JP2011197723A - Authentication management apparatus and authentication management method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication management technology for efficiently performing time authentication or its update.SOLUTION: An authentication management apparatus 100 acquires an electronic file of a time authentication target from a terminal of a research development base 200, causes a PKI time authentication authority 302 or an archiving time authentication authority 304 to perform time authentication, adds authentication time to the electronic file and returns the resultant file to the terminal of the research development base 200. Subsequently, the authentication management apparatus 100 scraps the electronic file. Further, as the expiration date of the time authentication approaches, the authentication management apparatus 100 notifies a user accordingly.

Description

  The present invention relates to an apparatus and method for authentication management, and more particularly to a technique for managing time authentication of electronic data.

  “Time authentication” is authentication at the time when electronic data such as an electronic file existed, and is also referred to as electronic date authentication or time stamp. For time authentication, companies in Japan have been provided as system sales or services. Proof of the time when the electronic file existed is considered effective for proof of prior use rights in patent law and proof of prior invention in the United States.

  However, since time authentication cannot rule out the possibility of technical injustice, the effective period is often set to a maximum of 10 years. Considering the use of the prior use rights of patent law, 10 years is not enough. In addition, in some systems already provided, the certification is valid until around 2030, but the validity in the United States cannot be guaranteed.

  Therefore, for example, updating the time authentication every 10 years is one solution. Currently, several systems for updating time authentication have been proposed (see Patent Documents 1, 2, and 3).

JP 2008-041016 A JP 2007-214716 A JP 2005-063268 A

About the update system as proposed above, this inventor recognized the following subjects.
In the update system as proposed above, it is assumed that the user is unaware of which and where the target file is in 10 years. In particular, since the lifespan of a PC is generally less than 10 years, the PC or in-house system environment is different from that obtained when time authentication is obtained. However, storing all the files on the service side is expensive and there are many confidential documents, so the user can hesitate.

To summarize the problems recognized by the inventor,
(1) Although the expiration date of time authentication is as short as 10 years, the authenticated file is further authenticated in order to be updated.
(2) The location of the file after 10 years may not be certain. Or, considering that the engineer attaches time authentication to the invention material, etc., the file is often handed over to the person in charge of intellectual property after obtaining the time authentication. You may be away from your hands.
(3) Managing the original time-authenticated file on the service side is expensive and requires consideration of confidentiality.

  The present invention has been made in view of these problems, and a purpose thereof is to provide an authentication management technique for efficiently performing time authentication or updating thereof.

  One embodiment of the present invention relates to an authentication management apparatus. When this authentication management device refers to authentication at the time when electronic data existed as time authentication, the data acquisition unit for acquiring electronic data subject to time authentication from the user, and the electronic data acquired by the data acquisition unit When authenticated, a time authentication information adding unit that adds time authentication information capable of tampering detection including information of the authentication time that is the time authenticated in the time authentication to the time-authenticated electronic data, and the time authentication Based on the information of the return management unit that makes the electronic data acquirable by the user, the data discarding unit that discards the electronic data when the time-authenticated electronic data is acquired by the user, and the authentication time information, A notification unit for notifying a user of information related to a time limit for time authentication of electronic data.

  According to this aspect, when the time-authenticated electronic data is acquired by the user, the electronic data is discarded. Further, based on the authentication time information, the user is notified of information related to the time limit for time authentication of the electronic data.

  Another aspect of the present invention is also an authentication management apparatus. When the authentication of the time when the electronic data existed is called time authentication, this apparatus acquires a data acquisition unit that acquires electronic data to be updated for time authentication from the user, and the update target electronic data acquired by the data acquisition unit. When the time authentication of the data is updated, the authentication update information is added to add the authentication update information that can detect falsification including the information of the update time that is the time when the time authentication is updated to the electronic data with the updated time authentication. Data management unit, a return management unit that makes electronic data updated with time authentication available to the user, and data destruction that discards the electronic data when electronic data with updated time authentication is acquired by the user At least one of the update time information of the electronic data whose time authentication is updated and the authentication time information which is the time authenticated in the time authentication. One on the basis, includes a notification unit for notifying the information about the next update of the time authentication of the electronic data to the user.

  Yet another embodiment of the present invention is also an authentication management apparatus. When the authentication of the time when the electronic data existed is called time authentication, this device obtains a plurality of electronic data from the user and a predetermined update from the plurality of electronic data acquired by the data acquisition unit If the update target selection unit that selects electronic data to be updated for time authentication according to the criteria and the time authentication of the update target electronic data selected by the update target selection unit are updated, the time at which the time authentication is updated An authentication update information adding unit that adds authentication update information that can detect tampering including update time information to electronic data whose time authentication is updated, and electronic data whose time authentication is updated can be acquired by the user A return management unit that is in a state, and a data discarding unit that discards the electronic data when electronic data with updated time authentication is acquired by the user; Provided.

  It should be noted that any combination of the above-described constituent elements, or those obtained by replacing the constituent elements and expressions of the present invention with each other between apparatuses, methods, systems, computer programs, recording media storing computer programs, and the like are also included in the present invention. It is effective as an embodiment of

  According to the present invention, time authentication or its update can be performed efficiently.

It is the schematic which shows the electronic time authentication system containing the authentication management apparatus which concerns on 1st Embodiment. It is a block diagram which shows the function and structure of the authentication management apparatus of FIG. It is a data structure figure which shows the management database of FIG. It is a data structure figure which shows the user database of FIG. It is a data structure figure which shows the notification destination database of FIG. It is a conceptual diagram which shows the structure of the packaging PDF file of FIG. It is a typical screen figure of a login screen. It is a representative screen figure of a new upload screen. It is a typical screen figure of a memo input screen. It is a typical screen figure of a content confirmation screen. It is a typical screen figure of an update upload screen. It is a representative screen figure of a 1st error screen. It is a representative screen figure of a 2nd error screen. It is a conceptual diagram which shows a return notification email. It is a representative screen figure of a search management screen. It is a typical screen figure of an alert screen. It is a representative screen figure of a return link screen. It is a conceptual diagram which shows as an example the structure of the time-sealable wrapping PDF file in which time authentication is updated twice. It is a chart which shows a series of processes accompanying a new time authentication session along a time series. It is a chart which shows a series of processes accompanying the update of the time authentication in a management session along a time series. It is the schematic which shows the electronic time authentication system containing the authentication management apparatus which concerns on 2nd Embodiment. It is a block diagram which shows the function and structure of an authentication management apparatus of FIG. It is a data structure figure which shows the management database of FIG. It is explanatory drawing explaining the time certification | authentication method based on a modification. It is a data structure figure which shows a notification object database. It is a typical screen figure of a change screen.

  The present invention will be described below based on preferred embodiments with reference to the drawings. The same or equivalent components, members, and processes shown in the drawings are denoted by the same reference numerals, and repeated descriptions are omitted as appropriate.

(First embodiment)
FIG. 1 is a schematic diagram showing an electronic time authentication system 2 including an authentication management apparatus 100 according to the first embodiment. The company's R & D base 200 has a plurality of engineer terminals 202a to 202c used by engineers, and an IP department terminal 204 used by IP staff. Hereinafter, engineers and intellectual property staff may be collectively referred to as users. The electronic time authentication system 2 gives time authentication to the electronic file generated at the research and development base 200 of the company. The electronic file may be a file in various formats, for example, a text format, an image format, or an audio format.

  The electronic time authentication system 2 includes an authentication management device 100, a PKI time authentication station 302, an archiving time authentication station 304, an archiving storage device 306, a PKICA station 400, and an archiving CA station 401. The authentication management apparatus 100 is connected to the intellectual property terminal 204 and the plurality of engineer terminals 202a to 202c via a network such as the Internet (not shown). The authentication management apparatus 100 and each time certificate authority, the PKI time certificate authority 302 and the PKICA station 400, the archiving time certificate authority 304, and the archiving CA station 401 are also connected by a network (not shown).

Engineers convert experiment notes, experiment data, idea memos, etc. that arise in daily research and development into electronic files using engineer terminals assigned to each person. The engineer periodically assembles electronic files according to the contents once a day, for example, and uploads them to the authentication management apparatus 100 one by one. At the same time, the engineer uploads memo data corresponding to the set to the authentication management apparatus 100.
Here, the memo data may be information representative of a set of electronic files uploaded together, for example. The memo data includes a title related to the contents of the set of electronic files uploaded together, a keyword related to the contents of the set of electronic files, information about the creator of the set of electronic files, and And the name of the sachet PDF file. The memo data may also include a path in the engineer terminal and a stored folder name of a set of electronic files uploaded together.

The authentication management apparatus 100 acquires a set 104 of electronic files and memo data 112, and puts them together into one wrapping file. In particular, the authentication management apparatus 100 associates a set 104 of electronic files with a mount PDF (Portable Document Format) file that includes the contents of the memo data 112 in a form that can be searched for and / or displayed. A file 114 (described later in FIG. 6) is generated.
When the PKI (Public Key Infrastructure) method is designated as the authentication method, the authentication management apparatus 100 generates a new authentication hash value 106 of the PKI method by hashing the wrapping PDF file 114 according to the PKI method. The authentication hash value 106 is transmitted to the external PKI time certificate authority 302.
When the archiving method is designated as the authentication method, the authentication management apparatus 100 hashes the wrapping PDF file 114 according to the archiving method to generate a new authentication hash value 107 for the archiving method, and the new authentication The hash value 107 is transmitted to the external archiving time certificate authority 304.

When the PKI method is designated as the authentication method, the PKI time certificate authority 302 adds time information to the received new authentication hash value 106. When the time information is added to the new authentication hash value 106, it can be said that it has been authenticated that each electronic file included in the wrapping PDF file 114 was present at that time (hereinafter referred to as authentication time). .
The PKI time certificate authority 302 encrypts the new authentication hash value to which the authentication time information is added with the private key of the local station, and transmits the PKI token 108 that can be obtained as a result of the encryption to the authentication management apparatus 100.

When the archiving method is designated as the authentication method, the archiving time certificate authority 304 adds authentication time information to the received new authentication hash value 107. The archiving time authentication station 304 stores the new authentication hash value to which the authentication time information is added as an archiving token in the archiving storage device 306 connected to or within the local station. In addition, the archiving time certificate authority 304 transmits the archiving token 109 to the authentication management apparatus 100.
The archiving CA station 401 authenticates whether the archiving time authentication station 304 adds valid authentication time information.

