JP2005135072A - Secure document exchange system, document approval method, document exchange management method and program therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To greatly reduce mistakes and trouble in human's work by performing flexible flow control over a secret document equally to a document processing flow which is performed on a paper basis and automating automatic route control, signature verification, etc. <P>SOLUTION: A system is equipped with a user information database 30 which stores originals of documents exchanged between clients 21 and 22, property files 31 and 32 in which respective pieces of information including workflow IDs, access authority, and definitions of a route as a set of nodes performing approval/rejection processing etc., for the saved documents are registered by the clients 21 and 22, and a secure document exchange server 20 which holds the user information database 30 and property files 31 and 32, exchanges documents between the clients 21 and 22, and automatically executes settings of the workflow when a document is registered or referred to, or has its contents altered to ensure security concerned with access authority of the document, alteration detection, etc. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a secure document exchange system, a document approval method, a document exchange management method, and a program thereof using content security technology, electronic document long-term storage technology or electronic document exchange technology on the Internet or intranet using a client terminal and a server. .

  Conventionally, a workflow system that manages history information generated and changed at each stage of a workflow and provides it to a predetermined client (for example, Japanese Patent Laid-Open No. 2002-215856 (see Patent Document 1)), a document between a plurality of systems Document information cooperation system (for example, Japanese Patent Laid-Open No. 10-260962 (see Patent Document 2)) that links information and registers a document and its attribute in a database, or a workflow work task and a work object document There is a workflow management system (for example, Japanese Patent Application Laid-Open No. 11-73459 (see Patent Document 3)) that can perform document management operation on the client side using an interface for managing connection.

  However, these conventional workflow management systems are workflow systems in which it is not guaranteed that content is not falsified for each node. In addition, since these are mainly management of documents created in one company, the content that has been exchanged is not stored as the original, so the reliability of the final content is not ensured. It was a system.

JP 2002-215856 A Japanese Patent Laid-Open No. 10-260962 Japanese Patent Laid-Open No. 11-73459

The problems associated with the conventional electronic document exchange / business flow method are as follows.
1) Many nodes do not guarantee that the content is not “tampered” for each node. That is, the route is often established by trusting the person in charge of the previous node unconditionally as “not to be tampered with”. This is because most of the conventional electronic document exchange systems are built only within the company, so documents are not sent over the Internet or accessed and read from outside the company. Was established.
2) Normally, at each node, a change is usually applied (that is, the change is appended), so if the result of the previous node is not guaranteed for each node, who is on which route It was not possible to determine whether it had been approved, and it was inconvenient when conducting accident investigations.
3) Since the content exchanged is not stored as an original, there are many cases where reliability as final content is not secured.

4) A route is defined in advance, and documents are exchanged according to the route, but it was not possible to deal with such cases as the need to change the route or processing according to the attendance of the person in charge, the deadline, etc. . In addition, there is a route that can be changed, but there is an inconvenience such as being able to cope only with a situation assumed in advance.
5) Access authority is defined in advance, and documents are managed according to the access authority. However, it is not possible to deal with cases where access or processing needs to be changed depending on the attendance of attendees, deadlines, etc. It was. Some access authorities can be changed, but there are inconveniences such as being able to cope only with situations assumed in advance.

(the purpose)
An object of the present invention is to solve these conventional problems, and can perform a flexible flow control on a confidential document as much as a paper-based document processing flow, and an automatic route control. And signature verification, etc., can greatly reduce human error and effort. When documents are digitized and exchanged between companies using a network, content alteration, wiretapping, and originality It is to provide a secure document exchange system, a document approval method, and a document exchange management method that can eliminate the hindrance to securing the document.

The secure document exchange system of the present invention is a secure document exchange system in which a plurality of clients are connected via the Internet. A user information database that stores original documents exchanged between the clients, a workflow ID for each client, It holds a property file for registering information including the access authority and the definition of the route, which is a set of nodes that perform approval and rejection for stored documents, the user information database, and the property file. , Exchange documents with each client, automatically execute workflow settings when registering documents, referencing the documents, and changing the contents of the documents to ensure security such as document access rights and alteration detection And a secure document exchange server. There.
In addition, the workflow includes a route that is a set of nodes that perform processing such as approval and rejection for content that is an electronic file, a document that includes a plurality of contents, and an authority that can access the content. It is also characterized by that.

