JP2009065503A - Electronic signature input system, and electronic signature input method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic signature input system and electronic signature input method in which fraudulent operation is prevented in signature input of an electronic signature and it can be guaranteed with high reliability that a specific individual has signed a specific document. <P>SOLUTION: When creating electronic signature data by inputting a signature by a signer himself/herself, in signature input, ID information identifying a signature input means, signing action information of the signature input means and time information corresponding thereto are monitored and based on the information, fraudulent operation is detected. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an electronic signature input system and an electronic signature input method for generating electronic signature data by inputting a signature by a signer himself / herself for attachment to electronic data such as a document.

  In recent years, various information has been digitized due to the development of electronic information processing equipment. Conventional paper documents are also digitized, such as documents that have public significance.

  On the other hand, the electronic processing of documents and the like has a problem such as easy copying and falsification. From the viewpoint of security, various protection measures represented by encryption and the like have been adopted for digitizing documents and the like.

  In addition, the authentication of a specific individual using a signature or a seal that is normally performed on a conventional paper document cannot be applied to an electronic document or the like as it is. If handwriting and seal stamp data are digitized as they are, as with normal electronic data, copying and falsification are easy and many frauds may be allowed.

  Many electronic signature systems that do not rely on handwritten handwriting have been proposed. However, there are many problems such as requiring a specific certificate authority, registering various data in advance, or requiring a complicated and troublesome authentication procedure.

  On the other hand, a system has been proposed in which a signature is digitized and used on the premise that a handwritten signature by the signer is used (see, for example, Patent Documents 1 and 2).

  For example, the written signature is converted into electronic data and input in the form of pen input as it is on the input screen of the tablet PC. However, just using the signature as electronic data as it is is not sufficient from the viewpoint of security. For example, fraud such as copying the signature data as it is and pasting it into another document is likely to be performed.

  Measures such as encryption processing, associating with documents, and converting signature operations themselves into data are also considered, but they are more complicated than signatures in paper documents and can be judged just by looking at them. This is far from convenient.

  Japanese Patent Application Laid-Open No. 2004-133620 proposes a technique for setting a signature as a digital signature by inputting a set of signature geometric information input by a tablet or the like and timing information of the input. This signature information is encrypted and associated with the document. Copying and pasting the handwriting data to another document is prevented by performing encryption processing with the document as a set. The signature timing information prevents imitation of handwriting.

  Patent Document 2 proposes a technique of digitizing an action for inputting a handwritten signature, a thumbprint, a seal stamp, etc. into action data, and performing a signature process associated with the original document. This is also a signature process that guarantees the association between the action (handwriting data) and the document, that is, guarantees that the action has been performed on the document. There is no need to hide the signature itself, and no registration data is required.

However, in the technique of Patent Document 1, an encryption system is essential, and handwriting data must be registered in advance to authenticate the signature. In the technology of Patent Document 2, only the association between an action (handwriting data) and a document, that is, the guarantee that the action has been performed on the document is guaranteed. It can only be judged by looking at the handwriting as usual.
JP-A-10-91065 JP 2003-134108 A

  As described above, the prior art mainly focuses on the input signature data by associating it with a document and protecting it by encryption. That is, on the premise that the signature is entered correctly, it is prevented from being illegally used or tampered with.

  However, these techniques are not considered for cases where fraud is performed during input. That is, once an illegal signature is made, the protection of the signature is meaningless. There is also no point in preventing signature duplication that is no longer valid.

  As the fraud performed during signature input, it is assumed that a part of the signature is input by other than handwriting, processed by another person, using other input members, or performing some other illegal operation. There is a need for a technology that can more reliably prevent fraud when inputting these signatures.

  An object of the present invention is to solve the above-described problems, prevent an illegal operation when inputting a signature of an electronic signature, and ensure that a specific person has signed a specific document with high reliability. An input system and an electronic signature input method are provided.

  In order to solve the above problems, the present invention has the following features.