The authentication management apparatus 100 associates the PKI token 108 received from the PKI time certificate authority 302 or the archiving token 109 (hereinafter collectively referred to as a new authentication token) received from the archiving time certificate authority 304 with the packaging PDF file 114. In addition, the authentication management apparatus 100 changes the ID for specifying the packaging PDF file 114 to be associated with the new authentication token, for example, the name of the packaging PDF file 114 according to a predetermined rule. In this way, the wrapped PDF file with the new authentication token associated and the name changed is generated as the wrapped PDF file 110 with time authentication. The authentication management apparatus 100 returns the wrapped PDF file 110 with time authentication to the intellectual property terminal 204 of the research and development base 200. Thereafter, the authentication management apparatus 100 deletes the time-authenticated wrapping PDF file 110 from its own storage device. The person in charge of intellectual property manages the returned time-authenticated wrapping PDF file 110 on the intellectual property department terminal 204.
The ID for specifying a file such as a wrapping PDF file or an electronic file may be, for example, a path or a hash value in addition to the file name.

  In the PKI method, when proving that the electronic file included in the time-authenticated wrapping PDF file 110 exists at the authentication time, the IP person in charge obtains the public key from the PKICA station 400 and obtains the PKI token 108. Decrypt and take out the new authentication hash value 106. The hash value calculated by the person in charge of intellectual property from the time-sealable packaging PDF file 110 is compared with the new authentication hash value 106 extracted from the PKI token 108, and if these hash values match, It can be proved that the electronic file included in the wrapped PDF file 110 with time authentication was present at the authentication time. In addition, it can be proved that the electronic file has not been changed (tampered) between the authentication time and the present time.

  In the archiving method, when proving that the electronic file included in the time-separated wrapping PDF file 110 exists at the authentication time, the intellectual property person in charge has the archiving token 109 of the time-authenticated wrapping PDF file 110. Is compared with the archiving token stored in the archiving storage device 306. If they match, it can be proved that the electronic file included in the time-authenticated wrapping PDF file 110 exists at the authentication time. In addition, it can be proved that the electronic file has not been changed (tampered) between the authentication time and the present time.

  With regard to the PKI system, a public key and a secret key are often provided with a limited period of validity. The validity period is a period during which it is difficult to decrypt a given cipher without a key. The length of this effective period is, for example, about 10 years at the maximum. In the PKI system, the validity period provided for the public key and the secret key is also the validity period given for the time authentication of the time-sealable wrapped PDF file. Since no key is used for the archiving method, the validity period of time authentication is the validity period for the hash cipher. Therefore, the effective period is often set longer than the effective period of the PKI system, but it is still usually a finite period. Therefore, even when the archiving method is used, in most cases, the valid period given to the time authentication of the time-sealable wrapped PDF file is limited.

  Regarding the validity period, for example, the National Institute of Standards and Technology (NIST) in the United States has announced the encryption strength prediction of the hashing function, and the strength is reviewed once every few years. In Japan, CRYPTOREC, an organization of the Ministry of Economy, Trade and Industry, has announced encryption strength prediction.

Therefore, the authentication management apparatus 100 according to the present embodiment manages the time limit, particularly the effective time limit of the time-authenticated wrapping PDF file, and is effective for a designated notified person, for example, an intellectual property person in charge, when the effective time is approaching. Notify the information of the time-authenticated wrapping PDF file whose deadline is near. Here, the term of validity may be the time at the end of the validity period, and particularly the last day of the validity period.
When the information regarding the expiration date is notified, the IP person in charge determines whether or not it is necessary to update the time authentication of the time-sealable PDF file, and if so, the update target package. The bag PDF file is uploaded to the authentication management apparatus 100.

When the authentication method used for time authentication of the update target packaging PDF file is the PKI method, the authentication management apparatus 100 hashes the uploaded update target packaging PDF file according to the PKI method, and uses the PKI method. The update hash value is generated, and the update hash value is transmitted to the PKI time certificate authority 302.
When the authentication method used for the time authentication of the update target packaging PDF file is the archiving method, the authentication management apparatus 100 hashes the uploaded update target packaging PDF file according to the archiving method. An archiving update hash value is generated, and the update hash value is transmitted to the archiving time certificate authority 304.

When the PKI method is used for time authentication of the update target packaging PDF file, the PKI time authentication authority 302 adds time information to the received update hash value. When the time information is added to the update hash value of the update target wrapper PDF file, the time authentication of the update target wrapper PDF file is updated at the added time (hereinafter referred to as update time). It can be said that.
The PKI time certificate authority 302 encrypts the update hash value to which the update time information is added with its own private key, and transmits a PKI token that can be obtained as a result of the encryption to the authentication management apparatus 100.

  When the archiving method is used for time authentication of the update target packaging PDF file, the archiving time certificate authority 304 adds the update time information to the received update hash value. The archiving time certificate authority 304 stores the update hash value to which the update time information is added in the archiving storage device 306 as an archiving token. In addition, the archiving time certificate authority 304 transmits the archiving token to the authentication management apparatus 100.

The authentication management apparatus 100 associates the PKI token received from the PKI time certificate authority 302 or the archiving token received from the archiving time certificate authority 304 (hereinafter collectively referred to as an update token) with the package PDF file to be updated.
The subsequent processing is the same as in the case of the above new time authentication. The updated time authentication also has a valid period as in the case of new time authentication. Therefore, when the expiration date of the updated time authentication approaches, the authentication management apparatus 100 according to the present embodiment notifies the IP person in charge. In the electronic time authentication system 2 including the authentication management apparatus 100 according to the present embodiment, the time authentication of the time-sealable PDF file can be updated any number of times, so that the time authentication of the electronic file can be maintained for as long as the user desires. it can.

  FIG. 2 is a block diagram illustrating the function and configuration of the authentication management apparatus 100. Each block shown here can be realized by hardware such as a computer (CPU) (central processing unit) and other elements and mechanical devices, and software can be realized by a computer program or the like. Here, The functional block realized by those cooperation is drawn. Therefore, it is understood by those skilled in the art who have touched this specification that these functional blocks can be realized in various forms by a combination of hardware and software.

  The authentication management apparatus 100 includes a user-side interface unit 10, a login unit 40, a user database 44, a data acquisition unit 38, a synthesis unit 14, a hashing unit 16, an update target confirmation unit 46, and a return management unit. 34, ID changing unit 22, time adding unit 20, data discarding unit 32, registration unit 24, presentation unit 42, search unit 28, notification unit 30, notification destination database 86, and encryption status determination Unit 88, management database 26, and TSA side interface unit 18.

The management database 26 manages information related to the time-authenticated wrapping PDF file for each user such as a company.
FIG. 3 is a data structure diagram showing the management database 26. The management database 26 includes a company ID 48 assigned to each company, a wrapping PDF file name 50 that is the name of the wrapping PDF file with time authentication, and the name of the electronic file attached to the wrapping PDF file with time authentication. A certain attached file name 52, an authentication time 54 in time authentication of a time-validated wrapped PDF file, a latest update time 56, an expiration date 58, an alert setting 62, a title 64, a keyword 68, The registrant 70, the creator 72, the creator's affiliation 74, and the authentication method 76 are stored in association with each other. Hereinafter, a group of pieces of information associated with each other in the management database 26, a row in the example of FIG. 3, is referred to as an entry.

FIG. 4 is a data structure diagram showing the user database 44. The user database 44 stores a company ID 96, a user ID 78, a password 80, information 84 indicating whether the company is an administrator who should manage electronic files, and an e-mail address 82 in association with each other. The user ID is an ID uniquely assigned to the user of the authentication management apparatus 100. Hereinafter, the case where the authentication management apparatus 100 acquires the company ID associated with the user ID presented by the user as the company ID of the company to which the user belongs will be described. Note that the authentication management apparatus 100 may assign the same user ID to users of different companies by acquiring in advance the company ID of the company to which the user belongs.
Hereinafter, a case where an e-mail address and a terminal have a one-to-one correspondence will be described. However, it is understood by those skilled in the art who have touched this specification that the technical idea according to the present embodiment can be applied to other cases.

  FIG. 5 is a data structure diagram showing the notification destination database 86. The notification destination database 86 stores information of a user who receives a notification from the notification unit 30 described later for each company. The notification destination database 86 stores, for each company ID 71, the user ID 73 of the user who should receive the notification and the e-mail address 75 in association with each other.

Returning to FIG. The user-side interface unit 10 communicates with each of the plurality of engineer terminals 202 a to 202 c and the intellectual property unit terminal 204. In this communication, in order to maintain security, a crypto flight (registered trademark) provided by NRI Secure Technologies, Inc., a VPN (Virtual Private Network) connection, or the like may be used.
The user side interface unit 10 displays a predetermined screen on the monitor of the terminal. The user-side interface unit 10 receives input data such as text data input to the terminal corresponding to a predetermined screen. The user side interface unit 10 receives an electronic file upload from the terminal. The user side interface unit 10 manages downloading of electronic files to the terminal. The user-side interface unit 10 manages transmission / reception of electronic mail with the terminal.

When the user interface unit 10 receives a login request from at least one of the plurality of engineer terminals 202a to 202c and the intellectual property terminal 204, the login unit 40 displays a login screen 502 (described later in FIG. 7) with the user interface. The information is displayed on the monitor of the terminal that issued the login request via the unit 10.
The login unit 40 acquires the user ID and password input on the login screen 502. When the acquired user ID and password pair matches one of the user ID and password pairs registered in the user database 44, the login unit 40 accepts the login and performs a session with the terminal that issued the login request. Start. In addition, the login unit 40 extracts a company ID corresponding to the acquired set of user ID and password from the user database 44.

The session to be started differs depending on the type of the acquired user ID, for example, whether the ID is assigned to an engineer or an administrator such as an intellectual property person in charge. When the acquired user ID is an engineer ID, the login unit 40 starts a new time authentication session. If the acquired user ID is the ID of the person in charge of intellectual property, the login unit 40 starts a management session.
If the acquired user ID / password combination does not match any of the user ID / password combinations registered in the user database 44, the login unit 40 returns an error to the terminal that issued the login request and does not allow the session. .

  The data acquisition unit 38, via the user side interface unit 10, displays a new upload screen 504 (described later in FIG. 8) on the monitor of the engineer terminal where the new time authentication session has started (hereinafter referred to as a terminal during the new time authentication session). ) Is displayed. In the new upload screen 504, the data acquisition unit 38 selects the electronic file to be time-authenticated from among the electronic files stored in the terminal during the new time authentication session, to the user of the terminal during the new time authentication session, that is, the engineer. Encourage At this time, the data acquisition unit 38 urges the electronic files to be time-authenticated to be grouped according to attributes such as contents, creation date / time, creation department, and project. For example, the data acquisition unit 38 receives input of upload and memo data for each group.

The data acquisition unit 38 acquires a set of electronic files subject to time authentication selected by the engineer on the new upload screen 504 via the user-side interface unit 10.
When the data acquisition unit 38 acquires a set of electronic files, the data acquisition unit 38 displays a memo input screen 506 (described later in FIG. 9) on the monitor of the terminal during the new time authentication session via the user side interface unit 10. In the memo input screen 506, the data acquisition unit 38 prompts input of memo data regarding a set of electronic files, and acquires the input memo data.