  In the document approval method of the present invention, each node forming a route, which is a set of nodes that perform processing such as approval and rejection on content, each stage forming a set of a plurality of nodes and a subset of the route, It is characterized in that an approval act of giving a signature is performed, and the correctness of the content and the correctness of the route progress are verified on the server side.

  In the document exchange management method of the present invention, each document in a root, which is a set of nodes that perform processing such as approval and rejection on the contents constituting the document, and each stage forming a subset of the route It is possible to set or change the route at any time, and to set or change the access right or the approval action at any time for each document.

Further, in the route setting for the document, it is possible to connect and insert different routes of the sending company and the receiving company without knowing the other company, particularly for route setting between companies, and attribute information of the document and Another feature is that a connection and a route between documents are automatically set according to the contents of the content constituting the document.
Even if the route is set, the person in charge of the node in the back node skips some nodes and stages ahead depending on the situation for documents that will go to the node in the future. It is also characterized in that the route set in conjunction with the schedule of the person in charge terminal is automatically controlled at each node of the route.

  According to the present invention, confidential documents can be controlled with the same flexibility and digitization as a paper-based document processing flow. Especially, documents can be digitized and exchanged between companies. It is possible to greatly reduce mistakes and labor by eliminating the harmful effects (content tampering, eavesdropping, lack of securing the original) and automating.

Embodiments of the present invention will be described below in detail with reference to the drawings.
(System configuration)
FIG. 1 is a diagram showing a configuration of a secure document exchange system according to an embodiment of the present invention.
Here, a description is given of the case where two of the company A and the company B cooperate, but the present invention can be applied to the case of the three companies A, B, and C, or the case of four or more companies.
As shown in FIG. 1, the secure document exchange system of this embodiment is connected to a network (for example, the Internet) 11 to which a company A side client terminals 14 and 15 are connected and a company B side client terminals 16 and 17. The network 13 connected to the secure document exchange server 19 and the original document storage server 18, and the network 10 connected to the entire networks 11, 12, and 13.

(Document exchange flow)
FIG. 2 is a diagram showing the flow of document exchange according to an example of the present invention.
Exchange between the company A client terminal 14 and the secure document exchange server 19 (1), exchange between the company A client terminal 15 and the secure document exchange server 19 (2), and secure document exchange with the company B client terminal 16 If the exchange with the system 19 is (3) and the exchange between the B company side client terminal 17 and the secure document exchange server 19 is (4), the route can be changed by defining the route in the secure document exchange server 19. Can be set to For example, any route depending on the business using the secure document exchange server 19 such as (1) → (2) → (3) → (4), (1) → (3) → (2) → (4) Can also be set.

(Master data registration procedure for secure document exchange system)
FIG. 3 is a diagram illustrating a master data registration procedure of company A and company B according to an embodiment of the present invention. In FIG. 3, the administrator from the management terminal 21 of company A and the management terminal 22 of company B asynchronously with respect to the secure document exchange server 20 in the following order, the master data (workflow and A procedure for setting user access authority and route definition set in the workflow is shown. In the secure document exchange server 20, a company A property file 31 and a company B property file 32 in which user information DB (database) 30, workflow ID, user authority, route definition and the like are registered are arranged.
Through the processing in step 33, the basic information of the user who uses the secure document exchange server 20 is registered in the user information DB 30 of the secure document exchange server 20 from the management terminal of company A. At that time, user information of other companies such as Company B cannot be referred to. Next, a plurality of workflows can be set in the property file 31 of company A by the processing in step 34. Also at this time, it is impossible to access the property file 32 of the B company from the management terminal of the A company. Next, the access authority and route definition (order) of the user set in the workflow are set by the process of step 35.
Register master data (user information, workflow, user access rights, route definition) that defines various routes by performing the processing of steps 36 to 38 by the management terminal 22 of company B in exactly the same manner. Can do.

