JP2010134869A - Declaration data creation system, declaration data creation method, computer device, connection management server, and database server - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce skills or efforts required for creating electronic declaration data or applying electronic signature while ensuring required security. <P>SOLUTION: A declaration data creation system 1000 includes: a terminal 200 including a communication establishing means which reads user information from a portable medium 50, transmits an access request to a connection management server 400, and establishes communication with a specified computer device, and a creation instruction means which accepts creation instructions of the electronic declaration data and transmits the data to the computer device; and the computer device 300 including a data creation means which creates the electronic declaration data in response to the creation instructions from the terminal 200, a data saving means which transmits the electronic declaration data whose creation has been interrupted and a request to save the electronic declaration data to a connection management server 400, a data restoration means which transmits a restoration request of the temporarily saved electronic declaration data to the connection management server 400 and obtains the data, and a signature means which extracts an electronic certificate and a secrete key 10 from electronic certificate managing equipment 600, puts an electronic signature on the electronic declaration data, and transmits the data to an electronic declaration reception system 3. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a declaration data creation system, a declaration data creation method, a computer device, a connection management server, and a database server. Specifically, the electronic data is created and the necessary security is ensured. The present invention relates to a technique for reducing skills and labor required for the processing of digital signature assignment.

Conventionally, for an electronic reporting system that accepts electronic reporting data that has been electronically signed, the created electronic reporting data is digitally signed by a client and transmitted via the Internet. As an electronic signature method, a client in which a digital signature program is installed in advance reads an electronic certificate and a private key stored in an IC card via an IC card reader and performs electronic signature on the created electronic declaration data. The most common. (See Patent Document 1.)
Also, various systems for expanding the functions of the electronic reporting system are being studied in order to improve the convenience of the electronic reporting system and increase the number of users. (See Patent Document 2.)
JP 2000-235522 A JP 2002-373226 A

  In executing the above-described method for performing an electronic signature on a client, it takes time for a user to apply to a local government and receive it at a window in order to obtain an IC card type electronic certificate. Moreover, the expense which prepares the card reader for using the IC card which the user received in the said local government etc. is also needed. In addition, it is necessary to have a skill to install a digital signature program on the client together with the prerequisite environment. These are the current issues for disseminating the electronic reporting system. On the other hand, in the electronic signature method, it is required to attach an electronic signature that can identify the electronic declaration data and detect tampering via the Internet, and it is difficult to solve the above-mentioned problems while responding to this request. It was.

  Therefore, the present invention has been made in view of the above problems, and is a technique for reducing the skills and labor required for the creation of electronic reporting data and the processing of giving an electronic signature while ensuring necessary security and the like. The main purpose is provision.

  The report data creation system of the present invention that solves the above-described problems first comprises a terminal and a computer device connected and assigned to the terminal. The connection management server manages the connection assignment. As an example, it can be assumed that the terminal is a thin client terminal and the computer device is a blade PC connected to the terminal with a thin client. In this case, the connection management server will be a management server that performs session management for thin client connections.

  The terminal in the present embodiment is a computer terminal that includes an interface of a portable medium such as a USB memory and a communication unit that communicates with another device. The terminal reads user-specific user information (eg, user ID) from a portable medium connected to the interface, and transmits a connection request including the user information to a connection management server. Communication establishing means for communicating with a computer device designated by the connection management server is provided. In addition, a creation instruction means for receiving an instruction for creating electronic report data from a user through an input interface and transmitting the instruction to the computer device is provided.

  On the other hand, the computer device is a computer provided with communication means for communicating with other devices, and is connected to the terminal and the like through a network, but is a separate device. The computer device includes data creation means for sending report work screen data to the terminal and receiving the creation instruction via the report work screen and creating electronic report data.

  Further, the computer device detects interruption of creation of the electronic declaration data, and transmits the electronic declaration data for which the creation has been suspended and a request for saving the electronic declaration data to the connection management server to temporarily save the electronic declaration data. A retracting means is provided.

  In addition, the computer device includes data restoration means for detecting resumption of creation of electronic declaration data, transmitting a restoration request for the electronic declaration data temporarily saved to the connection management server, and obtaining the electronic declaration data from the connection management server. .

  Further, the computer device detects the end of the creation of the electronic declaration data, takes out the electronic certificate and the private key from the electronic certificate management device, performs an electronic signature on the electronic declaration data, and transmits the electronic signature to the electronic declaration acceptance system. A signature means is provided. The signature means may perform an electronic signature by including information obtained from a part or all of the user information in a signature value when performing an electronic signature on the electronic declaration data.

  The creation instructing means in the terminal accepts an electronic declaration data creation interruption instruction from a user at an input interface, and status of the electronic declaration data creation suspended for a portable medium connected to the interface It is preferable that information is written and the creation interruption instruction is transmitted to the computer apparatus.

  Further, in this case, the data saving means of the computer device detects the creation interruption of the electronic reporting data by receiving the creation suspension instruction from the terminal or detecting that the communication with the terminal is disconnected, The electronic reporting data whose creation has been interrupted and the electronic reporting data saving request are transmitted to the connection management server to temporarily save the electronic reporting data.

  On the other hand, the connection management server is a server device including a communication unit and a storage unit that communicate with other devices. The storage means stores user information and computer device information to be assigned to the terminal corresponding to the user information.

  The connection management server receives a connection request from the terminal, specifies information on the computer device from the storage means using user information included in the connection request as a key, and permits the connection of the terminal to the computer device Connection management means is provided.

  Further, the connection management server receives the electronic report data whose creation has been interrupted and the evacuation request from the computer device, and stores instruction means for notifying the database server of a data storage instruction including the electronic declaration data indicated by the evacuation request Is provided.

  The connection management server receives the restoration request from the computer device, notifies the database server of a data return instruction including user information indicated by the restoration request, and responds to the user information from the database server. Return instruction means for acquiring electronic report data to be transmitted and transmitting it to the computer device.

  The communication establishment unit in the terminal may read the status information from the portable medium via the interface and transmit the status information to the connection management server when communicating with the connection management server. .

  In this case, the return instruction means in the connection management server receives the status information from the terminal, and if the status information indicates that the creation of electronic report data is being suspended, the electronic information that has been temporarily saved for the terminal A data return instruction regarding report data is notified to the database server, electronic report data is acquired from the database server, and transmitted to the computer device to which the terminal is connected.

  At this time, the data restoring means in the computer device receives the electronic report data temporarily saved from the connection management server, and the data creating means in the computer device is for the temporarily saved electronic report data. Screen data for the reporting work is transmitted to the terminal, and the creation instruction is received via the reporting work screen to create electronic reporting data.

  In addition, the storage means in the connection management server stores a first table storing user information and information of the computer device assigned to the terminal corresponding to the user information, and current usage statuses of the plurality of computer devices. A second table to be managed may be stored. At this time, if the connection management means in the connection management server receives the connection request from the terminal, the connection management means searches for a computer device that is currently empty in the second table, and the computer device searched here is used as the connection request. A connection permission including the information of the corresponding computer device, storing the user information included in the connection request in the first table in association with the searched computer device as an assignment destination of the terminal corresponding to the user information included in A notification is sent to the terminal.

  The database server is a server device that includes a communication unit that communicates with another device and a storage unit that stores electronic report data, and is connected to the connection management server via a network. The database server receives a data storage instruction including electronic declaration data from the connection management server, and stores user information included in the data storage instruction and electronic declaration data in association with each other in the storage unit. Means.