When acquiring the memo data, the data acquisition unit 38 displays a content confirmation screen 508 (described later in FIG. 10) on the monitor of the terminal during the new time authentication session via the user side interface unit 10. The data acquisition unit 38 presents the content of the input memo data and the file name of the uploaded set of electronic files on the content confirmation screen 508, and allows the technician to confirm before starting the time authentication process. At this time, the data acquisition unit 38 presents options related to the authentication method for time authentication on the content confirmation screen 508 and allows the technician to select the option. An authentication method presented as an option is, for example, a PKI method or an archiving method. In the content confirmation screen 508, the data acquisition unit 38 receives an instruction to start time authentication processing from a technician.
By using such an upload procedure, the engineer simply operates the terminal according to the request displayed on the screen, and uploads the electronic file into groups according to attributes, and for example, as a memorandum. You can attach functional memo data.

  The data acquisition unit 38 displays an update upload screen 510 (described later in FIG. 11) on the monitor of the intellectual property unit terminal 204 where the management session is started, via the user side interface unit 10. In the update upload screen 510, the data acquisition unit 38 informs the user of the IP department terminal 204, that is, the IP person in charge, of the electronic file stored in the IP department terminal 204, particularly the time subject to update of time authentication from the PDF file. Prompt to select an authenticated wrapped PDF file. The data acquisition unit 38 acquires, via the user side interface unit 10, the update target packaging PDF file selected by the intellectual property person in charge in the update upload screen 510.

  In the new time authentication session, when the data acquisition unit 38 receives an instruction to start the time authentication process from the engineer, the synthesizer 14 receives one wrapping PDF file including the contents of the memo data and a set of electronic files. Generate. More specifically, the synthesizing unit 14 attaches a set of electronic files to a PDF file mount PDF file that includes the contents of the memo data in a form that can be searched and / or displayed, or both. Generate a file. At this time, when the memo data includes the name of the wrapping PDF file, the synthesizer 14 adopts the name as the name of the wrapping PDF file. If not included, the synthesizing unit 14 adopts a name that does not overlap in the authentication management apparatus 100, such as a name obtained by combining the user ID and the serial number, as the name of the packaging PDF file.

  When the synthesis unit 14 generates a mount PDF file including the contents of the memo data, the file name of each set of electronic files to be attached to the mount PDF file is searched for and / or displayed on the mount PDF file. Include in possible forms.

  In the management session, the update target confirmation unit 46 refers to the management database 26 when the data acquisition unit 38 acquires the update target packaging PDF file, and the acquired packaging PDF file is a target to be updated. Check whether or not. Specifically, the update target confirmation unit 46 includes the packaging PDF file name registered in the management database 26 and the packaging PDF file name associated with the company ID extracted by the login unit 40. It is determined whether or not there is a match with the name of the obtained wrapping PDF file.

  If there is no match with the name of the acquired wrapping PDF file, the update target confirmation unit 46 returns an error to the intellectual property terminal 204. In such a case, the update target confirmation unit 46 displays a first error screen 512 (described later in FIG. 12) on the monitor of the intellectual property unit terminal 204 via the user side interface unit 10.

  If there is nothing that matches the name of the acquired wrapping PDF file, for example, when uploading a PDF file that is not a wrapping PDF file or uploading a wrapping PDF file generated by a device different from the authentication management device 100 Or a case where an electronic file to which authentication time information is not added is uploaded by the authentication management apparatus 100. In order to accept a new time authentication of such an electronic file in the same management session, the update target confirmation unit 46 determines whether or not to newly acquire the electronic file determined as an error as an electronic file subject to time authentication. An instruction is received on the first error screen 512.

  When the data acquisition unit 38 acquires the update target packaging PDF file, the update target confirmation unit 46 refers to the management database 26 and confirms whether or not the expiration date of the acquired packaging PDF file has expired. . If the current time is before the expiration date of the acquired PDF file, the update target confirmation unit 46 determines that the expiration date has not expired.

  If the current time is later than the expiration date of the acquired PDF file, the update target confirmation unit 46 determines that the expiration date has expired. In this case, the update target confirmation unit 46 displays a second error screen 514 (described later in FIG. 13) on the monitor of the intellectual property unit terminal 204 via the user side interface unit 10. When the expiration date has expired, it is assumed that two processes of 1) canceling the update and 2) newly performing a time authentication process to obtain a new authentication time are performed on the wrapped PDF file. Therefore, the update target confirmation unit 46 accepts an instruction on the second error screen 514 whether to cancel the update of the expired packaging file or to newly acquire the file as a time authentication target electronic file. In this way, the authentication management apparatus 100 can propose appropriate measures to the user even when the expiration date has expired.

The update target confirmation unit 46 is a package PDF file name registered in the management database 26 and acquired in the package PDF file name associated with the company ID extracted by the login unit 40. If there is something that matches the name of the bag PDF file and the acquired package PDF file has not expired, it is determined that the acquired package PDF file should be updated. The update target confirmation unit 46 extracts the wrapping PDF file name of the wrapping PDF file from the management database 26 and information about the expiration date such as the authentication time and the expiration date. The update target confirmation unit 46 presents the extracted information on the update upload screen 510.
In the update upload screen 510, the update target confirmation unit 46 receives an instruction to start update processing from the person in charge of intellectual property.

In the new time authentication session, the hashing unit 16 uses the predetermined hash function based on the authentication method selected by the engineer on the content confirmation screen 508 to hash the wrapped PDF file generated by the combining unit 14. To obtain a new authentication hash value.
In the management session, when the update target confirmation unit 46 receives an instruction to start update processing from the intellectual property person in charge, the hashing unit 16 uses the acquired update target packaging PDF file as the update target packaging PDF. Hashing is performed using a predetermined hash function based on the authentication method used for file time authentication to obtain an update hash value.
The hashing unit 16 may acquire the authentication method used for the time authentication of the update target packaging PDF file with reference to the management database 26.

In the new time authentication session, the TSA side interface unit 18 selects the new authentication hash value obtained by the hashing unit 16 and, if the PKI method is selected, the PKI time certificate authority 302 selects the archiving method. If it is, it is transmitted to the archiving time certificate authority 304.
In the new time authentication session, the TSA-side interface unit 18 acquires a new authentication token corresponding to the transmitted new authentication hash value from the time certificate authority.

In the management session, the TSA side interface unit 18 selects the update hash value obtained by the hashing unit 16 and, if the PKI method is selected, the PKI time certificate authority 302 selects the archiving method. In this case, the data is transmitted to the archiving time certificate authority 304. The TSA-side interface unit 18 may acquire the authentication method used for the time authentication of the update target packaging PDF file with reference to the management database 26.
In the management session, the TSA-side interface unit 18 acquires an update token corresponding to the transmitted update hash value from the time certificate authority.

In the new time authentication session, the time adding unit 20 uses the new authentication token acquired by the TSA-side interface unit 18 as a packing PDF file generated by the synthesizing unit 14 and corresponds to the acquired new authentication token. Append to PDF file. In particular, the time adding unit 20 embeds a new authentication token in the wrapping PDF file.
In the management session, the time addition unit 20 adds the update token acquired by the TSA-side interface unit 18 to the update target packaging PDF file corresponding to the update token. In particular, the time adding unit 20 embeds the update token in the wrapping PDF file.

  In the new time authentication session, the ID changing unit 22 adds information related to time authentication such as an authentication time, an effective period, an expiration date, and an authentication method to the name of the wrapping PDF file in which the new authentication token is embedded by the time adding unit 20. Include. For example, if the name of the wrapping PDF file is “Semiconductor Research.pdf” and the authentication time is December 25, 2008, the ID changing unit 22 changes the name of the wrapping PDF file to “Semiconductor Research-0812225.pdf”. Change to

  The return management unit 34 acquires information regarding the return destination of the wrapped PDF file in both sessions. In the authentication management apparatus 100, the return destination of the packaging PDF file is set in advance to an administrator who manages the electronic file in the company, that is, an intellectual property person in charge. The return management unit 34 refers to the user database 44, and the information indicating whether or not the user is an administrator among the user IDs corresponding to the company ID extracted by the login unit 40 is “Y”, that is, the user ID of the administrator. Get an email address. For example, when the company ID “11” is extracted by the login unit 40, the return management unit 34 refers to the user database 44 shown in FIG. 4 and acquires the email address “abc@ddd.com”. This e-mail address corresponds to the IP department terminal.

In the new time authentication session, the return management unit 34 knows the time-authenticated wrapping PDF file that is a wrapping PDF file in which a new authentication token is embedded by the time adding unit 20 and the name is changed by the ID changing unit 22. It is assumed that it can be acquired by the finance terminal 204.
In the management session, the return management unit 34 sets the updated packaging PDF file, which is the packaging PDF file in which the update token is embedded by the time adding unit 20, to be acquired by the intellectual property terminal 204.

  In the new time authentication session, the return management unit 34 returns the return link 614 for downloading the time-authenticated wrapping PDF file when the capacity of the time-authenticated wrapping PDF file is larger than a predetermined threshold capacity. Is sent to the intellectual property terminal 204 by a return notification e-mail 516 (described later in FIG. 14). The return management unit 34 also reduces the burden of storing and maintaining the time-authenticated wrapping PDF file in the authentication management apparatus 100, so that a predetermined download time limit that prevents the time-authenticated wrapping PDF file from being downloaded after the time limit has passed. 616 is set. The return management unit 34 causes the data discarding unit 32 to discard the time-authenticated wrapping PDF file whose download deadline 616 has expired.

  The person in charge of intellectual property who has read the return notification e-mail 516 accesses the return link 614 related to the time before the designated download deadline 616 and downloads the time-authenticated wrapping PDF file. At this time, if there is an access to the return link 614, the return management unit 34 determines that the download is permitted by the person in charge of intellectual property, and the time-authenticated wrapping PDF file is sent to the user side interface unit 10 as a trigger. To the intellectual property terminal 204.

  If the capacity of the time-authenticated wrapping PDF file is equal to or less than a predetermined threshold capacity, the return management unit 34 notifies the user via the user-side interface unit 10 by attaching the time-authenticated wrapping PDF file to an email. It transmits to the financial department terminal 204.

In the management session, the return management unit 34 displays a return notification screen including a return link for downloading the updated packaging PDF file and a download deadline on the monitor of the intellectual property terminal 204 through the user side interface unit 10. Let The configuration of the return notification screen conforms to the configuration of the return notification email 516.
In addition, the return management part 34 is good also as a state which can acquire the packaging PDF file with time authentication or the updated packaging PDF file by an engineer terminal.

  In the new time authentication session, the registration unit 24 extracts the company ID extracted by the login unit 40, the name of the wrapping PDF file that is newly time-authenticated in the session, and the electronic file attached to the wrapping PDF file. The management database 26 associates the file name, authentication time, expiration date, alert setting, title included in the memo data, keyword, registrant, creator, affiliation, and authentication method. Register with. Note that the registration unit 24 can be set not to register the contents of memo data such as title, keyword, registrant, creator, and affiliation. When the information included in the memo data is registered, the search in the search unit 28 described later becomes easier, and when not registered, the size of the management database 26 can be reduced.

