JP2000163375A - Method for managing right of access between plural edi systems - Google Patents

Abstract

PROBLEM TO BE SOLVED: To easily and flexibly provide an access right managing function in the case of sharing a document prepared in an inter-enterprise transaction or information on a job status between EDI systems having different certification systems. SOLUTION: Concerning an access right managing method between plural EDI systems, the job status or document information can be shared only between the specified enterprises related to the job among enterprises under the control of plural EDI systems.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The present invention is based on the development of electronic commerce, the increase of EDI systems based on it, and the increase of cross-border transactions. The number of transactions between companies with different certification systems (indicating a case where the company has been certified by one EDI system but has not been certified by another EDI system) will increase in the future. Conceivable.

[0002] For example, in the digitization of trade transactions, the exchange of electronic documents at cross borders is required. On the other hand, the issuance of certificates should be carried out in the EDI system of each country, and in other regions. There is a view that the certification authority certifies companies in its own country because it violates the national trade policy, and there is a mechanism to realize cooperation between EDI systems with different certification systems. It has been demanded.

[0003] The present invention relates to information sharing and cooperation between EDI systems having different authentication systems. Information access for sharing information such as business status and created documents shared between companies under one EDI system to companies under another EDI system with a different authentication system as necessary Provision of authority management method allows information to be cut off between specific companies related to business even if it is operated separately for each region, country, and company group and divided into EDI systems with different authentication systems. The present invention relates to a technology for realizing the smooth execution of work without any problem.

[0004]

2. Description of the Related Art As means for acquiring information from EDI systems having different authentication systems, each company has its own E-mail system.
It is generally known that a certificate is obtained from a certificate authority that authenticates transactions on the DI system, and a plurality of certificates are properly used as necessary.

In the case where a plurality of certificates are obtained and the information managed by another EDI system is not directly accessed, a method of indirectly obtaining the information via a company under the umbrella may be considered. This is because, once a company under the umbrella receives the required information from the EDI system in which the information is registered and managed, the electronic data or paper-based (F
(AX, mail) Information is delivered to the partner company by other methods.

[0006]

EDs with different authentication systems
In the I-system, in order to directly access information such as managed documents, it is necessary to be authenticated as an end entity by a partner certificate authority.
EDI systems that are deeply involved in national policies, such as when the I-system
In the case of a system, this is not a practical means. Even if a certificate could be obtained from some EDI systems, each company would need to manage certificates, keys, etc., as well as separate operating procedures for each EDI system and, in some cases, terminal equipment. There are inconveniences in terms of cost, work efficiency, etc., such as the necessity to use differently. In addition, each E
Unless a mechanism for coordinating the DI systems is provided, the use of the vertical division is required for each individual EDI system.

On the other hand, the information to be accessed is stored in the EDI
If the method of obtaining via a company under the umbrella of the system is adopted, the company that receives the information and the company that receives the information,
If there is no infrastructure for mutual information exchange and mechanisms for safely exchanging document information etc., paper-based exchanges (FAX, mail, etc.) will occur.
You will not be able to enjoy the benefits of e-commerce, such as paperlessness, reduced work load, and faster work.

[0008] An object of the present invention is not to use any of the above means, but to copy information required between a plurality of EDI systems to each other, and to obtain access from some business-related companies. Access authority management to allow access to information such as business status and documents,
It provides a means of information sharing.

[0009]

SUMMARY OF THE INVENTION In order to solve the above-mentioned problems, the present invention provides means for transmitting information such as a business status management table or a document of one EDI system to another EDI system, and means for transmitting the information to another EDI system. Means for creating access right information for the information is provided.

[0010] Also, the EDI system of the other party (for transmitting information such as a business status management table and a document) includes:
Means for storing and managing the received information such as the business status management table and the documents, the access authority when there is an information search request for the business status management table and the documents using the access authority information from the affiliated company; Means for performing access control by checking for presence / absence, and, among the affiliated companies, store the ID, address information, and the like of the company that has accessed information such as a business status management table and documents using the access authority information. And a means to manage it.

