management unit 170 to generate the encryption communication key via the session management unit 190. The communication key here is a common key such as Triple DES.

  The encryption communication management unit 170 generates a communication key. The encryption communication management unit 170 stores the public key of the user device 3 in the internal memory, encrypts the generated communication key using the public key of the user device 3, and outputs the encrypted communication key to the user authentication control unit 130. (Steps S102, 103). The user authentication control unit 130 transmits the generated response and communication key to the user device 3 via the communication unit 101 (step S104). In FIG. 20, “response (service)” generated by the response from the meeting control server device 1 is described.

  When the communication unit 301 of the user device 3 receives the response or communication key from the face-to-face control server device 1 (step S105), the authentication control unit 350 instructs the connection destination authentication unit 310 to verify the response, and performs communication. The authentication control unit 350 is instructed to decrypt the key.

  The connection destination authentication unit 310 verifies the response from the face-to-face control server device 1. Further, the authentication control unit 350 instructs the signature unit 330 to decrypt the encrypted communication key from the face-to-face control server device 1 via the user certification unit 351. The signature unit 330 decrypts the encrypted communication key from the face-to-face control server device 1 using the secret key stored in the key storage unit 331, and decrypts the encrypted communication key via the user certification unit 351 and the authentication control unit 350. 360 (step S106).

  The encryption communication unit 360 starts encryption communication with the face-to-face control server device 1 using the decrypted communication key (step S108). Further, the encrypted communication management unit 170 of the face-to-face control server apparatus 1 starts encrypted communication using the generated communication key (step S107).

  Further, the processing from step S109 to step S112, which is the authentication process of the provider by the subsequent user shown in FIG. 20, is the same as the processing from step S71 to step S74 described above.

  Next, the authentication process of the facing control server apparatus 1 by the provider and the authentication process of the provider by the facing control server apparatus 1 will be described. FIG. 21 is a flowchart showing an example of authentication processing between the face-to-face business server device and the provider device of the face-to-face business system according to the second embodiment of the present invention.

  First, the authentication control unit 202 of the provider device 2 transmits a connection destination authentication request signal including the connection destination ID of the provider device 2 to the facing control server device 1 via the communication unit 201 (step S121).

  When the communication unit 101 of the face-to-face control server device 1 receives the authentication request signal from the provider device 2, the session management unit 190 starts managing a session with the provider device 2. Specifically, the session management unit 190 issues a session ID and stores it in the session information storage unit 192 in association with the connection destination ID of the provider device 2 (step S122).

Next, the session management unit 190 of the face-to-face control server apparatus 1 instructs the provider authentication control unit 110 to transmit a certificate and a challenge. Then, the provider authentication control unit 110 instructs the certification unit 120 to read the certificate, and instructs the provider authentication unit 111 to generate a challenge.
Then, the certification unit 120 reads the certificate from the certificate storage unit 121. The provider authentication unit 111 generates a challenge.

  The provider authentication control unit 110 transmits the certificate read by the certification unit 120 and the challenge generated by the provider authentication unit 111 to the provider device 2 via the communication unit 101 (step S123).

  When the communication unit 201 of the provider device 2 receives the certificate or challenge from the face-to-face control server device 1 (step S124), the authentication control unit 202 instructs the connection destination authentication unit 203 to verify the certificate. The connection destination authentication unit 203 verifies the validity of the certificate from the face-to-face control server device 1 (step S125).

  The connection destination authenticating unit 203 notifies the authentication control unit 202 that the certificate is valid. Then, the authentication control unit 202 instructs the signature unit 205 to generate a response to the challenge from the face-to-face control server device 1 via the provider certification unit 204b, and instructs the provider certification unit 204b to read the provider certificate. .

The signature unit 205 generates a response to the challenge from the face-to-face control server device 1 based on the secret key stored in the key storage unit 206 (step S126). The provider certification unit 204b outputs the generated response to the authentication control unit 202.
Further, if the certificate and the response are valid, the connection destination authenticating unit 203 generates a challenge and outputs it to the authentication control unit 202 (step S127).

  In addition, the provider certification unit 204 b reads the provider certificate stored in the certificate storage unit 230 and outputs this certificate to the authentication control unit 202. The authentication control unit 202 transmits the read certificate, the generated response, and the challenge to the facing control server device 1 via the communication unit 201 (step S128). In FIG. 20, a certificate issued to the provider device 2 is expressed as “certificate (provided)”, a challenge generated by the provider device 2 is expressed as “challenge (provided)”, and the provider The response generated by the device 2 is referred to as “response (proposed)”.

  When the communication unit 101 of the face-to-face control server device 1 receives the certificate, challenge, and response from the provider device 2 (step S129), the provider authentication control unit 110 verifies the certificate and response with provider authentication. The unit 111 is instructed. The provider authentication unit 111 verifies the validity of the certificate from the provider device 2 by collating with the certificate in the certificate repository in the storage unit 112b and the provider information database (step S130). Further, the provider authentication unit 111 verifies the validity of the response from the provider device 2 based on the certificate that has been verified.

The provider authentication control unit 110 instructs the signature unit 123 via the certification unit 120 to generate a response to the challenge from the provider device 2.
The signature unit 123 generates a response to the challenge from the provider device 2 based on the secret key stored in the key storage unit 122 (step S131). The certification unit 120 outputs the generated response to the provider authentication control unit 110.

  When the provider authentication control unit 110 inputs the response, the provider authentication control unit 110 instructs the encryption communication management unit 170 to generate the encryption communication key via the session management unit 190. The communication key here is a common key such as Triple DES.

  The encryption communication management unit 170 generates a communication key. The encrypted communication management unit 170 encrypts the generated communication key using the public key of the provider device 2 (included in the certificate from the provider device 2) and outputs it to the provider authentication control unit 110 (step). S132, 133). The provider authentication control unit 110 transmits the generated response and communication key to the provider device 2 via the communication unit 101 (step S134).

  When the communication unit 201 of the provider device 2 receives the response or communication key from the face-to-face control server device 1 (step S135), the authentication control unit 202 instructs the connection destination authentication unit 203 to verify the response, and performs communication. The authentication control unit 202 is instructed to decrypt the key.

  The connection destination authentication unit 203 verifies the response from the face-to-face control server apparatus 1 based on the certificate of the face-to-face control server apparatus 1 that has already been received. Further, the authentication control unit 202 instructs the signature unit 205 to decrypt the encrypted communication key from the face-to-face control server device 1 via the provider certification unit 204b. The signature unit 205 decrypts the encrypted communication key from the face-to-face control server device 1 using the secret key stored in the key storage unit 206, and decrypts the encrypted communication key via the provider certification unit 204b and the authentication control unit 202. It outputs to 210 (step S136).

  The encryption communication unit 210 starts encryption communication with the face-to-face control server device 1 using the decrypted communication key (step S138). Further, the encrypted communication management unit 170 of the face-to-face control server device 1 starts encrypted communication using the generated communication key (step S137).

