JP2000285186A - Data exchange method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To exchange electronic data between several persons while guaranteeing contents without interposing any center system to be the third person or the like. SOLUTION: When transmitting data between two persons to exchange data, the recipient of data transmits the data while guaranteeing the contents by applying his own electronic signature. After the contents of data and a right transferor are confirmed, the right recipient of data applies his own electronic signature to the data and transmits them to the right transferor. The right transferor confirms the recipient of data and transmits the right of data to the recipient after applying his own electronic signature so that the exchange of data is executed between two persons.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data transfer method for transmitting and receiving electronic data between two systems via an electronic medium, and a system to which the data transfer method is applied. The present invention relates to a data transfer method suitable for mutually confirming and securely transferring electronic data such as electronic documents circulating between them, and a system to which the method is applied.

[0002]

2. Description of the Related Art In recent years, with the progress of information processing technology, for example, in various commercial transactions, a document exchanged between parties to a transaction is replaced with electronic document data, and the electronic document data is transmitted via an electronic medium such as a network. There has been an increasing movement to conduct transactions by exchanging document data between parties.

For example, in the field of trade finance, the digitization of documents that are exchanged between parties who conduct transactions is being studied. In trade finance, the transfer of documents between the parties to the documents can be considered by nature in two types. One is the transfer of documents as information, and the other is the transfer of documents that must manage the transfer of ownership.

[0004] Documents that must manage the transfer of ownership include, for example, bills of lading (hereinafter abbreviated as B / L) that make accurate information on the cargo loaded on the ship by the shipping company. B / L is a security that can be exchanged for a load at the point of import of the load, and is a security that at any point in the import / export process proves the owner of the load and the obligation to pay for the load. is there. At present, B / L is created using paper as a medium, and a person who owns the original paper can own the right as a security. When considering realizing such B / L as digitized data, digitized B / L
There is a need for technology that accurately guarantees the transfer of rights during distribution.

On the other hand, techniques conventionally known as techniques for transmitting and receiving electronic data include, for example, Japanese Patent Application Laid-Open No. 9-251502.
Is disclosed in Japanese Unexamined Patent Application Publication No. 2000-205,878. JP-A-9-25150
No. 2 discloses a technology for paying data having a monetary value, so-called electronic money.
Here, the payer, who has been authenticated by one of the certifying organizations, assures the contents of the data to be transmitted by attaching the electronic signature to the data to be delivered (electronic money) and transmitting it to the other party. I have.

In Japanese Patent Publication No. 8-27812, electronic data as transaction information is confirmed between two parties, electronic seal information indicating that the transaction contents have been agreed is exchanged with each other, and the information is held together with the electronic data. A technique for guaranteeing the transaction itself by matching is disclosed. According to the technology disclosed herein, a receiver of electronic data generates a compressed cipher text of the received electronic data, and returns a part of the encrypted cipher text to the sender as seal information. The sender confirms the seal information and transmits his / her seal information to the receiver. Thereafter, the receiver checks the seal information of the sender and transmits the seal information of the receiver to the sender. As a result, even if the recipient denies the fact of the transaction and escapes carrying the sender's electronic seal without returning the receiver's electronic seal to the sender, the sender receives the signature information received as evidence. In this way, transactions made electronically can be guaranteed.

[0007]

SUMMARY OF THE INVENTION The aforementioned Japanese Patent Application Laid-Open No. 9-25 / 1997
In the technique described in Japanese Patent Publication No. 1502, the sender assures the contents by attaching the sender's digital signature to the data and sending the data to the other party. Consider applying this method to the transfer of related documents in trade finance. In this case, in order to prevent fraudulent acts (for example, refusing to receive and then distributing the received data) to the data once transmitted by the sender with the electronic signature, the receiver must use the data. Can not be refused. For this reason, the receiver cannot confirm the content of the transmitted data and determine whether or not to receive it, and may receive defective data. In the case of B / L, it is impossible to exchange it for cargo if the word and phrase are different from those created by the shipping company at present. Thus, the recipient is at great risk.

[0008] In addition, this technique attempts to avoid double payment by a payer by criminal and social sanctions after the discovery of fraud. However, it cannot prevent a well-intentioned third party from being damaged. This is a fatal flaw in trade transactions.

[0009] In addition, when the technology disclosed in Japanese Patent Publication No. 8-27812 is applied to the transfer of related documents in trade finance, it is difficult to uniquely identify the owner from the transferred data. Yes, data cannot be transferred as a right. If the data to be exchanged is processed to include the contents of the exchange, such as the names of the two parties to the transaction, the owner can be identified from the data by the technique disclosed in Japanese Patent Publication No. 8-27812. It is believed that there is. However, B / L is usually distributed among at least three people. In consideration of this, when data is exchanged, it is necessary for the creator of the data to create the data by incorporating all the names of the participants involved in the distribution into the data. This hinders the distribution of B / L as securities, and impairs the structure of the trade transaction business itself. Therefore, it is practically impossible to apply the technology disclosed in Japanese Patent Publication No. 8-27812 in order to exchange trade-related documents.

It is an object of the present invention to provide a data transfer method capable of performing transfer of electronic data across a plurality of persons while guaranteeing the contents thereof, and a system to which the data transfer method is applied.

Another object of the present invention is to provide a method of transmitting and receiving electronic data which can be performed between a plurality of persons without using a third party center system or the like, and a system to which the method is applied. To provide.

