JP2009134598A - Workflow system, flow control apparatus, approval apparatus, program and workflow method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique for implementing a workflow that discloses only particular information (items) to particular persons. <P>SOLUTION: In a workflow system, an application created by an application apparatus 130 is sent to a flow control apparatus 140. The flow control apparatus 140 generates an encrypted application containing encrypted items that are particular items of the application encrypted with item common keys specific to the items, key encryption information that is the item common keys encrypted with encryption keys specific to authorities, and a browse part management table specifying browsable items specific to the authorities, and sends it to an approval apparatus 160 according to an approval order. The approval apparatus 160 decrypts the items depending on user authority from the encrypted application for examination and other processes. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention is a technique related to a workflow in which specific information is transmitted from a flow control device to an approval device, and the approval device performs specific processing.

  In recent years, with the development of information and communication equipment, many of the documents that have been printed on paper have been digitized, and the processing of documents such as document review, circulation, and approval has become electronic. It has come to be performed using a simple workflow system.

  And it is desirable not to disclose the digitized document (electronic document) exchanged in the workflow system to anyone other than the necessary person from the viewpoint of safety.

  Therefore, for example, the technique described in Patent Document 1 describes a technique for performing a workflow so that the application form is not disclosed to anyone other than a specific person by encrypting the application form exchanged in the workflow.

JP 2005-184222 A

  Among application forms (electronic documents) processed by the workflow system, it may be desirable to make certain items undisclosed depending on the examiner who conducts the examination from the viewpoint of protecting personal information.

  On the other hand, in the technique described in Patent Document 1, since the entire application form is encrypted, it is impossible to disclose only specific information to a specific person and perform a workflow.

  Therefore, an object of the present invention is to provide a technique that can disclose only specific information (items) to a specific person and execute a workflow.

  In order to solve the above problems, the present invention encrypts an item common key obtained by encrypting a specific item with an encryption key for each authority, so that a user having a decryption key corresponding to the specific authority With the decryption key, the specific item common key is decrypted, and the specific item encrypted using the decrypted item common key can be decrypted.

  For example, the present invention is a workflow system including an application device, a flow control device, and an approval device, wherein the control unit of the application device receives information via an input unit, generates an application, and a transmission / reception unit And processing for transmitting the generated application form to the flow control device, and the flow control device performs browsing location management information for identifying items viewable in the application form for each authority, and encryption for each authority. A storage unit that stores authority key information that identifies an activation key, and an approval order information that identifies an approval order of the application, and a control unit, wherein the control unit of the flow control device is an item of the application By using the item common key generated every time, the corresponding item is encrypted, and the items that can be browsed in the application form for each authority from the process of generating the encrypted item and the browsing location management information specific A process for generating key encryption information by encrypting an item common key corresponding to the specified item with an encryption key for each authority specified by the authority key information, the browsing location management information, Sending the encryption application form to the approval device in an approval order specified by the approval order information via a process of generating an encryption application form including encryption items and the key encryption information, and a transmission / reception unit And the controller of the approval device corresponds to the authority that the user of the approval device has the key encryption information included in the encryption application received via the transmission / reception unit. Browsing with the authority of the user of the approval device from the process of acquiring the item common key corresponding to the authority by decrypting with the decryption key and the browsing location management information included in the encryption application Identify items that can A processing that, the encrypted items corresponding to the specified item acquired from the encryption application, the acquired encrypted item, the process of decrypting an item common key decrypted by performing, characterized.

  As described above, according to the present invention, it is possible to provide a technique capable of executing a workflow by disclosing only specific information (items) to a specific person.

  FIG. 1 is a schematic diagram of a workflow system 100 according to the first embodiment of the present invention.

  As shown in the figure, the workflow system 100 includes a key management device 110, an application device 130, a flow control device 140, an approval device 160, a storage device 170, and a key update device 180. The network 190 can exchange information with each other.

  FIG. 2 is a schematic diagram of the key management device 110.

  As illustrated, the key management apparatus 110 includes a storage unit 111, a control unit 115, an input unit 119, an output unit 120, and a transmission / reception unit 121.

  The storage unit 111 includes a user information storage area 112, a secret key storage area 113, and a public key storage area 114.

  The user information storage area 112 stores information for specifying the authority for each user in the workflow system 100, information for specifying the key for each authority, and information for specifying the key for each user. .

  For example, in the present embodiment, a user table 112a as shown in FIG. 3 (schematic diagram of the user table 112a), an authority key table 112g as shown in FIG. 4 (schematic diagram of the authority key table 112g), and FIG. A user key table 112l as shown in (schematic diagram of the user key table 112l) is stored in the user information storage area 112.

  As shown in FIG. 3, the user table 112a includes a user name column 112b, a right 1 column 112c, a right 2 column 112d, and a right 3 column 112e.

  The user name column 112b stores information for identifying the user of the workflow system 100. Here, in the present embodiment, a user name is used as information for specifying a user, but the present invention is not limited to such a mode.

  In the authority 1 column 112c, information for specifying whether or not the user specified in the user name column 112b has a predetermined authority 1 is stored. Here, in this embodiment, when the user specified in the user name field 112b has a predetermined authority 1, a symbol “◯” is stored in the record field corresponding to the user, If authority 1 is not possessed, the record field is left blank.

  In the authority 2 column 112d, information for specifying whether or not the user specified in the user name column 112b has a predetermined authority 2 is stored. Here, in the present embodiment, when the user specified in the user name field 112b has a predetermined authority 2, a symbol “◯” is stored in the record field corresponding to the user, When authority 2 is not possessed, the record field is left blank.

  The authority 3 column 112e stores information specifying whether or not the user specified in the user name column 112b has the predetermined authority 1. Here, in the present embodiment, when the user specified in the user name field 112b has a predetermined authority 3, a symbol “◯” is stored in the record field corresponding to the user, When authority 3 is not possessed, the record field is left blank.

  In the present embodiment, whether or not each user has authority is indicated by “◯” or blank in the record, but the present invention is not limited to such a mode.

  As shown in FIG. 4, the authority key table 112g includes an authority field 112h, an authority private key field 112i, and an authority public key field 112j.

  In the authority column 112h, information for specifying authority predetermined in the workflow system 100 is stored.

  In the authority private key column 112i, information for specifying a secret key corresponding to the authority specified in the authority column 112h is stored.

  The authority public key column 112j stores information for specifying a public key corresponding to the authority specified in the authority column 112h.

  As shown in FIG. 5, the user key table 112l includes a user name column 112m, a user secret key column 112n, and a user public key column 112o.

  The user name column 112m stores information for identifying the user of the workflow system 100. Here, in the present embodiment, a user name is used as information for specifying a user, but the present invention is not limited to such a mode.

  The user secret key column 112n stores information for specifying the secret key corresponding to the user specified in the user name column 112m.

  The user public key column 112o stores information for specifying a public key corresponding to the user specified in the user name column 112m.

  Returning to FIG. 2, the secret key storage area 113 stores the secret key managed in the user information storage area 112.

  The public key storage area 114 stores a public key managed in the user information storage area 112.

  The control unit 115 includes a user management unit 116, a key generation unit 117, and a transmission / reception processing unit 118.

  The user management unit 116 performs processing for managing the authority of the user of the workflow system 100.

  Specifically, when the user management unit 116 receives information specifying an instruction to add, change, or delete a user authority via the transmission / reception unit 121 described later, the user stored in the user information storage area 112 New information is added to the table 112a, authority key table 112g, and user key table 112l, information already stored is changed, or information already stored is deleted.

  The key generation unit 117 performs a process of generating a private key / public key pair for each user of the workflow system 100 and storing them in the private key storage area 113 and the public key storage area 114, respectively.

  Further, the key generation unit 117 generates a pair of a secret key and a public key for each predetermined authority in the workflow system 100.

  The transmission / reception processing unit 118 controls transmission / reception of information in the network 190 via a transmission / reception unit 121 described later.

  In particular, in the present embodiment, a process of transmitting the secret key or public key generated by the key generation unit 117 to the approval device 160 or the flow control device 140 is performed.

  The input unit 119 receives input of information from the operator of the key management device 110.

  The output unit 120 outputs information.

  The transmission / reception unit 121 is an interface for transmitting / receiving information via the network 190.

  The key management device 110 described above includes, for example, an external storage device such as a CPU (Central Processing Unit) 501, a memory 502, and an HDD (Hard Disk Drive) as shown in FIG. 6 (schematic diagram of the computer 500). 503, a reading device 505 for reading information from a portable storage medium 504 such as a CD-ROM (Compact Disk Read Only Memory) and a DVD-ROM (Digital Versatile Disk Read Only Memory), and an input device such as a keyboard and a mouse 506, an output device 507 such as a display, and a communication device 508 such as a NIC (Network Interface Card) for connecting to a communication network.

  For example, the storage unit 111 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and the control unit 115 loads a predetermined program stored in the external storage device 503 into the memory 502. The input unit 119 can be realized by the CPU 501 using the input device 506, and the output unit 120 can be realized by the CPU 501 using the output device 507. The transmission / reception unit 121 can be realized by the CPU 501 using the communication device 508.