  With such a configuration, it is possible to reduce the number of communications necessary for authentication between devices of the face-to-face business system. In addition, since the provider device 2 has a secret key, authentication processing between the face-to-face control server devices 1 can be performed without using an ID or password.

  In the embodiment described above, the provider is authenticated by the face-to-face control server device 1 using an ID and a password or using a secret key. The provider device 2 has a biometric authentication function, and this function is used. May be authenticated.

  Further, in the above-described example, the user invitation information is delivered from the provider device 2 to the user device 3 by the two-dimensional code. A communication line having a length of about a certain length may be used, leaving a trail indicating that the communication line has been used, or may be delivered by near field communication such as infrared communication or Bluetooth.

Further, the face-to-face control server device 1 may continue processing after authentication of the provider and the user, and may record a history of these processing.
Moreover, you may use near field communication and GPS together.
Further, the number of users is not limited to one and may be plural. At this time, the session management unit 190 has a function of managing a plurality of users. The session information storage unit 192 includes a plurality of columns of connection destination IDs (users).

(Third embodiment)
FIG. 22 is a schematic diagram showing a configuration of a face-to-face business system according to the third embodiment of the present invention.

  The face-to-face business system according to the present embodiment includes a face-to-face control server device 6, a provider device 7, and a user device 8.

  It is assumed that the face-to-face business system according to the third embodiment of the present invention has the same function as the face-to-face business system according to the first and second embodiments. That is, the face-to-face control server device 6, the provider device 7, and the user device 8 according to the present embodiment are the face-to-face control server device 1, the provider device 2, and the user device 3 according to the first and second embodiments, respectively. Has the same function. Therefore, in the face-to-face business system according to the present embodiment, PKI-based mutual authentication is performed between the face-to-face control server device 6, the provider device 7, and the user device 8. Further, the provider device 7 and the user device 8 exist in a range where close proximity communication is possible. For the authentication method of the provider and the user, methods such as PIN input and fingerprint authentication are used.

  FIG. 23 is a schematic diagram illustrating a configuration of the meeting control server device 6 according to the present embodiment.

  The face-to-face control server device 6 is a server machine operated by a service provider. Specifically, the face-to-face control server device 6 includes a communication unit 601, a signature control unit 610, a signature verification unit 620, a memory unit 621, a key storage unit 622, a signature generation unit 623, a workflow management unit 660, a workflow setting unit 661, The workflow information storage unit 662, the encryption communication management unit 670, the time management unit 675, the nonce management unit 680, the nonce generation unit 681, the session management unit 690, the session information storage unit 692, the history information management unit 695, and the trail information storage unit 696 I have.

  The communication unit 601 communicates with the provider device 7 and the user device 8 via the communication networks 10a and 10b such as the Internet.

  The signature control unit 610 controls the signature verification unit 620 and the signature generation unit 623 to verify the signatures of the provider device 7 and the user device 8, and generates the signature of the meeting control server device 6. is there.

  The signature verification unit 620 verifies the signatures of the provider device 7 and the user device 8 based on the public key certificate stored in the memory unit 621. Specifically, when the signature verification unit 620 receives “third-signature-added trail information”, which will be described later, from the provider device 7 together with the provider ID, the provider signature added to the third-signature-added trail information and use The subscriber signature is verified with the provider public key and the user public key.

  The memory unit 621 is a storage device and stores a certificate issued to the provider device 7 and the user device 8. Further, as shown in FIG. 24, the memory unit 621 stores information on the employees of the service provider as provider information.

  The key storage unit 622 is a memory that stores a “server secret key” of the face-to-face control server device 6.

  The signature generation unit 623 attaches a server signature of the face-to-face control server device 6 to history information and trail information (history information with a signature) in which status information and the like are written in the workflow unit.

  Specifically, the signature generation unit 623 has a function of generating “first signature-added trail information” by adding a server signature with a server private key to a workflow unit in which history information is written.

  In addition, when the signature verification unit 620 verifies the validity of each signature of the provider device 7 and the user device 8, the signature generation unit 623 adds a server signature with the server private key to the third signature trail information. To generate “fourth signed trail information”.

  The workflow management unit 660 controls workflow information and includes a work instruction information transmission function 660A and a history information writing function 660B.

  When the workflow setting unit 661 sets the provider device 7 and the user device 8 in the workflow unit, the work instruction information transmission function 660A sends “work instruction information” to the provider device 7 in the order of the work steps of the workflow unit. This is a function for transmitting to the user device 8. The work instruction information is information indicating work to be performed by the provider and the user for each work process of the workflow.

  When the history information writing function 660B receives “provider history information” or “user history information” from the provider device 7 or the user device 8 according to the work instruction information, the history information writing function 660B stores the history information in the workflow unit. It is a function to write. In the workflow unit, “status information” indicating the work process of the user apparatus 7 and the provider apparatus 8 and “date and time” when the process of the work process is completed are also written. Here, when history information in a certain work process is written in the workflow unit, “completed” is written in the status information. When “complete” is written in the status information, the workflow can be advanced to the next work process.

  The workflow setting unit 661 manages a workflow executed by the provider and the user. Specifically, when the workflow setting unit 661 receives the provider ID and the workflow ID from the provider device 7, the workflow setting unit 661 reads the workflow unit corresponding to the workflow ID from the workflow information storage unit 662, and corresponds to the provider ID. The user ID is read from the session information storage unit 692, and the provider device 7 and the user device 8 to be recorded in the workflow unit are set based on the provider ID and the user ID.

  The workflow information storage unit 662 is a memory that stores workflow information. “Workflow information” refers to a workflow unit, various programs for executing a workflow, and the like. The workflow information is listed according to the type of workflow, and the listed workflow information is referred to as a “workflow list”. The “workflow unit” is information in a format for recording the status information of the provider device 7 and the status information of the user device 8 in a writable order in a predetermined work process. In other words, the workflow progress can be managed by this workflow unit. The workflow unit is stored in the workflow information storage unit 669 in association with the workflow ID.

  The workflow information storage unit 669 is a memory that stores a workflow unit in association with a workflow ID, as illustrated in FIG.

  The encryption communication management unit 670 is a function for managing encryption communication. In the encryption communication, an encryption communication key shared by the facing control server device 6 with each of the provider device 7 and the user device 8 is used. Note that these encrypted communication keys are stored in the session information storage unit 692. In addition, the nonce generated by the nonce management unit 680 is used for encryption communication. Here, a nonce is a random number that cannot be predicted before it is generated. Specifically, a nonce is generated by the nonce generation unit 681 based on the time managed by the time management unit 675 under the control of the nonce management unit 680.

  The session management unit 690 is a function for managing a communication session with the provider device 7 and the user device 8.

  The session information storage unit 692 is a memory that stores “session information” including a provider ID and a user ID. Here, as shown in FIG. 26, session information storage unit 692 stores the provider ID and the user ID in a one-to-one correspondence.

