JP2007088609A - Electronic signature providing apparatus, method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic signature providing apparatus capable of automatically selecting a key adapted to electronic data of an electronic signature object among a plurality of selection objects. <P>SOLUTION: When receiving an electronic document of a signature object, a document analysis section 11 specifies a type of the electronic document by comparing and collating the electronic document with form image data registered in a document analysis information DB 15. A signature key determining section 12 searches a key particular information DB 16 by using the particularized document type for a key to specify a certificate ID corresponding to the document type. A signature providing section 13 searches a certificate information DB 17 by using the specified certificate ID for a key to acquire a signature key corresponding to the certificate ID to acquire a signature key and provides the electronic signature to the electronic document by using the signature key. Thereafter, a document registration section 14 registers the electronic document provided with the electronic signature to a document storage section 18. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an electronic signature assigning apparatus, and more particularly, to selection of a key used for signature of an electronic document when a plurality of signature keys are owned.

  For example, in an electronic document storage system or the like, an electronic signature is assigned to prove that an electronic document to be generated / stored is created by the person and has not been tampered with. In order to guarantee the validity of a key used for an electronic signature (hereinafter referred to as “signature key”), an electronic certificate for the signature key is usually issued to a certificate authority (CA). It is said that the reliability of the electronic certificate issued by the certificate authority depends on the reliability of the certificate authority.

  By the way, since each individual can have a plurality of signature keys, the signer can use his own signature key or a plurality of persons (for example, depending on the type, usage, importance, confidentiality, etc.) of the document to be signed. An appropriate signing key is selected and used from among the signing keys shared by employees of a certain department. Conventionally, when an electronic document to be signed is specified, a list of signature keys that can be selected by the signer is displayed, and the type, importance, etc. of the electronic document to be signed are selected from the displayed signature keys. The signer selects the corresponding signing key. The electronic document is signed using the selected signature key.

JP 2003-296192 A JP 2002-164848 A

  However, conventionally, even when a plurality of electronic documents are signed, it is troublesome because the operation of selecting a signature key has to be performed for each electronic document. In addition, since the signer selected the signature key to be used for certifying each electronic document from the displayed signature keys, the signature key suitable for the type and importance of the electronic document to be signed is correct. There was no guarantee to be selected.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide an electronic signature assigning apparatus that can automatically select an appropriate key for electronic data to be digitally signed from a plurality of selection candidates. It is to provide.

  In order to achieve the above object, an electronic signature assigning apparatus according to the present invention analyzes an input electronic data in an electronic signature attaching apparatus that assigns an electronic signature to electronic data. Analyzing means for determining whether the data belongs to any group formed in accordance with a predetermined classification standard; signature key determining means for determining a key used for signature of the electronic data from the group to which the electronic data belongs; And signing means for signing the electronic data with the determined key.

  Further, it has document analysis information storage means for storing unique information of each group classified according to a predetermined classification standard of electronic data, and the analysis means includes input electronic data, unique information of each group, The group to which the electronic data belongs is specified by comparing and collating the data.

  In the document analysis information storage means, a type of electronic data is set as a classification standard for electronic data.

  Alternatively, a keyword may be set in the document analysis information storage unit as a classification standard for electronic data.

  Alternatively, a seal may be set in the document analysis information storage unit as a classification standard for electronic data.

  Alternatively, in the document analysis information storage unit, a storage destination of electronic data after a signature may be set as a classification standard for electronic data.

  And a key storage unit that stores the identification information of the classified group and the key in association with each other, and the signature key determination unit includes the identification information of the group to which the electronic data transmitted from the analysis unit belongs. The key used for the signature of the electronic data is determined by searching the key storage means.

  The electronic signature providing program according to the present invention is a computer that provides an electronic signature to electronic data, and the electronic data is analyzed according to a predetermined classification standard by analyzing the input electronic data. It is made to function as an analysis unit that determines whether the electronic data belongs to a group, a key determination unit that determines a key to be used for signing the electronic data from the group to which the electronic data belongs, and a signature unit that performs signature with the determined key.

  The electronic signature assigning method according to the present invention is implemented by a computer that assigns an electronic signature to electronic data, and the electronic data is formed in accordance with a predetermined classification standard by analyzing the input electronic data. The key specifying information in which the step of determining which group belongs and the group to which the electronic data belongs and the electronic certificate issued by each certificate authority having different reliability from each group is searched for The method includes a step of determining a key used for signing the electronic data, and a step of performing a signature with the determined key.