(Document exchange procedure of secure document exchange system)
4A, 4B, and 4C are diagrams illustrating a document exchange procedure of the secure document exchange server between companies A and B. FIG.
A workflow is a document route definition (which defines the order of movement), and a document is an object (object) that corresponds to the workflow on a one-to-one basis and is associated with an actual file. It is what. Content is an actual file and is distinguished from a copy file. In this case, the nodes are A company and B company.
4A, (1) A document (content group and property information) is created at the company A person-in-charge terminal 41 (step 110).
(2) The person-in-charge of the company A assigns an electronic signature to the content, and gives information on the validity of the creator and the alteration detection of the content (step 111).
(3) Next, the document is registered in the secure document exchange server 40. When a document is registered in the secure document exchange server 40, the previously defined workflow definition is acquired from the property file 43 and automatically linked as a workflow between companies A and B from the document contents and property information. And linked with the registered document (step 112).

(4) At this time, since the access right and route definition are customized, the user can change the set route and user access right (step 113).
(5) From the verification of the electronic signature of the document, the alteration of the document is detected and the correctness of the creator is confirmed (step 114).
(6) After the document is verified, it is stored as an electronic original in the external original storage server 44 (step 115).
(7) Thereafter, as defined in the workflow, the document flows on the net (Internet, intranet) and is transferred to the next node of the workflow.
However, the document is not sent to the person in charge at the next node. That is, since the document is always stored and managed in the document exchange server 40, the following processing is performed.
First, a notification mail that a document has arrived arrives at the corresponding node (company B terminal) (step 116).

In FIG. 4B and FIG. 4C, a document can be downloaded from the secure document exchange server 40 to the corresponding terminal for the first time when a read instruction is sent from the node person in charge of the node (steps 117, 118, and 119). ).
(8) If an operation of approval or rejection (applying an electronic signature) is performed (steps 120 and 121) at the corresponding node of the company B person in charge terminal 42, the document returns to the secure document exchange server 40. Thereafter, the same processing as Steps 113 to 116 performed by Company A is repeated (Steps 122 to 125).

(Document approval method)
FIG. 5 is an operation flowchart of the document signature method according to the embodiment of the present invention.
Here, as a method of applying an electronic signature using this system, it is assumed that a signature method can be selected by a file format on the terminal side. For example, a file can be signed by the following method.
(1) Open a document (step 50).
(2) An area (region) for displaying an electronic signature image image (a signature or the like, a symbol indicating that an electronic seal has been applied) is specified by dragging (step 51).
(3) The name of the registered key (own secret key) is selected (step 52).
(4) A signature condition such as a reason for signing, a signer name, and a signature location is input (step 53).
(5) Signature image data to be displayed in the area designated in (2) above is selected (step 54).
(6) When the signature OK is pressed, the hash value (message digest) of the document (1) is calculated, encrypted with the secret key of the person in charge, and an electronic signature is generated (steps 55 and 56).
(7) Using the method specific to the file format of the document selected in (1) above, the signature data is created and attached in (6) (step 57).
(8) On the screen, the corresponding digital signature image is displayed in the area specified in (2) (step 58).
(9) Save the file (step 59).

(Signature verification method on the terminal side)
FIG. 6 is an operation flowchart of a document approval verification method (terminal signature verification) according to an embodiment of the present invention.
Here, as a method for verifying an electronic signature, a signature method can be selected according to a file format on the terminal side. For example, the signature of a file can be verified by the following method. (1) Open a document (step 60).
(2) Click on an area (region) where an electronic signature image (signs or the like, a symbol indicating that an electronic seal has been displayed) is displayed, and select signature verification from the menu (step 61).
(3) The signature data is obtained from the file by the method specific to the file format selected in (1) (step 62).
(4) The validity of the certificate (the other party's public key certificate) is confirmed from the acquired signature data by verifying the revocation list or trust chain (step 63).
(5) The digital signature is decrypted with the certificate whose validity has been confirmed (extraction of hash value) (step 64).
(6) The file is opened in (1) and the hash value (message digest) of the file is calculated again (step 65).
(7) The hash value acquired in (5) is compared with the hash value acquired in (6) (step 66).
(8) The validity check result of the certificate in (4), the comparison result in (7), and the signature and certificate information are displayed from the property screen (step 67).