  The database server receives the data return instruction from the connection management server, retrieves electronic declaration data from the storage means using user information included in the data return instruction as a key, and retrieves the electronic declaration data searched here. Data return means for transmitting to the connection management server and deleting the corresponding electronic report data from the storage means when the transmission is completed.

  The portable medium stores a program for converting the terminal into a thin client in accordance with the connection to the interface of the terminal, and the program detects the connection to the interface of the terminal and It is also possible to execute client processing. At this time, the communication establishment means of the terminal that has become a thin client by the program transmits the connection request to the connection management server as an allocation destination request for thin client connection. On the other hand, the connection management means in the connection management server receives a connection request as a request for a thin client connection allocation destination from the terminal, and specifies computer device information from the storage means using user information included in the connection request as a key. Then, the thin client connection of the terminal to the computer apparatus is permitted.

  In the report data creation method of the present invention, a terminal having a portable medium interface and communication means for communicating with other devices reads user-specific user information from a portable medium connected to the interface. Then, a connection request including the user information is transmitted to the connection management server, and a process for communicating with the computer device designated by the connection management server and an instruction for creating electronic declaration data from the user are received at the input interface. A computer device comprising a communication means for performing processing to be transmitted to the computer device and communicating with other devices, transmitting screen data for reporting work to the terminal and issuing the creation instruction via the screen for reporting work Process to create the electronic declaration data upon receipt, detect the interruption of the creation of the electronic declaration data, Sends a request to save child declaration data to the connection management server and temporarily saves the electronic declaration data, detects resumption of creation of electronic declaration data, and restores the electronic declaration data that has been temporarily saved Processing to obtain the electronic declaration data from the connection management server by transmitting to the management server and detecting the completion of the creation of the electronic declaration data, taking out the electronic certificate and the private key from the electronic certificate management device, and storing the electronic declaration data in the electronic declaration data A process of performing signature processing and transmitting it to the electronic report acceptance system is performed.

  Further, the computer device of the present invention transmits communication screen data for communication means communicating with other devices and a terminal designated by the connection management server, and creates electronic reporting data via the reporting work screen. Data creation means for creating electronic declaration data in response to an instruction, detection of interruption of creation of electronic declaration data, transmission of the electronic declaration data for which creation has been suspended and a request to save the electronic declaration data to the connection management server Data evacuation means for temporarily saving electronic declaration data, detection of resumption of creation of electronic declaration data, and sending a request to restore the electronic declaration data temporarily saved to the connection management server to send the electronic declaration data to the connection management server The data recovery means obtained from the above and the completion of the creation of the electronic declaration data are detected, the electronic certificate and the private key are taken out from the electronic certificate management device, and the electronic declaration is Performing an electronic signature to over data, characterized in that it comprises a signature means for transmitting to the reception system for electronic filing, the by.

  The connection management server of the present invention includes a communication unit that communicates with another device, a storage unit that stores user information and information on a computer device assigned to a terminal corresponding to the user information, and a connection request from the terminal. Receiving the user information included in the connection request as a key, identifying the computer device information from the storage means, and permitting the connection of the terminal to the computer device, and the electronic report whose creation has been interrupted A storage instruction means for receiving the data and the electronic declaration data save request from the computer device and notifying the database server of a data storage instruction including the electronic declaration data indicated by the save request, and the electronic declaration data temporarily saved A restoration request is received from the computer device, and a data return instruction including user information indicated by the restoration request is sent to the database server. Notify the, characterized in that it comprises a return instruction means acquires electronic filing data corresponding to the user information from the database server sends to the computer device.

  In addition, the database server of the present invention receives a data storage instruction including electronic declaration data from a communication means that communicates with other devices, a storage means for storing electronic declaration data, and a connection management server, and the data storage instruction A data return instruction including user information is received from the temporary storage processing means for storing the user information and electronic report data included in the storage means in association with each other, and the connection management server; The electronic declaration data is searched from the storage means using the user information including the key, the electronic declaration data searched here is transmitted to the connection management server, and the electronic declaration data is deleted from the storage means when the transmission is completed. And a data return means.

  In addition, the problems disclosed by the present application and the solutions thereof will be clarified by the embodiments of the present invention and the drawings.

  According to the present invention, the necessary security and the like can be ensured, and the skills and labor required for the creation of electronic report data and the processing for giving an electronic signature can be reduced.

--- System configuration ---
Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a network configuration diagram of a report data creation system 1000 according to this embodiment. In the present embodiment, the user has the portable medium 50. The portable medium 50 is a portable medium 50 (for example, a USB memory or the like) provided with an application that can be converted into a thin client by inserting the terminal into an arbitrary terminal 200 that satisfies a specific condition. The terminal 200 into which the portable medium 50 is inserted becomes a thin client. The thin client terminal 200 communicates with the connection management server 400, and the logical server (the logical server is one-to-one with the physical server, that is, n = 1). Of these, one assigned by the connection management server 400 is used as the data creation server 300 which is a computer device. Here, the logical server is assumed to be a virtual machine in which a plurality of OSs are started on one physical server. The terminal 200 may be a thin client terminal. In this case, the application in the portable medium 50 is not used.

  The thin client 200 has a function of displaying the processing performed by the data creation server 300 as an output user interface on the screen, but does not have a function of printing or outputting to an external medium. The terminal 200 has a function of transmitting input information from a mouse, a keyboard, or the like as an input interface to the data creation server 300 or the like. On the other hand, it is assumed that the terminal 200 does not transmit / receive data other than specific information (here, the input / output information, the user information, and the creation flag). The communication between the terminal 200 and the data creation server 300 is performed by a communication method with high security strength such as VPN communication.

  As shown in FIG. 1, the declaration data creation system 1000 in such an assumption includes a plurality of data creation servers 300, the data creation server 300, and a thin client connected to each other via the Internet 1 or the local network 5. A terminal 200 to be connected, a connection management server 400 for managing a thin client connection between the data creation server 300 and the terminal 200, a database server 500 serving as a temporary save destination of electronic report data being created, and an electronic certificate management device 600 is a computer system.

  The data creation server 300 constructs a VPN (Virtual Private Network) with the terminal 200 and receives input information (operation contents of the input device) sent from the terminal 200 via the VPN. The video information (desktop screen of the display device) indicating the processing result is transmitted to the terminal 200. The data creation server 300 is a server device that is normally used without locally connecting an input / output device.

  Next, each apparatus which comprises the said report data creation system 1000 in this embodiment is each demonstrated. FIG. 2 is a diagram illustrating a configuration example of the portable medium 50 according to the present embodiment. The portable medium 50 illustrated here interrupted the creation of user ID (user information), CB authentication information (password, etc.) as authentication information required when using the data creation server 300, and electronic declaration data last time. A data unit 52 for storing a reporting status (status information) indicating whether or not the information is provided, and a control unit 55 having a reporting status setting application 53 and a terminal thin client application 54. As the terminal thin client application 54 provided in the portable medium 50, an application based on existing technology (http://www.hitachi-ics.co.jp/product/seihin/jyourou/sec/sec.html) is adopted. do it.

  The portable medium 50 is assumed to have a form in which an IC chip is stored in an appropriate storage case such as a plastic housing, and is, for example, a USB device connected to the USB interface of the terminal 200 so that data communication is possible. Such an IC chip includes a CPU 56, a memory 57, and a communication unit 58 that performs communication processing with the USB interface of the terminal 200, and the data unit 52 is provided in the memory 57. Applications 53 and 54 provided as the control unit 55 are also stored in the memory 57, read from the memory 57, and executed by the CPU 56.

