JP2009238052A - Certificate issuing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To cope with a problem wherein there is a possibility of issuing a certificate with erroneous stated content when a system fault occurs due to the insufficiency of a confirming means of the stated content printed on a certificate in a certificate issuing system, and a problem wherein an urgent countermeasure is required because of needing to reissue a certificate with correct stated content at the occurrence of a stated content error of the certificate. <P>SOLUTION: An output image printed on the certificate is collated with data of an authentication IC card immediately before issuance to prevent the issuance of the certificate with the erroneous stated content. If illegality occurs in the stated content of the certificate, the issuance is prohibited, and trace log recorded beforehand when preparing the certificate is analyzed. A cause of error occurrence can thereby be estimated, and accurate measures can be taken immediately. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a system for issuing a highly reliable certificate by applying it to an automatic certificate issuing machine with an applicant identity verification function that issues a resident's card, a family register copy, a seal certificate, and the like.

  Various certificates are issued by organizations such as local governments, and some of them are conventionally provided with a service for issuing certificates by user operation using an automatic certificate issuing machine. These certificates are required to be free of errors and to be free of errors such as missing prints at the time of output. However, when issued by an automatic issuing machine as described above, the user confirms the error. It was necessary to apply to the window. As a system for solving such a problem and issuing a high-quality certificate, a technique of an automated certificate issuing system as disclosed in Patent Document 1 is disclosed.

JP-A-2005-216204

  However, since the above-described conventional system has insufficient means for confirming the description content printed on the certificate, there is a possibility that a certificate with an incorrect description content may be issued when a system malfunction occurs. Further, when a description content error of a certificate occurs, it is necessary to reissue a certificate with the correct description content, and no countermeasure is anticipated.

  In view of the above points, the present invention detects an error in the contents of a certificate and controls issuance, and when an error is detected, obtains and analyzes information for estimating the cause. It is an object of the present invention to provide a certificate issuance system that can be used.

  In order to solve the above-described problems, in the present invention, a certificate log issuing machine, a certificate creating server, a certificate creating server, and a trace log management apparatus for storing a log of certificate issuing processing executed by the certificate automatic issuing machine and a certificate are provided. The system consists of an application terminal that applies to the certificate creation server for certificate issuance. Here, in the certificate issuance process, the user transmits necessary items from the application terminal to the certificate creation server in advance, and only outputs the certificate issued using the automatic certificate issuing machine.

  The automatic certificate issuing machine includes a card reader that reads an IC part of an identity verification IC card, an authentication part that authenticates an applicant from information read from the card reader, and a certificate of the applicant authenticated by the authentication part. A certificate inquiry unit that inquires the certificate creation server for a certificate, a printing device that receives and prints certificate information from the certificate creation server, and an output image reading unit that reads the description content of the certificate printed from the printing device An IC / certificate data collation unit for collating the information read from the card reader with the information read from the output image reading unit, and a trace log analysis unit for estimating the cause of the error by inquiring the information to the trace log management device And a certificate issuing unit that issues a certificate upon receiving a certificate issuance instruction, and an error display upon receipt of a certificate issuance instruction It has a screen display unit for performing.

  The certificate creation server includes a certificate creation acceptance unit that accepts an application from the application terminal, a certificate data creation unit that creates certificate data from information received from the certificate creation acceptance unit, and the certificate automatic A certificate output receiving unit that receives a certificate inquiry from an issuing machine, and a certificate data output unit that extracts certificate data from information received from the certificate output receiving unit and outputs the certificate data to the automatic certificate issuing machine.

  The trace log management device is a device for storing data at each processing stage processed at the time of certificate creation by the certificate creation server, and for writing data transmitted from the certificate creation server A log reading unit that reads data requested by the certificate automatic issuing machine, and a database that stores a trace log.

  When the applicant performs the issuance process using the identity verification IC card with the above certificate issuing machine, basic identity information is read from the identity verification IC card, stored in memory, and the certificate data is inquired to the certificate creation server. The output image of the certificate printed by the printing apparatus is stored in the memory. The IC / certificate data collation unit compares the former storage information with the latter storage information, and if there is a difference, the output is stopped and the screen display unit displays an error. Further, the trace log analysis unit acquires information for each processing stage from the trace log database, collates the normal data definition set in advance in the certificate automatic issuing machine with the acquired information, and sets the difference pattern in advance in the certificate. The cause of the error is estimated by collating with the error judgment condition set in the automatic issuing machine, and the screen display unit displays the error cause.