(Server signature verification method)
FIG. 7 is an operational flowchart of a server-side signature verification method according to an embodiment of the present invention. Here, as a method of verifying an electronic signature using the system, it is possible to cope with verification of various signature formats by combining the signature verification method on the server side with the signature method on the terminal side. For example, the signature of a file can be verified by the following method.
(1) The file format is automatically determined based on the document property (step 70).
(2) The signature data is obtained from the file by the method specific to the file format selected in (1) (step 71).
(3) The validity of the certificate (the other party's public key certificate) is confirmed from the acquired signature data by verifying the revocation list or trust chain (step 72).
(4) The digital signature is decrypted with the certificate whose validity has been confirmed (extraction of the hash value) (step 73).
(5) Recalculate the hash value (message digest) of the file (step 74). (6) The hash value acquired in (4) is compared with the hash value acquired in (5) (step 75).
(7) The validity of the registered file is determined from the certificate validity check result of (3) and the comparison result of (6) (step 76).

(Document exchange management method)
(Automatic workflow setting method)
FIG. 8 is a sequence chart of a workflow automatic setting method according to an embodiment of the present invention.
The automatic workflow setting function performed when registering an electronic document with the secure document exchange server includes the following methods.
(1) In FIG. 8, referring to document property information 81 (document type, creator, etc.), a workflow is automatically selected from the master table 80 in accordance with a predetermined condition.
(2) The workflow 82 is automatically selected from the master table 80 according to a predetermined condition with reference to the content 82 of the document in FIG. For example, if the document type is a contract, and the amount 82 of the document content is 100,000 yen or more, the manager settlement route is automatically set, and if the amount is 1 million yen or more in the contract It is possible to automatically set the route for settlement of directors.
(3) Referring to FIG. 8, the property information 81 (document type) of the document is referred to, and the document type to be circulated next is automatically selected from the master table 80 according to a predetermined condition and displayed to the person in charge.

(Workflow control method)
FIG. 9 is an explanatory diagram of a workflow control method according to an embodiment of the present invention.
The workflow information for exchanging electronic documents includes the following, and there are the following control methods.
☆ Workflow approval deadline (total deadline and deadline for each node)
☆ Access rights of each node staff (preemption rights)
☆ Route definition for each node (eg, route routed to 4 people, routed to 6 people, etc.)
(1) Referring to the document registration date 91 and the schedule data 90 of the next person in FIG. 9, control of the route such as skipping of the absence approver (for example, the flow ( 1)). For example, as shown in FIG. 9, in the case of circulation to four people, the document registration was performed on December 5, and the circulation was performed on that day, but the schedule data of the next approver is from December 3 to December 12. In the absence of a day, the third approver can look ahead and look ahead if the overall deadline is 7 days.
(2) In FIG. 9, due to the deadline, the superior of the workflow can refer to the workflow set as the approver in advance from the approval order (for example, the flow (2)), and the document is approved at the lower level. It is possible to approve earlier than the person. For example, as shown in FIG. 9, the four last superiors can refer to a confidential document before the second and third authorizers.

  If the document exchange procedure of the secure document exchange system of FIGS. 4-A, B, and C is converted into a program code and stored in a recording medium such as a CD-ROM, it is convenient for selling and lending the program of the present invention. In addition, the present invention can be easily realized by mounting the recording medium on the secure document exchange server, and installing and executing the program on the server computer.

  The present invention including each of the embodiments described so far can be used for, for example, an inter-company electronic contract conclusion operation, an in-house electronic approval document exchange operation, or an inter-company electronic technical document exchange operation.