  The predetermined program is downloaded from the storage medium 504 via the reading device 505 or from the network via the communication device 508 to the external storage device 503, and then loaded onto the memory 502 and executed by the CPU 501. You may do it. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 504 via the reading device 505 or from the network via the communication device 508 and executed by the CPU 501.

  FIG. 7 is a schematic diagram of the application apparatus 130.

  As illustrated, the application device 130 includes a storage unit 131, a control unit 132, an input unit 135, an output unit 136, and a transmission / reception unit 137.

  The storage unit 131 stores an application form input via the application form input screen sent from the flow control device 140.

  The control unit 132 includes an application form creation unit 133 and a transmission / reception processing unit 134.

  The application form creation unit 133 receives input of information necessary for the application form from the operator of the application apparatus 130 and performs processing for generating an application form.

  Specifically, the application form creation unit 133 displays the application form input screen received by the transmission / reception processing unit 134 via the transmission / reception unit 137 on the output unit 136, and inputs the input unit 135 to the displayed application form input screen. Accept the input of necessary information through and generate an application form.

  The transmission / reception processing unit 134 controls transmission / reception of information in the network 190 via a transmission / reception unit 137 described later.

  In particular, in the present embodiment, the transmission / reception processing unit 134 is generated with processing for acquiring an application form input screen from the flow control device 140 via the transmission / reception unit 137 in response to a request from the application creation unit 133. Processing for transmitting the application form to the flow control device 140 is performed.

  The input unit 135 receives information input from the operator of the application apparatus 130.

  The output unit 136 outputs information.

  The transmission / reception unit 137 is an interface for transmitting / receiving information via the network 190.

  The application device 130 described above can be realized by, for example, a general computer 500 as shown in FIG.

  For example, the storage unit 131 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and the control unit 132 loads a predetermined program stored in the external storage device 503 into the memory 502. The input unit 135 can be realized by using the input device 506 by the CPU 501, and the output unit 136 can be realized by using the output device 507 by the CPU 501. The transmission / reception unit 137 can be realized by the CPU 501 using the communication device 508.

  The predetermined program is downloaded from the storage medium 504 via the reading device 505 or from the network via the communication device 508 to the external storage device 503, and then loaded onto the memory 502 and executed by the CPU 501. You may do it. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 504 via the reading device 505 or from the network via the communication device 508 and executed by the CPU 501.

  FIG. 8 is a schematic diagram of the flow control device 140.

  As illustrated, the flow control device 140 includes a storage unit 141, a control unit 147, an input unit 155, an output unit 156, and a transmission / reception unit 157.

  The storage unit 141 includes a user management information storage area 142, a public key storage area 143, an encryption application form storage area 144, a browsing location management information storage area 145, and a flow control information storage area 146.

  In the user management information storage area 142, information for specifying the authority for each user of the workflow system 100, information for specifying a public key for the authority for each authority predetermined in the workflow system 100, and the workflow system For each 100 users, information specifying the public key for the user is stored.

  For example, in the present embodiment, the user table 112a sent from the key management apparatus 110 as shown in FIG. 3, and the authority public key table 142a as shown in FIG. 9 (schematic diagram of the authority public key table 142a) A user public key table 142e as shown in FIG. 10 (schematic diagram of the user public key table 142e) is stored in the user management information storage area 142. Note that the user table 112a need not be described because it can be stored as it is sent from the key management device 110.

  As shown in FIG. 9, the authority public key table 142a includes an authority field 142b and an authority public key field 142c.

  In the authority column 142b, information for specifying authority predetermined in the workflow system 100 is stored. Here, in this embodiment, a natural number starting from 1 is assigned to each authority as information for specifying the authority. However, the present invention is not limited to such a mode.

  In the authority public key column 142c, information for specifying a public key corresponding to the authority specified in the authority column 142b is stored.

  As shown in FIG. 10, the user public key table 142e includes a user name field 142f and a user public key field 142g.

  The user name column 142f stores information for identifying the user of the workflow system 100. Here, in the present embodiment, a user name is used as information for specifying a user, but the present invention is not limited to such a mode.

  The user public key column 142g stores information for specifying the user's public key specified in the user name column 142f.

  The public key storage area 143 stores the public key managed in the user management information storage area 142.

  The encryption application form storage area 144 stores an encryption application form that is an encrypted application form. The encryption application form is generated by the encryption unit 152 or the re-encryption unit 153 described later.

  The browsing location management information storage area 145 stores information for specifying the browsing location in the application for each authority.

  For example, in the present embodiment, a browsing location management table 145a as shown in FIG. 11 (schematic diagram of the browsing location management table 145a) is stored.

  The browsing location management table 145a includes an authority column 145b, an item 1 column 145c, an item 2 column 145d, an item 3 column 145e, an item 4 column 145f, and an item 5 column 145g.

  In the authority column 145b, information for specifying authority predetermined in the workflow system 100 is stored.

  In the item 1 column 145c, information specifying whether or not the user having the authority specified in the authority column 145b shakes the authority to view the predetermined item 1 (at least one item) in the application form. Is stored. Here, in this embodiment, when the user having the authority specified in the authority column 145b has the authority to view the predetermined item 1, “○” is displayed in the record column corresponding to the authority. Is stored, and when the user does not have the authority to view item 1, the field of the record is blank.

  In the item 2 column 145d, information specifying whether or not the user having the authority specified in the authority column 145b shakes the authority to view the predetermined item 2 (at least one item) in the application form. Is stored. Here, in the present embodiment, when the user having the authority specified in the authority column 145b has the authority to browse the predetermined item 2, “○” is displayed in the record column corresponding to the authority. Is stored, and if the user does not have the authority to view item 2, the field of the record is blank.

  In the item 3 column 145e, information specifying whether or not the user having the authority specified in the authority column 145b shakes the authority to view the predetermined item 3 (at least one item) in the application form. Is stored. Here, in the present embodiment, when the user having the authority specified in the authority column 145b has the authority to browse the predetermined item 3, “○” is displayed in the record column corresponding to the authority. Is stored, and if the user does not have the authority to view item 3, the field of the record is blank.

  In the item 4 column 145f, information specifying whether or not the user having the authority specified in the authority column 145b shakes the authority to view the predetermined item 4 (at least one item) in the application form. Is stored. Here, in this embodiment, when the user having the authority specified in the authority column 145b has the authority to browse the predetermined item 4, “◯” is displayed in the record column corresponding to the authority. Is stored, and the field of the record is blank when the user does not have the authority to view the item 4.

  In the item 5 column 145g, information specifying whether or not the user having the authority specified in the authority column 145b shakes the authority to view the predetermined item 5 (at least one item) in the application form. Is stored. Here, in this embodiment, when the user having the authority specified in the authority column 145b has the authority to view the predetermined item 5, “○” is displayed in the record column corresponding to the authority. Is stored, and when the user does not have the authority to view item 5, the field of the record is blank.

  Returning to FIG. 8, the flow control information storage area 146 stores information for specifying the order in which the application forms are processed and information for specifying the level of processing for the application forms.

  For example, in the present embodiment, an approval order table 146a as shown in FIG. 12 (schematic diagram of the approval order table 146a) and a status table 146e as shown in FIG. 13 (schematic diagram of the status table 146e) are stored. Is done.

  As shown in FIG. 12, the approval order table 146a includes an approval order column 146b and an authority column 146c.

  In the approval order column 146b, information for specifying the order in which the application forms are approved is stored. Here, natural numbers are stored so that serial numbers are sequentially from one.

  The authority column 146c stores information for specifying the authority to perform approval in the order specified in the approval order column 146b.

  Here, in the authority column 146c, “or condition” is indicated when a plurality of authorities are connected by a symbol “|”, and “and condition” is indicated when they are connected by a symbol “&”. Shall be shown. For example, the notation “(authority 1 | authority 2) & authority 4” in FIG. 12 indicates that either authority 1 or authority 2 approves and authority 4 approves.

  As shown in FIG. 13, the status table 146e includes an ID number column 146f, a status column 146g, and an application form column 146j.

  The ID number column 146f stores information for specifying an ID number that is identification information for identifying the application.

  The status column 146g has a process number column 146h and an approved list column 146i.

  The process number field 146h stores information for identifying which order of approval orders specified in the approval order field 146b in the approval order table 146a is received by the application specified in the ID number field 146f. Is done.

  The approved list column 146i stores information for specifying the authority that has already been approved in the approval order specified in the process number column 146h.

  Then, by receiving approval from all authorities satisfying the conditions specified in the authority field 146c corresponding to the process order specified in the process number field 146h, the process order is advanced by one, and the process number field 146h is “1”. ] And the approved list column 146i is deleted.

  The application form field 146j stores information for identifying the application form file specified in the ID number field 146f.

  Returning to FIG. 8, the control unit 147 includes a user management unit 148, an authentication processing unit 149, a flow control unit 150, an application form reception unit 151, an encryption unit 152, a re-encryption unit 153, and a transmission / reception process. Unit 154.

  The user management unit 148 receives the user table 112a, the public key table 114a, and the authority public key from the key management device 110 via the transmission / reception unit 157 described later, and receives the user management information storage area 142 and the public key. Processing to be stored in the storage area 143 is performed.

  The authentication processing unit 149 authenticates an approval device 160 described later. Specific authentication processing will be described later.

  The flow control unit 150 controls processing performed on the application form received from the application apparatus 130.

