KR101578550B1 - An electronic certificate management system for issuing and viewing using the exclusive viewer - Google Patents

Abstract

The present invention relates to an electronic certificate issuing and viewing system based on an exclusive viewer which generates a certificate original as a file of a public commercial view, includes and encrypts forgery and corruption prevention data and submitting place restriction information in the certificate′s original file, and can enable a viewer to view the certificate. The system comprises: an issue application processing unit which receives an application for issuing a certification from an applicant terminal; a certification content generating unit which generates an applied certificate content; a submitting place information generating unit which generates information for restricting a submitting place where to submit a certificate; a forgery and corruption prevention generating unit generates forgery and corruption prevention data for the certificate content and the submitting place restriction information; an original file generating unit which generates a certificate′s original file of the certificate content, the submitting place restriction information, the forgery and corruption prevention data in a file format of a public commercial viewer; an encryption unit which encrypts the certificate′s original file; and an exclusive view providing unit which provides an exclusive view which can enable a user to view the encrypted certificate′s original file. According to the system described above, the forgery and corruption prevention data and the submitting place restriction information are included in the certificate′s original file and are encrypted, and the certificate′s original file is restrictively displayed only by the exclusive viewer, thereby blocking illegal use even when the certificate film is transmitted.

Description

[0001] An electronic certificate management system for issuing and viewing using the exclusive viewer [

The present invention provides a private viewer capable of generating a certificate original as a file of a public view viewer and encrypting and generating forgery-prevention data and limit information on the destination of the certificate in the certificate original file, and viewing or outputting the certificate original file To a private viewer based electronic certificate generation and management system.

More particularly, the present invention relates to a private viewer-based electronic certificate generation and browsing system that, when outputting the certificate original file from a dedicated viewer, displays a copy of the certificate on the certificate or displays a watermark on the certificate.

Due to the recent developments of the Internet and computers, information such as various documents and data are digitized by a computer, and as the Internet, e-mail, and digital storage media are developed, various procedures, such as various document issuance procedures and processing, And more quickly and easily. In particular, it is becoming frequent to submit certificates such as administrative institution or school facilities to prove their identity. Since certificates are frequently used, certificates can be issued and submitted by digital means.

However, the digital document of such a certificate can provide high convenience to the user because it is easy to edit, store, and copy. On the other hand, digital documents can easily be copied without loss of information, which can easily be exposed to illegal activities such as unauthorized copying, illegal use, and illegal use. Therefore, a security system is required to protect digital documents from unlawful acts in order to ensure safe and reliable use of digital documents. In particular, it is even more so in the case of a certificate proving a person's identity. To this end, techniques for preventing forgery and falsification through watermarks or forgery verification codes have been proposed [Patent Literatures 1 and 2]

On the other hand, the conventional certificate issuing device allows a certificate to be issued from a user's device when a recipient pays a predetermined fee and performs a simple security-related authentication. However, as described above, in order to prevent unauthorized use of a certificate to be issued, the online issuance mode is very limited.

As an example, a user who receives a certificate can not output the certificate to a separate file in order to submit the received certificate to the recipient, and restricts the output of the certificate through a printer or the like. Therefore, there was a problem that the user had to print out the certificate and send it to the recipient or submit it by mail in order to submit the certificate issued to the recipient.

In addition, a technique of issuing a certificate from the issuing server and transmitting the certificate to the receiving party is also proposed (Patent Documents 3 and 4). However, in this case, there is a problem that the personalization server and the server of the recipient organization must be built in cooperation with each other, and the case can not be applied.

Accordingly, while establishing the security-related process, the user can conveniently view and output the certificate by the process of issuing and managing the certificate conveniently, and can provide the certificate to the certificate receiving agency There is a need for a technology that can be conveniently submitted using wired or wireless communication.

[Patent Document 1] Korean Published Patent Application No. 2009-0054275 (published on May 29, 2009) [Patent Document 2] Korean Published Patent Application No. 2014-0059975 (published on May 19, 2014) [Patent Document 3] Korean Published Patent Application No. 2005-0075736 (published on Jun. 6, 2005) [Patent Document 4] Korean Published Patent Application No. 2013-0040461 (published on April 24, 2014)

An object of the present invention is to solve the above-mentioned problems, and it is an object of the present invention to provide a digital signature generating apparatus, And provides a private viewer capable of viewing the certificate original file by encrypting and generating the certificate original file.

It is also an object of the present invention to provide a file structure of a public commercial viewer that stores contents of a certificate original and a time stamp in a display data area and includes forgery preventing data, And to display the contents of the attached data area through a dedicated viewer.

It is also an object of the present invention to provide a private viewer-based electronic certificate generation and viewing system that allows a user to display a copy of the certificate on the certificate or output a watermark when outputting the certificate original file from a private viewer .