  The history information management unit 695 manages the processing history reported from the provider device 7 and the user device 8 and the processing history of the face-to-face control server device 6 itself. Specifically, the history information management unit 695 manages the trail information stored in the trail information storage unit 696, and has a trail information transmission function 695A and a trail information writing function 695B.

  When the trail information transmission function 695A receives a trail information transmission request from the provider device 7 or the user device 8 together with the workflow ID, the trail information transmission function 695A reads the trail information corresponding to the workflow ID from the trail information storage unit 696 and transmits the transmission request. This is a function to send to the request source.

  The trail information writing function 695B is a function of writing the fourth signed trail information in the trail information storage unit 696 in association with the provider ID when the fourth signed trail information is generated.

  The trail information storage unit 696 is a memory for storing the first signed trail information and the fourth signed trail information to which the server signature is added by the server private key in association with the “workflow ID” and the “provider ID”. is there.

  Here, the trail information with the first signature is obtained by adding a server signature to a workflow unit in which history information such as work instruction information and processing results is written, as shown in FIG. Further, as shown in FIG. 28, the fourth signed trail information is obtained by adding a user signature, a provider signature, and a server signature to the first signed trail information. The history information includes provider history information indicating the processing contents of the provider device and user history information indicating the processing contents of the user device.

  FIG. 29 is a schematic diagram illustrating a configuration of the provider device 7 according to the present embodiment.

  The provider device 7 is a terminal used for the provider to access the face-to-face control server device 6. Specifically, it is configured by a notebook PC, a PDA, a mobile phone, etc. distributed to the provider by the service provider. The provider device 7 includes a computing device that performs information processing based on a program incorporated in the device, an interface device such as a keyboard operated by a person, a display device that visually displays characters and images, A communication device that communicates with the control server device 6 and a storage device that stores data are provided. It also has a function to capture a two-dimensional image and extract information from it. A typical example of a two-dimensional image includes a two-dimensional code (QR code).

  By installing a program for performing processing necessary for the face-to-face business system in the terminal device constituting the provider device 7, the provider device 7 can communicate with the communication unit 701, the signature control unit 702, and the signature verification unit 703. It has functions as a signature generation unit 704, a memory unit 705, a key storage unit 706, an encryption communication unit 710, a memory unit 711, a proximity communication unit 720, a display unit 721, a history information management unit 740, and a time management unit 750. Become.

  The communication unit 701 communicates with the facing control server device 6 via a communication network 10a such as the Internet.

  The signature control unit 702 controls the signature verification unit 703 and the signature generation unit 704 to verify the signatures of the face-to-face control server device 6 and the user device 8, and generates the provider signature of the provider device 7. Is.

  The signature verification unit 703 verifies the server signature and the user signature, and has a first verification function 703A and a second verification function 703B.

  When the provider apparatus 7 receives the trail information with the first signature from the face-to-face control server apparatus 6 in response to the transmission request for the trail information, the first verification function 703A is a server added to the trail information with the first signature. This function verifies the validity of a signature using a server public key.

  The second verification function 703B is a function for verifying the validity of the user signature with the user public key when the provider apparatus 7 receives trail information with a second signature, which will be described later, from the user apparatus 8 by proximity communication. It is.

  The signature generation unit 704 performs the signature of the provider device 7. Specifically, the signature generation unit 704, when the validity of the server signature and the user signature is verified by the signature verification unit 703, provider history information included in the second signed trail information, and a history information management unit described later The provider history information stored in 740 is compared. When the comparison results match, the signature generation unit 704 generates “third signature-added trail information” by adding the provider signature with the provider private key to the second signature-added trail information. As shown in FIG. 30, the signature generation unit 704 displays the processing content of the workflow on the display unit 721 and causes the provider to confirm the processing content, and then generates the third signature-added trail information.

  The key storage unit 706 is a memory that stores a “provider secret key”.

  The encryption communication unit 710 controls encryption communication with the face-to-face control server device 6. Specifically, the cryptographic communication unit 710 performs cryptographic communication using the cryptographic communication key stored in the memory unit 711 and shared with the face-to-face control server device 6. Note that the nonce value used for encrypted communication is the time value managed by the time management unit 750.

  The near field communication unit 720 performs near field communication with the user device 8 and receives the trail information with the second signature added with the user signature. For example, information is exchanged with the near field communication unit 820 of the user device 8 by reading a two-dimensional image displayed on the display unit 821 of the user device 8. This information path is indicated by the communication path 20 in FIG.

  The history information management unit 740 stores the history of processing executed by the provider device 7 as “provider history information” in association with the time managed by the time management unit 750. The history information management unit 740 has a trail information transmission request function 740A, a trail information transmission function 740B, and a history information transmission function 740C, and manages the trail information received from the meeting control server device 6 and the provider device 8. To do.

  The trail information transmission request function 740A is a function of transmitting a trail information transmission request together with the workflow ID to the meeting control server device 6.

  The trail information transmission function 740 </ b> B is a function of transmitting the third signature-added trail information together with the provider ID to the facing control server device 6 when the signature generation unit 704 generates the third signature-added trail information.

  The history information transmission function 740C is a function of transmitting “provider history information” for the work instruction information when the work instruction information is received from the face-to-face control server device 6. For example, when a selection button displayed on the screen of the display unit 721 is pressed, processing corresponding to the selection button is transmitted to the face-to-face control server device 6 as provider history information.

  The workflow start request unit 760 transmits the provider ID and the workflow ID to the face-to-face control server device 6 together with the workflow start request.

  FIG. 31 is a schematic diagram showing the configuration of the user device 8 according to the present embodiment.

  The user device 8 is a device that is individually carried by the user, and includes a mobile phone or a PDA. This user device 8 does not need to be a dedicated product for the service provided by the service provider, and may be any device that can install a program for performing processing necessary for the face-to-face business system. Therefore, there are cases where a terminal device that is generally carried at hand can be used for the convenience of the user. The user device 8 includes a computing device that performs information processing based on a program incorporated in the device, an interface device such as a keyboard operated by a person, a display device that visually displays characters and images, A communication device that communicates with the control server device 6 and a storage device that stores data are provided. It also has a function to capture a two-dimensional image and extract information from it. A typical example of a two-dimensional image includes a two-dimensional code (QR code).

  By installing a program for performing processing necessary for the face-to-face business system in such a terminal device constituting the user device 8, the user device 8 can communicate with the communication unit 801, the signature control unit 802, and the signature verification unit 803. It has functions as a signature generation unit 804, a memory unit 805, a key storage unit 806, an encryption communication unit 810, a memory unit 811, a proximity communication unit 820, a display unit 821, a history information management unit 840, and a time management unit 850. Become.

  The communication unit 801 communicates with the facing control server device 6 via a communication network 10b such as the Internet.

  The signature control unit 802 controls the signature verification unit 803 and the signature generation unit 804 to verify the signatures of the face-to-face control server device 6 and the provider device 7 and generate the user signature of the user device 8. Is.

