WO2008038386A1 - Service providing device, service providing system, and service providing method - Google Patents

Service providing device, service providing system, and service providing method Download PDF

Info

Publication number
WO2008038386A1
WO2008038386A1 PCT/JP2006/319362 JP2006319362W WO2008038386A1 WO 2008038386 A1 WO2008038386 A1 WO 2008038386A1 JP 2006319362 W JP2006319362 W JP 2006319362W WO 2008038386 A1 WO2008038386 A1 WO 2008038386A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
data
information
audit
digest value
Prior art date
Application number
PCT/JP2006/319362
Other languages
French (fr)
Japanese (ja)
Inventor
Tetsuya Okano
Tsutomu Kawai
Original Assignee
Fujitsu Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Limited filed Critical Fujitsu Limited
Priority to PCT/JP2006/319362 priority Critical patent/WO2008038386A1/en
Publication of WO2008038386A1 publication Critical patent/WO2008038386A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services

Definitions

  • the present invention relates to a service providing apparatus that provides a service to a user terminal, and in particular, a service providing apparatus and a service providing capable of determining the validity of information recording the amount of work involved in service provision
  • the present invention relates to a system and a service providing method.
  • FIG. 21 is a diagram for explaining a conventional technique.
  • the data center entrusted with the environmental management 'operation for providing services by the service provider provides services to the service users on behalf of the service providers and provides services. You may have charged your service provider with a fee.
  • the billing method charged by the data center to the service provider is a fixed billing method that charges the server, etc. at a fixed fee, or a fee is added according to the amount of work involved in providing the service. Pay-per-use billing is generally used. In recent years, from the viewpoint of effective use of resources, etc., the billing method of charges charged by data centers to service providers is becoming a pay-as-you-go method.
  • a data center charges a fee according to a pay-per-use billing method
  • the workload when the service is provided to the user is recorded, and a fee corresponding to the workload is calculated.
  • the data center then charges the calculated fee to the service provider and notifies the service pronoida of information that records the amount of work required to provide the service to prove the validity of the charged fee. ! /
  • Patent Document 1 both the customer and the lending company calculate a loan fee based on information on the amount of power used by the customer, and compare the respective loan fees.
  • the technology that determines whether the lending fee charged by a lender to a customer is correct is disclosed.
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2005-50174
  • the service provider does not directly monitor service exchanges between the data center and an unspecified number of users. If there is no way to determine the legitimacy of the amount of work required to provide services provided by the data center, there is a problem that the amount of work is tampered with by a malicious person and an unfair fee is paid. It was.
  • the present invention has been made to solve the above-described problems caused by the prior art, and provides a service providing apparatus and a service providing that can determine the legitimacy of information recording the amount of work involved in providing a service.
  • An object is to provide a system and a service providing method. Means for solving the problem
  • the present invention provides a service providing program for causing a terminal accessing a computer to function as a service providing apparatus that provides a Web service, the computer When measuring the workload of the service provided to the terminal that has accessed the service, and recording the measured workload data as log data, and providing the service in response to the service request, It is characterized by functioning as transmission control means for transmitting log data recorded by the data recording means as audit data to a terminal that is a service providing destination.
  • the present invention further includes digest value generation means for generating a digest value based on the log data, wherein the transmission control means provides a service in response to a service request.
  • the digest value is transmitted to a terminal that provides a service.
  • the present invention is characterized in that, in the above invention, the digest value generation means generates a digest value from log data of a predetermined period recorded in the data recording means.
  • the present invention provides a service providing system in which a service providing apparatus entrusted to provide a service to a service provider provides a service to a user terminal, the service providing apparatus performing a service providing service.
  • the present invention is a service providing method performed by a service providing apparatus and a terminal used by an inspector of a provider who substitutes the Web service to the service providing apparatus, and accesses a work amount related to service provision.
  • the process of measuring the workload of the service provided to the terminal that has been received, recording the measured workload data as log data in the recording device, and providing the service in response to a service request A transmission control step of transmitting the log data recorded by the recording device as audit data to a terminal serving as a provision destination of the data; acquiring the audit data and the log data transmitted to the auditor's terminal; and And a determination step for determining whether or not the data has been tampered with.
  • the workload of the service provided to the accessed terminal is measured, the measured workload data is recorded as log data, and the service is provided in response to the service request.
  • log data recorded by the data recording means is transmitted as audit data to a terminal that is a service providing destination, so that falsification of log data can be prevented.
  • a digest value is generated based on log data and a service is provided in response to a service request
  • a digest is provided to a terminal serving as a service providing destination. Since the est value is transmitted, falsification of log data can be prevented efficiently.
  • the service when a digest value is generated based on log data for a predetermined period and a service is provided in response to a service request from a user's terminal, the service is provided. Since the digest value is transmitted to the previous terminal, it becomes more difficult for the malicious data to be altered by the malicious third party, and the log data can be efficiently prevented from being altered.
  • the service providing apparatus measures the work amount of the service provided to the terminal that has accessed the work amount related to the service provision, and obtains the measured work amount data.
  • the log data recorded by the data recording means is transmitted as the audit data to the terminal that provides the service. Whether the audit data acquired by accessing the service providing device and the log data recorded in the data recording means are acquired, and whether or not the log data is falsified based on the acquired audit data and log data. Therefore, falsification of log data can be prevented.
  • FIG. 1 is a diagram for explaining the outline and features of the service providing system according to the first embodiment.
  • FIG. 2 is a system configuration diagram of the service providing system according to the first embodiment.
  • FIG. 3 is a functional block diagram of the configuration of the data center according to the first embodiment.
  • FIG. 4 is a diagram illustrating an example of a data structure of service usage log information.
  • FIG. 5 is a diagram of an example of a data structure of audit information according to the first embodiment.
  • FIG. 6 is a functional block diagram of the configuration of the service provider according to the first embodiment.
  • FIG. 7 is a diagram illustrating an example of a data structure of audit management information according to the first embodiment.
  • FIG. 8 is an explanatory diagram for explaining the process performed by the log information verification unit according to the first embodiment.
  • FIG. 9 is a flowchart of processing when the data center according to the first embodiment provides a service. It is a flowchart which shows order.
  • FIG. 10 is a flowchart of a determination process performed by the service provider according to the first embodiment.
  • FIG. 11 is a diagram for explaining the outline and features of the service providing system according to the second embodiment.
  • FIG. 12 is a system configuration diagram of the service providing system according to the second embodiment.
  • FIG. 13 is a functional block diagram of the configuration of the data center according to the second embodiment.
  • FIG. 14 is a diagram illustrating an example of a data structure of audit information according to the second embodiment.
  • FIG. 15 is a functional block diagram of the configuration of the service provider according to the second embodiment.
  • FIG. 16 is a diagram illustrating an example of a data structure of audit management information according to the second embodiment.
  • FIG. 17 is an explanatory diagram for explaining the process performed by the log information verification unit according to the second embodiment.
  • FIG. 18 is a flowchart of a process procedure performed when the data center according to the second embodiment provides a service.
  • FIG. 19 is a flowchart of a determination process performed by the service provider according to the second embodiment.
  • FIG. 20 is a diagram showing a hardware configuration of a computer constituting the data center or service provider shown in FIG.
  • FIG. 21 is a diagram for explaining a conventional technique.
  • FIG. 1 is a diagram for explaining the outline and features of the service providing system according to the first embodiment.
  • the data center entrusted with service provision to the service provider provides services provided to the terminals of auditors and general user terminals that audit the workload related to the service provision.
  • the measured workload data is recorded in the recording device as service usage log information, and a service is provided in response to a service request, a part of the service usage log information is serviced as audit information.
  • the data is sent to the terminal to which the data is provided (the data center does not know whether the terminal is a user of the auditor's terminal power).
  • the service provider acquires the audit information and the service usage log information to obtain the audit information and The service usage log information is compared with the service usage log information to determine whether the service usage log information has been tampered with. (If the service usage log information is tampered with, the data center power service provider has an unfair fee. Will be charged).
  • the service providing system transmits the audit information to the terminal that is the service providing destination, and the service provider transmits the audit information and the service.
  • the usage log information is obtained and it is determined whether the service usage log information has been tampered with, so that the problem that the malicious user charges the service usage log information and charges an unauthorized fee is solved. Can do.
  • the service center logs the service usage log information to the service provider and compares it with the audit information sent to the auditor's terminal. You can prove the validity of the fee.
  • FIG. 2 is a system configuration diagram of the service providing system according to the first embodiment.
  • this service providing system includes user terminals 10, 20, a data center 100, and a service router 200.
  • the user terminals 10, 20, the data center 100, and the service provider 200 are connected by a network 50.
  • the user terminals 10 and 20 are shown here for convenience of explanation, it is assumed that a plurality of other user terminals are also connected to the network 50 without being limited thereto.
  • the user terminals 10 and 20 are devices that are operated by an auditor or a general user to access the data center 100 and receive a desired service provision.
  • an auditor who operates the user terminal 10 (or the user terminal 20) accesses the data center 100
  • the auditor acquires the audit information that is also transmitted by the data center, and uses the acquired audit information as a service provider. Send to 200.
  • the data center 100 is a device that is entrusted with service provision to the service provider 200 and provides the service instead of the service provider 200.
  • the data center 100 measures the workload of the service provided to the user terminals 10 and 20, generates information on the measured workload, that is, service usage log information, and sends the audit information to the service provider.
  • the administrator of the data center 100 charges the administrator of the data service provider 200 based on the service usage log information.
  • the service provider 200 entrusts the service provision to the data center 100, and when the service provider 200 is charged by the administrator of the data center 100 according to the service usage log information, the service provider 200 operates the auditor.
  • This is a device that obtains audit information from the user terminals 10 and 20, and determines whether or not the service use log information has been falsified based on the obtained audit information and service use log information.
  • FIG. 3 is a functional block diagram of the configuration of the data center 100 according to the first embodiment.
  • the data center 100 includes an input unit 110, an output unit 120, a communication control unit 130, an input / output control IF unit 140, a storage unit 150, and a control unit 160. Is done.
  • the input unit 110 is an input means for inputting various types of information. Consists of a mouse and a microphone.
  • the monitor (output unit 120) described later also realizes a pointing device function in cooperation with the mouse.
  • the output unit 120 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like.
  • the communication control unit 130 is mainly means for controlling communication between the user terminals 10 and 20 and the service provider 200.
  • the input / output control IF unit 140 includes an input unit 110, an output unit 120, This is a means for controlling data input / output by the communication control unit 130, the storage unit 150, and the control unit 160.
  • the storage unit 150 is a storage unit that stores data and programs necessary for various processes by the control unit 160. In particular, as shown in FIG. Log information 150a is provided.
  • the service use log information 150a is data in which information on a work amount related to service provision is recorded.
  • FIG. 4 is a diagram showing an example of the data structure of the service usage log information 150a.
  • this service usage log information 150a includes the access occurrence time, the IP (Internet Protocol) address of the access source (the user terminal that made the service request to the data center), the access source port (port Number), access destination URL (Uniform Resource Locator), and cumulative access count indicating the cumulative usage count of the service provided.
  • the service usage log information 150a includes a session usage time such as a session-oriented service, a user ID (Idification) used in the case of an authentication type service, and the like.
  • the control unit 160 has an internal memory for storing programs and control data defining various processing procedures, and is a control means for executing various processes by these, and is closely related to the present invention. As shown in FIG. 3, the service providing unit 160a, the service usage log information creating unit 160b, the audit information managing unit 160c, the electronic signature creating unit 160d, and the encryption key processing unit 160e are as shown in FIG. Is provided.
  • the service providing unit 160a is a processing unit that provides various services to the user terminal of the service request source when a service request is received from the user terminals 10 and 20. For example, the service providing unit 160a provides a variety of information by displaying a Web page on the Web browser of the user terminal of the service request source. [0036] When the service providing unit 160a receives an output command for the service usage log information 150a from the input unit 110, the service providing unit 160a outputs the service usage log information 150a to the service provider 200 (the service usage log information 150a is (It is output after being encrypted by the encryption key processing unit 160e described later). This output command shall be input by the administrator of the data center 100 when, for example, the administrator of the service provider 200 is charged for the fee for providing the service capability of the administrator of the data center 100. .
  • the service use log information creation unit 160b is a service workload (service number of accesses to the web page, data transfer amount, access time, registration) performed by the service providing unit 160a on the user terminals 10, 20 This is a processing unit that measures service usage log information 150a (see Fig. 4).
  • the audit information management unit 160c creates audit information based on the service usage log information 150a, and the service providing unit 160a transmits the audit information to the user terminal that provides the service. Part. Specifically, the audit information management unit 160c is provided when the service providing unit 160a provides the service, and the service usage log information creation unit 160b records the workload information corresponding to the service in the service usage log information 150a. Then, a part of the information recorded in the service usage log information 150a is extracted, and the extracted information is transmitted as audit information to the corresponding user terminal.
  • the information extracted from the service usage log information 150a may be information corresponding to the user terminal receiving the service provision, or may be a plurality of past information recorded in the service usage log information 150a.
  • FIG. 5 is a diagram illustrating an example of a data structure of audit information according to the first embodiment.
  • this audit information includes an access occurrence time, an IP address, a port, an access destination URL, and an accumulated access count.
  • the audit information includes a session usage time such as a session-oriented service and a user ID used in the case of an authentication type service.
  • the electronic signature creation unit 160d is a processing unit that creates electronic signature data using a public key cryptosystem and attaches the electronic signature data to the audit information created by the audit information management unit 160c. .
  • the electronic signature creation unit 160d creates a message digest from the audit information, and encrypts the powerful message digest with a private key. Attach the data.
  • the encryption key processing unit 160e is a processing unit that encrypts the audit information created by the audit information management unit 160c. That is, the audit information management unit 160c outputs the audit information encrypted with the electronic signature attached thereto to the user terminals 10 and 20.
  • the encryption processing unit 160e encrypts the service usage log information 150a.
  • FIG. 6 is a functional block diagram of the structure of the service provider 200 according to the first embodiment.
  • the service pronoider 200 includes an input unit 210, an output unit 220, a communication control unit 230, an input / output control IF unit 240, a storage unit 250, and a control unit 260. Configured.
  • the input unit 210 is an input means for inputting various types of information, and includes a keyboard, a mouse, a microphone, and the like.
  • the monitor (output unit 220) described later also realizes a pointing device function in cooperation with the mouse.
  • the output unit 220 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like.
  • the communication control unit 230 is mainly means for controlling communication between the user terminals 10 and 20 and the data center 100.
  • the input / output control IF unit 240 includes an input unit 210, an output unit 220, This is means for controlling input / output of data by the communication control unit 230, the storage unit 250, and the control unit 260.
  • the storage unit 250 is a storage unit that stores data and programs necessary for various types of processing by the control unit 260. Particularly, as closely related to the present invention, as shown in FIG. Information 250a and service usage log information 250b are provided.
  • the audit management information 250a is data in which a plurality of pieces of audit information transmitted from the user terminals 10 and 20 operated by the auditor are recorded.
  • FIG. 7 is a diagram illustrating an example of the data structure of the audit management information 250a according to the first embodiment. As shown in the figure, this audit management information 250a records a plurality of audit information.
  • Service usage log information 250b is used to charge the data center 100 This data is output to the service provider 200 in order to prove the correctness of the charge billing when it is made to the binder. Since the data structure of the service usage log information 250b is the same as the service usage log information 150a (see FIG. 4) stored in the storage unit 150 of the data center 100, the description thereof is omitted.
  • the control unit 260 is a control means that has an internal memory for storing programs and control data that define various processing procedures, and performs various processing using these programs, and is closely related to the present invention. As related items, as shown in FIG. 6, a decryption processing unit 260a, a signature verification unit 260b, and a log information verification unit 260c are provided.
  • the decryption processing unit 260a obtains audit information (encrypted audit information) from the user terminals 10, 20 (or the input unit 2 10) operated by the auditor, the obtained audit information Is a processing unit that decrypts the audit information and stores the decrypted audit information in the audit management information 250a.
  • the decryption processing unit 260a decrypts the service usage log information (encrypted service usage log information) output from the data center 100, and uses the decrypted service usage log information as the service usage log information 250b. Is stored in the storage unit 250.
  • the signature verification unit 260b is a processing unit that acquires the electronic signature data attached to the audit information and determines whether or not the audit information has been tampered with using a public key encryption method or the like. . For example, the signature verification unit 260b creates a message digest from the audit information, decrypts the electronic signature data with the public key, and decrypts the message digest created from the audit information and the electronic signature data. In comparison, if both message digests do not match, it is determined that the audit information has been tampered with.
  • the signature verification unit 260b determines that the audit information has been tampered with, the signature verification unit 260b deletes the tampered audit information from the audit management information 250a, and displays information indicating that the audit information has been tampered with. Output to the output unit 220.
  • the log information verification unit 260c is a processing unit that compares the audit management information 250a and the service usage log information 250b to determine whether or not the service usage log information 250b has been tampered with.
  • FIG. 8 is an explanatory diagram for explaining the process performed by the log information verification unit 260c according to the first embodiment.
  • the log information verification unit 260c determines whether or not there is a contradiction in the IP address of the service usage log information 250b (the log information verification unit 260c exists in advance). If the IP address of the user terminal to be obtained (such as the IP address of the user terminal that is the target of service provision) is stored and an IP address other than the IP address to be used exists in the service usage log information 250b, the IP address Judge that there is a contradiction). When there is a contradiction in the IP address of the service usage log information 250b, the log information verification unit 260c outputs that fact to the output unit 220.
  • the log information verification unit 260c compares the audit management information 250a with the service usage log information 25 Ob, and data corresponding to the audit information of the audit management information 250a is included in the service usage log information 250b. It is determined whether or not. The log information verification unit 260c determines that the service usage log information 250b has been tampered with when the data corresponding to the audit information of the audit management information 250a is not included in the service usage log information 250b, and the output unit 220 Output to.
  • the log information verification unit 260c compares the audit management information 250a with the service usage log information 250b, and determines the access occurrence time in the audit information and the access occurrence in the service usage log information 250b corresponding to the audit information. A difference with time is calculated, and if the calculated difference is equal to or greater than a specified value, it is determined that the service usage log information 250b has been tampered with, and a message to that effect is output to the output unit 220. For example, when the accumulated access count is used as a key, the access occurrence time of the audit information for the accumulated access count “5802 2” is “August 1, 2006 10: 18: 18.015 seconds”.
  • the access occurrence time in the service usage log information 250b corresponding to the audit information is the access occurrence time corresponding to the cumulative access count “58022” in the service usage log information 250b “10:18 on August 1, 2006 18. 015 seconds ", the difference between the access occurrence times of both is calculated, and the calculated difference is compared with the specified value.
  • the log information verification unit 260c compares the audit management information 250a with the service usage log information 250b, and determines whether or not the accumulated access count of the service usage log information 250b is appropriate. For example, the log information verification unit 260c compares the IP address corresponding to the cumulative access count of the audit information with the IP address corresponding to the cumulative access count of the service usage log information 250b, and determines whether or not both IP addresses match. Determine whether. If the IP addresses do not match, the log information verification unit 260c determines that the service usage log information 250b has been tampered with, and outputs that fact to the output unit 220.
  • the log information verification unit 260c indicates that the number of predetermined IP addresses in the service usage log information 250b (the IP address of the user terminal operated by the auditor) is the number of audit accesses (the auditor is the user). The number of service requests made to the data center 100 by operating the terminal), and if not, it is determined that the service usage log information 250b has been tampered with, and a message to that effect is output to the output unit 220. To do. It is assumed that the log information verification unit 260c acquires in advance the information such as the IP address of the user terminal operated by the auditor and the number of times of audit access by using the input unit 210 and the like, and holds the information that is helpful.
  • FIG. 9 is a flowchart of a process procedure performed when the data center 100 according to the first embodiment provides a service.
  • the service providing unit 160a receives the service request from the user terminal 10 (or the user terminal 20) (step S101), and the service terminal 160a receives the service request.
  • Start providing service step S102).
  • the service usage log information creation unit 160b measures the amount of work involved in service provision by the service provision unit 160a, creates service usage log information 150a (step S103), and the audit information management unit 160c Audit information is created (step S104).
  • the electronic signature creation unit 160d creates electronic signature data (step S105), the encryption processing unit 160e encrypts the audit information (step S106), and the audit information management unit 160c creates the electronic signature.
  • the audit information with data attached and encrypted is output to the user terminal of the service provider (step S107).
  • the data center 100 creates audit information at the time of service provision, and the data center cannot determine whether it is a user terminal serving as a service provider (an auditor's terminal or a general user's terminal). Since the audit information is output to the user terminal), it is possible to prevent the malicious user from falsifying the service usage log information 150a.
  • FIG. 10 is a flowchart showing the determination process performed by the service provider 200 according to the first embodiment.
  • the decryption processing unit 260a acquires service usage log information (encrypted service usage log information) and uses the service. After the log information is decrypted, it is stored in the storage unit 250 (step S201), and the log information verification unit 260c determines whether or not there is a contradiction in the IP address of the service usage log information 250b (step S202).
  • step S203 If there is a contradiction in the IP address in the service usage log information 250b (step S203, Yes), information indicating that the service usage log information 250b is not appropriate is output to the output unit 220 ( Step S204). On the other hand, if there is no contradiction in the IP address (step S203, No), it is determined whether information corresponding to the audit information exists in the service usage log information 250b (step S205).
  • step S206 If the information corresponding to the audit information does not exist in the service usage log information 250b (step S206, No), the process proceeds to step S204. On the other hand, if the information corresponding to the audit information exists in the service usage log information 250b (step S206, Yes), the difference between the access occurrence time of the corresponding audit information and the access occurrence time of the service usage log information 250b is calculated. It is calculated (step S207), and it is determined whether or not the time difference is greater than or equal to a predetermined value (step S208).
  • step S209 If the time difference is equal to or greater than the predetermined value (step S209, Yes), the process proceeds to step S204. On the other hand, if the time difference is less than the predetermined value (step S209, No), it is determined whether the accumulated access count of the audit information is equal to the accumulated access count of the service usage log information 250b (step S210).
  • step S211, No If the accumulated access counts are not equal (step S211, No), the process proceeds to step S204. On the other hand, when the accumulated access count is equal (step S211, Yes), it is determined whether or not the number of predetermined IP addresses in the service usage log information 250b is equal to the number of audit accesses (step S212).
  • step S213, No If the number of predetermined IP addresses in the service usage log information 250b is not equal to the number of audit accesses (step S213, No), the process proceeds to step S204. On the other hand, if the number of predetermined IP addresses in the service usage log information 250b is equal to the number of audit accesses (step S213, Yes), information indicating that the service usage log information is appropriate is sent to the output unit 220. Output (step S214).
  • the log information verification unit 260c and the audit information included in the audit management information 250a The service usage log information 250b obtained from the data center 100 is compared with the service usage log information 250b to determine whether or not the service usage log information 250b has been tampered with. It is possible to solve the problem of paying a certain person.