  1. In the electronic signature input system, comprising: a signature input unit that the signer itself performs an operation for inputting a signature; and a signature data generation unit that generates electronic signature data based on the signature input by the signature input unit. A signature process monitoring unit that acquires signature operation information related to an input operation from the start to the end of a signature when the signature is input by the unit; and the signature operation information acquired by the signature process monitoring unit when the signature is input by the signature input unit And the signature operation information includes ID information for identifying the signature input means, operation information at the time of inputting the signature of the signature input means, and the operation information. And a time information corresponding to the electronic signature input system.

  2. 2. The electronic signature input system according to 1, wherein the electronic signature data created by the signature data creating unit includes the signature operation information acquired by the signature process monitoring unit.

  3. Signature data protection means for protecting the electronic signature data created by the signature data creation means from unauthorized operations, wherein the signature data protection means is activated upon completion of the signature input The electronic signature input system according to 1 or 2.

  4). The electronic signature input system according to any one of claims 1 to 3, further comprising fraud warning means for issuing a fraud warning when the illegal operation detection means detects an illegal operation.

  5). 5. The electronic signature input system according to claim 1, further comprising: a signature discard unit that invalidates the electronic signature data when the unauthorized operation detection unit detects an unauthorized operation.

  6). An electronic signature input comprising: a signature input step in which a signer himself performs an operation for inputting a signature using a signature input means; and a signature data creation step of creating electronic signature data based on the signature input in the signature input step In the method, a signature process monitoring step of acquiring signature operation information related to an input operation from the start to the end of a signature at the time of signature input in the signature input step, and acquired by the signature process monitoring step at the time of signature input in the signature input step An unauthorized operation detection step for detecting an unauthorized operation based on the signature operation information that has been performed, wherein the signature operation information includes ID information for identifying the signature input means, and operation information at the time of signature input by the signature input means And time information corresponding to the operation information.

  7. 7. The electronic signature input method according to claim 6, wherein the electronic signature data created in the signature data creation step includes the signature operation information acquired by the signature process monitoring step.

  8). A signature data protection step for protecting the electronic signature data created in the signature data creation step from an unauthorized operation, and the signature data protection step is triggered when the signature input ends. Or the electronic signature input method according to 7;

  9. 9. The electronic signature input method according to claim 6, further comprising a fraud warning step for issuing a fraud warning when a fraud operation is detected in the fraud detection step.

  10. 10. The electronic signature input method according to any one of claims 6 to 9, further comprising a signature discarding step of invalidating the electronic signature data when an unauthorized operation is detected in the unauthorized operation detection step.

  According to the electronic signature input system and the electronic signature input method according to the present invention, the following is achieved when inputting the signature by the signer himself and creating the electronic signature data for attachment to electronic data such as a document. it can.

  That is, according to the electronic signature input system and the electronic signature input method according to the present invention, at the time of signature input, ID information for identifying the signature input means, signature operation information by the signature input means, and time information corresponding thereto are obtained. Monitor and detect unauthorized operations based on them.

  Thereby, an illegal operation at the time of inputting a signature of an electronic signature can be prevented, and it can be ensured with high reliability that a specific person has signed a specific document.

  Embodiments of an electronic signature input system and method according to the present invention will be described below with reference to the drawings.

  An electronic signature input system is a digital data processing apparatus having a signature input unit, and uses a CPU to input and display a signer's signature, create electronic signature data, attach it to document data, and for safety Perform protection processing.

  In the electronic signature input system according to the present invention, the process is monitored especially when a signer inputs a signature, and an illegal input operation is detected.

(Hardware configuration of electronic signature input system)
FIG. 1 is a diagram illustrating an example of a hardware configuration of the electronic signature input system 1. In this embodiment, a tablet PC is used as the electronic signature input system 1.

  As shown in FIG. 1, the electronic signature input system 1 includes a CPU 20a, a RAM 20b, a ROM 20c, an operation unit 20d, a display unit 20e, a communication IF unit 20f, an input / output IF unit 20g, and other various circuits or devices. The

  The communication IF unit 20f is, for example, a wireless communication interface circuit, and transmits / receives document data attached with electronic signature data through a network. The display unit 20e is, for example, a liquid crystal display and its drive circuit, and displays document data and electronic signature data processed by the CPU 20a.