In order to achieve the above object, the present invention provides a private viewer-based electronic certificate generation and browsing system connected to an applicant terminal through a network and receiving a certificate issuance request of the applicant terminal and transmitting an issued certificate original file, An issuance application processing unit for receiving an application for issuing a certificate from the issuance application processing unit; A proof content creating unit for creating the content of the requested certificate; A forgery preventing section for generating forgery prevention data on the contents of the certificate; An original file generation unit for generating a certificate original file in a file format of a public viewing commercial viewer for the contents of the certificate and forgery preventing data; An encryption unit encrypting the certificate original file; And a dedicated viewer providing unit for providing a dedicated viewer for viewing the encrypted certificate original file.

According to another aspect of the present invention, there is provided a private viewer-based electronic certificate generation and viewing system, wherein the original file generation unit records the contents of the certificate in a display data area in which data is displayed on the viewer in the file format, Characterized in that the forgery prevention data is recorded in an attachment data area which is not displayed on the recording medium.

Further, the present invention provides a private viewer-based electronic certificate generation and viewing system, wherein the system further includes a presentation-destination information creation unit that creates information that limits a presentation destination to which a certificate is to be submitted, .

In addition, the present invention is characterized in that, in the dedicated viewer-based electronic certificate generation and browsing system, a timestamp is included in the contents of the certificate.

Further, the present invention provides a private viewer-based electronic certificate generation and viewing system, wherein the private viewer decrypts the certificate original file and extracts the display data recorded in the display data area and the attached data recorded in the attached data area ; A forgery preventing code generating unit for generating a forgery preventing code from the forgery preventing data included in the attached data; A present location mark generating unit for generating a present location watermark from the present location limitation information; A time stamp generator for generating a time stamp from the time stamp data included in the attached data; An output document generation unit for generating a certificate display file by adding together the contents of the certificate of the display data, the forgery preventing code, the watermark of the present location, and the time stamp; And a commercial viewer module for displaying the certificate display file on a viewer or outputting the certificate display file to a printer.

The system further includes a document data generation unit for generating document data in which all or a part of the contents of the certificate are recorded by data, Wherein the exclusive viewer provides a function of exporting the document data to one of a word processor file, a spreadsheet file, a text file, and a DB file, or is automatically registered in the computer system of the destination And a document data processing unit for providing a function that can be used for the document data.

Further, the present invention is characterized in that in the private viewer-based electronic certificate creation / viewing system, the forgery prevention code is converted from the forgery-inhibiting data into a two-dimensional code form and is generated.

Further, the present invention is a private viewer-based electronic certificate generation and viewing system, wherein the certificate original file can be browsed by a commercial viewer without encrypting it, and the content recorded in the display data area of the certificate original file by the commercial viewer Are displayed on the screen, and a guideline indicating that use of the certificate is restricted is displayed.

Further, the present invention is characterized in that in the private viewer-based electronic certificate generation and browsing system, the forgery prevention code, the presentation watermark, and the time stamp are respectively generated in the file format of the commercial viewer.

Further, the present invention provides a private viewer-based electronic certificate generation and browsing system, wherein the output document generation unit inserts a phrase or a watermark indicating a copy in the certificate display file when outputting the certificate display file to a printer or outputting it as an image .

Further, in the present invention, in the private viewer-based electronic certificate generation and viewing system, the present invention is characterized in that, when the input destination is not in the list of the destination, the name of the destination is directly inputted. , The bribery word is characterized by including at least one of a general noun including a university, a school, a company, an institution, an admission office, or a non-discriminatory phrase capable of identifying a specific company including the name or symbol of the issuer .

According to another aspect of the present invention, there is provided a system for creating and displaying a digital certificate based on a private viewer, wherein the submitter information creating unit includes a name of a submitter and data for identifying a submitter when the submitter is not in the submitter, The data for identifying the submit destination includes at least one of an address, a telephone number, and a web site address.

As described above, according to the private viewer-based electronic certificate generation and viewing system according to the present invention, by including forgery-prevention data or restriction information on the presentation destination in the certificate original file and limiting it to be displayed only by the exclusive viewer, even if the certificate file is leaked, It is possible to prevent the use of phosphorus.

In addition, according to the private viewer-based electronic certificate generation and viewing system according to the present invention, the trusted source can be prevented from being illegally used by inserting the limitation information on the certificate in the certificate original file and inserting the watermark for the certificate in the private viewer And it is possible to prevent the abuse of the certificate even if the certificate is issued as a file.

In addition, according to the private viewer-based electronic certificate generation and viewing system according to the present invention, a certificate original file is output as a copy or is generated as an image, thereby making it inconvenient to receive a conventional paper certificate and scan it, Is improved.

