JP2006186585A - Information processor and information processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique for simply executing presence verification and integrity verification of an electronic document. <P>SOLUTION: The electronic document, HASH data of an electronic mail X, and HASH data of an electronic mail (X-1) are stored by making them to associate with each other (S304). Time verification information to an electronic mail N is acquired at a prescribed time and stored by making it to associate with the electronic mail N (S306). <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a technique for processing an electronic document.

  With the development of information communication infrastructure, information transmission / reception using electronic mail is increasing. For example, a business document or the like is attached to an e-mail and exchanged via the Internet. Even with “documents that place importance on confidentiality” that have been mailed by mail or the like in the past, opportunities to exchange by e-mail are increasing with the development of encryption technology.

  The “e-Japan Strategy II Acceleration Package” announced by the Japanese government in February 2004 also emphasizes the progress of electronic documentation. Among them, financial documents and documents related to tax, etc. that are required to be retained by the private sector by law, documents and forms that are not allowed to be stored electronically, based on recent progress in information technology, etc.・ In principle, to ensure that documents and forms can be stored electronically while ensuring the authenticity and visibility according to the contents and nature of the forms, a unified law (commonly known as “e-documents” It is said that it will be done by enacting the law ").

  However, it is extremely difficult to prove from what point in time electronic documents existed without change. This is because electronic documents are easy to tamper with, unlike paper documents, and data such as creation date and update date is recorded as attribute information in electronic documents. Because it is based on the time information of the clock of the computer that created or updated the electronic document, it has the property that it is possible to arbitrarily manipulate the creation date and update date and time. is there.

  In such a situation, for the existence proof of electronic data (proof that the electronic data existed at the fixed time) and completeness proof (proof that the electronic data has not been tampered after the fixed time) There is a service called time stamp service. The outline of this time stamp service will be described with reference to FIG.

  FIG. 9 is a diagram showing an outline of a system for implementing a time stamp service.

  A time distribution station (TA) 901 is an organization that distributes time information based on the standard time to a time-related business operator (in this case, a time stamp authority 902) and authorizes the time of the time-related business operator. The server time of this time-related business operator 902 is always synchronized with Coordinated Universal Time (UTC) 903. Time distribution stations and time-related business operators often have atomic clocks such as cesium atomic clocks and rubidium atomic clocks. For example, the GPS common view method is used to improve the reliability of time information. .

  The time distribution station 901 obtains standard time information from an NTA (National Time Authority) (not shown). For this reason, time synchronization processing is performed between the time distribution station 901 and the time-related service provider 902 between the time distribution station 901 and the NTA. NTA is a national organization that supplies time information of standard time to each time certificate authority, confirms the time of each time certificate authority, and authenticates the time.

  The Certificate Authority (CA) 904 issues a public key certificate in PKI (Public Key Infrastructure), which is an environment for enabling secure communication over the Internet using public key cryptography and digital signatures. The public key authentication is performed with respect to the time stamp authority (TSA) 902.

  For example, when it is desired to perform the existence proof and integrity proof of the electronic document 906 held by the computer 905, the computer 905 obtains the hash data 907 of the electronic document 906 using a known hash function. As an algorithm of this hash function, MD5 or the like is used.

  The hash function is characterized by the fact that most of the bits of the hash data change even if the original plaintext changes by 1 bit, and because it creates fixed-length data regardless of the plaintext data length. Therefore, it is almost impossible to infer the original plaintext from the hash data.

  The calculated hash data 907 is sent from the computer 905 to the time stamp authority 902 in a transmission form such as being attached to an e-mail 908, for example. Upon receiving the hash data 907, the time stamp station 902 creates time information (time certification data) 910 for the received hash data and sends it back to the computer 905 in a form attached to the e-mail 909.

  Then, the computer 905 transmits the received time information 910 in association with the electronic document 906 to the server device 911 and stores it there.

  In such a system, since the time information 910 is time information for the hash data 907 created from the electronic document 906, the existence proof and the integrity proof of the electronic document 906 are possible. Further, the time information for the existence proof and the integrity proof may be used as time-limited proof information that is valid for many years from the time indicated by the time proof.