  Specifically, the flow control unit 150 updates the status table 146e by transmitting an encryption application to the approval device 160 according to the approval order identified in the status table 146e and receiving the examination result. Perform the process.

  In response to an application form input screen transmission request from the application device 130, the application form reception unit 151 transmits the application form input screen to the application device 130, and transmits and receives the application form input via the application form input screen. The data is received via the unit 157.

  The encryption unit 152 encrypts the application form received by the application form accepting unit 151 for each authority with an authority public key for each authority, generates an encryption application form, and stores the encrypted application form. Processing to be stored in the area 144 is performed.

  In addition, upon receiving the examination result from the approval device 160, the encryption unit 152 updates the encryption application by encrypting the examination result (including comments in the examination) and adding it to the encryption application. The process which memorize | stores in the chemical-application form storage area 144 is performed.

  When the user authority is changed or deleted, the re-encryption unit 153 re-encrypts the application form according to an instruction from the key update device 180 described later to generate an encrypted application form. The process which memorize | stores in the chemical-application form storage area 144 is performed.

  The transmission / reception processing unit 154 controls transmission / reception of information in the network 190 via a transmission / reception unit 157 described later.

  The input unit 155 receives input of information from the operator of the flow control device 140.

  The output unit 156 outputs information.

  The transmission / reception unit 157 is an interface for transmitting and receiving information via the network 190.

  The flow control device 140 described above can be realized by, for example, a general computer 500 as shown in FIG.

  For example, the storage unit 141 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and the control unit 147 loads a predetermined program stored in the external storage device 503 into the memory 502. The input unit 155 can be realized by using the input device 506 by the CPU 501, and the output unit 156 can be realized by using the output device 507 by the CPU 501. The transmission / reception unit 157 can be realized by the CPU 501 using the communication device 508.

  The predetermined program is downloaded from the storage medium 504 via the reading device 505 or from the network via the communication device 508 to the external storage device 503, and then loaded onto the memory 502 and executed by the CPU 501. You may do it. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 504 via the reading device 505 or from the network via the communication device 508 and executed by the CPU 501.

  FIG. 14 is a schematic diagram of the approval device 160.

  As shown in the figure, the approval device 160 includes a storage unit 161, a control unit 163, an input unit 167, an output unit 168, and a transmission / reception unit 169.

  The storage unit 161 includes a secret key storage area 162.

  The secret key storage area 162 stores the secret key of the user who performs the examination using the approval device 160 and the authority secret key corresponding to the authority of the user. Note that these secret keys have been generated by the key management device 110.

  The control unit 163 includes an application form processing unit 164, a decryption processing unit 165, and a transmission / reception processing unit 166.

  The application form processing unit 165 performs processing for acquiring an encryption application form from the flow control device 140.

  Further, the application form processing unit 165 outputs the application form decrypted by the decryption processing unit 164 described later to the output unit 168 described later, and accepts the input of the examination result from the user of the approval device 160 via the input unit.

  The decryption processing unit 164 decrypts the encryption application form acquired from the flow control device 140.

  The transmission / reception processing unit 166 controls transmission / reception of information in the network 190 via a transmission / reception unit 169 described later.

  In particular, in the present embodiment, the application form processing unit 165 controls the process of transmitting the examination result received through the input unit 167 to the flow control device 140.

  The input unit 167 receives input of information from the operator of the approval device 160.

  The output unit 168 outputs information.

  The transmission / reception unit 169 is an interface for transmitting and receiving information via the network 190.

  The approval device 160 described above can be realized by a general computer 500 as shown in FIG. 6, for example.

  For example, the storage unit 161 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and the control unit 163 loads a predetermined program stored in the external storage device 503 into the memory 502. The input unit 167 can be realized by using the input device 506 by the CPU 501, and the output unit 168 can be realized by using the output device 507 by the CPU 501. The transmission / reception unit 169 can be realized by the CPU 501 using the communication device 508.

  The predetermined program is downloaded from the storage medium 504 via the reading device 505 or from the network via the communication device 508 to the external storage device 503, and then loaded onto the memory 502 and executed by the CPU 501. You may do it. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 504 via the reading device 505 or from the network via the communication device 508 and executed by the CPU 501.

  FIG. 15 is a schematic diagram of the storage device 170.

  As illustrated, the insurance device 170 includes a storage unit 171, a control unit 174, and a transmission / reception unit 179.

  The storage unit 171 includes a secret key storage area 172 and an application form storage area 173.

  The secret key storage area 172 stores information for specifying a secret key for decrypting the encryption application. Here, in the present embodiment, secret keys corresponding to all authorities predetermined in the workflow system 100 are stored.

  The application form storage area 173 stores the application form decrypted by the decryption processing unit 176 described later.

  The control unit 174 includes an application form acquisition processing unit 175, a decryption processing unit 176, an application form storage processing unit 177, and a transmission / reception processing unit 178.

  The application form acquisition processing unit 175 controls processing for acquiring the encryption application form from the flow control device 140.

  The decryption processing unit 176 performs processing for decrypting the encrypted application form acquired by the application form acquisition processing unit 175.

  The application form storage processing unit 177 performs processing for storing the application form decrypted by the decryption processing unit 176 in the application form storage area 173.

  The transmission / reception processing unit 178 controls transmission / reception of information in the network 190 via a transmission / reception unit 179 described later.

  The transmission / reception unit 179 is an interface for transmitting / receiving information via the network 190.

  The storage device 170 described above can be realized by a general computer 500 as shown in FIG. 6, for example.

  For example, the storage unit 171 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and the control unit 174 loads a predetermined program stored in the external storage device 503 into the memory 502. The transmission / reception unit 179 can be realized by using the communication device 508 by the CPU 501.

  The predetermined program is downloaded from the storage medium 504 via the reading device 505 or from the network via the communication device 508 to the external storage device 503, and then loaded onto the memory 502 and executed by the CPU 501. You may do it. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 504 via the reading device 505 or from the network via the communication device 508 and executed by the CPU 501.

  FIG. 16 is a schematic diagram of the key update device 180.

  As illustrated, the key update device 180 includes a storage unit 181, a control unit 183, an input unit 186, an output unit 187, a transmission / reception unit 188, and a reading unit 189.

  The storage unit 181 includes a key encryption information storage area 182.

  The key encryption information storage area 182 stores the updated authority private key generated and encrypted by the key management apparatus 110 when the secret key and public key corresponding to each authority are updated.

  The control unit 183 includes a key update processing unit 184 and a transmission / reception processing unit 185.

  The key update processing unit 184 performs processing for changing the pre-update secret key stored in the IC card read via the reading unit 189, which will be described later, to the post-update secret key generated by the key management device 110. Do.

  The transmission / reception processing unit 185 controls transmission / reception of information in the network 190 via a transmission / reception unit 188 described later.

  The input unit 186 receives input of information from the operator of the key update device 180.

  The output unit 187 outputs information.

  The transmission / reception unit 188 is an interface for transmitting and receiving information via the network 190.

  The reading unit 189 is an interface that performs processing for storing information in a storage medium such as an IC card or acquiring information from the storage medium.

  The key update device 180 described above can be realized, for example, by attaching a reader / writer device (not shown) to a general computer 500 as shown in FIG.

  For example, the storage unit 181 can be realized by the CPU 501 using the memory 502 or the external storage device 503, and the control unit 183 loads a predetermined program stored in the external storage device 503 into the memory 502. The input unit 186 can be realized by the CPU 501 using the input device 506, and the output unit 187 can be realized by the CPU 501 using the output device 507. The transmission / reception unit 188 can be realized by the CPU 501 using the communication device 508. The reading unit 189 can be realized by the CPU 501 using a reader / writer device attached to the computer 500.

  The predetermined program is downloaded from the storage medium 504 via the reading device 505 or from the network via the communication device 508 to the external storage device 503, and then loaded onto the memory 502 and executed by the CPU 501. You may do it. Alternatively, the program may be directly loaded on the memory 502 from the storage medium 504 via the reading device 505 or from the network via the communication device 508 and executed by the CPU 501.

  FIG. 17 is a sequence diagram when the workflow system 100 processes an application form.

  In this sequence, key information used by the approval device 160, the flow control device 140, and the storage device 170 is transmitted from the key management device 100 through a predetermined method (for example, transmission via the network 190, tamper resistance such as an IC card). It is assumed that the data has already been transferred to these devices by storing and transmitting in a device having the characteristics.

  First, the application form creation unit 133 of the application apparatus 130 transmits an application form input screen transmission request to the flow control apparatus 140 via the transmission / reception processing unit 134 (S10).

  In the flow control apparatus 140 that has received such an application form input screen transmission request, the application form receiving unit 151 sends a predetermined application form input screen to the application apparatus 130 (S11).

  In the application device 130, the application form creation unit 133 displays the received application form input screen on the output unit 136, and the input of the necessary information is received and input from the operator of the application device 130 via the input unit 135. An application form is created from the received information and transmitted to the flow control device 140 via the transmission processing unit 134 (S12).

  The application form may be created, for example, by displaying an application form input screen in a browser and inputting necessary items here. Alternatively, it may be performed by reading a paper application form with a scanner or the like, reading information in the application form using an OCR (Optical Character Recognition) device or the like, and importing the information with a browser.