  • the service providing system is a service provided by the data center 100 to a terminal of an auditor who audits a workload related to service provision and a terminal of a general user.
  • a part of the service usage log information is audit information.
  • the service provider 200 acquires the audit information and the service usage log information, compares the audit information with the service usage log information, and determines whether or not the service usage log information has been tampered with. It is possible to solve the problem that the service usage log information is falsified by a malicious person and an unauthorized fee is charged.
  • the data center 100 when providing the service, does not know whether the access is made by an auditor or a general user, so the number of accesses used for the service use log information 150a is illegally increased. It can be suppressed. Even if the auditor does not access for the audit, the data center 100 cannot deny the existence of the access for the audit, so that fraud is suppressed.
  • FIG. 11 is a diagram for explaining the outline and features of the service providing system according to the second embodiment.
  • the service providing system according to the second embodiment has a digest value based on information in a predetermined area (predetermined period) among information recorded in the service usage log information by the data center.
  • the audit information and digest value are sent to the terminal that provides the service.
  • the service provider log information and the service usage log information The digest value generated by the service usage log information is compared with each other to determine whether the service usage log information has been tampered with.
  • the service providing system generates a digest value based on the service usage log information, and when the data center receives a service request, the service providing system provides the terminal serving as a service providing destination. Audit information and digest values are sent, and the service provider determines whether the service usage log information has been falsified based on the digest value, so it is possible to efficiently prevent falsification of the service usage log information. .
  • FIG. 12 is a system configuration diagram of the service providing system according to the second embodiment.
  • this service providing system includes user terminals 10, 20, a data center 300, and a service provider 400.
  • the user terminals 10 and 20, the data center 300, and the service provider 400 are connected by a network 50.
  • the user terminals 10 and 20 are shown, but the present invention is not limited to this, and it is assumed that a plurality of other user terminals are also connected to the network 50.
  • the user terminals 10 and 20 are devices operated by an auditor or a general user to access the data center 300 and receive a desired service provision.
  • an auditor who operates the user terminal 10 (or the user terminal 20) accesses the data center 300
  • the auditor acquires the audit information that is also transmitted by the data center, and uses the acquired audit information as a service provider. Sent to 400.
  • the data center 300 is a device that entrusts the service provider 400 to provide a service and provides the service instead of the service provider 400. Further, the data center 300 measures the workload of the services provided to the user terminals 10 and 20, generates information on the measured workload, that is, service usage log information, and generates a digest value. Then, the data center 300 transmits the digest value and the audit information to the user terminal that is the service providing destination. Note that the administrator of the data center 300 charges the administrator of the data service provider 400 based on the service usage log information.
  • the service provider 400 entrusts the data center 300 to provide the service, and When the fee for the service usage log information is charged by the administrator of the data 300, etc., the audit information and digest value are acquired from the user terminals 10 and 20 operated by the auditor, and the acquired audit information and This device determines whether or not the service usage log information has been falsified based on the digest value, the service usage log information, and the digest value generated from the service usage log information.
  • FIG. 13 is a functional block diagram of the configuration of the data center 300 according to the second embodiment.
  • the data center 300 includes an input unit 310, an output unit 320, a communication control unit 330, an input / output control IF unit 340, a storage unit 350, and a control unit 360. Is done.
  • the input unit 310 is an input means for inputting various types of information, and includes a keyboard, a mouse, a microphone, and the like.
  • the output unit 320 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like.
  • the communication control unit 330 is mainly means for controlling communication between the user terminals 10 and 20 and the service provider 400.
  • the input / output control IF unit 340 includes an input unit 310, an output unit 320, This is a means for controlling input / output of data by the communication control unit 330, the storage unit 350, and the control unit 360.
  • the storage unit 350 is a storage unit that stores data and programs necessary for various types of processing by the control unit 360.
  • Log information 350a is provided.
  • the service usage log information 350a is data in which information on a work amount related to service provision is recorded.
  • the data structure of the service usage log information 350a is the same as the data structure of the service usage log information 150a shown in FIG.
  • the control unit 360 has an internal memory for storing programs and control data defining various processing procedures, and is a control means for executing various processes by these, and is closely related to the present invention.
  • the service providing unit 360a As shown in FIG. 13, the service providing unit 360a, the service usage log information creating unit 360b, the audit information managing unit 360c, the digest value calculating unit 360d, the digital signature creating unit 360e, And an encryption processing unit 360f.
  • the service providing unit 360a is a processing unit that provides various services to the user terminal of the service request source when a service request is received from the user terminals 10 and 20.
  • the service providing unit 360a provides a variety of information by displaying a web page on the web browser of the user terminal of the service request source.
  • the service providing unit 360a When the service providing unit 360a receives an output command of the service usage log information 350a from the input unit 310, the service providing unit 360a outputs the service usage log information 350a to the service provider 400 (the service usage log information 350a It is output after being encrypted by the encryption key processing unit 360f described later).
  • This output command shall be input by the administrator of the data center 300 when, for example, the administrator of the service provider 400 is charged for the fee for providing the administrator power service of the data center 300. .
  • the service usage log information creation unit 360b is a service workload that the service providing unit 360a performs on the user terminals 10, 20 (number of accesses to the web page, amount of data transfer, access time, registration) This is a processing unit that measures the number of users) and creates service usage log information 350a (see Fig. 4).
  • the audit information management unit 360c creates audit information based on the service usage log information 350a, and the service providing unit 360a transmits the audit information to the user terminal that provides the service. Part. Specifically, the audit information management unit 360c is provided when the service providing unit 360a provides the service, and the service usage log information creating unit 360b records the workload information corresponding to the service in the service usage log information 350a. Then, a part of the information recorded in the service usage log information 350a is extracted, and the extracted information is transmitted as audit information to the corresponding user terminal.
  • the information extracted from the service usage log information 350a may be information corresponding to the user terminal receiving the service provision, or may be a plurality of past information recorded in the service usage log information 350a.
  • FIG. 14 is a diagram illustrating an example of a data structure of audit information according to the second embodiment.
  • this audit information includes access occurrence time, IP address, port, access destination URL, accumulated access count, and digest value (explained about digest value will be described later).
  • the audit information includes the session usage time for session-oriented services, user IDs used for authentication-type services, etc.
  • the digest value calculation unit 360d is a processing unit that calculates a digest value based on the service usage log information 350a. Specifically, the digest value calculation unit 360d uses the no-hash function (for example, MD5 and Message Direct 5>) to obtain the digest value from the information table generated in the predetermined period included in the service usage log information 350a. Calculate (for example, calculate the information power digest value corresponding to the total number of times 58022 to 58026; see Fig. 4). Then, the digest value calculation unit 360d records the calculated digest value in a digest value recording area of audit information (audit information generated by the audit information management unit 360c).
  • the no-hash function for example, MD5 and Message Direct 5>
  • the digest value calculation unit 360d when the digest value calculation unit 360d records the digest value in the audit information, the digest value calculation unit 360d also records the accumulated access count that is a reference of the information for which the digest value has been calculated. Referring to FIG. 4, when the digest value calculation unit 360d calculates the digest value based on the cumulative access count “58022 to 58026” in the service use log information, the digest value is calculated based on the reference of the information. The total access count “508026” is recorded in the audit information together with the digest value. In the following, the information on the accumulated access as a reference and the digest value are simply referred to as a digest value.
  • the electronic signature creation unit 360e is a processing unit that creates electronic signature data using a public key cryptosystem and attaches the electronic signature data to the audit information created by the audit information management unit 360c. .
  • the electronic signature creation unit 360e creates a message digest from the audit information, and attaches electronic signature data obtained by encrypting a powerful message digest with a private key.
  • the encryption key processing unit 360f is a processing unit that encrypts the audit information created by the audit information management unit 360c. That is, the audit information management unit 360c outputs the encrypted audit information attached with the electronic signature to the user terminals 10 and 20.
  • the encryption processing unit 360f encrypts the service usage log information 350a.
  • FIG. 15 is a functional block diagram of the configuration of the service provider 400 according to the second embodiment.
  • the service pronoider 400 includes an input unit 410, an output unit 420, a communication control unit 430, an input / output control IF unit 440, a storage unit 450, and a control unit 460. Configured.
  • the input unit 410 is an input unit for inputting various types of information, and includes a keyboard, a mouse, a microphone, and the like.
  • the monitor (output unit 420) described later also realizes a pointing device function in cooperation with the mouse.
  • the output unit 420 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like.
  • the communication control unit 430 is mainly means for controlling communication between the user terminals 10 and 20 and the data center 300.
  • the input / output control IF unit 440 includes an input unit 410, an output unit 420,
  • the communication control unit 430, the storage unit 450, and the control unit 460 are means for controlling data input / output.
  • the storage unit 450 is a storage unit that stores data and programs necessary for various processes by the control unit 460. As particularly related to the present invention, as shown in FIG. Information 450a and service usage log information 450b are provided.
  • the audit management information 450a is data in which a plurality of pieces of audit information transmitted from the user terminals 10 and 20 operated by the auditor are recorded.
  • FIG. 16 is a diagram illustrating an example of the data structure of the audit management information 45 Oa according to the second embodiment. As shown in the figure, the audit management information 450a records a plurality of audit information.
  • the service usage log information 450b is a service pronoidae for verifying the legitimate charge billing when the data center 300 administrator charge is charged to the service provider 400 administrator. Data output to 400.
  • the data structure of the service usage log information 45 Ob is the same as that of the service usage log information 150a (see FIG. 4) described in the first embodiment!
  • the control unit 460 is a control means that has an internal memory for storing programs and control data that define various processing procedures, and executes various processes by these, and is closely related to the present invention. As shown in FIG. 15, a decryption processing unit 460a, a signature verification unit 460b, a log information verification unit 460c, and a digest value verification unit 460d are provided. [0097] When the decryption processing unit 460a acquires the audit information (encrypted audit information) from the user terminals 10, 20 (or the input unit 4 10) operated by the auditor, the acquired audit information Is a processing unit that decrypts the audit information and stores the decrypted audit information in the audit management information 450a.
  • the decryption processing unit 460a acquires the audit information (encrypted audit information) from the user terminals 10, 20 (or the input unit 4 10) operated by the auditor
  • the acquired audit information Is a processing unit that decrypts the audit information and stores the decrypted audit information in the audit management
  • the decryption processing unit 460a decrypts the service usage log information (encrypted service usage log information) output from the data center 300, and uses the decrypted service usage log information as the service usage log information 450b. Is stored in the storage unit 450.
  • the signature verification unit 460b is a processing unit that acquires the electronic signature data attached to the audit information and determines whether the audit information has been tampered with using a public key encryption method or the like. . For example, the signature verification unit 460b creates a message digest from the audit information, decrypts the electronic signature data with the public key, and decrypts the message digest created from the audit information and the electronic signature data. In comparison, if both message digests do not match, it is determined that the audit information has been tampered with. If the signature verification unit 460b determines that the audit information has been falsified, the signature verification unit 460b deletes the falsified audit information from the audit management information 450a, and displays information indicating that the audit information has been falsified. Output to the output unit 420.
  • the log information verification unit 460c is a processing unit that compares the audit management information 450a with the service usage log information 450b to determine whether the service usage log information 450b has been tampered with.
  • FIG. 17 is an explanatory diagram for explaining the process performed by the log information verification unit 460c according to the second embodiment.
  • the log information verification unit 460c determines whether there is any contradiction in the IP address of the service usage log information 450b (in advance, the log information verification unit 460c determines the IP address (service provision target If the IP address other than the IP address to be used exists in the service usage log information 450b, it is determined that there is a contradiction in the IP address).
  • the log information verification unit 460c outputs that fact to the output unit 420.
  • the log information verification unit 460c compares the audit management information 450a with the service usage log information 45 Ob, and data corresponding to the audit information of the audit management information 450a is included in the service usage log information 450b. It is determined whether or not.
  • the log information verification unit 460c When the data corresponding to the audit information in the information 450a is not included in the service usage log information 450b, it is determined that the service usage log information 450b has been tampered with, and the fact is output to the output unit 420.
  • the log information verification unit 460c compares the audit management information 450a with the service usage log information 450b, and generates the access in the service usage log information 450b corresponding to the audit information access occurrence time and the audit information. A difference with time is calculated, and when the calculated difference is equal to or greater than a specified value, it is determined that the service usage log information 450b has been tampered with, and a message to that effect is output to the output unit 420. For example, when the accumulated access count is used as a key, the access occurrence time of the audit information for the accumulated access count “5802 2” is “August 1, 2006 10: 18: 18.015 seconds”.
  • the access occurrence time in the service usage log information 450b corresponding to the audit information is the access occurrence time corresponding to the cumulative access count “58022” in the service usage log information 450b “10:18 on August 1, 2006 18. 015 seconds ", the difference between the access occurrence times of both is calculated, and the calculated difference is compared with the specified value.
  • the log information verification unit 460c compares the audit management information 450a with the service usage log information 450b and determines whether or not the accumulated access count of the service usage log information 450b is appropriate. For example, the log information verification unit 460c compares the IP address corresponding to the accumulated access count of the audit information with the IP address corresponding to the accumulated access count of the service usage log information 450b, and whether or not both IP addresses match. Determine whether. If the IP addresses do not match, the log information verification unit 460c determines that the service usage log information 450b has been tampered with, and outputs that fact to the output unit 420.
  • the log information verification unit 460c provides a predetermined IP address in the service usage log information 450b.
  • IP address of the user terminal operated by the auditor is equal to the number of audit accesses (number of times the auditor has operated the user terminal and made a service request to the data center 300) If they are not equal, it is determined that the service usage log information 450b has been tampered with and the fact is output to the output unit 420. It is assumed that the log information verification unit 460c obtains in advance information such as the IP address of the user terminal operated by the auditor and the number of times of audit access by the input unit 410 and holds the information that is helpful.
  • the digest value verification unit 460d includes the digest included in the audit information of the audit management information 450a. This is a processing unit that compares the service service log information 450b with the digest value calculated from the service use log information 450b and determines whether or not the service use log information 450b has been tampered with. Specifically, the processing performed by the digest value verification unit 460d will be described with reference to FIG. 17.Firstly, the digest value verification unit 460d obtains the digest value of the audit information, and calculates the cumulative access count included in the digest value. Extract information. Taking the audit information shown in the second row of Fig. 17 as an example, the digest value of the strong audit information is extracted. The total number of accesses is “580 26”.
  • the digest value verification unit 460d obtains a predetermined number of past information from the service usage log information 450b starting from the extracted accumulated access count “58026” (for example, the accumulated access count “58022 to 58026”). ”).
  • the section of information acquired by the digest value verification unit 460d from the service usage log information 450b is matched with the section of information acquired by the service usage log information 350a when the digest value calculation unit 360d calculates the digest value. It is assumed that the information acquisition range (predetermined number) is set beforehand. As described above, when the information corresponding to “58022 to 58026” in the service usage log information 450b is acquired with the accumulated access count “58026” as the starting point, the predetermined number is 5.
  • the digest value verification unit 460d uses the information acquired from the service usage log information 450b and the hash function (the same hash function as the hash function used by the digest value calculation unit 360d) and uses the digest value. And the calculated digest value is compared with the digest value included in the audit information of the audit management information 450a (excluding the cumulative access count included in the head part of the digest value), and the digest values of both match. Judge whether it is power or not. If the digest values do not match, the log information verification unit 460c determines that the service usage log information 450b has been tampered with, and outputs that fact to the output unit 420. The digest value verification unit 460d repeatedly executes the above-described processing for each piece of audit information included in the audit management information 450a.
  • FIG. 18 is a flowchart of a process procedure performed when the data center 300 according to the second embodiment provides a service.
  • the providing unit 360a also receives the service request from the user terminal 10 (or the user terminal 20) (step S301), and starts providing the service to the user terminal of the service providing destination (step S302).
  • the service usage log information creation unit 360b measures the amount of work involved in service provision of the service provision unit 360a, creates service usage log information 350a (step S303), and the audit information management unit 360c Audit information is created (step S304).
  • the electronic signature creation unit 360e creates electronic signature data (step S305), the digest value calculation unit 360d calculates the digest value from the service usage log information 350a, and records the digest value in the audit information. (Step S306), the encryption processing unit 360f encrypts the audit information (Step S307), and the audit information management unit 360c provides electronically signed data and provides the encrypted audit information. Output to the previous user terminal (step S308).
  • the data center 300 creates audit information at the time of service provision, calculates the digest value, and outputs the audit information (including the digest value) to the user terminal that is the service provision destination. It is possible to prevent the service usage log information 350a from being altered by a certain person.
  • FIG. 19 is a flowchart showing the determination process performed by the service provider 400 according to the second embodiment.
  • the service provider 400 includes a storage unit after the decryption processing unit 460a obtains service usage log information (encrypted service usage log information) and decrypts the service usage log information.
  • the data is stored in 450 (Step S401), and the log information verification unit 460c determines whether or not there is a contradiction in the IP address of the service usage log information 450b (Step S402).
  • step S403, Yes If there is a contradiction in the IP address in the service usage log information 450b (step S403, Yes), information indicating that the service usage log information 450b is not appropriate is output to the output unit 420 ( Step S404). On the other hand, if there is no contradiction in the IP address (step S403, No), it is determined whether information corresponding to the audit information exists in the service usage log information 450b (step S405). [0113] If the information corresponding to the audit information does not exist in the service usage log information 450b (step S406, No), the process proceeds to step S404.
  • step S406 if the information corresponding to the audit information exists in the service usage log information 450b (step S406, Yes), the difference between the access occurrence time of the corresponding audit information and the access occurrence time of the service usage log information 450b is calculated. It is calculated (step S407), and it is determined whether or not the time difference is greater than or equal to a predetermined value (step S408).
  • step S409 If the time difference is greater than or equal to the predetermined value (step S409, Yes), the process proceeds to step S404. On the other hand, if the time difference is less than the predetermined value (step S409, No), it is determined whether or not the accumulated access count of the audit information is equal to the accumulated access count of the service usage log information 450b (step S410).
  • step S411, No If the accumulated access counts are not equal (step S411, No), the process proceeds to step S404. On the other hand, when the accumulated access count is equal (step S411, Yes), it is determined whether or not the number of predetermined IP addresses in the service usage log information 450b is equal to the audit access count (step S412).
  • step S413, No If the number of predetermined IP addresses in the service usage log information 450b is not equal to the number of audit accesses (step S413, No), the process proceeds to step S404. On the other hand, if the number of predetermined IP addresses in the service usage log information 450b is equal to the number of audit accesses (step S413, Yes), the digest value verification unit 460d uses the digest value from the service usage log information 450b. (Step S414), the digest value included in the audit information of the audit management information 450a is compared with the digest value calculated from the service usage log information 450b, and whether or not the digest values are equal. (Step S415).
  • step S416, No If the digest values are different (step S416, No), the process proceeds to step S404. On the other hand, if the digest values are equal (step S416, Yes), information indicating that the service usage log information is appropriate is output to the output unit 220 (step S417).
  • the digest value verification unit 460d calculates the digest value of the service usage log information 450b, and the digest value included in the audit information of the audit management information 450a Since the digest value calculated from the service usage log information 450b is compared, the legitimacy of the service usage log information 450b can be determined more accurately.
  • the service providing system is based on information in a predetermined area (predetermined period) among information recorded in the service usage log information by the data center 300.
  • the digest value is generated, and the audit information and the digest value are transmitted to the terminal that provides the service.
  • the service information 400 includes the audit information and the digest value, the service usage log information, and the digest value generated from the service usage log information.
  • the auditor transmits the audit information to the service provider 200.
  • a user terminal that is not limited to this may be automatically performed.
  • the user terminal that performs the audit may access the data center 100, and the user terminal may be configured to transmit the audit information output from the data center to the service provider 200.
  • the user terminal repeats access to the data center 100 at an interval shorter than the average time interval at which the user accesses the data center 100 (time interval equal to or less than a predetermined value). Unauthorized padding can be generated to prevent unauthorized use of service usage log information.
  • the data center 100 encrypts the audit information in response to the service request and transmits it to the user terminal.
  • the audit information is not limited to this. It can be embedded in information obtained by the user (for example, a created CAD file if the user is an online CAD service) and sent to the user terminal.
  • the audit information is not limited to this. It can be embedded in information obtained by the user (for example, a created CAD file if the user is an online CAD service) and sent to the user terminal.
  • the audit information is possible to prevent the general user from understanding the details of the audit information and solve the problem of information leakage.
  • FIG. 20 is a diagram showing a hardware configuration of a computer constituting the data center 100 or the service provider 200 shown in FIG. 2 (the data center 300 shown in FIG. 12 is! / Is the service provider 400).
  • This computer is an input device 30 that accepts input of data from the user, a monitor 31, a RAM (Random Access Memory) 32, a ROM (Read Only Memory) 33, and a medium reading that reads programs from various recording media.
  • Device 34, network interface 35 that exchanges data with other computers via the network, CPU (Central Processing Unit) 36, and HDD (Hard Disk Drive) 37 are connected via bus 38.
  • the input device 30 that accepts input of data from the user, a monitor 31, a RAM (Random Access Memory) 32, a ROM (Read Only Memory) 33, and a medium reading that reads programs from various recording media.
  • Device 34, network interface 35 that exchanges data with other computers via the network, CPU (Central Processing Unit) 36, and HDD (Hard Disk Drive) 37 are connected
  • the HDD 37 includes the data center 100 or the service provider 200 described above.
  • the HDD 37 stores various data 37a corresponding to the data stored in the storage unit of the data center 100 or the service provider 200 (data center 300 or service provider 400) described above.
  • the CPU 36 stores various data 37a in the HDD 37, reads the various data 37a from the HDD 37, stores the data 37a in the RAM 32, and executes data processing based on the various data 32a stored in the RAM 32.
  • the various programs 37b do not necessarily have the initial power stored in the HDD 37.
  • “portable physical media” such as a flexible disk (FD), CD—ROM, DVD disk, magneto-optical disk, IC card, etc.
  • Various programs 37b are stored in “fixed physical media” such as “other computers (or servers)” connected to the computer via public lines, the Internet, LAN, WAN, etc. Alternatively, the computer may read and execute the various programs 37b.
  • each device is functionally conceptual, and need not be physically configured as illustrated.
  • the specific form of distribution / integration of each device is not limited to the one shown in the figure, and all or a part thereof is functionally or physically distributed in an arbitrary unit according to various loads and usage conditions.
  • Can be integrated and configured.
  • each processing function performed in each device is realized by a program analyzed and executed by the CPU and the CPU, or as hardware by wired logic. Can be realized. Industrial applicability
  • the service provision method is useful for a service provision system in which a service provision device entrusted with service provision to a service provider provides a service to a user terminal, and in particular, provided by the service provision device. This is suitable when it is necessary to accurately determine the validity of the history information related to the service workload.