The alert setting is a setting for determining the length of the remaining authentication period before the expiration date for each time-authenticated wrapped PDF file registered in the management database 26. For example, the alert setting is any one of “1 year ago”, “1 month ago”, “1 week ago”, and “1 day ago”. The authentication remaining period is a period of a length specified in the alert setting with the expiration date as the last day. For example, when the expiration date is “January 7, 2018” and the alert setting is “one month ago”, the remaining authentication period is “December 7, 2017 to January 7, 2018”.
When the remaining authentication period is reached, an alert is notified to the intellectual property terminal 204 and possibly the engineer terminals 202a to 202c by the notification unit 30 described later. The registration unit 24 registers a default value set in advance for each company as the alert setting. Further, the alert setting can be set for each wrapping PDF file with time authentication on a search management screen 520 (described later in FIG. 15) displayed by the presenting unit 42 described later via the user-side interface unit 10.

  In the management session, the registration unit 24 updates the latest update time and expiration date of the entry corresponding to the wrapping PDF file whose time authentication has been updated in the session in the management database 26. Specifically, the registration unit 24 overwrites the latest update time with the update time in the session of the wrapped PDF file whose time authentication has been updated, and adds the length of the validity period of the time authentication to the update time. Overwrite the expiration date.

  For example, it is assumed that the packaging PDF file having the packaging PDF file name “LSI research-890204.pdf” is acquired by the data acquisition unit 38 as the packaging PDF file to be updated. The validity period of time authentication is assumed to be 10 years. It is assumed that the time certification of the update target packaging PDF file is updated by the archiving time certification authority 304 at the update time “February 3, 2009 12:03”. In this case, as shown in FIG. 3, the registration unit 24 sets the latest update time of the entry whose package PDF file name is “LSI research-890204.pdf” among the entries in the management database 26 to “2009/2 / "3,12: 03" and the expiration date is "2019/2/3".

  In the new time authentication session, the data discarding unit 32 transmits the time-authenticated wrapping PDF file, whether downloaded or attached to an e-mail, to the intellectual property terminal 204, and then responds to the time-authenticated wrapping PDF file. The wrapping PDF file or electronic file to be deleted is deleted from the storage area (not shown) of the authentication management apparatus 100. As a result, the information related to the time-authenticated wrapping PDF file returned to the user is deleted from the authentication management apparatus 100 except for the information registered in the management database 26.

  In the management session, the data discarding unit 32, after the updated packaging PDF file is transmitted to the intellectual property terminal 204, authenticates the updated packaging PDF file and the corresponding packaging file PDF to be updated. Delete from 100 storage areas (not shown). As a result, the information regarding the updated packaging PDF file returned to the user is deleted from the authentication management apparatus 100 except for the information registered in the management database 26.

  The notification unit 30 periodically refers to the management database 26, and specifies the file name of the wrapped PDF file whose current time is included in the authentication remaining period determined by the expiration date and the alert setting. The notification unit 30 extracts the company ID and the expiration date corresponding to the specified packaging PDF file name from the management database 26.

  The notification unit 30 acquires information on the notification destination from the extracted company ID and the notification destination database 86. Specifically, the notification unit 30 extracts a user ID and an email address corresponding to the extracted company ID from the notification destination database 86. Hereinafter, the case where the extracted user ID is the ID of the person in charge of intellectual property and the extracted e-mail address is the e-mail address of the intellectual property department terminal 204 will be described.

When the login by the ID of the extracted intellectual property person in charge is performed, the notification unit 30 is an alert that includes the specified wrapping PDF file name and the extracted expiration date via the user side interface unit 10 A screen 518 (which will be described later with reference to FIG. 16) is displayed on the monitor of the logged-in intellectual property terminal 204. Thereby, the notification unit 30 notifies the intellectual property person in charge that information regarding the expiration date of the time authentication of the time-authenticated packaging PDF file, that is, the expiration date of the time authentication packaging PDF file is approaching.
In the alert screen 518, the notifying unit 30 acquires the wrapped PDF file having the specified wrapped PDF file name from the intellectual property terminal 204 as the updated wrapped PDF file, or notifies the same alert again after a predetermined period of time. To accept or ignore the notification. In this way, the authentication management apparatus 100 not only issues a warning regarding the deadline, but can propose an appropriate countermeasure for the warning to the user.

  When the login by the ID of the extracted intellectual property person in charge is not performed, the notifying unit 30 is an alert including the identified wrapping PDF file name and the extracted expiration date via the user side interface unit 10 To the e-mail address of the intellectual property terminal 204. The person in charge of intellectual property who has browsed the alert e-mail determines whether or not to update the wrapping PDF file having the wrapping PDF file name presented thereto. Since the configuration of the alert e-mail is the same as that of the alert screen 518, description thereof is omitted.

The notification unit 30 may refer to the management database 26, extract the package PDF file name whose expiration date has passed, and notify the intellectual property terminal 204 of the file name.
The notification from the notification unit 30 to the intellectual property terminal 204 may be made by another electronic method.

Here, the vulnerability phase of hashing technology includes
(Phase 1). Can you make an arbitrary hash value from sentences that have no meaning at all?
(Phase 2) Can you make an arbitrary hash value from an arbitrary sentence,
(Phase 3) Can the hash value return to the original file?
It is known that there is. When phase 1 is reached, time authentication cannot be performed using the hashing technique. However, in the phase 1 phase, the verification of the time already authenticated by using the hashing technique is possible until the phase 2 or 3 is reached. As described above, when the proof of non-falsification by comparison of hash values is broken, it is known that it is broken in stages.

  When the validity stage of time authentication becomes lower than a predetermined stage, the cryptographic status determination unit 88 notifies the user to that effect. As a result, the user can quickly cope with the weakening of the hashing technology.

  The encryption status determination unit 88 acquires the weakening phase of the hashing technique from the outside. When the phase reaches phase 1, the encryption status determination unit 88 notifies the user of a decrease in the effectiveness of time authentication via the user-side interface unit 10. At this time, the encryption status determination unit 88 may send notifications to all users registered in the notification destination database 86 or may send notifications only to users who wish to receive.

  The encryption status determination unit 88 may acquire a public key / private key weakening phase in the PKI scheme. In this case, when the phase reaches a predetermined phase, the encryption status determination unit 88 refers to the management database 26 and extracts the company ID of the package PDF file whose authentication method is the PKI method. The encryption status determination unit 88 acquires information related to the notification destination from the extracted company ID and the notification destination database 86, and the PKI key validity is reduced and the target is notified to the notification destination via the user side interface unit 10. Notify the wrapping PDF file name. As a result, the user can quickly cope with the weakening of the key of the PKI method.

  When the search unit 28 receives an instruction to transition to the search management screen on the update upload screen 510, the search unit 28 displays the search management screen 520 on the monitor of the intellectual property unit terminal 204 via the user-side interface unit 10. The search unit 28 receives a key for searching for information registered in the management database 26 on the search management screen 520. This key is an arbitrary combination of the contents of the memo data, the wrapping PDF file name, the attached file name, the authentication time, the expiration date, and the authentication method.

  The search unit 28 searches the management database 26 using the designated key. If there is an entry that matches the key, the wrapping PDF file name, the attached file name, the authentication time, and the expiration date included in the entry are searched. Extract the contents of memo data. When the authentication time search period in which the authentication time is to be included is designated as a key, the search unit 28 extracts, from the management database 26, information related to the wrapped PDF file that includes the authentication time in the authentication time search period. In this case, for example, it is suitable when the person in charge of intellectual property manages the packaging PDF file for each authentication time. In addition, when an expiration date search period that should include an expiration date is designated as a key, the search unit 28 extracts information related to the package PDF file that includes the expiration date in the expiration date search period from the management database 26. In this case, for example, it is suitable when an intellectual property person in charge searches for a wrapped PDF file whose expiration date is approaching.

In the management session, the presentation unit 42 presents the wrapped PDF file name, the attached file name, the authentication time, the expiration date, and the alert setting extracted by the search unit 28 on the search management screen 520. In addition, the presentation unit 42 calculates the remaining number of days from the current time and the expiration date and presents it on the search management screen 520. The presenting unit 42 uses the packaging PDF file having the selected packaging PDF file name from the packaging PDF file names presented on the search management screen 520 as the new updating target packaging PDF file. An instruction as to whether or not to obtain from is accepted.
As described above, since the person in charge of intellectual property can perform a series of processing of search, selection, and update without changing the session, operability is improved.

When the presentation unit 42 receives a transition instruction to the return link screen 522 (described later in FIG. 17) on the update upload screen 510 in the management session, the presentation unit 42 displays the return link screen 522 on the intellectual property unit terminal 204 via the user-side interface unit 10. Display on the monitor. On the return link screen 522, the presentation unit 42 presents a link to the time-authenticated wrapped PDF file or the updated wrapped PDF file that has been made downloadable by the return management unit 34.
In this case, the person in charge of intellectual property can easily and collectively know the existence of the returnable wrapping PDF file.

FIG. 6 is a conceptual diagram showing the configuration of the sachet PDF file 114. FIG. 6 shows an image when the wrapped PDF file 114 is displayed on the terminal monitor. The wrapping PDF file 114 has a configuration in which a set 104 of electronic files is embedded in the mount PDF file 116. The mount PDF file 116 includes the title, keyword, registrant, creator, and affiliation included in the memo data 112 in the form of text.
The mount PDF file 116 includes file names of the embedded set 104 of electronic files in the form of text. Also, the mount PDF file 116 includes the name of the authentication method designated when the memo data 112 is acquired in the form of text.

  FIG. 7 is a representative screen diagram of the login screen 502. The login screen 502 includes a user ID input area 530, a password input area 532, and an OK button 534. When a user ID is input in the user ID input area 530 and a password is input in the password input area 532 and the OK button 534 is pressed, the login unit 40 acquires the input user ID and password.

  FIG. 8 is a representative screen diagram of the new upload screen 504. The new upload screen 504 includes an upload target file name input area 536, a reference button 538, an upload execution button 540, a file list area 542, a delete button 544, and a next button 546. In the upload target file name input area 536, the file name of the electronic file subject to time authentication is input by browsing the storage area of the terminal during the new time authentication session by pressing the direct input or browse button 538. When the upload execution button 540 is pressed, the electronic file having the file name input in the upload target file name input area 536 is uploaded from the terminal during the new time authentication session to the authentication management apparatus 100. The file list area 542 displays information on the uploaded electronic file such as the file name and capacity. When the delete button 544 is pressed, the upload of the electronic file selected in the file list area 542 is cancelled. When the next button 546 is pressed, the screen shifts to a memo input screen 506. At this time, the data acquisition unit 38 acquires the electronic files uploaded so far as a set of electronic files.