  As the portable medium 50, an authentication device (trademark) in which a personal certificate, a private key, a password, and various application software necessary for mobile use are preinstalled in a memory card in which an IC card unit and a flash memory are integrated. Name: KeyMobile). Information stored in the memory 57 by the portable medium 50 includes authentication information storing a chip ID, a personal certificate, a secret key, and a password, and a usage allocation process between the terminal 200 and the data creation server 300. The IP address of the connection management server 400 to be performed and software (such as an OS and software for executing personal authentication processing regarding the user of the portable medium 50) can be assumed.

  Next, the terminal 200 will be described. FIG. 3 is a diagram illustrating a configuration example of the terminal 200. The terminal 200 is a thin client that connects to one of the logical servers that are the connection management server 400 and the data creation server 300 via the Internet 1 and the local network 5. The terminal 200 is a device that uses the data creation server 300 via the interface 1 and the local network 5 by the use allocation process of the connection management server 400, and has a storage unit 201 to have a function necessary as a thin client. Is read into the memory 203 and executed by the CPU 204 which is an arithmetic unit.

  In addition, the terminal 200 exchanges data with an input interface 205 such as various keyboards and buttons generally provided in a computer device, an output interface 206 such as a display, and the data creation server 300 and the connection management server 400. The communication means 207 responsible for

  In this embodiment, the terminal 200 is assumed to be a terminal obtained by converting an existing PC having a normal HDD (Hard Disk Drive) into a thin client. However, the terminal 200 is not limited to this and is assumed to be a so-called HDD-less type thin client terminal. May be. Regarding the technology for converting a general PC into a thin client terminal, an existing technology (such as connecting a USB memory built in an OS to a USB interface of a general PC and executing a series of thin client processes such as OS activation, VPN connection, connection management server authentication) Reference: http://www.hitachi-ics.co.jp/product/seihin/jyourou/sec/sec.html)

  The terminal 200 includes a USB interface 244 for connecting various devices, a flash ROM 208, an I / O connector 260 for connecting a keyboard and a mouse, a video card 230 for connecting a display, and the like. The CPU 204 first recognizes the system configuration of the terminal 200 by accessing the flash ROM 208 and executing the BIOS 235 after the power is turned on.

  The OS 236 in the flash ROM 208 is a program for the CPU 204 to control each unit of the terminal 200 and execute a program corresponding to each unit described below. In accordance with the BIOS 235, the CPU 204 loads the OS 236 from the flash ROM 208 to the memory 203 and executes it. Note that the OS 236 of this embodiment uses a relatively small size that can be stored in the flash ROM 208 such as an embedded OS.

  The terminal 200 includes user information (such as a user ID and certificate information) stored in the portable medium 50 (USB memory) connected to the USB interface 244, a user ID input through the input interface 205, Naturally, the thin client terminal is provided with a function for executing the allocation request processing of the data creation server 300 to the connection management server 400 and the connection establishment processing with the data creation server 300 using the password information.

  In addition, the terminal 200 transmits the operation information input through the input interface 205 of the terminal 200 to the address of the data creation server 300 as the connection establishment process with the data creation server 300 is executed. Naturally, the thin client terminal also has a function of receiving video information corresponding to the operation information from the data creation server 300 and displaying it on the output interface 206 of the terminal 200.

  The terminal 200 includes a remote client program 270 and an encrypted communication program 271 in the storage unit 201. The remote client program 270 is a program for the terminal 200 to remotely access the desktop of the data creation server 300, and is, for example, a VNC client (viewer) program. In accordance with the OS 236, the CPU 204 loads the remote client program 270 from the storage unit 201 into the memory 203 and executes it. As a result, the CPU 204 transmits input information (operation contents of the keyboard and mouse) of the I / O connector 260 to the data creation server 300 via a network (Internet 1) such as VPN, and a network such as VPN. Video information (display desktop screen) sent from the data creation server 300 via (Internet 1) is output to an output interface 206 such as a display connected to the video card 230.

  The encrypted communication program 271 is a communication program for constructing a secure communication network such as VPN with the data creation server 300 having the address notified from the remote client program 270. For example, a communication program using IPsec can be assumed. In accordance with the OS 236, the CPU 204 loads the encrypted communication program 271 from the storage unit 201 into the memory 231 and executes it. As a result, the CPU 204 transmits a communication start request to the data creation server 300 assigned to the terminal 200 via the communication means 207, and constructs a network such as a VPN with the data creation server 300. Then, it communicates with the data creation server 300 via this VPN or the like.

  Next, a description will be given of means configured and held by the terminal 200 based on the program 202, for example. The terminal 200 reads user-specific user information (eg, user ID) from the portable medium 50 connected to the USB interface 244, and transmits a connection request including the user information to the connection management server 400. And communication establishing means 210 that communicates with the data creation server 300 designated by the connection management server 400.

  Further, the terminal 200 includes a creation instruction unit 211 that accepts an instruction to create electronic report data from a user through the input interface 205 and transmits it to the data creation server 300. The creation instructing unit 211 accepts an electronic reporting data creation interruption instruction from the user via the input interface 205, and the creation of electronic reporting data is suspended for the portable medium 50 connected to the USB interface 244. And the creation interruption instruction is transmitted to the data creation server 300.

  Further, when the communication establishment unit 210 communicates with the connection management server 400, it reads the status information from the portable medium 50 via the USB interface 244 and transmits the status information to the connection management server 400. This is preferable.

  Next, the data creation server 300 will be described. FIG. 4 is a diagram illustrating a configuration example of the data creation server 300 according to the present embodiment. On the other hand, the data creation server 300 is a server device that is inserted into a chassis installed in a data center or the like and forms a thin client connection with the terminal 200. The data creation server 300 is a device that accepts the usage from the terminal 200 via the network by the usage allocation process of the connection management server 400, and is stored in an HDD (hard disk drive) 301 or the like to have necessary functions. The program 302 is read into the memory 303 and executed by the CPU 304 as an arithmetic unit.

In addition, the data creation server 300 may be provided with an input interface such as various keyboards and buttons generally provided in a computer device and an output interface such as a display as necessary. In addition, a communication unit 307 for exchanging data with the terminal 200 and the connection management server 400 is provided.
The data creation server 300 includes a flash ROM (Read Only Memory) 308 and a video card 330 that generates desktop video information.

  The flash ROM 308 stores a BIOS (Basic Input / Output System) 335. After the power is turned on, the CPU 304 first accesses the flash ROM 308 and executes the BIOS 335 to recognize the system configuration of the data creation server 300.

  Such a data creation server 300 stores a remote server program 370, an encrypted communication program 371, and an OS (Operating System) 336 in the HDD 301. The OS 336 is a program for the CPU 304 to control each unit 301 to 330 of the data creation server 300 and execute each program that implements each unit. In accordance with the BIOS 335, the CPU 304 loads the OS 336 from the HDD 301 into the memory 303 and executes it. As a result, the CPU 304 comprehensively controls the units 301 to 330 of the data creation server 300.