A means for transmitting information such as a business status management table and a document to another EDI system in a plurality of EDI systems, and a means for storing and managing information such as a received business status management table and a document. , It is possible to have an original and a copy of the information. As a premise, each ED
It is assumed that the I-system has mutually issued a certificate from the other party's certificate authority, and that one of the EDI systems can copy document / table information to the other-side EDI system. .

In the means for creating access authority information, based on an instruction from a company that creates and approves information such as a business status management table and documents, the information including the identification information of the documents and tables and the date and time information can be obtained. Using a hash function and a secret key (such as a document / table creator / approver) to create electronic signature information, register this in the access authority management table as access authority information, and grant access authority Deliver to the company of the destination you want to deliver (the delivery method may be Internet mail, an in-house system, another EDI system, IC card or other media, etc., but it is not specified here).

This digital signature (= access authority information)
Since the information containing the date and time is created, every time the document is updated, a new one can be created and the previously created one can be replaced each time, giving access authority. Even if it becomes necessary to change the target person every moment, it is possible to flexibly respond.

[0014] Further, when a plurality of companies are related to a certain document as an authorized person (usually, there is a creator and an approver, and when the document is a security, the access right to the document is also limited to the security. May be changed in response to the transfer of the relevant company), the access authority information can be created separately for each company, and unless the access authority information is delivered from all or some of the related companies, For example, it is also possible to change restrictions on access authority according to business needs, such as prohibiting access to documents.

When a copy is created by transmitting information from one EDI system to another EDI system, only those for which access authority information has been created with respect to the business status management tables and documents. Therefore, there is no other party who grants access authority other than the company that created and approved the table / document (one EDI
(Only access from companies under the system umbrella occurs)
In such a case, information is not transmitted to another EDI system, and unnecessary copying is suppressed.

Further, when a subsidiary company of another EDI system requests an information search using the access authority information, by providing means for storing and managing the ID, address information, and the like of the corresponding company, one time However, if there is a change to the accessed information (document, business status management table, etc.), a message is automatically sent to notify the change based on the stored ID and address information. It is possible to do.

[0017]

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing an outline of the operation of the present invention.

FIG. 1A is a block diagram of the present invention. An input / output device 101 for inputting a transaction and receiving a processing result and a message from another company by a user (a person in charge of a user department of a company that performs inter-company transactions under the umbrella of the EDI system 102 described later) System 102 that performs processing in response to a request from a user, a communication control device 103 that controls message exchange between each
A certificate authority system 104 that issues and manages certificates for companies that conduct transactions under the umbrella of the I system 102 is configured in a certain country, region, company group, or the like.

Similarly, in another country, region, company group, or the like, a user inputs / outputs a transaction and receives an input / output device 111 for receiving a processing result and a message from another company.
EDI system 1 that performs processing in response to a request from a user
12, a communication control device 113 for controlling the message exchange between them, and a certificate authority system 114 for issuing a certificate to a company that transacts under the EDI system 112.

The EDI system 102 shown in FIG.
A certificate management file 105 for managing issued certificates after examination by the certificate authority system 104, a document management file 106 for managing documents created in the inter-company transaction in the EDI system 102, information on the progress of business Is managed in a business status management table 107 that manages the information. In the EDI system 102, the access right management table 108 is created and updated by the access right management information creation unit 109, and the table and the document information transmission control unit 110 are added to the document management file 110 according to the contents of the access right management table 108. All or part of the contents of the business status management table 107, the business status management table 107, and the access authority management table 108 are transmitted to the EDI system 112 such as another country, region, or company group.

On the other hand, in the EDI system 112, a certificate management file 115 for managing issued certificates after examination by the certificate authority system 114, and the EDI system 10
2, a document management file 116 obtained by copying all or a part of the document management file 106 in the EDI system 1
In addition to the business status management table 117 obtained by copying the business status management table of the EDI system 102, an access right management table 118 is managed as a copy of the access right management table 108 of the EDI system 102. In the EDI system 112, the table and document information reception control unit 120 stores the table and document information transmitted from the EDI system 102 in a predetermined file.

Search processing control unit 1 based on access authority information
In step 21, based on the contents of the access right management table 118, the presence or absence of the access right is checked in response to the table and file search request input from the input / output device 111. File 116
The document and table information are retrieved from the business status management table 117, and the result is returned. At this time, information (I) relating to a company that has made a search request for documents and table information from the input / output device 111 using the access authority information.
D, address information, etc.) in the access authority holding company information table 119.