  The signature verification unit 803 verifies the server signature of the meeting control server device 6. Specifically, when the signature verification unit 803 receives the trail information with the first signature in response to the trail information transmission request, the signature verification unit 803 indicates the validity of the server signature added to the trail information with the first signature as the server public key. Verify using.

  The signature generation unit 804 performs the signature of the user device 8. Specifically, when the signature verification unit 803 verifies the validity of the server signature, the signature generation unit 804 stores the user history information included in the trail information with the first signature and the history information management unit described later. Is compared with user history information. If the comparison results match, the signature generation unit 804 generates “second signature-added trail information” by adding the user signature based on the user private key to the first signature-added trail information. As shown in FIG. 32, the signature generation unit 804 displays the processing content of the workflow on the display unit 821 and allows the user to confirm the processing content, and then generates the second signature-added trail information.

  The key storage unit 806 is a memory that stores a “user secret key”.

  The encryption communication unit 810 controls encryption communication with the face-to-face control server device 6. Specifically, the cryptographic communication unit 810 performs cryptographic communication using the cryptographic key stored in the memory unit 811 and shared with the face-to-face control server device 6.

  The near field communication unit 820 performs near field communication with the provider device 7 and transmits the trail information with the second signature added with the user signature. Specifically, information is exchanged with the proximity communication unit 720 of the provider device 7 by reading a two-dimensional image displayed on the display unit 721 of the provider device 7. This information path is indicated by the communication path 20 in FIG.

  The proximity communication unit 820 transmits the trail information with the second signature, but may be configured to transmit only the “second signature information” in order to reduce the communication amount.

  The history information management unit 840 stores the history of processing executed by the user device 8 as “user history information” in association with the time managed by the time management unit 850. The history information management unit 840 includes a trail information transmission request function 840A and a history information transmission function 840B, and manages the trail information received from the face-to-face control server device 6.

  The trail information transmission request function 840A transmits a trail information transmission request to the meeting control server device 6 together with the workflow ID.

  The history information transmission function 840B is a function of transmitting “user history information” for the work instruction information when the work instruction information is received from the face-to-face control server device 6. For example, when a selection button displayed on the screen of the display unit 821 is pressed, processing corresponding to the selection button is transmitted to the face-to-face control server device 6 as user history information.

  Next, the operation of the face-to-face business system according to this embodiment will be described.

  As a premise, in this embodiment, it is assumed that the processing in the first embodiment has been completed. That is, PKI-based mutual authentication has already been performed between the face-to-face control server device 6 and the provider device 7 and user device 8. A nonce is exchanged between the provider device 2 and the user device 3 by proximity communication, and it is confirmed that the provider and the user are facing each other. When it is confirmed that the provider device 7 and the user device 8 are facing each other by the proximity communication, the provider ID of the provider device 7 and the user who is performing the proximity communication with the provider device 7 The user ID of the device 8 is stored in association with the face-to-face control server device 6.

  Based on such a premise, the face-to-face business system according to the present embodiment will be described.

  FIG. 33 is a sequence diagram for explaining an operation when a workflow is executed in the face-to-face business system according to the present embodiment.

(3-1. Start of workflow)
First, the operation when starting a workflow will be described.

  First, a workflow list transmission request is made from the provider device 7 to the face-to-face control server device 6 by the operation of the provider. Thereby, a workflow list is provided by the face-to-face control server device 6 (step T1).

  Subsequently, as illustrated in FIG. 34, the workflow list is displayed on the display unit 721 of the provider device 7. Then, the workflow is selected from the workflow list by the provider via the interface device (step T2). When the workflow is determined, the workflow ID set for each workflow and the provider ID are transmitted to the face-to-face control server device 6 together with the workflow start request.

  Note that the workflow unit may be preset in the provider device 2 as necessary. In this case, steps T1 and T2 are omitted.

  Next, the face-to-face control server device 6 determines a workflow for starting processing based on the received workflow ID (step T3).

  Subsequently, the workflow setting unit 661 reads a workflow unit corresponding to the workflow ID, various programs for executing the workflow, and the like from the workflow information storage unit 662. Then, “completed” is written in the first status information column of the workflow unit, and the head screen and the command list on which the work instruction information of the workflow is displayed are transmitted to the provider device 7. Thereby, the workflow on the provider side proceeds to the next step.

  The workflow setting unit 661 reads the user ID corresponding to the provider ID from the session information storage unit 692 (step T4). Then, the workflow setting unit 661 sets the user device 8 to be recorded in the workflow unit based on the user ID. Then, “completed” is written in the first status information column of the workflow unit, and the head screen and the command list on which the work instruction information of the workflow is displayed are transmitted to the user device 8. As a result, the workflow on the user side proceeds to the next step.

  Thereafter, as will be described later, the information on the next screen and the command list are transmitted from the face-to-face control server device 6 to the provider device 7 and the user device 8 in accordance with a predetermined workflow procedure. That is, the same workflow as the workflow started by the provider device 7 is also started in the user device 8.

  If the provider device 7 has not started the workflow, even if the user device 8 accesses the face-to-face control server device 6, an error occurs because the workflow unit is not set.

(3-2. Execution of workflow)
When the provider device 7 and the user device 8 are set in the workflow unit of the face-to-face control server device 6 and the workflow is started, work is performed on the provider device 7 and the user device 8 according to the program for each workflow. Instruction information is transmitted. Note that screen information and a command list are transmitted as the work instruction information.

  When the provider device 7 receives the work instruction information from the face-to-face control server device 6, the provider device 7 displays the work instruction information on the display unit 721. Then, the provider processes the workflow based on the work instruction information displayed on the display unit 721 (step T5).

  When the workflow is processed, the provider performs an operation such as pressing a process completion button on the screen displayed on the display unit 721. As a result, the command associated with the operation of the provider is transmitted from the provider device 7 to the face-to-face control server device 6. The transmitted command is also stored in the history information management unit 740.

  When the face-to-face control server device 6 receives a command from the provider device 7, the command is written in the workflow unit as provider history information (step T6). When the provider history information is written in the workflow unit, “completed” information is written in the provider status column of the corresponding work process. Then, the workflow is advanced to the next procedure.

  Even if the provider status is completed, an error occurs if the user status in the previous process is not appropriate. When an error occurs, the error code or the same work instruction information as the previous time is transmitted, and the workflow of the provider device 7 cannot be advanced.

  On the other hand, when the user apparatus 8 receives the work instruction information from the face-to-face control server apparatus 6, the user apparatus 8 displays the work instruction information on the display unit 821. Then, the user processes the workflow based on the work instruction information displayed on the display unit 821 (step T7).

  When the workflow is processed, the user performs an operation such as pressing a process completion button on the screen displayed on the display unit 821. As a result, a command associated with the user's operation is transmitted from the user device 8 to the face-to-face control server device 6. The transmitted command is also stored in the history information management unit 840.