Abstract

When a data center (100) measures a service work amount provided to a terminal of a check staff who checks the work amount concerning the provided service and a terminal of a general user, records the measured word amount data as service use log information, and provides a service in response to a service request, a part of the service use log information is transmitted as check information to a terminal as the service providing destination (the data center cannot know whether the terminal is of a monitor staff or a general user). A service provider (200) acquires the check information and the service use log information and compares the check information to the service use log information so as to judge whether the service use log information is tampered.

Description

明 細 書  Specification
サービス提供装置、サービス提供システムおよびサービス提供方法 技術分野  SERVICE PROVIDING DEVICE, SERVICE PROVIDING SYSTEM, AND SERVICE PROVIDING METHOD TECHNICAL FIELD
[0001] この発明は、利用者の端末にサービスを提供するサービス提供装置などに関し、特 に、サービス提供に力かる仕事量を記録した情報の正当性を判定可能なサービス提 供装置、サービス提供システムおよびサービス提供方法に関するものである。  TECHNICAL FIELD [0001] The present invention relates to a service providing apparatus that provides a service to a user terminal, and in particular, a service providing apparatus and a service providing capable of determining the validity of information recording the amount of work involved in service provision The present invention relates to a system and a service providing method.
背景技術  Background art
[0002] サービスの提供を行おうとするサービスプロバイダは、サービスを提供するためのィ ンフラを保有して 、な 、場合に、インフラを保有して 、るデータセンタにサービスの提 供を行うための環境管理およびサービス提供の運営の委託を行っている。図 21は、 従来の技術を説明するための図である。  [0002] A service provider who wants to provide a service has an infrastructure for providing the service, and in some cases, has an infrastructure to provide the service to a data center. Entrusts management of environmental management and service provision. FIG. 21 is a diagram for explaining a conventional technique.
[0003] 図 21に示すように、サービスプロバイダによってサービス提供を行うための環境管 理'運営を委託されたデータセンタは、サービスプロバイダに代わってサービス利用 者にサービスを提供するとともに、サービス提供にカゝかる料金をサービスプロバイダ に請求している場合がある。  [0003] As shown in Fig. 21, the data center entrusted with the environmental management 'operation for providing services by the service provider provides services to the service users on behalf of the service providers and provides services. You may have charged your service provider with a fee.
[0004] データセンタがサービスプロバイダに請求する料金の課金方式は、サーバ等の費 用を一定の料金で請求する固定課金方式、あるいはサービス提供にカゝかる仕事量 に応じて料金が加算される従量課金方式が一般的に利用されている。近年では、リ ソースの有効利用などの観点から、データセンタがサービスプロバイダに請求する料 金の課金方式は、従量課金方式もとられるようになりつつある。  [0004] The billing method charged by the data center to the service provider is a fixed billing method that charges the server, etc. at a fixed fee, or a fee is added according to the amount of work involved in providing the service. Pay-per-use billing is generally used. In recent years, from the viewpoint of effective use of resources, etc., the billing method of charges charged by data centers to service providers is becoming a pay-as-you-go method.
[0005] データセンタが従量課金方式によって料金を請求する場合には、利用者に対して サービス提供を行った際の仕事量を記録し、仕事量に応じた料金を算出する。そし て、データセンタは、算出した料金をサービスプロバイダに請求するとともに、サービ ス提供に力かる仕事量を記録した情報をサービスプロノイダに通知することによって 、請求した料金の正当 '性を証明して!/、る。  [0005] When a data center charges a fee according to a pay-per-use billing method, the workload when the service is provided to the user is recorded, and a fee corresponding to the workload is calculated. The data center then charges the calculated fee to the service provider and notifies the service pronoida of information that records the amount of work required to provide the service to prove the validity of the charged fee. ! /
[0006] なお、特許文献 1では、顧客および貸与事業者の双方が、顧客の利用した電力量 の情報に基づいて貸与料金を算出し、それぞれの貸与料金を比較することによって 、貸与事業者が顧客に請求する貸与料金が正しいことを判定するという技術が公開 されている。 [0006] In Patent Document 1, both the customer and the lending company calculate a loan fee based on information on the amount of power used by the customer, and compare the respective loan fees. The technology that determines whether the lending fee charged by a lender to a customer is correct is disclosed.
[0007] 特許文献 1 :特開 2005— 50174号公報  Patent Document 1: Japanese Patent Application Laid-Open No. 2005-50174
発明の開示  Disclosure of the invention
発明が解決しょうとする課題  Problems to be solved by the invention
[0008] し力しながら、上述した従来の技術では、サービスプロバイダは、直接的にデータセ ンタと不特定多数の利用者との間で行われるサービスのやり取りを監視しているわけ ではないため、データセンタによって提示されるサービス提供に力かる仕事量の正当 性を判定するすべが無ぐ場合によっては仕事量が悪意のある人物に改竄されて不 当な料金を支払ってしまうなどの問題があった。  [0008] However, in the conventional technology described above, the service provider does not directly monitor service exchanges between the data center and an unspecified number of users. If there is no way to determine the legitimacy of the amount of work required to provide services provided by the data center, there is a problem that the amount of work is tampered with by a malicious person and an unfair fee is paid. It was.
[0009] この発明は、上述した従来技術による問題点を解消するためになされたものであり 、サービス提供にカゝかる仕事量を記録した情報の正当性を判定可能なサービス提供 装置、サービス提供システムおよびサービス提供方法を提供することを目的とする。 課題を解決するための手段  [0009] The present invention has been made to solve the above-described problems caused by the prior art, and provides a service providing apparatus and a service providing that can determine the legitimacy of information recording the amount of work involved in providing a service. An object is to provide a system and a service providing method. Means for solving the problem
[0010] 上述した課題を解決し、目的を達成するため、本発明は、コンピュータをアクセスし てきた端末に対し Webサービスを提供するサービス提供装置として機能させるサー ビス提供プログラムであって、前記コンピュータをアクセスしてきた端末に対して提供 したサービスの仕事量を計測し、計測した仕事量のデータをログデータとして記録す るデータ記録手段と、サービス要求に応答してサービスの提供を行う場合に、サービ スの提供先となる端末に前記データ記録手段によって記録されたログデータを監査 データとして送信する送信制御手段と、として機能させることを特徴とする。  In order to solve the above-described problems and achieve the object, the present invention provides a service providing program for causing a terminal accessing a computer to function as a service providing apparatus that provides a Web service, the computer When measuring the workload of the service provided to the terminal that has accessed the service, and recording the measured workload data as log data, and providing the service in response to the service request, It is characterized by functioning as transmission control means for transmitting log data recorded by the data recording means as audit data to a terminal that is a service providing destination.
[0011] また、本発明は、上記発明において、前記ログデータに基づいてダイジェスト値を 生成するダイジェスト値生成手段を更に備え、前記送信制御手段はサービス要求に 応答してサービスの提供を行う場合に、サービスの提供先となる端末に、前記ダイジ エスト値を送信することを特徴とする。  [0011] In the above invention, the present invention further includes digest value generation means for generating a digest value based on the log data, wherein the transmission control means provides a service in response to a service request. The digest value is transmitted to a terminal that provides a service.
[0012] また、本発明は、上記発明にお 、て、前記ダイジェスト値生成手段は前記データ記 録手段に記録された所定期間のログデータによってダイジェスト値を生成することを 特徴とする。 [0013] また、本発明は、サービスプロバイダにサービス提供の実施を委託されたサービス 提供装置が利用者の端末に対するサービス提供を行うサービス提供システムであつ て、前記サービス提供装置は、サービス提供に関する仕事量をアクセスしてきた端末 に対して提供したサービスの仕事量を計測し、計測した仕事量のデータをログデータ として記録するデータ記録手段と、サービス要求に応答してサービスの提供を行う場 合に、サービスの提供先となる端末に前記データ記録手段によって記録されたログ データを監査データとして送信する送信制御手段と、を備え、監査端末は、前記サ 一ビス提供装置にアクセスすることにより取得した前記監査データと、前記データ記 録手段に記録されたログデータを取得し、取得した監査データおよびログデータに 基づ 、て前記ログデータが改竄されて 、る力否かを判定する判定手段、を備えたこと を特徴とする。 [0012] Further, the present invention is characterized in that, in the above invention, the digest value generation means generates a digest value from log data of a predetermined period recorded in the data recording means. [0013] Furthermore, the present invention provides a service providing system in which a service providing apparatus entrusted to provide a service to a service provider provides a service to a user terminal, the service providing apparatus performing a service providing service. When measuring the workload of the service provided to the terminal that has accessed the volume, recording the measured workload data as log data, and providing the service in response to a service request Transmission control means for transmitting the log data recorded by the data recording means to the terminal as a service providing destination as audit data, and the audit terminal obtained by accessing the service providing apparatus Obtaining the audit data and log data recorded in the data recording means, and obtaining the audit data And log data based Dzu, the log data is tampered Te, Ru force whether a determination means, characterized by comprising a.
[0014] また、本発明は、サービス提供装置及び該サービス提供装置へ Webサービスを代 行させるプロバイダの監査者が利用する端末が行うサービス提供方法であって、サ 一ビス提供に関する仕事量をアクセスしてきた端末に対して提供したサービスの仕事 量を計測し、計測した仕事量のデータをログデータとして記録装置に記録する記録 工程と、サービス要求に応答してサービスの提供を行う場合に、サービスの提供先と なる端末に前記記録装置によって記録されたログデータを監査データとして送信す る送信制御工程と、前記監査員の端末に送信された前記監査データおよび前記ログ データを取得し、前記ログデータが改竄されている力否かを判定する判定工程と、を 含んだことを特徴とする。  [0014] Further, the present invention is a service providing method performed by a service providing apparatus and a terminal used by an inspector of a provider who substitutes the Web service to the service providing apparatus, and accesses a work amount related to service provision. The process of measuring the workload of the service provided to the terminal that has been received, recording the measured workload data as log data in the recording device, and providing the service in response to a service request A transmission control step of transmitting the log data recorded by the recording device as audit data to a terminal serving as a provision destination of the data; acquiring the audit data and the log data transmitted to the auditor's terminal; and And a determination step for determining whether or not the data has been tampered with.
発明の効果  The invention's effect
[0015] 本発明によれば、アクセスしてきた端末に対して提供したサービスの仕事量を計測 し、計測した仕事量のデータをログデータとして記録し、サービス要求に応答してサ 一ビスの提供を行う場合に、サービスの提供先となる端末に前記データ記録手段に よって記録されたログデータを監査データとして送信するので、ログデータの改竄を 防止することができる。  [0015] According to the present invention, the workload of the service provided to the accessed terminal is measured, the measured workload data is recorded as log data, and the service is provided in response to the service request. In this case, log data recorded by the data recording means is transmitted as audit data to a terminal that is a service providing destination, so that falsification of log data can be prevented.
[0016] また、本発明によれば、ログデータに基づ 、てダイジェスト値を生成し、サービス要 求に応答してサービスの提供を行う場合に、サービスの提供先となる端末に、ダイジ エスト値を送信するので、効率よくログデータの改竄を防止することができる。 [0016] Further, according to the present invention, when a digest value is generated based on log data and a service is provided in response to a service request, a digest is provided to a terminal serving as a service providing destination. Since the est value is transmitted, falsification of log data can be prevented efficiently.
[0017] また、本発明によれば、所定期間のログデータを基にしてダイジェスト値を生成し、 利用者の端末力ゝらのサービス要求に応答してサービス提供を行う場合に、サービス の提供先となる端末にダイジェスト値を送信するので、悪意のある第三者によって口 グデータが改竄されることをより困難にし、効率よくログデータの改竄を防止すること ができる。  [0017] Further, according to the present invention, when a digest value is generated based on log data for a predetermined period and a service is provided in response to a service request from a user's terminal, the service is provided. Since the digest value is transmitted to the previous terminal, it becomes more difficult for the malicious data to be altered by the malicious third party, and the log data can be efficiently prevented from being altered.
[0018] また、本発明によれば、サービス提供装置は、サービス提供に関する仕事量をァク セスしてきた端末に対して提供したサービスの仕事量を計測し、計測した仕事量のデ ータをログデータとして記録し、サービス要求に応答してサービスの提供を行う場合 に、サービスの提供先となる端末に前記データ記録手段によって記録されたログデ ータを監査データとして送信し、監査端末は、サービス提供装置にアクセスすること により取得した監査データと、データ記録手段に記録されたログデータを取得し、取 得した監査データおよびログデータに基づ 、てログデータが改竄されて 、るか否か を判定するので、ログデータの改竄を防止することができる。  [0018] Further, according to the present invention, the service providing apparatus measures the work amount of the service provided to the terminal that has accessed the work amount related to the service provision, and obtains the measured work amount data. When the log data is recorded and the service is provided in response to the service request, the log data recorded by the data recording means is transmitted as the audit data to the terminal that provides the service. Whether the audit data acquired by accessing the service providing device and the log data recorded in the data recording means are acquired, and whether or not the log data is falsified based on the acquired audit data and log data. Therefore, falsification of log data can be prevented.
図面の簡単な説明  Brief Description of Drawings
[0019] [図 1]図 1は、本実施例 1にかかるサービス提供システムの概要および特徴を説明す るための図である。  FIG. 1 is a diagram for explaining the outline and features of the service providing system according to the first embodiment.
[図 2]図 2は、本実施例 1にかかるサービス提供システムのシステム構成図である。  FIG. 2 is a system configuration diagram of the service providing system according to the first embodiment.
[図 3]図 3は、本実施例 1にかかるデータセンタの構成を示す機能ブロック図である。  FIG. 3 is a functional block diagram of the configuration of the data center according to the first embodiment.
[図 4]図 4は、サービス利用ログ情報のデータ構造の一例を示す図である。  FIG. 4 is a diagram illustrating an example of a data structure of service usage log information.
[図 5]図 5は、本実施例 1にかかる監査情報のデータ構造の一例を示す図である。  FIG. 5 is a diagram of an example of a data structure of audit information according to the first embodiment.
[図 6]図 6は、本実施例 1にかかるサービスプロバイダの構成を示す機能ブロック図で ある。  FIG. 6 is a functional block diagram of the configuration of the service provider according to the first embodiment.
[図 7]図 7は、本実施例 1にかかる監査管理情報のデータ構造の一例を示す図である  FIG. 7 is a diagram illustrating an example of a data structure of audit management information according to the first embodiment.
[図 8]図 8は、本実施例 1にかかるログ情報検証部が行う処理を説明するための説明 図である。 FIG. 8 is an explanatory diagram for explaining the process performed by the log information verification unit according to the first embodiment.
[図 9]図 9は、本実施例 1にかかるデータセンタがサービス提供を行う場合の処理手 順を示すフローチャートである。 [FIG. 9] FIG. 9 is a flowchart of processing when the data center according to the first embodiment provides a service. It is a flowchart which shows order.
[図 10]図 10は、本実施例 1にかかるサービスプロバイダが行う判定処理の処理手順 を示すフローチャートである。  FIG. 10 is a flowchart of a determination process performed by the service provider according to the first embodiment.
[図 11]図 11は、本実施例 2にかかるサービス提供システムの概要および特徴を説明 するための図である。  FIG. 11 is a diagram for explaining the outline and features of the service providing system according to the second embodiment.
[図 12]図 12は、本実施例 2にかかるサービス提供システムのシステム構成図である。  FIG. 12 is a system configuration diagram of the service providing system according to the second embodiment.
[図 13]図 13は、本実施例 2にかかるデータセンタの構成を示す機能ブロック図である FIG. 13 is a functional block diagram of the configuration of the data center according to the second embodiment.
[図 14]図 14は、本実施例 2にかかる監査情報のデータ構造の一例を示す図である。 FIG. 14 is a diagram illustrating an example of a data structure of audit information according to the second embodiment.
[図 15]図 15は、本実施例 2にかかるサービスプロバイダの構成を示す機能ブロック図 である。 FIG. 15 is a functional block diagram of the configuration of the service provider according to the second embodiment.
[図 16]図 16は、本実施例 2にかかる監査管理情報のデータ構造の一例を示す図で ある。  FIG. 16 is a diagram illustrating an example of a data structure of audit management information according to the second embodiment.
[図 17]図 17は、本実施例 2にかかるログ情報検証部が行う処理を説明するための説 明図である。  FIG. 17 is an explanatory diagram for explaining the process performed by the log information verification unit according to the second embodiment.
[図 18]図 18は、本実施例 2にかかるデータセンタがサービス提供を行う場合の処理 手順を示すフローチャートである。  FIG. 18 is a flowchart of a process procedure performed when the data center according to the second embodiment provides a service.
[図 19]図 19は、本実施例 2にかかるサービスプロバイダが行う判定処理の処理手順 を示すフローチャートである。  FIG. 19 is a flowchart of a determination process performed by the service provider according to the second embodiment.
[図 20]図 20は、図 2に示したデータセンタあるいはサービスプロバイダを構成するコ ンピュータのハードウェア構成を示す図である。  FIG. 20 is a diagram showing a hardware configuration of a computer constituting the data center or service provider shown in FIG.
[図 21]図 21は、従来の技術を説明するための図である。  FIG. 21 is a diagram for explaining a conventional technique.
符号の説明 Explanation of symbols
10, 20 利用者端末  10, 20 User terminal
30 入力装置  30 input devices
31 モニタ  31 Monitor
32 RAM  32 RAM
32a, 37a 各種データ ROM 32a, 37a Various data ROM
媒体読取装置  Media reader
ネットワークインターフェース  Network interface
CPU CPU
a 各種プロセス a Various processes
HDD HDD
b 各種プログラム b Various programs
ノ ス  Noth
ネットワーク network
, 300 デ -タセンタ, 300 Data center
, 210, 310, 410 入力部, 210, 310, 410 Input section
, 220, 320, 420 出力部, 220, 320, 420 Output section
, 230, 330, 430 通信制御部, 230, 330, 430 Communication controller
, 240, 340, 440 入出力制御 IF部, 240, 340, 440 I / O control IF section
, 250, 350, 450 0己' 1思 p, 250, 350, 450 0
a, 250b, 350a, 450b サービス禾 ログ情報, 260, 360, 460 制御部a, 250b, 350a, 450b Service 禾 Log information, 260, 360, 460 Control unit
a, 360a サービス提供部a, 360a Service Department
b, 360b サービス利用ログ情報作成部c, 360c 監査情報管理部b, 360b Service usage log information creation part c, 360c Audit information management part
d, 360e 電子署名作成部d, 360e Digital signature creation department
e, 360f B音号ィ匕処理部e, 360f B sound processing unit
, 400 サービスプロバイダ, 400 Service Provider
a, 450a 監査管理情報a, 450a Audit management information
a, 460a 復号化処理部a, 460a Decryption processor
b, 460b 署名検証部b, 460b Signature verification part
c, 460c ログ情報検証部c, 460c Log information verification unit
d ダイジェスト値算出部 460d ダイジェスト値検証部 d Digest value calculator 460d digest value verification unit
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0021] 以下に添付図面を参照して、この発明に係るサービス提供装置、サービス提供シス テムおよびサービス提供方法の好適な実施の形態を詳細に説明する。 Hereinafter, preferred embodiments of a service providing apparatus, a service providing system, and a service providing method according to the present invention will be described in detail with reference to the accompanying drawings.
実施例 1  Example 1
[0022] まず、本実施例 1にかかるサービス提供システムの概要および特徴にっ 、て説明 する。図 1は、本実施例 1にかかるサービス提供システムの概要および特徴を説明す るための図である。本実施例 1にかかるサービス提供システムは、サービスプロバイダ にサービス提供を委託されたデータセンタがサービス提供に関する仕事量を監査す る監査員の端末および一般の利用者の端末に対して提供したサービスの仕事量を 計測し、計測した仕事量のデータをサービス利用ログ情報として記録装置に記録し、 サービス要求に応答してサービスの提供を行う場合に、サービス利用ログ情報の一 部を監査情報としてサービスの提供先となる端末 (監査員の端末力利用者の端末か はデータセンタには判らない)に送信する。  First, the outline and features of the service providing system according to the first embodiment will be described. FIG. 1 is a diagram for explaining the outline and features of the service providing system according to the first embodiment. In the service providing system according to the first embodiment, the data center entrusted with service provision to the service provider provides services provided to the terminals of auditors and general user terminals that audit the workload related to the service provision. When the workload is measured, the measured workload data is recorded in the recording device as service usage log information, and a service is provided in response to a service request, a part of the service usage log information is serviced as audit information. The data is sent to the terminal to which the data is provided (the data center does not know whether the terminal is a user of the auditor's terminal power).
[0023] そして、サービスプロバイダがデータセンタ力も仕事量 (サービス利用ログ情報)に 応じた料金を請求された場合に、サービスプロバイダは、監査情報とサービス利用口 グ情報とを取得して監査情報とサービス利用ログ情報とを比較し、サービス利用ログ 情報が不正に改竄されている力否かを判定する(サービス利用ログ情報が不正に改 竄されると、データセンタ力 サービスプロバイダに不当な料金が請求される)。  [0023] Then, when the service provider is charged a fee corresponding to the workload of the data center (service usage log information), the service provider acquires the audit information and the service usage log information to obtain the audit information and The service usage log information is compared with the service usage log information to determine whether the service usage log information has been tampered with. (If the service usage log information is tampered with, the data center power service provider has an unfair fee. Will be charged).
[0024] このように、本実施例 1にかかるサービス提供システムは、データセンタがサービス 要求を受け付けた場合に、サービス提供先となる端末に監査情報を送信し、サービ スプロバイダが監査情報とサービス利用ログ情報とを取得してサービス利用ログ情報 が改竄されているか否かを判定するので、悪意のある人物によってサービス利用ログ 情報が改竄され、不正な料金が請求されるという問題を解消することができる。また、 データセンタは仕事量に応じた料金をサービスプロバイダに請求する場合に、サー ビス利用ログ情報をサービスプロバイダに出力し、監査員の端末に送信した監査情 報と比較させることで、請求した料金の正当性を証明することができる。  [0024] As described above, when the data center receives a service request, the service providing system according to the first embodiment transmits the audit information to the terminal that is the service providing destination, and the service provider transmits the audit information and the service. The usage log information is obtained and it is determined whether the service usage log information has been tampered with, so that the problem that the malicious user charges the service usage log information and charges an unauthorized fee is solved. Can do. In addition, when the data center charges the service provider for a fee according to the workload, the service center logs the service usage log information to the service provider and compares it with the audit information sent to the auditor's terminal. You can prove the validity of the fee.