Next, the embodiment will be described in detail with reference to FIGS.

The access authority management information creation unit 109 in the EDI system 102 shown in FIG.
The access authority information is created using the information in the document management file 201 shown in FIG. The document management file 201 includes, for each document or table managed in the document management file 106, a document number for identifying a type and a document, a creator, a creation date / time, an approver, and an approval date / time. In addition, a sales contract number (one that specifies a transaction = a unit of business status management) is set.

FIG. 4 shows a business status management table 401.
The following is an example of business 1, 2, 3, 3
And the status information is managed, and it is considered that the table becomes a table using other information as a key instead of the sales contract number depending on the business.

In the transaction of the sales contract number 98080101,
Document of document type = DA and document number = DA01 is a company a
In the first embodiment, the processing related to the creation of the access right information in the case of the creation by the company a is performed after the update of the company a to the same document and the approval by the company b are performed.
A process in which access authority information for the document is newly created and replaced with an old one will be described as a second embodiment.

Embodiment 1: Sales contract number 98080101
When a document having a document type = DA and a document number = DA01 is created by the company a at 8/19: 02: 13, the access right management information creation unit 109 causes the company a
(“Sales contract number 98080101” to “document number D
A01 ”) 202 and the electronic signature S1 (20
3) is created (after the hash value is obtained, encrypted with the secret key of the company a itself), and this is used as the access right information, and the “access right information (creator setting)” for the document number DA01 in the access right management table 301 is created. Set to 302.

The company a gives the access right to the document by the delivered company by delivering the electronic signature = access right information to another company. When the same company is also given access right to the business status management table, the above-mentioned electronic signature = access is also included in “access right information (creator setting)” 303 relating to the business status management table in the access right management table 301. The authority information S1 is set.

Processing flow in this case, input / output device 101
Will be described with reference to FIGS.
In the processing step 601 in FIG. 6, when the company a makes a transaction, the corresponding part of the document management table 201 for managing the created document is updated. At this time, the screen 901 in FIG. 10 is displayed for the company a. On the screen, in addition to the sales contract number, document, table type, document number, creator, approver,
Area 902 for displaying already set information on access authority
In addition, there is an area for setting a request from the company a for access authority information.

As information to be set, as shown in FIG. 10, the company a designates whether or not to create access authority information 903, and determines whether to replace the access authority information with the newly created access authority information when existing access authority information exists. Designation 904, designation 905 of whether newly created access authority information is required at the time of accessing the document, identification information 906 of an EDI system as a copy destination of the document, and a company having access authority to the document. Specifying whether to grant access authority to the business status management table to the user 9
07.

Based on these designations, 60 in FIGS.
Discrimination processing in each processing step of 2, 604, 607, 608, 610 is performed. In the first embodiment, in the processing step 603, since the access right information for the same document has not been issued, the electronic signature for “sales contract number to document number” in the document management table is set as the access right information (606). .

In the next step 607, by specifying "EDI system B" as the copy destination EDI system, the document number D in the access authority management table 301 is designated.
B is set in the copy destination EDI system 304 for A01, and B is similarly set in the copy destination EDI system 305 for the business status management table.

In the processing step 608, it is asked whether or not the access authority information created as described above is indispensable when accessing with another EDI system. (If it is not specified as mandatory, for example, if there is access authority information created by company b (assuming it is T1), documents and tables can be accessed without access authority information S1 from company a.) If it is specified that the creator is required in the access authority management table 301, “necessary” is set in the necessity 306 of the creator specification regarding the document number DA01.

In processing step 601, a designation is made as to whether a company having access authority to the document DA01 is also granted access authority to the business status management table. When awarding, in processing step 612,
As described above, S1 is set in 303 of the access authority management table 301.