[0012]

To achieve the above object, a data transfer method according to the present invention is a data transfer method for transmitting and receiving data between a plurality of computers via an electronic medium. Data is exchanged according to the procedure. That is, the first computer that is the data transmission source generates a first message in which a first electronic signature for indicating the validity of the data is added to the data, and transfers the first message to the second computer. The second computer confirms the validity of the first message based on the first electronic signature. Then, the second computer generates a second message by adding a second electronic signature to the first message to show the validity of the first message, and transfers the second message to the first computer. The first computer confirms the validity of the second message based on the second electronic signature, adds a third electronic signature to the second message to show the validity of the second message, and adds a third electronic signature to the second message. Generate a message and forward it to a second computer. The second computer confirms the validity of the third message based on the third electronic signature, and holds the third message as data to be received from the first computer.

[0013] In a preferred aspect of the present invention, the process of generating the second message includes outputting data included in the first message to an output device, and outputting the data in accordance with information input from the input device. Generate a second message.

[0014] Authentication information indicating that the transmission source is the first computer is added to the first message. Similarly, authentication information indicating that the transmission source is the second computer is added to the second message.

[0015] In one aspect of the present invention, the second computer generates a fourth message by adding a fourth electronic signature indicating the validity of the third message, and generates the fourth message. To a third computer. The third computer confirms the validity of the fourth message based on the electronic signature included in the fourth message, and attaches a fifth electronic signature to the fourth message to show the validity of the fourth message. To generate a fifth message and transfer it to the second computer. The second computer confirms the validity of the fifth message based on the fifth electronic signature, adds a sixth electronic signature to indicate the validity, generates a sixth message, and 3 to the computer. The third computer verifies the validity of the sixth message based on the sixth electronic signature,
The sixth message is retained as data to be received from the second computer.

In another embodiment of the present invention,
The second computer generates a fourth message to be transferred to the third computer based on the third message, and transfers the fourth message to the third computer. The third computer generates a fifth message by adding a fourth electronic signature to the data other than the third electronic signature included in the fourth message to indicate the validity thereof, and generates a second message. To your computer. On the second computer, the fourth
Then, the validity of the fifth message is confirmed based on the electronic signature, a fifth electronic signature for indicating the validity is given, a sixth message is generated, and the sixth message is transferred to the third computer. The third computer confirms the validity of the sixth message based on the fifth electronic signature, and holds the sixth message as data to be received from the second computer.

[0017]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described below in detail with reference to the drawings.

FIG. 1 is a block diagram showing a system configuration of an embodiment of a data transfer system to which a data transfer method according to the present invention is applied. In the present embodiment, in trade finance, a bill of lading (B /
The following describes an example of a trade finance system for electronically transmitting and receiving L).

As shown in FIG. 1, a plurality of computer systems 10-40 operated by a plurality of institutions related to trade finance, such as a bank, a trading company, and a shipping company, are interconnected via a network 50. Is done. Between each computer system, in addition to various information related to financial trade, B / L
Is exchanged via the network 50.

As the computer system 10-40, a computer widely used at present, such as a personal computer and a workstation, can be used. In addition, these computers may be configured by larger, so-called general-purpose computers, or may be configured as a computer system including a plurality of computers connected by a LAN or the like in each institution where the computers are provided. Even if there is, any function that can realize a function as a computer system described later may be used. Note that the number of computer systems connected to the network 50 is not limited to four as shown in the figure, and an arbitrary number of computer systems may be connected.

FIG. 2 is a block diagram showing the configuration of the computer system. FIG. 2 shows the configuration of the computer system 10 provided in the bank as an example, but the computer systems 20-40 provided in other institutions have the same configuration. Note that, in the drawing, in the present embodiment, B
It shows a functional configuration necessary for exchanging / L between computer systems. The computer system 10 may have other functions for other banking operations. This is the same for computer systems provided by institutions other than banks. Here, functions that are not directly related to the present invention are not particularly shown and their description is omitted.

As shown in FIG. 2, the computer system 10
Are a processing device 100, a memory 110, a storage device 120 typified by a magnetic disk device, a communication control device 130, an input device 140 such as a keyboard and a mouse, an output device 150 such as a CRT display and a liquid crystal display device, an IC card reader / A writer (IC card R / W) 160 is provided.

The memory 110 stores a certificate confirmation program 112, a data transfer program 115, and a control program 117. The processing device 100 realizes various processes described below by executing these programs stored in the memory 110.

The certificate confirmation program 112 is a program for executing processing for confirming the validity of a B / L exchanged between computer systems. The data transfer program 115 implements a function of transferring B / L between computer systems. The control program 117 is used by the user to input data from the input device 140 and output data from the output device 15.
0, access to storage device 120, IC
It controls reading and writing of data in the IC card via the card R / W, transmission and reception of data to and from another computer system via the communication device 130, and the like.

The certificate data 125 is stored in the storage device 120.
Is stored. The certificate data 125 is issued by a third party and is information for objectively proving the owner. Here, the certificate data 125 is data obtained by digitally signing public key information corresponding to self-secret key information used by an authorized organization with private key information of a third party.

In this embodiment, the certificate data 125 is stored in the storage device 120 different from the memory 110 in which the program is stored. However, the certificate data 125 may be stored in the same memory as the program. Absent.

FIG. 3 is a diagram showing an embodiment of the present invention, in which a bank, a trading company, and a shipping company own the B / L.
FIG. 2 is a block diagram of an IC card used for holding the IC card.