[0025] つぎに、本実施例 1にかかるサービス提供システムのシステム構成にっ ヽて説明す る。図 2は、本実施例 1にかかるサービス提供システムのシステム構成図である。同図 に示すように、このサービス提供システムは、利用者端末 10, 20と、データセンタ 10 0と、サービスプロノくイダ 200とを備える。また、利用者端末 10, 20、データセンタ 10 0、サービスプロバイダ 200は、ネットワーク 50によって接続されている。なお、ここで は説明の便宜上、利用者端末 10, 20を示したが、これに限定されるものではなぐそ の他複数の利用者端末もネットワーク 50に接続されているものとする。 Next, the system configuration of the service providing system according to the first embodiment will be described. The FIG. 2 is a system configuration diagram of the service providing system according to the first embodiment. As shown in the figure, this service providing system includes user terminals 10, 20, a data center 100, and a service router 200. The user terminals 10, 20, the data center 100, and the service provider 200 are connected by a network 50. Although the user terminals 10 and 20 are shown here for convenience of explanation, it is assumed that a plurality of other user terminals are also connected to the network 50 without being limited thereto.
[0026] 利用者端末 10, 20は、監査員あるいは一般の利用者によって操作され、データセ ンタ 100にアクセスして所望のサービス提供を受け付ける装置である。また、利用者 端末 10 (あるいは利用者端末 20)を操作する監査員は、データセンタ 100にアクセス した場合に、データセンタ力も送信される監査情報を取得し、取得した監査情報をサ 一ビスプロバイダ 200に送信する。  The user terminals 10 and 20 are devices that are operated by an auditor or a general user to access the data center 100 and receive a desired service provision. In addition, when an auditor who operates the user terminal 10 (or the user terminal 20) accesses the data center 100, the auditor acquires the audit information that is also transmitted by the data center, and uses the acquired audit information as a service provider. Send to 200.
[0027] データセンタ 100は、サービスプロバイダ 200にサービス提供の実施を委託され、 サービスプロバイダ 200の代わりにサービス提供を行う装置である。また、データセン タ 100は、利用者端末 10, 20に提供したサービスの仕事量を計測し、計測した仕事 量の情報、すなわち、サービス利用ログ情報を生成するとともに、監査情報をサービ ス提供先の利用者端末に送信する。なお、データセンタ 100の管理者は、サービス 利用ログ情報に基づいてデータサービスプロバイダ 200の管理者に料金の請求を行 うことになる。  The data center 100 is a device that is entrusted with service provision to the service provider 200 and provides the service instead of the service provider 200. In addition, the data center 100 measures the workload of the service provided to the user terminals 10 and 20, generates information on the measured workload, that is, service usage log information, and sends the audit information to the service provider. To the user terminal. Note that the administrator of the data center 100 charges the administrator of the data service provider 200 based on the service usage log information.
[0028] サービスプロバイダ 200は、データセンタ 100にサービス提供を委託し、データセン タ 100の管理者等から、サービス利用ログ情報に応じた料金を請求された場合など に、監査員の操作する利用者端末 10, 20から監査情報を取得し、取得した監査情 報とサービス利用ログ情報とを基にしてサービス利用ログ情報が改竄されて 、な 、か 否かを判定する装置である。  [0028] The service provider 200 entrusts the service provision to the data center 100, and when the service provider 200 is charged by the administrator of the data center 100 according to the service usage log information, the service provider 200 operates the auditor. This is a device that obtains audit information from the user terminals 10 and 20, and determines whether or not the service use log information has been falsified based on the obtained audit information and service use log information.
[0029] つぎに、図 2に示したデータセンタ 100の構成について説明する。図 3は、本実施 例 1にかかるデータセンタ 100の構成を示す機能ブロック図である。同図に示すよう に、このデータセンタ 100は、入力部 110と、出力部 120と、通信制御部 130と、入出 力制御 IF部 140と、記憶部 150と、制御部 160とを備えて構成される。  Next, the configuration of the data center 100 shown in FIG. 2 will be described. FIG. 3 is a functional block diagram of the configuration of the data center 100 according to the first embodiment. As shown in the figure, the data center 100 includes an input unit 110, an output unit 120, a communication control unit 130, an input / output control IF unit 140, a storage unit 150, and a control unit 160. Is done.
[0030] このうち、入力部 110は、各種の情報を入力する入力手段であり、キーボードやマ ウス、マイクなどによって構成される。なお、後述するモニタ(出力部 120)も、マウスと 協働してポインティングディバイス機能を実現する。 [0030] Of these, the input unit 110 is an input means for inputting various types of information. Consists of a mouse and a microphone. The monitor (output unit 120) described later also realizes a pointing device function in cooperation with the mouse.
[0031] 出力部 120は、各種の情報を出力する出力手段であり、モニタ (若しくはディスプレ ィ、タツチパネル)やスピーカなどによって構成される。通信制御部 130は、主に、利 用者端末 10, 20およびサービスプロバイダ 200との間における通信を制御する手段 であり、入出力制御 IF部 140は、入力部 110と、出力部 120と、通信制御部 130と、 記憶部 150と、制御部 160によるデータの入出力を制御する手段である。  [0031] The output unit 120 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like. The communication control unit 130 is mainly means for controlling communication between the user terminals 10 and 20 and the service provider 200. The input / output control IF unit 140 includes an input unit 110, an output unit 120, This is a means for controlling data input / output by the communication control unit 130, the storage unit 150, and the control unit 160.
[0032] 記憶部 150は、制御部 160による各種処理に必要なデータおよびプログラムを記 憶する記憶手段であり、特に本発明に密接に関連するものとしては、図 3に示すよう に、サービス利用ログ情報 150aを備える。  [0032] The storage unit 150 is a storage unit that stores data and programs necessary for various processes by the control unit 160. In particular, as shown in FIG. Log information 150a is provided.
[0033] ここで、サービス利用ログ情報 150aは、サービス提供に関する仕事量の情報を記 録したデータである。図 4は、サービス利用ログ情報 150aのデータ構造の一例を示 す図である。同図に示すように、このサービス利用ログ情報 150aは、アクセス発生時 間、アクセス元(データセンタにサービス要求を行った利用者端末)の IP (Internet P rotocol)アドレス、アクセス元のポート(ポート番号)、アクセス先 URL (Uniform Resou rce Locator)、提供サービスの積算利用回数を示す積算アクセス回数を備える。な お、図示しないが、サービス利用ログ情報 150aには、その他にも、セッション指向サ 一ビスなどのセッション利用時間、認証型サービスの場合の使用されるユーザ ID (Ide ntification)などが含まれる。  [0033] Here, the service use log information 150a is data in which information on a work amount related to service provision is recorded. FIG. 4 is a diagram showing an example of the data structure of the service usage log information 150a. As shown in the figure, this service usage log information 150a includes the access occurrence time, the IP (Internet Protocol) address of the access source (the user terminal that made the service request to the data center), the access source port (port Number), access destination URL (Uniform Resource Locator), and cumulative access count indicating the cumulative usage count of the service provided. Although not shown, the service usage log information 150a includes a session usage time such as a session-oriented service, a user ID (Idification) used in the case of an authentication type service, and the like.
[0034] 制御部 160は、各種の処理手順を規定したプログラムや制御データを格納するた めの内部メモリを有し、これらによって種々の処理を実行する制御手段であり、特に 本発明に密接に関連するものとしては、図 3に示すように、サービス提供部 160aと、 サービス利用ログ情報作成部 160bと、監査情報管理部 160cと、電子署名作成部 1 60dと、暗号ィ匕処理部 160eとを備える。  [0034] The control unit 160 has an internal memory for storing programs and control data defining various processing procedures, and is a control means for executing various processes by these, and is closely related to the present invention. As shown in FIG. 3, the service providing unit 160a, the service usage log information creating unit 160b, the audit information managing unit 160c, the electronic signature creating unit 160d, and the encryption key processing unit 160e are as shown in FIG. Is provided.
[0035] サービス提供部 160aは、利用者端末 10, 20からサービス要求を受け付けた場合 に、種々のサービスをサービス要求元の利用者端末に提供する処理部である。例え ば、サービス提供部 160aは、サービス要求元の利用者端末の Webブラウザに Web ページを表示させ、様々な情報提供を行う。 [0036] また、サービス提供部 160aは、入力部 110からサービス利用ログ情報 150aの出力 命令を受け付けた場合には、サービス利用ログ情報 150aをサービスプロバイダ 200 に出力する(サービス利用ログ情報 150aは、後述する暗号ィ匕処理部 160eによって 暗号ィ匕された後に出力される)。この出力命令は、データセンタ 100の管理者力 サ 一ビス提供にカゝかる料金の請求をサービスプロバイダ 200の管理者に請求する場合 などに、データセンタ 100の管理者によって入力されるものとする。 [0035] The service providing unit 160a is a processing unit that provides various services to the user terminal of the service request source when a service request is received from the user terminals 10 and 20. For example, the service providing unit 160a provides a variety of information by displaying a Web page on the Web browser of the user terminal of the service request source. [0036] When the service providing unit 160a receives an output command for the service usage log information 150a from the input unit 110, the service providing unit 160a outputs the service usage log information 150a to the service provider 200 (the service usage log information 150a is (It is output after being encrypted by the encryption key processing unit 160e described later). This output command shall be input by the administrator of the data center 100 when, for example, the administrator of the service provider 200 is charged for the fee for providing the service capability of the administrator of the data center 100. .
[0037] サービス利用ログ情報作成部 160bは、サービス提供部 160aが利用者端末 10, 2 0に対して行うサービスの仕事量 (Webページへのアクセス数、データの転送量、ァ クセス時間、登録ユーザ数等)を計測し、サービス利用ログ情報 150a (図 4参照)を 作成する処理部である。  [0037] The service use log information creation unit 160b is a service workload (service number of accesses to the web page, data transfer amount, access time, registration) performed by the service providing unit 160a on the user terminals 10, 20 This is a processing unit that measures service usage log information 150a (see Fig. 4).
[0038] 監査情報管理部 160cは、サービス利用ログ情報 150aを基にして監査情報を作成 し、サービス提供部 160aがサービス提供を行っている利用者端末に対して、監査情 報を送信する処理部である。具体的に、監査情報管理部 160cは、サービス提供部 1 60aがサービス提供を行 ヽ、サービス利用ログ情報作成部 160bがサービスに応じた 仕事量の情報をサービス利用ログ情報 150aに記録した場合に、かかるサービス利 用ログ情報 150aに記録された情報の一部を抽出し、抽出した情報を監査情報として 、対応する利用者端末に送信する。なお、サービス利用ログ情報 150aから抽出する 情報は、サービス提供を受けている利用者端末に対応する情報でもよいし、その他、 サービス利用ログ情報 150aに記録された過去複数の情報でもよい。  [0038] The audit information management unit 160c creates audit information based on the service usage log information 150a, and the service providing unit 160a transmits the audit information to the user terminal that provides the service. Part. Specifically, the audit information management unit 160c is provided when the service providing unit 160a provides the service, and the service usage log information creation unit 160b records the workload information corresponding to the service in the service usage log information 150a. Then, a part of the information recorded in the service usage log information 150a is extracted, and the extracted information is transmitted as audit information to the corresponding user terminal. The information extracted from the service usage log information 150a may be information corresponding to the user terminal receiving the service provision, or may be a plurality of past information recorded in the service usage log information 150a.
[0039] 図 5は、本実施例 1にかかる監査情報のデータ構造の一例を示す図である。同図に 示すように、この監査情報は、アクセス発生時間と、 IPアドレスと、ポートと、アクセス 先 URLと、積算アクセス回数とを備える。なお、図示しないが、監査情報には、セッシ ヨン指向サービスなどのセッション利用時間、認証型サービスの場合に使用されるュ 一ザ IDなども含まれる。  FIG. 5 is a diagram illustrating an example of a data structure of audit information according to the first embodiment. As shown in the figure, this audit information includes an access occurrence time, an IP address, a port, an access destination URL, and an accumulated access count. Although not shown in the figure, the audit information includes a session usage time such as a session-oriented service and a user ID used in the case of an authentication type service.
[0040] 電子署名作成部 160dは、公開鍵暗号方式などを利用して、電子署名データを作 成し、監査情報管理部 160cによって作成された監査情報に電子署名データを添付 する処理部である。例えば、電子署名作成部 160dは、監査情報からメッセージダイ ジェストを作成し、力かるメッセージダイジェストを秘密鍵で暗号ィ匕した電子署名デー タを添付する。また、暗号ィ匕処理部 160eは、監査情報管理部 160cによって作成さ れた監査情報を暗号化する処理部である。すなわち、監査情報管理部 160cは、電 子署名が添付され、かつ、暗号化された監査情報を利用者端末 10, 20に出力する ことになる。 [0040] The electronic signature creation unit 160d is a processing unit that creates electronic signature data using a public key cryptosystem and attaches the electronic signature data to the audit information created by the audit information management unit 160c. . For example, the electronic signature creation unit 160d creates a message digest from the audit information, and encrypts the powerful message digest with a private key. Attach the data. The encryption key processing unit 160e is a processing unit that encrypts the audit information created by the audit information management unit 160c. That is, the audit information management unit 160c outputs the audit information encrypted with the electronic signature attached thereto to the user terminals 10 and 20.
[0041] また、暗号化処理部 160eは、サービス提供部 160aがサービス利用ログ情報 150a をサービスプロバイダ 200に出力する場合に、かかるサービス利用ログ情報 150aを 暗号化する。  [0041] Further, when the service providing unit 160a outputs the service usage log information 150a to the service provider 200, the encryption processing unit 160e encrypts the service usage log information 150a.
[0042] つぎに、図 2に示したサービスプロバイダ 200の構成について説明する。図 6は、本 実施例 1にかかるサービスプロバイダ 200の構造を示す機能ブロック図である。同図 に示すように、このサービスプロノイダ 200は、入力部 210と、出力部 220と、通信制 御部 230と、入出力制御 IF部 240と、記憶部 250と、制御部 260とを備えて構成され る。  Next, the configuration of service provider 200 shown in FIG. 2 will be described. FIG. 6 is a functional block diagram of the structure of the service provider 200 according to the first embodiment. As shown in the figure, the service pronoider 200 includes an input unit 210, an output unit 220, a communication control unit 230, an input / output control IF unit 240, a storage unit 250, and a control unit 260. Configured.
[0043] このうち、入力部 210は、各種の情報を入力する入力手段であり、キーボードやマ ウス、マイクなどによって構成される。なお、後述するモニタ(出力部 220)も、マウスと 協働してポインティングディバイス機能を実現する。  [0043] Among these, the input unit 210 is an input means for inputting various types of information, and includes a keyboard, a mouse, a microphone, and the like. The monitor (output unit 220) described later also realizes a pointing device function in cooperation with the mouse.
[0044] 出力部 220は、各種の情報を出力する出力手段であり、モニタ (若しくはディスプレ ィ、タツチパネル)やスピーカなどによって構成される。通信制御部 230は、主に、利 用者端末 10, 20およびデータセンタ 100との間における通信を制御する手段であり 、入出力制御 IF部 240は、入力部 210と、出力部 220と、通信制御部 230と、記憶部 250と、制御部 260によるデータの入出力を制御する手段である。  The output unit 220 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like. The communication control unit 230 is mainly means for controlling communication between the user terminals 10 and 20 and the data center 100. The input / output control IF unit 240 includes an input unit 210, an output unit 220, This is means for controlling input / output of data by the communication control unit 230, the storage unit 250, and the control unit 260.
[0045] 記憶部 250は、制御部 260による各種処理に必要なデータおよびプログラムを記 憶する記憶手段であり、特に本発明に密接に関連するものとしては、図 6に示すよう に、監査管理情報 250aおよびサービス利用ログ情報 250bを備える。  [0045] The storage unit 250 is a storage unit that stores data and programs necessary for various types of processing by the control unit 260. Particularly, as closely related to the present invention, as shown in FIG. Information 250a and service usage log information 250b are provided.
[0046] 監査管理情報 250aは、監査員の操作する利用者端末 10, 20から送信される複数 の監査情報を記録したデータである。図 7は、本実施例 1にかかる監査管理情報 250 aのデータ構造の一例を示す図である。同図に示すように、この監査管理情報 250a は、複数の監査情報を記録している。  [0046] The audit management information 250a is data in which a plurality of pieces of audit information transmitted from the user terminals 10 and 20 operated by the auditor are recorded. FIG. 7 is a diagram illustrating an example of the data structure of the audit management information 250a according to the first embodiment. As shown in the figure, this audit management information 250a records a plurality of audit information.
[0047] サービス利用ログ情報 250bは、データセンタ 100力 料金の請求をサービスプロ バイダに行う場合に、力かる料金請求の正当性を証明するために、サービスプロバイ ダ 200に出力するデータである。サービス利用ログ情報 250bのデータ構造は、デー タセンタ 100の記憶部 150に記憶されたサービス利用ログ情報 150a (図 4参照)と同 様であるため説明を省略する。 [0047] Service usage log information 250b is used to charge the data center 100 This data is output to the service provider 200 in order to prove the correctness of the charge billing when it is made to the binder. Since the data structure of the service usage log information 250b is the same as the service usage log information 150a (see FIG. 4) stored in the storage unit 150 of the data center 100, the description thereof is omitted.
[0048] 制御部 260は、各種の処理手順を規定したプログラムや制御データを格納するた めの内部メモリを有し、これらによって種々の処理を実行する制御手段であり、特に 本発明に密接に関連するものとしては、図 6に示すように、復号化処理部 260aと、署 名検証部 260bと、ログ情報検証部 260cとを備える。  [0048] The control unit 260 is a control means that has an internal memory for storing programs and control data that define various processing procedures, and performs various processing using these programs, and is closely related to the present invention. As related items, as shown in FIG. 6, a decryption processing unit 260a, a signature verification unit 260b, and a log information verification unit 260c are provided.
[0049] 復号化処理部 260aは、監査員の操作する利用者端末 10, 20 (あるいは、入力部 2 10)から監査情報 (暗号化された監査情報)を取得した場合に、取得した監査情報を 復号化し、復号化した監査情報を監査管理情報 250aに記憶させる処理部である。 また、復号化処理部 260aは、データセンタ 100から出力されたサービス利用ログ情 報 (暗号化されたサービス利用ログ情報)を復号化し、復号ィ匕したサービス利用ログ 情報を、サービス利用ログ情報 250bとして記憶部 250に記憶させる。  [0049] When the decryption processing unit 260a obtains audit information (encrypted audit information) from the user terminals 10, 20 (or the input unit 2 10) operated by the auditor, the obtained audit information Is a processing unit that decrypts the audit information and stores the decrypted audit information in the audit management information 250a. In addition, the decryption processing unit 260a decrypts the service usage log information (encrypted service usage log information) output from the data center 100, and uses the decrypted service usage log information as the service usage log information 250b. Is stored in the storage unit 250.
[0050] 署名検証部 260bは、監査情報に添付された電子署名データを取得し、公開鍵暗 号方式などを利用して、監査情報が改竄されている力否かを判定する処理部である 。例えば、署名検証部 260bは、監査情報からメッセージダイジェストを作成するととも に、電子署名データを公開鍵で復号化し、監査情報から作成されたメッセージダイジ ェストと電子署名データを復号ィ匕したメッセージダイジェストと比較して、双方のメッセ ージダイジェストが不一致の場合に、監査情報が改竄されていると判定する。そして 、署名検証部 260bは、監査情報が改竄されていると判定した場合には、当該改竄さ れた監査情報を監査管理情報 250aから削除するとともに、監査情報が改竄されてい た旨の情報を出力部 220に出力する。  [0050] The signature verification unit 260b is a processing unit that acquires the electronic signature data attached to the audit information and determines whether or not the audit information has been tampered with using a public key encryption method or the like. . For example, the signature verification unit 260b creates a message digest from the audit information, decrypts the electronic signature data with the public key, and decrypts the message digest created from the audit information and the electronic signature data. In comparison, if both message digests do not match, it is determined that the audit information has been tampered with. If the signature verification unit 260b determines that the audit information has been tampered with, the signature verification unit 260b deletes the tampered audit information from the audit management information 250a, and displays information indicating that the audit information has been tampered with. Output to the output unit 220.
[0051] ログ情報検証部 260cは、監査管理情報 250aとサービス利用ログ情報 250bとを比 較して、サービス利用ログ情報 250bが不正に改竄されているか否かを判定する処理 部である。図 8は、本実施例 1にかかるログ情報検証部 260cが行う処理を説明する ための説明図である。まず、ログ情報検証部 260cは、サービス利用ログ情報 250bの IPアドレスに矛盾が無いか否かを判定する(予め、ログ情報検証部 260cは、存在し 得る利用者端末の IPアドレス (サービス提供対象となる利用者端末の IPアドレスなど )を保持しておき、力かる IPアドレス以外の IPアドレスがサービス利用ログ情報 250b に存在する場合に、 IPアドレスに矛盾があると判定する)。ログ情報検証部 260cは、 サービス利用ログ情報 250bの IPアドレスに矛盾がある場合にはその旨を出力部 22 0に出力する。 [0051] The log information verification unit 260c is a processing unit that compares the audit management information 250a and the service usage log information 250b to determine whether or not the service usage log information 250b has been tampered with. FIG. 8 is an explanatory diagram for explaining the process performed by the log information verification unit 260c according to the first embodiment. First, the log information verification unit 260c determines whether or not there is a contradiction in the IP address of the service usage log information 250b (the log information verification unit 260c exists in advance). If the IP address of the user terminal to be obtained (such as the IP address of the user terminal that is the target of service provision) is stored and an IP address other than the IP address to be used exists in the service usage log information 250b, the IP address Judge that there is a contradiction). When there is a contradiction in the IP address of the service usage log information 250b, the log information verification unit 260c outputs that fact to the output unit 220.
[0052] 続いて、ログ情報検証部 260cは、監査管理情報 250aとサービス利用ログ情報 25 Obとを比較して、監査管理情報 250aの監査情報に対応するデータがサービス利用 ログ情報 250bに含まれるか否かを判定する。ログ情報検証部 260cは、監査管理情 報 250aの監査情報に対応するデータがサービス利用ログ情報 250bに含まれない 場合に、サービス利用ログ情報 250bが改竄されたと判定し、その旨を出力部 220に 出力する。  [0052] Subsequently, the log information verification unit 260c compares the audit management information 250a with the service usage log information 25 Ob, and data corresponding to the audit information of the audit management information 250a is included in the service usage log information 250b. It is determined whether or not. The log information verification unit 260c determines that the service usage log information 250b has been tampered with when the data corresponding to the audit information of the audit management information 250a is not included in the service usage log information 250b, and the output unit 220 Output to.