  The existence proof and the integrity proof of the electronic document can be proved by using the above technique. However, when the electronic document is transmitted by electronic mail, it is important to prove the transmission time of the electronic mail.

  In the time stamp technology, the existence proof and the integrity proof of the electronic document are considered, but the time proof when the document is transmitted by electronic mail is not considered.

Here, Patent Document 1 discloses a technique for exchanging data such as electronic mail on a network using accurate time information. More specifically, an electronic postmark including highly accurate time information is issued to the electronic mail to be transmitted, and the electronic postmark is stamped on the electronic mail to prove the transmission time of the electronic mail.
JP 2002-116695 A

  However, in Patent Document 1, access to the certificate authority is always performed when issuing an electronic postmark. Therefore, for example, when the bandwidth of the line to the certificate authority is narrow, this access may cause traffic busy.

  When it is assumed that a service using the technology described in Patent Document 1 is performed, it is assumed that the service provider charges for the electronic postmark issue. In such a case, for example, if a company with a large number of mail data uses this service to issue electronic postmarks for each mail one by one, the amount charged may be enormous. .

  In addition, it may be possible to issue electronic postmarks only for mails with specific conditions instead of all mails, but time certification of mails that did not issue electronic postmarks will be required later. It can be considered.

  Also, as to the time of sending and receiving an e-mail, if it can be proved that the e-mail has been reliably transmitted / received and that the e-mail has not been tampered thereafter, the e-mail sent / received time does not necessarily have to be proved correctly. It doesn't matter. The existence proof and completeness proof of electronic documents are carried out under the same idea.

  The present invention has been made in view of the above problems, and an object of the present invention is to provide a technique for easily performing existence proof and integrity proof of an electronic document.

  In order to achieve the object of the present invention, for example, an information processing apparatus of the present invention comprises the following arrangement.

That is, an information processing method performed by an information processing apparatus capable of data communication with an issuing apparatus that issues time certification information,
An electronic document acquisition process for acquiring an electronic document;
A calculation step of calculating a value based on the electronic document acquired by the electronic document acquisition step;
A link information creation step for creating link information based on the value calculated by the calculation step for the electronic document and the value of another electronic document calculated by the calculation step before the electronic document;
A first storage step of storing the link information created in the link information creation step and the electronic document in association with each other;
A time proof information acquisition step for performing processing for acquiring time proof information for the electronic document acquired by the electronic document acquisition step from the issuing device at a predetermined timing;
And a second storage step of storing time certification information for the electronic document acquired by the electronic document acquisition step in association with the electronic document.

  In order to achieve the object of the present invention, for example, an information processing apparatus of the present invention comprises the following arrangement.

That is, an information processing device capable of data communication with an issuing device that issues time certification information,
An electronic document acquisition means for acquiring an electronic document;
Calculation means for calculating a value based on the electronic document acquired by the electronic document acquisition means;
Link information creation means for creating link information based on the value calculated by the previous term calculation means for the electronic document and the value of the other electronic document calculated by the calculation means before the electronic document;
First storage means for storing the link information created by the link information creation means and the electronic document in association with each other;
Time certification information acquisition means for performing processing for acquiring time certification information for the electronic document acquired by the electronic document acquisition means from the issuing device at predetermined timings;
And second storage means for storing time certification information for the electronic document acquired by the electronic document acquisition means in association with the electronic document.

  In order to achieve the object of the present invention, for example, the system of the present invention comprises the following arrangement.

That is, a system including an issuing device that issues time certification information, an information processing device capable of data communication, and a mail server device that holds data of an electronic document,
The information processing apparatus includes:
Electronic document acquisition means for acquiring an electronic document from the mail server device;
Calculation means for calculating a value based on the electronic document acquired by the electronic document acquisition means;
Link information creation means for creating link information based on the value calculated by the previous term calculation means for the electronic document and the value of the other electronic document calculated by the calculation means before the electronic document;
First storage means for storing the link information created by the link information creation means and the electronic document in association with each other;
Time certification information acquisition means for performing processing for acquiring time certification information for the electronic document acquired by the electronic document acquisition means from the issuing device at predetermined timings;
And second storage means for storing time certification information for the electronic document acquired by the electronic document acquisition means in association with the electronic document.