Embodiment 2: Sales contract number 98080101
If the document with the document type = DA and the document number = DA01 is approved by the company b at 8/1 13:20:18, the access right management information creation unit 109 sets the company a to (“sales contract”). No. 98080101 ”to“ approval date / time 8/1 13:20:18 ”) 204, an electronic signature S2 (205) is created (after the hash value is obtained, it is encrypted with the private key of company a itself), and The document number D of the access right management table 301 is used as the access right information.
“Access right information (creator setting)” for A01 3
07 (actually, S1 previously set is replaced with S2).

Similarly, when the access authority for the business status management table is also changed from S1 to S2, the electronic signature is added to the “access authority information (creator setting)” 308 for the business status management table in the access authority management table 301. = Access right information S2
Set.

In the processing step 603 in FIG. 6, since it is recognized that the access authority information has already been issued, the next processing step is 604. In the second embodiment, the access authority information for the same document is replaced from S1 to S2. Proceeding to processing step 605, as described above, "sales contract number 9808"
0101 ”to“ Approval date 8/1 13:20:18 ”)
An electronic signature S2 (205) is created for the object 204. The following processing is the same as in the first embodiment, and will not be described.
Regarding the copy destination EDI system and the necessary conditions at the time of access, each time the access authority information is changed, it is checked whether the user has changed the designation. (End of description of the second embodiment.) The processing of the “table and document information transmission control unit” 110 in the EDI system 102 will be briefly described. This is basically considered a transaction started by batch control. In the access right management table 301, only when the information is set in either the access right information (creator setting) or the access right information (approver setting), the document file 108, the business status management table 107, the access It is assumed that the authority management table 108 is copied. At this time, the copy destination is also based on the information set in the copy destination EDI system of the access authority management table 301.

Next, a description will be given of an embodiment of the EDI system 112 at the copy destination (when a company granting access authority searches for information). The access authority information transferred to the user input / output device in FIG. 1 is transferred to a company under the EDI system 112 in some form via a mail system, an in-house system, another EDI system, or the like. . The access right information is input from the input / output device 111 in the transferred company.
In the EDI system 112, an access right check based on the input access right information is performed by a "search processing control unit based on the access right information". FIG. 8 shows a processing flow at that time.

In processing step 701, one or more access authority information is read from the input message to determine whether there is a match.
Search for 8. In processing step 702, it is checked whether there is any match with the access authority information (creator setting) or the access authority information (approver setting) in the access management table of FIG. If there is a match, it is checked whether or not all the access authority information designated as essential is included in the input message with respect to the document or the business status management table.

For example, access authority information (creator setting)
If both "required" and "access required" are specified in both the access authority information (approver setting) (when both "306" and "309" in the access authority management table 301 are set to "required"), the access authority in the table is set. Information S2 (30
Unless both 7) and T2 (310) are included in the message, access becomes impossible.

When the access right information check is OK,
In processing steps 703 and 704, information such as the corresponding sales contract number, document / table type, document number, creator, approver, etc. is displayed on the user's screen, and only the information desired to be searched according to business needs can be selected. And return the required information.

In the next processing step 705, it is determined whether or not the company requesting access using the access right information has already been registered in the access right holding company information table 501 of FIG. Has a company I
D, information such as a notification destination address is registered (processing step 706).

The "table / document information reception control unit" 120 of the EDI system 112 includes the "table / document information transmission control unit" 110 of the EDI system 102 as described above.
The storage process of the update information of the document and the table transmitted in the above is performed, and a change from the previous transmission / reception is automatically notified to some companies based on the update information.

FIG. 9 shows a processing flow at that time. Based on the information of a document newly created, changed, approved, or the like since the previous transmission / reception of the copy information, the sales contract number, the document /
Match with table type and document number. If there is a match, it is further determined from the access authority holding company information table 501 whether there is a company that has accessed the document in the past (processing steps 802, 8).
03). A notification message indicating that the document has been updated is automatically created and transmitted to a company that has accessed the document in the past (processing step 804).

[0045]

According to the present invention, the access authority management in the case where the document created in the inter-company transaction and the information on the business status are shared between EDI systems having different authentication systems can be easily managed. It can be done flexibly. Therefore, in cross-border transactions and transactions between companies of different types of business, etc., business related companies can exchange business progress safely without being aware of differences in authentication systems, It is expected that the cooperative work will be more smoothly realized, such as adjusting the posture.