  When the face-to-face control server device 6 receives a command from the user device 7, the command is written in the workflow unit as user history information (step T8). When the user history information is written in the workflow unit, “completed” information is written in the user status of the corresponding work process. Then, the workflow is advanced to the next procedure.

  Even if the user status is completed, an error occurs if the provider status in the previous process is not appropriate. When an error occurs, the error code or the same work instruction information as the previous one is transmitted, and the workflow of the user device 8 cannot be advanced.

  The above-described processing from step T5 to step T8 is repeated until the workflow is completed. Note that either the processing of steps T5 and T6 described above or the processing of steps T7 and T8 may be performed first according to the work procedure of the workflow. Only one of them may be executed.

(3-3. Storage of trail information)
FIG. 35 is a sequence diagram for explaining an operation when storing the trail information in the face-to-face business system according to the present embodiment.

  As a premise for the following processing, it is assumed that the workflow is completed in the provider device 7 and the user device 8.

  First, a transmission request for trail information is made from the provider device 7 to the face-to-face control server device 6 (step U1). At this time, the workflow ID is also transmitted together with the trail information transmission request.

  Subsequently, the face-to-face control server device 6 receives a trail information transmission request, and generates “first signature-added trail information” (step U2). Specifically, the history information management unit 695 adds the server signature to the history information stored in the trail information storage unit 696 to generate the first signed trail information.

  Next, the trail information with the first signature generated by the meeting control server device 6 is transmitted to the provider device 7.

  When the first signed trail information is received by the provider device 2, the server signature of the facing control server device 6 added to the first signed trail information is verified by the server public key (step U3). In addition, the signature control unit 702 of the provider device 7 compares the history information stored in the history information management unit 740 with the history information included in the trail information with the first signature.

  Then, when the validity of the server signature is verified and the comparison result of the history information matches, the process proceeds to step U9 described later. On the other hand, if the validity of the server signature is not verified or the comparison result of the history information does not match, an error code is transmitted to the face-to-face control server device 6 and the process ends.

  Thereafter, when a transmission request for trail information is transmitted together with the workflow ID from the user device 8 to the facing control server device 6 (step U4), the trail information with the first signature is stored in the facing control server device 6 from the trail information storage unit 696. Is read (step U5). The read trail information with the first signature is transmitted to the user device 8. Note that the user device 8 and the provider device 7 are associated with session information.

  When the first signed trail information is received by the user device 8, the server signature of the facing control server device 6 added to the first signed trail information is verified by the server public key (step U6). In addition, the signature control unit 802 of the user device 8 compares the history information included in the trail information with the first signature with the history information stored in the history information management unit 840.

  When the validity of the server signature is verified and the comparison result of the history information matches, the signature generation unit 804 adds the user signature with the user private key to the trail information with the first signature and adds the “second "Signed trail information" is generated (step U7).

  On the other hand, if the validity of the server signature is not verified or the comparison result of the history information does not match, an error code is transmitted to the face-to-face control server device 6 and the process ends.

  Thereafter, when the user device 8 and the provider device 7 are within the range in which proximity communication is possible, the trail information with the second signature is transmitted from the user device 8 to the provider device 7 by the proximity communication unit 820. (Step U8). Note that in order to reduce the traffic, only the second signature information added to the trail information with the second signature is transmitted.

  Next, when the trail information with the second signature is transmitted from the user device 8 to the provider device 7 by the proximity communication, the user signature added to the trail information with the second signature is verified by the user public key. (Step U9). In addition, the signature control unit 702 of the provider device 7 compares the history information stored in the history information management unit 740 with the history information included in the trail information with the second signature.

  If the validity of the server signature is verified and the comparison result of the history information matches, the process proceeds to the next process. On the other hand, if the validity of the user signature is not verified or the comparison result of the history information does not match, an error code is transmitted to the face-to-face control server device 6 and the process ends.

  Note that data exchange by the proximity communication units of the provider device 7 and the user device 8 is performed by reading a two-dimensional code. Specifically, as shown in FIG. 36, the signature information is displayed as a two-dimensional code on the user device 8. Then, as shown in FIG. 37, the two-dimensional code displayed on the user device 8 is read by the provider device 7, whereby data is transmitted and received.

  In step U9, when the signature verification unit 703 verifies that the user signature is valid, the provider signature by the provider private key is added to the trail information with the second signature, and the “third signature trail information” is obtained. Is generated (step U10).

  Then, the trail information with the third signature generated by the provider device 7 is transmitted to the facing control server device 6.

  When the trail information with the third signature is received by the face-to-face control server device 6, the provider signature and the user signature added to the trail information with the third signature are verified by the provider public key and the user public key, respectively. (Step U11).

  When the signature verification unit 620 of the face-to-face control server apparatus 1 verifies the validity of each signature, the server signature with the server private key is added to the third signature-added trail information to obtain “fourth signature-added trail information”. Generated.

  Note that either the process from step U1 to step U3 or the process from step U4 to step U6 may be first. However, in step U 2, the trail information with the first signature is generated by using the transmission request for the trail information transmitted first between the provider device 7 and the user device 8 as a trigger.

  As described above, in the face-to-face business system according to the present embodiment, the face-to-face control server apparatus 6 transmits the “first signed trail information” to the request source of the transmission request, and the provider When the third signature-added trail information to which the user signature and the provider signature are added is received from the apparatus 7, the signature verification unit 620 that verifies the provider signature and the user signature, and the validity of each signature Is verified, a signature generation unit 623 generates a “fourth signed trail information” by adding a server signature to the third signed trail information, and a trail information storage unit 696 stores the fourth signed trail information. It has. In addition, the user device 8 adds a signature verification unit 803 that verifies the validity of the server signature added to the first signature-added trail information, and adds the user signature to the first signature-added trail information and adds “second signature”. A signature generation unit 804 that generates “additional trail information” and a proximity communication unit 820 that transmits the trail information with the second signature to the provider device by proximity communication. Further, when the provider device 7 verifies the validity of the server signature added to the first signed trail information and receives the second signed trail information from the user device 8 by proximity communication, the second signature The signature verification unit 703 for verifying the validity of the user signature added to the attached trail information, and adding the provider signature by the provider private key 7 to the second signed trail information, thereby providing “third signed trail information”. ”And a history information management unit 740 that transmits the third signature-added trail information to the face-to-face control server device 6. Therefore, according to the face-to-face business system according to the present embodiment, since a so-called ring signature is added to the trail information, the trail information that proves that the face-to-face work has been performed can be stored.