  With the configuration of the present invention, the existence proof and integrity proof of an electronic document can be easily performed.

  Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.

[First Embodiment]
<System configuration>
FIG. 1 is a diagram illustrating a configuration example of a system according to the present embodiment. As shown in the figure, the system according to the present embodiment is roughly composed of a time stamp station server apparatus 101, a wide area network 102, and local area network systems 150 and 160.

  First, the time stamp station server apparatus 101 will be described. The time stamp station server apparatus 101 functions as a server apparatus in the time stamp station 902 described above. The current time managed by the time stamp station server device 101 is synchronized with the standard time by the above-described well-known technique, and processing for providing this standard time is performed in response to a request. Since such an operation relating to the time stamp station server apparatus 101 is known as described above, further description thereof is omitted.

  The wide area network 102 is a network that connects between the local area network systems 150 and 160 and the time stamp station server apparatus 101. For example, the Internet is preferable. Note that the types of networks applicable to the wide area network 102 are not limited to this, and some or all of them may be configured using either wired or wireless.

  The local area network systems 150 and 160 are, for example, local area network systems provided in separate companies, and communication between the local area network system 150 and the local area network system 160 is performed via the wide area network 102. Communication within the local area network systems 150 and 160 is performed via the local area networks 103a and 103b, respectively.

  First, the local area network system 150 will be described. The local area network system 150 includes client terminal devices 107a and 108a, an email data management server device 105, an email server device 106a, a firewall 104a, and a local area network 103a.

  The e-mail server device 106a transmits and receives mail between the client terminal device 107a and the client terminal device 108a, and the client terminal device 107a (108a) and a device outside the local area network system 150 (in the figure, the client terminal device 107b). , 108b), and as is well known, processing for sending mail to a destination specified by a mail address is performed. Since such a series of processes performed by the e-mail server device 106a is well known, further explanation is omitted.

When the e-mail data management server device 105 detects e-mail data transmitted / received via the local area network 103a,
・ Proof of existence (Proof that the electronic data existed at the fixed time)
・ Proof of integrity (proof that the electronic data has not been tampered with since the fixed time)
This e-mail management process is performed so that the following two proofs are possible. Details of processing performed by the e-mail data management server apparatus 105 will be described later.

  Reference numeral 103a denotes a local area network. Data communication among the client terminal devices 107a and 108a, the mail server device 106a, and the electronic mail data management server device 105 is performed via the local area network 103a.

  Reference numeral 104a denotes a firewall that monitors data communication between the local area network system 150 and the wide area network 102. The type of the packet 104a is a packet that controls communication based on information included in the IP header. There are “filtering”, “application gateway” that relays operations from applications, and the like, which enhances network security and limits services provided to users. Since the firewall 104a is well known, further explanation is omitted.

  On the other hand, the local area network system 160 is composed of client terminal devices 107b and 108b, an electronic mail server device 106b, a firewall 104b, and a local area network 103b, each of which includes client terminal devices 107a and 108a, Since it is the same as that of the e-mail server device 106a, the firewall 104a, and the local area network 103a, description thereof will be omitted.

  In the following, a process is described in which the e-mail data management server device 105 manages e-mails transmitted and received via the network 103a so that the above two certifications can be made. A system to which the e-mail data management server device 105 is applied The form is not limited to that shown in FIG.

<Configuration of E-mail Data Management Server Device 105>
FIG. 2 is a block diagram showing a basic configuration of the e-mail data management server apparatus 105. As shown in FIG.

  A CPU 201 controls the entire electronic mail data management server device 105 using programs and data stored in the RAM 202 and the ROM 203, and executes each process described below performed by the electronic mail data management server device 105.

  A RAM 202 includes an area for temporarily storing programs and data loaded from the HDD 204 and the storage medium drive device 206 and data received via the network I / F (interface) 205, and the CPU 201 performs various operations. The work area used when executing the process is provided.

  A ROM 203 stores setting data, a boot program, and the like of the e-mail data management server device 105.

  Reference numeral 204 denotes an HDD, which stores an OS (operating system) and programs and data for causing the CPU 201 to execute each process described later performed by the e-mail data management server apparatus 105. Some or all of these are stored in the HDD. The data is loaded into the RAM 202 according to the control by the CPU 201, and the CPU 201 performs processing using the loaded data. Thus, the electronic mail data management server apparatus 105 executes each processing described below.