[Brief description of the drawings]

1 (a) and 1 (b) show E for implementing the present invention.
FIG. 1 is a block diagram of a DI system.

FIG. 2 is a diagram showing an example of a document management table used when creating access authority information for a document / table in the embodiment of the present invention.

FIG. 3 is a diagram showing an example of an access authority management table used when checking access authority in the embodiment of the present invention.

FIG. 4 is a diagram showing an example of a business status management table to be accessed in the embodiment of the present invention.

FIG. 5 is a diagram showing an example of an access authority holding company information table for managing information on a company that has made a search request based on access authority information in the embodiment of the present invention.

FIG. 6 is a flowchart showing a flow of processing when creating access authority information and setting it in an access authority management table in the embodiment of the present invention.

FIG. 7 is a flowchart showing the flow of processing when creating access authority information and setting it in an access authority management table in the embodiment of the present invention.

FIG. 8 is a flowchart showing a processing flow when an information search request is received using access authority information in the embodiment of the present invention.

FIG. 9 is a flowchart showing the flow of a process for automatically notifying that a change has occurred in a target whose information has been searched for based on access authority information in the embodiment of the present invention.

FIG. 10 is a diagram showing an example of a screen when creating access authority information and setting it in an access authority management table in the embodiment of the present invention.

[Explanation of symbols]

101: input / output device, 102: EDI system (information transmission source), 103: communication control device, 104
... Certificate authority system, 105 ... Certificate certificate management file, 10
6 Document management file 107 Business status management table 108 Access authority management table 109
Access authority management information creation unit, 110: table, document information transmission control unit, 111: input / output device, 112: ED
I system (information transmission destination), 113: communication control device,
114: Certificate Authority System, 115: Certificate Management File, 116: Document Management File, 117: Business Status Management Table, 118: Access Authority Management Table, 119: Access Authority Holding Company Information Table, 12
0: table, document information reception control unit, 121: search processing control unit based on access authority information.

Claims (6)

[Claims] In an EDI system, means for creating information for managing business status and access authority to registered documents and the like and distributing the information to related companies, and information on the created access authority information, business status and registered documents, etc. Is provided to another EDI system with a different authentication system to provide business status, document information, etc. only between specific companies related to the business among the companies under the multiple EDI systems. A method for managing access authority between a plurality of EDI systems, characterized in that a plurality of EDI systems can be shared. 2. In the above access right management method, a company corresponding to a creator / approver uses a private key for information including identification information of each document, creation / approval date and time. By using the digital signature as the access authority information, if there is access from a subsidiary company on the EDI system side of the notification destination, the company that created and awarded the access authority information to that company is the responsible entity A method of managing access authority information between a plurality of EDI systems, wherein the method is a creation method that can be clearly recognized as a. 3. In the above access right management method, each time a change is made to each document / table information, the information including the identification information of each document / table and the date / time of creation / approval is added to the creator / approval information. When a document is corrected or changed by an authorized person to a document by a company corresponding to the person, etc., using a digital signature using its own private key as access authority information, In the case where a document with security properties is transferred from one company to another, the authority to the document is also transferred.) The method of managing access right information between a plurality of EDI systems, wherein the access right information can be flexibly changed. 4. In the above access right management method, a company corresponding to a creator / approver, etc., obtains secret information for information including identification information of each document / table, creation / approval date and time. An electronic signature using a key is used as access right information, and the access right information is separately delivered to a company under another EDI system having a different authentication system, and a plurality of (author and approver) Etc.) A plurality of EDIs wherein access is not possible unless access right information is obtained, thereby enabling strict access right management in which access rights are granted only to companies approved by a plurality of related companies. Access right information management method between systems. 5. An EDI system comprising means for storing and managing the ID, address information, etc. of a company accessed by using created access authority information with respect to business status, registered documents, etc. A method for managing access rights between a plurality of EDI systems, characterized in that information is automatically shared when a change is made to a business status, a registered document, or the like having an access right. 6. In the EDI system, access authority information is not created for business statuses, registered documents, and the like that are not to be notified to a company affiliated with the other EDI system. On the other hand, an access authority management method between a plurality of EDI systems, which suppresses copying of information such as business statuses and registered documents.