The IC card 300 has a processing device 310, a memory 320, and an interface 330. The memory 320 stores the self-secret key information 322 used when the institution owning the IC card transfers its own B / L to another institution, and the B / L to which the institution has the right.
325 is stored. In the memory 320, the self-secret key information 322, B / L
An IC card control program 327 that manages 325 and controls the transfer of data to and from the computer system via the interface 330 is stored. By executing the IC card control program 327, the processing device 310 controls the management of various types of information in the IC card 300 and controls the exchange of information with the computer system.

In the following description, when referring to a computer system provided in each institution and an IC card possessed by each institution, the reference numerals used in FIGS. 2 and 3 will be used in common. .

Here, prior to describing the processing for delivering the B / L in the present embodiment, the flow of the entire transaction in trade finance will be briefly described.

In trade finance, first, a trade contract is exchanged between an exporter and an importer.

Next, when the cargo to be exported is loaded on the ship to be transported, the shipping company issues securities (B / L) that accurately indicates the condition of the cargo, determines the owner of the cargo, and Hand over to The exporter brings the B / L to the bank of the exporting country and requests for the purchase or collection. In the case of the purchase, when the B / L is delivered, the price of the cargo will be received.

The exporting bank sends the acquired B / L to the importing bank. At this time, settlement is performed between banks. The importing bank will deliver the B / L upon payment of the importer. When the ship carrying the cargo enters the port,
Undertake the cargo in exchange for B / L.

There are various forms of trade transactions, including the settlement method of purchase and collection, and the settlement method and timing are different, but when focusing on the flow of B / L, the basic flow is as follows. , As described above.

FIG. 4 is a flowchart showing a flow of processing performed when newly generating B / L data in the shipping company computer system 40 and transferring the generated B / L to the bank computer system 10. In the figure, the left side is B
4 shows a flow of a process performed by the shipping company computer system 40 which is the source of the B / L, and the bank computer system 1 to which the B / L is to be delivered in parallel on the right side.
0 shows the flow of the processing performed by 0. In addition,
In the figure, the dashed arrows indicate the transfer of messages between the shipping company computer system 40 and the bank computer system 10.

First, in the shipping company computer system 40, input of data, specifically, information indicating the contents of the cargo loaded on the ship and the state thereof is received from the input device 140. Then, based on the input information, B
B / L data having information as / L is generated.
(Step 400).

The shipping company computer system 40 generates the B
B / L to be transferred to the bank computer system 10 based on / L
A message is generated (step 402). The generated B / L message is transmitted to the bank computer system 10 via the network 50 by the communication control device 130 (step 404).

The bank computer system 10 receives the B / L message via the communication control device 130 (Step 450). In the bank computer system 10, the validity of the B / L message is confirmed by the certificate confirmation program,
The contents of the delivery data included in the B / L message are output to the display device 150. Then, upon receiving a confirmation input of the contract content by the user, the data transfer program 115 generates a confirmation message indicating that the content has been confirmed (step 452). The generated confirmation message is transmitted to the network 5 by the communication control device 130.
0 to the shipping company computer system 40 (step 454).

The shipping company computer system 40 receives the confirmation message via the communication control device 130 (step 406). The shipping company computer system 40 confirms the validity of the received confirmation message by the certificate confirmation program 112. Then, the data transfer program 115 generates an agreement message held as B / L in the bank computer system 10 (step 40).
8). Thereafter, the agreement message is sent to the communication control device 130.
Computer system 1 via the network 50
0 (step 410).

When the bank computer system 10 receives the agreement message (step 456), the data exchange program 115 finally stores the received agreement message as a B / L on the IC card (step 458). Then, an end message indicating that the transfer of the B / L has been completed is transmitted to the shipping company computer system 40, and the processing is ended (step 460).

Upon receiving the end message from the bank computer system 10 (step 412), the shipping company computer system 40 deletes the B / L data held by itself and ends the processing (step 414).

FIG. 5 shows the B / L performed at step 402.
It is a detailed flowchart of a message generation process.

In generating the B / L message, first, the control program 117 sends the B / L message
The input of the scheduled delivery date of L and the name of the delivery destination is received (step 500). The input expected delivery date and the name of the transfer destination are added to the B / L data sent to the transfer destination computer system by the data transfer program 115 (step 502).

Thereafter, the B / L data, the scheduled date of delivery,
An electronic signature is given to the delivery data including the name of the delivery destination. In the present embodiment, the electronic signature is given by the IC card 300 possessed by the operator of the system. For this reason, the delivery data is stored in the IC card 300 once.
Is stored in The IC card 300 obtains a hash value of the delivered data using a predetermined hash function. Then, information obtained by encrypting the hash value with the self-secret key information 322 is used as an electronic signature. Here, a hash function is a function that can be uniquely linked to original data and that can create data with a reduced data amount. In the present embodiment, by generating an electronic signature in this way, the sender guarantees the content of the information to be passed (step 504).

Data to which an electronic signature has been given by the IC card 300 is read out again by the computer system. Then, the data transfer program 115 causes the storage device 120
Is added to the certificate data 125 held in B /
An L message is generated (step 506).