  FIG. 9 is a representative screen diagram of the memo input screen 506. The memo input screen 506 includes a wrapping PDF file name input area 548, a title input area 550, a keyword input area 552, a registrant input area 554, a creator input area 556, an affiliation input area 558, and the next. A button 560 and a return button 562 are provided. At least the wrapping PDF file name input area 548 may be an essential input item. When the next button 560 is pushed down, the data acquisition unit 38 displays the wrapping PDF file name input area 548, the title input area 550, the keyword input area 552, the registrant input area 554, the creator input area 556, and the affiliation input area 558. , Is acquired as memo data relating to a set of electronic files uploaded on the new upload screen 504. When the return button 562 is pressed, the screen returns to the new upload screen 504.

FIG. 10 is a representative screen diagram of the content confirmation screen 508. The content confirmation screen 508 includes a wrapping PDF file name display area 564, a title display area 566, a keyword display area 568, a registrant display area 570, an author display area 572, an affiliation display area 574, and a target file. It has a display area 576, an authentication method selection area 578, an execution button 580, and a return button 582. The wrapping PDF file name display area 564, the title display area 566, the keyword display area 568, the registrant display area 570, the creator display area 572, and the affiliation display area 574 are input on the memo input screen 506 and input by the data acquisition unit 38. The contents of the acquired memo data are displayed. In the target file display area 576, the names of a set of electronic files uploaded on the new upload screen 504 are displayed. The authentication method selection area 578 presents options related to the time authentication method. The engineer designates a desired authentication method by selecting one of the options presented in the authentication method selection area 578. When the execution button 580 is pressed, the data acquisition unit 38 accepts it as a start instruction for the time authentication process. When the return button 582 is pressed, the screen transitions to the memo input screen 506.
When the engineer finds a point to be corrected on the content confirmation screen 508, the technician can make a desired correction by using the return button 582 or the return button 562 of the memo input screen 506.

  FIG. 11 is a representative screen diagram of the update upload screen 510. The update upload screen 510 includes an upload target file name input area 584, a reference button 586, an upload execution button 588, a file list area 590, an update button 592, a search management button 594, and a return confirmation button 596. Have. In the upload target file name input area 584, the file name of the package PDF file to be updated is input by browsing the storage area of the intellectual property terminal 204 by depressing the direct input or browse button 586. When the upload execution button 588 is pressed, the file name PDF file having the file name input in the upload target file name input area 584 is uploaded from the intellectual property terminal 204 to the authentication management apparatus 100. In the file list area 590, information on the uploaded wrapping PDF file such as the file name, the authentication time, the expiration date, and the number of remaining days is displayed. The information displayed in the file list area 590 is provided by the update target confirmation unit 46 extracted or calculated from the management database 26.

  When the update button 592 is pushed down, the update target confirmation unit 46 accepts this as an instruction to start update processing for time authentication. When the search management button 594 is pushed down, the search unit 28 accepts it as a transition instruction to the search management screen 520 and makes the transition to the search management screen 520. When the return confirmation button 596 is pressed down, the presentation unit 42 accepts it as a transition instruction to the return link screen 522 and makes a transition to the return link screen 522.

  FIG. 12 is a representative screen diagram of the first error screen 512. The first error screen 512 includes a warning content display area 598, a target file name display area 600, a new authentication button 602, and an OK button 604. In the warning content display area 598, a warning that the electronic file uploaded as an update target is not registered in the management database 26 is displayed. In the target file name display area 600, the name of an electronic file uploaded as an update target but not registered in the management database 26 is displayed. When the new authentication button 602 is pressed, the update target confirmation unit 46 accepts this as an instruction to acquire an electronic file whose name is displayed in the target file name display area 600 as a new electronic file for time authentication. When the OK button 604 is pressed down, the first error screen 512 is closed and the update process ends or the update process continues for the update target packaging PDF file other than the electronic file displayed in the target file name display area 600. Is done.

  FIG. 13 is a representative screen diagram of the second error screen 514. The second error screen 514 includes a warning content display area 606, a target file name display area 608, an update cancel button 610, and an authentication button 612 as it is. In the warning content display area 606, a warning that the expiration date of the wrapping PDF file to be updated has been displayed. In the target file name display area 608, the name of a wrapping PDF file that has been uploaded as an update target but has expired is displayed. When the update cancel button 610 is pressed down, the update target confirmation unit 46 stops the update process for the wrapped PDF file whose name is displayed in the target file name display area 608. When the authentication button 612 is pushed down as it is, the update target confirmation unit 46 accepts it as an instruction to acquire the wrapped PDF file whose name is displayed in the target file name display area 608 as a new electronic file for time authentication. .

  FIG. 14 is a conceptual diagram showing the return notification e-mail 516. The return notification e-mail 516 includes a return link 614 and a download time limit 616.

  FIG. 15 is a representative screen diagram of the search management screen 520. The search management screen 520 includes a memo content item selection area 618, a memo content input area 620, a wrapping PDF file name input area 622, an attached file name input area 624, an authentication time search period designation area 626, an expiration date A search period designation area 628, an authentication method designation area 630, a search button 632, a clear button 634, a search result display area 636, an update button 638, a clear button 640, and an alert setting button 642 are provided.

  In the memo content input area 620, text to be included in the item specified in the memo content item selection area 618 among the contents of the memo data is input as a search key. In the wrapping PDF file name input area 622, the wrapping PDF file name is input as a search key. In the attached file name input area 624, the name of the electronic file attached to the wrapping PDF file is input as a search key. In the authentication time search period specification area 626, an authentication time search period that should include the authentication time is specified as a search key. In the expiration date search period designation area 628, an expiration date search period that should include an expiration date is specified as a search key. In the authentication method designation area 630, an authentication method is designated as a search key.

  Search in at least one of a memo content input area 620, a wrapping PDF file name input area 622, an attached file name input area 624, an authentication time search period specification area 626, an expiration date search period specification area 628, and an authentication method specification area 630 When the search button 632 is pressed while the key is input, the search unit 28 searches the management database 26 using the input key. When the search button 632 is pushed down without any key being input, the search unit 28 searches the management database 26 using the company ID extracted by the login unit 40 as a key. When the clear button 634 is depressed, the input key is cleared.

  The search result display area 636 displays the package PDF file name, the attached file name, the authentication time, the expiration date, the calculated remaining number of days, the alert setting, and the presence / absence of selection extracted as a result of the search. The In the search result display area 636, the alert setting is presented in a form that can be selected or input by the user, for example, in a pull-down form. When the update button 638 is pushed down, the presentation unit 42 sets a new PDF file with the file-wrapping PDF file name having the selected file-wrapping PDF file name from the file-wrapping PDF file names displayed in the search result display area 636. As an instruction to be acquired from the intellectual property terminal 204 as a non-wrapped PDF file. When the clear button 640 is pressed, information displayed in the search result display area 636 is cleared. When the alert setting button 642 is pressed down, the alert setting selected for each packaging PDF file name in the search result display area 636 is reflected in the alert setting of the management database 26.

  FIG. 16 is a representative screen diagram of the alert screen 518. The alert screen 518 includes a target file name display area 644, an immediate update button 646, a later notification button 648, and an ignore button 650. In the target file name display area 644, the wrapping PDF file name specified from the management database 26 by the notification unit 30 and the extracted expiration date are displayed. When the update button 646 is immediately pressed down, the notification unit 30 acquires the wrapping PDF file having the wrapping PDF file name displayed in the target file name display area 644 as the wrapping PDF file to be updated. Accept as an instruction. When the notification button 648 is pushed down later, the notification unit 30 receives it as an instruction to notify the same alert again after a predetermined period. When the ignore button 650 is pressed, the alert screen 518 is closed.

  FIG. 17 is a representative screen diagram of the return link screen 522. The return link screen 522 has a new link display area 652 and an update link display area 654. The new link display area 652 displays a link to a time-authenticated wrapping PDF file that is newly time-authenticated and made available for download by the return management unit 34. In the update link display area 654, a link to the updated packaging PDF file whose time authentication has been updated and made available for download by the return management unit 34 is displayed.

  FIG. 18 is a conceptual diagram illustrating, as an example, the configuration of a time-authenticated wrapping PDF file 662 in which time authentication is updated twice. The time-authenticated wrapping PDF file 662 includes a new authentication token 656, a first update token 658, and a second update token 660.

  In the first embodiment described above, examples of the database are a hard disk and a memory. Based on the description in this specification, each unit is realized by a CPU (not shown), an installed application program module, a system program module, a memory that temporarily stores the contents of data read from the hard disk, and the like. It is understood by those skilled in the art who have touched this specification that they can do this.

The operation of the authentication management apparatus 100 configured as above will be described. FIG. 19 is a chart showing a series of processing associated with a new time authentication session in chronological order.
The engineer generates a plurality of electronic files related to research in his / her engineer terminal (S402). In order to perform time authentication of the electronic file, the engineer transmits a login request from the engineer terminal to the authentication management apparatus 100 (S404), and provides a user ID and a password. When the provided user ID and password are authenticated, the authentication management apparatus 100 permits login from the technician terminal (S406). The engineer uploads memo data and a set of electronic files subject to time authentication from the engineer terminal to the authentication management apparatus 100 (S408). The synthesizing unit 14 of the authentication management apparatus 100 synthesizes the uploaded memo data and the set of electronic files subject to time authentication into one wrapping PDF file (S410). The hashing unit 16 of the authentication management apparatus 100 hashes the wrapping PDF file (S412). Here, it is assumed that the PKI method is selected as the authentication method. The TSA side interface unit 18 of the authentication management apparatus 100 transmits the hash value to the PKI time certificate authority 302 (S414). The PKI time certificate authority 302 adds authentication time information to the received hash value (S416). The PKI time certificate authority 302 encrypts the hash value to which the authentication time information is added with the private key of the local station (S418), and generates a PKI token. The PKI time certificate authority 302 transmits a PKI token to the authentication management apparatus 100 (S420). The time adding unit 20 of the authentication management apparatus 100 adds the PKI token to the corresponding wrapping PDF file (S422). The ID changing unit 22 of the authentication management device 100 adds authentication time information to the wrapping PDF file name (S424). The registration unit 24 of the authentication management apparatus 100 registers information related to the time-authenticated wrapping PDF file in the management database 26 (S426). Hereinafter, a case where the capacity of the time-certified packaging PDF file is larger than a predetermined threshold capacity will be considered. The return management unit 34 of the authentication management device 100 notifies the intellectual property terminal 204 of the return link for the time-authenticated wrapping PDF file by e-mail (S428). The person in charge of intellectual property accesses the return link from the intellectual property department terminal 204 (S430). The return management unit 34 of the authentication management apparatus 100 transmits the time-authenticated wrapping PDF file to the intellectual property terminal 204 (S432). The data discarding unit 32 of the authentication management apparatus 100 deletes the time-authenticated wrapping PDF file (S434). The notification unit 30 of the authentication management apparatus 100 refers to the management database 26 and notifies the intellectual property terminal 204 that the expiration date is approaching before the expiration date of the time authentication of the time-sealable wrapped PDF file (S436). ).