  Reference numeral 205 denotes a network I / F for connecting the e-mail data management server apparatus 105 to the local area network 103a. The e-mail data management server apparatus 105 is connected to an external device via the network I / F 205. Data communication can be performed.

  Reference numeral 206 denotes a storage medium drive device that reads a program or data recorded on a storage medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, or DVD-RAM and outputs it to the RAM 202. The reading operation is controlled by the CPU 201.

  A pointing device 207 such as a mouse can input various instructions to the CPU 201. A keyboard 208 can input various instructions to the CPU 201.

  Reference numeral 209 denotes a video I / F (interface) which functions as an I / F for supplying an image to be displayed on the display device 210 to the display device 210 as a signal.

  A display device 210 includes a CRT, a liquid crystal screen, and the like, and can display a processing result by the CPU 201 using an image, text, or the like.

  A bus 212 connects the above-described units.

<Processing Performed by E-mail Data Management Server Device 105>
Next, a process in which the e-mail data management server apparatus 105 manages the e-mail data so that the above two proofs are possible will be described below with reference to FIG. 3 showing a flowchart of the process. It is assumed that the e-mail data management server apparatus 105 has not yet detected an e-mail at the time of starting the processing according to the flowchart of FIG. A program and data for causing the CPU 201 to execute the processing according to the flowchart of FIG. 5 are loaded in the RAM 202, and the CPU 201 performs processing using this, whereby the e-mail data management server device 105 will be described below. Each process is performed.

  The CPU 201 manages the data of each e-mail to be acquired thereafter in the order of acquisition. However, before acquiring the e-mail data, the CPU 201 creates the first data (step S301). This process is performed prior to the acquisition of e-mail when creating new data. Details of the process of creating the top data will be described with reference to the flowchart shown in FIG. FIG. 4 is a flowchart showing details of the leading data creation process in step S301.

  First, the CPU 201 generates fixed-length random number data (step S401). Here, since it is only necessary to generate fixed-length data in step S401, the present invention is not limited to generating random numbers. The “fixed length” is preferably the same data length as hash (HASH) data described later.

  Next, PDF data in which the fixed-length random number data is described is created (step S402). As long as the fixed-length random number data can be browsed, the data generated in step S402 is not limited to PDF data.

  Next, a HASH value is calculated based on the PDF data to obtain HASH data (step S403).

  Next, by transmitting this PDF data to the time stamp authority server apparatus 101, time certification information for the PDF data returned from the time stamp authority server apparatus 101 is received (step S404). At this time, for example, when the time stamp authority server apparatus 101 considers security such as prevention of data leakage due to electronic data flowing over a wide area network, the time certification information for the HASH data It is also conceivable to issue existence and integrity proof for the electronic data for which the HASH value is calculated. In that case, the HASH value obtained in step S403 may be used. This time certification information is a so-called time stamp, and is used for performing existence certification and integrity certification. Since this time certification information, that is, the time stamp is well known, further explanation is omitted.

  Next, a unique code (in this case, a serial number) is issued for the PDF data (step S405). The serial number is issued in order of 1, 2, 3, and so on. Further, based on the random value generated in step S401, the serial number issued in step S405, and the HASH data obtained in step S403, HASH calculation is performed to obtain link data (step S406). Next, header information is created (step S407). This header information includes the serial number issued in step S405, the current time measured by the CPU 201, etc., but is not limited to this.

  The header information created in this way, the PDF data created in step S402, the link data obtained in step S406, and time certification information (time stamp data) for performing time certification of the PDF data obtained in step S404. And stored in the HDD 204 (step S408).

  Through the above processing, the top data (data based on a set of header information, link data, and PDF data) is created and stored in the HDD 204 in association with the time stamp data.

  Returning to FIG. 3, when the processing in step S301 is completed, the CPU 201 monitors e-mails transmitted and received via the local area network 103a (step S302). The processing in this step is, for example, processing for receiving this notification because the mail server device 106a notifies the email data management server device 105 that the email has been received.