FIG. 6 is a data configuration diagram showing the format of a B / L message sent from the shipping company computer system 40, which is the sender of the B / L, to the bank computer system 10 on the receiver side in step 402. B / L message 6
00 is a B / L data section 602 having information as the original B / L, a scheduled delivery date section 604 in which a scheduled delivery date of the B / L from the shipping company to the bank is set, and a trading company serving as a delivery destination Destination name part 6 in which the name of the destination is set
06, a first source electronic signature unit 608 in which the first digital signature of the shipping company as the transmission source is set, and a source certificate unit 610 in which the certificate of the shipping company as the transmission source is set. As described above, the transmission source first signature section 608 is data obtained by encrypting the delivery data including the B / L data section 602, the scheduled delivery date section 604, and the delivery destination name section 606 with the self-secret key information 322.

FIG. 7 is a detailed flowchart of the confirmation message generation process performed in step 452.

In the process of generating the confirmation message, first, the certificate confirmation program 112 sets the certificate data set in the source certificate section 610 of the B / L message 600 sent from the source of the B / L. Is checked for validity. This confirmation is performed using public key information corresponding to the private key information of the third party who issued the certificate (step 700).

Further, it is confirmed whether or not the sender's electronic signature set in the sender's first electronic signature section 608 of the B / L message 600 is valid. This confirmation includes a hash value obtained by decrypting the electronic signature using the sender's public key information obtained from the certificate, a B / L part 602, a scheduled delivery date part 604, and a delivery destination name part 606. The comparison is performed with a hash value obtained from the delivery data (step 702).

The data transfer program 115 determines whether the certificate data and the first digital signature are valid as a result of the confirmation in steps 700 and 702 (step 70).
4). If the result of this determination is that either the certificate data or the first digital signature is invalid, an error process is performed in step 706 and the process ends.

At step 704, when the validity of the B / L message is confirmed, the data transfer program 11
5 outputs the delivery data, that is, the B / L data, the scheduled delivery date, and the delivery destination name to the output device 150 (step 708). Then, input of confirmation data on the contract content by the user from input device 140 is accepted.
Here, when the user inputs that the display content is rejected, the data transfer program 115 notifies the transmission source computer system of the rejection of B / L reception as error processing. At this time, for example, it is also possible to receive an input about the reason for rejection of reception from the input device 140 and transmit it together to the transmission source computer system (step 710).

When the delivery data is confirmed by the user, additional information such as image data of the handwriting signature and change data of the scheduled delivery date is added to the received B / L message as needed (step 712). Then, B /
Steps 504 and 50 in L message generation processing
6 and B / L using the IC card 300.
An electronic signature is applied to the message and the confirmation data including the additional information (step 714), and the certificate data is added to generate a confirmation message (step 716).

FIG. 8 shows that in step 454, B / L
FIG. 9 is a data configuration diagram showing a format of a confirmation message transferred from the computer system of the transfer destination to the computer system of the transmission source.

The confirmation message 800 is a delivery destination additional data section 802 in which a handwriting signature added to the B / L message 600 received from the transmission source at the delivery destination or change data of the scheduled delivery date is set. A delivery destination electronic signature unit 804 in which the preceding electronic signature data is set and a delivery destination certificate unit 806 in which a delivery certificate is set are added. The digital signature data set in the delivery destination electronic signature unit 804 is obtained by encrypting the B / L message 600 obtained by a predetermined hash function and the hash value of the delivery destination additional data unit 802 with the delivery destination's own private key information 322. Data.

FIG. 9 is a detailed flowchart of the agreement message generation process performed in step 406.

In the process of generating an agreement message, first, the certificate verifying program 112 receives the confirmation message 800 sent from the B / L delivery destination by the delivery certificate section 8.
It is confirmed whether the certificate data set in 06 is valid. This confirmation is performed using public key information corresponding to the private key information of the third party who issued the certificate (step 900).

Further, it confirms whether the electronic signature of the delivery destination set in the delivery destination electronic signature unit 804 of the confirmation message 800 is valid. This confirmation is performed by using a hash value obtained by decrypting the electronic signature using the sender's public key information obtained from the certificate, and a B / L message part 600,
And a hash value obtained from the data comprising the destination additional data unit 802 (step 90).
2).

As a result of the confirmation in steps 900 and 902, the data transfer program 115 determines whether the certificate data and the electronic signature of the transfer destination are valid (step 9).
04). If the result of this determination is that either the certificate data or the electronic signature is invalid, an error process is performed in step 906, and the process ends.

At step 904, when the validity of the confirmation message is confirmed, the data transfer program 115
Receives, via the control program 117, the delivery confirmation date input by the user from the input device 140. Then, the data transfer program 115 adds the received delivery confirmation date to the received confirmation message 800 (step 908).

Next, step 504 or step 71
Similarly to 4, the IC card 300 applies an electronic signature (second electronic signature of the transmission source) to the data including the confirmation message and the delivery confirmation date using the transmission source's own private key information (step 910). ).

After that, the data transfer program 115
If necessary, additional information such as advertisement information is added to the data to which the second electronic signature has been applied, and an agreement message is generated. This additional information is not essential information in the delivery of the B / L, but is information that does not need to be denied by the delivery destination. (Step 912).

FIG. 10 shows the format of the agreement message generated as described above. Agreement message 10
00, as shown in the figure, a confirmation message 800 sent from the B / L delivery destination, a delivery confirmation date section 1002 in which the delivery confirmation date is set, and a transmission in which the second electronic signature of the transmission source is set. An original second electronic signature unit 1004 and an additional information unit 906 in which additional information is set are added. The electronic signature data set in the transmission source second electronic signature unit 1004 is obtained by encrypting the confirmation message 800 obtained by a predetermined hash function and the hash value of the delivery confirmation date unit 1002 with the transmission source's own private key information 322. Data.