FIG. 20 is a chart showing a series of processing along the time series in accordance with the update of the time authentication in the management session.
The notification unit 30 of the authentication management apparatus 100 refers to the management database 26 and notifies the intellectual property terminal 204 that the expiration date is approaching before the expiration date of the time authentication of the time-sealable wrapped PDF file (S438). ). Based on the notification from the notification unit 30, the IP person in charge determines whether or not the time authentication of the time-authenticated wrapping PDF file should be updated (S440). If it is determined that it should be updated, the IP person in charge transmits a login request from the IP unit 204 to the authentication management apparatus 100 (S442), and provides a user ID and a password. When the provided user ID and password are authenticated, the authentication management apparatus 100 permits login from the intellectual property terminal 204 (S444). The person in charge of intellectual property uploads the package PDF file to be updated from the intellectual property department terminal 204 to the authentication management apparatus 100 (S446). The update target confirmation unit 46 of the authentication management apparatus 100 confirms the name and expiration date of the uploaded wrapping PDF file (S448). The hashing unit 16 of the authentication management apparatus 100 hashes the update target packaging PDF file (S450). The TSA side interface unit 18 of the authentication management apparatus 100 transmits the hash value to the PKI time certificate authority 302 (S452). The PKI time certificate authority 302 adds update time information to the received hash value (S454). The PKI time certificate authority 302 encrypts the hash value to which the update time information is added with the private key of the local station (S456), and generates a PKI token. The PKI time certificate authority 302 transmits the PKI token to the authentication management apparatus 100 (S458). The time adding unit 20 of the authentication management apparatus 100 adds the PKI token to the update target packaging PDF file (S460). The registration unit 24 of the authentication management apparatus 100 updates the entry of the management database 26 corresponding to the packaging PDF file whose time authentication has been updated (S462). The return management unit 34 of the authentication management apparatus 100 notifies the intellectual property unit terminal 204 of the return link for the updated packaging PDF file (S464). The person in charge of intellectual property accesses the return link from the intellectual property department terminal 204 (S466). The return management unit 34 of the authentication management apparatus 100 transmits the updated packaging PDF file to the intellectual property terminal 204 (S468). The data discard unit 32 of the authentication management apparatus 100 deletes the updated wrapping PDF file (S470). The notification unit 30 of the authentication management apparatus 100 refers to the management database 26 and notifies the intellectual property terminal 204 that the expiration date is approaching before the expiration date of the updated time authentication of the time-sealable wrapped PDF file. (S472). That is, the notification unit 30 notifies the intellectual property terminal 204 of information related to the next update of time authentication.

  According to the authentication management apparatus 100 according to the present embodiment, after returning the time-authenticated packaging PDF file to the user, the packaging PDF file is discarded. When this is viewed from the authentication management apparatus 100 side, it is not necessary to prepare a large storage device for storing the wrapping PDF file, which is excellent in terms of cost. In addition, security against file theft is relatively moderate. From the user's perspective, time-authenticated electronic files are often confidential materials, and it is generally undesirable to store such electronic files outside the authentication management device 100 or the like for a long period of time. It is done. Therefore, according to the authentication management device 100, once downloaded, the wrapping PDF file is deleted from the authentication management device 100, so that the possibility of information leakage can be reduced and the time authentication service can be received with a sense of security. .

  In addition, the authentication management apparatus 100 notifies the user of information related to the expiration date of the package PDF file, particularly that the expiration date is approaching and needs to be updated based on the expiration date determined from the authentication time. As described above, since the user is notified of the necessity for update, the user of the authentication management apparatus 100 can update the time authentication more efficiently. Moreover, even if the user forgets on his / her side, the user can recognize that the expiration date of time authentication is approaching by such notification. As a result, it is possible to reduce the possibility that the user will not be aware of the expiration date of the time authentication of the time-authenticated wrapping PDF file and that the expiration date will expire unintentionally.

  For intellectual property, the legal period is relatively long. For example, the duration of a patent right ends with 20 years from the date of patent application. Therefore, intellectual property-related electronic data must be stored for a long period of time as well. In addition, time authentication must be maintained over that long period. Thus, although it is necessary to update the time authentication, the authentication management apparatus 100 according to the present embodiment reduces the burden of update management on the user side by the function of notifying the necessity of update. As a result, the authentication management apparatus 100 is more suitable for managing time authentication of electronic data related to intellectual property.

  In addition, the notification unit 30 notifies the user that the expiration date is approaching within the authentication remaining period before the expiration date of time authentication. In this case, for example, the user is not notified for a while immediately after the time authentication, but in most cases, the user does not need to be notified during such a period. Therefore, the user can receive a necessary notification when necessary.

  Further, the authentication remaining period can be set for each wrapping PDF file. Thus, by giving flexibility to the notification setting, even if the authentication method and the update policy are different for each wrapping PDF file, the difference can be absorbed in the form of different settings.

  In addition, when the capacity of the time-authenticated packaging PDF file is larger than a predetermined threshold capacity, the return management unit 34 transmits the time-authenticated packaging PDF file to the user with the permission from the user. Therefore, it is possible to prevent inadvertently transmitting a large file to the intellectual property terminal 204. In particular, technology-related data such as research data tends to have a relatively large capacity. Therefore, by providing a threshold capacity for the capacity, the intellectual property terminal 204 can select a time when the communication environment is good, for example, and download a wrapping PDF file including such a large size of data.

In the authentication management apparatus 100 according to the present embodiment, time authentication can be updated as many times as the user desires. At the time of the update, after returning the wrapped PDF file with the updated time authentication to the user, the wrapped PDF file is discarded. Therefore, the same effects as those described above with respect to the discarding of the file can be obtained.
In addition, the authentication management apparatus 100 notifies the user that the expiration date is approaching and renewal is necessary based on the expiration date determined from the update time. Therefore, the same effect as the effect mentioned above regarding the notification based on an expiration date is produced.
In addition, since the authentication management apparatus 100 is configured to periodically prompt for updates, the user of the authentication management apparatus 100 can cope with version upgrades of ciphers due to advances in cryptographic technology.

Further, in the authentication management device 100 according to the present embodiment, with respect to a time-authenticated packaging PDF file,
(1) The time-authenticated wrapping PDF file includes the contents of the memo data in a form that can be searched and / or displayed.
(2) The name of the wrapping PDF file with time authentication includes information related to time authentication such as authentication time, validity period, expiration date, and authentication method,
(3) The registration unit 24 registers the contents of the memo data of the time-authenticated wrapping PDF file in the management database 26.
In this way, the authentication management apparatus 100 associates information for assisting the user in specifying the time-enhanced packaging PDF file with the time-authenticated packaging PDF file, so that the user can more easily attach time authentication when necessary. You can find a PDF file. For example, although it is known from the management list or the like that it is necessary to update the packaging PDF file, it may not be certain where the packaging PDF file is on the terminal. In such a case, the person in charge of intellectual property can quickly find a desired wrapping PDF file by using information for assisting the identification associated with the wrapping PDF file.

Moreover, in the authentication management apparatus 100 according to the present embodiment, the time-authenticated wrapping PDF file includes the contents of memo data. After being returned to the user, the wrapping PDF file with time authentication is stored at the user's terminal. The user can more easily grasp the information related to the electronic file attached to the time-authenticated wrapping PDF file by confirming the contents of the memo data of the stored time-authenticated wrapping PDF file. .
As time goes on, my memory fades away. For example, when a user determines whether or not to update a time-sealable packaging PDF file after a considerable period of time has elapsed since the time authentication, the user's memory about the time-authenticated packaging PDF file is weak. It is. Therefore, by referring to the memo data having various information about the attached electronic file, the user can grasp the information about the attached electronic file without opening the attached electronic file itself.

  The synthesizing unit 14 generates one wrapping PDF file by attaching a set of electronic files to a mount PDF file that includes the contents of the memo data in a form that can be searched and / or displayed. Therefore, it becomes possible to search for a time-authenticated wrapping PDF file using the contents of the memo data as a key in the user terminal that stores the time-authenticated wrapping PDF file. Thereby, the user can find a desired time-sealed wrapping PDF file faster in his / her terminal. In addition, the contents of the memo data can be visually confirmed by opening a time-authenticated wrapping PDF file on the user terminal. As a result, it becomes easier to manage the time-authenticated wrapped PDF file in the user terminal. That is, the authentication management apparatus 100 not only returns the time-authenticated electronic file to the user, but also returns the electronic file in a form that is easy for the user to manage by collecting the electronic file into a wrapping PDF file.

  Further, when generating the mount PDF file including the contents of the memo data, the synthesizing unit 14 searches or displays each name of a set of electronic files to be attached to the mount PDF file on the mount PDF file or displays the display PDF file. Include both as possible. Normally, an electronic file attached to a PDF file cannot be searched including its name. Therefore, by including the electronic file name in a searchable form in the mount PDF file, a search using the electronic file name as a key can be performed on the user terminal. In addition, by including the name of the electronic file in a form that can be displayed in the mount PDF file, the user can recognize the name of the electronic file attached to the file when the time-authenticated packaging PDF file is opened.

  In the authentication management device 100, the registration unit 24 registers the name of the time-authenticated packaging PDF file and the expiration date of the time authentication in the management database 26 in association with each other. The name and the expiration date of the package PDF file are extracted from the management database 26 in accordance with the search key specified by, and the presentation unit 42 determines the name and the expiration date of the extracted package PDF file. Present to the user. As described above, the authentication management apparatus 100 deletes the time-authenticated packaging PDF file itself after downloading by the user, but registers the information such as the name and expiration date of the packaging PDF file in the management database 26. . The authentication management apparatus 100 provides a search function based on the management database 26 to the user. Thus, the user can easily search for a desired wrapping PDF file by using the authentication management apparatus 100 without creating a list of wrapping PDF files by himself / herself. As a result, the burden of file management can be reduced.

  In the authentication management apparatus 100, the registration unit 24 registers the contents of the memo data of the time-authenticated packaging PDF file in the management database 26. When the key corresponding to the content of the memo data is designated by the user, the search unit 28 extracts the name of the wrapping PDF file from the management database 26 using the key. Therefore, the user can specify the contents of the memo data as a key in the search function provided by the authentication management apparatus 100. Thereby, the precision and speed of the search by the authentication management apparatus 100 can be improved.