[0053] また、ログ情報検証部 260cは、監査管理情報 250aとサービス利用ログ情報 250b とを比較して、監査情報のアクセス発生時間と監査情報に対応するサービス利用口 グ情報 250b中のアクセス発生時間との差分を算出し、算出した差分が規定値以上 の場合に、サービス利用ログ情報 250bが改竄されたと判定し、その旨を出力部 220 に出力する。例えば、積算アクセス回数をキーにした場合、積算アクセス回数「5802 2」の監査情報のアクセス発生時間は、「2006年 8月 1日 10時 18分 18. 015秒」とな り、力かるアクセス監査情報に対応するサービス利用ログ情報 250b中のアクセス発 生時間は、サービス利用ログ情報 250bの積算アクセス回数「58022」に対応するァ クセス発生時間「2006年 8月 1日 10時 18分 18. 015秒」となり、双方のアクセス発生 時間の差分を算出し、算出した差分と規定値とを比較することになる。  [0053] Further, the log information verification unit 260c compares the audit management information 250a with the service usage log information 250b, and determines the access occurrence time in the audit information and the access occurrence in the service usage log information 250b corresponding to the audit information. A difference with time is calculated, and if the calculated difference is equal to or greater than a specified value, it is determined that the service usage log information 250b has been tampered with, and a message to that effect is output to the output unit 220. For example, when the accumulated access count is used as a key, the access occurrence time of the audit information for the accumulated access count “5802 2” is “August 1, 2006 10: 18: 18.015 seconds”. The access occurrence time in the service usage log information 250b corresponding to the audit information is the access occurrence time corresponding to the cumulative access count “58022” in the service usage log information 250b “10:18 on August 1, 2006 18. 015 seconds ", the difference between the access occurrence times of both is calculated, and the calculated difference is compared with the specified value.
[0054] また、ログ情報検証部 260cは、監査管理情報 250aとサービス利用ログ情報 250b とを比較して、サービス利用ログ情報 250bの積算アクセス回数が適切か否かを判定 する。例えば、ログ情報検証部 260cは、監査情報の積算アクセス回数に対応する IP アドレスと、サービス利用ログ情報 250bの積算アクセス回数に対応する IPアドレスと を比較し、双方の IPアドレスが一致するか否かを判定する。 IPアドレスが一致しない 場合には、ログ情報検証部 260cは、サービス利用ログ情報 250bが改竄されたと判 定し、その旨を出力部 220に出力する。 [0055] また、ログ情報検証部 260cは、サービス利用ログ情報 250b中の所定の IPアドレス (監査員が操作した利用者端末の IPアドレス)の数が、監査アクセスの回数 (監査員 が利用者端末を操作してデータセンタ 100にサービス要求を行った回数)と等しいか 否かを判定し、等しくない場合に、サービス利用ログ情報 250bが改竄されたと判定し 、その旨を出力部 220に出力する。なお、ログ情報検証部 260cは、監査員の操作す る利用者端末の IPアドレスおよび監査アクセスの回数の情報を予め入力部 210など 力 取得し、力かる情報を保持しているものとする。 In addition, the log information verification unit 260c compares the audit management information 250a with the service usage log information 250b, and determines whether or not the accumulated access count of the service usage log information 250b is appropriate. For example, the log information verification unit 260c compares the IP address corresponding to the cumulative access count of the audit information with the IP address corresponding to the cumulative access count of the service usage log information 250b, and determines whether or not both IP addresses match. Determine whether. If the IP addresses do not match, the log information verification unit 260c determines that the service usage log information 250b has been tampered with, and outputs that fact to the output unit 220. [0055] In addition, the log information verification unit 260c indicates that the number of predetermined IP addresses in the service usage log information 250b (the IP address of the user terminal operated by the auditor) is the number of audit accesses (the auditor is the user). The number of service requests made to the data center 100 by operating the terminal), and if not, it is determined that the service usage log information 250b has been tampered with, and a message to that effect is output to the output unit 220. To do. It is assumed that the log information verification unit 260c acquires in advance the information such as the IP address of the user terminal operated by the auditor and the number of times of audit access by using the input unit 210 and the like, and holds the information that is helpful.
[0056] つぎに、データセンタ 100がサービス提供を行う場合の処理手順について説明す る。図 9は、本実施例 1にかかるデータセンタ 100がサービス提供を行う場合の処理 手順を示すフローチャートである。同図に示すように、データセンタ 100は、サービス 提供部 160aがサービス要求を利用者端末 10 (ある 、は利用者端末 20)力も受け付 け (ステップ S101)、サービス提供先の利用者端末にサービス提供を開始する (ステ ップ S 102)。  Next, a processing procedure when the data center 100 provides a service will be described. FIG. 9 is a flowchart of a process procedure performed when the data center 100 according to the first embodiment provides a service. As shown in the figure, in the data center 100, the service providing unit 160a receives the service request from the user terminal 10 (or the user terminal 20) (step S101), and the service terminal 160a receives the service request. Start providing service (step S102).
[0057] そして、サービス利用ログ情報作成部 160bが、サービス提供部 160aのサービス提 供に力かる仕事量を計測し、サービス利用ログ情報 150aを作成し (ステップ S103)、 監査情報管理部 160cが監査情報を作成する (ステップ S104)。  [0057] Then, the service usage log information creation unit 160b measures the amount of work involved in service provision by the service provision unit 160a, creates service usage log information 150a (step S103), and the audit information management unit 160c Audit information is created (step S104).
[0058] 続いて、電子署名作成部 160dが電子署名データを作成し (ステップ S105)、暗号 化処理部 160eが監査情報を暗号ィ匕し (ステップ S106)、監査情報管理部 160cが電 子署名データを添付され、かつ、暗号化された監査情報をサービス提供先の利用者 端末に出力する (ステップ S 107)。  [0058] Subsequently, the electronic signature creation unit 160d creates electronic signature data (step S105), the encryption processing unit 160e encrypts the audit information (step S106), and the audit information management unit 160c creates the electronic signature. The audit information with data attached and encrypted is output to the user terminal of the service provider (step S107).
[0059] このように、データセンタ 100は、サービス提供時に監査情報を作成し、サービス提 供先となる利用者端末 (監査員の端末か一般の利用者の端末かはデータセンタは判 別できない利用者端末)に監査情報を出力するので、悪意のある人物によって、サ 一ビス利用ログ情報 150aが改竄されることを抑制することができる。  [0059] As described above, the data center 100 creates audit information at the time of service provision, and the data center cannot determine whether it is a user terminal serving as a service provider (an auditor's terminal or a general user's terminal). Since the audit information is output to the user terminal), it is possible to prevent the malicious user from falsifying the service usage log information 150a.
[0060] つぎに、サービスプロバイダ 200が行う判定処理について説明する。図 10は、本実 施例 1にかかるサービスプロバイダ 200が行う判定処理の処理手順を示すフローチヤ ートである。同図に示すように、サービスプロバイダ 200は、復号化処理部 260aがサ 一ビス利用ログ情報 (暗号化されたサービス利用ログ情報)を取得し、サービス利用 ログ情報を復号ィ匕した後に記憶部 250に記憶させ (ステップ S201)、ログ情報検証 部 260cがサービス利用ログ情報 250bの IPアドレスに矛盾が存在するか否かを判定 する(ステップ S 202)。 Next, the determination process performed by the service provider 200 will be described. FIG. 10 is a flowchart showing the determination process performed by the service provider 200 according to the first embodiment. As shown in the figure, in the service provider 200, the decryption processing unit 260a acquires service usage log information (encrypted service usage log information) and uses the service. After the log information is decrypted, it is stored in the storage unit 250 (step S201), and the log information verification unit 260c determines whether or not there is a contradiction in the IP address of the service usage log information 250b (step S202).
[0061] そして、サービス利用ログ情報 250b中の IPアドレスに矛盾が存在する場合には (ス テツプ S203, Yes)、サービス利用ログ情報 250bが適切でない旨の情報を出力部 2 20に出力する(ステップ S204)。一方、 IPアドレスに矛盾が存在しない場合には (ス テツプ S203, No)、監査情報に対応する情報がサービス利用ログ情報 250bに存在 するか否かを判定する(ステップ S 205)。  [0061] If there is a contradiction in the IP address in the service usage log information 250b (step S203, Yes), information indicating that the service usage log information 250b is not appropriate is output to the output unit 220 ( Step S204). On the other hand, if there is no contradiction in the IP address (step S203, No), it is determined whether information corresponding to the audit information exists in the service usage log information 250b (step S205).
[0062] 監査情報に対応する情報がサービス利用ログ情報 250bに存在しな 、場合には (ス テツプ S206, No)、ステップ S204に移行する。一方、監査情報に対応する情報が サービス利用ログ情報 250bに存在する場合には (ステップ S206, Yes)、対応する 監査情報のアクセス発生時間とサービス利用ログ情報 250bとのアクセス発生時間と の差分を算出し (ステップ S207)、時刻の差分が所定値以上か否かを判定する (ステ ップ S 208)。  [0062] If the information corresponding to the audit information does not exist in the service usage log information 250b (step S206, No), the process proceeds to step S204. On the other hand, if the information corresponding to the audit information exists in the service usage log information 250b (step S206, Yes), the difference between the access occurrence time of the corresponding audit information and the access occurrence time of the service usage log information 250b is calculated. It is calculated (step S207), and it is determined whether or not the time difference is greater than or equal to a predetermined value (step S208).
[0063] そして、時刻の差分が所定値以上の場合には (ステップ S209, Yes)、ステップ S2 04に移行する。一方、時刻の差分が所定値未満の場合には (ステップ S209, No) , 監査情報の積算アクセス回数とサービス利用ログ情報 250bの積算アクセス回数とが 等しいか否かを判定する(ステップ S210)。  If the time difference is equal to or greater than the predetermined value (step S209, Yes), the process proceeds to step S204. On the other hand, if the time difference is less than the predetermined value (step S209, No), it is determined whether the accumulated access count of the audit information is equal to the accumulated access count of the service usage log information 250b (step S210).
[0064] 積算アクセス回数が等しくない場合には (ステップ S211, No)、ステップ S 204に移 行する。一方、積算アクセス回数が等しい場合には (ステップ S211, Yes)、サービス 利用ログ情報 250b中の所定の IPアドレスの数が監査アクセスの回数と等しいか否か を判定する (ステップ S212)。  [0064] If the accumulated access counts are not equal (step S211, No), the process proceeds to step S204. On the other hand, when the accumulated access count is equal (step S211, Yes), it is determined whether or not the number of predetermined IP addresses in the service usage log information 250b is equal to the number of audit accesses (step S212).
[0065] そして、サービス利用ログ情報 250b中の所定の IPアドレスの数が監査アクセスの 回数と等しくない場合には (ステップ S213, No)、ステップ S204に移行する。一方、 サービス利用ログ情報 250b中の所定の IPアドレスの数が監査アクセスの回数と等し い場合には (ステップ S213, Yes)、サービス利用ログ情報が適切である旨の情報を 出力部 220に出力する (ステップ S214)。  If the number of predetermined IP addresses in the service usage log information 250b is not equal to the number of audit accesses (step S213, No), the process proceeds to step S204. On the other hand, if the number of predetermined IP addresses in the service usage log information 250b is equal to the number of audit accesses (step S213, Yes), information indicating that the service usage log information is appropriate is sent to the output unit 220. Output (step S214).
[0066] このように、ログ情報検証部 260cが監査管理情報 250aに含まれる監査情報とデ ータセンタ 100から取得したサービス利用ログ情報 250bとを比較して、サービス利用 ログ情報 250bが不正に改竄されて 、る力否かを判定するので、サービスプロバイダ 200の管理者は不当な料金を悪意のある人物に払ってしまうといった問題を解消す ることがでさる。 [0066] In this way, the log information verification unit 260c and the audit information included in the audit management information 250a The service usage log information 250b obtained from the data center 100 is compared with the service usage log information 250b to determine whether or not the service usage log information 250b has been tampered with. It is possible to solve the problem of paying a certain person.
[0067] 上述してきたように、本実施例 1にかかるサービス提供システムは、データセンタ 10 0がサービス提供に関する仕事量を監査する監査員の端末および一般の利用者の 端末に対して提供したサービスの仕事量を計測し、計測した仕事量のデータをサー ビス利用ログ情報として記録装置に記録し、サービス要求に応答してサービスの提供 を行う場合に、サービス利用ログ情報の一部を監査情報としてサービスの提供先とな る端末 (監査員の端末力利用者の端末かはデータセンタには判らない)に送信する。 そして、サービスプロバイダ 200は、監査情報とサービス利用ログ情報とを取得して 監査情報とサービス利用ログ情報とを比較し、サービス利用ログ情報が不正に改竄さ れている力否かを判定するので、悪意のある人物によってサービス利用ログ情報が 改竄され、不正な料金が請求されるという問題を解消することができる。  [0067] As described above, the service providing system according to the first embodiment is a service provided by the data center 100 to a terminal of an auditor who audits a workload related to service provision and a terminal of a general user. When the service amount is recorded in the recording device as service usage log information and a service is provided in response to a service request, a part of the service usage log information is audit information. To the terminal that provides the service (the data center does not know whether it is the terminal of the auditor's terminal power user). The service provider 200 acquires the audit information and the service usage log information, compares the audit information with the service usage log information, and determines whether or not the service usage log information has been tampered with. It is possible to solve the problem that the service usage log information is falsified by a malicious person and an unauthorized fee is charged.
[0068] また、データセンタ 100は、サービス提供を行う場合に、監査員によるアクセスか一 般の利用者によるアクセスかがわからないので、サービス利用ログ情報 150aに力か るアクセス数を不正に水増しを行うことを抑制できる。仮に、監査員が監査のためのァ クセスを行わない場合にでも、データセンタ 100側では、監査のためのアクセスの存 在を否定しきれないので、不正の抑制となる。 [0068] In addition, when providing the service, the data center 100 does not know whether the access is made by an auditor or a general user, so the number of accesses used for the service use log information 150a is illegally increased. It can be suppressed. Even if the auditor does not access for the audit, the data center 100 cannot deny the existence of the access for the audit, so that fraud is suppressed.
実施例 2  Example 2
[0069] つぎに、本実施例 2にかかるサービス提供システムの概要および特徴について説 明する。図 11は、本実施例 2にかかるサービス提供システムの概要および特徴を説 明するための図である。同図に示すように、本実施例 2にかかるサービス提供システ ムは、データセンタがサービス利用ログ情報に記録された情報のうち、所定領域 (過 去一定期間)の情報を基にしてダイジェスト値を生成し、サービス提供先となる端末 に監査情報とダイジェスト値とを送信する。  Next, the outline and features of the service providing system according to the second embodiment will be described. FIG. 11 is a diagram for explaining the outline and features of the service providing system according to the second embodiment. As shown in the figure, the service providing system according to the second embodiment has a digest value based on information in a predetermined area (predetermined period) among information recorded in the service usage log information by the data center. The audit information and digest value are sent to the terminal that provides the service.
[0070] そして、サービスプロバイダは、データセンタ力 仕事量に応じた料金を請求された 場合などに、監査情報およびダイジェスト値と、サービス利用ログ情報およびこのサ 一ビス利用ログ情報によって生成されるダイジェスト値とをそれぞれ比較し、サービス 利用ログ情報が不正に改竄されている力否かを判定する。 [0070] Then, when the service provider is charged a fee according to the work capacity of the data center, the service provider log information and the service usage log information The digest value generated by the service usage log information is compared with each other to determine whether the service usage log information has been tampered with.
[0071] このように、本実施例 2にかかるサービス提供システムは、サービス利用ログ情報を 基にしてダイジェスト値を生成し、データセンタがサービス要求を受け付けた場合に、 サービス提供先となる端末に監査情報とダイジェスト値とを送信し、サービスプロバイ ダがダイジェスト値を基にしてサービス利用ログ情報が改竄されているか否かを判定 するので、サービス利用ログ情報の改竄を効率よく防止することができる。  As described above, the service providing system according to the second embodiment generates a digest value based on the service usage log information, and when the data center receives a service request, the service providing system provides the terminal serving as a service providing destination. Audit information and digest values are sent, and the service provider determines whether the service usage log information has been falsified based on the digest value, so it is possible to efficiently prevent falsification of the service usage log information. .
[0072] つぎに、本実施例 2にかかるサービス提供システムのシステム構成について説明す る。図 12は、本実施例 2にかかるサービス提供システムのシステム構成図である。同 図に示すように、このサービス提供システムは、利用者端末 10, 20と、データセンタ 3 00と、サービスプロバイダ 400とを備える。また、利用者端末 10, 20、データセンタ 3 00、サービスプロバイダ 400は、ネットワーク 50によって接続されている。なお、ここ では説明の便宜上、利用者端末 10, 20を示したが、これに限定されるものではなぐ この他複数の利用者端末もネットワーク 50に接続されているものとする。  Next, the system configuration of the service providing system according to the second embodiment will be described. FIG. 12 is a system configuration diagram of the service providing system according to the second embodiment. As shown in the figure, this service providing system includes user terminals 10, 20, a data center 300, and a service provider 400. The user terminals 10 and 20, the data center 300, and the service provider 400 are connected by a network 50. Here, for convenience of explanation, the user terminals 10 and 20 are shown, but the present invention is not limited to this, and it is assumed that a plurality of other user terminals are also connected to the network 50.
[0073] 利用者端末 10, 20は、監査員あるいは一般の利用者によって操作され、データセ ンタ 300にアクセスして所望のサービス提供を受け付ける装置である。また、利用者 端末 10 (あるいは利用者端末 20)を操作する監査員は、データセンタ 300にアクセス した場合に、データセンタ力も送信される監査情報を取得し、取得した監査情報をサ 一ビスプロバイダ 400に送信する。  [0073] The user terminals 10 and 20 are devices operated by an auditor or a general user to access the data center 300 and receive a desired service provision. In addition, when an auditor who operates the user terminal 10 (or the user terminal 20) accesses the data center 300, the auditor acquires the audit information that is also transmitted by the data center, and uses the acquired audit information as a service provider. Sent to 400.
[0074] データセンタ 300は、サービスプロバイダ 400にサービス提供の実施を委託され、 サービスプロバイダ 400の代わりにサービス提供を行う装置である。また、データセン タ 300は、利用者端末 10, 20に提供したサービスの仕事量を計測し、計測した仕事 量の情報、すなわち、サービス利用ログ情報を生成するとともに、ダイジェスト値を生 成する。そして、データセンタ 300は、ダイジェスト値と監査情報とをサービス提供先 の利用者端末に送信する。なお、データセンタ 300の管理者は、サービス利用ログ 情報に基づいてデータサービスプロバイダ 400の管理者に料金の請求を行うことに なる。  The data center 300 is a device that entrusts the service provider 400 to provide a service and provides the service instead of the service provider 400. Further, the data center 300 measures the workload of the services provided to the user terminals 10 and 20, generates information on the measured workload, that is, service usage log information, and generates a digest value. Then, the data center 300 transmits the digest value and the audit information to the user terminal that is the service providing destination. Note that the administrator of the data center 300 charges the administrator of the data service provider 400 based on the service usage log information.
[0075] サービスプロバイダ 400は、データセンタ 300にサービス提供を委託し、データセン タ 300の管理者等から、サービス利用ログ情報に応じた料金を請求された場合など に、監査員の操作する利用者端末 10, 20から監査情報およびダイジェスト値を取得 し、取得した監査情報およびダイジェスト値とサービス利用ログ情報およびこのサー ビス利用ログ情報から生成されるダイジェスト値とを基にしてサービス利用ログ情報が 改竄されて 、な 、か否かを判定する装置である。 [0075] The service provider 400 entrusts the data center 300 to provide the service, and When the fee for the service usage log information is charged by the administrator of the data 300, etc., the audit information and digest value are acquired from the user terminals 10 and 20 operated by the auditor, and the acquired audit information and This device determines whether or not the service usage log information has been falsified based on the digest value, the service usage log information, and the digest value generated from the service usage log information.
[0076] つぎに、図 12に示したデータセンタ 300の構成について説明する。図 13は、本実 施例 2にかかるデータセンタ 300の構成を示す機能ブロック図である。同図に示すよ うに、このデータセンタ 300は、入力部 310と、出力部 320と、通信制御部 330と、入 出力制御 IF部 340と、記憶部 350と、制御部 360とを備えて構成される。  Next, the configuration of the data center 300 shown in FIG. 12 will be described. FIG. 13 is a functional block diagram of the configuration of the data center 300 according to the second embodiment. As shown in the figure, the data center 300 includes an input unit 310, an output unit 320, a communication control unit 330, an input / output control IF unit 340, a storage unit 350, and a control unit 360. Is done.
[0077] このうち、入力部 310は、各種の情報を入力する入力手段であり、キーボードやマ ウス、マイクなどによって構成される。なお、後述するモニタ(出力部 320)も、マウスと 協働してポインティングディバイス機能を実現する。  Among these, the input unit 310 is an input means for inputting various types of information, and includes a keyboard, a mouse, a microphone, and the like. The monitor (output unit 320), which will be described later, also realizes a pointing device function in cooperation with the mouse.
[0078] 出力部 320は、各種の情報を出力する出力手段であり、モニタ (若しくはディスプレ ィ、タツチパネル)やスピーカなどによって構成される。通信制御部 330は、主に、利 用者端末 10, 20およびサービスプロバイダ 400との間における通信を制御する手段 であり、入出力制御 IF部 340は、入力部 310と、出力部 320と、通信制御部 330と、 記憶部 350と、制御部 360とによるデータの入出力を制御する手段である。  The output unit 320 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like. The communication control unit 330 is mainly means for controlling communication between the user terminals 10 and 20 and the service provider 400. The input / output control IF unit 340 includes an input unit 310, an output unit 320, This is a means for controlling input / output of data by the communication control unit 330, the storage unit 350, and the control unit 360.
[0079] 記憶部 350は、制御部 360による各種処理に必要なデータおよびプログラムを記 憶する記憶手段であり、特に本発明に密接に関連するものとしては、図 13に示すよう に、サービス利用ログ情報 350aを備える。ここで、サービス利用ログ情報 350aは、サ 一ビス提供に関する仕事量の情報を記録したデータである。サービス利用ログ情報 3 50aのデータ構造は、実施例 1の図 4において示したサービス利用ログ情報 150aの データ構造と同様であるので説明を省略する。  [0079] The storage unit 350 is a storage unit that stores data and programs necessary for various types of processing by the control unit 360. In particular, as shown in FIG. Log information 350a is provided. Here, the service usage log information 350a is data in which information on a work amount related to service provision is recorded. The data structure of the service usage log information 350a is the same as the data structure of the service usage log information 150a shown in FIG.
