JP2008252154A - Electronic online system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic online system that can transmit a notification document, which is a reply document from a government office side to an application document submitted from a user side, to the user side reliably, and receives the notification document simply. <P>SOLUTION: An electronic response system composing the electronic online system has an application document registration means, an electronic certificate acquisition means, a public key extraction means, a notification document encryption means, and a database (DB). The application document registration means has a function for registering an encrypted application document in which the electronic signature of a user is correlated to application document data. The electronic certificate acquisition means has a function for acquiring an electronic certificate included in the application data. The public key extraction means has a function for extracting the public key of a pair of keys personally authenticated by the electronic certificate. The notification document encryption means has a function for encrypting the application document with the public key. The DB stores a pattern format of the application document, or the like to a user terminal side while the pattern format can be outputted freely. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an electronic online system that can accept and respond to an application such as an approval application from other organizations or individuals to an organization such as an administrative agency via a network such as the Internet.

  Conventionally, as a system similar to this type of electronic online system, application for issuance of resident's card, etc. from a private institution or a personal computer terminal via a network such as the Internet is accepted. An electronic online system equipped with an electronic response system capable of electronically responding electronic data of application documents to the applicant side again via a network has been put into practical use. This electronic on-line system is widely spread because electronic data can be transmitted and received quickly and easily by data transmission and reception using communication means such as the Internet, and information necessary for data transmission and reception is reliably transmitted. Has been tried.

  In addition, in the handlers of the receiving organization of such an electronic online system, the application content from the user is related to personal information based on the Personal Information Protection Act, so personal authentication is performed as necessary, and further application The method of transmitting and receiving encrypted documents is taken.

  The receiving institution performs personal authentication when a request for issuance of a notification document (response document from the receiving institution) is made via a network from a person in charge of a private institution or a personal computer. At the same time, the encrypted application content can be decrypted and viewed. As a result of this browsing, the receiving side organization encrypts the notification document for the application document and transmits it to the user terminal on the applicant side. The user can decrypt the transmitted encrypted document and check the notification document at the user terminal.

  One conventional electronic online system is a cryptographic communication system using a public key cryptosystem. This conventional encryption communication system will be described with reference to FIG. 7 (Patent Document 1).

  The conventional cryptographic communication system 1 shown in FIG. 7 includes a key pair composed of a public key and a secret key, and a key pair in the key pair when performing cryptographic communication using a public key cryptosystem using FAX 2. This is a system that uses a public key certificate that proves that it is the owner of the public key, and can obtain a notification document for the application by being authenticated.

  The encryption communication system 1 includes, for example, an FAX 2 owned by an individual, a server device 4 and a communication control device 5 that are communicatively connected via a public line 3, and an administrative agency that is communicatively connected to the communication control device 5 via the Internet 6. 7. The FAX 2 is installed on the user side who desires to make a desired application, and is operated by the user as necessary to transmit a FAX document to the administrative agency 7 side.

  The public line 3 is a general communication line called PSTN. The server device 4 includes a communication unit 4 a, a generation unit 4 b, a certificate paper issue amount 4 c, and a PC 8 connected to the server device 4. The server device 4 includes a communication unit 4a, a generation unit 4b, and a certificate paper issue unit 4c. The server device 4 transmits the key pair and public key certificate generated by the generating unit 4b to the FAX 2 side by the operation of the PC 8. This PC 8 has a function of confirming whether or not the person described on the certificate paper request form and the person described in the personal identification document are the same person.

  The communication control device 5 includes a first communication unit 5a, a second communication unit 5b, a control unit 5c, a registration unit 5d, and a storage unit 5e. The first communication unit 5a performs facsimile communication with the FAX 2 via the PSTN. The first communication unit 5a prepares a FAX number for FAX transmission. When an incoming call is received at each FAX number, processing corresponding to the use of the FAX number can be executed.