  As described above, according to the present invention, when the applicant performs the issuance process using the personal identification IC card with the automatic certificate issuing machine, the first stored information in which the basic personal information is read from the personal identification IC card and the certification It is possible to prevent the issuance of a certificate with an incorrect description by querying the certificate creation server for the certificate data and comparing the second storage information that is read from the output image of the certificate printed by the printer. It becomes. In addition, if the contents of the certificate are incorrect, the cause of the error can be estimated from the trace log at the time of certificate creation and the data definition previously defined at the time of system construction. Measures to reissue can be implemented immediately.

DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings.
(System configuration)
First, the overall configuration of the certificate issuing system according to the present invention will be described. FIG. 1 is a configuration diagram showing an embodiment of a certificate issuing system according to the present invention. In FIG. 1, 101 is an automatic certificate issuing machine, 102 is a certificate creation server, 103 is a trace log management device, 104 is an application terminal, and 105 and 106 are networks.

  The certificate automatic issuing machine 101 is a device having various functions related to certificate issuance, and includes a card reader 201, an authentication unit 202, a certificate issuing unit 203, a screen display unit 204, a printing device 205, and a certificate inquiry unit 206. , An output image reading unit 207, an IC / certificate data collation unit 208, a trace log analysis unit 209, an error determination condition storage unit 210, and a normal data definition storage unit 211.

  The certificate creation server 102 is a server computer having functions for receiving a certificate, creating data, and outputting data. The certificate creation server 212, a certificate data creation unit 213, a certificate output reception unit 214, a certificate A data output unit 215, a personal information data storage unit 216, and a certificate data storage unit 217 are included.

  The trace log management apparatus 103 is a database that stores data processed at the time of certificate creation by the certificate creation server 102 at a plurality of points, and includes a log writing unit 218, a log reading unit 219, and a trace log storage unit 220.

  The automatic certificate issuing machine 101, the certificate creation server 102, and the trace log management apparatus 103 are usually operated and managed directly or indirectly by a certificate issuing entity. The certificate issuer means, for example, a public office if a resident card is issued, or a school if a certificate is issued.

  The application terminal 104 is a terminal device used by the applicant. Specifically, the application terminal 104 is a device having a communication function such as a personal computer or a mobile phone, and the automatic certificate issuing machine 101 may also serve as the application terminal.

In FIG. 1, only one application terminal 104 is shown, but there are cases where a large number of application terminals 104 are connected to the network 105 or 106. Also, a plurality of different certificate creation servers are connected to the certificate creation server 102.
(Processing flow)
FIG. 2 is a processing flowchart of the certificate issuing system.

  When the application terminal 104 performs certificate application processing and transmits information to the certificate creation server 102 (step 301), the certificate creation reception unit 212 of the certificate creation server 102 connected via the network accepts the creation. (Step 302). Thereafter, application data is sequentially transmitted from the certificate creation accepting unit 212, and certificate data creation unit 213 creates certificate data (step 303). At this time, data is extracted from the personal information data storage unit 216 as necessary, and the created certificate data is stored in the certificate data storage unit 217. At the time of certificate data creation processing in step 303, the log of the target data at each log writing point is written in the trace log storage unit 220. Here, the log writing point indicates the timing to write in the trace log storage unit 220, and the target data indicates the program variable to be written in the trace log storage unit 220, which is definition information set in advance in the certificate data creation program. When the certificate data storage process ends, the certificate creation server 102 waits until an inquiry from the certificate automatic issuing machine 101 is received.

  When the automatic certificate issuing machine 101 accepts the certificate issuance request, the card reader 201 reads the identity verification IC card (step 304), and stores the principal basic information in the memory (step 305). At the same time, the certificate inquiry unit 206 performs inquiry processing to the certificate creation server 102. In the certificate creation server 102, in response to the inquiry request, the certificate output reception unit 214 performs output reception processing (step 306), and the certificate data output unit 215 extracts the corresponding data from the certificate data storage unit 217 (step 306). 307) and output to the automatic certificate issuing machine 101 (step 308).

  Upon receiving the certificate data, the automatic certificate issuing machine 101 performs printing with the printing device 205 (step 309). At this time, even if printing is completed, the certificate is not discharged as it is, but is put into a standby state in the automatic certificate issuing machine 101, the information is read by the certificate output image reading unit 207, and the basic information of the person described in the certificate Information is stored in memory (step 310).

  The IC / certificate data matching unit 208 compares the principal basic information acquired from the identity verification IC card and the principal basic information acquired from the printed certificate (step 311). If the comparison result is the same, the IC / certificate data collation unit 208 issues an instruction to issue the waiting printed certificate (step 312) and issues a certificate (step 315). If the results of the comparison are different, an instruction to stop issuing a printed certificate is issued. From the predefined error determination condition storage unit 210, normal data definition storage unit 211, and trace log storage unit 220 collected at the time of certificate data creation Data is extracted and an error occurrence cause is estimated (step 313).