  The operation unit 20d is a device that accepts an input operation by a signer or the like. For example, the operation unit 20d includes a combination of an input operation screen of a tablet PC and an input pen member, and inputs a signal indicating the operation content performed by the signer.

  The input / output IF unit 20g is a circuit for reading and inputting data from an external recording medium such as a memory card, or writing to the external recording medium.

  The ROM 20c will be described later with reference to a functional block diagram (FIG. 2). For realizing functions of the signature input unit 201, the signature data creation unit 202, the signature process monitoring unit 203, the unauthorized operation detection unit 204, and the like. Stores programs and data. These programs and data are read into the RAM 20b as necessary, and the programs are executed by the CPU 20a.

  In addition, a storage unit (not shown) for document data and electronic signature data is constructed in the RAM 20b, and the CPU 20a stores and reads data as necessary.

(Functional configuration of electronic signature input system)
FIG. 2 is a diagram illustrating an example of a functional configuration of the electronic signature input system 1. However, only functions related to electronic signature input processing are described. A functional configuration of the electronic signature input process by the electronic signature input system 1 will be described with reference to FIG.

  In FIG. 2, reference numeral 201 denotes a signature input unit which functions as a signature input unit. In the present embodiment, it is assumed that a combination of the input operation screen of the tablet PC and the input pen member functions as the signature input unit 201.

  FIG. 3 is a perspective view showing the external appearance of the tablet PC 2, wherein 21 is an input operation screen, and 22 is an input pen member. FIG. 4 is a block diagram showing a functional configuration of the pen member 22, and FIG. 5 is a signature input screen display example of the input operation screen 21.

  The signer inputs a signature through the signature input unit 201. That is, the signer inputs the signature by handwriting the signature on the direct input operation screen 21 using the pen member 22. Details of the signature input operation will be described later.

  A signature data creation unit 202 functions as a signature data creation unit. The signature input by the signer acquired by the signature input unit 201 is processed to create electronic signature data. The electronic signature data includes data obtained by digitizing handwritten handwriting by the signer.

  The digital signature data may include signature operation information such as operation information and time information from the start to the end of the signature operation. Further, it may be associated with document data to be signed, or may be integrated.

  A signature process monitoring unit 203 functions as a signature process monitoring unit. In response to an operation of inputting a signature by the signature input unit 201, signature operation information such as operation information and time information from the start to the end of the signature input operation is monitored and acquired.

  The signature operation information includes ID information as a signature input device, for example, ID information that can identify the pen member 22 being used. These are used for detecting an unauthorized operation when inputting a signature. Details will be described later.

  Reference numeral 204 denotes an unauthorized operation detection unit that functions as an unauthorized operation detection means. Based on the signature operation information acquired by the signature process monitoring unit 203, it is detected whether or not an illegal operation has been performed at the time of signature input.

  An illegal operation at the time of inputting a signature is, for example, a case where an input other than handwriting is performed on at least a part of the signature, another person processes, or another input pen member is used. Other pen members This includes a case in which some injustice to the input operation is assumed, such as an abnormal ON / OFF operation or an abnormal operation time interval.

  A signature data protection unit 205 functions as a signature data protection unit. When the signature process monitoring unit 203 detects the end of signature input, the digital signature data created by the signature data creation unit 202 is protected against unauthorized operations such as copying and falsification.

  As signature data protection processing, encryption processing or the like is generally performed. There are many known techniques for encryption processing, and any method can be used. Further, in the case of encryption, it is general and desirable to perform encryption processing in consideration of a link with a document to be signed.

  A fraud warning unit 206 functions as a fraud warning unit. When an unauthorized operation detection unit 204 detects an unauthorized operation when inputting a signature, it displays that an unauthorized operation is being performed and warns the signer.