  The second communication unit 5b communicates the encrypted information to the administrative agency 7 side via the Internet 6. The control unit 5c controls the communication control device 5 as a whole. The first communication unit 5a and the second communication unit 5b can be controlled to communicate with the FAX 2 and the communication license application server 7a on the administrative agency 7 side, respectively. Further, when performing communication, information registered in the registration unit 5d of the communication control device 5 is referred to, and information obtained there is stored in the storage unit 5e.

  The administrative agency 7 confirms the validity of the public key certificate stored in the storage unit 5e of the communication control device 5 using the public key certificate, and creates a public key and a private key. A public key certificate is transmitted from the communication license application server 7 a to the administrative agency 7 side via the communication control device 5. The public key certificate is attached with a public key unique to the applicant, and is encrypted with this public key on the administrative agency 7 side. Thereafter, the communication license file is transmitted from the administrative agency 7 side to the communication control device 5 side. Upon receiving the communication license file, the communication control device 5 decrypts it with its own private key, confirms the content of the application document, and transmits it to the administrative agency 7 side.

  Next, a certificate in which application data from the communication control device 5 side to the administrative agency 7 side is arranged with a pair key used for encryption communication by the public key cryptosystem and a bar code information of a public key certificate constituting the pair key. After the paper and the application data are encrypted, they are transmitted to the communication license application server 7a on the administrative agency 7 side.

Therefore, according to the cryptographic communication system 1, the communication license application server 7a of the administrative agency 7 transmits the encrypted notification document to the server device 4 side via the Internet 7 and the communication control device 5, and then the server device 4 Is transmitted to the FAX 2 on the applicant side via the public line 3, and the applicant is decrypted with the attached decryption key.
JP 2004-147019 A

  However, according to the conventional encryption communication system 1, the notification document that is a response document to the application document is delivered to the server device 4 via the Internet 7 and the communication control device 5 before reaching the FAX 2 on the user side. Then, personal authentication was to be performed. That is, by sending a certificate sheet for personal authentication to the communication control device 5, the applicant is authenticated based on the barcode image of the certificate sheet, and the image of the wireless license file is not transmitted to the FAX 2 by facsimile. I was following a complicated procedure of not becoming.

  The present invention has been made in view of the above points, and is characterized by a “notification document” that is a response document from the administrative agency side to the “application document” applied from the user side. That is, an object of the present invention is to provide an electronic online system that can reliably transmit a notification document to the user side and can easily receive the notification document.

  In order to achieve the above object, according to the present invention, an electronic response system for receiving and replying to an application document from the user terminal side is provided. The electronic response system includes an application document registration means, an electronic certificate The application document registration unit includes an acquisition unit, a public key extraction unit, a notification document encryption unit, and a database. The application document registration unit is an application document encrypted by associating a user's electronic signature and application document data. The electronic certificate acquisition unit has a function of acquiring an electronic certificate included in the application data, and the public key extraction unit releases the pair key that is personally authenticated by the electronic certificate. A function of extracting a key, and the notification document encryption means includes a function of encrypting the application document with a public key, and the database stores information such as an application document to the user terminal side. Format to provide an electronic online system, wherein a stored freely output.

  In order to achieve the above object, according to the present invention, an electronic response system and a user terminal that is communicably connected via a network are provided. The electronic response system includes an application document registration unit, an electronic certificate, and the like. A certificate acquisition unit and a notification document encryption unit, and the application document registration unit has a function of registering an encrypted application document associated with a user's electronic signature and application document data, and acquiring the electronic certificate The means has a function of acquiring an electronic certificate included in application data, and the public key extraction means has a function of extracting a public key of a pair key personally authenticated by the electronic certificate, and the notification document encryption The encryption unit has a function of encrypting the application document with a public key, and the user terminal has a function of decrypting the encryption notification document with a secret key of the pair key. To provide an electronic online system.

  According to the present invention, it is possible to reliably transmit a notification document to the user side as a response document from the administrative agency side to the application document applied for from the user side, and to receive the notification document by a personal computer. It is possible to provide an electronic online system that can be easily performed from a terminal such as the Internet via a network such as the Internet.

  Embodiments of the electronic online system of the present invention will be described with reference to the accompanying drawings.