  If the CPU 201 detects an e-mail (for example, the e-mail data management server apparatus 105 is notified that the e-mail server apparatus 106a has received an e-mail, and this is detected by the CPU 201), the process proceeds from step S303 to step S303. Proceeding to S304, the detected e-mail data (e-mail data received by the mail server device 106a) is received and managed (step S304).

  FIG. 5 is a flowchart showing details of the processing in step S304. First, the CPU 201 issues a serial number for the detected e-mail data (step S501). As for the issuance of the serial number, the serial number and serial number of the first data already issued in step S405 of FIG.

  Next, the e-mail data is compressed by an appropriate compression method (step S502). At this time, if there is an attached file in the e-mail, the compression process including the attached file is performed. Since this compression process is not essential, this step may be omitted.

  Next, based on the email data compressed in step S502, a HASH value is calculated to obtain HASH data (step S503). Further, HASH calculation is performed based on the link data obtained in step S405, the serial number issued in S501, and the HASH data obtained in step S503 to obtain link data (step S504).

  Next, header information is created (step S506). This header information includes the serial number issued in step S501, the current time measured by the CPU 201, etc., but is not limited to this. The data structure is preferably the same as the header information created in step S407 in FIG.

  The header information created in this way, the link data of the e-mail obtained in step S504, and the e-mail data compressed in step S502 are associated with each other and stored in the HDD 204 (step S507).

  If one or more emails have already been stored in the HDD 204 in step S507, the “link data generated last time” stored in step S507 in association with the compressed data of the email detected this time is the email detected this time. This is the link data obtained by the HASH calculation in step S504 for the email detected immediately before. That is, if the CPU 201 sequentially detects mail 1, mail 2, mail 3, and stores the compressed data of mail 3 in the HDD 204 in step S 507, the link data of mail 2, the serial number of mail 3 and the compression The link data obtained by the HASH calculation from the HASH data of the data and the header information generated for the mail 3 are stored in the HDD 204 in association with the compressed data of the mail 3.

  Returning to FIG. 3, when the management process for one electronic mail in step S304 described above is performed, the process proceeds to step S305, and the current time measured by the CPU 201 is determined in advance as “time certification information (time stamp). It is checked whether it is the “time to acquire” (step S305). As a result of the check, if the current time measured by the CPU 201 is not the predetermined “time to acquire time certification information (time stamp)” (NO in step S305), the process returns to step S302, and the subsequent processes repeat. That is, the next e-mail is detected, and this e-mail management process is performed.

  On the other hand, if the current time counted by the CPU 201 is a predetermined “time to acquire time certification information (time stamp)” (YES in step S305), the process proceeds to step S306 to acquire the time stamp. Is performed (step S306).

  The process for acquiring a time stamp in step S306 will be described below with reference to FIG. 6 showing a flowchart of the process. FIG. 6 is a flowchart showing details of the processing for acquiring a time stamp in step S306.

  First, link data of an e-mail (hereinafter referred to as e-mail A) detected immediately before obtaining a time stamp is read from the HDD 204 to the RAM 202 (step S601), and PDF data in which such information is described is created (step S601). Step S602).

  FIG. 8 is a diagram illustrating an example of PDF data created in step S602. In the figure, the time stamp acquisition time ("time" in the figure), the serial number of the email A, and the link data of the email A are described, but the information to be described in the PDF data is limited to these. What is necessary is that link data of the electronic mail A is described. Further, the data created in step S602 is not limited to PDF data, and any data format can be used as long as such information can be browsed.

  Next, by transmitting this PDF data to the time stamp authority server apparatus 101, time certification information for the PDF data returned from the time stamp authority server apparatus 101 is received (step S603). This time certification information is a so-called time stamp, and is used for performing existence certification and integrity certification. Since this time certification information, that is, the time stamp is well known, further explanation is omitted.

  Next, a unique code (in this case, a serial number) is issued for the PDF data (step S604). As for the issuance of the serial number, the serial number and serial number of the electronic data already issued in step S501 in FIG. Next, a HASH value is calculated based on the PDF data to obtain HASH data (step S605). Further, HASH calculation is performed based on the link data of the e-mail X, the serial number issued in step S604, and the HASH data obtained in step S605 to obtain link data (step S606). Next, header information is created (step S606). This header information includes the serial number issued in step S404, the current time counted by the CPU 201, etc., but is not limited to this.