  Next, the application form reception unit 151 of the flow control device 140 outputs the received application form to the encryption unit 152, and the encryption unit 152 encrypts the application form, generates an encryption application form, The certificate acceptance unit 151 stores the encryption application in the encryption application storage area 144 (S13). In addition, the process in which the encryption part 152 encrypts an application form in step S13 is explained in full detail using FIG.

  Next, the application form processing unit 164 of the approval device 160 transmits an application form examination processing request to the flow control device 140 using the transmission / reception processing unit 166 in accordance with a user instruction of the approval device 160 (S14). Here, in the present embodiment, it is assumed that the application form review process request is transmitted including the user name that identifies the user of the approval device 160.

  In the flow control device 140 that has received such an application form review processing request, the flow control unit 150 sends an authentication information sending request to the approval device 160 that has transmitted the application form review processing request via the transmission / reception processing unit 154. Is returned (S15). Here, in the present embodiment, the flow control unit 150 generates a random character string, and publishes the random character string corresponding to the user name included in the application form examination processing request (corresponding to the user name). Stored in the key storage area 143) and sent back in the authentication information sending request.

  Then, in the approval device 160 that has received the authentication information sending request, the application form processing unit 164 creates authentication information and sends the created authentication information to the flow control device 140 via the transmission / reception processing unit 166 (S16). . Here, in the present embodiment, the application form processing unit 164 decrypts the encrypted random character string included in the authentication information sending request using the secret key of the user of the approval device 160, and decrypts it. The decrypted result is transmitted as authentication information.

  The authentication processing unit 149 of the flow control device 140 performs authentication processing based on whether or not the authentication information received from the approval device 160 matches the random character string transmitted to the approval device 160. If the authentication is successful (authentication) When the information and the random character string transmitted to the approval device 160 match), the application list showing the list of ID numbers of the applications waiting for approval is transmitted to the approval device 160 (S17). ).

  Next, when the application form processing unit 164 of the approval device 160 outputs the received application list waiting for approval to the output unit 168 and receives the designation of the application form to be examined via the input unit 167, The ID number of the application form is transmitted to the flow control device 140 (S18).

  Then, the flow control unit 150 of the flow control device 140 acquires the encryption application corresponding to the received ID number from the encryption application storage area 144 and transmits it to the approval device 160 (S19).

  In the approval device 160 that has received such an encryption application form, the application form processing unit 164 outputs the encryption application form to the decryption processing unit 165, and the decryption processing unit 165 decrypts the encrypted application form and decrypts it. The application form is displayed on the output unit 168, and input of comments and examination results is received from the user of the approval device 160 via the input unit 167 (S20).

  Then, the transmission / reception processing unit 166 of the approval device 160 adds the received comment and the examination result to the encryption application form, and transmits the encrypted application to the flow control device 140 (S21).

  Next, the encryption unit 152 of the flow control device 140 encrypts the received examination result and comment with the public key corresponding to the authority of the user who conducted the examination, and adds it to the encryption application form. The encryption application is updated and stored in the encryption application storage area 144 (S22).

  In addition, about the process from step S14 to step S22, it shall be repeatedly performed until required approval is obtained with respect to an application.

  Next, the flow control unit 150 of the flow control device 140 transmits the encryption application form for which necessary flow processing has been completed to the storage device 170 (S23).

  In the storage device 170, the application form acquisition processing unit 175 receives the encrypted application form, the decryption processing unit 176 decrypts it, and the application form storage processing unit 177 performs processing to store it in the application form storage area 173. (S24).

  In the above sequence, for example, in the case of rejecting the examination (approval) or requesting a return in step S20, instead of proceeding to the next process, the previous one or further What is necessary is just to return to the examination process request (step S14) of the application form that has become a cause of reversion and perform the examination process again. At this time, when sending back, in order to clarify the reason for return, it is desirable to give the reason for return as a comment to the encryption application in the approval process in step S20.

  Moreover, when rejecting application itself, you may make it stop processing and notify an applicant (application apparatus 130) the reason for rejection. In addition, what is necessary is just to use an email etc. for the notification of this rejection reason, for example.

  Furthermore, even when the examination process is interrupted in the middle, the encryption application form at the time of rejection may be transmitted to the storage device 170 to store the encryption application form (step S24).

  In the above sequence, the application form is decrypted in step S24, but the storage process may be performed in an encrypted state. When decrypting the encryption application form in the storage device 170, all of the authority private keys for decrypting all of the encryption application forms are stored in the private key storage area 172 of the storage device 170. Alternatively, an authority private key capable of decrypting all items of the encryption application form is generated in advance by the key management apparatus 110, and the corresponding authority public key is stored in the private key storage area 172. Good.

  Furthermore, in the above sequence, the application form is stored in the storage device 170 after the examination process is completed. For example, after receiving the application form in step S12, the flow control unit 150 applies the application form to the storage device 170. May be transmitted. In this case, after the examination process is completed, only the examination result, comments, etc. may be transmitted to the storage device 170.

  In the sequence described above, the authentication processing in step S16 is performed by the flow control device 140 and the approval device 160, but may be different from this. For example, the flow control device 140 communicates with the key management device 110 in response to sending the application form review processing request by the approval device 160 in step S14, whereby the authentication processing by the flow control device 140 and the approval device 160 is performed as key management. The authentication may be performed by the device 110 and the approval device 160, and the flow control device 140 may receive the authentication result.

  In this case, the authentication processing unit 149 is not necessary in the flow control device 140, and an authentication processing unit that performs the same processing may be provided in the control unit 115 of the key management device 110 instead.

  In the sequence described above, an example of authentication using a public key is shown. However, instead of an authentication method using a public key, other authentication means such as authentication using a password may be used.

  Further, in the sequence described above, the application form is encrypted in the flow control apparatus 140, but it can also be performed in the application apparatus 130 as follows.

  In sending the application form input screen in step S11, information on the authority public key stored in the flow control device 140 and which items can be viewed by the user having which authority (refer to the browsing location management table 145a) Are sent to the application device 130.

  Next, prior to sending the application form in step S12, the application apparatus 130 refers to the authority public key received from the flow control apparatus 140 and information about which items can be viewed by a user with which authority. Then, encrypt the application form. Then, the encrypted application form is transmitted to the flow control device 140 (corresponding to step S12).

  Finally, in the flow control device 140, the received encryption application form is stored in the encryption application form storage area 144 (corresponding to step S13).

  In this way, it is possible to execute the workflow on the flow control device 140 while keeping the contents of the application form itself secret. In this case, the encryption unit 152 in the control unit 147 of the flow control device 140 is unnecessary, and instead, an encryption unit that performs similar processing may be provided in the control unit 132 of the application device 130.

  FIG. 18 is a flowchart illustrating an example of processing in which the encryption unit 152 of the flow control device 140 encrypts the application form.

  Here, each item in the application form is M [i], a public key assigned to the authority is pk [i], and an area where each authority shown in each row of the browsing location management table 145a can be viewed is AD [ i]. Note that i is a natural number of 1 or more.

  First, the encryption unit 152 randomly assigns an encryption key in the common key encryption technique to each item (M [1],..., M [n]; n is a natural number of 1 or more) in the application form. (S30). The encryption key generated in this way is referred to as item encryption key (K [1],..., K [n]).

  Next, the encryption unit 152 encrypts the item M [i] using the item encryption key k [i] for i = 1,. Generate (S31).

  Then, the encryption unit 152 generates a digital signature generation private key sk and a verification public key vk (S32).

Next, the encryption unit 152 refers to the browsing location management table 145a for i = 1,..., M, and specifies an index set (j ₁ ) that identifies the index of items that can be browsed for each authority. ,..., J _u ) are acquired (S33).

Further, the encryption unit 152 extracts item encryption keys K [J ₁ ],..., K [j _u ] corresponding to the acquired index set (S34).

  Then, the encryption unit 152 concatenates the extracted item encryption key to the concatenated item with the electronic signature combined public key vk generated in step S32, and encrypts it using the authority public key pk [i]. (S35). The encrypted data is referred to as key encrypted data E [i].

  Next, the encryption unit 152 performs encryption item D (= D [1],..., D [n]), key encryption data E (= E [1],..., E [m]. ), Encrypting the browsing location management table AD (= AD [1],..., AD [m]) using the electronic signature generation secret key sk, thereby generating the electronic signature σ (S36). ).

  Then, the encryption unit 152 performs encryption items D (= D [1],..., D [n]), key encrypted data E (= E [1],..., E [m]). Then, an encryption application is generated from the browsing location management table AD (= AD [1],..., AD [m]) and the electronic signature σ (S37).

  FIG. 19 is a schematic diagram showing the data structure of the encryption application generated in step S37 of FIG.

  Note that, as shown in the sequence of FIG. 17, there may be cases where the examination results and comments made by the approval device 160 are added to the encryption application form. Indicates the data structure that contains the comment.

  As illustrated, the encryption application form 600 includes an encryption application form header information storage area 601, an encryption application form main body storage area 602, and an examination result information storage area 603.

  Here, an encrypted item D obtained by encrypting each item of the application form is stored in the encrypted application form main body storage area.