  FIG. 1 is a block diagram showing the overall configuration of the electronic online system of the present invention. FIG. 2 is a flowchart showing an embodiment up to the application reception stage in the electronic online system of the present invention. FIG. 3 is a diagram showing an outline of the flow from the reception stage shown in FIG. 2 to the decryption of the notification document.

  The electronic online system 20 shown in FIG. 1 includes an electronic response system 21 and a user terminal 23 that is connected for communication via a network 22.

  The electronic response system 21 includes an examination terminal 24, a DB (database... Notification document DB) 25 for storing various data to be transmitted and received, and a WWW server 26 as a communication I / F.

  The examination terminal 24 includes an application document registration unit 27, an electronic certificate acquisition unit 28, a public key extraction unit 29, and a notification document encryption unit 30.

  The application document registration unit 27 has a function of registering the application document A transmitted from the user terminal 23 on the applicant side and the encrypted application document A ′ associated with the electronic signature of the applicant P. The electronic certificate acquisition unit 28 has a function of acquiring the format F1 of the application document stored in the DB 25 on the examination terminal 24 side and issuing the electronic certificate B corresponding to the application document A, and simultaneously publishing it. A key and a secret key (hereinafter referred to as “pair key”) are assigned to a JPKI card (Basic Resident Register Card) 33 which is an IC card.

  The format format F1 does not need to be stored in the DB 25 when, for example, the administrative agency does not necessarily use a specific format. Moreover, although the IC card has exemplified the Basic Resident Register card as an example, it may be a general-purpose IC card that can be used for encryption processing.

  The public key extraction means 29 has a function of automatically extracting and reading from the JPKI card 33 inserted in the user terminal 23. The notification document encryption unit 30 has a function of encrypting the notification document C using the extracted public key. The DB 25 is a database that stores format formats F1 such as an application document A, an electronic certificate B, and a notification document C. The network 22 is preferably the Internet, but may be a dedicated line.

  On the other hand, the user P who handles the user terminal 23 decrypts the encrypted notification document C ′ using one private key of the pair key stored in the JPKI card 33 received in advance from the receiving organization such as the administrative agency. The converted notification document C can be taken out.

  The encryption notification document C ′ can be automatically notified from the examination terminal 24 side to the user terminal 23 side, but the encryption notification is sent from the user terminal 23 side to the examination terminal 24 side. The examination terminal 24 side can respond by outputting the acquisition request of the document C ′ from the user terminal 23 side as indicated by a dotted arrow shown in FIG.

  As shown in FIG. 1, the electronic online system 20 receives an application from the user terminal 23 side, for example, a screening terminal 24 of an administrative institution is connected for communication via the Internet 22. The electronic response system 21 that accepts the application document A transmitted from the user terminal 23 includes a DB 25 and stores various data such as a signed application document A, an electronic certificate B, and a notification document C. The examination terminal 24 is provided so as to be operated by a person in charge of the administrative institution, and obtains the notification document format format F2 from the DB 25 and creates the notification document C in which the notification contents (data) are written, for example, in the PDF format. It has become so.

  Further, as shown in FIG. 2, the examination terminal 24 can acquire the electronic certificate B from the signature of the application document A by operating a built-in arithmetic processing unit (not shown). . When the personal authentication can be performed with the electronic certificate B, a pair key is given to the JPKI card 33. Of the pair keys, the public key can be extracted by the public key extracting means 29. Further, the notification document C can be encrypted by the notification document encryption unit 30 with the public key.

  The encrypted notification document (hereinafter referred to as “encryption notification document”) C ′ can be automatically notified from the DB 25 (or a dedicated DB) to the user terminal 23 side. Accordingly, the DB 25 can be conveniently used even in the administrative agency side provided with the electronic response system 21 or in the user P handling the user terminal 23.

  Next, the user terminal 23 will be described.

  The user terminal 23 incorporates an application such as an Internet browser and a card reader (not shown) corresponding to the JPKI card 33, and includes a secret key designation unit 31 and a notification document combination unit 32. Since the present invention is implemented by using a JPKI card 33 that is inserted into a card reader (not shown) so that the public key or secret key is read into the main body side of the user terminal 23 or is read. is there.