  As a result of the processing, error cause candidates that match the conditions are displayed on the screen of the automatic certificate issuing machine as shown in FIG. 3 (step 314).

  FIG. 3 shows a screen output image when fraud is found in the contents of the certificate. This screen displays that a certificate issuance error has occurred, and the certificate applicant sees this screen and makes an inquiry to the system administrator. The system administrator can display the cause of the error by pressing the system administrator button 401. Note that an administrator password is required to press the system administrator button, and the certificate applicant cannot view it for system security.

  FIG. 4 is a table configuration example of the certificate data storage unit 217. The table is composed of a reception ID 501, a name 502 that is basic personal information, an address 503, a date of birth 504, a certifier 505 that is proof content, a proof date 506, and the like.

  FIG. 5 is a table configuration example of the trace log storage unit 220. The table includes reception ID 601, target data 602, log write point I 603, log write point II 604, log write point III 605, and the like. As an example, the target data is set to three types A, B, and C, and the log writing points are set to three locations I, II, and III. A more specific table configuration example is shown in the example of FIG.

  FIG. 6 is a table configuration example of the error determination condition storage unit 210. This is a table that can be used to estimate the location of error occurrence and the cause of error occurrence from the log write point where the fraud occurred when the fraud occurred in the contents of the certificate. The table includes a log writing point 701, an error occurrence location 702, and an error occurrence cause 703, and data is defined at the time of system configuration.

  FIG. 7 is a table configuration example of the normal data definition storage unit 211. This is a table defining normal data at each log writing point. The table is composed of log write points 801 and normal data 802, and the data is defined at the time of system configuration. A more specific table configuration example is shown in the example of FIG.

  FIG. 8 shows a detailed process flow diagram of the error cause estimation process in step 313 of FIG. 2 in the case where fraud is found in the description content of the certificate. This flowchart corresponds to the table configuration examples of FIGS. In the case where an illegality occurs in the description contents of the certificate, in step 901, the corresponding log is extracted from the trace log storage unit 220 using the certificate reception ID 601 and the target data 602 as keys. In step 902, the normal data definition storage unit 211 is referenced, and in step 903, the log data at the log write point I 603 is compared. If the log data is different from the normal data 802, the error determination condition storage unit 210 is referred to in step 904, and the error occurrence location 702 and the error occurrence cause 703 are specified. In step 905, the error occurrence location 702 and the error occurrence cause 703 are displayed, and the process is terminated. Similarly, a comparison is also made at the log write point II 604 and the log write point III 605, and the error determination condition storage unit 210 is referred to based on the result, and the error occurrence location 702 and the error occurrence cause 703 are specified.

  The certificate issuing system will be described below using specific parameters.

  Here, the certificate to be issued is the resident card 315, the identity verification IC card is the basic resident register card 304, and the basic resident register card 304 records the name, address, and basic personal information of the date of birth.

  As definitions at the time of system construction, three log writing points are set, and the error determination condition storage unit 210 and the normal data definition storage unit 211 are defined as in the examples of FIGS. 6 and 7, respectively.

  First, the resident card application process will be described. The applicant uses the personal computer 301 to apply for a certificate from the Internet 105 to the resident card creation server 102. The resident card creation server 102 creates resident card data 217 from the basic resident register 216. At this time, the principal basic information is written into the trace log storage unit 220 at the log writing point of the resident card data creation process. In this way, when the resident card application process is performed, a table like the example of FIG. 5 is created.

  Next, the process of issuing a resident card will be described. The applicant uses his / her basic resident register card 304 to issue a resident card from the automatic certificate issuing machine 101. The automatic certificate issuing machine 101 reads the IC of the basic resident register card 304 and stores the basic personal information. Also, authentication is performed from the basic resident register card 304, and the resident card issued to the resident card creation server 102 is inquired. The resident card creation server 102 extracts the corresponding resident card data from the resident card data storage unit 217 and outputs it to the automatic certificate issuing machine 101. When the certificate issuing machine 101 receives the resident card data, it prints. However, even if the printing is completed, the automatic certificate issuing machine 101 enters a standby state, the output image of the resident card is read, and the principal basic information described in the resident card is stored.

  Next, the principal basic information stored from the identity verification IC card is compared with the principal basic information stored from the certificate. If the results of the comparison are the same, issue a printed resident card waiting. If the comparison results are different, an instruction to stop issuing printed resident's cards is issued, data is extracted from the error determination condition storage unit 210, the normal data definition storage unit 211, and the trace log storage unit 220, and the cause of the error is estimated. I do. If the cause of the error can be estimated, an error is displayed on the screen 316 of the automatic certificate issuing machine.