  The header information created in this way, the PDF data created in step S602, the link data obtained in step S606, and time certification information (time stamp data) for performing time certification of the PDF data obtained in step S603. And stored in the HDD 204 (step S608).

  FIG. 7 is a diagram showing a configuration example of data stored in the HDD 204 in accordance with the flowchart of FIG. In the figure, data 1 (PDF data), data 2, data 3,... Data (X-2), data (X-1) (corresponding to the electronic mail A at the time of explaining the processing in FIG. 6), data X (PDF) Data), data (X + 1), data (X + 2),..., Data (N−1), and data N (PDF data) are obtained by arranging the data groups stored in step S507 in the order of storage. For example, the data 3 is composed of the header information of the electronic mail 2 detected by the CPU 201 secondly, the link data calculated by HASH from the link data of the electronic mail 1 of the electronic mail 2 and the compressed data of the electronic mail 2. Has been.

  Data 1 (PDF data) is the so-called head data. The TimeStamp for this data indicates a publicly proven time, and since the data 1 is generated in association with the link data of this data 1 (PDF data) after the generation of this TimeStamp, It can be proved that the e-mail 1 surely exists after the time indicated by the data 1 (PDF data). Similarly, since the data 2 is generated to have the HASH data of the data 1 after the data 1 is generated, it can be proved that the data 2 surely exists in the HDD 204 after the data 1.

  After the data 1 (PDF data) is generated in this way, the CPU 201 sequentially detects e-mails, so that data 2, data 3, and so on are created and stored in the HDD 204.

  Further, link data of data X (PDF data) is generated in association with link data of data (X-1). The TimeStamp for the data X (PDF data) indicates a publicly certified time. Similarly, data (X-2), data (X-1), data X (PDF), data (X + 1), and data (X + 2) are created and stored in the HDD 204.

  Therefore, it is proved that the data 2 to the data (X-1) surely existed in the HDD 204 in this order after the time indicated by the TimeStamp of the data 1 (PDF). Due to the presence of TimeStamp of (PDF), it can be proved that Data 2 to Data (X-1) surely existed in HDD 204 in this order before the time indicated by TimeStamp of Data X (PDF). As described above, the proof that data 2 to data (X-1) exist in this order is obtained by the fact that each link data includes the link data of the previous data. It is.

  Even if all the link data after the data is tampered with the deletion of data or the tampering between the data 2 and the data (X-1), the link data of the data (X-1) and the data X Since it does not match the link data described in the PDF data for which the time certification has been performed, it can be proved that “tampered”. Furthermore, if PDF data is sometimes tampered with, it can also be found by time certification. That is, in any case, it can be proved that the mail between data 2 and data (X-1) has been falsified.

  Thus, by acquiring a time stamp from the time stamp authority server device 101 at every predetermined timing, it is possible to prove the existence of an electronic mail between the times indicated by the respective time stamps. Further, since it is not necessary to acquire a time stamp for each e-mail, the number of accesses to the time stamp authority server apparatus 101 is reduced. For example, even when charging is caused by this access, The existence proof of each electronic mail can be performed at a lower cost than when obtaining a time stamp for the electronic mail. In addition, this can reduce the problem of network traffic to the time stamp station server apparatus 101.

  Returning to FIG. 3, the above processing is terminated, and it is determined whether or not the data group saved in the HDD 204 by the above processing is saved in the HDD 204 as one file (step S308). For example, the operator of the e-mail data management server apparatus 105 may input an instruction to save using the keyboard 208 or the pointing device 207, or the current time counted by the CPU 201 has reached a predetermined time. In this case, the CPU 201 may make a determination of “save”. Therefore, the form of this determination is not particularly limited.

  If not stored (NO in step S307), the process returns to step S302, and the subsequent processes are repeated. If stored (YES in step S307), the process proceeds to step S308, and the HDD 204 Save as one file (step S308). In the case of saving, this one file includes, as header information, version information, internal index information, data size, the number of emails to be saved, and the like. At this time, the time data is always stored in association with the last data created by the above processing.