[0080] 制御部 360は、各種の処理手順を規定したプログラムや制御データを格納するた めの内部メモリを有し、これらによって種々の処理を実行する制御手段であり、特に 本発明に密接に関連するものとしては、図 13に示すように、サービス提供部 360aと 、サービス利用ログ情報作成部 360bと、監査情報管理部 360cと、ダイジェスト値算 出部 360dと、電子署名作成部 360eと、暗号化処理部 360fとを備える。 [0081] サービス提供部 360aは、利用者端末 10, 20からサービス要求を受け付けた場合 に、種々のサービスをサービス要求元の利用者端末に提供する処理部である。例え ば、サービス提供部 360aは、サービス要求元の利用者端末の Webブラウザに Web ページを表示させ、様々な情報提供を行う。 The control unit 360 has an internal memory for storing programs and control data defining various processing procedures, and is a control means for executing various processes by these, and is closely related to the present invention. As shown in FIG. 13, the service providing unit 360a, the service usage log information creating unit 360b, the audit information managing unit 360c, the digest value calculating unit 360d, the digital signature creating unit 360e, And an encryption processing unit 360f. [0081] The service providing unit 360a is a processing unit that provides various services to the user terminal of the service request source when a service request is received from the user terminals 10 and 20. For example, the service providing unit 360a provides a variety of information by displaying a web page on the web browser of the user terminal of the service request source.
[0082] また、サービス提供部 360aは、入力部 310からサービス利用ログ情報 350aの出力 命令を受け付けた場合には、サービス利用ログ情報 350aをサービスプロバイダ 400 に出力する(サービス利用ログ情報 350aは、後述する暗号ィ匕処理部 360fによって 暗号ィ匕された後に出力される)。この出力命令は、データセンタ 300の管理者力 サ 一ビス提供にカゝかる料金の請求をサービスプロバイダ 400の管理者に請求する場合 などに、データセンタ 300の管理者によって入力されるものとする。  [0082] When the service providing unit 360a receives an output command of the service usage log information 350a from the input unit 310, the service providing unit 360a outputs the service usage log information 350a to the service provider 400 (the service usage log information 350a It is output after being encrypted by the encryption key processing unit 360f described later). This output command shall be input by the administrator of the data center 300 when, for example, the administrator of the service provider 400 is charged for the fee for providing the administrator power service of the data center 300. .
[0083] サービス利用ログ情報作成部 360bは、サービス提供部 360aが利用者端末 10, 2 0に対して行うサービスの仕事量 (Webページへのアクセス数、データの転送量、ァ クセス時間、登録ユーザ数等)を計測し、サービス利用ログ情報 350a (図 4参照)を 作成する処理部である。  [0083] The service usage log information creation unit 360b is a service workload that the service providing unit 360a performs on the user terminals 10, 20 (number of accesses to the web page, amount of data transfer, access time, registration) This is a processing unit that measures the number of users) and creates service usage log information 350a (see Fig. 4).
[0084] 監査情報管理部 360cは、サービス利用ログ情報 350aを基にして監査情報を作成 し、サービス提供部 360aがサービス提供を行っている利用者端末に対して、監査情 報を送信する処理部である。具体的に、監査情報管理部 360cは、サービス提供部 3 60aがサービス提供を行 ヽ、サービス利用ログ情報作成部 360bがサービスに応じた 仕事量の情報をサービス利用ログ情報 350aに記録した場合に、かかるサービス利 用ログ情報 350aに記録された情報の一部を抽出し、抽出した情報を監査情報として 、対応する利用者端末に送信する。なお、サービス利用ログ情報 350aから抽出する 情報は、サービス提供を受けている利用者端末に対応する情報でもよいし、その他、 サービス利用ログ情報 350aに記録された過去複数の情報でもよい。  [0084] The audit information management unit 360c creates audit information based on the service usage log information 350a, and the service providing unit 360a transmits the audit information to the user terminal that provides the service. Part. Specifically, the audit information management unit 360c is provided when the service providing unit 360a provides the service, and the service usage log information creating unit 360b records the workload information corresponding to the service in the service usage log information 350a. Then, a part of the information recorded in the service usage log information 350a is extracted, and the extracted information is transmitted as audit information to the corresponding user terminal. The information extracted from the service usage log information 350a may be information corresponding to the user terminal receiving the service provision, or may be a plurality of past information recorded in the service usage log information 350a.
[0085] 図 14は、本実施例 2にかかる監査情報のデータ構造の一例を示す図である。同図 に示すように、この監査情報は、アクセス発生時間と、 IPアドレスと、ポートと、ァクセ ス先 URLと、積算アクセス回数と、ダイジェスト値 (ダイジェスト値に関する説明は後 述する)とを備える。なお、図示しないが、監査情報には、セッション指向サービスな どのセッション利用時間、認証型サービスの場合に使用されるユーザ IDなども含まれ る。 FIG. 14 is a diagram illustrating an example of a data structure of audit information according to the second embodiment. As shown in the figure, this audit information includes access occurrence time, IP address, port, access destination URL, accumulated access count, and digest value (explained about digest value will be described later). . Although not shown, the audit information includes the session usage time for session-oriented services, user IDs used for authentication-type services, etc. The
[0086] ダイジェスト値算出部 360dは、サービス利用ログ情報 350aに基づ!/、てダイジェスト 値を算出する処理部である。具体的に、ダイジェスト値算出部 360dは、ノ、ッシュ関数 (例えば MD5く Message Direct 5 >)を利用して、サービス利用ログ情報 350aに 含まれる所定期間に作成された情報カゝらダイジェスト値を算出する (例えば、積算回 数 58022〜58026に対応する情報力 ダイジェスト値を算出する;図 4参照。;)。そし て、ダイジェスト値算出部 360dは、算出したダイジェスト値を監査情報 (監査情報管 理部 360cが生成する監査情報)のダイジェスト値の記録領域に記録する。  The digest value calculation unit 360d is a processing unit that calculates a digest value based on the service usage log information 350a. Specifically, the digest value calculation unit 360d uses the no-hash function (for example, MD5 and Message Direct 5>) to obtain the digest value from the information table generated in the predetermined period included in the service usage log information 350a. Calculate (for example, calculate the information power digest value corresponding to the total number of times 58022 to 58026; see Fig. 4). Then, the digest value calculation unit 360d records the calculated digest value in a digest value recording area of audit information (audit information generated by the audit information management unit 360c).
[0087] なお、ダイジェスト値算出部 360dは、ダイジェスト値を監査情報に記録する場合に 、ダイジェスト値を算出した情報の基準となる積算アクセス回数をあわせて記録する。 図 4を用いて説明すると、ダイジェスト値算出部 360dが、サービス利用ログ情報中の 積算アクセス回数「58022〜58026」に基づいてダイジェスト値を算出した場合には 、ダイジェスト値を算出した情報の基準となる積算アクセス回数「508026」をダイジェ スト値と合わせて、監査情報に記録する。なお、以下において、基準となる積算ァク セスの情報とダイジェスト値とをあわせて単にダイジェスト値と表記する。  [0087] Note that when the digest value calculation unit 360d records the digest value in the audit information, the digest value calculation unit 360d also records the accumulated access count that is a reference of the information for which the digest value has been calculated. Referring to FIG. 4, when the digest value calculation unit 360d calculates the digest value based on the cumulative access count “58022 to 58026” in the service use log information, the digest value is calculated based on the reference of the information. The total access count “508026” is recorded in the audit information together with the digest value. In the following, the information on the accumulated access as a reference and the digest value are simply referred to as a digest value.
[0088] 電子署名作成部 360eは、公開鍵暗号方式などを利用して、電子署名データを作 成し、監査情報管理部 360cによって作成された監査情報に電子署名データを添付 する処理部である。例えば、電子署名作成部 360eは、監査情報からメッセージダイ ジェストを作成し、力かるメッセージダイジェストを秘密鍵で暗号ィ匕した電子署名デー タを添付する。また、暗号ィ匕処理部 360fは、監査情報管理部 360cによって作成さ れた監査情報を暗号ィ匕する処理部である。すなわち、監査情報管理部 360cは、電 子署名が添付され、かつ、暗号化された監査情報を利用者端末 10, 20に出力する ことになる。  [0088] The electronic signature creation unit 360e is a processing unit that creates electronic signature data using a public key cryptosystem and attaches the electronic signature data to the audit information created by the audit information management unit 360c. . For example, the electronic signature creation unit 360e creates a message digest from the audit information, and attaches electronic signature data obtained by encrypting a powerful message digest with a private key. The encryption key processing unit 360f is a processing unit that encrypts the audit information created by the audit information management unit 360c. That is, the audit information management unit 360c outputs the encrypted audit information attached with the electronic signature to the user terminals 10 and 20.
[0089] また、暗号化処理部 360fは、サービス提供部 360aがサービス利用ログ情報 350a をサービスプロバイダ 400に出力する場合に、かかるサービス利用ログ情報 350aを 暗号化する。  In addition, when the service providing unit 360a outputs the service usage log information 350a to the service provider 400, the encryption processing unit 360f encrypts the service usage log information 350a.
[0090] つぎに、図 12に示したサービスプロバイダ 400の構成について説明する。図 15は 、本実施例 2にかかるサービスプロバイダ 400の構成を示す機能ブロック図である。 同図に示すように、このサービスプロノイダ 400は、入力部 410と、出力部 420と、通 信制御部 430と、入出力制御 IF部 440と、記憶部 450と、制御部 460とを備えて構成 される。 Next, the configuration of service provider 400 shown in FIG. 12 will be described. FIG. 15 is a functional block diagram of the configuration of the service provider 400 according to the second embodiment. As shown in the figure, the service pronoider 400 includes an input unit 410, an output unit 420, a communication control unit 430, an input / output control IF unit 440, a storage unit 450, and a control unit 460. Configured.
[0091] このうち、入力部 410は、各種の情報を入力する入力手段であり、キーボードやマ ウス、マイクなどによって構成される。なお、後述するモニタ(出力部 420)も、マウスと 協働してポインティングディバイス機能を実現する。  Among these, the input unit 410 is an input unit for inputting various types of information, and includes a keyboard, a mouse, a microphone, and the like. The monitor (output unit 420) described later also realizes a pointing device function in cooperation with the mouse.
[0092] 出力部 420は、各種の情報を出力する出力手段であり、モニタ (若しくはディスプレ ィ、タツチパネル)やスピーカなどによって構成される。通信制御部 430は、主に、利 用者端末 10, 20およびデータセンタ 300との間における通信を制御する手段であり 、入出力制御 IF部 440は、入力部 410と、出力部 420と、通信制御部 430と、記憶部 450と、制御部 460によるデータの入出力を制御する手段である。  The output unit 420 is an output unit that outputs various types of information, and includes a monitor (or a display or touch panel), a speaker, or the like. The communication control unit 430 is mainly means for controlling communication between the user terminals 10 and 20 and the data center 300. The input / output control IF unit 440 includes an input unit 410, an output unit 420, The communication control unit 430, the storage unit 450, and the control unit 460 are means for controlling data input / output.
[0093] 記憶部 450は、制御部 460による各種処理に必要なデータおよびプログラムを記 憶する記憶手段であり、特に本発明に密接に関連するものとしては、図 15に示すよう に、監査管理情報 450aおよびサービス利用ログ情報 450bを備える。  [0093] The storage unit 450 is a storage unit that stores data and programs necessary for various processes by the control unit 460. As particularly related to the present invention, as shown in FIG. Information 450a and service usage log information 450b are provided.
[0094] 監査管理情報 450aは、監査員の操作する利用者端末 10, 20から送信される複数 の監査情報を記録したデータである。図 16は、本実施例 2にかかる監査管理情報 45 Oaのデータ構造の一例を示す図である。同図に示すように、この監査管理情報 450 aは、複数の監査情報を記録している。  [0094] The audit management information 450a is data in which a plurality of pieces of audit information transmitted from the user terminals 10 and 20 operated by the auditor are recorded. FIG. 16 is a diagram illustrating an example of the data structure of the audit management information 45 Oa according to the second embodiment. As shown in the figure, the audit management information 450a records a plurality of audit information.
[0095] サービス利用ログ情報 450bは、データセンタ 300の管理者力 料金の請求をサー ビスプロバイダ 400の管理者に行う場合に、力かる料金請求の正当性を証明するた めに、サービスプロノイダ 400に出力されるデータである。サービス利用ログ情報 45 Obのデータ構造は、実施例 1にお!/、て説明したサービス利用ログ情報 150a (図 4参 照)と同様であるため説明を省略する。  [0095] The service usage log information 450b is a service pronoidae for verifying the legitimate charge billing when the data center 300 administrator charge is charged to the service provider 400 administrator. Data output to 400. The data structure of the service usage log information 45 Ob is the same as that of the service usage log information 150a (see FIG. 4) described in the first embodiment!
[0096] 制御部 460は、各種の処理手順を規定したプログラムや制御データを格納するた めの内部メモリを有し、これらによって種々の処理を実行する制御手段であり、特に 本発明に密接に関連するものとしては、図 15に示すように、復号化処理部 460aと、 署名検証部 460bと、ログ情報検証部 460cと、ダイジェスト値検証部 460dとを備える [0097] 復号化処理部 460aは、監査員の操作する利用者端末 10, 20 (あるいは、入力部 4 10)から監査情報 (暗号化された監査情報)を取得した場合に、取得した監査情報を 復号化し、復号化した監査情報を監査管理情報 450aに記憶させる処理部である。 また、復号化処理部 460aは、データセンタ 300から出力されたサービス利用ログ情 報 (暗号化されたサービス利用ログ情報)を復号化し、復号ィ匕したサービス利用ログ 情報を、サービス利用ログ情報 450bとして記憶部 450に記憶させる。 [0096] The control unit 460 is a control means that has an internal memory for storing programs and control data that define various processing procedures, and executes various processes by these, and is closely related to the present invention. As shown in FIG. 15, a decryption processing unit 460a, a signature verification unit 460b, a log information verification unit 460c, and a digest value verification unit 460d are provided. [0097] When the decryption processing unit 460a acquires the audit information (encrypted audit information) from the user terminals 10, 20 (or the input unit 4 10) operated by the auditor, the acquired audit information Is a processing unit that decrypts the audit information and stores the decrypted audit information in the audit management information 450a. In addition, the decryption processing unit 460a decrypts the service usage log information (encrypted service usage log information) output from the data center 300, and uses the decrypted service usage log information as the service usage log information 450b. Is stored in the storage unit 450.
[0098] 署名検証部 460bは、監査情報に添付された電子署名データを取得し、公開鍵暗 号方式などを利用して、監査情報が改竄されている力否かを判定する処理部である 。例えば、署名検証部 460bは、監査情報からメッセージダイジェストを作成するととも に、電子署名データを公開鍵で復号化し、監査情報から作成されたメッセージダイジ ェストと電子署名データを復号ィ匕したメッセージダイジェストと比較して、双方のメッセ ージダイジェストが不一致の場合に、監査情報が改竄されていると判定する。そして 、署名検証部 460bは、監査情報が改竄されていると判定した場合には、当該改竄さ れた監査情報を監査管理情報 450aから削除するとともに、監査情報が改竄されてい た旨の情報を出力部 420に出力する。  [0098] The signature verification unit 460b is a processing unit that acquires the electronic signature data attached to the audit information and determines whether the audit information has been tampered with using a public key encryption method or the like. . For example, the signature verification unit 460b creates a message digest from the audit information, decrypts the electronic signature data with the public key, and decrypts the message digest created from the audit information and the electronic signature data. In comparison, if both message digests do not match, it is determined that the audit information has been tampered with. If the signature verification unit 460b determines that the audit information has been falsified, the signature verification unit 460b deletes the falsified audit information from the audit management information 450a, and displays information indicating that the audit information has been falsified. Output to the output unit 420.
[0099] ログ情報検証部 460cは、監査管理情報 450aとサービス利用ログ情報 450bとを比 較して、サービス利用ログ情報 450bが不正に改竄されているか否かを判定する処理 部である。図 17は、本実施例 2にかかるログ情報検証部 460cが行う処理を説明する ための説明図である。まず、ログ情報検証部 460cは、サービス利用ログ情報 450bの IPアドレスに矛盾が無いか否かを判定する(予め、ログ情報検証部 460cは、存在し 得る利用者端末の IPアドレス (サービス提供対象となる利用者端末の IPアドレスなど )を保持しておき、力かる IPアドレス以外の IPアドレスがサービス利用ログ情報 450b に存在する場合に、 IPアドレスに矛盾があると判定する)。ログ情報検証部 460cは、 サービス利用ログ情報 450bの IPアドレスに矛盾がある場合にはその旨を出力部 42 0に出力する。  [0099] The log information verification unit 460c is a processing unit that compares the audit management information 450a with the service usage log information 450b to determine whether the service usage log information 450b has been tampered with. FIG. 17 is an explanatory diagram for explaining the process performed by the log information verification unit 460c according to the second embodiment. First, the log information verification unit 460c determines whether there is any contradiction in the IP address of the service usage log information 450b (in advance, the log information verification unit 460c determines the IP address (service provision target If the IP address other than the IP address to be used exists in the service usage log information 450b, it is determined that there is a contradiction in the IP address). When there is a contradiction in the IP address of the service usage log information 450b, the log information verification unit 460c outputs that fact to the output unit 420.
[0100] 続いて、ログ情報検証部 460cは、監査管理情報 450aとサービス利用ログ情報 45 Obとを比較して、監査管理情報 450aの監査情報に対応するデータがサービス利用 ログ情報 450bに含まれるか否かを判定する。ログ情報検証部 460cは、監査管理情 報 450aの監査情報に対応するデータがサービス利用ログ情報 450bに含まれない 場合に、サービス利用ログ情報 450bが改竄されたと判定し、その旨を出力部 420に 出力する。 [0100] Subsequently, the log information verification unit 460c compares the audit management information 450a with the service usage log information 45 Ob, and data corresponding to the audit information of the audit management information 450a is included in the service usage log information 450b. It is determined whether or not. The log information verification unit 460c When the data corresponding to the audit information in the information 450a is not included in the service usage log information 450b, it is determined that the service usage log information 450b has been tampered with, and the fact is output to the output unit 420.
[0101] また、ログ情報検証部 460cは、監査管理情報 450aとサービス利用ログ情報 450b とを比較して、監査情報のアクセス発生時間と監査情報に対応するサービス利用口 グ情報 450b中のアクセス発生時間との差分を算出し、算出した差分が規定値以上 の場合に、サービス利用ログ情報 450bが改竄されたと判定し、その旨を出力部 420 に出力する。例えば、積算アクセス回数をキーにした場合、積算アクセス回数「5802 2」の監査情報のアクセス発生時間は、「2006年 8月 1日 10時 18分 18. 015秒」とな り、力かるアクセス監査情報に対応するサービス利用ログ情報 450b中のアクセス発 生時間は、サービス利用ログ情報 450bの積算アクセス回数「58022」に対応するァ クセス発生時間「2006年 8月 1日 10時 18分 18. 015秒」となり、双方のアクセス発生 時間の差分を算出し、算出した差分と規定値とを比較することになる。  [0101] In addition, the log information verification unit 460c compares the audit management information 450a with the service usage log information 450b, and generates the access in the service usage log information 450b corresponding to the audit information access occurrence time and the audit information. A difference with time is calculated, and when the calculated difference is equal to or greater than a specified value, it is determined that the service usage log information 450b has been tampered with, and a message to that effect is output to the output unit 420. For example, when the accumulated access count is used as a key, the access occurrence time of the audit information for the accumulated access count “5802 2” is “August 1, 2006 10: 18: 18.015 seconds”. The access occurrence time in the service usage log information 450b corresponding to the audit information is the access occurrence time corresponding to the cumulative access count “58022” in the service usage log information 450b “10:18 on August 1, 2006 18. 015 seconds ", the difference between the access occurrence times of both is calculated, and the calculated difference is compared with the specified value.
[0102] また、ログ情報検証部 460cは、監査管理情報 450aとサービス利用ログ情報 450b とを比較して、サービス利用ログ情報 450bの積算アクセス回数が適切か否かを判定 する。例えば、ログ情報検証部 460cは、監査情報の積算アクセス回数に対応する IP アドレスと、サービス利用ログ情報 450bの積算アクセス回数に対応する IPアドレスと を比較し、双方の IPアドレスが一致するか否かを判定する。 IPアドレスが一致しない 場合には、ログ情報検証部 460cは、サービス利用ログ情報 450bが改竄されたと判 定し、その旨を出力部 420に出力する。  [0102] Further, the log information verification unit 460c compares the audit management information 450a with the service usage log information 450b and determines whether or not the accumulated access count of the service usage log information 450b is appropriate. For example, the log information verification unit 460c compares the IP address corresponding to the accumulated access count of the audit information with the IP address corresponding to the accumulated access count of the service usage log information 450b, and whether or not both IP addresses match. Determine whether. If the IP addresses do not match, the log information verification unit 460c determines that the service usage log information 450b has been tampered with, and outputs that fact to the output unit 420.
[0103] また、ログ情報検証部 460cは、サービス利用ログ情報 450b中の所定の IPアドレス  [0103] Further, the log information verification unit 460c provides a predetermined IP address in the service usage log information 450b.
(監査員が操作した利用者端末の IPアドレス)の数が、監査アクセスの回数 (監査員 が利用者端末を操作してデータセンタ 300にサービス要求を行った回数)と等しいか 否かを判定し、等しくない場合に、サービス利用ログ情報 450bが改竄されたと判定し 、その旨を出力部 420に出力する。なお、ログ情報検証部 460cは、監査員の操作す る利用者端末の IPアドレスおよび監査アクセスの回数の情報を予め入力部 410など 力 取得し、力かる情報を保持しているものとする。  Determine whether the number of (IP address of the user terminal operated by the auditor) is equal to the number of audit accesses (number of times the auditor has operated the user terminal and made a service request to the data center 300) If they are not equal, it is determined that the service usage log information 450b has been tampered with and the fact is output to the output unit 420. It is assumed that the log information verification unit 460c obtains in advance information such as the IP address of the user terminal operated by the auditor and the number of times of audit access by the input unit 410 and holds the information that is helpful.
[0104] ダイジェスト値検証部 460dは、監査管理情報 450aの監査情報に含まれるダイジェ スト値と、サービス利用ログ情報 450bから算出されるダイジェスト値とを比較して、サ 一ビス利用ログ情報 450bが改竄されて 、る力否かを判定する処理部である。具体的 に、ダイジェスト値検証部 460dの行う処理を図 17を用いて説明すると、まず、ダイジ エスト値検証部 460dは、監査情報のダイジェスト値を取得し、ダイジェスト値に含まれ る積算アクセス回数の情報を抽出する。図 17の二段目に示される監査情報を例に説 明すると、力かる監査情報のダイジェスト値力 抽出される積算アクセス回数は「580 26」となる。 [0104] The digest value verification unit 460d includes the digest included in the audit information of the audit management information 450a. This is a processing unit that compares the service service log information 450b with the digest value calculated from the service use log information 450b and determines whether or not the service use log information 450b has been tampered with. Specifically, the processing performed by the digest value verification unit 460d will be described with reference to FIG. 17.First, the digest value verification unit 460d obtains the digest value of the audit information, and calculates the cumulative access count included in the digest value. Extract information. Taking the audit information shown in the second row of Fig. 17 as an example, the digest value of the strong audit information is extracted. The total number of accesses is “580 26”.
