JP2006295565A - Electronic information disclosure certification system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic information disclosure certification system capable of applying disclosure certification even to a complicated Web page that dynamically changes. <P>SOLUTION: The electronic information disclosure certification system that certifies for a web server for disclosing electronic information that the web server discloses the electronic information to a network includes: an access means for accessing the electronic information by a prescribed system; a rendering means for rendering the electronic information acquired by access; a certification target data generating means for generating certification target data used for the disclosure certified on the basis of the rendered electronic information; a time certification means for acquiring a time certificate for the certification target data; an access result recording medium for recording an access result including the certification target data and the time certificate; and a certificate generating means for generating the certificate that the electronic information is disclosed. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a public content electronic information disclosure certification system for proving that electronic information has been published on the Internet.

  With the spread of the Internet, official gazettes and corporate financial reports that have been published on paper are now being made electronically. The contents disclosed on the Internet have been left to the discretion of the caller, but in recent years a mechanism has been proposed that can be proved by a third party.

  In Patent Document 1, which is one of the proposals, an electronic publication published on the network is collected and recorded via the network, and the electronic publication is later disclosed. It is to be able to prove that.

Further, Patent Document 2 and Patent Document 3 refer to the ability to track and manage the change history of electronic publications in addition to Patent Document 1 and to facilitate the search.
Japanese Patent No. 3420472 JP 2001-154988 A JP 2001-154989 A

  However, recent web pages cannot be displayed by simply downloading a single web page, such as a web page that changes dynamically each time it is displayed, or a web page that requires interaction with the server. There is a web page.

  In the case of such a web page, the method described in Patent Document 1 corresponds to a mechanism that downloads an electronic publication published at the URL requested for certification and stores it as it is. I can't.

  Electronic publications, even if the basics are described in HTML, may change the display contents dynamically if scripts or applets are included, and depending on how the HTML is rendered May change the way it looks. Therefore, even if the downloaded data is recorded as it is, there is a problem that the contents may not be displayed correctly when confirmed later.

  In Patent Document 2 and Patent Document 3, there is basically the same problem as Patent Document 1 in terms of display contents of electronic publications.

  In view of such problems, an object of the present invention is to provide an electronic information public certification system capable of performing public certification even for complex web pages that change dynamically.

  In order to solve the above-mentioned problems, the present invention provides an electronic information disclosure certification system that certifies to a web server that publishes electronic information that the web server publishes the electronic information on a network. Access means for accessing information in a predetermined manner, rendering means for rendering the electronic information acquired by accessing, and proof object data generating means for generating proof object data used for public proof from the rendered electronic information A time certifying means for obtaining a time proof for the proof object data, an access result recording means for recording an access result including the proof object data and the time proof, and the electronic information is disclosed based on the access result. And a certificate generating means for generating a certificate that proves that That.

  In order to solve the above problem, the present invention is characterized in that a plurality of the access means are provided, and each access means has a different access method.

  In order to solve the above-described problem, the present invention is characterized by including the rendering unit corresponding to each access unit.

  In order to solve the above-mentioned problem, the present invention is characterized in that the proof object data generating means generates proof object data obtained by compressing a data amount of the rendered electronic information.

  In order to solve the above problem, the present invention is characterized in that the certificate includes the time certificate.

  In order to solve the above problem, the present invention is characterized in that the certificate includes an electronic signature of an electronic information disclosure certification system.

  In order to solve the above problem, the present invention is characterized in that the certificate includes a time certificate of the certificate itself.

  ADVANTAGE OF THE INVENTION According to this invention, the electronic information public certification system which can perform public certification also to the complicated web page which changes dynamically can be provided.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  First, the mechanism of a general electronic information disclosure certification system that proves that electronic information has been disclosed on the Internet will be described with reference to FIG. FIG. 1 shows a requester 10, a public certification server 11, an access result DB 12, an access agent 13, a time certification server 14, and a web server 15.

  The client 10 is a person who wants to prove that the web server 15 has released electronic information on the Internet. The public certification server 11 is a server that certifies that the public certification server has made it public by exchanging with the client and the access agent. The access result DB 12 is a database in which the access result of the access agent 13 accessing the web server accessing the web server is recorded. The time certification server 14 is a server that certifies the time to be given to the downloaded data accessed. The web server 15 is a server that publishes electronic information. There are one or more access agents.