  Moreover, in the authentication management apparatus 100 according to the present embodiment, the ID changing unit 22 includes information related to time authentication such as an authentication time, an effective period, an expiration date, and an authentication method in the name of the packaging PDF file. The information related to time authentication is determined after the uploaded electronic file is time-authenticated, and as a rule cannot be specified by the user with memo data or the like when uploading the electronic file. In addition, information related to time authentication is an important factor for the user to manage the wrapping PDF file. Therefore, by including such information related to time authentication in an easy-to-understand manner in the name of the wrapping PDF file, the user can more easily manage the wrapping PDF file. In particular, the user can include an authentication time, an effective period, an expiration date, an authentication method, and the like in the key when searching for a wrapping PDF file by file name on his terminal. This improves the accuracy and speed of search.

  Further, the authentication management apparatus 100 mediates between a plurality of users and the time certificate authority. Thereby, compared with the case where each user communicates independently with the time certification authority, the time management in the organization to which the user belongs, such as the research and development base 200, can be managed. Further, since the authentication management apparatus 100 functions as an ASP (Application Service Provider), it is not necessary to install special software for exchanging with the time certificate authority in each user terminal, which is excellent in terms of cost.

In particular, the return management unit 34 can acquire a time-authenticated wrapping PDF file by a user that is different from the user who has acquired the memo data and a set of electronic files from the data acquisition unit 38, that is, an engineer. State.
In this regard, for example, in the research and development base 200, the time-authenticated electronic file and its update may be collectively managed by a management terminal such as the intellectual property department terminal 204. In such a case, if each terminal independently uploads a set of electronic files subject to time authentication and downloads the time-authenticated wrapping PDF file, the engineer downloads the time-authenticated wrapping PDF file. After that, it must be transmitted separately to the intellectual property terminal 204. On the other hand, in the setting that allows the uploading user and the downloading user to be different, as described in this embodiment, the engineer only needs to complete the uploading, and the intellectual property person in charge is responsible for the downloading. Good. Therefore, business efficiency can be further improved. In the setting that allows the uploading user and the downloading user to be different, the setting is not limited to the above-described example of the engineer and the intellectual property person, and more appropriate setting based on the organization configuration of the user of the authentication management apparatus 100 is possible. Become.

  In addition, the notification unit 30 notifies the user who is different from the user who has acquired the electronic file from the data acquisition unit 38 with respect to the time authentication time limit. Thereby, compared with the case where each user interacts independently with the time certification authority, the time management in the organization to which the user belongs, such as the R & D base 200, becomes possible.

  In particular, the notification unit 30 notifies the IP person in charge that the expiration date of the time-sealable wrapped PDF file is approaching. If the technician receives a notification that the expiration date is approaching after the wrapping PDF file is returned to the intellectual property terminal 204, the technician will contact the intellectual property representative after receiving such notification. There is a need to. On the other hand, if the notification destination is set in advance for the administrator of the packaging PDF file, such as the person in charge of intellectual property, the notification is performed to the person who needs the notification, so that more efficient management is possible. Is possible.

  In other words, the engineer uploads the electronic file, the IP person in charge downloads the time-certified wrapping PDF file, and receives a notice regarding the deadline, so the engineer does not care about the file management after uploading. It is efficient because it can concentrate on development, and the IP staff can receive and manage and update the wrapped PDF file together.

(Second Embodiment)
In the first embodiment, the authentication management apparatus 100 acquires memo data and a set of electronic files in a new time authentication session, converts them into a wrapping PDF file, authenticates the time, and acquires a wrapping PDF file in the management session. Then, the case where the time authentication is updated has been described. In the second embodiment, the authentication management apparatus 700 acquires a plurality of electronic files and classifies them as new time authentication targets, update targets, and others. Hereinafter, the authentication management apparatus 700 according to the second embodiment will be described focusing on differences from the authentication management apparatus 100 according to the first embodiment.

  FIG. 21 is a schematic diagram showing an electronic time authentication system 4 including an authentication management apparatus 700 according to the second embodiment. The company's R & D base 210 has a plurality of engineer terminals 212a to 212c used by engineers, and an IP department terminal 214 used by IP officers. The engineer terminals 212a to 212c are connected to the intellectual property department terminal 214 by an intranet in the base. The IP department terminal 214 is connected to the authentication management apparatus 700 through a network (not shown), and serves as a window on the R & D base 210 side for the authentication management apparatus 700.

  The electronic time authentication system 4 includes an authentication management device 700, a PKI time authentication station 302, an archiving time authentication station 304, an archiving storage device 306, a PKICA station 400, and an archiving CA station 401.

  Engineers convert experiment notes, experiment data, idea memos, etc. that arise in daily research and development into electronic files using engineer terminals assigned to each person. The technician periodically transmits such an electronic file to the intellectual property terminal 214. The intellectual property terminal 214 is configured to put electronic files collected from the engineer terminals 212 a to 212 c into one time authentication folder 216. This may be realized, for example, by setting a backup destination of an electronic file generated by the engineer terminal in a folder in the intellectual property terminal 214. The intellectual property terminal 214 is also configured to put the electronic file returned from the authentication management apparatus 700 into the time authentication folder 216. Therefore, in the time authentication folder 216, an electronic file 218 that has not been time authenticated yet and an electronic file 220 that has already been time authenticated can be mixed.

  The intellectual property department terminal 214 transmits the plurality of electronic files 218 and 220 included in the time authentication folder 216 to the authentication management apparatus 700 together with the time authentication folder 216, for example, after the work end time of the R & D base 200. The electronic time authentication system 4 performs time authentication on the plurality of electronic files 218 and 220 as necessary or updates the time authentication as necessary, for example, by nighttime batch processing, and returns it to the intellectual property terminal 214.

  FIG. 22 is a block diagram illustrating the function and configuration of the authentication management apparatus 700. Each block shown here can be realized by hardware such as a computer (CPU) (central processing unit) and other elements and mechanical devices, and software can be realized by a computer program or the like. Here, The functional block realized by those cooperation is drawn. Therefore, it is understood by those skilled in the art who have touched this specification that these functional blocks can be realized in various forms by a combination of hardware and software.

  The authentication management device 700 includes a user interface unit 10, a login unit 40, a user database 44, a data acquisition unit 738, a hashing unit 716, an update target selection unit 702, a return management unit 734, and a time addition Unit 720, data discard unit 732, registration unit 24, presentation unit 42, search unit 28, notification unit 30, notification destination database 86, encryption status determination unit 88, management database 726, and TSA side And an interface unit 18.

  The data acquisition unit 738 acquires a plurality of electronic files 218 and 220 included in the time authentication folder 216 from the intellectual property terminal 214 via the user side interface unit 10.

  FIG. 23 is a data structure diagram showing the management database 726. The management database 726 includes a company ID 748, an electronic file name 750 of the time-authenticated electronic file, an authentication time 754 in the time authentication, the latest update time 756, an expiration date 758, an alert setting 762, and an authentication method 776. Are stored in association with each other. Regarding the registration unit 24, the search unit 28, the notification unit 30, and the encryption status determination unit 88 that use the management database 726, in those descriptions in the first embodiment, the wrapping PDF file is an electronic file. The explanation replaced with is applied mutatis mutandis.

Returning to FIG. The update target selection unit 702 selects an electronic file to be updated for time authentication and an electronic file to be newly time-authenticated from a plurality of electronic files 218 and 220 acquired by the data acquisition unit 738 according to a predetermined update criterion. . The update target selection unit 702 refers to the management database 726 and divides the plurality of electronic files 218 and 220 into the following four types.
(Type 1) An electronic file that has not been time-authenticated yet and therefore should be time-authenticated. This type of electronic file is not registered in the management database 726.
(Type 2) An electronic file that is in the authentication remaining period and is subject to update of time authentication. This type includes an electronic file in which the current time is included in the authentication remaining period determined by the expiration date and alert setting of the management database 726. Is applicable.
(Type 3) An electronic file that is before the expiration date and has not yet entered the authentication remaining period and is returned as it is without doing anything (Type 4) An electronic file with an expired expiration date Note that the update target selection unit 702 is set Thus, among the plurality of electronic files 218 and 220 acquired by the data acquisition unit 738, those that have not been time-authenticated may be subject to new time authentication, and all the remaining may be subject to update regardless of the expiration date.

The hashing unit 716 hashes the electronic files selected as the type 1 and the type 2 by the update target selection unit 702 using a predetermined hash function to obtain a hash value.
The TSA side interface unit 18 transmits the hash value generated by the hashing unit 716 to the time certificate authority.
The time adding unit 720 adds the corresponding new authentication token acquired by the TSA side interface unit 18 to the electronic file selected as the type 1.
The time adding unit 720 adds the corresponding update token acquired by the TSA side interface unit 18 to the electronic file selected as the type 2.

  The return management unit 734 selects the electronic file with the new authentication token added by the time adding unit 720, the electronic file with the update token added by the time adding unit 720, and the type 3 and type 4 selected by the update target selection unit 702. These electronic files are collectively transmitted to the intellectual property terminal 214 or are made downloadable by the intellectual property terminal 214.

  Here, the return management unit 734 notifies the IP terminal 214 that the electronic file selected as the type 4 has expired. For example, the return management unit 734 may add information indicating that the expiration date has expired to the name of the electronic file, or newly generate a warning file including information on the electronic file that has expired. It may be returned to the intellectual property terminal 214 together with the electronic file. Thus, the expiration date can be surely transmitted by the IP person in charge who manages the time authentication of the electronic file.

  The data discarding unit 732 deletes the electronic file from the storage area of the authentication management device 700 after the return management unit 734 returns the electronic file.

  According to the authentication management device 700 according to the present embodiment, the configuration corresponding to the configuration of the authentication management device 100 according to the first embodiment is the same as the operation and effect described in the first embodiment. An effect is produced.

  Further, according to the authentication management apparatus 700 according to the present embodiment, when the IP person in charge updates the electronic file, it is only necessary to transmit the time authentication folder 216 from the intellectual property terminal 214 to the authentication management apparatus 700. Here, the person in charge of intellectual property does not need to separate the electronic file to be newly authenticated from the electronic file to be updated. This is because the authentication management apparatus 700 selects the update target with reference to the management database 726. Those not registered in the management database 726 are selected as new time authentication targets. Therefore, the update and the new time authentication can be achieved simultaneously by a single operation of transmitting the time authentication folder 216. As a result, the intellectual property person only has to set in advance the update management criteria such as alert setting in the authentication management apparatus 700, so the management burden on the intellectual property person can be greatly reduced.

The configuration and operation of the authentication management apparatus according to the embodiment have been described above. These embodiments are exemplifications, and it is understood by those skilled in the art that various modifications can be made to each component and combination of processes, and such modifications are within the scope of the present invention. . Furthermore, combinations of the embodiments are possible.
For example, the authentication management device may be configured to be able to select a mode for handling a wrapping PDF file and a mode for acquiring a plurality of electronic files for each time authentication folder.