  The remote server program 370 is a program for enabling the desktop of the data creation server 300 to be remotely operated from the terminal 200. For example, the remote server program 370 is a VNC (Virtual Network Computing) server program developed at AT & T Cambridge Laboratory. is there. The CPU 304 loads the remote server program 370 from the HDD 301 to the memory 303 and executes it in accordance with the OS 336. As a result, the CPU 304 receives and processes input information (keyboard and mouse operation contents) sent from the terminal 200 via a network such as VPN (Internet 1), and also displays video information (display information) indicating the processing result. Desktop screen) is transmitted to the terminal 200 via a network such as VPN (Internet 1).

  The encrypted communication program 371 is a communication program for establishing a network such as VPN with the terminal 200, and is a communication program using, for example, IPsec (Security Architecture for the Internet Protocol). The CPU 304 loads the encrypted communication program 371 from the HDD 301 into the memory 303 and executes it in accordance with the OS 336. As a result, the CPU 304 establishes a secure network such as VPN with the terminal 200 in accordance with the connection establishment request received from the terminal 200 via the communication means 307, and communicates with the terminal 200 via this VPN. Do.

  Next, means for configuring and holding the data creation server 300 based on the program 302 will be described. The data creation server 300 transmits the screen data for report work (preliminarily held in the storage unit 301 and read when necessary) to the terminal 200, and the electronic report data is transmitted via the report work screen. Data creation means 310 is provided for creating electronic report data in response to the creation instruction.

  The data creation server 300 detects the interruption of the creation of the electronic declaration data, and transmits the electronic declaration data for which the creation has been suspended and a save request for the electronic declaration data to the connection management server 400 to transmit the electronic declaration data. Data saving means 311 for temporarily saving data is provided. The data saving unit 311 detects the interruption of the creation of the electronic report data by receiving the creation interruption instruction from the terminal 200 or detecting that the communication with the terminal 200 is disconnected, and the creation is interrupted. It can be assumed that the electronic reporting data and the saving request for the electronic reporting data are transmitted to the connection management server 400 to temporarily save the electronic reporting data.

  The data creation server 300 detects the resumption of creation of the electronic declaration data, transmits a request to restore the electronic declaration data temporarily saved to the connection management server 400, and transmits the electronic declaration data from the connection management server 400. Data recovery means 312 is provided. The data creation means 310 transmits screen data for reporting work on the electronic reporting data temporarily saved to the terminal 200, receives the creation instruction via the reporting work screen, and generates electronic reporting data. Will be created.

  The data creation server 300 detects the end of the creation of the electronic declaration data, takes out the electronic certificate and the private key 10 from the electronic certificate management device 600, performs an electronic signature on the electronic declaration data, and performs an electronic declaration. A signature means 313 for transmitting to the system 3 (electronic report acceptance system) is provided. It is preferable that the signature unit 313 performs an electronic signature by including information obtained from a part or all of the user information in a signature value when performing an electronic signature on the electronic declaration data.

  Next, the connection management server 400 will be described. FIG. 5 is a diagram illustrating a configuration example of the connection management server 400. The connection management server 400 is responsible for general connection management (connection between a thin client and a thin client server) in a thin client system, and in the present embodiment, temporarily stores electronic report data being created by the data creation server 300. The server device instructs the database server 500 to perform saving and restoration.

  The connection management server 400 reads out a program 402 stored in an HDD (Hard Disk Drive) 401 or the like so as to have a necessary function, and executes it by the CPU 404 as an arithmetic unit. In addition, the connection management server 400 can be provided with input interfaces such as various keyboards and buttons generally provided in a computer device and output interfaces such as a display as necessary. In addition, a communication unit 407 for exchanging data with the terminal 200 and the data creation server 300 is provided.

  Next, the means that the connection management server 400 configures and holds based on the program 402 will be described. The connection management server 400 stores a user management table 425 (first table) storing user information and information of the data creation server 300 assigned to the terminal 200 corresponding to the user information in the storage unit 401. ), A server management table 426 (second table) for managing the current usage status of the plurality of data creation servers 300, and a log file 427.

  The connection management server 400 receives a connection request from the terminal 200, specifies information of the data creation server 300 from the storage unit 401 using the user information included in the connection request as a key, and the corresponding data creation server 300. Connection management means 410 for permitting connection of the terminal 200 to the network. The connection management unit 410 is a unit that performs processing for assigning a thin client server to a thin client, which is a general connection management server in a thin client system. When the connection management unit 410 receives the connection request from the terminal 200, the server 300 for the data creation 300 in the server management table 426 (second table) (eg, “usage state” is “free”). ) And the data creation server 300 searched here is assigned to the terminal 200 corresponding to the user information included in the connection request, and the connection request is included in the user management table 425 (first table). User information and the searched data creation server 300 are stored in association with each other, and a connection permission notification including information (eg, connection destination server ID) of the corresponding data creation server 300 is transmitted to the terminal 200.

  Further, the connection management server 400 receives the electronic declaration data whose creation has been interrupted and the save request from the data creation server 300, and issues a data storage instruction including the electronic report data indicated by the save request to the database server 500. Storage instruction means 411 for notifying the user.

  In addition, the connection management server 400 receives the restoration request from the data creation server 300, notifies the database server 500 of a data return instruction including user information indicated by the restoration request, and the database server 500 Return instruction means 412 for acquiring electronic declaration data corresponding to the user information from the data and transmitting it to the data creation server 300.

  The return instruction means 412 receives the status information from the terminal 200, and if the status information indicates that the creation of electronic report data is being interrupted, the electronic report data temporarily saved for the terminal 200 is stored. It is preferable that the data return instruction is notified to the database server 500, electronic report data is acquired from the database server 500, and transmitted to the data creation server 300 to which the terminal 200 is connected.

  Next, the database server 500 will be described. FIG. 6 is a diagram illustrating a configuration example of the database server 500. The database server 500 reads out a program 502 stored in an HDD (Hard Disk Drive) 501 or the like so as to have a necessary function, and executes it by the CPU 504 as an arithmetic unit. In addition, the database server 500 may include an input interface such as various keyboards and buttons generally provided in a computer device and an output interface such as a display as necessary. In addition, a communication unit 507 for transferring data to and from the connection management server 400 is provided.

  Next, the means that the database server 500 configures and holds based on the program 502 will be described. The database server 500 includes a creating data management database 525 in the storage unit 501 for storing the electronic report data being temporarily saved until the next creation restart.

  The database server 500 receives the data storage instruction including the electronic declaration data from the connection management server 400, associates the user information included in the data storage instruction with the electronic declaration data, and creates data in the storage unit 501 Temporary storage processing means 510 for storing in the management database 525 is provided.

  Further, the database server 500 receives the data return instruction from the connection management server 400 and uses the user information included in the data return instruction as a key to receive electronic report data from the data management database 525 being created in the storage unit 501. A data return unit 511 is provided for searching, transmitting the electronic declaration data searched here to the connection management server 400, and deleting the electronic declaration data from the data management database 525 being created in the storage unit 501 when the transmission is completed. .

  Next, the electronic certificate management device 600 will be described. FIG. 7 is a diagram illustrating a configuration example of the electronic certificate management device 600. The electronic certificate management device 600 reads a program 602 stored in an HDD (Hard Disk Drive) 601 or the like so as to have a necessary function, and executes the program 602 by a CPU 604 serving as an arithmetic device. Further, the electronic certificate management device 600 may include an input interface such as various keyboards and buttons generally provided in a computer device, and an output interface such as a display as necessary. Further, a communication unit 607 for exchanging data with the data creation server 300 is provided. The electronic certificate management device 600 communicates with the data creation server 300 based on the program 602 and reads the electronic certificate and private key 10 of the corresponding user stored in the storage unit 601 in advance. To the corresponding terminal 200.