  The encryption application form header information storage area 602 stores information necessary for decrypting the encryption application form 600 and information such as which secret key each item can be decrypted. For example, the encryption application form header information storage area 602 stores the key encryption data E and the browsing location management table AD. The electronic signature σ is also stored in the encryption application form header information storage area 602.

  In the examination result information storage area 603, the examination result and each item input in step S21 of FIG. 17 or the result of encrypting the comment for the entire application form is stored.

  In addition, what is necessary is just to perform the encryption process regarding these examination results and comments as follows.

  First, an encryption key in the common key encryption technology is generated for each of the examination result and the comment, and the examination result and the comment are encrypted using this.

  Next, the generated encryption key is separately used with the public key corresponding to each authority so that only those users who have the authority to view the comments and comments can decrypt these items. Encrypt and generate key encrypted data.

  Finally, the result of encrypting each item and the key encrypted data are added to the examination result information storage area 603.

  In addition, the setting of the authority which can be browsed with respect to a comment should just be previously defined in the browsing location management table 145a. If the comment is for a specific item, the encryption process may be performed with the same setting (authority) as the corresponding item.

  FIG. 20 is a schematic diagram showing a specific example in which information stored in the encryption application form header information storage area 601 of the encryption application form 600 shown in FIG. 19 is described using XML.

  As shown in the figure, the encryption application form header information is composed of MRES elements.

  The MRES element includes an MRES_Param element for storing common parameters, a browseable part specified in the browse part management table 145a and an AccessControlList element for storing key encrypted data, and a reference to an encryption item (which encryption It is composed of an EncryptedDataReferenceList element that represents whether or not to refer to a validation item) and a Validation element.

  The MRES_Param element represents a parameter that is commonly used in the encryption unit 152 in the flow control device 140 and the decryption processing unit 165 in the approval device 160. For example, in the encryption processing of FIG. Describes a common key encryption algorithm used to encrypt the item M [i], a public key encryption algorithm used to encrypt the item encryption key k [i], and the like. For example, in the example of FIG. 20, the public key encryption algorithm used for encrypting the item encryption key K [i] is the KeyEncryptionAlgorithm element, and the common key encryption algorithm for encrypting the item M [i] is the DataEncryptionAlgorithm element. Describe in. In the Algorithm attribute in each element, the identifier of the algorithm to be used is described. For example, when AES-128 is used in the CBC mode, it may be described as http://www.w3.org/2001/04/xmlenc#aes128-cbc.

  In addition to the above, the MRES_Param element may describe various information necessary for encryption and decryption.

  The AccessibleControlList element is composed of an EncryptedKey element including an EncryptedKeyData element and a ReferenceList element.

  The EncryptedKeyData element is an element for storing key-encrypted data E [i], and the ReferenceList element is an element for storing a list of items that can be browsed by the corresponding authority in the browse location management table 145a.

  In the EncryptedKeyData element, a character string obtained by encoding the key encrypted data using BASE64 is described, and in the key_id that is an attribute value, information for specifying the secret key is described. For this purpose, for example, a unique identification number may be issued for the secret key in the key management apparatus 110 and described.

  Next, as a ReferenceList element, a list of items in which the authority corresponding to the secret key specified by the key_id attribute can be viewed is described. That is, this describes information for one line of the browsing location management table 145a. For example, in the case of authority 1 in FIG. 11, it is possible to view item 1, item 3, and item 4, and therefore, in the ReferenceList element, the data_id of the EncryptedDataReference element storing the Xpath expression indicating these items is set. It is specified using the AccessibleDataReference element.

  The EncryptedDataReferenceList element consists of an EncryptedDataReference element that describes an Xpath expression to the encrypted item. In the EncryptedDataReference element, an Xpath expression for specifying a target item is specified using the XPath element of the ReferenceList element (when the encryption application 600 is XML data).

  In addition, the data_id attribute that is an attribute of the EncryptedDataReference element has an identifier for uniquely identifying the EncryptedDataReference element in order to specify the EncryptedDataReference element from the AccessibleDataReference element in the EncryotedKey element, and the partial content is decrypted in the is_encrypted attribute Stores information on whether or not

  The ValidationData element is an element for storing the electronic signature σ generated in step S36 of FIG. 18 as a character string encoded by BASE64.

  FIG. 20 shows an example of a data expression method for expressing the encryption application 600, and the element name and the like may be arbitrarily changed. Also, the data expression method is not XML, for example, ASN. It may be expressed using other data formats such as 1.

  FIG. 21 is a flowchart showing a process in which the decryption processing unit 165 of the approval device 160 decrypts the encryption application form encrypted in FIG.

  Note that the secret key supplied at the time of decryption is sk [j].

  The decryption processing unit 165 of the approval device 160 reads the encryption application, encrypts the item D (= D [1],..., D [n]), and the key encrypted data E (= E [1], .., E [m]), the browsing information management table AD (= AD [1],..., AD [m]), and the electronic signature σ are acquired (S40).

Then, the decryption processing unit 165 acquires an index set (j ₁ ,..., J _u ) corresponding to the authority of the user of the approval device 160 from AD [j] (S41).

Next, the decryption processing unit 165 decrypts the key encrypted data E [j] using the secret key sk [j], and item encryption keys K [j ₁ ],..., K [j _u ], The verification public key vk is acquired (S42).

  In addition, the decryption processing unit 165 verifies the encryption application using the electronic signature σ and the public key for electronic signature vk (S43).

  If the verification of the electronic signature is successful (S44), the decryption processing unit 165 proceeds to step S45, and ends the processing if the verification is not successful.

In step S45, the decryption processing unit 165 uses the item encryption keys K [j ₁ ],..., K [j _u ] to encrypt the items D [j ₁ ] _,. ] Is decrypted to generate a decrypted application form.
The decrypted application form obtained by the above decryption process may be expressed by XML data or the like, for example, in the same manner as the format shown in FIG. When displaying such restored XML data, the decrypted application form may be converted into HTML or the like using XSLT, and the decrypted application form may be displayed using a browser. The format of the decrypted application form is not limited to XML, and other data formats may be used.

  In the encryption process shown in FIG. 18 and the decryption process shown in FIG. 21, each item in the application form, the browsing location management table 145a, and the like are expressed using an array. The correspondence relationship in the XML representation as shown in FIG. 20 can be easily transferred to the array representation by assigning index numbers 0, 1,... In ascending order from the elements described from the top in the format of FIG. It can be changed.

  As described above, in this embodiment, in the approval process of the application form in the workflow, each user uses a secret key corresponding to the authority to perform authentication and perform user authentication and encryption. The decryption application form is decrypted, and only the items according to its authority are viewed and the examination process is performed. At this time, since the secret key is important information indicating that the user or the user has a certain authority, it is desirable that the secret key be stored safely in a tamper-resistant device such as an IC card.

  The simplest method for realizing this is to distribute an IC card storing a secret key according to authority in advance to the user, and when the user authority is changed, the IC card is collected and redistributed. By doing so, the secret key corresponding to the authority is appropriately distributed to each user.

  However, in such a realization method, collection and redistribution of the IC card are required every time the user's authority changes, which is inefficient in operation. Therefore, in the present embodiment, a method for updating the secret key via the network 190 is shown.

  In the following description, it is assumed that the secret key is stored in a tamper-resistant IC card.

  First, a case where a user is added, deleted, or authority is changed in the key management apparatus 110 (see FIG. 2) will be described.

  First, when a user is added, the user management unit 116 sets the user name and authority of the added user in the user table 112a.

  Next, the key generation unit 117 generates a set of the added user private key and user public key, and stores the user name, the user private key, and the user public key in the user key table 112l. Information to be specified is set, and the secret key of the user and the public key of the user are stored in the secret key storage area 113 and the public key storage area 114, respectively.

  Next, the user management unit 116 stores the secret key for the user of the added user and the secret key for the authority corresponding to the authority possessed by the added user in the IC card. Issued to users and distributed to users.

  Further, the user management unit 116 transmits the added user information and the corresponding user public key as user update information to the flow control device 140 using the transmission / reception processing unit 118.

  Then, the user management unit 148 of the flow control device 140 acquires a user public key corresponding to the user information from the received user update information, and stores the user public key in the user table 112a and the user public key table 142e.

  The case where the user is deleted is the same as the case where the user is added. However, in the case of deleting a user, the key management apparatus 110 deletes information on the user to be deleted from the user table 112a and the user key table 112l, and sends the user update information to the flow control apparatus 140. Notice. Similarly, the flow control device 140 deletes a user to be deleted from the user management table based on the received user update information. It should be noted that the IC card distributed to the user to be deleted is desirably collected when the user is deleted.

  Next, when the user's authority is changed, the IC card storing the authority private key corresponding to the authority before the change is distributed to the user who has already been changed. The simplest way to change the user authority is to collect all the target user IC cards and distribute the changed IC card when the user authority is changed. Every time the card is changed, the IC card is collected and redistributed, which is inefficient in operation. Therefore, in this embodiment, a method for updating the key in the IC card using the key update device 180 will be described.

  When a change occurs in the user authority, first, in the key management apparatus 110, the user management unit 116 performs a user authority change process and updates the user table 112a.

  Furthermore, the update information of the user table 112a is transmitted to the flow control device 140 as user update information.

  The flow control device 140 receives the user update information, and the user management unit 148 performs an update process of the user management table.