  Further, in the face-to-face business system according to the present embodiment, the face-to-face control server device 6 stores a session information storage unit 692 that stores session information including a provider ID and a user ID, provider history information, and user history information. And a workflow information storage unit 662 for storing a workflow unit for recording writable in the order of a predetermined work process in association with the workflow ID, and the work order information in the order of the work process of the workflow unit. And a workflow management unit 660 that transmits to the user device 8 and a signature generation unit 623 that generates first signed trail information by adding a server signature to the workflow unit in which the history information is written. . In addition, when the user device 8 receives the work instruction information from the face-to-face control server device 6, the user device 8 includes a history information management unit 840 for transmitting user history information for the work instruction information. When work instruction information is received from the face-to-face control server device 6, a history information management unit 840 is provided for transmitting provider history information for the work instruction information. Therefore, according to the face-to-face business system according to the present embodiment, the face-to-face business can be executed according to the procedure prescribed by the provider and the user, and the history information of the process associated with the execution can be saved.

  Furthermore, in the face-to-face business system according to the present embodiment, when the face-to-face control server device 6 writes history information in all work processes defined in the workflow unit, the server signature is added to the workflow unit and the first Since the signed trail information is generated, the first signed trail information can be automatically generated when all work steps of the workflow are completed. However, it is also possible for the provider or user to end the workflow before completing all work steps of the workflow. In this case, the server signature is added to the history information up to the completed work process, and the first trail information is generated.

  Further, according to the face-to-face business system according to the present embodiment, the workflow management unit 660 of the face-to-face control server device 6 completes the status information indicating the work process of the user device 8 and the provider device 7 and the process of the work process. Since the date and time recorded in the workflow unit are written in the workflow unit, it is possible to save a record showing how and when the workflow has been processed without any alteration.

  In the face-to-face business system according to the present embodiment, the trail information with the first signature to the trail information with the fourth signature are generated. However, depending on the use of the evidence, it is not always necessary to add the signature four times. For example, (a) when the evidence capability is considered to be sufficient in general system operation, the generation of the trail information with the fourth signature can be omitted. (B) In applications where the user does not need to present evidence, the generation of the trail information with the second signature can be omitted. (C) When the provider device 7 and the face-to-face control server device 6 are operated by the same entity, the generation of the trail information with the third signature can be omitted. However, in the cases (b) and (c), even if the provider device 7 and the user device 8 do not add a signature, it is necessary to verify the server signature in each device.

  In the present embodiment, the face-to-face control server device 6 transmits the first signed trail information to both the provider device 7 and the user device 8, and the user device 8 provides the second signed trail information. To the user device 7. Therefore, the provider device 7 receives the “history information portion” of the trail information from both the facing control server device 6 and the user device 8. In this regard, the amount of communication may be reduced as follows.

(A) When history information is received only from the face-to-face control server device 6 In this case, the provider device 8 receives the “second signature information” from the user device 7 by proximity communication. Further, the provider device 8 receives the trail information with the first signature (= history information + server signature) from the face-to-face control server device 6. Therefore, the signature verification unit 703 compares the server signature obtained by decrypting the second signature information with the user public key and the server signature added to the trail information with the first signature, thereby obtaining the second signature. Validity of information can be verified.

  When the validity of the second signature information is verified, the signature generation unit 704 compares the provider history information included in the trail information with the first signature with the provider history information stored in the history information management unit 740. . When the comparison results match, the signature generation unit 704 generates the third signature information by encrypting the second signature information with the provider private key. Then, the signature generation unit 704 generates the third signature-added trail information from the third signature information and the history information included in the first signature-added trail information.

(B) When history information is received only from the user device 8 In this case, the provider device 7 does not request the face-to-face control server device 6 to transmit trail information. Instead, the provider device 7 receives the trail information with the second signature (= history information + server signature + user signature) from the user device 8. Thereafter, the signature verification unit 703 verifies the validity of the server signature and the user signature added to the second signature-added trail information. Then, the signature generation unit 704 compares the provider history information included in the second signature-added trail information with the provider history information stored in the history information management unit. When the comparison results match, the signature generation unit 704 adds the provider signature with the provider private key to the second signed trail information to generate third signed trail information.

  Furthermore, the face-to-face business system according to the present embodiment has the following effects.

(1) Since an instruction according to a predetermined work is given from the face-to-face control server device 6, it is possible to prevent work leakage and inappropriate work, and to comply with laws and regulations.

(2) Since proximity communication is performed between the user device 8 and the provider device 7, it is possible to obtain status evidence that the user and the provider are facing each other.

(3) By confirming that the user and the provider face each other at the start and end of the workflow, it is possible to obtain status evidence that the face-to-face work has been performed.

(4) Since the trail information is verified by all of the face-to-face control server device 6, the provider device 7, and the user device 8, the service provider and the provider may insist that the law is observed. it can. In addition, since the situation evidence is stored at hand for the user, it can be used as a basis for claiming damages. Further, even if the service provider disappears due to bankruptcy or the like, the trail information can be stored.

(5) The provider / user can confirm that the history information is appropriate based on the work history automatically left in each terminal.

(6) Compared with a method of recording work contents on a medium such as paper one by one, a work record of a workflow can be easily left.

(7) Since the user device 8 directly accesses the face-to-face control server device 6, it is not necessary to notify the provider of personal information of the user.

(8) By using the provider device 7, the user device 8, and the portable terminal, evidence can be left anywhere as long as it can communicate with the face-to-face control server device 6.

(Application examples)
The face-to-face business system according to the third embodiment of the present invention is applicable to, for example, insurance contract work, audit work, home delivery receipt work, coverage at the incident site, electronic warranty card for customers who have purchased products at storefront / cash payment, etc. Application is possible.

  Further, the face-to-face business system according to the present embodiment may include a voice / moving image as the trail information. Specifically, the contents of the user and the provider who are in the middle of business are always recorded on the portable terminal, and information including voice data is stored as trail information.

  Further, the face-to-face business system according to the present embodiment may confirm only the contents of the work performed by each of the provider and the user. Specifically, each work is recorded in each portable terminal of the provider / user, and the contents of the trail information sent from the face-to-face control server device 6 and the history information remaining in the portable terminal are recorded. Compare.

  In addition, when the workflow is interrupted, the face-to-face business system according to the present embodiment can also save the record halfway. Thus, for example, when the insurance contract is made, the processing is advanced to some extent, but it is possible to cope with the case where the contract is canceled halfway. In addition, when it is desired to discard the personal information input for the contract, it is possible to delete (not leave) the record that has been advanced halfway. When leaving an interrupted history, the server information, the user signature, and the provider signature are attached to the history information up to the time of the suspension as evidence.

  In the face-to-face business system according to the present embodiment, a plurality of user devices 8 may be provided. In this case, a plurality of user signatures are added in order.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, you may combine a component suitably in different embodiment.

  Note that the method described in the above embodiment includes a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk (MO) as programs that can be executed by a computer. ), And can be distributed in a storage medium such as a semiconductor memory.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Further, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in the above embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  The computer according to the present invention executes each process in the above-described embodiment based on a program stored in a storage medium, and is a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.

  In addition, the computer in the present invention is not limited to a personal computer, but includes a processing unit, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .

The block diagram which shows the structural example of the facing business system according to the 1st Embodiment of this invention. The block diagram which shows the structural example of the facing control server apparatus of the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the memory content of the provider information storage part of the facing control server apparatus of the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the memory content of the session information storage part of the facing control server apparatus of the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the certificate memorize | stored in the certificate memory | storage part of the facing control server apparatus of the facing business system according to the 1st Embodiment of this invention. The block diagram which shows the structural example of the provider apparatus of the facing business system according to the 1st Embodiment of this invention. The block diagram which shows the structural example of the user apparatus of the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the general view of the provider identification medium of the face-to-face business system according to the first embodiment of the present invention. The figure which shows an example of the content of the two-dimensional code of the provider identification medium of the face-to-face business system according to the first embodiment of the present invention. The flowchart which shows an example of the authentication process between the facing control server apparatus and provider apparatus of the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the input screen of the identification authentication information in the provider apparatus of the facing business system according to the 1st Embodiment of this invention. The flowchart which shows an example of the communication process of the user invitation information by the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the display screen of the user invitation information in the provider apparatus of the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the display screen of the user invitation information in the user apparatus of the facing business system according to the 1st Embodiment of this invention. The flowchart which shows an example of the authentication process between the facing control server apparatus and user apparatus of the facing business system according to the 1st Embodiment of this invention. The flowchart which shows an example of the communication process of the provider identification information by the facing business system according to the 1st Embodiment of this invention. The figure which shows an example of the display screen of the provider identification information in the user apparatus of the facing business system according to the 1st Embodiment of this invention. The block diagram which shows the structural example of the provider apparatus of the facing business system according to the 2nd Embodiment of this invention. The figure which shows an example of the memory content of the memory | storage part of the server apparatus of the facing business system according to the 2nd Embodiment of this invention. The flowchart which shows an example between the various apparatuses of the facing business system according to the 2nd Embodiment of this invention. The flowchart which shows an example of the authentication process between the facing control server apparatus and provider apparatus of the facing business system according to the 2nd Embodiment of this invention. It is a schematic diagram which shows the structure of the facing business system which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the facing control server apparatus 6 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the memory part 621 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the workflow information storage part 669 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the session information storage part 692 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of "1st signature attached trail information" concerning the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the "4th signature information with a signature" concerning the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the provider apparatus 7 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows an example of the screen of the display part 721 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows the structure of the user apparatus 8 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows an example of the screen of the display part 821 which concerns on the 3rd Embodiment of this invention. It is a sequence diagram for demonstrating operation | movement when a workflow is performed in the facing business system which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows an example of the screen of the display part 721 which concerns on the 3rd Embodiment of this invention. It is a sequence diagram for demonstrating operation | movement at the time of memorize | storing trail information in the facing business system which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows an example of the screen of the display part 821 which concerns on the 3rd Embodiment of this invention. It is a schematic diagram which shows an example of the screen of the display part 721 which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Meeting control server apparatus, 2, 2b ... Provider apparatus, 3 ... User apparatus, 4 ... Provider identification apparatus, 4a ... Two-dimensional code, 5 ... CA, 10a, 10b ... Communication network, 20, 30 ... Short-distance communication path 101, 201, 301 ... communication unit, 102, 207, 304 ... program storage unit, 110 ... provider authentication control unit, 111 ... provider authentication unit, 112 ... provider information storage unit, 120 ... proof 121, 230, 320 ... certificate storage unit, 122, 206, 211, 331, 361 ... key storage unit, 123, 330 ... signature unit, 130 ... user authentication control unit, 140 ... provider information providing unit, DESCRIPTION OF SYMBOLS 150 ... User authentication part, 170 ... Encryption communication management part, 175, 250, 382 ... Time management part, 180 ... Nonce management part, 181 ... Nonce generation part, 190 ... Session management part, 192 ... Session information Storage unit, 195 ... History management unit, 196 ... History storage unit, 202, 350 ... Authentication control unit, 203, 310 ... Connection destination authentication unit, 204, 204b ... Provider certification unit, 205 ... Certification unit, 210, 360 ... Encryption communication unit, 220 ... user invitation unit, 221, 303 ... display unit, 240, 380 ... history recording unit, 302 ... invitation reception unit, 351 ... user certification unit, 370 ... provider identification information verification unit.

  6 ... face-to-face control server device, 7 ... provider device, 8 ... user device, 601 ... communication unit, 610 ... signature control unit, 620 ... signature verification unit, 621 .. Memory unit, 622... Key storage unit, 623... Signature generation unit, 660... Workflow management unit, 661... Workflow setting unit, 662. Cryptographic communication management unit, 675 ... time management unit, 680 ... nonce management unit, 681 ... nonce generation unit, 690 ... session management unit, 692 ... session information storage unit, 695 ... History management unit, 696 ... trail information storage unit, 701 ... communication unit, 702 ... signature control unit, 703 ... signature verification unit, 704 ... signature generation unit, 705 ... memory unit 706 ... Key storage unit 710 ..Encryption communication unit, 711... Memory unit, 720... Proximity communication unit, 721... Display unit, 740... History information management unit, 750. 802... Signature control unit 803... Signature verification unit 804... Signature generation unit 805... Memory unit 806... Key storage unit 810. ... Memory section, 820 ... Proximity communication section, 821 ... Display section, 840 ... History information management section, 850 ... Time management section.

Claims (7)