By including limit information in the certificate source file and inserting a watermark thereon in a private viewer, it is possible to record a trusted submittion that can prevent illegal use and to prevent abuse of the certificate even if the certificate is issued to a file The effect can be obtained.

1 is a block diagram of a configuration of an overall system for implementing the present invention;
2 is a block diagram of a configuration of a private viewer-based electronic certificate generation and viewing system according to an embodiment of the present invention;
3 is a configuration diagram of a certificate original file according to an embodiment of the present invention;
4 is an exemplary view of a certificate contents file according to an embodiment of the present invention;
5 is a structural view of a file format of a public commercial viewer according to an embodiment of the present invention;
6 is a block diagram of a configuration of a private viewer according to an embodiment of the present invention;
7 is a view showing an example of a certificate display file according to an embodiment of the present invention;

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the drawings.

In the description of the present invention, the same parts are denoted by the same reference numerals, and repetitive description thereof will be omitted.

First, an example of the overall system configuration for implementing the present invention will be described with reference to FIG.

1, the overall system for implementing the present invention includes an applicant terminal 11, a visitor terminal 12, a private viewer 50 installed in the visitor terminal 12, and an issuer server 12 30). The applicant terminal 11 and the issuing server 30 are connected to each other via the network 20 such as the Internet, and can perform data communication. In addition, the issuing server 30 may additionally comprise a database 40 for storing data.

First, the applicant terminal 11 is a conventional computing terminal such as a PC, a notebook, a netbook, a PDA, a smart phone, a tablet PC, and a mobile, which the applicant of the issuance document uses. The applicant accesses the issuance server 30 through the applicant terminal 11 and processes the job related to issuance of a document or issuance of a certificate. The input data for processing is input through the input device of the applicant terminal 11 and the processing result is output through an output device such as a screen of the applicant terminal 11 or is stored in the storage medium of the applicant terminal 11 . Hereinafter, the description of the job performed by the applicant means that the job is performed through the applicant terminal 11. [

In addition, the applicant terminal 11 receives and stores the certificate original file issued from the issuing server 30. The stored original file may be transferred or moved to the viewer terminal 12 via the network 20 or a removable storage medium. That is, the applicant terminal 11 accesses the issuing server 30, inputs data for issuing a certificate, and requests issuance of a certificate. The applicant terminal 11 can download the certificate original file from the issuing server 30 and store the certificate original file in its own storage medium such as a hard disk, an SSD disk, a removable disk, or the like.

The certificate source file can not be encrypted and decrypted without an encryption key. Also, the certificate original file is a document file that can not be edited or can indicate that the file has been falsified through time stamping and electronic signature at the time of editing, and is a file including the content of the certificate original. Preferably, the certificate original file is recorded and stored in the form of a public commercial viewer such as Adobe's PDF file. The certificate original file is a file that can be opened by the private viewer 50. In the following, the certificate (or the certificate original) is mixed with the issuing document.

In addition, the certificate can be viewed as an Adobe PDF file and a public commercial PDF reader or viewer without encrypting the original file. In other words, the certificate file can be viewed as a commercial viewer or reader, not as a dedicated viewer. At this time, it is impossible to check the digital signature value and the genuine copy of the timestamp in the certificate file read by the commercial viewer, and the forgery preventing apparatus, the two-dimensional bar code, and the like are not displayed.

However, preferably, a guideline indicating that use is restricted is displayed in the certificate document read by the commercial viewer. More preferably, a guiding text is displayed at a position where the two-dimensional bar code is displayed. The guideline may include an electronic certificate issuing certificate, a statement that the certificate can not be used for output, and a confirmation of authenticity of the electronic certificate server. For example, a certificate issued by an electronic certificate, which can not be used for printing purposes. Please refer to www.certpia.com for the authenticity of the electronic certificate. On the other hand, a dedicated viewer displays only digital signatures and timestamps for authenticity, and a forgery-proof device such as a two-dimensional barcode.

Next, the viewer terminal 12 is a general computing terminal such as a PC, a notebook, a netbook, a PDA, a smart phone, a tablet PC, and a mobile, which the reader uses. The reader browses the certificate original file of the applicant via the visitor terminal 12. The input data for the browsing process is input through the input device of the viewer terminal 12, and the processing result is output through an output device such as a screen of the viewer terminal 12, a printer, or a data file such as an image file . Hereinafter, the description by the reader to perform a certain job means that the job is performed through the visitor terminal 12.

The reader is a user who wants to view the original file of the certificate issued by the applicant, and refers to the person in charge of the reception place of the issued document. For example, an applicant who wants to work in Samsung Electronics may issue and store a certificate original document of the graduation certificate, and then transmit the certificate original file to a person in charge of the Samsung Electronics HR team online or through a portable storage medium. At this time, the person in charge of the Samsung Human Resources Team is the person who reads the original file of the applicant's certificate.