[0105] 続いて、ダイジェスト値検証部 460dは、抽出した積算アクセス回数「58026」を起 点として、所定数過去の情報をサービス利用ログ情報 450bから取得する(例えば、 積算アクセス回数「58022〜58026」に対応する情報を取得する)。なお、ダイジエス ト値検証部 460dがサービス利用ログ情報 450bから取得する情報の区間は、ダイジ エスト値算出部 360dがダイジェスト値を算出する場合にサービス利用ログ情報 350a 力 取得した情報の区間と一致させるように予め情報の取得範囲 (所定数)が設定さ れているものとする。上記したように、起点となる積算アクセス回数「58026」で、サー ビス利用ログ情報 450bの「58022〜58026」に対応する情報を取得する場合には、 所定数は 5となる。  Subsequently, the digest value verification unit 460d obtains a predetermined number of past information from the service usage log information 450b starting from the extracted accumulated access count “58026” (for example, the accumulated access count “58022 to 58026”). ”). The section of information acquired by the digest value verification unit 460d from the service usage log information 450b is matched with the section of information acquired by the service usage log information 350a when the digest value calculation unit 360d calculates the digest value. It is assumed that the information acquisition range (predetermined number) is set beforehand. As described above, when the information corresponding to “58022 to 58026” in the service usage log information 450b is acquired with the accumulated access count “58026” as the starting point, the predetermined number is 5.
[0106] そして、ダイジェスト値検証部 460dは、サービス利用ログ情報 450bから取得した情 報とハッシュ関数 (ダイジェスト値算出部 360dが使用するハッシュ関数と同一のハツ シュ関数)とを利用してダイジェスト値を算出し、算出したダイジェスト値と、監査管理 情報 450aの監査情報に含まれるダイジェスト値 (ダイジェスト値の先頭部分に含まれ る積算アクセス回数は除く)とを比較し、双方のダイジェスト値が一致する力否かを判 定する。双方のダイジェスト値が一致していない場合には、ログ情報検証部 460cは、 サービス利用ログ情報 450bが改竄されたと判定し、その旨を出力部 420に出力する 。なお、ダイジェスト値検証部 460dは、監査管理情報 450aに含まれる監査情報それ ぞれに対して上記した処理を繰り返し実行する。  [0106] The digest value verification unit 460d uses the information acquired from the service usage log information 450b and the hash function (the same hash function as the hash function used by the digest value calculation unit 360d) and uses the digest value. And the calculated digest value is compared with the digest value included in the audit information of the audit management information 450a (excluding the cumulative access count included in the head part of the digest value), and the digest values of both match. Judge whether it is power or not. If the digest values do not match, the log information verification unit 460c determines that the service usage log information 450b has been tampered with, and outputs that fact to the output unit 420. The digest value verification unit 460d repeatedly executes the above-described processing for each piece of audit information included in the audit management information 450a.
[0107] つぎに、データセンタ 300がサービス提供を行う場合の処理手順について説明す る。図 18は、本実施例 2にかかるデータセンタ 300がサービス提供を行う場合の処理 手順を示すフローチャートである。同図に示すように、データセンタ 300は、サービス 提供部 360aがサービス要求を利用者端末 10 (ある 、は利用者端末 20)力も受け付 け (ステップ S301)、サービス提供先の利用者端末にサービス提供を開始する (ステ ップ S 302)。 [0107] Next, a processing procedure when the data center 300 provides a service will be described. FIG. 18 is a flowchart of a process procedure performed when the data center 300 according to the second embodiment provides a service. As shown in FIG. The providing unit 360a also receives the service request from the user terminal 10 (or the user terminal 20) (step S301), and starts providing the service to the user terminal of the service providing destination (step S302).
[0108] そして、サービス利用ログ情報作成部 360bが、サービス提供部 360aのサービス提 供に力かる仕事量を計測し、サービス利用ログ情報 350aを作成し (ステップ S303)、 監査情報管理部 360cが監査情報を作成する (ステップ S304)。  [0108] Then, the service usage log information creation unit 360b measures the amount of work involved in service provision of the service provision unit 360a, creates service usage log information 350a (step S303), and the audit information management unit 360c Audit information is created (step S304).
[0109] 続いて、電子署名作成部 360eが電子署名データを作成し (ステップ S305)、ダイ ジェスト値算出部 360dがサービス利用ログ情報 350aからダイジェスト値を算出して、 ダイジェスト値を監査情報に記録し (ステップ S306)、暗号化処理部 360fが監査情 報を暗号ィ匕し (ステップ S307)、監査情報管理部 360cが電子署名データを添付さ れ、かつ、暗号化された監査情報をサービス提供先の利用者端末に出力する (ステ ップ S 308)。  [0109] Subsequently, the electronic signature creation unit 360e creates electronic signature data (step S305), the digest value calculation unit 360d calculates the digest value from the service usage log information 350a, and records the digest value in the audit information. (Step S306), the encryption processing unit 360f encrypts the audit information (Step S307), and the audit information management unit 360c provides electronically signed data and provides the encrypted audit information. Output to the previous user terminal (step S308).
[0110] このように、データセンタ 300は、サービス提供時に監査情報を作成するとともに、 ダイジェスト値を算出し、サービス提供先となる利用端末に監査情報 (ダイジェスト値 を含む)を出力するので、悪意のある人物によって、サービス利用ログ情報 350aが 改«されることを抑制することができる。  [0110] In this way, the data center 300 creates audit information at the time of service provision, calculates the digest value, and outputs the audit information (including the digest value) to the user terminal that is the service provision destination. It is possible to prevent the service usage log information 350a from being altered by a certain person.
[0111] つぎに、サービスプロバイダ 400が行う判定処理について説明する。図 19は、本実 施例 2にかかるサービスプロバイダ 400が行う判定処理の処理手順を示すフローチヤ ートである。同図に示すように、サービスプロバイダ 400は、復号化処理部 460aがサ 一ビス利用ログ情報 (暗号化されたサービス利用ログ情報)を取得し、サービス利用 ログ情報を復号ィ匕した後に記憶部 450に記憶させ (ステップ S401)、ログ情報検証 部 460cがサービス利用ログ情報 450bの IPアドレスに矛盾が存在するか否かを判定 する(ステップ S402)。  Next, the determination process performed by the service provider 400 will be described. FIG. 19 is a flowchart showing the determination process performed by the service provider 400 according to the second embodiment. As shown in the figure, the service provider 400 includes a storage unit after the decryption processing unit 460a obtains service usage log information (encrypted service usage log information) and decrypts the service usage log information. The data is stored in 450 (Step S401), and the log information verification unit 460c determines whether or not there is a contradiction in the IP address of the service usage log information 450b (Step S402).
[0112] そして、サービス利用ログ情報 450b中の IPアドレスに矛盾が存在する場合には (ス テツプ S403, Yes)、サービス利用ログ情報 450bが適切でない旨の情報を出力部 4 20に出力する(ステップ S404)。一方、 IPアドレスに矛盾が存在しない場合には (ス テツプ S403, No)、監査情報に対応する情報がサービス利用ログ情報 450bに存在 するか否かを判定する(ステップ S405)。 [0113] 監査情報に対応する情報がサービス利用ログ情報 450bに存在しない場合には (ス テツプ S406, No)、ステップ S404に移行する。一方、監査情報に対応する情報が サービス利用ログ情報 450bに存在する場合には (ステップ S406, Yes)、対応する 監査情報のアクセス発生時間とサービス利用ログ情報 450bとのアクセス発生時間と の差分を算出し (ステップ S407)、時刻の差分が所定値以上か否かを判定する (ステ ップ S408)。 [0112] If there is a contradiction in the IP address in the service usage log information 450b (step S403, Yes), information indicating that the service usage log information 450b is not appropriate is output to the output unit 420 ( Step S404). On the other hand, if there is no contradiction in the IP address (step S403, No), it is determined whether information corresponding to the audit information exists in the service usage log information 450b (step S405). [0113] If the information corresponding to the audit information does not exist in the service usage log information 450b (step S406, No), the process proceeds to step S404. On the other hand, if the information corresponding to the audit information exists in the service usage log information 450b (step S406, Yes), the difference between the access occurrence time of the corresponding audit information and the access occurrence time of the service usage log information 450b is calculated. It is calculated (step S407), and it is determined whether or not the time difference is greater than or equal to a predetermined value (step S408).
[0114] そして、時刻の差分が所定値以上の場合には (ステップ S409, Yes)、ステップ S4 04に移行する。一方、時刻の差分が所定値未満の場合には (ステップ S409, No) , 監査情報の積算アクセス回数とサービス利用ログ情報 450bの積算アクセス回数とが 等しいか否かを判定する(ステップ S410)。  [0114] If the time difference is greater than or equal to the predetermined value (step S409, Yes), the process proceeds to step S404. On the other hand, if the time difference is less than the predetermined value (step S409, No), it is determined whether or not the accumulated access count of the audit information is equal to the accumulated access count of the service usage log information 450b (step S410).
[0115] 積算アクセス回数が等しくない場合には (ステップ S411, No)、ステップ S404に移 行する。一方、積算アクセス回数が等しい場合には (ステップ S411, Yes)、サービス 利用ログ情報 450b中の所定の IPアドレスの数が監査アクセスの回数と等しいか否か を判定する (ステップ S412)。  [0115] If the accumulated access counts are not equal (step S411, No), the process proceeds to step S404. On the other hand, when the accumulated access count is equal (step S411, Yes), it is determined whether or not the number of predetermined IP addresses in the service usage log information 450b is equal to the audit access count (step S412).
[0116] そして、サービス利用ログ情報 450b中の所定の IPアドレスの数が監査アクセスの 回数と等しくない場合には (ステップ S413, No)、ステップ S404に移行する。一方、 サービス利用ログ情報 450b中の所定の IPアドレスの数が監査アクセスの回数と等し い場合には (ステップ S413, Yes)、ダイジェスト値検証部 460dが、サービス利用口 グ情報 450bからダイジェスト値を算出し (ステップ S414)、監査管理情報 450aの監 查情報に含まれるダイジェスト値と、サービス利用ログ情報 450bから算出されたダイ ジェスト値とを比較して、それぞれのダイジェスト値が等しいか否かを判定する(ステツ プ S415)。  [0116] If the number of predetermined IP addresses in the service usage log information 450b is not equal to the number of audit accesses (step S413, No), the process proceeds to step S404. On the other hand, if the number of predetermined IP addresses in the service usage log information 450b is equal to the number of audit accesses (step S413, Yes), the digest value verification unit 460d uses the digest value from the service usage log information 450b. (Step S414), the digest value included in the audit information of the audit management information 450a is compared with the digest value calculated from the service usage log information 450b, and whether or not the digest values are equal. (Step S415).
[0117] それぞれのダイジェスト値が異なる場合には (ステップ S416, No)、ステップ S404 に移行する。一方、それぞれのダイジェスト値が等しい場合には (ステップ S416, Ye s)、サービス利用ログ情報が適切である旨の情報を出力部 220に出力する (ステップ S417)。  [0117] If the digest values are different (step S416, No), the process proceeds to step S404. On the other hand, if the digest values are equal (step S416, Yes), information indicating that the service usage log information is appropriate is output to the output unit 220 (step S417).
[0118] このように、ダイジェスト値検証部 460dが、サービス利用ログ情報 450bカもダイジ エスト値を算出し、監査管理情報 450aの監査情報に含まれるダイジェスト値と、サー ビス利用ログ情報 450bから算出されたダイジェスト値とを比較するので、サービス利 用ログ情報 450bの正当性をより正確に判定することができる。 [0118] In this way, the digest value verification unit 460d calculates the digest value of the service usage log information 450b, and the digest value included in the audit information of the audit management information 450a Since the digest value calculated from the service usage log information 450b is compared, the legitimacy of the service usage log information 450b can be determined more accurately.
[0119] 上述してきたように、本実施例 2にかかるサービス提供システムは、データセンタ 30 0がサービス利用ログ情報に記録された情報のうち、所定領域 (過去一定期間)の情 報を基にしてダイジェスト値を生成し、サービス提供先となる端末に監査情報とダイジ ェスト値とを送信する。そして、サービスプロバイダ 400は、データセンタ 300から仕事 量に応じた料金を請求された場合などに、監査情報およびダイジェスト値と、サービ ス利用ログ情報およびこのサービス利用ログ情報によって生成されるダイジェスト値と をそれぞれ比較し、サービス利用ログ情報が不正に改竄されているカゝ否かを判定す るので、サービス利用ログ情報 450bの正当性を判定することができるとともに、サー ビス利用ログ情報 450bの改竄を効率よく防止することができる。 [0119] As described above, the service providing system according to the second embodiment is based on information in a predetermined area (predetermined period) among information recorded in the service usage log information by the data center 300. The digest value is generated, and the audit information and the digest value are transmitted to the terminal that provides the service. Then, when the service provider 400 is charged by the data center 300 according to the workload, the service information 400 includes the audit information and the digest value, the service usage log information, and the digest value generated from the service usage log information. Are compared to determine whether the service usage log information has been tampered with illegally. Therefore, it is possible to determine the validity of the service usage log information 450b and to tamper with the service usage log information 450b. Can be efficiently prevented.
[0120] さて、これまで本発明の実施例について説明したが、本発明は、上述した実施例 1 , 2以外にも、種々の異なる形態にて実施されてよいものである。そこで、以下におい て、本発明に含まれる他の実施例を説明する。  [0120] Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the first and second embodiments described above. Therefore, other embodiments included in the present invention will be described below.
[0121] 上記の実施例では、監査員が利用者端末を操作して、データセンタ 100にアクセス し、監査情報を取得した後、監査員が監査情報をサービスプロバイダ 200に送信して いたが、これに限定されるものではなぐ利用者端末が自動で行ってもよい。すなわ ち、監査を行う利用者端末がデータセンタ 100にアクセスし、データセンタから出力さ れた監査情報をサービスプロバイダ 200に送信するように利用者端末を構成してもよ い。また、利用者端末は、利用者がデータセンタ 100にアクセスする平均的な時間間 隔よりも短い間隔 (所定値以下の時間間隔)によって、データセンタ 100に対するァク セスを繰り返すことによって、アクセス時に不正に水増しアクセスを発生させ、サービ ス利用ログ情報を不正に操作されることを防止することができる。  [0121] In the above embodiment, after the auditor operates the user terminal to access the data center 100 and obtains the audit information, the auditor transmits the audit information to the service provider 200. A user terminal that is not limited to this may be automatically performed. In other words, the user terminal that performs the audit may access the data center 100, and the user terminal may be configured to transmit the audit information output from the data center to the service provider 200. In addition, the user terminal repeats access to the data center 100 at an interval shorter than the average time interval at which the user accesses the data center 100 (time interval equal to or less than a predetermined value). Unauthorized padding can be generated to prevent unauthorized use of service usage log information.
[0122] これは、十分に短い間隔で利用者端末がアクセスすることによって、サービス利用 ログ情報でもそれらのアクセスが連続して記録される可能性が高くなる(監査を行った 利用者端末のアクセス履歴が連続して記録される可能性が高くなる)が、それらが連 続して 、な 、場合に、サービス利用ログ情報に対して不正が行われたと判定すること ができる。 [0123] また、上記の実施例では、データセンタ 100は、サービス要求に応答して監査情報 を暗号ィ匕して利用者端末に送信していたがこれに限定されるもではなぐ監査情報を ユーザが入手する情報 (例えば、オンライン CADサービスの利用者であるなら、作成 した CADファイルなど)に埋め込み、利用者端末に送信することもできる。また、電子 透力 技術を用いて、監査情報を不可視化することによって、一般の利用者が監査 情報の詳細を理解できな 、ようにし、情報漏洩の問題を解消することができる。 [0122] This is because the access by the user terminal at a sufficiently short interval increases the possibility that the access is continuously recorded even in the service usage log information (access of the user terminal that performed the audit). In this case, it is possible to determine that fraud has been performed on the service use log information. [0123] In the above embodiment, the data center 100 encrypts the audit information in response to the service request and transmits it to the user terminal. However, the audit information is not limited to this. It can be embedded in information obtained by the user (for example, a created CAD file if the user is an online CAD service) and sent to the user terminal. In addition, by making the audit information invisible using electronic permeability technology, it is possible to prevent the general user from understanding the details of the audit information and solve the problem of information leakage.
[0124] ところで、上記実施例で説明した各種の処理は、あら力じめ用意されたプログラムを コンピュータで実行することによって実現することができる。そこで、以下では、図 20 を用いて、上記各種処理を実現するプログラムを実行するコンピュータの一例につい て説明する。  By the way, the various processes described in the above embodiments can be realized by executing a prepared program on a computer. Therefore, in the following, an example of a computer that executes a program that realizes the various processes will be described with reference to FIG.
[0125] 図 20は、図 2に示したデータセンタ 100あるいはサービスプロバイダ 200 (図 12に 示したデータセンタ 300ある!/、はサービスプロバイダ 400)を構成するコンピュータの ハードウェア構成を示す図である。このコンピュータは、ユーザからのデータの入力を 受け付ける入力装置 30、モニタ 31、 RAM (Random Access Memory) 32、 ROM (R ead Only Memory) 33、各種プログラムを記録した記録媒体からプログラムを読み 取る媒体読取装置 34、ネットワークを介して他のコンピュータとの間でデータの授受 をおこなうネットワークインターフェース 35、 CPU (Central Processing Unit) 36、お よび、 HDD (Hard Disk Drive) 37をバス 38で接続して構成される。  FIG. 20 is a diagram showing a hardware configuration of a computer constituting the data center 100 or the service provider 200 shown in FIG. 2 (the data center 300 shown in FIG. 12 is! / Is the service provider 400). . This computer is an input device 30 that accepts input of data from the user, a monitor 31, a RAM (Random Access Memory) 32, a ROM (Read Only Memory) 33, and a medium reading that reads programs from various recording media. Device 34, network interface 35 that exchanges data with other computers via the network, CPU (Central Processing Unit) 36, and HDD (Hard Disk Drive) 37 are connected via bus 38. The
[0126] そして、 HDD37には、上述したデータセンタ 100あるいはサービスプロバイダ 200  [0126] The HDD 37 includes the data center 100 or the service provider 200 described above.
(データセンタ 300ある 、はサービスプロバイダ 400)の機能と同様の機能を発揮する 各種プログラム 37bが記憶されている。そして、 CPU36力 各種プログラム 37bを H DD37から読み出して実行することにより、上述したデータセンタ 100およびサービス プロバイダの機能部の機能を実現する各種プロセス 36aが起動される。  Various programs 37b that exhibit functions similar to those of the data center 300 or the service provider 400 are stored. Then, by reading the CPU 36 power various programs 37b from the HDD 37 and executing them, the various processes 36a for realizing the functions of the data center 100 and the service provider function unit described above are started.
[0127] また、 HDD37には、上述したデータセンタ 100あるいはサービスプロバイダ 200 ( データセンタ 300あるいはサービスプロバイダ 400)の記憶部に記憶されるデータに 対応する各種データ 37aが記憶される。 CPU36は、各種データ 37aを HDD37に記 憶するとともに、各種データ 37aを HDD37から読み出して RAM32に格納し、 RAM 32に格納された各種データ 32aに基づいてデータ処理を実行する。 [0128] ところで、各種プログラム 37bは、必ずしも最初力も HDD37に記憶させておく必要 はない。たとえば、コンピュータに挿入されるフレキシブルディスク(FD)、 CD— RO M、 DVDディスク、光磁気ディスク、 ICカードなどの「可搬用の物理媒体」、または、 コンピュータの内外に備えられるハードディスクドライブ (HDD)などの「固定用の物 理媒体」、さらには、公衆回線、インターネット、 LAN, WANなどを介してコンビユー タに接続される「他のコンピュータ (またはサーバ)」などに各種プログラム 37bを記憶 しておき、コンピュータがこれら力も各種プログラム 37bを読み出して実行するようにし てもよい。 Further, the HDD 37 stores various data 37a corresponding to the data stored in the storage unit of the data center 100 or the service provider 200 (data center 300 or service provider 400) described above. The CPU 36 stores various data 37a in the HDD 37, reads the various data 37a from the HDD 37, stores the data 37a in the RAM 32, and executes data processing based on the various data 32a stored in the RAM 32. [0128] By the way, the various programs 37b do not necessarily have the initial power stored in the HDD 37. For example, “portable physical media” such as a flexible disk (FD), CD—ROM, DVD disk, magneto-optical disk, IC card, etc. inserted into a computer, or a hard disk drive (HDD) provided inside or outside the computer Various programs 37b are stored in “fixed physical media” such as “other computers (or servers)” connected to the computer via public lines, the Internet, LAN, WAN, etc. Alternatively, the computer may read and execute the various programs 37b.
[0129] さて、これまで本発明の実施例について説明したが、本発明は上述した実施例以 外にも、特許請求の範囲に記載した技術的思想の範囲内において種々の異なる実 施例にて実施されてもよいものである。  [0129] Although the embodiments of the present invention have been described so far, the present invention can be applied to various different embodiments within the scope of the technical idea described in the claims other than the above-described embodiments. May be implemented.
[0130] また、本実施例において説明した各処理のうち、自動的におこなわれるものとして 説明した処理の全部または一部を手動的におこなうこともでき、あるいは、手動的に おこなわれるものとして説明した処理の全部または一部を公知の方法で自動的にお こなうことちでさる。  [0130] In addition, among the processes described in the present embodiment, all or a part of the processes described as being automatically performed can be manually performed, or are described as being manually performed. All or part of the processing is done automatically by a known method.
[0131] この他、上記文書中や図面中で示した処理手順、制御手順、具体的名称、各種の データやパラメータを含む情報については、特記する場合を除いて任意に変更する ことができる。  [0131] In addition, the processing procedures, control procedures, specific names, information including various data and parameters shown in the above documents and drawings can be arbitrarily changed unless otherwise specified.
[0132] また、図示した各装置の各構成要素は機能概念的なものであり、必ずしも物理的に 図示のように構成されていることを要しない。すなわち、各装置の分散'統合の具体 的形態は図示のものに限られず、その全部または一部を、各種の負荷や使用状況な どに応じて、任意の単位で機能的または物理的に分散 ·統合して構成することができ る。  [0132] The constituent elements of the illustrated apparatuses are functionally conceptual, and need not be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to the one shown in the figure, and all or a part thereof is functionally or physically distributed in an arbitrary unit according to various loads and usage conditions. · Can be integrated and configured.
[0133] さらに、各装置にて行なわれる各処理機能は、その全部または任意の一部が、 CP Uおよび当該 CPUにて解析実行されるプログラムにて実現され、あるいは、ワイヤー ドロジックによるハードウェアとして実現され得る。 産業上の利用可能性  [0133] Furthermore, all or a part of each processing function performed in each device is realized by a program analyzed and executed by the CPU and the CPU, or as hardware by wired logic. Can be realized. Industrial applicability
[0134] 以上のように、本発明にカゝかるサービス提供装置、サービス提供システムおよびサ 一ビス提供方法は、サービスプロバイダにサービス提供の実施を委託されたサービ ス提供装置がサービスを利用者の端末にサービスを提供するサービス提供システム などに有用であり、特に、サービス提供装置が提供したサービスの仕事量にかかる履 歴情報の正当性を的確に判定する必要がある場合に適している。 As described above, the service providing apparatus, the service providing system, and the service according to the present invention. The service provision method is useful for a service provision system in which a service provision device entrusted with service provision to a service provider provides a service to a user terminal, and in particular, provided by the service provision device. This is suitable when it is necessary to accurately determine the validity of the history information related to the service workload.