  Next, the window terminal 2 will be described. FIG. 8 is a diagram illustrating a configuration example of the window terminal 2. The window terminal 2 serves as a terminal for a user who has the portable medium 50 to visit and receive user information written on the portable medium 50. In addition to the interface 014 of the portable medium 50, the window terminal 2 naturally includes a CPU 016, a memory 017, an input / output interface 018, and the like as computer terminals. The window terminal 2 includes, for example, a user ID issuance request function 011, a user information writing function 012, and a user information registration function 013 as means for configuring and holding based on a program, for example. Each of these functions will be described later.

  Next, the electronic reporting system 3 will be described. FIG. 9 is a diagram illustrating a configuration example of the electronic reporting system 3. The electronic reporting data created and transmitted by the data creation server 300 is received by the electronic reporting system 3. The electronic reporting system 3 includes a reception server 4, a reporting data management database 32, and a user management database 33.

  The reception server 4 issues a data reception function 31 for receiving electronic declaration data transmitted via the Internet 1, a signature verification function 32 for detecting falsification of electronic declaration data by signature verification, and a user ID. A user ID issuing function 33; a user ID authentication function 34 for authenticating the user ID of the logged-in user based on information in the declaration data management database 33; and the received electronic declaration data in the declaration data management database 32; A control unit 36 having a DB storage function 35 for storing the issued user ID in the user management database 33 is provided. Each of the functional units 31 to 35 is, for example, a unit configured and held based on a program included in the storage unit of the reception server 4.

  Note that each means 210 to 211, 310 to 313, 410 to 412, 510 to 511, etc. in each device constituting the report data creation system 1000 shown so far may be realized as hardware, a memory, an HDD, or the like. It may be realized as a program stored in an appropriate storage device such as (Hard Disk Drive). In this case, each CPU reads the corresponding program from the storage device into the memory and executes it in accordance with the program execution.

  In addition, regarding the network used by the reporting data creation system 1000 in the present embodiment, in addition to the Internet and LAN to which virtual dedicated network technology such as VPN (Virtual Private Network) can be applied, an ATM line, a dedicated line, a WAN (Wide Area Network), Various networks such as a power line network, a wireless network, a public network, and a mobile phone network can also be adopted.

--- Structure of tables ---
Next, the structure of the tables used in this embodiment will be described. FIG. 10 is a diagram showing an example of the data structure of the user management table 425 in the present embodiment. The user management table 425 is a table corresponding to a first table that stores user information and information of the data creation server 300 assigned to the terminal 200 corresponding to the user information. The user management table 425 includes, for example, user information registered in advance in the portable medium 50, that is, CB authentication information (for example, password), usage classification, and connection destination assigned by the connection management server 400 using the user ID as a key. This is a set of records associated with the server ID of the data creation server 300. The usage category data is normally set as “usable”, but is “paused” when a security lock such as a password lock is applied. In the example of FIG. 10, for example, the user “AA1111” is assigned to the data creation server “sv036”.

  FIG. 11 is a diagram showing an example of the data structure of the server management table 426 in this embodiment. The server management table 426 corresponds to a second table that manages the current usage status of the plurality of data creation servers 300. The server management table 426 is a set of records in which the server ID of the data creation server 300 is used as a key and the usage status in the corresponding server, that is, the data indicating whether the terminal 200 is allocated or not connected is associated. . For example, the server “sv001” has already been assigned to one of the terminals 200, the usage state is “in use”, the server “sv002” has not been assigned, and the usage state is “free”. Is in a state of being.

  FIG. 12 is a diagram showing an example of the structure of the data management database 525 being created in the present embodiment. This creating data management database 525 is a database that manages the user ID (user information) registered in advance in the portable medium 50 and the electronic report data being created for the corresponding user. In the creating data management database 525, for example, the creating data of the user “AA1111” is stored as “report data 1” in the figure.

  FIG. 13 is a diagram showing an example of the data structure of the log file 427 in the present embodiment. The log file 427 is a file managed by the connection management server 400. The server ID of the data creation server 300 to which the user terminal 200 corresponding to the user ID is connected using the user ID as a key, the data creation server 300 is a file for managing the creation start / interruption / end classification and work time of electronic declaration data in 300 in association with each other. In the example of the figure, for example, the user “AA1111” starts creation at 13:30 on August 31, 2008 in the data creation server 300 “sv036”. The report was completed at 15:52:08 on the 31st. By analyzing this log file 427, the administrator can grasp the user's tendency and can perform expansion / reduction plans such as the number of servers.

--- Processing example 1 ---
Hereinafter, the actual procedure of the report data creation method in the present embodiment will be described with reference to the drawings. FIG. 14 is a diagram showing a processing flow example 1 of the report data creation method in the present embodiment. Note that various operations corresponding to the report data creation method described below are realized by programs that are read into the memory and executed by the devices constituting the system 1000. And this program is comprised from the code | cord | chord for performing the various operation | movement demonstrated below.

Here, the flow of registration processing of user information to the portable medium 50 will be described. The user, for example, goes to a window of an administrative institution or local government and receives identity verification by a staff member who uses an identification card. After this identity verification, an authorized employee instructs the execution of the user ID issue request function 011 at the input interface of the window terminal 2. The user ID issue request function 011 transmits a user ID request to the control unit 36 of the reception server 4 of the electronic reporting system 3 via the communication unit 015 (step 0001).
On the other hand, in the electronic reporting system 3, the user ID issuing function 33 that has received the user ID issuing request performs a user ID issuing process (step 0002). Further, the DB storage function 35 stores the user ID issued in step 0002 in the user management database 33. Further, the user ID issuing function 33 performs the user ID payout process to the window terminal 2 via the communication means (step 0003).
Subsequently, the user information writing function 012 of the window terminal 2 stores information on the user ID and password issued in step 0003 for the portable medium 50 inserted in the interface 014 of the window terminal 2. (Step 0004).
Next, the user information registration function 013 of the window terminal 2 instructs the connection management server 400 to register the user ID and password in the user management table 425 via the communication unit 015 (step 0005). After the registration of the user ID and password at the connection management server 400, the staff distributes the portable medium 50 to the user.

--- Processing example 2 ---
Next, the flow of reporting from the creation of electronic reporting data to the electronic reporting system will be described. FIG. 15 is a diagram illustrating a processing flow example 2 of the report data creation method according to the present embodiment. Here, first, the communication establishment means 210 of the terminal 200 sends user information (from the data section 52 of the portable medium 50 connected to the USB interface 244 to the user information (step 1000) together with the user login request (step 1000). The user ID, CB authentication information, and reporting status are read, and a connection request including the user information is transmitted to the connection management server 400 (step 1001).

  On the other hand, the connection management unit 410 of the connection management server 400 receives a connection request from the terminal 200, and determines whether the CB authentication information included in the connection request is registered in the user management table 425 (step 1002). ). When the CB authentication information is not in the user management table 425 (1002: NG), the connection management means 410 notifies the terminal 200 of connection refusal (step 1003), and the terminal 200 Message display (step 1004) is performed on the output interface 206.

  On the other hand, when the CB authentication information included in the connection request is in the user management table 425 in step 1002 (1002: OK), the connection management means 410 uses the data available in the server management table 426. The creation server 300 (having the usage status “free”) is searched and specified. The connection management unit 410 communicates with the communication unit of the specified data creation server 300 through the communication unit 407, and executes server allocation processing (step 2001). In this allocation process, that is, the server ID of the data creation server 300 is linked to the corresponding user ID in the user management table 425, and the data creation server 300 (one of logical servers) is connected to the terminal 200. Assign (step 2002).