The viewer terminal 12 is provided with a private viewer 50 capable of viewing the certificate original file, and the reader can browse the certificate original file through the private viewer 50. [

Next, the exclusive viewer 50 is a program system installed and executed in the visitor terminal 12, which is a system for displaying the certificate original file on the screen or outputting it to the printer. The reader opens the received or transmitted certificate original file using the viewer terminal 12 and the dedicated viewer 50 installed therein and outputs the contents of the certificate original file to the screen of the viewer terminal 12 or to the printer do.

In particular, the private viewer 50 displays the content of the certificate included in the certificate original file and the contents and information about the forgery prevention data, the restriction information of the destination, the time stamp, and the digital signature of the issuer. Also, the private viewer 50 decrypts the certificate original file if the certificate original file is encrypted.

In addition, the private viewer 50 basically includes a public commercial viewer module (for example, a PDF viewer) to open and read a general public viewer viewer document file.

Next, the issuing server 30 is a server for issuing a certificate, which includes a server of a personalization agent or a server for relaying or proxying the server of the personalization agent. The issuing organization is an agency that issues documents (or certificates) such as government offices, schools, and general businesses. For example, a document (or a certificate) to be issued may include a variety of documents, such as a certificate of employment, a certificate of employment, and other documents such as a certificate of enrollment, a graduation certificate, and a degree certificate Can all be objects.

The issuing server 30 may have information for issuing a document such as a certificate as described above, or may be connected to a server of the issuing institution to fetch information for issuing a document. Then, the issuance server 30 generates a certificate as a file by the issuance applicant and sends it to the issuer (or issuer) or the applicant terminal 11.

On the other hand, the issuing server 30 may provide a web service for issuing to an online image such as the Internet, or may provide an application service that can be used in a dedicated application for mobile (or application, app) installed in a smart phone or the like. Alternatively, the issuing server 30 may provide a service for issuing an online issuance such as a dedicated line to an issuance-only terminal operated by an issuer responsible for the document issuance window, and an unattended issuing terminal such as a kiosk. In this case, it is also possible to transfer the certificate original file so that it can be stored on a removable disk such as a USB disk.

Next, the database 40 includes a document information DB 41 for storing information for issuing a document such as a certificate, an original file DB 42 for storing information about the issued certificate original file, And a presentation destination DB 43 for storing information about the presentation destination, etc. However, the configuration of the database 40 is only a preferred embodiment. In the development of a specific device, the database 40 may have a different structure in consideration of ease of access and retrieval, efficiency, and the like.

Next, a dedicated viewer-based electronic certificate generation and reading system according to an embodiment of the present invention will be described in more detail with reference to FIG.

The electronic certificate generation and browsing system 30 can be implemented in the issuing server 30 described above. Hereinafter, the electronic certificate generation / browsing system 30 and the issuing server 30 are used in combination, and the same reference numerals are used as 30. Also, the electronic certificate generation / browsing system 30 is also described simply in the system 30 for convenience of explanation.

2, the private viewer-based electronic certificate generation / browsing system 30 according to the present invention includes an issuance application processing unit 31 for processing a certificate issuance request, a proof-of-contents creating unit 32 for creating the contents of a certificate, An original file generating unit 33 for generating a certificate original file, a forgery preventing unit 34 for generating a code for preventing forgery and falsification of the certificate file, and for inserting the code into the certificate file, an encrypting unit 34 for encrypting the certificate original file, And a dedicated viewer providing unit 38 for downloading and providing a dedicated viewer for viewing the certificate original file. Further, it is possible to additionally include a submission-destination-information creating section 35 for receiving the submission destination and generating the submission destination information, or a document data generating section 36 for generating document data by converting part or all of the contents of the certificate into data have.

First, the issuance application processing unit 31 processes an application for issuing a document such as a certificate from the applicant terminal 11. In particular, various data for certificate issuance are input. For example, personal information such as the name of the issuer, the type of certificate to be applied, and the items required for the certificate are input. If necessary, authentication of the applicant for issuance is performed through an ID and a password, an official certificate, and the like.

In addition, the issuance application processing unit 31 receives the presentation destination to which the certificate is to be submitted through the presentation information creation unit 35. In addition, the issuance application processing unit 31 can receive the input of the use of the certificate. Usage purpose can be divided into employment submission, certification issuance, identification, and other document submission. Preferably, the list of the use purpose is set in advance and is selected from the list by the applicant or the applicant terminal 11. [

On the other hand, the issuance application processor 31 transmits the certificate original file generated by the issuance request to the applicant terminal 11 in the form of a file.