  The secret key designating unit 31 can designate and read a secret key, and has a function of a previous stage for automatically decrypting the encryption notification document C ′ transmitted from the administrative institution side, for example.

  The notification document decryption unit 32 decrypts the encrypted notification document C ′ with a designated secret key, and automatically inserts the JPKI card 33 into a card reader (not shown) of the user terminal 23. The private key is read, and the entire decrypted notification document C is displayed on the display screen (not shown) of the user terminal 23.

  The JPKI card 33 is read by a card reader (not shown) provided on the main body side of the user terminal 23, but it is not always necessary to use a JPKI card, and it may be a general-purpose IC card. In this case, an arbitrary password may be determined and used. However, the JPKI card 33 is originally a unique card possessed by the user P and is a public card used for personal authentication. It is desirable to use a card 33.

  In the case of using JPKI card 33, in addition to address, name, date of birth, basic 4 information of gender, electronic certificate that proves resident card code, public / private key pair, public key (private key) The password for accessing the letter B and the card is stored (saved).

  The notification document C often includes, for example, personal information and extremely sensitive information such as a decision amount for a subsidy application, a notification of disability certification, and a billing amount.

  Next, the operation of the electronic online system 20 will be described with reference to FIG. FIG. 3 is a diagram showing an outline of the application processing flow of the electronic online system 20.

  As shown in FIG. 3, a guide mail about handling of the electronic online system 20 is transmitted from the electronic response system 21 side to the user terminal 23 from the examination terminal 24 on the administrative institution side (step S1). The user terminal 23 accesses the URL, and uses the electronic certificate B to have user (individual) authentication performed by the examination terminal 24 on the electronic response system 21 side (step S2). The electronic response system 21 generates a notification document format list and displays it on the display screen of the user terminal 23 (step S3).

  Next, an acquisition request for the notification document C is made from the user terminal 23 side to the examination terminal 24 side (step S4). Finally, the notification document C requested by the user is transmitted from the examination terminal 24 side to the user terminal 23 side (step S5).

  Next, the encryption notification document C ′ is received on the user terminal 23 side (step S6). Then, the received encryption notification document C ′ is decrypted with the secret key. That is, the secret key is called from the JPKI card 33, decrypted by inputting to the terminal, and the decrypted notification document C is displayed on the display screen.

  In the process from <Step S4> to <Step S5>, specifically, as shown in FIG. 2, communication connection is made from the user terminal 23 side to the examination terminal 24 of the administrative institution that accepts the application.

  In <Step S4>, the examination terminal 24 is provided so that it can be operated by a person in charge of the administrative institution, takes out the format format F2 of the notification document C from the DB 25, and fills in the answer text.

  In addition, various data such as a notification document C completed in an answer sentence, a previously signed application document A, a notification document C, and an electronic certificate B are stored.

  Then, the examination terminal 24 operates the arithmetic processing unit, acquires the electronic certificate B from the signature of the application document A, extracts the public key, and creates the encryption notification document C ′. Then, the encryption notification document C ′ is stored in the DB 25 and is automatically transmitted to the user terminal 23. The user P operates the user terminal 23 to call a secret key from the JPKI card 33 and decrypt the encryption notification document C ′.

  The decrypted notification document C is output in a list format, for example, as shown in FIG. 4 (in this case, an application tool for decryption in advance at the user terminal 23 side) Download). For example, in FIG. 5 (a), as shown in an enlarged view, as [Display Document List], “Acquisition”, “Payment Determination Amount”, and “Issuance Date” are “2006 / 01/12 ”is displayed.

Furthermore, by double-clicking the “payment decision amount notification” field, for example, in FIG. 5B, “File download” “File open” or “Save file to computer” is determined. "Open (O)", "Save (S)", "Cancel", "(Detailed information (M)"), etc. are displayed as items. As shown in Fig. 6, for example, call the [SDI Decrypter V1.0] field, receive the message "Please specify the file path to decrypt", and enter the file path. The received notification document C can be received.