  In this configuration, the requester 10 requests the public certification server 11 by specifying the URL of the target electronic information to be certified (certification target URL) and the period of certification (certification period).

  Based on the request, the public certification server 11 communicates the certification target URL and certification period to each access agent. Each access agent accesses the certification target URL designated at random timing during the designated certification period, and continues to send the access result to the public certification server 11. The public certification server 11 records the sent access result in the access result DB 12, creates a certificate based on the recorded access result DB 12, and sends it to the requester 10.

  Here, the processing of each access agent will be described. Each access agent accesses the designated certification target URL at random timing during the designated certification period. A hash value is calculated based on the data accessed and downloaded (target URL data), and the time value is obtained by passing the hash value to the time certification server. Then, the access result including the target URL data and the time certificate is sent to the public certificate server. Each access agent performs this process every time it accesses.

  The above is the mechanism of a general electronic information disclosure certification system. This mechanism makes it possible to prove that the electronic information in the certification target URL has been made public. However, there are some cases where a different display result is displayed each time the electronic information is displayed, such as a script included in the electronic information in the certification target URL.

  Therefore, even if the electronic information itself downloaded from the URL to be proved is recorded, it can be reproduced later how the electronic information was displayed when the electronic information was accessed. It may not be possible.

  Therefore, in the present embodiment, the following mechanism is used to solve this problem. In the general electronic information disclosure certification system described above, when the access agent accesses and downloads the electronic information at the URL to be certified, the access agent renders and generates a display image for displaying the electronic information on a web browser. To do. Then, the generated image data is subjected to compression processing and the like, the data format is shaped, a hash value is calculated for the data, a time certificate is acquired, and the result is sent to the public certification server.

  The public certification server records the received access result, generates a certificate based on the access result, and sends it to the client. This mechanism will be specifically described below.

  FIG. 2 is a diagram showing an internal configuration of the access agent 13 in the present embodiment. The access agent 13 includes a time certification unit 20, an access agent main control unit 21, a certification target data generation unit 22, an access unit 23, and a rendering unit 24.

  The access agent main control unit 21 performs overall control of the access agent 13. The time certification unit 20 communicates with the time certification server 14 and performs processing related to time certification. The certification target data generation unit 22 generates target data that has been disclosed on the web server 15. The access unit 23 accesses the web server 15. The rendering unit 24 acquires device-independent display data that is the source of the certification target data.

  Among these, the processing of the access agent main control unit 21 will be described with reference to the flowchart of FIG.

  The access agent main control unit 21 receives the certification target URL and certification period from the public certification server 11 (step S101). Next, an access timing schedule for randomly accessing during the certification period is created (step S102). Next, it is determined whether it is during the certification period (step S103). If it is not during the certification period, the process ends. If it is during the certification period, the process proceeds to step S104.

  The access unit 23 is instructed to access the certification target URL according to the schedule (step S104). Next, device-independent display data corresponding to the certification target URL is acquired from the rendering unit 24 (step S105). The acquired device-independent display data is transferred to the certification target data generation unit 22 to acquire certification target data (step S106).

  The time certification unit 20 obtains the time certification for the certification target data (step S107). The certification target data and the time certification are combined to obtain an access result (step S108). The access result is sent to the public certification server (step S109).

  Next, the processing of the access unit 23 will be described using the flowchart of FIG. First, the target URL is received from the access agent main control unit 21 (step S201). Next, the target URL is accessed (HTTP GET) (step S202). Download web page data of the target URL (step S203). The web page data is parsed, and the URL of the embedded object (image, applet, etc.) is specified (step S204).

  The next step S205 and step S206 are loop processing performed for each object, and are repeated by the number of objects. The URL of the object is accessed (step S205). The object data is downloaded (step S206). All the downloaded web page data and object data are transferred to the rendering unit 24 as target URL data (step S207).