  Thereafter, the user operates the terminal 200, which is a thin client terminal, and starts creation processing of electronic report data by the data creation server 300. As the creation process starts, the connection management server 400 stores the connection start time in the log file 427 in association with the user ID. The processing by the data creation server 300 described below is performed by the user operating the terminal 200 which is a thin client terminal.

  Subsequently, the data restoration unit 312 of the connection management server 400 determines whether or not first-time access, that is, creation of electronic reporting data, has started for the reporting status received from the terminal 200 in the step 1002 (step 1002). 2003). If it is determined in step 2003 that “first access” (2003: YES), the data restoration unit 312 shifts the processing to creation of electronic report data in the data creation server 300 (step 2008).

  On the other hand, if the reporting status is “Creating” by the determination in Step 2003 (2003: NO), the data restoration unit 312 determines that the previous electronic reporting data creation has been interrupted (that is, This time, it is detected that it means resuming the creation of the electronic report data), and the database server 500 is requested to return the electronic report data being temporarily saved in the data management database 525 being created (step 2004). This request includes the user ID.

  The data return means 511 of the database server 500 receives a request from the connection management server 400 through the communication means 507, extracts the corresponding report data from the data management database 525 being created based on the user ID, (E.g. memory 503). Further, the data return means 511 deletes the record of the declaration data corresponding to the user ID in the data management database 525 being created (step 2005). After executing this deletion, the data return means 511 returns the declaration data of the temporary area to the connection management server 400 (step 2006), and clears the data of the temporary area. Thereafter, the flow continues in FIG.

  On the other hand, the data restoration unit 312 of the connection management server 400 receives the reporting data that was temporarily saved from the data return unit 511 of the database server 500. The received report data received here is transmitted to the data creation server 300 by the data restoration means 312 communicating with the communication means 307 of the data creation server 300 via the communication means 307 (step 2007). ).

  Thus, the user can handle the report data temporarily saved in the database server 500 by the data creation server 300 via the connection management server 400. In this case, the data creation means 310 of the data creation server 300 provides the terminal 200 with screen data for report work (the report stored in the storage means 301 in advance and returned from the connection management server 400). The electronic report data is generated in response to an instruction to create the electronic declaration data via the declaration work screen (which may be referred to as the electronic declaration data 14 in FIG. 21) (step 2008). ). Various creation instructions from the user are received by the creation instruction unit 211 of the terminal 200 via the reporting work screen via the input interface and transmitted to the data creation server 300.

  It should be noted that the creation instruction unit 211 of the terminal 200 accepts the electronic report data creation suspension instruction from the user via the input interface 205, that is, the report creation process is suspended by the user (step 2009: suspension). If it is, the report status information during the creation of electronic report data is written to the portable medium 50 connected to the USB interface 244, and the creation suspension instruction is transmitted to the data creation server 300.

  In response to this, the data saving unit 311 of the data creation server 300 detects the interruption of the creation of the electronic declaration data upon receipt of the creation interruption instruction, and saves the electronic declaration data whose creation has been interrupted and the electronic declaration data. The request is transmitted to the connection management server 400 (step 2010). The data saving unit 311 may detect the interruption of the creation of the electronic report data by receiving the creation interruption instruction from the terminal 200 or detecting that the communication with the terminal 200 has been disconnected. .

  Further, the storage instructing unit 411 of the connection management server 400 receives the electronic report data whose creation has been interrupted and the save request from the data creation server 300, and stores data including the electronic report data indicated by the save request. The instruction is notified to the database server 500 (step 2011).

  In this case, the temporary storage processing unit 510 of the database server 500 receives the data storage instruction including the electronic declaration data from the connection management server 400, and the user ID and the electronic declaration as the user information included in the data storage instruction. The data is stored in the data management database 525 being created in the storage unit 501 in association with the data. If there is no record of the user ID in the data management database 525 being created, the temporary storage processing means 510 generates a new record and stores the electronic report data being created in association with the user ID (step 2012), a response is returned to the connection management server 400 (step 2013).

On the other hand, the storage instructing unit 411 of the connection management server 400 updates the reporting status information to “Creating” (step 2014), returns the reporting status information to the terminal 200, and issues an interruption ( Step 2015).
On the other hand, the terminal 200 returns the report status information received from the connection management server 400 to the portable medium 50 inserted into the USB interface 244, and logs out the user (step 2016).
Further, the storage instruction unit 411 of the connection management server 400 stores the connection interruption time in association with the user ID in the log file 427.

  At the same time, the application status setting application 53 of the portable medium 50 updates the reporting status in the data section 52 to “being created” (step 2017). As a result, the next time the user logs in, the data restoration means 312 of the connection management server 400 determines that the user is “creating data” and restores the data being created. It is possible to resume the creation of declaration data. Thereafter, the flow continues in FIG.

  On the other hand, when the creation of the electronic report data in the data creation server 300 is completed in the above-described step 2009 and the report to the electronic report system 3 (step 2009: report) is selected (for example, the user uses the terminal 200 In other words, the signature unit 313 of the data creation server 300 uses the communication unit 307 to communicate with the electronic certificate management device 600 when it detects the completion of the creation of the electronic report data. It communicates with the means 607 to execute a request for the electronic certificate and private key of the user or terminal 200 (step 3001). This request includes a user ID and the like.

The program 602 of the electronic certificate management device 600 receives the request, specifies the user ID from the storage unit 601 as a key, and pays it out to the data creation server 300 (step 3002).
The signature means 313 of the data creation server 300 receives the electronic certificate and the private key 10 from the electronic certificate management device 600, and the electronic declaration data for which the creation process has been completed with the electronic certificate and the private key 10 An electronic signature is added to the message (step 3003) (step 3003). The signature unit 313 logs in to the electronic reporting system 3 with the user ID and transmits the electronic reporting data (with signature) (step 3004). It is assumed that transmission of the electronic report data (step 3004) can be executed any number of times by the user if it fails.

  FIG. 21 is a diagram illustrating the contents of the electronic report data 14 in the present embodiment, and FIG. 22 is a diagram illustrating the contents (signed) of the electronic report data 17 in the present embodiment. In the example of the electronic report data 14 shown in FIG. 21, it is assumed that highly confidential information such as personal information 15 including at least an address, name, date of birth, and gender and information 16 of the reported amount is handled. Also, the user ID (“AA1231” in the example in the figure) is provided at the upper left of the layout.

  Further, the electronic declaration data 17 shown in FIG. 22 is obtained by adding an electronic signature to the electronic declaration data 14 of FIG. This electronic declaration data 17 includes the user ID in the data portion for signature verification, which is a request of the electronic signature method, with the data portion as a signature target. The signature value is added to the lower part of the data part. The electronic signature method can be implemented, for example, by applying the electronic declaration data in the XML format and taking the XML signature method.

  On the other hand, the electronic reporting system 3 determines whether the logged-in user ID is in the user management database 33 by the user ID authentication function 34 and permits login. In addition, the electronic report data is received by the data reception function 31, and the signature means 313 of the corresponding data creation server 300 is notified of whether the transmission from the data creation server 300 is successful. Further, the signature verification function 32 verifies whether the signature of the electronic report data is correct.