Next, the proof-content creating unit 32 forms the contents of the certificate requested by the applicant. That is, referring to the document information DB 41 in which the content of the certificate is made into a database, the content of the applied certificate of the applicant is created. Alternatively, if a issuance server (not shown) is separately provided, the issuance server is requested and receives the contents of the certificate.

Next, the original file generation unit 33 generates the contents of the certificate and the data (or security data) for other security together as one file, that is, the certificate original file.

As shown in FIG. 3, the content 100 included in the certificate original file includes the certificate content 110, the time stamp 120, forgery prevention data 130, and the destination restriction information 140. Preferably, the electronic signature 150 of the issuer is further included.

The certificate content (110) is the content to be authenticated in the actual certificate. For example, the certificate of the graduation certificate includes the contents of the ordinary certificate such as the name of the certificate, name, resident registration number, department, degree name, degree registration number, date of graduation, date of issuance,

On the other hand, the certificate content 110 is generated as a file format of a public commercial viewer (for example, a PDF file format). An example of the certificate content 110 is shown in FIG. As shown in FIG. 4, the certificate content 110 is configured in the same format as a normal certificate.

The time stamp 120 is an encrypted electronic token, which is data for confirming when a certificate is issued. In particular, preferably, the timestamp 120 is visibly displayed in the document content of the certificate and is visible to the naked eye.

The forgery inhibition data 130 is generated by generating data by, for example, signing the contents of the certificate with an electronic signature so as to prevent forgery of the contents of the certificate to be issued, thereby determining whether or not the forgery- This is data for preventing forgery and falsification.

In addition, the restriction information 140 is information for limiting the scope of the presentation, such as an organization or a company to which a certificate is to be submitted, to a specific range. The submitter restriction database 140 may also include a use of a certificate.

The digital signature 150 of the issuer is the digital signature data of the issuer.

In addition, the original file generation unit 33 generates the certificate original file in the format of a file used in the public commercial viewer. Preferably, the file format of the public commercial viewer is a PDF (Portable Document Format) file format, which is a document file format used in Adobe Reader of Adobe Systems Incorporated.

As shown in FIG. 5, the file structure 200 of the document file format of the public commercial viewer includes a display data area 210 displayed when a document is displayed in a commercial viewer, and an attachment And a data area 220.

The original file generating unit 33 inserts the certificate contents 110 and the time stamp 120 data in the display data area 210 and stores the forgery preventing data 130 and the destination restriction information 140, And the electronic signature 150 of the electronic signature 150 are inserted into the attached data area 220. Therefore, the certificate contents 110 and the time stamp 120 are displayed on the public commercial viewer, and other forgery inhibition data 130, the destination restriction information 140, the issuer's electronic signature 150, etc. are not displayed on the commercial viewer . However, the data stored in the attached data area 220 may be displayed on the viewer by the private viewer 50. [

In addition, the original file generation unit 33 may convert the certificate contents appearing in the display data area 210 into data, and insert the data certificate data into the attached data area 220. [

In addition, the original file generation unit 33 encrypts the completed certificate original file as a whole. The (encrypted) file format of the encrypted certificate original file is a file of the private viewer 50, which is given a separate extension.

On the other hand, the generated certificate original file is transmitted to the applicant terminal 11 by the issuance application processing unit 31. [

In another embodiment, the certificate original file can be browsed by an Adobe company's PDF file and a public commercial PDF reader or viewer without encrypting the certificate original file. In other words, the certificate file can be viewed as a commercial viewer or reader, not as a dedicated viewer. At this time, it is impossible to check the digital signature value and the genuine copy of the timestamp in the certificate file read by the commercial viewer, and the forgery preventing apparatus, the two-dimensional bar code, and the like are not displayed. However, preferably, a guideline indicating that use is restricted is displayed in the certificate document read by the commercial viewer.

Next, the forgery inhibition prevention preparation unit 34 generates the forgery inhibition data 130. [

The forgery inhibition data 130 includes a time stamp or an electronic signature. The time stamp records the time at which the certificate file was generated, and the digital signature is data that can be verified as authenticity of the certificate since it is signed with a certificate etc. together with the contents of the document (hashed contents).

Preferably, when the electronic signature and the time stamp are inserted by the document standard of the public commercial viewer (preferably, the PDF viewer), the original hash value and the original range value of the original file at that time are inserted into the viewer document Tag attribute value. In the original verification, the original hash value inserted in the tag attribute value of the viewer document and its range value are verified against the corresponding value (the hash value of the range) of the current file.

The timestamp is the result of communicating the hash value of the file to the certificate authority (the national designated certification body) when issuing the electronic document. That is, the time stamp is a function of returning the time information and the digital signature information of the certification authority and inserting it into a viewer document (PDF), which is a function of certifying that the file has been issued at that time (proof of existence).