The data transfer program 115 is executed by the IC card reader / writer 160 via the control program 117.
Instructs the IC card 300 to write the generated agreement message. When the IC card control program 327 of the IC card 300 receives the agreement message instructed to write, the first electronic signature 608 and the second electronic signature 1004 of the transmission source are equal, that is, created by the same self-secret key information 322. Make sure that When this confirmation is obtained, the IC card control program 3
27 stores the received agreement message in the memory 320, and notifies the computer system that the storage processing has been completed (step 914).

When data transfer program 115 receives notification of the end of the data storage process from IC card 300,
The process proceeds to the transmission process of the agreement message assuming that the agreement of the electronic signature has been confirmed. After that, the IC card locks the agreement message stored in the memory 320 and prohibits subsequent access (step 916). Note that the agreement message stored in the memory 320
After receiving the end message at step 414, it is deleted at step 414.

FIG. 11 is a flow chart showing the operation of B performed in step 458.
It is a detailed flowchart of / L storage processing.

In the B / L storage process, is the sender's second electronic signature set in the sender's second electronic signature unit 1004 of the agreement message 1000 sent from the sender valid? Confirm. This confirmation is made in step 70
A hash value obtained by decrypting the electronic signature using the sender's public key information used in step 2 and a confirmation message section 80
0 and a hash value obtained from the data composed of the delivery date part 1002 (step 90).
2).

As a result of the confirmation, the data transfer program 115 determines whether the second electronic signature of the transmission source is valid (step 904). If the result of this determination is that the digital signature is invalid, error processing is performed in step 1104, and the process ends. If the second electronic signature is valid, the data transfer program 115 sends an agreement message 1000 to the IC card 300 via the control program 117, and instructs the IC card 300 to store the agreement message (step 1106).

When the IC card control program 327 of the IC card 300 receives the agreement message 1000,
Similar to step 914, agreement message 1000
It is determined whether the first digital signature 608 of the sender and the second digital signature 1004 included in are the same. Also, it checks whether or not the delivery destination electronic signature 804 is its own electronic signature (step 1108).

When the electronic signature is confirmed, the IC card control program 327 sends the agreement message 1000
Is stored in the B / L storage unit 325 in the memory 320 as a B / L, and the end of the processing is notified to the computer system (step 1110). Upon receipt of the notification, the computer system performs a process of transmitting an end message in step 460.

Next, a process for transferring the received B / L to another computer system will be described. FIG. 12 is a flowchart of a process performed when the B / L received from another is transferred to another computer system. In the figure, the left side shows the flow of processing performed by the computer system that is the source of the B / L, and the right side is the flow of processing that is performed in parallel with the computer system that is the destination of the B / L. Is shown.

In response to the B / L transfer instruction input from input device 140, data transfer program 115
The delivery process of the B / L stored in the C card 300 is started (step 1200).

When receiving the delivery instruction, the data transfer program 115 sends the IC
The B / L stored in the B / L storage unit 325 of the memory 320 is read from the card 300 (step 120).
2). The B / L read out here is an agreement message passed from the computer system serving as the transmission source to another computer system. For example, in the case of a computer system that has received the delivery of the B / L from the computer system of the issuing source Figure 1
0 is data represented in the format shown in FIG.

The data transfer program 115 generates a B / L message from the read B / L (step 1).
204). The B / L message generation processing here is performed according to the flowchart shown in FIG. What is different from step 402 is that the data to which the delivery destination name, electronic signature, and the like are added becomes an agreement message delivered from another computer system, and the processing of step 506 in FIG. It is not done. Since the B / L sent here includes the certificate of the computer system that is the transmission source here as a result of the process of receiving it from another computer system first, the process of step 506 is Can be omitted. In other respects, there is no particular difference from step 402, and the detailed description is omitted here.

The data transfer program 115 transfers the generated B / L message to the destination computer system via the network 50 (step 1206).

When the computer system at the destination receives the transferred B / L message (step 125)
0), the data transfer program 115 executes step 452
Similarly, the confirmation message is generated according to the flowchart shown in FIG. In this process, in steps 700 and 702 in FIG. 7, the validity is checked for all certificates and digital signatures included in the B / L message. The other processing is the same as the processing of step 454 described above with reference to FIG. 7, and the description is omitted here (step 1252).

The confirmation message generated in step 1252 is transmitted to the B / L transmission source computer system via network 50 (step 1254). When the transmission source computer system receives the confirmation message (step 1208) ), The authenticity of the received delivery destination confirmation message is confirmed by the certificate confirmation program 112. Then, the data transfer program 115 generates an agreement message held as B / L in the computer system of the transfer destination. This process is performed according to the flowchart shown in FIG. (Step 1210).

Thereafter, the agreement message is transferred by the communication control device 130 to the destination computer system via the network 50 (step 1212).

Upon receiving the agreement message (step 1256), the delivery destination computer system finally stores the received agreement message as B / L in the IC card by the data transfer program 115 (step 1258). . Then, an end message indicating that the transfer of the B / L has been completed is transmitted to the transmission source computer system, and the process ends (step 1260).