Claims

請求の範囲 The scope of the claims
[1] コンピュータをアクセスしてきた端末に対し Webサービスを提供するサービス提供 装置として機能させるサービス提供プログラムであって、  [1] A service providing program that functions as a service providing device that provides a Web service to a terminal that has accessed a computer,
前記コンピュータを  The computer
アクセスしてきた端末に対して提供したサービスの仕事量を計測し、計測した仕事 量のデータをログデータとして記録するデータ記録手段と、  Data recording means for measuring the workload of the service provided to the accessed terminal and recording the measured workload data as log data;
サービス要求に応答してサービスの提供を行う場合に、サービスの提供先となる端 末に前記データ記録手段によって記録されたログデータを監査データとして送信す る送信制御手段と、  A transmission control means for transmitting, as audit data, log data recorded by the data recording means to a terminal that provides the service when providing a service in response to a service request;
として機能させることを特徴とするサービス提供プログラム。  Service providing program characterized by functioning as
[2] 前記ログデータに基づ 、てダイジェスト値を生成するダイジェスト値生成手段を更 に備え、前記送信制御手段はサービス要求に応答してサービスの提供を行う場合に 、サービスの提供先となる端末に、前記ダイジェスト値を送信することを特徴とする請 求項 1に記載のサービス提供プログラム。 [2] A digest value generating means for generating a digest value based on the log data is further provided, and the transmission control means becomes a service providing destination when providing a service in response to a service request. The service providing program according to claim 1, wherein the digest value is transmitted to a terminal.
[3] 前記ダイジェスト値生成手段は前記データ記録手段に記録された所定期間のログ データによってダイジェスト値を生成することを特徴とする請求項 2に記載のサービス 提供プログラム。 3. The service providing program according to claim 2, wherein the digest value generating unit generates a digest value based on log data of a predetermined period recorded in the data recording unit.
[4] サービスプロバイダにサービス提供の実施を委託されたサービス提供装置が利用 者の端末に対するサービス提供を行うサービス提供システムであって、  [4] A service providing system in which a service providing apparatus entrusted with service provision to a service provider provides a service to a user terminal,
前記サービス提供装置は、  The service providing apparatus includes:
サービス提供に関する仕事量をアクセスしてきた端末に対して提供したサービスの 仕事量を計測し、計測した仕事量のデータをログデータとして記録するデータ記録 手段と、  Data recording means for measuring the workload of the service provided to the terminal that has accessed the workload related to service provision, and recording the measured workload data as log data;
サービス要求に応答してサービスの提供を行う場合に、サービスの提供先となる端 末に前記データ記録手段によって記録されたログデータを監査データとして送信す る送信制御手段と、  A transmission control means for transmitting, as audit data, log data recorded by the data recording means to a terminal that provides the service when providing a service in response to a service request;
を備え、  With
監査端末は、 前記サービス提供装置にアクセスすることにより取得した前記監査データと、前記 データ記録手段に記録されたログデータを取得し、取得した監査データおよびログ データに基づ 、て前記ログデータが改竄されて 、るか否かを判定する判定手段、 を備えたことを特徴とするサービス提供システム。 The audit terminal The audit data acquired by accessing the service providing apparatus and the log data recorded in the data recording means are acquired, and the log data is falsified based on the acquired audit data and log data, A service providing system comprising: a determination unit that determines whether or not
[5] 前記サービス提供装置は、前記データ記録手段に記録されたログデータに基づい てダイジェスト値を生成するダイジェスト値生成手段を更に備え、前記送信制御手段 はサービス要求に応答してサービスの提供を行う場合に、サービスの提供先となる端 末に前記ダイジェスト値を送信し、前記判定手段は前記監査員の端末に送信された ダイジェスト値と前記ログデータから生成されるダイジェスト値とを基にして前記ログデ ータが改竄されているか否かを判定することを特徴とする請求項 4に記載のサービス 提供システム。 [5] The service providing apparatus further includes digest value generating means for generating a digest value based on log data recorded in the data recording means, and the transmission control means provides a service in response to a service request. When performing, the digest value is transmitted to a terminal to which the service is provided, and the determination means is based on the digest value transmitted to the auditor's terminal and the digest value generated from the log data. 5. The service providing system according to claim 4, wherein it is determined whether or not the log data has been tampered with.
[6] サービス提供装置及び該サービス提供装置へ Webサービスを代行させるプロバイ ダの監査者が利用する端末が行うサービス提供方法であって、  [6] A service providing method performed by a service providing device and a terminal used by an inspector of a provider who substitutes the Web service to the service providing device,
サービス提供に関する仕事量をアクセスしてきた端末に対して提供したサービスの 仕事量を計測し、計測した仕事量のデータをログデータとして記録装置に記録する 記録工程と、  A recording step of measuring the workload of the service provided to the terminal that has accessed the workload related to service provision, and recording the measured workload data as log data in a recording device;
サービス要求に応答してサービスの提供を行う場合に、サービスの提供先となる端 末に前記記録装置によって記録されたログデータを監査データとして送信する送信 制御工程と、  A transmission control step of transmitting, as audit data, log data recorded by the recording device to a service providing destination when providing a service in response to a service request;
前記監査員の端末に送信された前記監査データおよび前記ログデータを取得し、 前記ログデータが改竄されている力否かを判定する判定工程と、  Obtaining the audit data and the log data transmitted to the terminal of the auditor, and determining whether or not the log data has been tampered with;
を含んだことを特徴とするサービス提供方法。  A service providing method characterized by including:
[7] サービス提供装置が、前記ログデータに基づいてダイジェスト値を生成するダイジ エスト値生成工程を更に含み、前記送信制御工程は、サービス要求に応答してサー ビスの提供を行う場合に、サービスの提供先となる端末に前記ダイジェスト値を送信 し、前記判定工程は前記監査員の端末に送信されたダイジェスト値と前記ログデータ 力 生成されるダイジェスト値とを基にして前記ログデータが改竄されている力否かを 判定することを特徴とする請求項 6に記載のサービス提供方法。 [7] The service providing device further includes a digest value generating step of generating a digest value based on the log data, and the transmission control step provides a service when providing the service in response to the service request. The digest value is transmitted to the terminal to which the log data is provided, and the log data is falsified based on the digest value transmitted to the auditor's terminal and the digest value generated in the log data force in the determination step. The service providing method according to claim 6, wherein it is determined whether or not the user has power.
[8] 前記ダイジェスト値生成工程は前記記録装置に記録された所定期間の前記ログデ ータによってダイジェスト値を生成することを特徴とする請求項 7に記載のサービス提 供方法。 8. The service providing method according to claim 7, wherein the digest value generating step generates a digest value based on the log data for a predetermined period recorded in the recording device.
[9] コンピュータをアクセスしてきた端末に対し Webサービスを提供するサービス提供 装置として機能させるサービス提供装置であって、  [9] A service providing device that functions as a service providing device that provides a Web service to a terminal that has accessed a computer,
アクセスしてきた端末に対して提供したサービスの仕事量を計測し、計測した仕事 量のデータをログデータとして記録するデータ記録手段と、  Data recording means for measuring the workload of the service provided to the accessed terminal and recording the measured workload data as log data;
サービス要求に応答してサービスの提供を行う場合に、サービスの提供先となる端 末に前記データ記録手段によって記録されたログデータを監査データとして送信す る送信制御手段と、  A transmission control means for transmitting, as audit data, log data recorded by the data recording means to a terminal that provides the service when providing a service in response to a service request;
を有することを特徴とするサービス提供装置。  A service providing apparatus comprising:
[10] 前記ログデータに基づ 、てダイジェスト値を生成するダイジェスト値生成手段を更 に備え、前記送信制御手段はサービス要求に応答してサービスの提供を行う場合に[10] A digest value generating means for generating a digest value based on the log data is further provided, and the transmission control means provides a service in response to a service request.
、サービスの提供先となる端末に、前記ダイジェスト値を送信することを特徴とする請 求項 9に記載のサービス提供装置。 10. The service providing apparatus according to claim 9, wherein the digest value is transmitted to a terminal that is a service providing destination.
[11] 前記ダイジェスト値生成手段は前記データ記録手段に記録された所定期間のログ データによってダイジェスト値を生成することを特徴とする請求項 10に記載のサービ ス提供装置。 11. The service providing apparatus according to claim 10, wherein the digest value generating unit generates a digest value based on log data for a predetermined period recorded in the data recording unit.
PCT/JP2006/319362 2006-09-28 2006-09-28 Service providing device, service providing system, and service providing method WO2008038386A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/319362 WO2008038386A1 (en) 2006-09-28 2006-09-28 Service providing device, service providing system, and service providing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/319362 WO2008038386A1 (en) 2006-09-28 2006-09-28 Service providing device, service providing system, and service providing method

Publications (1)

Publication Number Publication Date
WO2008038386A1 true WO2008038386A1 (en) 2008-04-03

Family

ID=39229834

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/319362 WO2008038386A1 (en) 2006-09-28 2006-09-28 Service providing device, service providing system, and service providing method

Country Status (1)

Country Link
WO (1) WO2008038386A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011022825A (en) * 2009-07-16 2011-02-03 Nippon Telegr & Teleph Corp <Ntt> Service providing system, and method and program for checking alteration
JP2015181045A (en) * 2010-06-02 2015-10-15 ヴイエムウェア インクVMware, Inc. Securing customer virtual machines in multi-tenant cloud

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1139219A (en) * 1997-07-18 1999-02-12 Fuji Xerox Co Ltd Data-to-be-verified generating device, data verifying device, and medium recording verified data generating program
JP2002169909A (en) * 2000-12-04 2002-06-14 Fujitsu Ltd Public opening verifying system, recording server for browsing access log, recording server for publishing access log, server for digital signature and information terminal for browsing access
JP2002229943A (en) * 2001-02-05 2002-08-16 Hitachi Ltd Transaction processing system having service level controlling mechanism and program for the system
JP2003143139A (en) * 2001-11-07 2003-05-16 Fujitsu Ltd Program and method for storing and verifying digital data
JP2004165761A (en) * 2002-11-11 2004-06-10 Nec Corp Communication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1139219A (en) * 1997-07-18 1999-02-12 Fuji Xerox Co Ltd Data-to-be-verified generating device, data verifying device, and medium recording verified data generating program
JP2002169909A (en) * 2000-12-04 2002-06-14 Fujitsu Ltd Public opening verifying system, recording server for browsing access log, recording server for publishing access log, server for digital signature and information terminal for browsing access
JP2002229943A (en) * 2001-02-05 2002-08-16 Hitachi Ltd Transaction processing system having service level controlling mechanism and program for the system
JP2003143139A (en) * 2001-11-07 2003-05-16 Fujitsu Ltd Program and method for storing and verifying digital data
JP2004165761A (en) * 2002-11-11 2004-06-10 Nec Corp Communication system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011022825A (en) * 2009-07-16 2011-02-03 Nippon Telegr & Teleph Corp <Ntt> Service providing system, and method and program for checking alteration
JP2015181045A (en) * 2010-06-02 2015-10-15 ヴイエムウェア インクVMware, Inc. Securing customer virtual machines in multi-tenant cloud

Similar Documents

Publication Publication Date Title
JP3905961B2 (en) Temporary signature authentication method and system
JP4746233B2 (en) Trusted computing platforms that limit the use of data
EP1529371B1 (en) Monitoring of digital content provided from a content provider over a network
JP4806235B2 (en) System and method for enforcing location privacy using rights management
JP4818664B2 (en) Device information transmission method, device information transmission device, device information transmission program
EP1434119A2 (en) License management method and license management system
US20130114808A1 (en) System and method for providing an indication of randomness quality of random number data generated by a random data service
JPH10123950A (en) Data verification method, verified data generation device, and data verification device
JP2002259605A (en) Device and method for information processing and storage medium
JP2010514000A (en) Method for securely storing program state data in an electronic device
US20040133812A1 (en) Password recovery system
US20090025061A1 (en) Conditional peer-to-peer trust in the absence of certificates pertaining to mutually trusted entities
KR20040028086A (en) Contents copyright management system and the method in wireless terminal
JP5278495B2 (en) Device information transmission method, device information transmission device, device information transmission program
JP5781678B1 (en) Electronic data utilization system, portable terminal device, and method in electronic data utilization system
JP4510392B2 (en) Service providing system for personal information authentication
WO2008038386A1 (en) Service providing device, service providing system, and service providing method
KR100609701B1 (en) An transaction certification method and system to protect privacy on electronic transaction details
JP5665592B2 (en) Server apparatus, computer system, and login method thereof
JP2004140715A (en) System and method for managing electronic document
JP2002229451A (en) System, method, and program for guaranteeing date and hour of creation of data
JP2008269544A (en) Using object information management device, using object information management method, and program therefor
TW200941996A (en) Using mobile device to construct a secure E-DRM method
JP2007096413A (en) Packet recording support apparatus, packet recording support method, and packet recording support program
JP2005149011A (en) Data processor and history verifying method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06798410

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06798410

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP