JP2007200272A - Electronic document exchange system and web server used for it - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic document exchange system and a web server used for it capable of attaching an XML signature and a time stamp to a log file in addition to attachment of the XML signature and the time stamp to the electronic document itself. <P>SOLUTION: A first time stamp given by a time stamp server 3 and a first XML signature generated aiming at a second digest value are stored in an EML file 13. A second time stamp given by the time stamp server 3 and a second XML signature generated aiming at a fourth digest value are stored in the log file 14. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an electronic document exchange system capable of giving an XML signature and a time stamp to an electronic document when the electronic document is transmitted / received via the Internet, and a Web server used therefor.

  In recent years, electronic documents have been transmitted / received via the Internet. In particular, when performing electronic commerce, electronic notarization, electronic application, etc., it is necessary to prove by whom and when the electronic document to be exchanged was created.

  2. Description of the Related Art Conventionally, there is an XML signature generation system having a time stamp assigning function described in Patent Document 1, for example, which guarantees who created a digital document exchanged between the Internet.

  In this system, an XML signature is generated for a part or all of an electronic document, a hash value is calculated for the <SignatureValue> tag of the generated XML signature, and the hash value is transmitted to a time stamp provider. . Thereafter, a time stamp generated for this hash value is received from a time stamp provider (time stamp issuing organization), and the received time stamp is added to the <SignatureProperty> tag of the XML signature.

  By the way, when information is transmitted / received via the Internet, a log file, which is a history of transmission / reception, is usually created on the Web server, and the sender, recipient, transmission date / time, reception date / time, etc. are recorded in this log file. It is normal to be done.

  If you look at the information recorded in this log file, you can see at a glance what kind of electronic document was sent and received between who and who. If you save this log file, Records of electronic document exchange can be kept.

  However, information recorded in the log file (transmitter / receiver, transmission / reception date / time, etc.), especially the transmission / reception date / time, is recorded by the clock of the Web server, and is guaranteed by a third party organization such as a time stamp issuing organization Therefore, storing this log file as a transmission / reception record has a problem of lack of reliability.

JP 2004-260664 A

  The present invention has been made in view of the above problems, and its purpose is to give an XML signature and a time stamp to an electronic document when sending and receiving the electronic document via the Internet, and also to a log file. It is an object of the present invention to provide an electronic document exchange system capable of giving an XML signature and a time stamp, and a Web server used therefor.

  In order to achieve the above object, the present invention provides an electronic document exchange system comprising a Web server that assigns an XML signature and a time stamp to an electronic document, and a database server. Are transmitted and received between a sender terminal and a receiver terminal that are connected to each other through the server, and the database server includes a sender ID that identifies the sender terminal and a receiver ID that identifies the receiver terminal. And the time stamp is sent from the time stamp server connected to the Internet to the Web server, and the Web server is connected between the sender terminal and the receiver terminal. Log file for recording the transmission / reception history and XML conversion unit for converting the electronic document transmitted from the sender terminal into XML data An XML file that stores the electronic document converted by the XML conversion unit, and a digest value calculation unit that calculates a digest value based on the electronic document transmitted from the sender terminal, and the Web server Transmits a document creation page to the sender terminal via the Internet on the condition that the sender ID is input, and an electronic document created on the sender terminal by the document creation page is transmitted via the Internet. The web server performs a first saving process and a second saving process. The first saving process is performed by the digest value calculation unit based on the received electronic document. 1 digest value is calculated, the calculated first digest value is transmitted to the time stamp server, and the first digest value is transmitted. The first time stamp given by the time stamp server for the value is received, and the first time stamp is converted into XML data by the XML conversion unit, stored in the XML file, and the received electronic Based on the document, the digest value calculation unit calculates a second digest value, generates a first XML signature for the calculated second digest value, and generates the generated first XML signature. Is stored in the XML file, and the second saving process is based on the received electronic document, the time information when the electronic document is received by the Web server, and for specifying the electronic document. The message ID, the sender ID, and the receiver ID are acquired, and the acquired time information and the message ID are acquired. The sender ID and the receiver ID are converted into XML data by the XML conversion unit, a third digest value is calculated from the XML data by the digest value calculation unit, and the calculated third digest is calculated. A value is transmitted to the time stamp server, the second time stamp given by the time stamp server is received for the third digest value, and the second time stamp is converted into XML data to The fourth digest value is calculated by the digest value calculation unit from the message ID, the sender ID, the receiver ID, and the time information received by the Web server converted into XML data. And the second XML signature for the calculated fourth digest value As well as formed, the second XML signature this generated, characterized in that stored in the log file.

  The electronic document exchange system further includes a sender-side mail server and a recipient-side mail server, and the Web server receives the first time stamp and the electronic document received from the sender terminal. A first XML signature may be added and sent from the Web server to the receiver mail server via the sender mail server.

  The Web server further receives a received message display request signal from the receiver terminal, and the receiver ID, the message ID, and the Web server request the message display request based on the message display request signal. The date / time information when the signal is received is acquired, and the acquired receiver ID, the message ID, and the date / time information are converted into XML data by the XML conversion unit, and from the XML data by the digest value calculation unit. The fifth digest value is calculated, the calculated fifth digest value is transmitted to the time stamp server, and the third time stamp given by the time stamp server is received for the third digest value. At the same time, the third time stamp is converted into XML data. The sixth digest value is calculated by the digest value calculation unit from the message ID, the recipient ID, and the date / time information when the Web server receives the message display request signal converted into XML data. Then, a third XML signature may be generated for the calculated sixth digest value, and the generated third XML signature may be stored in the log file.

  The electronic document exchange system further includes a sender-side mail server and a recipient-side mail server, and the Web server receives the first time stamp and the electronic document received from the sender terminal. A first XML signature is added and transmitted from the web server to the recipient mail server via the sender mail server, and the web server further receives a received message display request signal from the recipient terminal. On the other hand, on the basis of the message display request signal, the receiver ID, the message ID, and date / time information when the Web server receives the message display request signal are acquired, and the acquired receiver ID The message ID and the date / time information are converted into XML data by the XML conversion unit, and the XML data is also converted. The digest value calculation unit calculates a fifth digest value from the data, transmits the calculated fifth digest value to the time stamp server, and the time stamp server assigns the third digest value as a target. The third time stamp is received, the third time stamp is converted into XML data and stored in the log file, and the message ID, the receiver ID, and the Web server receive the message display request signal. The digest value calculation unit calculates a sixth digest value from the converted date / time information converted into XML data, generates a third XML signature for the calculated sixth digest value, and generates this And save the third XML signature in the log file, The server b transmits a reception request signal for the electronic document to which the first time stamp received by the recipient mail server and the first XML signature are added to the recipient mail server, In response to the reception request signal, the recipient-side mail server transmits the electronic document to which the first time stamp and the first XML signature are added to the recipient terminal via the Web server, and When receiving the first time stamp verification request signal from the receiver terminal, the Web server requests the time stamp server to verify the first time stamp, receives the verification result, and You may comprise so that it may transmit with respect to a receiver terminal.

  In addition, at least one of the sender terminal and the receiver terminal may be a mobile phone.

  Further, the document creation page can request the Web server to generate the first XML signature and the second XML signature or to issue the first time stamp and the second time stamp. It may be configured.

  The electronic document transmitted and received between the sender terminal and the receiver terminal may be encrypted with SSL.

  In order to achieve the above object, the present invention provides a Web server used in an electronic document exchange system that adds an XML signature and a time stamp to an electronic document and registers information related to the XML signature and the time stamp in a database server. The electronic document is transmitted / received between a sender terminal and a receiver terminal connected via the Internet, and the database server includes a sender ID for identifying the sender terminal and the sender terminal. A receiver ID that identifies a receiver terminal is registered in advance, and the time stamp is sent to the Web server from a time stamp server connected to the Internet. The Web server is the sender A log file for recording a history of transmission and reception between the terminal and the receiver terminal, and the sender terminal An XML conversion unit that converts the electronic document transmitted from the XML conversion unit into an XML data, an XML file that stores the electronic document converted by the XML conversion unit, and a digest value based on the electronic document transmitted from the sender terminal The Web server transmits a document creation page to the sender terminal via the Internet on the condition that the sender ID is input, and the document creation page The electronic document created by the sender terminal is received via the Internet, and the Web server performs a first saving process and a second saving process, and the first saving process includes: Based on the received electronic document, the digest value calculation unit calculates a first digest value, and the calculated first digest Is transmitted to the time stamp server, the first time stamp given by the time stamp server is received for the first digest value, and the first time stamp is converted into XML data by the XML conversion unit. Converted and saved in the XML file, the digest value calculation unit calculates a second digest value based on the received electronic document, and a first XML signature for the calculated second digest value as a target. And the generated first XML signature is stored in the XML file. In the second storing process, the Web server stores the electronic document based on the received electronic document. Received time information, message ID for specifying the electronic document, the sender ID, and the receiver ID And the acquired time information, the message ID, the sender ID, and the receiver ID are converted into XML data by the XML conversion unit, and the digest value calculation unit converts the XML data to the digest value calculation unit. The third digest value is calculated, the calculated third digest value is transmitted to the time stamp server, and the second time stamp provided by the time stamp server is received for the third digest value. At the same time, the second time stamp is converted into XML data and stored in the log file, and the message ID, the sender ID, the receiver ID, and the time information received by the Web server are converted into XML data. The fourth digest value is calculated from the above by the digest value calculation unit, and this To generate a second XML Signature as an object a fourth digest value issued, the second XML signature this generated, characterized in that stored in the log file.

  The Web server further receives a received message display request signal from the receiver terminal, and the receiver ID, the message ID, and the Web server request the message display request based on the message display request signal. The date / time information when the signal is received is acquired, and the acquired receiver ID, the message ID, and the date / time information are converted into XML data by the XML conversion unit, and from the XML data by the digest value calculation unit. The fifth digest value is calculated, the calculated fifth digest value is transmitted to the time stamp server, and the third time stamp given by the time stamp server is received for the third digest value. At the same time, the third time stamp is converted into XML data. The sixth digest value is calculated by the digest value calculation unit from the message ID, the recipient ID, and the date / time information when the Web server receives the message display request signal converted into XML data. Then, a third XML signature may be generated for the calculated sixth digest value, and the generated third XML signature may be stored in the log file.

  In addition, at least one of the sender terminal and the receiver terminal may be a mobile phone.

  Further, the document creation page can request the Web server to generate the first XML signature and the second XML signature or to issue the first time stamp and the second time stamp. It may be configured.

  The electronic document transmitted and received between the sender terminal and the receiver terminal may be encrypted with SSL.

  As described above, according to the present invention, an XML signature and a time stamp can be given to an electronic document, and an XML signature and a time stamp can also be given to a log file. This not only ensures the reliability and credibility of when and when the electronic document itself was created, but also ensures the reliability of the log file that records when and who the electronic document was sent to and from. It is possible to improve convenience.

  The best mode for carrying out the present invention will be described below with reference to the accompanying drawings.

<First Embodiment>
FIG. 1 is an overall configuration diagram of a message transmission / reception system to which the present invention is applied. This system includes a Web server 1, a database server 2, and a time stamp server 3, and includes a terminal 5 of client A (hereinafter “sender” A terminal 5 ”and a terminal 6 of the client B (hereinafter referred to as“ recipient terminal 6 ”) are connected via the Internet 4. Hereinafter, in the present embodiment, a case where a message is transmitted from the client A and the client B receives the message will be described.

  The Web server 1 includes an XML file conversion unit 11, a digest value calculation unit 12, an XML file 13, and a log file 14. It is configured to be able to send and receive.

  The XML conversion unit 11 is a process for converting data including a message transmitted from the sender terminal 5 into XML (extensible markup language) format data (hereinafter referred to as “XML data”), and is transmitted from the time stamp server 3. A process for converting the time stamp into XML data, a process for converting data stored in the log file 14 to be described later into XML data, and the like are performed.

  The digest value calculation unit 12 calculates the digest value (hash value) from a part of the message converted into XML data by the XML conversion unit 11, and the XML conversion unit 11 saves the log file 14 as XML. A process for calculating a digest value from the data converted into data is performed.

  The XML file 13 is configured to store the XML data converted by the XML conversion unit 11, for example, a message, a time stamp, a digest value, and an XML signature.

  The log file 14 records a history transmitted / received between the sender terminal 5 and the receiver terminal 6. Based on the message received by the Web server 1, the time information when the message is received, the message ID for specifying the message, the sender ID, and the receiver ID are converted into XML by the XML conversion unit 11. After being converted to data, the log file 14 is stored. FIG. 3 shows a conceptual diagram of the log file 14 and will be described from the top in order from the first line. 1: Document exchange log, 2: Log authentication information, 3: Time stamp information, 4: Time stamp Token (when issued / Base64 encoding), 5: electronic signature, 6: electronic signature (added by the number issued) / ID for identifying electronic signature (user ID or server ID), 7: signature information, 8: normalization Method: Normalization method is specified (minimal), 9: Signature method, signature method is specified (RSA-SHA1), 10: Signature target (only one in this system), Signature target URI (#change_log_event), ID for identifying the signature object, 11: Designate digest method / digest method (SHA-1), 12: Digest 13: Signature value (Base64 encoding), 14: Key information, 15: Document exchange log event / log output time / event type, 16: Event occurrence time, 17: Sender / sender ID, 18: Receiver / Recipient ID, 19: Message / message ID.

  The database server 2 mainly has a database 21 for storing data relating to the client of this system and data transmitted from the Web server 1, and this database 21 is a message table 21A as shown in FIG. The message management table 21B.

  The message table 21A is configured to store a message ID, a sender ID, a message file storage path, a subject, and a transmission date / time. The message ID is identification information attached to each transmitted message, and each message is configured to have a unique message ID. The sender ID is information that identifies who sent the message. In order to use this system, this ID needs to be registered. This ID is registered in advance in the database 21, for example, and the sender ID in this embodiment is the ID of the client A. The message file storage path is information for specifying a message stored in the XML file 13. The subject is information indicating the subject described by the sender when creating the message, and the transmission date / time is the transmission / reception date / time information of the message determined by the clock of the Web server 1.

  In the message management table 21B, a message ID, a recipient ID, an opening notification flag, and an opening date are registered. The message ID corresponds to the message ID stored in the message table 21A, and the recipient ID is information for identifying to whom the message is transmitted. In order to use this system, this ID needs to be registered. This ID is registered in advance in the database 21, for example, and the recipient ID in this embodiment is the ID of the client B. The opening notification flag is recorded when it is desired to confirm whether or not the receiver has opened the message sent by the sender. For example, when the client A sends a message as described later, a message is created. This flag is recorded when the reception confirmation check column is checked on the screen and transmitted to the Web server 1. The date and time of opening is recorded when the message sent by the recipient is opened. In this embodiment, when the client B receives and opens the message sent from the client A, The opening date is recorded.

  Recording and management in the message table 21A and the message management table 21B can be realized by a DBMS (Database Management System) included in the database server 2. In this embodiment, the ID of client A is described as the sender ID and the ID of client B is the receiver ID. However, for convenience of explanation, the ID of the sender is the sender ID and the ID of the receiver is the receiver. These are IDs, both of which are registered in advance in the database 21 as the ID of the person who uses this system. The message table 21A and the message management table 21B are stored in the database 21 corresponding to each client as unique to the client using this system.

  The time stamp server 3 is a server owned by a time distribution business authorized business operator (TA) or a time authentication business authorized business operator (TSA), and includes, for example, an Amano time stamp service 3161 (product name). When the digest value calculated by the digest value calculation unit 12 is transmitted from the Web server 1 and received, the time stamp server 3 assigns a reliable date and time for the digest value and can detect tampering. It is comprised so that.

  The sender terminal 5 and the receiver terminal 6 are terminals operated by a client that can use this system, and are constituted by, for example, a personal computer, a PDA, a mobile phone, or the like. In addition, the sender terminal 5 and the receiver terminal 6 are installed with web page browsing software, such as Internet Explorer, so that the web page can be browsed.

  In addition, in this embodiment, although demonstrated as the sender terminal 5 and the receiver terminal 6, these terminals do not mean the terminal which has a special function for transmission, respectively for reception, For convenience of explanation The terminal that transmits the message is the sender terminal, and the terminal that receives the message is the receiver terminal.

  Further, in the present embodiment, the terminal is composed of two terminals, that is, the sender terminal 5 and the receiver terminal 6, but the present system may be composed of two or more terminals.

  Next, the operation of this system will be described below with reference to FIGS. 4 to 9 separately for the message transmission operation of the sender terminal 5 and the message reception operation of the receiver terminal 6. FIG. 4 is a flow diagram at the time of message transmission, FIG. 5 is a diagram illustrating a message creation screen at the time of message transmission, FIG. 6 is a diagram illustrating a display screen of a transmitted list, FIG. 7 is a flowchart at the time of message reception, and FIG. FIG. 9 shows a received message list screen, and FIG. 9 shows a message display screen.

<Message transmission operation>
First, the sender ID and password are input from the sender terminal 5 of the client A, and the message creation page 500 transmitted by the Web server 1 is displayed on the screen of the sender terminal 5. Then, the client A creates a message and transmits this message to the Web server 1 via the Internet 4 (step 401).

  For example, the message creation page 500 is configured as shown in FIG. 5, and the destination ID is input in the destination column 501, the subject is input in the subject column 503, and the message is entered in the message creation column 507. Click the send button 508. Then, data including a message is transmitted to the Web server 1 via the Internet 4. Reference numeral 502 denotes a CC (Carbon Copy), and a message having the same content is transmitted to the address entered in this field.

  In addition, the message creation page 500 is provided with check fields 506A, 506B, and 506C that can be requested to select a time stamp, an electronic signature (XML signature), and a reception confirmation. If a check is made at ˜506C using a mouse or the like, processing corresponding to the checked item is performed.

  As described above, if the check fields 506A to 506C are provided so that selection requests can be made, for example, on the client side, it usually costs money to give a time stamp, and depending on the contents, who created it In such a case, if the time stamp check field 506B is not checked, it is not necessary to incur an extra cost. Therefore, the convenience of the client is improved.

  If you want to send an attached file such as an image file with the message, enter the name of the file (including the identifier) you want to attach in the attachment field, or search for the file on your computer and attach it. To do so, the user clicks the browse button 505 to display his / her own saved folder and the like, and can double-click on the target file to input the attached file to be attached to the attached file column 504.

  The transmitted message is preferably encrypted by SSL (Secure Socket Layer), since data can be prevented from being wiretapped, falsified, and impersonated.

  Next, when data including a message is transmitted to the Web server 1, the Web server 1 checks whether or not there is a message time stamp issuance request. If there is an issuance request (Y in step 402), the time A time stamp issuance request signal is transmitted to the stamp server 3, and the time stamp server 3 receives the transmitted signal, issues a time stamp to be added to the message, and transmits it to the Web server 1. (Step 403). The Web server 1 receiving this time stamp transmits a message storage request signal to the database server 2 (step 404), and the database server 2 registers message information (step 405).

  On the other hand, if there is no issue request (N in step 402), a message storage request signal is transmitted to the database server 2 (step 404), and the database server 2 registers message information (step 405).

  Here, the time stamp issuance request process for the time stamp server 3 is performed as follows. First, the Web server 1 converts the received message into XML data by the XML conversion unit 11, and then a part of the data converted into the XML data, that is, the message body, sender information (sender) ID), recipient information (recipient ID), time information when the Web server 1 receives the message, and the like, the digest value calculation unit 12 calculates a digest value (first digest value). Then, the Web server 1 transmits the digest value calculated by this calculation to the time stamp server 3, and the transmitted digest value functions as a time stamp issue request signal.

  In addition, data including a message is converted into XML data and stored in the XML file 13 as described above. The database server 2, specifically, the message table 21, includes the message ID, the sender ID, information related to the storage path of the XML file 13, the subject, and information related to the transmission date and time given by the clock of the Web server 1 are recorded. On the other hand, a message ID and a recipient ID are recorded in the message management table. When the check column 506C is checked in the message creation page 500, an opening notification flag is set.

  Next, the Web server 1 issues an electronic signature to the message (step 406) and records a message transmission / reception history in the log file 14 (step 407).

  This electronic signature is a digest calculated by the digest value calculation unit 12 based on the message body, sender information (sender ID), receiver information (receiver ID), time information when the Web server 1 receives the message, and the like. Issued for the value (second digest value).

  Further, the Web server 1 issues a time stamp issuance request for the log file to the time stamp server 3 (step 408), and the time stamp server 3 that has received this issuance request signal sends a time stamp to the log file 14. Is transmitted to the Web server 1 (Step 409), and the Web server 1 issues an electronic signature to the log file 14 (Step 410).

  Here, the time stamp issuance and electronic signature issuance processing for the log file 14 is performed as follows.

  First, based on the received message, the time information when the Web server 1 received the message, the message ID of the message, the sender ID, and the receiver ID are acquired and acquired. The time information, the message ID, the sender ID, and the receiver ID are converted into XML data by the XML conversion unit 11, and a digest value (third digest value) is calculated from the XML data. The calculated digest value is transmitted to the time stamp server 3. The time stamp server 3 receives the transmitted digest value, and the time stamp server 3 sets a time stamp (second time) for the digest value. (Stamp) is added and transmitted to the Web server 1. Then, the Web server 1 converts the time stamp into XML data by the XML conversion unit 11 and stores it in the log file 14. Next, from the data similar to the above, that is, the obtained time information, the message ID, the sender ID, and the receiver ID converted into XML data, the digest value calculation unit 12 performs a digest value (first number). (Digest value 4) is generated, and an electronic signature (second XML signature) is generated for the calculated digest value, and the generated electronic signature is stored in the log file 14.

  When the message transmission process is performed in this way, the transmitted message information is recorded in the log file 14, the database 21, and the like. On the other hand, the client A who has transmitted the message has been transmitted from the Web server 1. A message list is provided, and the message destination, subject, transmission date and time, etc. can be viewed.

  For example, as shown in FIG. 6, the transmitted message list screen 600 includes a destination column 601, a subject column 602, and a transmission date / time column 603, and information input to the destination column 501 on the message creation screen 500. The address field 601 reflects the information input in the subject field 503 in the subject field 602, and the time information when the Web server 1 receives the message is reflected in the transmission date / time field 603. The sent message list screen 600 is configured to display a time stamp issued icon 604 and an electronic signature issued icon 605. Note that when the time stamp issued icon 604 is clicked, the time information issued by the time stamp server 3 may be displayed.

  In this way, when sending a message, a time stamp and electronic signature for the message and a digest value are assigned. As a result, for example, when tampering is performed after a time stamp or an electronic signature is given, the digest value changes before and after tampering, which makes it easy to detect tampering. If there is no change in the digest value, it can be objectively proved that no alteration has been made.

  Furthermore, when sending a message, the log file 14 is also given a time stamp and an electronic signature as a digest value. As a result, tampering detection is facilitated and the reliability of the log file can be improved.

<Message reception operation>
Next, the message receiving operation will be described with reference to FIGS.

  First, the recipient ID and password are input from the recipient terminal 6 of the client B, and the received message list screen transmitted by the Web server 1 is displayed on the screen of the recipient terminal 6 (step 701). Select the message you want to display from the list displayed on the list screen.

  For example, as shown in FIG. 8, the received message list screen 800 includes an unopened column 801, a sender column 802, a subject column 803, and a received date / time column 804. The unopened column 801 displays whether or not the client B has already opened the message. When the message is opened, an unopened mark 801A is displayed. When the client B is not opened, an unopened mark 801B is displayed. When the opening mark 801A and the unopened mark 801B are clicked, the content of the message is displayed. The sender field 802 displays the sender ID of the sender who created and sent the message, the subject field 803 displays the subject input to the message creation screen 503, and the reception date / time field 804 displays the Web server 1. The time information when the message is received is displayed. Note that the content of the message may be displayed when the subject 803 is clicked.

  The received message list screen 800 is configured to display a time stamp issued icon 805 and an electronic signature issued icon 806. When the time stamp issued icon 805 is clicked, time information issued by the time stamp server 3 may be displayed. When the display content of the received message list screen 800 is updated, the display content is updated to the latest information by clicking an update button 807.

  Next, the Web server 1 checks whether or not the message is displayed for the first time, that is, whether the message is opened for the first time (step 702). If the message is displayed for the first time (Y in step 702), a message opening log is output (step 702). 703), the time stamp server 3 is requested to issue a log file time stamp (step 704). The time stamp server 3 receives this time stamp issuance request signal, issues a time stamp to the log file 14 (step 705), and the Web server 1 receives this time stamp, and then sends it to the log file 14. An electronic signature is issued (step 706).

  On the other hand, when the message is not displayed for the first time, the time stamp issue request process and the electronic signature issue process are not performed (N in Step 702), and the process proceeds to Step 707 described later.

  Here, the time stamp issuing process and the electronic signature issuing process for the log file 14 are performed as follows. First, when the Web server 1 receives a received message display request from the receiver terminal 6 (step 701), the Web server 1 acquires a receiver ID from the request signal, searches the message table for the corresponding message ID, Information on the date and time when the Web server 1 receives the request signal is acquired. Then, the acquired recipient ID, message ID, and reception date / time information are converted into XML data by the upper XML conversion unit 11, and the data converted into the XML data is stored in the XML file 13.

  Next, the digest value calculation unit 12 calculates a digest value (fifth digest value) from the data converted into the XML data. The Web server 1 transmits the calculated digest value to the time stamp server 3, and the time stamp server 3 issues a time stamp for the transmitted digest value. This time stamp is converted into XML data by the XML conversion unit 11 and is stored in the XML file 13.

  Furthermore, the Web server 1 converts the data similar to the above, that is, the digest value (sixth value) calculated by the digest value calculation unit 12 from the acquired recipient ID, message ID, and reception date / time information converted into XML data. The electronic signature (third XML signature) is generated with respect to the digest value of (3) as a target, and the generated electronic signature is stored in the log file 14.

  Next, when the time stamp issuing process and the electronic signature issuing process are completed, a message information acquisition request signal is transmitted to the database server 2 (step 707), and the database server 2 that has received this signal receives the corresponding received message. Information is transmitted to the Web server 1 (step 708), and a message is displayed on the display screen of the recipient terminal 6 (steps 709 and 710).

  A specific process until the message is searched and the corresponding message is displayed on the display screen is performed as follows.

  First, the Web server 1 searches the message table 21 for a message ID corresponding to the request signal based on the received message display request signal, and the Web server 1 corresponds to the message ID to the database server 2. The message table 21 is instructed to search the storage path of the message file. The Web server 1 refers to the message file storage path output as a search result by these searches, and searches the XML file 13 for a message corresponding to this storage path.

  Then, the message output as a search result by this search is formatted into an HTML (HyperText Markup Language) format using XSLT (XML Stylesheet Language Transformations) and output.

  For example, this message display screen is configured as shown in FIG. In this message display screen 900, a time stamp 901 and an electronic signature 902 are displayed, and a sender column 903, a destination column 904, and a subject column 906 are displayed. The contents of these display fields reflect the contents described in the message creation screen 500 as described above. In addition, the date and time when the Web server 1 received the message is displayed in the transmission date and time column, and in the opening date and time column 908, the client B as the recipient uses the received message list screen 800 to open the corresponding message for the first time. The message described by the client A as the sender is displayed in the message display field 910. The attached file display field 909 displays the attached file when the client A sends the message with the attached file. Reference numeral 905 denotes a CC (Carbon Copy).

  Further, the Web server 1 checks whether or not there is an opening notification request for the message opened by the client B (step 711). If there is an opening notification request (Y in step 711), the client A A message opening notification is transmitted, and the client A receives the transmitted message opening notification (step 713). On the other hand, if there is no request for notification of opening (N in step 711), the message reception process ends.

  As described above, the time stamp and the electronic signature are given to the log file 14 as a target for the digest value even when the message is received. As a result, tampering detection is facilitated and the reliability of the log file can be improved.

Second Embodiment
The message transmission / reception system of the second embodiment of the present invention is obtained by adding a sender side mail server and a receiver side mail server to the first embodiment, and changing the back end to an existing mail server. That is, direct transmission / reception between a sender terminal and a receiver terminal of a message created by a sender terminal using a message creation page and transmitted to a Web server is performed on the sender side mail server and the receiver side. It has been changed to a mail server.

  Hereinafter, description of the same parts as those in the first embodiment will be omitted, and only different parts will be described with reference to the drawings.

  First, the configuration will be described with reference to FIG.

  FIG. 10 is an overall configuration diagram of a second embodiment of a message transmission / reception system to which the present invention is applied, and shows a case where the message transmission / reception system of the present invention is applied to transmission / reception of mail between company A and company B. . Here, the explanation will be made on the assumption that the company A transmits the mail and the company B receives the mail, but this is for convenience of explanation. Of course, the company A is the receiver side and the company B is the sender. Sometimes it becomes a side.

  In the company A, the database server 2 and the sender mail server 7A are connected to the Web server 1, and the Web server 1 and a plurality of sender terminals 5-1, 5-2, 5-3, (Hereinafter referred to as "sender terminal 5") is connected via a LAN such as an intranet. Similarly, in the company B, the database server 2 and the recipient-side mail server 7B are connected to the Web server 1, and the Web server 1 and a plurality of recipient terminals 6-1, 6-2, 6 -3,... (Hereinafter referred to as “recipient terminal 6”) are connected via a LAN such as an intranet. The company A and the company B are connected via the Internet 4, and the company A and the company B are also connected to the time stamp server 3 via the Internet 4.

  The configurations of the database server 2, the time stamp server 3, the sender terminal 5, and the receiver terminal 6 are the same as those in the first embodiment. However, the receiver terminal 6 is configured to be able to receive a time stamp verification request and its verification result from the Web server 1 as will be described later.

  Further, the configuration of the Web server 1 is the same as that shown in FIG. 1 of the first embodiment, but unlike the first embodiment, the We server 1 includes a sender side mail server 7A and a receiver side mail. The server 7B is configured to transmit and receive data. Further, in response to the time stamp verification request from the receiver terminal 6, the time stamp server 3 is requested to verify the time stamp, the verification result is received, and the message shown in FIG. The verification result is displayed on the display screen 900. Details will be described later.

  The sender-side mail server 7A and the receiver-side mail server 7B do not have a configuration unique to the present invention, but are existing mail servers, and are configured to be able to exchange data with the Web server 1. Thus, in this embodiment, since the mail transmitted from the sender terminal 5 is received by the receiver terminal 6 via the sender mail server 7A and the receiver mail server 7B, the receiver side The contents of the message can be viewed not only by the message display screen 900 shown in FIG. 9 described in the first embodiment but also by an existing mailer.

  Next, the operation of the message transmission / reception system of this embodiment will be described with reference to FIGS. In the following description and drawings, the Web server 1 that the company A has is called the sender-side Web server 1A, and the one that the company B has is called the receiver-side Web server 1B.

  FIG. 11 is a flow diagram at the time of message transmission, FIG. 12 is a flow diagram at the time of time stamp verification, and FIG. 13 is an image diagram showing a display screen for displaying a time stamp verification result.

  First, the operation at the time of message transmission will be described.

  Also in this embodiment, the processing in steps 401 to 403 and steps 406 to 410 in FIG. 4 showing the first embodiment is performed in the same manner. Therefore, in FIG. The process until it is transmitted to the recipient mail server 7B via the server 7A and stored is shown.

  When all the processes in steps 401 to 410 shown in FIG. 4 are completed, as shown in FIG. 11, the Web server 1 transmits the message text received from the sender side to the sender side mail server 7A (step 411). At this time, the Web server 1 adds a message time stamp and an electronic signature to the message and transmits the message to the sender mail server 7A.

  On the other hand, the sender mail server 7A determines whether or not this message has been received (step 412), and if received, transmits the message to the receiver mail server 7B (step 413). On the other hand, the receiver side mail server 7B determines whether or not there is reception from the sender side mail server 7A (step 414), and if there is reception (Y in step 414), saves the message and stores the message. The transmission process ends.

  In the above description, the process shown in FIG. 11 is started after all the processes in FIG. 4 are finished. However, after the process in step 406 shown in FIG. 4 is finished, the processes in steps 407 to 410 are performed. You may be made to process in parallel with what is performed.

  Next, the operation when receiving a message will be described.

  Also in this embodiment, the processing in steps 702 to 706 of FIG. 7 described in the first embodiment is performed in the same manner, and therefore, the processing from steps 702 to 706 is omitted in FIG. . That is, in the following, the processing above the line A in the drawing is the same as the processing in steps 701 to 707 in FIG.

  The recipient-side mail server 7B determines whether or not there is a received message information acquisition request from the recipient-side Web server 1B (S708). If there is a request (Y in S708), the stored message is sent to the message time. Along with the stamp and electronic signature, the message is transmitted to the recipient-side Web server 1B (S709). On the other hand, the recipient-side Web server 1B discriminates these receipts (S710), and if there is a receipt (Y in S710), obtains a web page (S711) and displays a message on the screen of the recipient terminal 6 (S711). Along with S712), these received messages are stored.

  The message display screen is the same as in FIG. 9 described in the first embodiment, and a time stamp 901 and an electronic signature 902 are displayed on the message display screen. However, in the present embodiment, this time stamp can be verified, and the verification result is displayed as shown in FIG. That is, a verification request button 911 and a verification result display 912 are further added to the display of 901 to 909 shown in FIG.

  The operation of time stamp verification will be described in detail below.

  When the client B wants to verify the time stamp (hereinafter referred to as “TS”) attached to the received message, it makes a TS verification request to the recipient-side Web server 1B (S713). Specifically, when TS verification is requested, if the client B clicks the verification request button 911 on the message display screen 900A shown in FIG. 13 with a mouse or the like, the TS verification request signal is sent to the recipient-side Web server 1B. Is sent.

  On the other hand, the receiver-side Web server 1B determines the presence or absence of this TS verification request (S714), and if there is a request (Y in S714), calculates the digest value on the transmission side from the stored message. Then, a TS verification request is sent to the time stamp server 3 (S716). More specifically, the TS verification request is for transmitting data obtained by combining the digest value and the TS to the time stamp server 3 and checking whether the received message has been tampered with the time stamp server 3. This is a process for requesting verification.

  In contrast, the time stamp server 3 determines whether or not there is a TS verification request (S717). If there is a TS verification request (Y in S717), the TS transmitted in response to this request is decrypted. The transmission-side digest value is acquired (S718), and the transmission-side digest value is compared with the reception-side digest value (S719). As a result of the comparison, data indicating “OK” if there is a match, that is, data indicating that the message has not been tampered with (Y in S719), and if it does not match, data indicating “NG”, that is, indicating that the message has been tampered with. The data is transmitted (N in S719) to the recipient-side Web server 1B as a verification result (S720).

  The receiver-side Web server 1B determines whether or not data indicating the verification result is transmitted (S721). If the verification result is received (Y in S721), the verification result is transmitted to the receiver terminal 6. (S722). On the other hand, the receiver terminal 6 determines whether or not this verification result has been received (S723). If there is reception (Y in S723), the verification result is received (S724).

  Through this series of processing, when the recipient terminal 6 receives the time stamp verification result, the verification result is displayed on the message display screen 900A shown in FIG. Specifically, as shown in FIG. 13, when the verification result is “OK”, that is, when the message has not been tampered with, “verification result OK” is displayed in the message display field 910. In the case of “NG”, “verification result NG” may be displayed. In addition, there are various display methods such as writing in the subject field 906 or sending it as an attached file.

1 is an overall configuration diagram of a first embodiment of a message transmission / reception system to which the present invention is applied. The block diagram of a message table and a message management table. The figure which shows the content of a log file. The flow chart at the time of message transmission. The figure which shows the message creation screen at the time of message transmission. The figure which shows the display screen of a transmitted list. The flowchart at the time of message reception. The figure which shows a received message list screen. The figure which shows a message display screen. The whole block diagram of 2nd Embodiment of the message transmission / reception system to which this invention is applied. The flowchart at the time of the message transmission in 2nd Embodiment. The flowchart at the time of the message reception in 2nd Embodiment. The figure which shows the message display screen in 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Web server 11 XML conversion part 12 Digest value calculation part 13 XML file 14 Log file 2 Database server 21 Database 21A Message table 21B Message management table 3 Time stamp server 4 Internet 5 Sender terminal 6 Recipient terminal 7A Sender side mail server 7B Recipient side mail server

Claims (12)