When the source computer system receives the end message from the destination computer system (step 1214), it deletes the B / L data held by itself and ends the process (step 1216).

FIGS. 13, 14, and 15 are data structure diagrams showing the data format of each message transferred in steps 1206, 1254, and 1212, respectively. The figure shows each message issued when a bank is issued by a shipping company and the B / L received by the bank is transferred to a trading company (trading company computer system 20).

FIG. 13 shows the structure of a B / L message sent from the bank computer system 10 that is the transmission source to the trading company computer system 20 that is the delivery destination. The data section 1302 corresponding to the B / L section 602 of the B / L message shown in FIG. 6 includes data corresponding to the agreement message shown in FIG. The B / L unit 1320 having the original B / L information, the shipping company that issued the certificate, and the shipping company certificate 1324 in which the certificate of the bank that is the source of the transmission is set, the bank certificate Document 1328, First Shipping Company Used in Delivery of B / L between Shipping Company and Bank
The electronic signature 1322 (the source first electronic signature 6 in FIG. 6)
08), the first digital signature 1326 of the bank (corresponding to the transfer destination digital signature 804 in FIG. 8), and the second digital signature of the shipping company.
The electronic signature 1330 (the source second electronic signature 1 in FIG. 9)
004).

As the scheduled delivery date 1304, the scheduled delivery date of the B / L from the trading company to the shipping company is set. As the delivery destination name 1306, the name of the shipping company that is the delivery destination of the B / L is set. In addition, the sender's electronic signature 1308 includes
An electronic signature based on the trading company's own private key information is set. The sender's digital signature 1308 is the second digital signature that the trading company applies to this B / L, and can be regarded as a second digital signature for the trading company.

FIG. 14 shows a confirmation message sent from the computer system of the shipping company of the delivery destination to the computer system of the trading company. The confirmation message 1400 corresponds to B /
Delivery destination additional data 1402 added by the shipping company to the L message 1300, the electronic signature 1404 of the delivery destination applied by the shipping company, and the delivery destination certificate 14 which is a certificate of the shipping company.
06 is added.

FIG. 15 shows the format of an agreement message passed from the computer system of the bank to the computer system of the trading company. The agreement message 1500 includes, in the confirmation message shown in FIG. 14, the final date 1502 of the transfer from the bank to the trading company, and the second electronic signature 15 of the bank as the sender.
04 and additional information 1506 added by the bank. Here, the second electronic signature of the sender is transmitted to the third electronic signature by the bank when the whole message is passed.
Digital signature.

In the embodiment described above, the transfer of B / L between three parties has been described. However, by repeating the processing described with reference to FIG. It is possible to do.

According to the system described in the present embodiment, the delivery destination of the B / L checks the content of the information sent at the stage of receiving the B / L message, and then checks the content if necessary. You can refuse receipt. Further, since the received B / L message is incomplete as a B / L to be distributed, it is impossible for the delivery destination to abuse the received information while rejecting the information. Thereby, in distributing the B / L, the reliability can be improved without requiring a center-like system for managing the distribution of the B / L.

In the embodiment described above, B /
Each time L is delivered, three electronic signatures are added to the message by the participants involved in the delivery. Therefore, B /
As L successively circulates, the number of digital signatures to be confirmed increases, and a lot of time is required for processing. In order to avoid such a problem, B /
The process for transferring L to another company can be changed as follows.

First, in step 1204, a B / L message is generated without applying a digital signature of a transmission source.
It is transferred to the destination computer system. Therefore, the message transferred to the destination computer system is the one shown in FIG.
In the message shown in FIG.
08 is excluded.

On the other hand, in the computer system of the delivery destination, in step 1252, after confirming the validity of each electronic signature in the message in order, for example, a stage in which information confirmation from the user is obtained (step 710 in FIG. 7) )so,
At this time, the second electronic signature of the previous transmission source attached to the agreement message by the transmission source immediately before the B / L possessed by the transmission source is deleted. Then, predetermined data is added to the data in this state to form a confirmation message.

Further, in the computer system of the delivery destination, in step 1258, as the confirmation of the electronic signature included in the agreement message, the confirmation of the electronic signature of the penultimate one, the last, and the last three The second electronic signature, that is, an electronic signature attached to the agreement message by the transmission source computer system and an electronic signature attached to the agreement message transferred to the sender when the transmission source computer system receives the B / L Check identity with signature.

By the above processing, the confirmation message is the same as the message shown in FIG. 14 except that the data section 1302 converts the digital signature section 1330 to the digital signature section 1308 (FIG. 13).
Reference) has been removed. Similarly, the agreement message is the same as the message shown in FIG.
02 to an electronic signature unit 1330 and an electronic signature unit 1308
(See FIG. 13).

By doing so, B in the middle stage
/ L can be reduced to one electronic signature, the number of electronic signatures in the message can be reduced compared to the previous embodiment, and the processing time can be reduced even if the number of transfers is large. Can be prevented from increasing significantly.

In the embodiment described above, a network is used for B / L transfer. Although it takes time and effort to relocate, for example, a storage medium such as a floppy disk or a magnetic tape can be used instead of a network. When an electronic signature is applied, it is also possible to calculate a hash value in each computer system and input the obtained hash value to an IC card to apply an electronic signature.

The information stored in the IC card may not be the entire data to be digitally signed but only the digital signature data, and the actual information may be stored in the storage device of the computer system.