  Next, it is determined whether or not the process after step S301 is newly started (step S309). If it is to be performed (YES in step S309), the process returns to step S301, and the subsequent processes are repeated.

  Through the above processing, the present embodiment can manage e-mail so that e-mail existence proof and integrity proof can be performed. In addition, even if a charge is incurred when acquiring a time stamp for the management, it is possible to manage all mails at a lower cost than acquiring time stamps for individual mails. The problem of network traffic to the server apparatus 101 can be reduced.

  In the above description, the device that stores data and programs and the device that stores the data are only examples, and are not particularly limited. In the above description, an example in which the HASH value is obtained by one algorithm is shown. However, the HASH value is not particularly limited, and may be calculated by a plurality of methods in order to make analogy of the original data difficult.

  Further, as described above, there may be a limited period during which the existence and integrity can be proved. Therefore, the CPU 201 of the e-mail data management server 105 performs time certification based on the time information of the archive data stored in the HDD 204. Of course, it is possible to extend the effective period.

  In the above description, the time certification information (PDF data) and the time certification information (time stamp) are described as separate data. However, the present invention is not limited to this, and the time certification information is included in the time certification information. Of course, an embedding method may be used. In this case, the HASH value is calculated based on time-certified information (PDF data) that has been subjected to the time certification information embedding process.

[Second Embodiment]
In the first embodiment, the time stamp acquisition timing is determined only by the time. However, the present invention is not limited to this. For example, the e-mail data management server device 105 receives a predetermined number of e-mails from the HDD 204. A time stamp acquisition process may be performed each time the file is stored.

  For example, when e-mails 1, 2, 3,... N are stored in the HDD 204, a time stamp is acquired and stored in association with the e-mail (N + 1). Thus, the time stamp acquisition timing is not particularly limited. However, if the time stamps were issued frequently, the existence of the individual mail can be proved in more detail, but if this is charged, the cost of this will be the time stamp for each mail. Since it is no different from acquiring, care must be taken regarding the issue timing and number of times. Of course, this method and the method described in the first embodiment may be used in combination.

  In the first embodiment, the PDF data describing the head data and link information in the PDF format is created. However, the present invention is not limited to this method. For example, the e-mail acquired first by the e-mail data management server 105 Acquire time certification information for the data (leading data), and for the acquired email, link data is created by the above processing, and the time certification information is acquired for the email itself acquired at a predetermined timing. Of course, this method may be adopted.

  In the first embodiment, e-mail management has been described. However, instead of e-mail, for example, bit information transmitted from the winning bidder side to the organizer's server in an auction may be used. That is, in the above embodiment, the e-mail is used as an example of the electronic document, and the technology described above is not limited to the e-mail.

[Other Embodiments]
Also, an object of the present invention is to supply a recording medium (or storage medium) in which a program code of software that realizes the functions of the above-described embodiments is recorded to a system or apparatus, and the computer (or CPU or Needless to say, this can also be achieved when the MPU) reads and executes the program code stored in the recording medium. In this case, the program code itself read from the recording medium realizes the functions of the above-described embodiment, and the recording medium on which the program code is recorded constitutes the present invention.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an operating system (OS) running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Furthermore, after the program code read from the recording medium is written into a memory provided in a function expansion card inserted into the computer or a function expansion unit connected to the computer, the function is based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion card or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  When the present invention is applied to the recording medium, program code corresponding to the flowchart described above is stored in the recording medium.

It is a figure which shows the structural example of the system which concerns on the 1st Embodiment of this invention. 3 is a block diagram showing a basic configuration of an electronic mail data management server device 105. FIG. It is a flowchart of the process which the e-mail data management server apparatus 105 manages so that said 2 certification | authentication is possible about the data of e-mail. It is a flowchart which shows the detail of the production | generation process of head data in step S301. It is a flowchart which shows the detail of the process in step S304. It is a flowchart which shows the detail of the process which acquires a time stamp in step S306. FIG. 4 is a diagram illustrating a configuration example of data stored in an HDD 204 according to the flowchart of FIG. 3. It is a figure which shows an example of the PDF data produced by step S602. It is a figure which shows the outline | summary of the system for implementing a time stamp service.