Other methods of generating forgery prevention data such as time stamps or digital signatures are well-known techniques, and thus a detailed description thereof will be omitted.

Preferably, the forgery inhibition data 130 may be generated including the content of the submit destination. Therefore, it is possible to prevent forgery and falsification of the place where the certificate is submitted. That is, the forgery inhibition data is generated as hashed data by encrypting the contents of the certificate including the contents of the certificate and the destination. Therefore, it is possible to prevent forgery and alteration of the content of the certificate or the place of presentation.

Preferably, the forgery inhibition data 130 can be converted into a two-dimensional code form and inserted into the document.

Next, the submission-destination-information creating unit 35 generates information (or submission-destination limiting information) for limiting the submission destination for submitting the certificate. Preferably, the destination restriction information may further include a use purpose, an expiration date, and the like.

Data on the place of submission is pre-inputted by the manager or the like and stored in the database 40. [ The issuance application processing unit 31 can select and input a specific presentation destination to be presented from the list of the presentation places previously stored by the applicant. In other words, the place of presentation refers to the company or institution to which the certificate is to be submitted. Manage the list of submissions, allowing the applicant to select the submitting place from the list of submissions.

The data of the presentation place stored in the database 40 includes the kind and name of the presentation place. The type of submission is a category for submission, preferably including corporations, institutions, schools, and groups. However, the type of the submission site can be set variously by the administrator. The name of the submission is registered as the name of the submission.

In the issuance application processing unit 31, the name of the presentation place may be directly input by the applicant. At this time, a bicyclic word is registered in advance in the database 40, and the name of the submitted name composed only of bicyclic words is not accepted as a destination. Banned words are non-discriminatory phrases that can identify a specific business, such as a name, a symbol, or a general noun, such as a university, a school, a company, an institution, an admissions office, or an issuer. If the name of the submitted submittal is composed only in the form of banned words, it shall not be accepted as the name of the submitter.

In addition, when the submitter is not selected from the registered list of submittals, the issuance application processor 31 can input data identifying the submitter. This data will be referred to as presentation data. Preferably, the submission destination identification data includes an address, a website address, and a telephone number.

The identification data of the place of submission shall be such information as to identify the place of submission and shall have such a degree of discrimination as to confirm that the person in charge of the submission where the certificate is submitted is the document issued to the place of submission. Also, it should be possible to prevent the presentation-destination identification data from being a plurality of presentation places. Addresses, website addresses, and telephone numbers are data that can identify the destination.

The issuance application processing unit 31 confirms whether the input presentation destination identification data is information that actually exists and verifies the information. That is, the addressee confirms whether it is actually pointing to a specific location. For example, only "Seoul City" and "Seoul Gangnam-gu" are listed on the address, and it is judged whether it is incompletely written. At this time, it is possible to judge whether or not it exists by referring to the map data. In addition, the web site address can determine whether or not the web site is actually existed by checking whether the actual web site is accessed. Further, the telephone number can be judged as to whether or not the telephone number format is complete.

Preferably, the submission destination restriction information may be used together with the submission destination identification data and the submission destination name. Since the name of the submission in the registered submission list is the name for which the submission has been confirmed, the submission can be identified without the submission identification data. However, if the name of the place of submission is not in the list of submitted submission, it shall have the identifying power of the place of submission together with the place identification data. For example, if the name of the submission is "Hyundai," all agencies or companies including "Hyundai" are possible. Also, if you say "business", you are likely to submit a certificate to all companies. Therefore, in order to prevent this, if it is inputted together with the address having the discriminating power, the address of the website, the telephone number, etc., the discrimination power of the certifying file can be prevented.

The document data generating unit 36 generates data of a part or all of the contents of the document and generates document data to be output. That is, some or all of the document contents are converted into data in a file format such as a word processor (Korean, etc.), a spreadsheet (Excel, etc.), a DB file, or the like. For example, in the case of a certificate, the contents of the certificate are converted into data and included in the generation of the electronic certificate (or certificate original file). That is, the created document data is inserted into the attached data area 220 in the original document file.

Next, the encryption unit 37 encrypts the generated certificate original file.

The certificate is encrypted with a key value in a pair of a public key and a private key based on a private certificate. At this time, the encryption key is different for each device, and a private certificate and a private key other than the private viewer are separately distributed. Specifically, the public key creates and distributes a separate private certificate for each place of presentation.

For example, if the issuer applies to submit a certificate to a specific company, and sets the certificate to the specific company, the certificate is encrypted with the public key of the specific company. At this time, the server generates the public key and the private key of the specific company in advance, stores the public key in the server, and transmits the private key to the management team of the specific company in advance.