  The warning method is not limited to display. The warning may be made by voice or other general warning signals. The fraud warning may include content indicating the type of fraudulent operation.

  A signature discard unit 207 functions as a signature discard unit. When the unauthorized operation detection unit 204 detects an unauthorized operation when inputting a signature, the electronic signature data created by the signature data creation unit 202 is invalidated and discarded.

  An illegal operation warning by the fraud warning unit 206 and the digital signature data discarding by the signature discarding unit 207 may be performed in conjunction with each other. In that case, it is desirable to display that the unauthorized operation is being performed and to display that the electronic signature data is discarded.

(Signature input operation)
As described above, the electronic signature input system 1 according to this embodiment includes the tablet PC 2 (including the input pen member 22).

  FIG. 3 is a perspective view showing an example of the appearance of the tablet PC 2. The signer inputs the signature by directly writing the signature on the input operation screen 21 of the tablet PC 2 using the pen member 22.

  The signature input operation will be described for the general case where the signer signs the target agreement document.

  The target agreement document is created using an arbitrary text editing application or the like, and an agreement is made between the two parties who are the target of the contract. The agreed document is converted into a format that can be input by the electronic signature input system 1, that is, the tablet PC 2 (including the input pen member 22).

  The agreement document is displayed on the input operation screen 21 of the tablet PC 2. On the screen, the agreed-upon two parties perform a signature operation by handwriting using the input pen member 22 simultaneously or separately. Of course, the creation of the agreement document and the signature input on the input operation screen 21 may be performed by one and the same application.

  Hereinafter, the configuration and operation of the input pen member when inputting a signature and the operation of the tablet PC will be described. These operations are executed by the signature input unit 201 described above.

<Configuration and operation of input pen member>
Here, the configuration and operation of the input pen member 22 used for signature input will be described. FIG. 4 is a configuration diagram illustrating a functional configuration example of the pen member 22.

  As shown in FIG. 4, the appearance of the pen member 22 is the same as that of a normal pen, and it is used and signed in the same manner as a normal pen. The nib member 31 is normally loaded by a spring (not shown) so as to move to the nib side.

  The ON / OFF detection switch 32 detects the movement of the pen tip member 31. The switch 32 is normally OFF, and is ON when the pen tip member 31 is pressed and moved to the pen base side. The I / F circuit 33 converts the result of the ON / OFF detection switch 32.

  The secondary storage unit 34 stores the ID of the input pen member 22 itself. Reference numeral 35 denotes a control unit (CPU), which controls the operation of the input pen member 22 as will be described later and the processing of each functional part for the signal. The communication unit 36 communicates with the tablet PC 2 main body. The power supply unit 37 supplies power to each functional part of the entire input pen member 22.

  The tablet PC 2 itself also has a communication function with the pen member 22 for input, and when inputting a signature, an ON / OFF signal due to the movement of the pen tip member 31, ID information of the input pen member 22 itself, etc. Receive.

  The operation when inputting a signature will be described.

  When the signer uses the pen member 22 and operates the pen member 22 with a writing pressure exceeding the load applied to the pen tip member 31, the pen tip member 31 moves to the pen base side, and the ON / OFF detection switch 32. From OFF to ON.

  The I / F circuit 33 converts an ON / OFF signal accompanying the movement of the pen tip member 31 into digital data and sends the digital data to the control unit 35.

  The control unit 35 acquires ID information in the secondary storage unit 34. The ID information of the pen member 22 is written in the secondary storage unit 34 such as an EEPROM when the pen member 22 is manufactured, and is a unique ID for each pen member 22 and identifies a specific pen member 22. Can do.

  The control unit 35 transmits the ON / OFF signal and the ID information of the pen member 22 to the tablet PC 2 via the communication unit 36. Communication between the input pen member 22 and the tablet PC 2 is performed in accordance with a general communication protocol such as Bluetooth.

<Operation of tablet PC>
Here, the operation of the tablet PC 2 on the communication receiving side from the input pen member 22 will be described. FIG. 5 shows a display example of the input operation screen 21 of the tablet PC 2.