  Therefore, the encryption notification document C ′ transmitted from the administrative institution side to the user terminal 23 side cannot be viewed by a third party other than the person who possesses the secret key, and prevents secret leakage of personal information. An electronic online system can be provided.

  Further, according to the electronic online system 20 of the present invention, a general-purpose IC card, for example, the JPKI card 33, can be used as an IC card used for the user terminal 23, and a dedicated structure for use in the present invention is provided. There is no need to create a card. Therefore, for example, the administrative institution need not newly determine a unique code corresponding to a secret key, and can provide a highly convenient electronic online system that can be adapted to social needs. Although the present invention has been described with reference to a document related to administration with an administrative agency, it is not necessarily limited to this, and it can also be used for general document exchanges that have been encrypted with private institutions. it can.

1 is a block diagram showing the overall configuration of an electronic online system of the present invention. The figure which shows the application process flow in the electronic online system of this invention. The figure which shows the outline | summary of the application process flow of the electronic online system of this invention. The figure which shows the example of a screen of the notification document of the electronic online system of this invention. FIG. 5 is a diagram showing a part of the screen example of FIG. 4 in detail, (a) is a diagram showing a part enlarged, and (b) is a selection obtained by further operating the part shown in (a). The figure which shows the example of a screen. The figure which shows the example of a screen displayed by further selecting operation of the selection screen shown in FIG.5 (b). The block diagram which shows embodiment of the encryption communication system which is a conventional electronic online system.

Explanation of symbols

20 Electronic Online System 21 Electronic Response System 22 Network 23 User Terminal 24 Examination Terminal 25 DB (Notification Document DB)
26 WWW server 27 Application document registration means 28 Electronic certificate acquisition means 29 Public key extraction means 30 Notification document encryption means 31 Private key designation means 32 Notification document decryption means 33 JPKI card (Basic Resident Register card)
A Application document A 'Encryption application document B Electronic certificate C Notification document C' Encryption notification document F1 Application document format format F2 Notification document format format P Applicant

Claims (5)

An electronic response system for receiving and replying to application documents from the user terminal side is provided. This electronic response system includes an application document registration unit, an electronic certificate acquisition unit, a public key extraction unit, and a notification document encryption. Means and a database,
The application document registration means has a function of registering an application document encrypted by associating a user's electronic signature and application document data,
The electronic certificate acquisition means has a function of acquiring an electronic certificate included in application data,
The public key extracting means has a function of extracting a public key of a pair key personally authenticated by the electronic certificate,
The notification document encryption means has a function of encrypting the application document with a public key,
An electronic online system, wherein the database stores a format format of an application document or the like on the user terminal side so as to be output freely. An electronic response system and a user terminal that is communicably connected via a network;
The electronic response system includes an application document registration unit, an electronic certificate acquisition unit, and a notification document encryption unit,
The application document registration means has a function of registering an application document encrypted by associating a user's electronic signature and application document data,
The electronic certificate acquisition means has a function of acquiring an electronic certificate included in application data,
The public key extracting means has a function of extracting a public key of a pair key personally authenticated by the electronic certificate,
The notification document encryption means has a function of encrypting the application document with a public key,
The electronic online system, wherein the user terminal has a function of decrypting the encryption notification document with a secret key of the pair key. The user terminal comprises a secret key designation means, a notification document decryption means, and a card reader that reads an IC card used for the user terminal,
The secret key designating unit has a function of calling the user terminal side using a secret key stored in the IC card,
3. The electronic document according to claim 2, wherein the notification document decryption means has a function of decrypting the encrypted notification document downloaded from the examination terminal side to the user terminal side of the electronic response system with the secret key. Online system. 4. The electronic online system according to claim 3, wherein the user terminal uses an IC card into which a password that can be arbitrarily determined as a secret key for specifying a user of the user terminal is input. 5. The electronic online system according to claim 4, wherein the IC card is a basic resident register card.

Images