  According to the present invention, when an electronic signature is applied to electronic data, a signature key having an appropriate reliability can be automatically selected according to the type and importance of the electronic data.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.

Embodiment 1 FIG.
FIG. 1 is a block diagram showing an embodiment of an electronic signature assigning apparatus according to the present invention. The electronic signature assigning apparatus according to the present embodiment is realized by a general-purpose computer such as a PC, and is installed in an electronic signature system, an electronic document storage system, or the like. The electronic signature providing apparatus 10 includes a document analysis unit 11, a signature key determination unit 12, a signature addition unit 13, and a document registration unit 14. In addition, a document analysis information DB 15, a key specifying information DB 16, and a certificate information DB 17 are prepared in advance.

  The document analysis unit 11 identifies the type of the electronic document by analyzing the input electronic document. The signature key determination unit 12 determines a signature key used for signature from the type of the electronic document. The signature giving unit 13 gives a signature to the electronic document using the determined signature key. The document registration unit 14 registers an electronic document with an electronic signature in the document storage unit 18. The processing functions of the constituent elements 11 to 14 included in the electronic signature providing apparatus 10 are realized by a cooperative operation of an electronic signature providing program that exhibits the processing functions and hardware configuring the electronic signature providing apparatus 10. The storage means forming the DBs 15 to 17 and the document storage unit 18 is assumed to be configured by an external storage device such as an HDD (hard disk drive), but is not necessarily built in the electronic signature assigning device 10. There is no need, for example, as long as it can be accessed via a network.

  FIG. 2 is a diagram showing an example of the contents of the document analysis information registered in the document analysis information DB 15 in the present embodiment. As shown in FIG. 2, the document analysis information is set in association with the form image data of the electronic document handled in the present embodiment and the document type of the form.

  FIG. 3 is a diagram showing an example of the contents of the key specifying information registered in the key specifying information DB 16 in the present embodiment. As shown in FIG. 3, the correspondence between the document type and the certificate ID is set in the key specifying information.

  FIG. 4 is a diagram showing an example of the contents of certificate information registered in the certificate information DB 17 in the present embodiment. As shown in FIG. 4, the certificate information is set in association with an electronic certificate, a code (certificate ID) for identifying the electronic certificate, and a signature key. Note that the signature key is usually included in the electronic certificate, but in the present embodiment, it is held separately.

  By the way, in the certificate information DB 17, electronic certificates issued from a plurality of certificate authorities are held and managed. As described above, the reliability of each electronic certificate held and managed depends on the reliability of the certificate authority. Just as you did. The certificate authority (CA) is an organization that issues and manages an electronic identification card, and includes a public CA and a private CA. The former proves the identity by a certificate issued by a third party. A “designated research institution that conducts specific certification work” prescribed by the Electronic Signature Law is also a public CA. Private CA is operated based on company policy within a certain range such as within a company or a specific business partner. Therefore, from the viewpoint of reliability, in short, public CA is considered to be more reliable in that it is more public than private CA.

  On the other hand, the importance of an electronic document to which an electronic signature is attached in this embodiment differs depending on the type of the document. Therefore, it is desirable that an important document is digitally signed with a signature key that has been authenticated by a certificate authority with higher reliability. FIG. 5 is a diagram showing the correspondence between certificate authorities and document types in a table format. In FIG. 5, “Certificate Issuing Authority (CA)” is a certificate authority that has issued an electronic certificate to the user according to the present embodiment, and is arranged in descending order of reliability. The “document type” is the type of electronic document handled in the present embodiment, and is distributed to one of the certificate authorities based on the content, importance, confidentiality, etc. of each document. In other words, a highly important electronic document is digitally signed using an electronic certificate (signature key) that has been authenticated by a highly reliable certificate authority. The feature is that the signature key to be used is automatically selected. As described above, the correspondence between the document type and the certificate ID is set in the key specifying information as shown in FIG. 3 so that a highly reliable electronic certificate is used for the highly important document type. It will be.

  Next, the digital signature attaching process in this embodiment will be described with reference to the flowchart shown in FIG.