  What is displayed on the input operation screen 21 is a display example of a signature input screen, and shows a signature page of the agreed contract.

  A contract document 41 is displayed on the upper half of the page, and a handwritten signature area 43 is displayed on the lower half. A signature start icon 42 is set at the upper left of the signature area 43, and a signature end icon 44 is set at the lower right.

  When the pen tip member 31 of the input pen member 22 touches the input operation screen 21 of the tablet PC 2 at the time of signature, the contact position information X1 (x1, y1) of the pen tip member 31 on the coordinated input operation screen 21 is obtained. To be acquired. The CPU of the tablet PC 2 draws point information at a corresponding position on the input operation screen 21 based on the acquired position information X1 (x1, y1). In addition, this positional information is set as a set with the above-mentioned information received from the input pen member 22 and stored as signature operation information.

  The start and end timing of the signature input by the input pen member 22 may be acquired using the signature start icon 42 and the signature end icon 44, or the pen tip member 31 in the signature area 43 is turned on / off. You may make it respond | correspond to OFF.

  The signature operation information described above is continuously acquired from the start to the end of signature input by the input pen member 22. These operations are executed by the signature process monitoring unit 203 described above.

<Signature operation information>
Here, the signature operation information monitored and acquired by the signature process monitoring unit 203 when a signature is input will be described. FIG. 6 shows an example of the signature operation information acquired.

  In the example of FIG. 6, data from X1 to X8 is acquired at the time of signature input. These are samples of time and position information between the start and end of signature. That is, time information t1 to t8 from data X1 (signature start) to data X8 (signature end), and pen tip position information (x1, y1) to (x7, y7) corresponding to them (where X8 is (No data) is acquired respectively.

  The ON / OFF information and ID information of the pen tip member 31 received from the pen member 22 are also acquired as a set with the respective data. It can be seen from X1 to X8 that the pen member 22 is operated using the same pen member 22 whose ID is represented by AAA, and the pen tip member 31 is in the ON state during signature input.

  However, in the data X8, the pen tip member 31 is in an OFF state, and the signature is finished. Therefore, the data X8 also includes the pen tip position information (no input).

  Based on the signature operation information monitored by the signature process monitoring unit 203, the above-described unauthorized operation detection unit 204 detects an unauthorized operation when a signature is input.

  An example of the illegal operation detection operation will be described.

To make digital signatures more secure,
It has handwriting data that can authenticate the electronic signature more reliably.
Signature data protection processing such as encryption processing is performed on the electronic signature,
Needless to say, is necessary.

  However, in addition to verification of signature duplication and tampering, it is considered that the following confirmation is necessary in order to verify unauthorized operations in a series of signature input operations.

1. Be signed using the same signature input means,
2. The operation of the signature input means and the signature operation match,
3. The signature input to the document matches the signature operation in time,
4). The signature operation is performed continuously and in a short time.

  In the present embodiment, based on the signature operation information monitored by the signature process monitoring unit 203, the unauthorized operation detection unit 204 can detect an unauthorized operation when a signature is input as follows.

  1. Can be confirmed by confirming that the ID information in the signature operation information is valid and is constant (not changing) during signature input.

  2. Can be confirmed by the fact that the ON / OFF information of the pen tip member 31 matches the operation information of the signature input (input operation is performed in the ON state).

  3. Can be confirmed by the fact that the signature input operation time information matches the signature time recorded in the document.

  4). Can be confirmed by the fact that a series of operation time information for signature input is continuous and completed in a short time.

  In this embodiment, the signature operation information, that is, the ID information for identifying the signature input unit, the signature operation information by the signature input unit, and the corresponding time information are monitored to detect illegal operations during signature input. Operation can be detected.

  Thereby, it can be ensured with higher reliability that a specific individual has signed a specific document with respect to the electronic signature.

  These signature operation information may be included as information in the electronic signature data created by the signature data creation means. Thus, not only can an unauthorized operation be detected when a signature is input, but it can also be useful for detecting an unauthorized operation on electronic signature data performed after the signature is input.