  Next, the processing of the rendering unit 24 will be described using the flowchart of FIG. First, the target URL data is received from the access unit 23 (step S301). A program for displaying the target URL data is activated and displayed on the window (step S302). Device-independent display data generated by the window is acquired (step S303). The device-independent display data is transferred to the access agent main control unit 21 (step S304).

  Next, the processing of the time certification unit 20 will be described with reference to FIG. The certification target data is received from the access agent main control unit 21 (step S401). A hash value is calculated for the certification target data (step S402). The hash value is sent to the time certification server (step S403). A time certificate is acquired from the time certificate server (step S404).

  The hash value may be calculated using a hash algorithm such as SHA-1 (Secure Hash Algorithm 1) or MD5 (Message Digest 5). Further, the exchange with the time certification server 14 is preferably performed according to RFC3161 Time-Stamp Protocol. Furthermore, it is preferable to use a time certification format that is specified as a time stamp token in RFC3161 or ISO18014-1. Since the time stamp token generation method is described in RFC3161 and ISO18014-1, the mechanism of the time certification server is not specifically described here.

  When the processing described above is implemented as a program that operates on Microsoft (registered trademark) Windows (registered trademark), it can be realized, for example, as follows. Microsoft (registered trademark) Internet Explorer (hereinafter referred to as IE) is started with the URL to be proved as an argument, makes the IE access the URL to be certified, and includes image data and applets included in the accessed HTML. To download.

  The IE renders the display data based on the downloaded data, passes the rendered device-independent display data (Device Context) to the browser window, and displays the web page to be proved on the screen. In this state, the IE is caused to print.

  At this time, for example, if you specify a printer driver (commercially available as part of Adobe (registered trademark) Acrobat, etc.) that outputs the display contents as an Adobe (registered trademark) PDF file, print processing from IE The device-independent display data is passed to the printer driver, and the content displayed in the browser window is output as a static PDF file (the display content does not change dynamically). Therefore, the certification target data in this case is a PDF file.

  A hash value is calculated for this PDF file, and the time certificate is acquired by sending the hash value to the time certificate server. The access result including the acquired time certificate and the previous PDF file is sent to the public certificate server.

  Another method for generating the data to be proved in the data-to-be-certified generator that outputs PDF in the print process is to output the result of screen capture (Print Screen) to the browser window in the BMP file format. Alternatively, another method may be used, such as a method of converting to black and white and outputting in the TIFF file format. To make the TIFF file format, Ricoh (registered trademark) RICOH (registered trademark) File Writer software can be used. If the data is converted to black and white and compressed, the file size of the access result that must be recorded can be reduced.

  Next, the public certification server 11 will be described. FIG. 7 is a diagram showing an internal configuration of the public certification server 11. As shown in FIG. 7, the public certification server 11 includes a certificate generation unit 30, a public certification server main control unit 31, and an access result recording unit 32. The public certification server main control unit 31 directly communicates with the client and performs processing such as sending a certificate to the client. The certificate generation unit 30 generates a certificate. The access result recording unit 32 records the access result in the access result DB 12.

  Among these, the process of the public certification server main control part 31 is demonstrated using the flowchart of FIG. First, a certification request is received from the requester (step S501). Next, the certification target URL and certification period are acquired from the contents of the certification request (step S502). The certification target URL and certification period are sent to a plurality of access agents (step S503). It is determined whether the certification period is over (step S504).

  If the certification period has not expired, an access result is received from the access agent (step S505). Then, the received access result is recorded in the access result recording unit 11.

  If the certification period has expired, the certificate generation unit 30 generates a certificate based on the access result recorded in the access result recording unit 11 (step S507). Then, the generated certificate is sent to the requester (step S508).

  This certificate may be sent, for example, by taking out an e-mail address from a certification request from a client and sending the e-mail to that address.

  Next, the process of the access result recording unit 32 will be described with reference to the flowchart of FIG. The access result including the certification target data and the time certification is received (step S601). A hash value A of the certification target data included in the received access result is calculated (step S602). It is determined whether a record for the same certification target URL has already been recorded in the access result DB 12 (step S603).