  When the confirmation result (step 3006) of the transmission result notification (step 3005) from the electronic reporting system 3 is an error (3006: error), the signing means 313 of the data creation server 300 uses the user, that is, the terminal 200 is notified of an error and a coping method (previously stored in the storage means 301) so as to transmit again after a time (step 3007), and the same interruption processing as (step 2010 to 2017) is performed ( Steps 3008-3015).

  If the confirmation result in step 3006 is a successful transmission (3006: success), the signature unit 313 of the data creation server 300 confirms the verification result to the electronic reporting system 3 (step 4001), and the electronic reporting system 3 Receives a verification result notification (step 4002). Further, the signing means 313 of the data creation server 300, when the verification result is an error (step 5001: error), a coping method (such as correcting the electronic report data to the effect that the user is in error) The storage unit 301 is notified in advance (step 5002), and interruption processing similar to (steps 2010 to 2017) is performed (described in FIG. 19 from step 5003 to 5006, omitted below). When there is no problem in the verification result (step 4001) (5001: no problem), the electronic report system 3 stores the electronic report data in the report data management database 32 by the DB storage function 35 and stores the contents. Start verification as a batch process. The result of the batch processing can be confirmed separately on the Internet according to the access from the terminal 200 or the like.

  If there is no problem in the verification result in step 5001 (5001: no problem), the signature unit 313 of the data creation server 300 displays the fact on the terminal 200 and discards the electronic report data on the memory 303. And initialization processing (6000) such as application termination. Further, the signing unit 313 makes an end request (step 6001) to the connection management server 400.

  In response to this, the connection management means 410 of the connection management server 400 transmits the user ID to the database server 500 and makes an electronic declaration data deletion request (step 6002). The data return unit 511 of the database server 500 deletes the electronic report data associated with the transmitted user ID in the data management database 525 being created (step 6003), and the connection management unit 410 of the connection management server 400. A response is returned to (step 6004).

  The storage instructing unit 411 of the connection management server 400 updates the reporting status information to “first access” (step 6005), returns reporting status information to the terminal 200, and sends an interruption notification (step 6006). The storage instructing means 411 stores the connection end time in the log file 427 in association with the user ID.

  On the other hand, the terminal 200 returns a reporting status to the portable medium 50 inserted into the USB interface 244 and logs out the user (step 6007). At the same time, the application status setting application 53 of the portable medium 50 updates the reporting status in the data section 52 to “first access” (step 6008). As a result, when the user logs in next time, if the user makes a report from the beginning, the data restoring means 312 of the connection management server 300 determines that the user can start creating electronic report data.

--- Processing example 3 ---
FIG. 23 is a diagram illustrating a processing flow example 8 of the reporting data creation method according to the present embodiment. The flow shown here is a flow obtained by eliminating the report data deletion process (step 2005) in the flow shown in FIG. As a result, even when the electronic report data is being created by the data creation server 300, even if a failure occurs in the data creation server 300 by leaving the declaration data in the data management database 525 during creation of the database server 500, If the database server 500 is not broken, the user can log in again, recover the data, and start creation. Compared to the above processing example 1 (FIG. 16) in which security is emphasized by shortening the life cycle of the declaration data in the database server 500 as much as possible, reliability is emphasized in consideration of the risk at the time of failure. it can.

  As described above, according to the present embodiment, an electronic signature that is conventionally performed on the client side (terminal) can be implemented on the server side (data creation server), and the user prepares a client environment for the electronic signature. There is no need. The premise of making the terminal into a thin client can be easily realized by connecting a portable medium having a general and popular interface such as a USB memory (equipped with an application capable of making an existing PC into a thin client). On the other hand, compared with the conventional situation in which an IC card or a reader / writer is prepared on the user side and a digital signature program is installed on the client together with the prerequisite environment, it is possible to remarkably reduce the effort for preparing the electronic report. In addition, if there is a PC that satisfies a specific condition (connectable to a data creation server or the like with a thin client), the electronic report data can be created at any timing of the user.

  Therefore, it is possible to reduce the skills and labor required for the creation of the electronic report data and the processing for giving the electronic signature while ensuring the necessary security.

  As mentioned above, although embodiment of this invention was described concretely based on the embodiment, it is not limited to this and can be variously changed in the range which does not deviate from the summary.

It is a network block diagram of the report data creation system of this embodiment. It is a figure which shows the structural example of the portable medium of this embodiment. It is a figure which shows the structural example of the terminal of this embodiment. It is a figure which shows the structural example of the server for data creation of this embodiment. It is a figure which shows the structural example of the connection management server of this embodiment. It is a figure which shows the structural example of the database server of this embodiment. It is a figure which shows the structural example of the electronic certificate management apparatus of this embodiment. It is a figure which shows the structural example of the window terminal of this embodiment. It is a figure which shows the structural example of the electronic report system of this embodiment. It is a figure which shows the example of a data structure of the user management table in this embodiment. It is a figure which shows the example of a data structure of the server management table in this embodiment. It is a figure which shows the structural example of the data management database in preparation in this embodiment. It is a figure which shows the data structure example of the log file in this embodiment. It is a figure which shows the process flow example 1 of the report data creation method in this embodiment. It is a figure which shows the processing flow example 2 of the report data creation method in this embodiment. It is a figure which shows the process flow example 3 of the report data creation method in this embodiment. It is a figure which shows the example 4 of a processing flow of the report data creation method in this embodiment. It is a figure which shows the process flow example 5 of the report data creation method in this embodiment. It is a figure which shows the process flow example 6 of the report data creation method in this embodiment. It is a figure which shows the example 7 of a processing flow of the report data creation method in this embodiment. It is a figure which illustrates the content of the electronic report data in this embodiment. It is a figure which illustrates the electronic report data content (with a signature) in this embodiment. It is a figure which shows the process flow example 8 of the report data preparation method in this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Internet 2 Window terminal 3 Electronic reporting system 4 Reception server 5 Network 10 Electronic certificate and private key 32 Declaration data management database 33 User management database 50 Portable medium 53 Declaration status setting application 54 Terminal thin client application 200 Terminal 210 Communication establishment Means 211 Creation instruction means 300 Data creation server (computer device)
310 Data creation means 311 Data saving means 312 Data restoration means 313 Signature means 400 Connection management server 410 Connection management means 411 Storage instruction means 412 Return instruction means 425 User management table 426 Server management table 427 Log file 500 Database server 510 Temporary storage processing means 511 Data return means 525 Creating data management database 600 Electronic certification management device 1000 Report data creation system

Claims (12)