(Signature input processing flow)
FIG. 7 is a flowchart showing a procedure example of an electronic signature input method using the electronic signature input system according to the present embodiment. The flow of the electronic signature input method will be described with reference to FIG.

  In FIG. 7, the start of signature input is detected in step S11.

  Various methods can be used to detect signature input. Here, the signer detects the start of signature input by touching the signature start icon 42 at the upper left of the signature area 43 with the pen member 22 (see FIG. 5). When the signature input is completed, the signature end icon 44 at the lower right of the signature area 43 is touched in the same manner.

  In addition to the above, it is possible to start the signature input when the pen member 22 is first touched in the signature area 43.

  After detecting the start of signature input, as described above, the signature input unit 201 continues the input operation and continues to acquire handwriting data for creating electronic signature data. Therefore, it functions as a signature input process until step S14 for detecting the end of signature input thereafter.

  In step S12, the signature input is started and continued. During this time, the signature process monitoring unit 203 monitors the input operation and continues to acquire the signature operation information. That is, step S12 functions as a signature process monitoring step.

  In step S13, based on the acquired signature operation information, the unauthorized operation detection unit 204 detects whether an unauthorized operation at the time of signature input is performed. That is, step S13 functions as an unauthorized operation detection process.

  If an unauthorized operation is detected in step S13 (step S13: YES), the process proceeds to step S17. If not detected (step S13: NO), step S14 is executed.

  In step S14, it is detected whether or not the signature input is completed. As with the start of the signature input, various detection methods are possible. Here, as in the case of the start of signature input, the signer detects the end of signature input by touching the signature end icon 44 in the lower right of the signature area 43 with the pen member 22 (see FIG. 5).

  If the end of signature input is detected in step S14 (step S14: YES), step S15 is executed. If not detected (step S14: NO), the process returns to step S12, and the signature input process is repeated until the end of signature input is detected in step S14.

  If the end of signature input is detected without detecting an unauthorized operation, electronic signature data is created in step S15. That is, step S15 functions as a signature data creation process.

  The electronic signature data may be created including the signature operation information acquired in the signature process monitoring step. It can be used as information effective for detecting unauthorized operations on electronic signature data.

  When the completion of signature input is detected in step S14, the next step S16 is immediately activated for the electronic signature data created in the signature data creation process. Alternatively, step S16 may be executed concurrently with the electronic data creation step (step S15).

  In step S16, the created electronic signature data is protected. That is, step S16 functions as a signature data protection process.

  The protection process is generally an encryption process or the like in order to prevent copying or falsification of electronic signature data. Here, encryption processing is performed in a state linked to the target document. Any known technique can be used for the encryption process.

  On the other hand, if an unauthorized operation is detected when the signature is input (step S14: NO), a warning is displayed in step S17 that the unauthorized operation has been performed. That is, step S17 functions as a fraud warning process.

  Various methods are possible as described in the method of fraud warning. Here, for example, on the signature area 43 of the input operation screen 21, it is assumed that a display indicating that the signature is determined to be invalid is displayed. Thereafter, the process proceeds to step S18.

  In step S18, the electronic signature data created or being created is invalidated in response to the detection of an unauthorized operation, and the data is discarded. That is, step S18 functions as a signature discarding process.

  Here, it is assumed that the signature is discarded and an additional display is displayed on the signature area 43 of the input operation screen 21 to indicate that the signature has been discarded due to invalidity.

  When the signature data protection process in step S16 or the signature discard process in step S18 is completed, the signature input process is completed. If the signature is discarded, the flow may return to the beginning and re-enter the signature from step S11 if necessary.

(Unauthorized operation detection processing flow)
FIG. 8 is a flowchart showing a detailed procedure example of the unauthorized operation detection step of step S13 in FIG. An example of a detailed flow of the unauthorized operation detection process will be described with reference to FIG.