Claims (12)

An information processing method performed by an information processing apparatus capable of data communication with an issuing apparatus that issues time certification information,
An electronic document acquisition process for acquiring an electronic document;
A calculation step of calculating a value based on the electronic document acquired by the electronic document acquisition step;
A link information creation step for creating link information based on the value calculated by the calculation step for the electronic document and the value of another electronic document calculated by the calculation step before the electronic document;
A first storage step of storing the link information created in the link information creation step and the electronic document in association with each other;
A time proof information acquisition step for performing processing for acquiring time proof information for the electronic document acquired by the electronic document acquisition step from the issuing device at a predetermined timing;
An information processing method comprising: a second storage step of storing time certification information for the electronic document acquired by the electronic document acquisition step in association with the electronic document.   The time certification information acquisition step performs processing for acquiring time certification information for the electronic document acquired by the electronic document acquisition step from the issuing device in the vicinity of a predetermined time at each predetermined time. The information processing method according to claim 1.   The information processing method according to claim 1, wherein the time certification information acquisition step acquires time certification information for the electronic documents acquired by the electronic document acquisition step at a predetermined number of intervals from the issuing device. A first document information creating step of creating first document information capable of browsing the link information created by the link information creating step;
The time certification information acquisition step acquires time certification information for the first electronic information created in the first document information creation step from the issuing device. The information processing method according to item 1. The first document information creation step creates first document information that enables browsing of link information created by the information creation step for an electronic document obtained by the electronic document acquisition step near a predetermined time. The information processing method according to claim 4. The first document information creation step creates first document information that enables browsing of link information created by the link information creation step for the electronic document obtained by the electronic document acquisition step at a predetermined number of intervals. The information processing method according to claim 4 or 5.   The information processing method according to claim 1, wherein the calculation step calculates a hash value. Furthermore,
A fixed-length data generation step for generating fixed-length data before the electronic document acquisition step acquires the first electronic document;
Creating a second document information in which the data generated by the fixed-length data generation step can be browsed, and acquiring a time certification information for the document information from the issuing device;
A first calculation step of calculating a value based on the second document information;
A third storage for storing the fixed length data, the value calculated by the first calculation step for the second document information, and the time certification information obtained by the first time certification information acquisition step. Process,
When the electronic document acquisition step acquires the first electronic document, the data of the electronic document, the value calculated by the calculation step for the second electronic document, and the first calculation step for the second document information The information processing according to any one of claims 1 to 5, further comprising: a fourth storage step that stores the link information created by the link information creation step in association with the value calculated by the link information creation step. Method.   The information processing method according to claim 1, wherein the electronic document includes an electronic mail. An information processing device capable of data communication with an issuing device that issues time certification information,
An electronic document acquisition means for acquiring an electronic document;
Calculation means for calculating a value based on the electronic document acquired by the electronic document acquisition means;
Link information creating means for creating link information based on the value calculated by the previous term calculation means for the electronic document and the value of the other electronic document calculated by the calculation means before the electronic document;
First storage means for storing the link information created by the link information creation means and the electronic document in association with each other;
Time certification information acquisition means for performing processing for acquiring time certification information for the electronic document acquired by the electronic document acquisition means from the issuing device at predetermined timings;
An information processing apparatus comprising: second storage means for storing time certification information for an electronic document acquired by the electronic document acquisition means in association with the electronic document. An information processing apparatus that can perform data communication with an issuing apparatus that issues time certification information, and a mail server apparatus that holds electronic document data,
The information processing apparatus includes:
Electronic document acquisition means for acquiring an electronic document from the mail server device;
Calculation means for calculating a value based on the electronic document acquired by the electronic document acquisition means;
Link information creation means for creating link information based on the value calculated by the previous term calculation means for the electronic document and the value of the other electronic document calculated by the calculation means before the electronic document;
First storage means for storing the link information created by the link information creation means and the electronic document in association with each other;
Time certification information acquisition means for performing processing for acquiring time certification information for the electronic document acquired by the electronic document acquisition means from the issuing device at predetermined timings;
And a second storage unit for storing time certification information for the electronic document acquired by the electronic document acquisition unit in association with the electronic document.   A program for causing a computer to execute the information processing method according to any one of claims 1 to 9.

Images