  When the document analysis unit 11 inputs an electronic document to be signed, which is designated by the signer with a document name or the like by taking it out from an external storage device (not shown), for example (step 110), the electronic document is stored in the document analysis information DB 15 The type of the input electronic document is specified by comparing and collating with the form image data registered in (step 120). In this embodiment, the type of electronic document is specified by collating the form of the electronic document. For example, when a part of the electronic document includes a form code for identifying the type of form paper, etc. Can be identified by reading the form code. In short, it is only necessary to be able to specify to which document type the electronic document to be handled belongs. Basically, the type of electronic document input by this comparison / collation process can be specified, but a document type of “other” may be provided in consideration of the case where it cannot be specified.

  When the document analysis unit 11 specifies the document type, the signature key determination unit 12 specifies the certificate ID corresponding to the document type by searching the key specifying information DB 16 using the document type as a key (step 130). ). By specifying the certificate ID, the signature key used for the electronic signature of the electronic document is specified. That is, the signature assigning unit 13 retrieves the signature key associated with the certificate ID by searching the certificate information DB 17 using the identified certificate ID as a key (step 140). Then, an electronic signature is attached to the electronic document using the signature key (step 150). Thereafter, the document registration unit 14 registers the electronic document with the digital signature in the document storage unit 18 (step 160).

  According to the present embodiment, an electronic signature is attached to an electronic document as described above. However, when the electronic document to be signed is important document data such as a contract, the reliability is relatively high. A digital certificate is executed using a certificate issued by a specific certificate authority (signature key). For document data that is not very important, such as minutes, a certificate issued by an intra-group certificate authority (signature key) is relatively unreliable. ) To execute an electronic signature. According to the present embodiment, an electronic signature can be given using a signature key with an appropriate reliability according to the type of electronic document as described above.

Embodiment 2. FIG.
FIG. 7 is a diagram showing an example of the contents of the document analysis information registered in the document analysis information DB 15 in the present embodiment. As shown in FIG. 7, the document analysis information is set by associating a keyword that can be described in the electronic document handled in the present embodiment with an importance indicating the importance of the keyword. FIG. 8 is a diagram showing an example of the contents of the key specifying information registered in the key specifying information DB 16 in the present embodiment. As shown in FIG. 8, the correspondence between importance and certificate ID is set in the key specifying information.

  The apparatus configuration in the present embodiment is the same as that of the first embodiment shown in FIG. However, the document analysis unit 11 is provided as analysis means for determining whether the electronic data to be signed belongs to any group formed in accordance with a predetermined classification standard. The analysis unit 11 forms a group based on a classification standard such as a document type such as a receipt or a functional specification, and determines to which document type the electronic data to be signed belongs. On the other hand, the document analysis unit 11 in the present embodiment forms a group based on the keywords described in the electronic document, and the group to which the electronic document belongs depends on which keyword is described in the electronic data to be signed. It is characterized by judging.

  Next, the electronic signature attaching process according to the present embodiment will be described. As described above, in the present embodiment, the document analysis information and the key specifying information shown in FIGS. The handling of data accompanying different data structures is different, and the basic flow of processing is the same as the flowchart shown in FIG. Therefore, in the following description, processing other than the differences will be briefly simplified or omitted.

  When the electronic document to be signed is input, the document analysis unit 11 recognizes characters of the electronic document using OCR or the like, and performs morphological analysis to extract words described in the electronic document. Then, the extracted word is compared / matched with the keyword registered in the document analysis information DB 15 to identify the importance corresponding to the keyword included in the input electronic document. Since there is a high possibility that an electronic document includes a plurality of keywords, only one of the keywords registered in the document analysis information DB 15 according to the priority order of the keywords or the number of appearances of the keywords is selected. It is desirable to set in advance a rule that can specify one keyword and thereby specify only one importance.

  When the importance level is specified by the document analysis unit 11, the signature key determination unit 12 searches the key specifying information DB 16 using the importance level as a key to specify the certificate ID corresponding to the importance level. Subsequently, the signature assigning unit 13 searches the certificate information DB 17 using the specified certificate ID as a key to obtain a signature key associated with the certificate ID, and uses the signature key to obtain an electronic key. A signature is given to the electronic document. Thereafter, the document registration unit 14 registers the electronic document with the electronic signature in the document storage unit 18.