  In FIG. 8, at the start of the unauthorized operation detection process, the signature operation information has already been sequentially acquired in the signature process monitoring step (step S12). Based on the acquired signature operation information, unauthorized operation detection processing is sequentially performed.

The confirmation items for detecting unauthorized operations are, for example, the following items described above.
1. That the signature can be confirmed using the same signature input means,
2. The operation of the signature input means and the signature operation match,
3. The signature input to the document matches the signature operation in time,
4). The signature operation is performed continuously and in a short time.

  First, in step S21, it is determined whether the input interval is appropriate based on the signature operation information. This is a confirmation necessary for verifying the above-described unauthorized operation (4. The signature operation is performed continuously and in a short time), and a series of operation time information of the signature input is continuous. Make sure it finishes in a short time.

  For example, when the operation time interval t (n + 1) −t (n) is larger than a predetermined time interval ts, it is not considered as a normal signature operation, and it is assumed that an illegal operation may be performed. And process.

  When the input interval is appropriate in step S21 (step S21: YES), the next step S22 is executed. If the input interval is not appropriate (step S21: NO), the process proceeds to step S25, where it is determined that the input is illegal.

  In step S22, it is determined whether or not the same pen (signature input means) is used based on the signature operation information. This is a confirmation necessary for verifying the above-described unauthorized operation (1. It is signed using the same signature input means), the ID information in the signature operation information is valid, and the signature input Confirm that it is constant (no fluctuation).

  For example, if the ID (AAA) of the signature input means changes to ID (BBB) as the operation time changes, this means that the signer has changed or the input means to be used has changed. Process by assuming the possibility of being done.

  If they are the same pen (signature input means) in step S22 (step S22: YES), the next step S23 is executed. If they are not the same pen (signature input means) (step S22: NO), the process proceeds to step S25, where it is determined that the input is illegal.

  In step S23, it is determined whether the pen ON and the operation time information match based on the signature operation information. This is a confirmation necessary for verifying the above-described unauthorized operation (2. The operation of the signature input means and the signature operation are the same), and the operation for inputting the ON / OFF information of the pen tip member and the signature Confirm that the information matches (the input operation is in the ON state).

  For example, if the pen tip member (signature input means) ON state changes to the OFF state before the signature ends, and the number and time of the pen tip member (signature input means) deviate from the set condition range of the normal signature operation, some sort of fraud Processes assuming the possibility of operation.

  If the pen ON and the operation time information match in step S23 (step S23: YES), the next step S24 is executed to determine that the input is not unauthorized. If they do not match (step S23: NO), the process proceeds to step S25, where it is determined that the input is illegal.

  If it is determined in step S24 or step S25 that the input is not an unauthorized input or an unauthorized input, the unauthorized operation detection process ends.

  Although not shown in FIG. 8, a process of confirmation (3. The signature input to the document and the signature operation coincide with each other in time) necessary for verifying the illegal operation described above is added. Also good.

  This is confirmation that the signature input operation time information and the signature time recorded in the document are consistent. For example, the time information obtained as the signature operation information and the signature time information recorded in the document itself. If the time difference from the above is equal to or greater than the predetermined time, the processing is performed assuming that there is a possibility that some kind of unauthorized operation is performed.

  Similarly to the confirmations in steps S21 to S23, this confirmation also proceeds to step S25 unconditionally if it is NO (abnormal), and may be determined as an illegal input.

  That is, each confirmation process for detecting an unauthorized operation is determined not to be an unauthorized input only when all of them are YES (normal).

  Alternatively, instead of making a determination for each confirmation process as described above, an evaluation point weighted for determination is attached, and the evaluation point is summed up to determine unauthorized input. Good.

  As described above, according to the present embodiment, in order to attach to electronic data such as a document, the signature input means identifies the signature input means when inputting the signature by the signer and creating the electronic signature data. The ID information, the signature operation information by the signature input means, and the corresponding time information can be monitored, and an unauthorized operation can be detected based on them.

  Thereby, an illegal operation at the time of inputting a signature of an electronic signature can be prevented, and it can be ensured with high reliability that a specific person has signed a specific document.