  For example, if an error occurs in the name information in the resident card with the reception ID 0001, the trace log storage unit is extracted with the reception ID “0001” and the target data “name”. Then, the data at each log writing point is compared with the normal data definition storage unit 211. As a result of the comparison, if there is a mismatch at the log writing point I, the error occurrence location 702 “initial value setting location (program)” and the error occurrence cause 703 “initial value clear omission” in the error determination condition storage unit 210 Is displayed on the screen.

The structural example of a certificate issuing system is shown. The processing flow of a certificate issuing system is shown. An example of screen display when a certificate issuance error occurs is shown below. The example of a table structure of a certificate data storage part is shown. The table structural example of a trace log storage part is shown. The table structural example of an error determination condition storage part is shown. An example of normal data definition at the trace log writing point is shown below. The flow for estimating the cause of an error when an inconsistency occurs in the basic information of the principal in the contents of the identity verification IC card and the certificate is shown.

Explanation of symbols

DESCRIPTION OF SYMBOLS 101 ... Certificate automatic issuing machine, 102 ... Certificate creation server, 103 ... Trace log management apparatus, 104 ... Application terminal, 105 ... Network, 106 ... Network, 201 ... Card reader, 202 ... Authentication unit, 203 ... Certificate issuing unit, 204 ... Screen display unit, 205 ... Printing device, 206 ... Certificate inquiry unit, 207 ... Output image Reading unit, 208... IC, certificate data comparison unit, 209... Trace log analysis unit, 210 error determination condition storage unit, 211... Normal data definition storage unit, 212. 213: Certificate data creation unit, 214: Certificate output reception unit, 215 ... Certificate data output unit, 216 ... Personal information data storage unit, 217 ... Certificate data storage , 218 ... log writing unit, 219 ... log reading unit, 220 ... trace log storing unit

Claims (5)

In a certificate issuing system that has an automatic certificate issuing machine, a certificate creation server, a trace log management device, and an application terminal, and issues a certificate using an identity verification IC card,
A card reader that reads the IC part of the identity verification IC card,
An authentication unit that authenticates the applicant from the information read from the card reader;
A certificate inquiry unit that inquires of the certificate creation server about the certificate of the applicant authenticated by the authentication unit;
A printing device that receives and prints certificate information from the certificate creation server;
An output image reading unit for reading the description content of the certificate printed from the printing device;
An IC / certificate data collation unit for collating the information read from the card reader with the information read from the output image reading unit;
A trace log analysis unit that inquires information to the trace log management device to estimate the cause of the error, a certificate issuance unit that issues a certificate issuance instruction, and
A certificate issuance system comprising a screen display unit for displaying an error in response to a certificate issuance instruction. The IC / certificate data collating unit reads out and stores the basic information of the principal from the personal identification IC card, and the second storage that reads out and stores the basic information of the principal from the output image of the printed certificate. A means for comparing the principal basic information of the first storage means and the second storage means, and an issuing instruction or issue by the certificate automatic issuing machine according to the comparison result of the comparison means The certificate issuing system according to claim 1, further comprising control means for controlling an injunction instruction. The control means performs control to issue a printed certificate compared by the comparison means when the comparison result by the comparison means is the same, and displays an error display when the comparison results by the comparison means are different. To prevent the issue of the printed certificate compared by the above comparison means, and to estimate the error location and cause from the predefined data definition and the log data collected when creating the certificate data The certificate issuing system according to claim 1, wherein: In a certificate issuing system that has an automatic certificate issuing machine, a certificate creation server, a trace log management device, and an application terminal, and issues a certificate using an identity verification IC card,
The certificate creation server
A certificate creation acceptance unit that accepts applications from the application terminal,
A certificate data creation unit that creates certificate data from the information received from the certificate creation reception unit;
A certificate output accepting unit that accepts a certificate inquiry from the above automatic certificate issuing machine;
A certificate issuing system, comprising: a certificate data output unit that extracts certificate data from information received from the certificate output receiving unit and outputs the certificate data to the automatic certificate issuing machine. In a certificate issuing system that has an automatic certificate issuing machine, a certificate creation server, a trace log management device, and an application terminal, and issues a certificate using an identity verification IC card,
The trace log management device is a device for storing data of each processing stage processed at the time of certificate creation by the certificate creation server,
A log writing unit for writing data transmitted from the certificate creation server;
A certificate issuing system comprising a log reading unit for reading data requested from the certificate automatic issuing machine.

Images