  Next, the key management apparatus 110 encrypts and transmits the authority private key after the authority of the user whose authority has been changed to the key update apparatus 180 is encrypted.

  For example, a case where authority 1 is deleted for user 1 and authority 2 is given instead will be described as an example.

  First, the key management apparatus 110 encrypts the authority private key 2 that is the authority private key of authority 2 by using the user public key 1 that is the user public key of the user 1, and sends it to the key update apparatus 180. .

  The key update device 180 receives the encrypted authority private key 2 via the transmission / reception unit 188 and stores it in the key encryption information storage area 182.

  Then, the user 1 whose authority has been changed installs the IC card storing the user private key 1 which is the user private key of the user 1 in the reading unit 189 of the key update device 180 so as to be readable.

  The key update processing unit 184 of the key update device 180 decrypts the encrypted authority private key 2 in the key encryption information storage area 182 using the user private key 1 in the installed IC card, and Write the authority private key (authority private key 2) to the IC card. Further, the key update processing unit 184 deletes the authority private key 1 that is the authority private key corresponding to the authority 1 in the IC card, and ends the process.

  At this time, if there is no authority private key 1 to be deleted or if the decryption of the encrypted authority private key 2 fails, the key update processing unit 184 stops the process and fails to write. It is desirable to stop the process, for example, by displaying. Furthermore, in the above processing, it is preferable not only to write only the secret key in the IC card but also to write information on what authority the user 1 has in the IC card.

  In the above process, in order to access the private key in the IC card, an authentication process using a PIN number or the like is required. If this authentication fails, the process is stopped from a security viewpoint. Is desirable.

  In the above example, the case where the authority private key once encrypted is stored in the storage unit 181 of the key update apparatus 180 from the key management apparatus 110 has been described. Rather than storing the secret key, the IC card that has been sequentially encrypted in response to a request from the key update processing unit 184 of the key update device 180 and is supplied to the key update device 180 is generated. The key update process may be performed.

  In the present embodiment, the secret key and the public key are assigned to the authority in the public key encryption technology. At this time, for example, it is useful to issue a public key certificate in order to indicate which authority the public key is for the public key. In addition, when using the encryption technique as described above, it is desirable to provide a certain expiration date from the viewpoint of security. In this case, for a key whose expiration date has expired, it is desirable to discard the key and generate a new key.

  In the above case, if the authority public key or authority private key assigned to the authority is updated by the key update (discard and regeneration) process, the encryption application form in the workflow is decrypted. It may not be possible.

  One method for solving this is that before the key update process due to the expiration date, the keys used after the expiration (expired authority private key and updated authority public key) expire. Even before the expiration date is expired, it is generated immediately before the expiration date by encrypting the application using the updated authority public key before the expiration date. It is to be able to process.

  However, in such a case, for example, the encryption application form encrypted with the authority public key before renewal may remain after the expiration date. Or, if there is a possibility that the authority private key has been compromised for some reason, such as the loss of the IC card, and it is necessary to respond immediately, the application form must be updated with the authority public key updated in advance as described above. It is difficult to encrypt. In order to prevent this, the following processing may be performed.

  First, the key generation unit 117 of the key management apparatus 110 performs a re-generation process of the updated authority public key and authority secret key for the authority public key and authority secret key to be updated. In the following, the newly generated key is referred to as the post-update authority private key and the post-update authority public key, and the authority public key and authority private key to be updated are the pre-update authority private key and post-update authority. Called public key.

  Next, the transmission / reception processing unit 118 of the key management apparatus 110 transmits the pre-update authority private key and the post-update authority public key to the flow control apparatus 140 as key update information.

  The flow control device 140 receives the key update information and performs re-encryption processing of the encryption application stored in the encryption application storage area 144. The re-encryption processing of the encryption application will be described later with reference to FIG.

  Since the key update information includes information on the private key (private key for pre-update authority), the key update information is encrypted by using, for example, SSL (Secure Socket Layer) communication before communication. It is desirable to be able to transmit to the flow control device 140 in a state in which it has been converted into a state.

  Next, in the key management device 110, the user management unit 116 encrypts the post-update authority private key with the user private key of the user possessing the pre-update authority private key, and transmits the encrypted private key to the key update apparatus 180. To do.

  The key update device 180 receives the encrypted post-update authority private key using the transmission / reception processing unit 185 and stores it in the key encryption information storage area 182.

  When the user having the authority private key to be updated is installed in the reading unit 189 of the key updating apparatus 180 so as to be able to read the IC card having the pre-update authority private key, the key update processing unit 184 stores the IC card in the IC card. The corresponding encrypted private key for updated authority is decrypted using the private key for user of the user, the private key for authority before update in the IC card is deleted, and the private key for updated authority is written. To complete the key update process.

  In order to prevent the encryption application form from remaining after the expiration date, a user who has the authority to perform an inspection process on an encryption application that has not been subjected to an inspection process for a certain period of time. For example, notification may be automatically made using e-mail or the like.

  Next, the flow of the re-encryption processing of the encryption application form performed by the re-encryption unit 153 of the flow control device 140 will be described with reference to FIG.

  First, the re-encryption unit 153 of the flow control device 140 instructs the flow control unit 150 to stop the approval reception process, and the flow control unit 150 stops the approval reception process (S50).

  Next, the re-encryption unit 153 re-encrypts the encryption application using the pre-update authority private key and the post-update authority public key (S51).

  Then, the re-encryption unit 153 confirms whether or not there is an application form before re-encryption (S52), and if there is (Yes in Step S52), returns to Step S51 and repeats the re-encryption process. If (No in step S52), the process proceeds to step S53.

  In step S53, the re-encryption unit 153 of the flow control device 140 instructs the flow control unit 150 to resume the approval reception process, and the flow control unit 150 resumes the approval reception process.

  In the flowchart of FIG. 22, the re-encryption processing of the encryption application in step S51 is performed as follows, for example.

  First, the re-encryption unit 153 decrypts the key encrypted data of the encryption application using the pre-update authority private key.

  Next, the re-encryption unit 153 encrypts the decrypted key encrypted data with the updated authority public key, and writes this as new key encrypted data in the encryption application form.

  In the above example, the processing when the key has expired has been described. However, for example, when the key is compromised due to loss of the IC card, the user who has lost the IC card, It is desirable to re-encrypt the application for encryption in the workflow by re-issuing the IC card and updating the authority private key of the user having the same authority by performing the above-described processing. .

  By doing so, for example, even when the flow control device 140 is attacked by a malicious user and the access control function is disabled, the application itself is encrypted, so the information in the application is It becomes possible to construct a safer workflow system that cannot be obtained.

  Further, the application form transmitted to the approval processing device 160 is encrypted, and only necessary items are disclosed according to the authority of each user who performs the examination. Even when the encryption application form is sent directly to the apparatus, it is possible to appropriately disclose the viewing location of the application form according to the authority of the user. Note that transmitting the encryption application form from the approval processing device 160 to another approval processing device 160 is useful, for example, when the approval processing is outsourced or when it is necessary to obtain approval from an external organization.

  Next, a second embodiment of the present invention will be described.

  In the first embodiment, a case has been described in which all application forms in the workflow are encrypted. Thereby, for example, even when the flow control device 140 is attacked by a malicious user and the access control function of the flow control device 140 is invalidated, the confidentiality of the information in the application can be protected, and the safer A workflow system can be configured.

  On the other hand, in the second embodiment of the present invention, unlike the first embodiment, the application is encrypted each time the examination process is performed by the approval device 160. By doing so, the effect of improving the safety of the flow control device 140 described in the first embodiment is eliminated, but the re-encryption processing of the encryption application form in the flow control device 140 is not required at the time of key update. There is an advantage such as.

  Also in the second embodiment, as in the first embodiment, the application form sent to the approval device 160 is encrypted, and only necessary items are disclosed according to each authority. Therefore, for example, even when the encryption application form is directly sent from the approval apparatus 160 to another apparatus, it is possible to appropriately disclose the viewing location of the application form in accordance with the authority of the user.

  FIG. 23 is a schematic diagram of the flow control device 240 according to the second embodiment of the present invention.

  As illustrated, the flow control device 240 includes a storage unit 241, a control unit 247, an input unit 155, an output unit 156, and a transmission / reception unit 157, and stores it in comparison with the first embodiment. Since the unit 241 and the control unit 247 are different, items related to these different points will be described below.

  The storage unit 241 includes a user management information storage area 142, a public key storage area 143, an application form storage area 244, a browsing location management information storage area 145, and a flow control information storage area 146. An application form storage area 244 is provided instead of the encryption application form storage area 144 in the embodiment.

  In the first embodiment, the encrypted encryption application form is stored in the encryption application form storage area 144, but in the present embodiment, the application form is stored in the application form storage area 244 without being encrypted. I am doing so.

  The control unit 247 includes a user management unit 148, an authentication processing unit 149, a flow control unit 250, an application form receiving unit 251, an encryption unit 252, a re-encryption unit 153, and a transmission / reception processing unit 154. Since the flow control unit 250, the application form receiving unit 251 and the encryption unit 252 are different from those of the first embodiment, items related to these different points will be described below.