  According to the present embodiment, the importance level is set in advance for each keyword, and the importance level of the electronic document is determined based on the keyword included in the electronic document. If the electronic document to be signed contains important keywords that are required to maintain confidentiality, such as “confidential documents”, a certificate issued by a specific certificate authority with relatively high reliability (Signature key) is used to execute an electronic signature and, for example, if it contains keywords that are considered to be insignificant, such as “minutes”, a certificate issued by an intra-group CA that is relatively unreliable An electronic signature is executed using the (signature key). According to the present embodiment, an electronic signature can be assigned using a signature key having an appropriate reliability according to the importance of the electronic document determined by the keyword included in the electronic document as described above. .

Embodiment 3 FIG.
FIG. 9 is a diagram showing an example of the contents of the document analysis information registered in the document analysis information DB 15 in the present embodiment. As shown in FIG. 9, the document analysis information is set by associating a seal that can be stamped on the read document with an importance indicating the importance of the seal.

  The apparatus configuration in the present embodiment is the same as that in the first and second embodiments shown in FIG. However, the document analysis unit 11 in the second embodiment forms a group based on the keywords described in the electronic document, and determines which keyword is described in the electronic data to be signed. On the other hand, the document analysis unit 11 according to the present embodiment performs grouping according to seals that can be stamped on the electronic document, and the electronic document depending on which seal the seal stamp included in the electronic document to be signed matches. Determine the group to which the belongs. In this embodiment, the data structure of the document analysis information is configured such that a plurality of seals are assigned to each importance. However, the importance may be set for each seal.

  Next, the electronic signature assigning process according to the present embodiment will be described. As described above, the present embodiment is different in the data structure of the document analysis information shown in FIG. The handling of data is different, and the basic flow of processing is the same as the flowchart shown in FIG. Therefore, in the following description, processing other than the differences will be omitted as appropriate.

  When the electronic document to be signed is input, the document analysis unit 11 extracts an imprint included in the electronic document by analyzing the image of the electronic document. Then, by comparing / collating the extracted seal with the seal registered in the document analysis information DB 15, the importance corresponding to the seal included in the input electronic document is specified. An electronic document may include a plurality of seals. In this case, a rule that can specify only one importance level based on the document analysis information DB 15 such as giving priority to a seal with a high importance level. It is desirable to set in advance. If the importance level is specified by the document analysis unit 11, the subsequent processing is the same as that in the second embodiment, and will be omitted.

  According to the present embodiment, the importance level is set in advance for each seal, and the importance level of the electronic document is determined based on the seal stamp included in the electronic document. If the electronic document to be signed contains, for example, an imprint of a person who is likely to handle confidential information such as a general manager, a relatively reliable certificate (signing key) issued by a specific certificate authority is used. If the signature of a person who does not have the opportunity to handle confidential information such as a chief is included, use a certificate (signature key) issued by an intra-group CA that is relatively unreliable. Perform digital signatures. According to the present embodiment, an electronic signature can be given using a signature key with an appropriate degree of trust according to the importance of the electronic document determined by the imprint included in the electronic document as described above. .

Embodiment 4 FIG.
FIG. 10 is a diagram showing an example of the contents of the document analysis information registered in the document analysis information DB 15 in the present embodiment. As shown in FIG. 10, the document analysis information is set in association with the storage destination of the electronic document after the signature is attached and the importance indicating the importance of the storage destination.

  The apparatus configuration in the present embodiment is the same as that in the first to third embodiments shown in FIG. However, the document analysis unit 11 in the second and third embodiments analyzes the contents (keywords and seals) of the electronic document and determines which group is included. In contrast, the document analysis unit 11 according to the present embodiment determines the group to which the electronic document belongs based on the storage destination, not the content of the electronic document.

  Next, the electronic signature attaching process according to the present embodiment will be described. The basic flow of the process is the same as the flowchart shown in FIG. Therefore, in the following description, processing other than the differences will be omitted as appropriate.

  The document analysis unit 11 inputs the storage destination of the electronic document after giving the signature specified by the signer together with the electronic document to be signed. Then, the document analysis unit 11 identifies the importance of the input electronic document by comparing and collating the input storage destination with the storage destination registered in the document analysis information DB 15. If the importance level is specified by the document analysis unit 11, the subsequent processing is the same as that in the second embodiment, and will be omitted.