  If no record is recorded, the certification target URL, certification target data, hash value A, and time certification are recorded as a record of the access result DB 12 (step S608). When it is determined in step S603 that a record is recorded, the hash value A is compared with the hash value B of the record recorded for the same URL last time (step S604).

  It is determined whether the hash value A and the hash value B are equal (step S605). If they are equal, the certification target URL, the hash value A, and the time certification are recorded as records in the access result DB 12 (step S606). If they are different, the certification target URL, certification target data, hash value A, and time certification are recorded as records in the access result DB 12 (step S607).

  Next, the record structure of the access result DB 12 will be described with reference to FIG. As shown in FIG. 10, the record structure of the access result DB 12 has a structure including a certification target URL, certification target data, a hash value, and a time certification. In the access result DB 12, all the target URL data downloaded by the access unit 23 may be recorded, or the certification target data itself is held by the client, so that it is not recorded at all. It doesn't matter.

  Next, the processing of the certificate generation unit 30 will be described with reference to the flowchart of FIG. 11 and FIG. FIG. 12 is a diagram showing how a certificate is generated, and corresponds to the steps in FIG.

  First, of the access result for the certification target URL, only the hash value and the time certification part are received (step S701). Next, a list of hash values and time certificates is created (step S702). FIG. 12 shows a list including a hash value and a time certificate.

  A hash value X is calculated for the data 40 combining the certification target URL, the certification period, and the list (step S703). FIG. 12 shows how the hash value X is generated from the list, the certification period, and the whole certification target URL.

  The hash value X is encrypted with the internal secret key of the public certification server to form an electronic signature (step S704). An electronic signature is attached to the data 40, and a hash value Y is further calculated for the data 41 (step S705). The hash value Y is sent to the time certification server, and the time certification Y is acquired (step S706). The time proof Y is given to the data 41 to make the certificate 42 (step S707). This certificate 42 is returned (step S708).

  To calculate an electronic signature, SHA-1 or MD5 is used as a hash algorithm, and RSA, DSA, or elliptical encryption is used as a public key encryption algorithm.

  In the first embodiment, the rendering unit is described as one. However, in practice, the display content often changes depending on the rendering method when browsing web page data. For example, IE and Netscape (registered trademark) Navigator (hereinafter referred to as NN) display different images.

  In the first embodiment, the access unit is assumed to be one, but the web server side often downloads different web page data depending on the type of access method when actually browsing web page data. For example, this is a case where the web server transmits web page data that matches the characteristics of each browser when accessed by IE and when accessed by NN.

  In response to this situation, in order to prove what information was published on the web server and what was actually published to the general user, multiple different access It is desirable to attempt to access using the part and the rendering part and record the obtained display data.

  The internal configuration of the access agent in the second embodiment will be described with reference to FIG. In addition, description is abbreviate | omitted about the code | symbol demonstrated in Example 1. FIG. The difference from the access agent described in the first embodiment is that a plurality of access units and rendering units are provided. Each access unit has a different access method.

  In FIG. 13, the access unit 231 passes the target URL data to the rendering unit 241 corresponding to the access unit 231, and the access unit 232 passes the target URL data to the rendering unit 242 corresponding to the access unit 232. . Therefore, for example, if the pair of the access unit 231 and the rendering unit 241 is made to correspond to the IE, and the pair of the access unit 232 and the rendering unit 242 is made to correspond to the NN, the web server that transmits different web page data is also supported. Can do. As a result, it is possible to prove whether or not the electronic information has been disclosed to the PC on which any browser is installed.

  As described above, in the second embodiment, the access unit and the rendering unit form one set, and there are a plurality of sets. Even when a certain access unit A and a certain rendering unit B are paired, one rendering unit in which the rendering unit B is further paired with another access unit C is combined with a plurality of access units. It can be.

  The processing of the access agent shown in FIG. 13 described above will be described using the flowchart of FIG. A certification target URL and a certification period are received from the public certification server (step S801). An access timing schedule for random access during the certification period is created (step S802). Next, it is determined whether it is during the certification period (step S803). If it is not during the certification period, the process ends. If it is during the certification period, the process proceeds to step S804.