Furthermore, in the data in each message,
It is also possible to delete the data not related to the electronic signature of the sender on the receiving side before generating the next message.

Further, in the present embodiment, as a specific example, a distribution between three parties in which a shipping company generates a right, transfers a right to a bank, and the bank transfers the right to a trading company. explained. However, the present invention is not limited to the distribution of data among three parties, and it is also possible to repeatedly distribute rights by repeating the data transfer process described between a bank and a trading company as an example. At this time, the electronic signature in the message can be used as the right transfer history information.

The certificate used in the present embodiment does not depend on the issuer. Therefore,
In comparing the last digital signature applied in the agreement message with the third last applied digital signature (the first digital signature of the transmission source and the second digital signature of the transmission source), the respective digital signatures are compared with each other. A different certificate may be used to check. In this case, each time the electronic signer applies the electronic signature and sends the message to the other party, the message may include a certificate corresponding to the electronic signature applied at that time. By doing so, certificates issued by a plurality of organizations can be used together.

The present invention is not limited to the distribution of B / L in the trade finance system as described above, but can be widely applied to the transfer of data such as various electronic documents distributed between a plurality of parties. .

[0099]

According to the present invention, an electronic document can be exchanged between a plurality of persons while guaranteeing the contents. In addition, the distribution of digitized documents whose contents need to be guaranteed can be realized without providing a third-party system as a center.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a trade finance system in an embodiment of a data transfer system to which a data transfer method according to the present invention is applied.

FIG. 2 is a block diagram showing a configuration of a computer system connected to the trade finance system.

FIG. 3 shows an IC used for sending and receiving B / L and holding the B / L.
It is a block diagram of a card.

FIG. 4 is a flowchart illustrating a flow of processing performed when transferring a B / L from a computer system that has generated the B / L to another computer system.

FIG. 5 is a detailed flowchart of a process of generating a B / L message.

FIG. 6 is a data configuration diagram showing a format of a B / L message.

FIG. 7 is a detailed flowchart of a confirmation message generation process.

FIG. 8 is a data configuration diagram showing a format of a confirmation message.

FIG. 9 is a detailed flowchart of an agreement message generation process.

FIG. 10 is a data configuration diagram showing a format of an agreement message.

FIG. 11 is a detailed flowchart of a B / L storage process.

FIG. 12: B / L received from another computer system
11 is a flowchart of a process performed when a PC is transferred to another computer system.

FIG. 13 is a data configuration diagram showing a configuration of a B / L message in a distribution stage.

FIG. 14 is a data configuration diagram showing a configuration of a confirmation message in a distribution stage.

FIG. 15 is a data configuration diagram showing a configuration of an agreement message in a distribution stage.

[Explanation of symbols]

 10, 20, 30, 40: Computer system, 50: Network, 100: Processing device, 110: Memory, 120: Storage device, 130: Communication control device, 140: Input device, 150: Output device, 160: IC card reader / Writer, 112: certificate confirmation program, 115: data transfer program, 117: control program, 125: certificate data, 300: IC card.

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G09C 1/00 660 G06F 15/21 Z 15/22 N 15/30 360 (72) Inventor Hiroyuki Chiba Kanagawa 890 Kashimada, Yuki-ku, Kawasaki-shi F-term in Hitachi, Ltd. System Development Headquarters (Reference) LA06 NA35 PA07 PA10

Claims (16)

[Claims] 1. A data exchange method for exchanging data between a plurality of computers via an electronic medium, comprising: a first computer serving as a transmission source of the data having a first computer for indicating the validity of the data. Generating a first message in which the first electronic signature is added to the data and transferring the first message to a second computer, wherein the second computer verifies the validity of the first message based on the first electronic signature The second computer generates a second message by adding a second electronic signature to the first message to indicate its validity, and transfers the first message to the first computer. In the first computer, the validity of the second message is confirmed based on the second digital signature. A third electronic signature is added to the message of No. 2 to show its legitimacy, a third message is generated and transferred to the second computer. Verifying the validity of the third message based on the signature;
A data transfer method, wherein the third message is held as data to be received from the first computer. 2. The process for generating the second message comprises:
The method according to claim 1, wherein the data is output to an output device, and the second message is generated in accordance with information input from the input device in response to the output of the data. 3. The process of generating the first message,
The source of the first message is the first
Adding authentication information for indicating that the computer is the second computer, and the process of generating the second message is for indicating that the transmission source of the second message is the second computer. 2. The data transfer method according to claim 1, further comprising the step of adding authentication information. 4. The fourth computer generates a fourth message by adding a fourth electronic signature indicating the validity of the third message, and transmits the fourth message to a third computer. Transferring, in the third computer, confirming the validity of the fourth message based on the electronic signature included in the fourth message, and in the third computer, The fifth message is generated by adding a fifth electronic signature for indicating its validity, and the fifth message is transferred to the second computer. In the second computer, based on the fifth electronic signature, The second computer checks the validity of the fifth message, and in the second computer, adds a sixth electronic signature to the fifth message to show the validity of the fifth message, thereby obtaining a sixth message. Generating a message and transferring it to the third computer, wherein the third computer confirms the validity of the sixth message based on the sixth electronic signature,
2. The method according to claim 1, wherein the sixth message is held as data to be received from the second computer. 5. The second computer generates a fourth message to be transferred to a third computer based on the third message and transfers the fourth message to the third computer. Adding a fourth electronic signature to the data included in the fourth message other than the third electronic signature to indicate the validity thereof, generating a fifth message, and transmitting the fifth message to the second computer. The second computer confirms the validity of the fifth message based on the fourth electronic signature, and the second computer indicates the validity of the fifth message. Generating a sixth message by adding a fifth electronic signature to the third computer, and transmitting the sixth message to the third computer. Verifying the validity of the sixth message based on the signature;
2. The method according to claim 1, wherein the sixth message is held as data to be received from the second computer. 6. A computer comprising: a first computer; a second computer; and an electronic medium for transmitting data between the first and second computers, via the electronic medium. In the data transfer system for transferring an electronic document, the first computer includes a first electronic device for indicating the validity of the document data to the document data transferred to the second computer. Means for applying a signature to generate a first message, and transferring the first message via the electronic medium, wherein the second computer is configured to perform the first message based on the first electronic signature. Means for confirming the validity of the first message, and adding a second electronic signature to the first message to indicate the validity of the first message to generate a second message; The first computer further comprises: means for verifying the validity of the second message based on the second electronic signature; and validating the validity of the second message. Means for generating a third message by adding a third electronic signature for indicating the third electronic signature and transferring the generated third message to the second computer, the second computer further comprising: A data transfer system comprising: means for confirming the validity of the third message based on the information; and storage means for holding the third message. 7. The second computer has an output device for displaying information, and input means for receiving an input from a user, and the means for generating and transferring the second message includes: Outputting document data to the output device,
7. The data transfer system according to claim 6, wherein the second message is generated according to information input from the input device in response to the output of the data. 8. The first computer further comprises means for adding authentication information to the first message to indicate that the source of the first message is the first computer, 7. The computer according to claim 6, wherein the second computer has means for adding authentication information to the second message to indicate that the source of the second message is the second computer. Data transfer system. 9. The data transfer system according to claim 1, further comprising a third computer, wherein the second computer assigns a fourth electronic signature indicating the validity of the third message. Means for generating a fourth message by means of a third computer, and transferring the fourth message to a third computer, wherein the third computer is configured to transmit the fourth message based on an electronic signature included in the fourth message. Means for confirming the validity of the message, generating a fifth message by adding a fifth electronic signature to the fourth message to indicate the validity, and transmitting the fifth message to the second computer. Means, the second computer further comprising: means for verifying the validity of the fifth message based on the fifth electronic signature; Means for generating a sixth message by giving a sixth digital signature to indicate the third message, and transferring the sixth message to the third computer, wherein the third computer further comprises: A data exchange system comprising: means for confirming the validity of the sixth message; and storage means for holding the sixth message. 10. The data transfer system according to claim 1, further comprising a third computer, wherein the second computer is configured to transfer a fourth computer to the third computer based on the third message. Means for generating a message and transferring it to the third computer, wherein the third computer is provided for indicating the validity of data other than the third electronic signature included in the fourth message. Means for giving a fourth electronic signature to generate a fifth message and transferring the fifth message to the second computer, wherein the second computer further comprises a fifth message based on the fourth electronic signature. Means for confirming the validity of the message, and a fifth electronic signature for indicating the validity of the message is added to the fifth message to generate a sixth message, and the third message is generated. Means for transferring to a computer, the third computer further comprising means for confirming the validity of the sixth message based on the fifth electronic signature, and holding the sixth message 7. The data transfer method according to claim 6, further comprising a storage unit for storing the data. 11. A storage medium storing a program to be executed by a computer for exchanging electronic data between the computers via an electronic medium, wherein the program indicates validity of the data. Generating a first message in which a first electronic signature for the data is added to the data; transferring the first message to another computer via the electronic medium; Receiving a second message including a message and having a second electronic signature for indicating validity by the other computer; and validating the second message based on the second electronic signature. Confirming the validity of the second message;
Generating a third message by applying the electronic signature to the third computer and transferring the third message to the another computer. 12. A storage medium storing a program to be executed by a computer for exchanging electronic data between the computers via an electronic medium, wherein the program is stored in the storage medium by another computer. Receiving a first message including electronic data and a first electronic signature attached to the electronic data by the other computer to indicate its validity; the first electronic signature Confirming the validity of the electronic data based on the following: adding a second electronic signature indicating the validity to the first message to generate a second message; Sending a message to the other computer; including the second message by the other computer; A storage medium comprising: a step of receiving a third message to which a third electronic signature for indicating validity is added; and a step of storing and holding the third message in a storage device. . 13. The computer program further comprising: transferring the third message to another computer via the electronic medium; further comprising the third message, wherein the third message is valid by the further computer. Receiving a fourth message to which a fourth electronic signature for indicating the property is attached; confirming the validity of the fourth message based on the fourth electronic signature; No. 5 message to show its legitimacy
13. A storage medium according to claim 12, further comprising the step of: generating a fifth message by applying the electronic signature of the first computer to said fifth computer; 14. The storage according to claim 13, wherein the step of transferring the third message to the further computer includes a step of adding a sixth digital signature to the third message. Medium. 15. The step of confirming the validity of the electronic data includes, when the first message includes a plurality of electronic signatures, deleting a message added last to the first message. 13. The storage medium according to claim 12, further comprising the step of: 16. The step of generating the second message includes the steps of outputting the contents of the electronic data to an output device, and receiving an acknowledgment from a user input from the input device in accordance with a result of the output. 13. The storage medium according to claim 12, comprising a step of receiving.