A portable medium interface, communication means for communicating with other devices, user-specific user information is read from the portable medium connected to the interface, and a connection request including the user information is sent to the connection management server. A communication establishment unit that transmits and communicates with a computer device designated by the connection management server; and a creation instruction unit that receives an instruction to create electronic report data from a user via an input interface and transmits the instruction to the computer device When,
Communication means for communicating with other devices, data creation means for sending screen data for reporting work to the terminal and receiving the creation instruction via the screen for reporting work, and creating electronic reporting data, and electronic reporting data A data saving means for detecting the interruption of creation, sending the electronic declaration data whose creation was interrupted, and a request for saving the electronic declaration data to the connection management server to temporarily save the electronic declaration data, and restarting the creation of the electronic declaration data A data restoration means for obtaining the electronic declaration data from the connection management server by transmitting a request for restoring the electronic declaration data temporarily saved to the connection management server, and detecting the completion of the creation of the electronic declaration data, A signature means for taking out an electronic certificate and a private key from a certificate management device, digitally signing the electronic declaration data, and transmitting the electronic signature to the electronic declaration acceptance system. And the computer equipment that,
A reporting data creation system characterized by comprising: Communication means for communicating with other devices;
Storage means for storing user information and information of a computer device assigned to a terminal corresponding to the user information;
A connection management unit that receives a connection request from the terminal, identifies information about the computer device from the storage unit using user information included in the connection request as a key, and permits connection of the terminal to the computer device;
Storage instruction means for receiving the electronic reporting data and the evacuation request for which the creation has been interrupted from the computer device, and notifying a database server of a data storage instruction including the electronic reporting data indicated by the evacuation request;
The restoration request is received from the computer device, a data return instruction including user information indicated by the restoration request is notified to the database server, and electronic declaration data corresponding to the user information is obtained from the database server. Return instruction means for transmitting to the computer device;
The declaration data creation system according to claim 1, further comprising: a connection management server comprising: The creation instruction means in the terminal is
An instruction for interrupting creation of electronic declaration data from a user is received by an input interface, status information during suspension of creation of electronic declaration data is written to a portable medium connected to the interface, and the creation suspension instruction is written to the computer. To the device,
The data saving means of the computer device is:
Receiving the creation interruption instruction from the terminal or detecting that the communication with the terminal has been disconnected to detect the creation of the electronic declaration data, and the electronic declaration data and the electronic declaration data for which the creation has been interrupted A temporary save of the electronic declaration data by sending a save request to the connection management server,
The declaration data creation system according to claim 1 or 2, characterized in that. The communication establishment means in the terminal is
When communicating with the connection management server, the status information is read from the portable medium via the interface, and the status information is transmitted to the connection management server.
Return instruction means in the connection management server,
If the status information is received from the terminal and the status information indicates that the creation of electronic report data is being suspended, the database server is notified of a data return instruction regarding the electronic report data temporarily saved for the terminal. Obtaining electronic reporting data from the database server and transmitting it to the computer device to which the terminal is connected,
The data restoration means in the computer device receives the electronic report data temporarily saved from the connection management server,
The data creation means in the computer device sends screen data for reporting work for the electronic reporting data temporarily saved to the terminal, receives the creation instruction via the reporting work screen, Create data,
The declaration data creation system according to claim 3. Communication means for communicating with other devices;
Storage means for storing electronic reporting data;
Temporary storage processing means for receiving data storage instructions including electronic declaration data from the connection management server, and storing user information and electronic declaration data included in the data storage instructions in association with each other in the storage means;
The data return instruction is received from the connection management server, the electronic return data is searched from the storage means using the user information included in the data return instruction as a key, and the electronic return data searched here is transmitted to the connection management server And data return means for deleting the corresponding electronic declaration data from the storage means when the transmission is completed,
A reporting data creation system according to any one of claims 2 to 4, further comprising a database server. The storage means in the connection management server includes:
A first table storing user information and information about a computer device assigned to a terminal corresponding to the user information, and a second table for managing the current usage status of the plurality of computer devices. ,
The connection management means in the connection management server includes:
When the connection request is received from the terminal, the currently empty computer device is searched in the second table, and the computer device searched here is set as the allocation destination of the terminal corresponding to the user information included in the connection request. The user information included in the connection request in the first table is stored in association with the searched computer device, and a connection permission notification including information on the computer device is transmitted to the terminal.
The declaration data creation system according to claim 2, wherein: The signing means in the computer device is:
2. The declaration data creation system according to claim 1, wherein when the electronic signature is digitally signed, information obtained from a part or all of the user information is included in a signature value. The portable medium stores a program for converting the terminal into a thin client when the terminal is connected to the interface, and the program detects the connection to the interface of the terminal and converts the terminal into a thin client. Execute the process,
The communication establishment means of the terminal that has become a thin client by the program transmits the connection request to the connection management server as a request for an assignment destination for thin client connection,
The connection management means in the connection management server receives a connection request as a request for a thin client connection allocation destination from the terminal, specifies information on the computer device from the storage means using user information included in the connection request as a key, Permit thin client connection of the terminal to the computer device;
The declaration data creation system according to claim 2, wherein: A terminal provided with a portable medium interface and communication means for communicating with other devices,
Reads user-specific user information from the portable medium connected to the interface, transmits a connection request including the user information to the connection management server, and communicates with the computer device designated by the connection management server Processing,
A process of receiving an instruction to create electronic declaration data from a user at an input interface and transmitting the instruction to the computer device;
A computer device comprising a communication means for communicating with another device,
Processing for generating electronic declaration data in response to the creation instruction via the declaration work screen by transmitting screen data for reporting work to the terminal;
Processing to detect the interruption of the creation of the electronic declaration data, and to temporarily save the electronic declaration data by transmitting the electronic declaration data whose creation has been interrupted and a request to save the electronic declaration data to the connection management server;
Processing to detect the resumption of the creation of the electronic declaration data, send a request to restore the electronic declaration data temporarily saved to the connection management server, and obtain the electronic declaration data from the connection management server;
Detecting the completion of the creation of the electronic declaration data, taking out the electronic certificate and the private key from the electronic certificate management device, performing an electronic signature on the electronic declaration data, and transmitting to the electronic declaration acceptance system,
This is a method for creating declaration data. Communication means for communicating with other devices;
Sending screen data for reporting work to the terminal specified from the connection management server, data creation means for creating electronic reporting data in response to an instruction for creating electronic reporting data via the reporting work screen;
Data evacuation means for detecting interruption of the creation of electronic declaration data, transmitting the electronic declaration data for which creation has been suspended, and a request for saving the electronic declaration data to the connection management server, and temporarily saving the electronic declaration data;
A data restoring means for detecting resumption of creation of electronic reporting data and transmitting a request for restoring electronic reporting data temporarily saved to the connection management server to obtain electronic reporting data from the connection management server;
Signing means for detecting the end of creation of the electronic declaration data, taking out the electronic certificate and the private key from the electronic certificate management device, electronically signing the electronic declaration data, and transmitting the electronic signature to the electronic declaration reception system;
A computer apparatus comprising: Communication means for communicating with other devices;
Storage means for storing user information and information of a computer device assigned to a terminal corresponding to the user information;
A connection management unit that receives a connection request from a terminal, specifies information about the computer device from the storage unit using user information included in the connection request as a key, and permits the connection of the terminal to the computer device;
Storage instruction means for receiving the electronic declaration data whose creation has been interrupted and a request for saving the electronic declaration data from the computer device, and notifying the database server of a data storage instruction including the electronic declaration data indicated by the save request;
A request for restoring the electronic reporting data that has been temporarily saved is received from the computer device, a data return instruction including the user information indicated by the restoration request is notified to the database server, and the user information is handled from the database server Return instruction means for obtaining electronic declaration data to be transmitted to the computer device;
A connection management server comprising: Communication means for communicating with other devices;
Storage means for storing electronic reporting data;
Temporary storage processing means for receiving a data storage instruction including electronic declaration data from the connection management server, and storing user information and electronic declaration data included in the data storage instruction in association with each other in the storage means;
A data return instruction including user information is received from the connection management server, the electronic reporting data is searched from the storage means using the user information included in the data returning instruction as a key, and the electronic reporting data searched here is A data return means for transmitting to the connection management server and deleting the corresponding electronic declaration data from the storage means when the transmission is completed;
A database server comprising:

Images