  Steps S804 and S805 are a loop process, and the process is repeated n times, which is the number of sets of access units and rendering units. According to the schedule, the access unit is instructed to access the certification target URL (step S804). Device-independent display data corresponding to the certification target URL is acquired from the rendering unit (step S805). The access unit and the rendering unit in step S804 and step S805 are one set.

  When the loop process is exited, the acquired device-independent display data is passed to the certification target data generation unit to acquire certification target data (step S806). The time proof part acquires time proof for the data to be proved (step S807). The certification target data and the time certification are combined to obtain an access result (step S808). The access result is sent to the public certification server (step S809).

  The above is the description of the second embodiment. According to these two embodiments, the electronic information obtained by accessing is rendered and the access result including the image data is recorded, so that a special web page that is difficult to reproduce later can be proved. Will also be able to see what was actually published.

  In addition, since access is made by a plurality of methods, electronic information that cannot be obtained by one access method can be acquired by another access method, and the electronic information provided varies depending on the accessing party. Even public web pages can be properly certified publicly.

  Furthermore, by rendering with multiple methods, there is a possibility that the contents that could not be displayed with one rendering method can be displayed with another rendering method, and the display contents differ depending on the type of browser being accessed. Even web pages like this will be able to perform public certification properly. It is also possible to use a plurality of access methods and a plurality of rendering methods at the same time.

  In addition, since the rendering unit compresses the amount of data, the capacity of the storage medium required for recording the access result can be reduced.

  By including the time certificate in the certificate, it becomes possible to prove when the electronic publication was made public.

  In addition, by giving an electronic signature of the public certification system itself, it is possible to guarantee that the certificate is indeed created by the public certification system.

  Furthermore, it is possible to guarantee when the certificate was created by giving a time guarantee after giving the electronic signature of the public certification system.

It is a figure which shows a web document publishing system. It is a figure which shows the internal structure of an access agent (the 1). It is a flowchart which shows the process of the access agent main control part (the 1). It is a flowchart which shows the process of an access part. It is a flowchart which shows the process of a rendering part. It is a flowchart which shows the process of a time certification | authentication part. It is a figure which shows the internal structure of a public certification server. It is a flowchart which shows the process of a public certification server main control part. It is a flowchart which shows the process of an access result recording part. It is a figure which shows the record structure of access result DB. It is a flowchart which shows the process of a certificate production | generation part. It is a figure which shows a mode that a certificate is produced | generated. It is a figure which shows the internal structure of an access agent (the 2). It is a flowchart which shows the process of the access agent main control part (the 2).

Explanation of symbols

10 Client 11 Public certification server 12 Access result DB
DESCRIPTION OF SYMBOLS 13 Access agent 14 Time certification server 15 Web server 20 Time certification part 21 Access agent main control part 22 Time object data generation part 23,231,232 Access part 24,241,242 Rendering part 30 Certificate generation part 31 Public certification server owner Control unit 32 Access result recording unit 40, 41 Data 42 Certificate

Claims (7)

An electronic information disclosure certification system that certifies to a web server that publishes electronic information that the web server publishes the electronic information to a network,
Access means for accessing the electronic information in a predetermined manner;
Rendering means for rendering the electronic information acquired by accessing;
Proof object data generating means for generating proof object data used for public proof from the rendered electronic information;
Time certification means for obtaining time certification for the certification target data;
Access result recording means for recording an access result including the certification target data and the time certification;
An electronic information disclosure certification system comprising: certificate generation means for generating a certificate proving that the electronic information has been released based on the access result. A plurality of the access means;
2. The electronic information disclosure certification system according to claim 1, wherein each access means has a different access method. 3. The electronic information disclosure certification system according to claim 2, further comprising the rendering unit corresponding to each access unit. 4. The electronic information disclosure certificate according to claim 1, wherein the proof object data generation unit generates proof object data by compressing a data amount of the rendered electronic information. 5. system. 5. The electronic information disclosure certification system according to claim 1, wherein the certificate includes the time certification. 6. 6. The electronic information public certification system according to claim 1, wherein the certificate includes an electronic signature of an electronic information public certification system. The electronic information public certification system according to any one of claims 1 to 6, wherein the certificate includes time certification of the certificate itself.

Images