A face-to-face business system comprising a face-to-face control server device, a provider device, and a user device,
The face-to-face control server device
Means for storing the server private key;
Means for storing history information including user history information and provider history information;
Trail information storage means for storing first signature-added trail information in which a server signature is added to the history information by the server secret key in association with a workflow ID and a provider ID;
When a trail information transmission request is received together with a workflow ID from the provider device or the user device, the first signature-added trail information corresponding to the workflow ID is read from the trail information storage means and the request source of the transmission request Means for sending to
When the third signature-added trail information including the signature information encrypted with the user private key and the provider private key is received from the provider device together with the provider ID, the signature information is used with the provider public key. Signature verification means for verifying with the public key of the user,
Means for generating a fourth signed trail information by adding a server signature by the server private key to the third signed trail information when the validity of each signature is verified by the signature verification means;
Means for writing the fourth signed trail information in the trail information storage means,
The user device is
Means for storing the user private key;
User history information storage means for storing user history information;
Means for transmitting a transmission request for the trail information together with the workflow ID to the face-to-face control server device;
Means for verifying the validity of the server signature added to the trail information with the first signature using the server public key when the trail information with the first signature is received in response to the transmission request for the trail information;
Means for comparing the user history information contained in the first signed trail information with the user history information stored in the user history information storage means when the validity of the server signature is verified;
Means for generating a second signature information by encrypting a server signature added to the first signature-added trail information with the user private key if the comparison result matches;
Means for transmitting the second signature information to the provider device by proximity communication,
The provider device includes:
Means for storing the provider private key;
Provider history information storage means for storing provider history information;
Means for transmitting a transmission request for the trail information together with the workflow ID to the face-to-face control server device;
First verification means for verifying the validity of the server signature added to the first signature-added trail information using a server public key when the first signature-added trail information is received in response to the trail information transmission request;
A second verification unit that verifies the validity of the second signature information with a user public key when the second signature information is received from the user device by proximity communication;
When the validity of each signature is verified by the first verification unit and the second verification unit, the provider history information included in the trail information with the first signature and the provision stored in the provider history information storage unit Means for comparing the person history information,
When the comparison result matches, the second signature information is encrypted with the provider private key to generate third signature information, and history information included in the third signature information and the first signature-added trail information Generating the third signed trail information from:
A face-to-face business system comprising means for transmitting the third-signature-added trail information together with a provider ID to the face-to-face control server. A face-to-face business system comprising a face-to-face control server device, a provider device, and a user device,
The face-to-face control server device
Means for storing the server private key;
Means for storing history information including user history information and provider history information;
Trail information storage means for storing first signature-added trail information in which a server signature is added to the history information by the server secret key in association with a workflow ID and a provider ID;
Means for reading the trail information with the first signature corresponding to the workflow ID from the trail information storage means and transmitting the trail information to the user device when a trail information transmission request is received together with the workflow ID from the user device;
When the third signature-added trail information including the signature information encrypted with the user private key and the provider private key is received from the provider device together with the provider ID, the signature information is used with the provider public key. Signature verification means for verifying with the public key of the user,
Means for generating a fourth signed trail information by adding a server signature by the server private key to the third signed trail information when the validity of each signature is verified by the signature verification means;
Means for writing the fourth signed trail information in the trail information storage means,
The user device is
Means for storing the user private key;
User history information storage means for storing user history information;
Means for transmitting a transmission request for the trail information together with the workflow ID to the face-to-face control server device;
Means for verifying the validity of the server signature added to the trail information with the first signature using the server public key when the trail information with the first signature is received in response to the transmission request for the trail information;
Means for comparing the user history information contained in the first signed trail information with the user history information stored in the user history information storage means when the validity of the server signature is verified;
Means for generating a second signed trail information by adding a user signature by the user private key to the first signed trail information if the comparison results match;
Means for transmitting the second signed trail information to the provider device by proximity communication,
The provider device includes:
Means for storing the provider private key;
Provider history information storage means for storing provider history information;
When the trail information with the second signature is received from the user device by proximity communication, the validity of the user signature and the server signature added to the trail information with the second signature is determined as the user public key and the server public key. Means for verifying each by and
When the validity of the user signature and the server signature is verified, the provider history information included in the trail information with the second signature and the provider history information stored in the provider history information storage means Means for comparing;
Means for generating the third signed trail information by adding a provider signature by the provider private key to the second signed trail information if the comparison result is matched;
A face-to-face business system comprising means for transmitting the third-signature-added trail information together with a provider ID to the face-to-face control server. The face-to-face business system according to claim 1 or 2,
The face-to-face control server device
Session information storage means for storing session information including a provider ID and a user ID;
The workflow unit for recording the provider history information indicating the processing contents of the provider device and the user history information indicating the processing contents of the user device so as to be writable in a predetermined work process order in the workflow ID. Workflow information storage means for storing in association;
When the provider ID and the workflow ID are received together with the workflow start request from the provider device, the workflow unit corresponding to the workflow ID is read from the workflow information storage unit, and the user corresponding to the provider ID Workflow setting means for reading out an ID from the session information storage means, and setting a provider device and a user device to be recorded in the workflow unit based on the provider ID and the user ID;
Means for transmitting work instruction information to the provider device and the user device in the order of work steps of the workflow unit when the provider device and the user device are set in the workflow unit by the workflow setting means;
In response to the work instruction information, when receiving the provider history information or the user history information from the provider device or the user device, writing means for writing the history information to the workflow unit;
Trail information generating means for generating the trail information with the first signature by adding a server signature with the server private key to the workflow unit in which the history information is written,
The user device is
When receiving the work instruction information from the face-to-face control server device, comprising means for transmitting user history information for the work instruction information,
The provider device includes:
Means for transmitting the provider ID and the workflow ID together with a workflow start request to the face-to-face control server device;
When the work instruction information is received from the face-to-face control server device, a face-to-face business system comprising means for transmitting provider history information for the work instruction information. The face-to-face business system according to claim 3,
The trail information generating means of the face-to-face control server device includes:
When history information is written in all of the work steps defined in the workflow unit by the writing means, the server signature by the server secret key is added to the workflow unit, whereby the trail information with the first signature is added. A face-to-face business system characterized by generating. The face-to-face business system according to claim 3 or claim 4,
Writing means of the face-to-face control server device,
A face-to-face business system, wherein status information indicating a work process of the user device and the provider device and a date and time when processing of the work process is completed are written in the workflow unit. A user device that generates a second signed trail information by adding a user signature to the first signed trail information, and the second signed trail information is received from the user device by proximity communication, and the second A face-to-face control server device that communicates with both the provider device that adds the provider signature to the signed trail information to generate the third signed trail information,
Means for storing the server private key;
Means for storing history information including user history information and provider history information;
Trail information storage means for storing first signature-added trail information in which a server signature is added to the history information by the server secret key in association with a workflow ID and a provider ID;
When a trail information transmission request is received together with a workflow ID from the provider device or the user device, the first signature-added trail information corresponding to the workflow ID is read from the trail information storage means and the request source of the transmission request Means for sending to
When the third signature-added trail information to which the user signature and the provider signature are added is received together with the provider ID from the provider device, the provider signature and the user signature are used as the provider public key and the use Signature verification means for verifying with the public key of the user,
Means for generating a fourth signed trail information by adding a server signature by the server private key to the third signed trail information when the validity of each signature is verified by the signature verification means;
A face-to-face control server apparatus comprising: means for writing the trail information with the fourth signature in the trail information storage means. A user device that generates a second signed trail information by adding a user signature to the first signed trail information, and the second signed trail information is received from the user device by proximity communication, and the second A computer that is a face-to-face control server device that communicates with both the provider device that adds the provider signature to the signed trail information to generate the third signed trail information,
A function to store the server private key;
A function for storing history information including user history information and provider history information;
A trail information storage function for storing trail information with a first signature in which a server signature is added to the history information by the server secret key in association with a workflow ID and a provider ID;
When a trail information transmission request is received together with a workflow ID from the provider device or the user device, the first signature-added trail information corresponding to the workflow ID is read from the trail information storage means and the request source of the transmission request With the ability to send to
When the third signature-added trail information to which the user signature and the provider signature are added is received together with the provider ID from the provider device, the provider signature and the user signature are used as the provider public key and the use Signature verification function that verifies with the public key
A function of generating a fourth signed trail information by adding a server signature by the server private key to the third signed trail information when the validity of each signature is verified by the signature verification function;
A program for realizing the function of writing the trail information with the fourth signature in the trail information storage means.

Images