  According to the present embodiment, the importance is set in advance for the storage destination of the electronic document, and the importance of the electronic document is determined by the storage destination specified by the signer. In some cases, the document owner classifies and saves the created electronic document according to the content, type, importance, etc. In this embodiment, the certificate authority with appropriate reliability is selected according to the storage destination. An electronic signature can be attached using a certificate (signing key) issued.

  In the present embodiment, a single electronic signature providing apparatus 10 is illustrated as an apparatus for applying an electronic signature. However, the functions are divided into a plurality of apparatuses, and a plurality of apparatuses, for example, an apparatus for analyzing an electronic document and an electronic You may make it implement | achieve separately in the apparatus which provides a signature. Further, the system may be formed by incorporating the electronic signature providing apparatus 10 in a system that handles electronic documents such as a document storage system.

It is the block block diagram which showed one Embodiment of the electronic signature provision apparatus which concerns on this invention. 6 is a diagram showing an example of contents of document analysis information registered in a document analysis information DB in Embodiment 1. FIG. 6 is a diagram showing an example of contents of key specifying information registered in a key specifying information DB in Embodiment 1. FIG. 6 is a diagram showing an example of the contents of certificate information registered in a certificate information DB in Embodiment 1. FIG. FIG. 3 is a diagram showing a correspondence relationship between a certificate authority and a document type in the first embodiment in a table format. 3 is a flowchart illustrating an electronic signature adding process according to the first embodiment. It is the figure which showed the example of the content of the document analysis information registered into document analysis information DB in Embodiment 2. FIG. It is the figure which showed the example of the content of the key specific information registered into key specific information DB in Embodiment 2. FIG. FIG. 10 is a diagram illustrating an example of content of document analysis information registered in a document analysis information DB according to the third embodiment. FIG. 20 is a diagram illustrating an example of content of document analysis information registered in a document analysis information DB according to the fourth embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 10 Electronic signature provision apparatus, 11 Document analysis part, 12 Signature key determination part, 13 Signature provision part, 14 Document registration part, 15 Document analysis information DB, 16 Key specific information DB, 17 Certificate information DB, 18 Document storage part

Claims (9)

In an electronic signature affixing device for giving an electronic signature to electronic data
Analyzing means for determining whether the electronic data belongs to any group formed in accordance with a predetermined classification standard by analyzing the input electronic data;
A signature key determining means for determining a key used for signature of the electronic data from a group to which the electronic data belongs;
A signing means for signing the electronic data with the determined key;
An electronic signature affixing device characterized by comprising: The electronic signature affixing device according to claim 1,
Document analysis information storage means for storing unique information of each group classified according to a predetermined classification criterion of electronic data,
The electronic signature assigning apparatus characterized in that the analysis means identifies a group to which the electronic data belongs by comparing and collating the input electronic data with the unique information of each group. The electronic signature affixing device according to claim 2,
In the document analysis information storage means, a type of electronic data is set as a classification standard for electronic data. The electronic signature affixing device according to claim 2,
A keyword is set as a classification standard for electronic data in the document analysis information storage means. The electronic signature affixing device according to claim 2,
An electronic signature affixing apparatus, wherein a seal is set as a classification standard for electronic data in the document analysis information storage means. The electronic signature affixing device according to claim 2,
In the document analysis information storage means, a storage location for electronic data after a signature is set as a classification standard for electronic data. The electronic signature affixing device according to claim 1,
Key storage means for storing the identification information of the classified group and the key in association with each other;
The signature key determining means determines a key used for signature of the electronic data by searching the key storage means with identification information of a group to which the electronic data belongs sent from the analyzing means. Electronic signature assigning device. A computer that gives an electronic signature to electronic data
Analyzing means for determining whether the electronic data belongs to any group formed according to a predetermined classification standard by analyzing the input electronic data;
Key determination means for determining a key used for signature of the electronic data from a group to which the electronic data belongs;
A signing means for signing with the determined key;
Electronic signature grant program that functions as Implemented on a computer that gives an electronic signature to electronic data,
Determining whether the electronic data belongs to any group formed according to a predetermined classification criterion by analyzing the input electronic data;
A key to be used for the signature of the electronic data is determined by searching for key specifying information in which the electronic data is associated with an electronic certificate issued by each certificate authority having different reliability from the group to which the electronic data belongs. Steps,
Signing with the determined key;
A method for providing an electronic signature, comprising:

Images