  In the present embodiment, the application received by the application receiving unit 251 is stored in the application storage area 244 without being encrypted, and the flow controller 250 approves the application in response to a request from the approval device 160. When transmitting to the device 160, the application form is encrypted by the encryption unit 252 and transmitted to the approval device 160.

  FIG. 24 is a sequence diagram when an application form is processed by the workflow system 100 according to the present embodiment.

  First, the application form creation unit 133 of the application apparatus 130 transmits an application form input screen transmission request to the flow control apparatus 240 via the transmission / reception processing unit 134 (S60).

  In the flow control device 240 that has received such an application form input screen transmission request, the application form accepting unit 151 sends a predetermined application form input screen to the application apparatus 130 (S61).

  In the application device 130, the application form creation unit 133 displays the received application form input screen on the output unit 136, and the input of the necessary information is received and input from the operator of the application device 130 via the input unit 135. An application form is created from the received information and transmitted to the flow control device 240 via the transmission processing unit 134 (S62).

  Next, the application form receiving unit 251 of the flow control device 240 stores the received application form in the application form storage area 244 (S63).

  Next, the application form processing unit 164 of the approval device 160 transmits an application form examination processing request to the flow control device 240 using the transmission / reception processing unit 166 in response to an instruction from the user of the approval device 160 (S64). Here, in the present embodiment, it is assumed that the application form review process request is transmitted including the user name that identifies the user of the approval device 160.

  In the flow control device 240 that has received such an application form review processing request, the flow control unit 250 sends an authentication information sending request to the approval device 160 that has transmitted the application form review processing request via the transmission / reception processing unit 154. Is returned (S65). Here, in the present embodiment, the flow control unit 250 generates a random character string, and publicizes the public character key corresponding to the user name included in the application form examination process request (corresponding to the user name). Stored in the key storage area 143) and sent back in the authentication information sending request.

  Then, in the approval device 160 that has received the authentication information sending request, the application form processing unit 164 creates authentication information and sends the created authentication information to the flow control device 240 via the transmission / reception processing unit 166 (S66). . Here, in the present embodiment, the application form processing unit 164 decrypts the encrypted random character string included in the authentication information sending request using the secret key of the user of the approval device 160, and decrypts it. The decrypted result is transmitted as authentication information.

  The authentication processing unit 149 of the flow control device 240 performs authentication processing based on whether or not the authentication information received from the approval device 160 matches the random character string transmitted to the approval device 160. If the information matches the random character string transmitted to the approval device 160), an application list that displays a list of ID numbers of applications that are waiting for approval is transmitted to the approval device 160 (S67). ).

  Next, when the application form processing unit 164 of the approval device 160 outputs the received application list waiting for approval to the output unit 168 and receives the designation of the application form to be examined via the input unit 167, The ID number of the application form is transmitted to the flow control device 240 (S68).

  Then, the flow control unit 250 of the flow control device 240 acquires the encryption application corresponding to the received ID number from the encryption application storage area 144, outputs the encryption application to the encryption unit 252, and the encryption unit 252. Performs encryption and transmits the data to the approval device 160 using the transmission / reception processing unit 154 (S69). Note that the encryption in the encryption unit 252 is performed in the same manner as in the first embodiment.

  In the approval device 160 that has received such an encryption application, the application processing unit 164 outputs the encryption application to the decryption processing unit 165, and the decryption processing unit 165 decrypts the encrypted application and decrypts it. The application form is displayed on the output unit 168, and input of comments and examination results is received from the user of the approval device 160 via the input unit 167 (S70).

  Then, the transmission / reception processing unit 166 of the approval device 160 adds the received comment and the examination result to the encryption application form, and transmits the encrypted application to the flow control device 240 (S71).

  Next, the application form receiving unit 251 of the flow control apparatus 240 updates the application form by adding the received examination result and comment to the application form, and stores the updated application form in the application form storage area 244 (S72).

  In addition, about the process from step S64 to step S72, it shall be repeatedly performed until required approval is obtained with respect to an application.

  Next, the flow control unit 250 of the flow control device 240 outputs an application form for which necessary flow processing has been completed to the encryption unit 252, and the encryption unit 252 performs encryption and uses the transmission / reception processing unit 154. The data is transmitted to the storage device 170 (S73).

  In the storage device 170, the application form acquisition processing unit 175 receives the encrypted application form, the decryption processing unit 176 decrypts it, and the application form storage processing unit 177 performs processing to store it in the application form storage area 173. (S74). If the flow control device 240 and the storage device 170 are connected by a dedicated line, or if encrypted communication is secured by another means such as SSL, encryption by the encryption unit 252 in step S73, And it is not necessary to perform decoding by the decoding processing unit 176 in step S74.

Schematic diagram of the workflow system. Schematic diagram of a key management device. Schematic of a user table. Schematic diagram of authority key table. Schematic of a user key table. Schematic diagram of a computer. Schematic of the application device. Schematic of a flow control device. Schematic diagram of authority public key table. Schematic of a user public key table. The schematic diagram of a browsing location management table. Schematic of an approval order table. Schematic diagram of status table. Schematic of the approval device. Schematic of a storage device. Schematic of a key update device. Sequence diagram when processing the application form in the workflow system. The flowchart which shows the process which encrypts an application. Schematic which shows the data structure of an encryption application. Schematic which shows the specific example which described the information stored in an encryption application form header information storage area using XML. The flowchart which shows the process which decodes an encryption application. The flowchart of the re-encryption process of an encryption application. Schematic of a flow control device. Sequence diagram when processing the application form in the workflow system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Workflow system 110 Key management apparatus 111 Storage part 112 User information storage area 113 Private key storage area 114 Public key storage area 115 Control part 116 User management part 117 Key generation part 118 Transmission / reception processing part 119 Input part 120 Output part 121 Transmission / reception part 130 Application device 131 Storage unit 132 Control unit 133 Application form creation unit 134 Transmission / reception processing unit 135 Input unit 136 Output unit 137 Transmission / reception unit 140, 240 Flow control device 141, 241 Storage unit 142 User management information storage area 143 Public key storage area 144 Encryption Application storage area 244 application storage area 145 browsing location management information storage area 146 flow control information storage area 147 control unit 148 user management unit 149 authentication processing unit 150, 250 flow control unit 151, 251 application reception unit 152, 252 Encoding unit 153 Re-encryption unit 154 Transmission / reception processing unit 155 Input unit 156 Output unit 157 Transmission / reception unit 160 Approving device 161 Storage unit 162 Private key storage area 163 Control unit 164 Application form processing unit 165 Decryption processing unit 166 Transmission / reception processing unit 167 Input Unit 168 output unit 169 transmission / reception unit 170 insurance device 171 storage unit 172 private key storage region 173 application form storage region 174 control unit 175 application form acquisition processing unit 176 decryption processing unit 177 application form storage processing unit 178 transmission / reception processing unit 179 transmission / reception unit 180 Key update device 181 Storage unit 182 Key encryption information storage area 183 Control unit 184 Key update processing unit 185 Transmission / reception processing unit 186 Input unit 187 Output unit 188 Transmission / reception unit 189 Reading unit

Claims (16)