Next, the exclusive viewer providing unit 38 provides a dedicated viewer 50, which is a program for reading and decoding the certificate original file generated above and displaying the contents of the certificate original file on the viewer. Preferably, the dedicated viewer providing unit 38 downloads the installation file of the dedicated viewer 50 to the viewer terminal 12.

The configuration of the private viewer 50 will be described in more detail below.

Next, the configuration of the exclusive viewer 50 for viewing an electronic certificate according to an embodiment of the present invention will be described more specifically with reference to FIG.

6, the private viewer 50 includes a decryption unit 51 for decrypting the certificate original file to extract display data and attached data, a forgery-and-falsification unit 51 for generating a forgery preventing code from the forgery- A signature generating unit 53 for generating a watermark to be submitted from the presentation-place restriction information, a time stamp generating unit 54 for generating a time stamp from the time stamp data, a certificate content of the display data, An output document generation unit 55 for generating a document or a certificate display file to be output by summing up the forgery preventing code, the submittal watermark, and the time stamp, and a commercial image viewer 55 for displaying the generated certificate display file on a viewer, And a module 56. In addition, the document data processing unit 57 may further include a document data processing unit 57 for extracting all or a part of the data from the contents of the certificate to generate document data.

The decryption unit 51 decrypts the certificate original file and restores the data in the display data area and the attached data area. The content of the certificate can be obtained in the display data area. The certificate content is data composed of a file format of a commercial viewer (for example, a PDF file format).

The timestamp data is processed as part of the contents of the certificate when it is provided by the public commercial viewer. However, if the public commercial viewer does not provide a module for processing the time stamp, a separate time stamp generator 54 generates a time stamp from the time stamp data. Hereinafter, for convenience of explanation, it is assumed that the time stamp processing function is not provided in the public commercial viewer.

The data of the attached data area obtained by decoding is stored with forgery inhibition data, restricting destination information, time stamp data, and the like. The forgery preventing code generation unit 52, the presentation place mark generation unit 53 and the time stamp generation unit 54 respectively generate a forgery preventing code, a presentation place watermark, and a time stamp from the attached data, respectively.

In particular, the forgery preventing code generating section 52 converts the forgery preventing data into a two-dimensional code form and generates it.

The submittance mark generation unit 53 also generates a use restriction notifying statement and inserts it into the empty space of the certificate content in the form of a watermark. Usage restriction information includes contents such as the place of submission, period of validity (period of use), limitation of use.

Also, the output document generation unit 55 generates an output document or a document to be displayed or output. That is, the forgery preventing code to be generated, the watermark to be submitted, and the time stamp are respectively generated in the file format of the commercial viewer. The data thus generated is combined with the contents of the certificate to generate data of the file format of the public commercial viewer. This is called a certificate display file.

That is, the certificate display file is a file having a file format of a public commercial viewer, and is a file in which objects of forgery prevention code, a presentation watermark, and a time stamp are inserted into a file of the certificate contents.

Therefore, the certificate display file can be displayed on the screen through the public commercial viewer module 56, or the file can be output through the printer. The commercial viewer module 56 is a module having a viewer function of a public commercial viewer and has a function of reading a file having a file format of a public commercial viewer and displaying it on the screen. Preferably, the commercial viewer module 56 comprises a commercially available PDF viewer module. Also, the commercial viewer module 56 can output the certificate display file to an output device such as a printer.

In addition, the output document generation unit 55 may be configured to prevent copying and copying of the original electronic certificate when the commercial viewer module 56 outputs the certificate display file or the electronic document as a paper document or image (various formats) Is inserted into the certificate display file (or electronic document). The inserted mark is displayed as a phrase image or a watermark indicating a copy in the certificate display file.

 Or displays a copy of the electronic document or a watermark on the electronic certificate that is output or generated to indicate that it is a copy-protected and copy-protected original electronic certificate. At this time, the phrase "copy of the displayed electronic document" is a kind of example, and it can be displayed in various phrases such that it is a copy, not the original of the electronic document.

That is, the output document generation unit 55 displays a copy of the entire document in the certificate display file and generates it so as to output it as paper, or as an image file or an image format such as JPG, GIF, and PDF.

Next, the document data processing unit 57 extracts the document data inserted into the attachment data area 220 and generates document data to be output. For example, in the case of a certificate, the contents of the certificate are converted into data and included in the generation of the electronic certificate (or certificate original file). In particular, the document data processing unit 57 can generate document data to be output from the document data inserted in the attachment data area 220 in the original document file.

The document data processing unit 57 provides the function of generating the document data to be output by converting the data or the contents of the certificate into data to be outputted and exporting the generated document data. Preferably, the document data can be exported to a file such as a word processor (Korean, etc.), a spreadsheet (Excel, etc.), a DB file, a text, and the like. This provides the ability to extract document data from the submission site.