  The scope of the present invention is not always limited to the embodiment. Unless it deviates from the meaning of this invention, those changed forms are also included in the range.

It is a figure which shows the example of the hardware constitutions of the electronic signature input system which concerns on this embodiment. It is a figure which shows the example of a function structure of the electronic signature input system which concerns on this embodiment. It is a perspective view which shows the external appearance example of tablet PC. It is a block diagram which shows the function structural example of a pen member. It is a screen display example for signature input of the input operation screen of the tablet PC. It is a figure which shows the example of the signature operation information acquired at a signature process monitoring process. It is a flowchart which shows the example of a procedure of an electronic signature input process. It is a flowchart which shows the example of a procedure of the unauthorized operation detection process in FIG.

Explanation of symbols

1 Electronic signature input system 2 Tablet PC
DESCRIPTION OF SYMBOLS 21 Input operation screen 22 Input pen member 31 Pen tip member 32 ON / OFF detection switch 33 I / F circuit 34 Secondary storage part 35 Control part 36 Communication part 37 Power supply part 41 Document display 42 Signature start icon 43 Signature area | region 44 Signature End icon 201 Signature input unit 202 Signature data creation unit 203 Signature process monitoring unit 204 Unauthorized operation detection unit 205 Signature data protection unit 206 Fraud warning unit 207 Signature discard unit 208 Data analysis unit 209 Data creation unit 210 Data transmission unit

Claims (10)

A signature input means by which the signer himself performs an operation for inputting a signature;
An electronic signature input system comprising: signature data creation means for creating electronic signature data based on signature input by the signature input means;
A signature process monitoring unit that acquires signature operation information related to an input operation from the start to the end of a signature when a signature is input by the signature input unit;
An unauthorized operation detection unit that detects an unauthorized operation based on the signature operation information acquired by the signature process monitoring unit when a signature is input by the signature input unit;
The signature operation information is
ID information for identifying the signature input means;
Operation information at the time of signature input of the signature input means,
And a time information corresponding to the operation information. The electronic signature input system according to claim 1, wherein the electronic signature data created by the signature data creation unit includes the signature operation information acquired by the signature process monitoring unit. Signature data protection means for protecting the electronic signature data created by the signature data creation means from unauthorized operation,
The electronic signature input system according to claim 1 or 2, wherein the signature data protection means is activated upon completion of the signature input. 4. The electronic signature input system according to claim 1, further comprising fraud warning means for issuing a fraud warning when the fraudulent operation detection means detects an illegal operation. 5. The electronic signature input system according to claim 1, further comprising: a signature discarding unit that invalidates the electronic signature data when the unauthorized operation detecting unit detects an unauthorized operation. A signature input process in which the signer himself performs an operation for inputting a signature using a signature input means;
In an electronic signature input method comprising: a signature data creation step of creating electronic signature data based on a signature input in the signature input step,
A signature process monitoring step of acquiring signature operation information related to an input operation from the start to the end of the signature at the time of signature input in the signature input step;
An unauthorized operation detection step of detecting an unauthorized operation based on the signature operation information acquired by the signature process monitoring step when a signature is input in the signature input step,
The signature operation information is
ID information for identifying the signature input means;
Operation information at the time of signature input of the signature input means,
And a time information corresponding to the operation information. The electronic signature input method according to claim 6, wherein the electronic signature data created in the signature data creation step includes the signature operation information acquired by the signature process monitoring step. A signature data protection step for protecting the electronic signature data created in the signature data creation step from unauthorized operation,
The electronic signature input method according to claim 6 or 7, wherein the signature data protection step is activated upon completion of the signature input. 9. The digital signature input method according to claim 6, further comprising a fraud warning step for issuing a fraud warning when a fraud operation is detected in the fraud detection step. The electronic signature input method according to any one of claims 6 to 9, further comprising a signature discarding step of invalidating the electronic signature data when an unauthorized operation is detected in the unauthorized operation detection step. .

Images