1 is a configuration diagram of a secure document exchange system according to an embodiment of the present invention. FIG. It is a figure which shows the flow of document exchange of the secure document exchange system in FIG. It is a sequence chart which shows the master data registration procedure of the secure document exchange system which concerns on one Example of this invention. It is a flowchart which shows the document exchange procedure (the 1) of the secure document exchange system which concerns on one Example of this invention. It is a flowchart which shows the document exchange procedure (the 2) of the secure document exchange system which concerns on one Example of this invention. It is a flowchart which shows the document exchange procedure (the 2) of the secure document exchange system which concerns on one Example of this invention. It is an operation | movement flowchart of the signature method (terminal signature) of the secure document exchange system which concerns on one Example of this invention. It is an operation | movement flowchart of the document approval verification method (terminal signature verification) of the secure document exchange system which concerns on one Example of this invention. It is an operation | movement flowchart of the document approval verification method (server signature verification) of the secure document exchange system which concerns on one Example of this invention. It is a sequence chart of the workflow automatic setting method concerning one example of the present invention. It is a sequence chart of the workflow control method which concerns on one Example of this invention.

Explanation of symbols

10, 11, 12, 13 ... network, 14, 15 ... company A client terminal,
16, 17 ... Company B client terminal, 18 ... Original storage server,
19: Secure document exchange server, 20, 30, 40 ... Secure document exchange server,
21, 41 ... Company A client terminal, 22, 42 ... Company B client terminal,
30 ... User information DB, 31 ... Company A property file,
32 ... Company B property file, 43 ... Property file group, 44 ... Original storage server, 82 ... Document (content file), 81 ... Document property information,
83 ... Property file group, 80 ... Master table, 91 ... Document registration,
90 ... schedule data, 92 ... with preemption authority.

Claims (7)

In a secure document exchange system that connects multiple clients via the Internet,
A user information database that stores the original documents exchanged between the above clients, and a route that is a set of nodes that perform workflow ID, access authority, and approval and rejection processing for the stored documents for each client A property file to register each information including the definition of
Holds the user information database and the property file, exchanges documents with each client, automatically executes workflow settings when registering documents, referencing the documents, and changing document contents. And a secure document exchange server that secures security such as access authorization and falsification detection. The secure document exchange system according to claim 1,
The workflow is composed of a route, which is a set of nodes that perform processing such as approval and rejection for content that is an electronic file, a document composed of a plurality of contents, and an authority to access the content. Secure document exchange system characterized by A document approval method for performing an approval action for a registered document,
Approval action to give an electronic signature at each node that forms a route, which is a set of nodes that perform processing such as approval and rejection of content, and at each stage that forms a set of multiple nodes and a subset of the route A document approval method, characterized in that the server verifies the correctness of the content and the correctness of the route progress. A document exchange management method for exchanging documents with each client,
In each stage that forms a node and a subset of the route, which is a set of nodes that perform processing such as approval and rejection on the content constituting the document,
The route can be set or changed at any time for each document, and
A document exchange management method characterized in that access rights and approval actions can be set or changed at any time for each document. The document exchange management method according to claim 4,
In the route setting for the document, it is possible to connect and insert different routes of the sending company and the receiving company without knowing to the other company, especially for route setting between companies.
A document exchange management method, wherein a connection and a route between documents are automatically set according to the attribute information of the document and the contents of the content constituting the document. The document exchange management method according to claim 4,
Even if the route is set, the person in charge of the node at the back node can skip ahead some nodes and stages depending on the situation for documents that will be going to the node in the future. age,
A document exchange management method, wherein a route set in conjunction with a schedule of a person-in-charge terminal is automatically controlled in each node of the route. A document exchange program for a secure document exchange server between a plurality of companies,
A document is created on the computer of the secure document exchange server by the terminal of the person in charge of the first company, and an electronic signature is assigned to each content constituting the document, and the author's validity and alteration detection of each content are detected. The procedure to register the document with the above information, obtain the workflow definition defined earlier from the property file, link the document contents and property information as a workflow between companies, and link with the registered document, obtain From the verification of the electronic signature of the document, a procedure for detecting falsification of the document and confirming the correctness of the creator, a procedure for verifying the document and storing it as an electronic original in the original storage database, as defined in the above workflow Second, the document flows over the Internet A procedure for transferring a notification mail to a person in charge terminal of the company, a procedure for downloading a document from the original storage database to the person in charge terminal upon receiving a reading instruction from the person in charge terminal, and a digital signature verification. A document exchange program for executing a procedure for performing processing and a procedure for storing an electronic original of the document without updating or updating the original.

Images