That is, the document data processing unit 57 allows the person in charge of the presentation site to extract necessary information from the document data, and provides the function of automatically registering the information in the computerized system of the presentation destination.

7 shows an example of a certificate display file. At the top of the graduation certificate in Fig. 7, a watermark for the restricting information is inserted, and the forgery inhibition data is converted into a two-dimensional code at the bottom of the graduation certificate and inserted.

The invention made by the present inventors has been described concretely with reference to the embodiments. However, it is needless to say that the present invention is not limited to the embodiments, and that various changes can be made without departing from the gist of the present invention.

11: Applicant terminal 12: Viewer terminal
20: Network 30: Issuing server, generation viewing system
31: issuance application processing unit 32: certification content preparation unit
33: original file generation unit 34: forgery prevention preparation unit
35: Submission destination information preparation unit 36: Document data generation unit
37: encryption unit 38: dedicated viewer
40: database 41: document information DB
42: original file DB 43: destination DB
50: dedicated viewer 51: decryption unit
52: forgery prevention code generation unit 53:
54: timestamp generator 55: output document generator
56: commercial viewer module 57: document data processing section

Claims (11)

A private viewer-based electronic certificate generation and browsing system connected to an applicant terminal through a network, for receiving a certificate issuance request of the applicant terminal and transmitting an issued certificate original file,
An issuance application processing unit for receiving an application for issuing a certificate from the applicant terminal;
A proof content creating unit for creating the content of the requested certificate;
A forgery preventing section for generating forgery prevention data on the contents of the certificate;
An original file generation unit for generating a certificate original file in a file format of a public viewing commercial viewer for the contents of the certificate and forgery preventing data;
An encryption unit encrypting the certificate original file; And
And a dedicated viewer providing unit for providing a dedicated viewer for viewing the encrypted certificate original file,
Wherein the original file generation unit records the contents of the certificate in a display data area in which data is displayed on the viewer in the file format and includes the forgery preventing data in an attachment data area in which data is not displayed on the viewer in the file format The attached data is recorded,
Wherein the exclusive viewer generates a certificate display file by adding the contents of the certificate of the display data and the attached data recorded in the attached data area and displays the certificate display file on a viewer or outputs it to a printer Including,
The contents of the certificate original file can be browsed by the commercial viewer without being encrypted and contents recorded in the display data area of the certificate original file by the commercial viewer are displayed on the screen and a guideline that the use of the certificate is restricted is displayed Wherein said electronic certificate generating system comprises:
delete The method according to claim 1,
The system further includes a submitter information creating unit that creates information that restricts a submittal place to submit a certificate,
And the transmission destination restriction information is recorded in the attachment data area.
The method of claim 3,
And a time stamp is included in the contents of the certificate.
5. The apparatus of claim 4,
A decryption unit for decrypting the certificate original file to extract display data recorded in the display data area and attached data recorded in the attached data area;
A forgery preventing code generating unit for generating a forgery preventing code from the forgery preventing data included in the attached data;
A present location mark generating unit for generating a present location watermark from the present location limitation information;
A time stamp generator for generating a time stamp from the time stamp data included in the attached data;
An output document generation unit for generating a certificate display file by adding together the contents of the certificate of the display data, the forgery preventing code, the watermark of the present location, and the time stamp; And
And a commercial viewer module for displaying the certificate display file on a viewer or outputting the certificate to a printer.
6. The method of claim 5,
The system further includes a document data generation unit for generating document data in which all or a part of the contents of the certificate are converted into data,
The document data is recorded in the attached data area,
The dedicated viewer provides a function of exporting the document data to one of a word processor file, a spreadsheet file, a text file and a DB file, or a function of automatically registering the document data in the computer system of the destination And a document data processing unit for displaying the generated electronic certificate based on the digital certificate.
delete 6. The method of claim 5,
Wherein the forgery preventing code, the submittal watermark, and the time stamp are respectively generated in a file format of a commercial viewer.
6. The method of claim 5,
Wherein the output document generation unit inserts a phrase or a watermark indicating a copy in the certificate display file when outputting the certificate display file to the printer or outputting the image as an image.
The method of claim 3,
Wherein the submitter information creating unit receives the name of the submitter directly if the input destination is not in the list of the submitter, and automatically rejects the name if the submitter is only configured with a pre-established bilgear word, the banner word includes a university, a school, a company, A general noun or a non-discriminatory phrase capable of identifying a specific company including a name or a symbol of the issuer's own name.
11. The method of claim 10,
Wherein the submittal destination information creating unit includes a submittal destination name and data capable of identifying the submittal destination when the inputted submittal destination is not in the submittal destination list, wherein the data that can identify the submittal destination is an address, a telephone number, Address of the electronic certificate based on the private viewer.

Images