An electronic document exchange system comprising a Web server that gives an XML signature and a time stamp to an electronic document, and a database server,
The above electronic document
Sent and received between the sender terminal and the receiver terminal connected via the Internet,
The database server
Register in advance a sender ID that identifies the sender terminal and a receiver ID that identifies the receiver terminal;
The above timestamp is
The time stamp server connected to the Internet is sent to the Web server,
The web server
A log file that records a history of transmission and reception between the sender terminal and the receiver terminal;
An XML conversion unit that converts the electronic document transmitted from the sender terminal into XML data;
An XML file for storing the electronic document converted by the XML conversion unit;
A digest value calculation unit that calculates a digest value based on the electronic document transmitted from the sender terminal, and the Web server transmits the transmission via the Internet on condition that the sender ID is input. A document creation page is transmitted to the sender terminal, and the electronic document created on the sender terminal is received by the document creation page via the Internet.
The web server
A first storage process and a second storage process;
The first storage process includes
Based on the received electronic document, the digest value calculation unit calculates a first digest value,
Send the calculated first digest value to the time stamp server,
The first time stamp provided by the time stamp server for the first digest value is received, and the first time stamp is converted into XML data by the XML conversion unit and stored in the XML file. ,
Based on the received electronic document, the digest value calculation unit calculates a second digest value,
A first XML signature is generated for the calculated second digest value, and the generated first XML signature is stored in the XML file.
The second storage process is as follows.
Based on the received electronic document, time information when the Web server received the electronic document, a message ID for specifying the electronic document, the sender ID, and the receiver ID are acquired. ,
The acquired time information, the message ID, the sender ID, and the receiver ID are converted into XML data by the XML conversion unit, and a third digest value is converted from the XML data by the digest value calculation unit. Calculate
Send the calculated third digest value to the time stamp server,
The second time stamp given by the time stamp server for the third digest value is received, and the second time stamp is converted into XML data and stored in the log file.
The digest value calculation unit calculates a fourth digest value from the message ID, the sender ID, the receiver ID, and the time information received by the Web server converted into XML data.
A second XML signature is generated for the calculated fourth digest value, and the generated second XML signature is stored in the log file. The electronic document exchange system further includes a sender mail server and a receiver mail server,
The receiver side mail is sent from the Web server via the sender mail server by adding the first time stamp and the first XML signature to the electronic document received by the Web server from the sender terminal. The electronic document exchange system according to claim 1, wherein the electronic document exchange system is transmitted to a server. The web server further includes:
The received message display request signal from the receiver terminal is received, and the receiver ID, the message ID, and date / time information when the Web server receives the message display request signal are acquired based on the message display request signal. ,
The acquired recipient ID, the message ID, and the date / time information are converted into XML data by the XML conversion unit, and a fifth digest value is calculated from the XML data by the digest value calculation unit.
Send the calculated fifth digest value to the time stamp server,
The third time stamp given by the time stamp server for the third digest value is received, and the third time stamp is converted into XML data and stored in the log file.
The digest value calculation unit calculates a sixth digest value from the message ID, the receiver ID, and the date / time information when the Web server receives the message display request signal converted to XML data,
The electronic document according to claim 1, wherein a third XML signature is generated for the calculated sixth digest value, and the generated third XML signature is stored in the log file. Exchange system. The electronic document exchange system further includes a sender mail server and a receiver mail server,
The receiver side mail is sent from the Web server via the sender mail server by adding the first time stamp and the first XML signature to the electronic document received by the Web server from the sender terminal. To the server,
The web server further includes:
When receiving a received message display request signal from the receiver terminal,
on the one hand,
Based on the message display request signal, the receiver ID, the message ID, and date / time information when the Web server receives the message display request signal are acquired,
The acquired recipient ID, the message ID, and the date and time information are converted into XML data by the XML conversion unit, and a fifth digest value is calculated from the XML data by the digest value calculation unit.
Send the calculated fifth digest value to the time stamp server,
The third time stamp given by the time stamp server for the third digest value is received, and the third time stamp is converted into XML data and stored in the log file.
The digest value calculation unit calculates a sixth digest value from the message ID, the receiver ID, and the date / time information when the Web server receives the message display request signal converted to XML data,
A third XML signature is generated for the calculated sixth digest value, and the generated third XML signature is stored in the log file.
On the other hand,
The web server
A reception request signal for the electronic document to which the first time stamp and the first XML signature received by the recipient mail server are added is sent to the recipient mail server;
The recipient mail server
In response to the reception request signal, the electronic document to which the first time stamp and the first XML signature are added is transmitted to the recipient terminal via the Web server,
The web server
When the verification request signal for the first time stamp is received from the receiver terminal, the time stamp server is requested to verify the first time stamp, and the verification result is received. 2. The electronic document exchange system according to claim 1, wherein the electronic document exchange system transmits the electronic document.   The electronic document exchange system according to any one of claims 1 to 4, wherein at least one of the sender terminal and the receiver terminal is a mobile phone. The above document creation page
The web server is configured to be able to request selection of generation of the first XML signature and the second XML signature or issuance of the first time stamp and the second time stamp. The electronic document exchange system according to any one of claims 1 to 5.   The electronic document exchange according to any one of claims 1 to 6, wherein the electronic document transmitted and received between the sender terminal and the receiver terminal is encrypted by SSL. system. A web server used in an electronic document exchange system that adds an XML signature and a time stamp to an electronic document and registers information related to the XML signature and the time stamp in a database server,
The above electronic document
Sent and received between the sender terminal and the receiver terminal connected via the Internet,
The database server
Register in advance a sender ID that identifies the sender terminal and a receiver ID that identifies the receiver terminal;
The above timestamp is
The time stamp server connected to the Internet is sent to the Web server,
The web server
A log file that records a history of transmission and reception between the sender terminal and the receiver terminal;
An XML conversion unit that converts the electronic document transmitted from the sender terminal into XML data;
An XML file for storing the electronic document converted by the XML conversion unit;
A digest value calculation unit that calculates a digest value based on the electronic document transmitted from the sender terminal, and the Web server transmits the transmission via the Internet on condition that the sender ID is input. A document creation page is transmitted to the sender terminal, and the electronic document created on the sender terminal is received by the document creation page via the Internet.
The web server
A first storage process and a second storage process;
The first storage process includes
Based on the received electronic document, the digest value calculation unit calculates a first digest value,
Send the calculated first digest value to the time stamp server,
The first time stamp given by the time stamp server for the first digest value is received, and the first time stamp is converted into XML data by the XML conversion unit and stored in the XML file. ,
Based on the received electronic document, the digest value calculation unit calculates a second digest value,
A first XML signature is generated for the calculated second digest value, and the generated first XML signature is stored in the XML file.
The second storage process is as follows.
Based on the received electronic document, time information when the Web server received the electronic document, a message ID for specifying the electronic document, the sender ID, and the receiver ID are acquired. ,
The acquired time information, the message ID, the sender ID, and the receiver ID are converted into XML data by the XML conversion unit, and a third digest value is converted from the XML data by the digest value calculation unit. Calculate
Send the calculated third digest value to the time stamp server,
The second time stamp given by the time stamp server for the third digest value is received, and the second time stamp is converted into XML data and stored in the log file.
The digest value calculation unit calculates a fourth digest value from the message ID, the sender ID, the receiver ID, and the time information received by the Web server converted to XML data.
A Web server used for an electronic document exchange system, wherein a second XML signature is generated for the calculated fourth digest value and the generated second XML signature is stored in the log file. . The web server further includes:
The received message display request signal from the receiver terminal is received, and the receiver ID, the message ID, and date / time information when the Web server receives the message display request signal are acquired based on the message display request signal. ,
The acquired recipient ID, the message ID, and the date / time information are converted into XML data by the XML conversion unit, and a fifth digest value is calculated from the XML data by the digest value calculation unit.
Send the calculated fifth digest value to the time stamp server,
The third time stamp given by the time stamp server for the third digest value is received, and the third time stamp is converted into XML data and stored in the log file.
The digest value calculation unit calculates a sixth digest value from the message ID, the receiver ID, and the date / time information when the Web server receives the message display request signal converted to XML data,
9. The electronic document according to claim 8, wherein a third XML signature is generated for the calculated sixth digest value, and the generated third XML signature is stored in the log file. Web server used for the exchange system.   10. The Web server used in the electronic document exchange system according to claim 8, wherein at least one of the sender terminal and the receiver terminal is a mobile phone. The above document creation page
The web server is configured to be able to request selection of generation of the first XML signature and the second XML signature or issuance of the first time stamp and the second time stamp. A Web server used in the electronic document exchange system according to claim 8.   The electronic document exchange according to any one of claims 8 to 11, wherein the electronic document transmitted and received between the sender terminal and the receiver terminal is encrypted by SSL. Web server used in the system.

Images