A workflow system comprising an application device, a flow control device and an approval device,
The control unit of the application device
Processing to accept information via the input unit and generate an application;
A process of transmitting the generated application form to the flow control device via the transmission / reception unit;
And
The flow control device includes:
A storage unit that stores browsing location management information that identifies items that can be browsed in the application for each authority, authority key information that specifies an encryption key for each authority, and approval order information that specifies the approval order of the application And a control unit,
The control unit of the flow control device,
Using the item common key generated for each item of the application form, by encrypting the corresponding item, processing to generate an encrypted item;
Identify items that can be viewed in the application form for each authority from the browsing location management information, and encrypt the item common key corresponding to the identified item with the encryption key for each authority specified by the authority key information To generate key encryption information,
A process of generating an encryption application including the browsing location management information, the encryption item, and the key encryption information;
A process of transmitting the encryption application form to the approval device in an approval order specified by the approval order information via a transmission / reception unit;
And
The controller of the approval device
Common to items corresponding to the authority by decrypting the key encryption information included in the encryption application received via the transmission / reception unit with a decryption key corresponding to the authority of the user of the approval device Processing to obtain the key;
From the browsing location management information included in the encryption application, a process for identifying items that can be browsed by the authority of the user of the approval device;
Processing for obtaining an encrypted item corresponding to the identified item from the encryption application, and decrypting the obtained encrypted item with the decrypted item common key;
To do the
A featured workflow system. The workflow system according to claim 1,
A key management device;
The control unit of the key management device includes:
For each authority, perform processing to generate encryption key and decryption key,
The encryption key used in the flow control device is an encryption key generated by the key management device,
The decryption key used in the approval device is a decryption key generated by the key management device;
A workflow system characterized by The workflow system according to claim 2,
The control unit of the key management device includes:
Each time the authorization of the user of the approval device is changed, a process of generating an encryption key and a decryption key is performed for each authorization,
The encryption key used in the flow control device is an encryption key generated by the key management device after the authority of the user of the approval device is changed,
The decryption key used in the approval device is a decryption key generated by the key management device after the authority of the user of the approval device is changed;
A workflow system characterized by The workflow system according to claim 3,
A key update device;
The control unit of the key management device includes:
A process of encrypting the encryption key and the decryption key generated for each authority with the public key for the user of the authority each time the authority of the user of the approval device is changed,
A process of transmitting the encrypted decryption key to the key update device;
And
The control unit of the key update device includes:
A process of reading the user private key from the storage medium storing the user private key of the user of the approval apparatus and the decryption key before the authority of the user of the approval apparatus is changed;
A process of decrypting an encrypted decryption key received from the key management device using the user private key;
A process of storing the decrypted decryption key in the storage medium in place of the decryption key before the authority of the user of the approval device is changed;
To do the
A workflow system characterized by The workflow system according to any one of claims 2 to 4, wherein
The control unit of the key management device includes:
For each authority of the approval device, perform processing to regenerate the encryption key and decryption key,
A process of transmitting the regenerated encryption key and the decryption key before regeneration to the flow control device;
The control unit of the flow control device,
A process of decrypting the encryption application using the decryption key before the regeneration;
Processing to re-encrypt the decrypted encryption application using the regenerated encryption key;
A workflow system characterized by The workflow system according to any one of claims 1 to 5,
A storage device;
The control unit of the flow control device,
When the approval process of the application in the approval order specified by the approval order information is completed, the process of transmitting the encryption application to the storage device via the transmission / reception unit,
The control unit of the storage device,
A process of decrypting the application by decrypting all of the encrypted items included in the encryption application;
Storing the decrypted application in the storage unit;
To do the
A workflow system characterized by The workflow system according to any one of claims 1 to 6,
The control unit of the approval device performs a process of transmitting a processing request having identification information for identifying the user to the flow control device via the transmission / reception unit in accordance with an instruction of the user of the approval device,
The control unit of the flow control device,
Processing to generate verification information;
A process of encrypting the verification information with a user public key of the user specified by the identification information included in the processing request received via the transmission / reception unit;
Processing for transmitting the encrypted verification information to the approval device;
And
The controller of the approval device
A process of generating authentication information by decrypting the encrypted verification information received via the transmission / reception unit with the user private key of the user;
Processing for transmitting the authentication information to the flow control device;
And
The control unit of the flow control device,
A process of transmitting the encryption application to the approval device when the authentication information received via the transmission / reception unit matches the verification information;
To do the
A workflow system characterized by A flow control device that sends an application to an approval device,
A storage unit that stores browsing location management information that identifies items that can be browsed in the application for each authority, authority key information that specifies an encryption key for each authority, and approval order information that specifies the approval order of the application And a control unit,
The controller is
Using the item common key generated for each item of the application form, by encrypting the corresponding item, processing to generate an encrypted item;
Identify items that can be viewed in the application form for each authority from the browsing location management information, and encrypt the item common key corresponding to the identified item with the encryption key for each authority specified in the authority key information To generate key encryption information,
A process of generating an encryption application including the browsing location management information, the encryption item, and the key encryption information;
A process of transmitting the encryption application form to the approval device in an approval order specified by the approval order information via a transmission / reception unit;
To do the
A flow control device. The flow control device according to claim 8,
The controller is
A process of receiving a processing request having identification information for identifying a user of the approval device from the approval device via a transmission / reception unit;
Processing to generate verification information;
A process of encrypting the verification information with a user public key of the user specified by the identification information included in the received processing request;
Processing for transmitting the encrypted verification information to the approval device;
Authentication information generated by the control unit of the approval device decrypting the encrypted verification information received via the transmission / reception unit with the user private key from the approval device via the transmission / reception unit Processing to receive
When the received authentication information matches the verification information, a process of transmitting the encryption application to the approval device;
To do the
A flow control device. An approval device that examines the application form sent from the flow control device,
A storage unit for storing a decryption key corresponding to the authority, and a control unit,
The controller is
From the flow control device, using the item common key generated for each item of the application form, an encrypted item generated by encrypting the corresponding item, and an item that can be viewed in the application form for each authority And specifying the item common key corresponding to the specified item by encrypting with the encryption key for each authority The generated key encryption information and the browsing location management specifying the items that can be viewed in the application form for each authority A process of receiving an encryption application having information via a transmission / reception unit;
Processing for obtaining the item common key corresponding to the authority by decrypting the key encryption information included in the received encryption application form with the decryption key corresponding to the authority possessed by the user of the approval device When,
From the browsing location management information included in the encryption application, a process for identifying items that can be browsed by the authority of the user of the approval device;
Processing for obtaining an encrypted item corresponding to the identified item from the encryption application, and decrypting the obtained encrypted item with the decrypted item common key;
To do the
Feature approval device. The approval device according to claim 10,
The controller is
A process of transmitting a processing request having identification information for identifying the user to the flow control apparatus via a transmission / reception unit in response to an instruction of the user of the approval apparatus;
Processing for receiving verification information obtained by encrypting verification information with the user public key of the user from the flow control device via a transmission / reception unit;
Processing for generating authentication information by decrypting the received encrypted verification information with a user private key of the user;
Processing for transmitting the authentication information to the flow control device;
To do the
An approval device characterized by. A program that causes a computer to function as a flow control device that transmits an application form to an approval device,
The computer,
Storage means for storing browsing location management information for identifying items that can be browsed in the application for each authority, authority key information for identifying an encryption key for each authority, and approval order information for identifying the approval order of the application Function as a control means,
In the control means,
Using the item common key generated for each item of the application form, by encrypting the corresponding item, processing to generate an encrypted item;
Identify items that can be viewed in the application form for each authority from the browsing location management information, and encrypt the item common key corresponding to the identified item with the encryption key for each authority specified in the authority key information To generate key encryption information,
A process of generating an encryption application including the browsing location management information, the encryption item, and the key encryption information;
A process of transmitting the encryption application form to the approval apparatus in an approval order specified by the approval order information via a transmission / reception unit;
To do,
A program characterized by A program according to claim 12,
In the control means,
A process of receiving a processing request having identification information for identifying a user of the approval apparatus from the approval apparatus via a transmission / reception unit;
Processing to generate verification information;
A process of encrypting the verification information with a user public key of the user specified by the identification information included in the received processing request;
Processing for transmitting the encrypted verification information to the approval device;
Authentication information generated by the control unit of the approval device decrypting the encrypted verification information received via the transmission / reception unit with the user private key from the approval device via the transmission / reception means Processing to receive
When the received authentication information matches the verification information, a process of transmitting the encryption application to the approval device;
To do,
A program characterized by A program that causes a computer to function as an approval device that examines an application sent from a flow control device,
The computer,
Function as a storage means for storing a decryption key corresponding to the authority, a control means,
In the control means,
From the flow control device, using the item common key generated for each item of the application form, an encrypted item generated by encrypting the corresponding item, and an item that can be viewed in the application form for each authority And identifying the item common key corresponding to the identified item with the encryption key for each authority, and the generated key encryption information and the browsing location management that identifies the items that can be viewed in the application form for each authority A process of receiving an encryption application form having information via a transmission / reception means;
Processing for obtaining the item common key corresponding to the authority by decrypting the key encryption information included in the received encryption application form with the decryption key corresponding to the authority possessed by the user of the approval device When,
From the browsing location management information included in the encryption application, a process for identifying items that can be browsed by the authority of the user of the approval device;
Processing for obtaining an encrypted item corresponding to the identified item from the encryption application, and decrypting the obtained encrypted item with the decrypted item common key;
To do,
A featured program. The program according to claim 14, wherein
In the control means,
A process of transmitting a processing request having identification information for identifying the user to the flow control apparatus via a transmission / reception unit according to an instruction of the user of the approval apparatus;
A process of receiving verification information obtained by encrypting verification information with the user public key of the user from the flow control device via a transmission / reception unit;
Processing for generating authentication information by decrypting the received encrypted verification information with a user private key of the user;
Processing for transmitting the authentication information to the flow control device;
To do,
A program characterized by Application device, browsing location management information for identifying items that can be browsed in the application for each authority, authority key information for identifying an encryption key for each authority, and approval order information for identifying the approval order of the application A workflow method performed by a workflow system including a flow control device and an approval device having a storage unit,
The control unit of the application device accepts information through the input unit and generates an application form,
A process in which the control unit of the application device transmits the generated application form to the flow control device via the transmission / reception unit;
The process of generating the encrypted item by encrypting the corresponding item using the item common key generated for each item of the application form by the control unit of the flow control device;
The control unit of the flow control device identifies an item that can be browsed in the application form for each authority from the browsing location management information, and an item common key corresponding to the identified item is identified by the authority key information. The process of generating key encryption information by encrypting with the encryption key for each authority,
The control unit of the flow control device generates an encryption application including the browsing location management information, the encryption item, and the key encryption information;
The control unit of the flow control device transmits the encryption application form to the approval device in the approval order specified by the approval order information via the transmission / reception unit;
The controller of the approval device decrypts the key encryption information included in the encryption application received via the transmission / reception unit with a decryption key corresponding to the authority of the user of the approval device. The process of obtaining the item common key corresponding to the authority,
The control unit of the approval device, from the browsing location management information included in the encryption application, the process of identifying items that can be viewed with the authority that the user of the approval device has,
The controller of the approval device acquires an encrypted item corresponding to the identified item from the encryption application, and decrypts the acquired encrypted item with the decrypted item common key;
Providing
A featured workflow method.

Images