In the first embodiment, a case has been described in which an engineer uploads an electronic file, an IP person in charge downloads a time-authenticated wrapping PDF file, and receives a notification regarding a time limit. However, the present invention is not limited to this. Absent. For example, a technician may upload an electronic file, download a time-certified wrapping PDF file, and receive a notification regarding a time limit. Moreover, the authority which can perform both a new time authentication session and a management session may be given to both ID of an engineer and ID of an intellectual property person in charge.
Alternatively, the authentication management apparatus according to the modified example may make various notifications to the person who uploaded the electronic file (sender, applicant) or the person who downloaded the packaging PDF file (recipient) or to others. There may be further provided a notification destination selection receiving unit that receives a selection of whether or not to do so and reflects the received selection in the notification destination database 86.

  In the first embodiment, the authentication management device allows the user who has acquired the electronic file to the data acquisition unit 38 to specify at least one return destination of the time-authenticated wrapping PDF file. (Shown) may be further provided. Further, the return management unit may be able to acquire the time-authenticated packaging PDF file by the return destination specified by the return destination specifying unit. In this case, a more flexible return destination can be set.

  In 1st Embodiment, although the synthetic | combination part 14 demonstrated the case where a wrapper PDF file was produced | generated, it is not restricted to this. For example, after creating a wrapping PDF file at the user's terminal, the wrapping PDF file may be uploaded to the authentication management apparatus as a time authentication target.

  In the first embodiment, the management database may store a hash value of the wrapping PDF file. Furthermore, the update target confirmation unit may confirm whether or not the acquired wrapping PDF file is a target to be updated using a hash value stored in the management database. In this case, if there is a falsification after time authentication in the acquired PDF file, the falsification can be found before sending it to the time certification authority, which is efficient.

  In the first and second embodiments, the case where the expiration date information is used as the information regarding the time authentication time limit has been described, but the present invention is not limited to this. For example, the time after a predetermined time has elapsed from the authentication time or the update time may be used as the time limit regardless of the expiration date.

  In the first and second embodiments, the case where the PKI time certificate authority 302 and the archiving time certificate authority 304 are external time certificate authorities has been described. However, the present invention is not limited to this, and the authentication management apparatus is a PKI time certificate authority. It may have a function of at least one of 302 and archiving time certificate authority 304.

  In the first and second embodiments, the database may be divided into two or more databases as appropriate.

  In the first embodiment, the ID changing unit may change the file name based on the update time in the management session. In particular, the ID changing unit may include the update time in the file name. In the second embodiment, the authentication management apparatus may include an ID changing unit that changes the name of the electronic file that has been time-authenticated or whose time authentication has been updated in the same manner as in the first embodiment.

  In the first and second embodiments, the user may generate a hash value using the rich content technology of the browser, and upload only the hash value to the authentication management apparatus. In this case, since the authentication management apparatus cannot know the contents of the electronic file beyond the contents of the memo data, it is preferable from the viewpoint of maintaining confidentiality.

  In the first and second embodiments, a case has been described in which a change in alert settings is received on the search management screen 520. However, the present invention is not limited to this, and may be received as one of input items of memo data, for example. Further, as an alert setting, it is possible to set a notification periodically when the authentication remaining period is entered.

  In the first and second embodiments, the case where the authentication remaining period is set from the expiration date and the alert setting has been described, but the present invention is not limited to this.

  In the first embodiment, the case has been described in which the time authentication is performed on the electronic file attached thereto by performing the time authentication on the wrapping PDF file, but the present invention is not limited thereto. For example, the electronic file may be directly time-authenticated without using the wrapping PDF file.

In the first and second embodiments, the electronic file can be duplicated. Therefore, the electronic file may be duplicated and each of them may be time-authenticated. In addition, the time authentication or update timing of each electronic file may be shifted.
FIG. 24 is an explanatory diagram for explaining a time authentication / update method according to a modification.
At time t1, the engineer generates an electronic file 802 to be time authenticated.
At time t2, the electronic file 802 is duplicated in the engineer's engineer terminal or the upload destination authentication management apparatus, and two electronic files 804 and 806 having the same contents are generated. Hereinafter, these electronic files are referred to as a first electronic file 804 and a second electronic file 806 for convenience.

  At time t3, the first electronic file 804 and the second electronic file 806 are time-authenticated separately. For example, the first electronic file 804 has a first PKI token 808 that has been time-authenticated by the PKI time certificate authority 302 and includes the authentication time, and the second electronic file 806 has been time-authenticated by the archiving time certificate authority 304 to obtain the authentication time. A first archiving token 810 is included.

At time t4, the time authentication of the first electronic file 804 is updated. For example, time authentication of the first electronic file 804 is updated by the PKI time authentication station 302, and a second PKI token 812 including the update time is added.
At time t5, the time authentication of the second electronic file 806 is updated. For example, the second electronic file 806 is updated in time authentication by the archiving time authentication station 304, and a second archiving token 814 including the update time is added.
According to this modification, it is possible to improve the certainty of time authentication for particularly important electronic files.

  In the first embodiment, the update target confirmation unit 46 refers to the management database 26 when the data acquisition unit 38 acquires an update target packaging PDF file, and the expiration date of the acquired packaging PDF file is determined. Although the case where it is confirmed whether it has run out was demonstrated, it is not restricted to this. For example, the authentication management device may hash the transmission target PDF file regardless of whether the expiration date has expired and transmit it to the time certificate authority. Furthermore, the return management unit of the authentication management apparatus 100 may notify that the expiration date has expired when the updated packaging PDF file is returned to the user.

  In the first and second embodiments, when providing a time-based authentication / update service for charging, the authentication management apparatus may further include a charging control unit (not shown) that controls charging. This charge control unit may make the charge for the update cheaper than the charge for the new time authentication, for example, half the price. In this case, it is possible to provide a more user-friendly service by relatively lowering the hurdle for updating.

  In the first and second embodiments, the authentication management apparatus may further include a user information update unit (not shown) that causes the user to update at least one of the user database 44 and the notification destination database 86.

  In the first and second embodiments, the notification unit of the authentication management apparatus may notify the information regarding the expiration date based on a keyword such as a technical field designated in advance by the user. In particular, the notification unit may notify a wrapped PDF file or an electronic file that matches a specified keyword as a target of time authentication update. Alternatively, the notification unit does not have to notify the wrapped PDF file and the electronic file that match the designated keyword as the target of time authentication update.

The authentication management apparatus according to the modification further includes a notification target database 90.
FIG. 25 is a data structure diagram showing the notification target database 90. The notification target database 90 stores a company ID 98, a notification target item 92, and a non-notification target item 94 in association with each other. Each of the notification target item 92 and the non-notification target item 94 is an item registered in advance by a manager of a company having a corresponding company ID. When the notification unit notifies the notification destination corresponding to a certain company ID of information related to the expiration date of the file, the notification unit refers to the notification target database 90, and the file matches the keyword registered in the notification target item corresponding to the company ID. If not, notify. If not, do not notify. In addition, when the notification unit notifies the notification destination corresponding to a certain company ID of the information regarding the expiration date of the file, the notification unit refers to the notification target database 90 and sets the keyword registered in the non-notification target item corresponding to the company ID. Notify if file matches, notify if not.

  For example, if it becomes a large-scale research and development base, the number of electronic files to be managed becomes enormous. If all of the notifications are made at this time, the number of notifications received every day also becomes enormous. Since the authentication management apparatus according to the present modification provides a filtering function for a notification target, an error such as an electronic file update notification related to an important field being buried in an electronic file update notification related to an unimportant field is overlooked. The possibility of this can be reduced. In addition, for electronic files related to technology that has become obsolete as technology progresses, the number of final update notifications can be narrowed down by registering keywords related to that technology in non-notification items each time the technology becomes obsolete. it can.

  In the first and second embodiments, a screen for changing an update contact such as an address or an e-mail address may be prepared. The authentication management apparatus according to the modification may include a database update unit (not shown) that acquires change information from a user and updates a user database and a notification destination database based on the acquired change information. The database update unit displays the change screen 670 on the monitor of the user terminal via the user side interface unit. FIG. 26 is a representative screen diagram of the change screen 670. The change screen 670 includes a user ID change area 672, a name change area 674, an e-mail address change area 676, an affiliation change area 678, and an OK button 680. The user ID change area 672 has an area for displaying the currently registered user ID and an area for accepting an input of the changed user ID if the user ID is changed. The name change area 674 has an area for displaying the currently registered name, and an area for accepting input of the changed name if the name is changed. The e-mail address change area 676 includes an area for displaying the currently registered e-mail address and an area for accepting input of the changed e-mail address if the e-mail address is changed. The affiliation change area 678 has an area for displaying the affiliation currently registered, and an area for receiving an input of the affiliation after the change if the affiliation is changed. When a change is input for an item that needs to be changed and the OK button 680 is pressed, the database update unit updates the user database and the notification destination database based on the input change information.

  Although the present invention has been described based on the embodiments, the embodiments merely show the principle and application of the present invention, and the embodiments are defined in the claims. Needless to say, many modifications and arrangements can be made without departing from the spirit of the present invention.

  2, 4 electronic time authentication system, 10 user side interface unit, 12 update target selection unit, 14 synthesis unit, 16 hashing unit, 18 TSA side interface unit, 20 time addition unit, 22 ID change unit, 24 registration unit, 26 Management database, 28 search unit, 30 notification unit, 32 data discard unit, 34 return management unit, 38 data acquisition unit, 40 login unit, 42 presentation unit, 44 user database, 46 update target confirmation unit, 86 notification destination database, 88 Cryptographic status determination unit, 100 authentication management device, 200 R & D base, 302 PKI time authentication station, 304 archiving time authentication station, 306 archiving storage device, 400 PKICA station, 700 authentication management device.

Claims (12)

When the authentication of the time when electronic data existed is called time authentication,
A data acquisition unit for acquiring electronic data subject to time authentication from a user;
When the electronic data acquired by the data acquisition unit is time-authenticated, tamper-detectable time authentication information including authentication time information that is the time authenticated in the time authentication is added to the time-authenticated electronic data A time authentication information adding unit,
A return management unit that makes electronic data that is time-authenticated available to the user,
When the time-authenticated electronic data is acquired by the user, a data discarding unit that discards the electronic data,
An authentication management apparatus, comprising: a notification unit that notifies the user of information related to a time limit for time authentication of electronic data based on authentication time information.   2. The authentication management apparatus according to claim 1, wherein when the time authentication has an expiration date, the notification unit notifies the user of information related to the expiration date within a predetermined authentication remaining period before the expiration date. .   The authentication management apparatus according to claim 2, wherein the remaining authentication period is set for each electronic data subjected to time authentication.   The authentication management apparatus according to claim 1, wherein the data acquisition unit acquires a hash value of electronic data to be time-authenticated from a user as electronic data to be time-authenticated.   The return management unit transmits the electronic data to the user in response to a permission from the user when the capacity of the time-authenticated electronic data is larger than a predetermined threshold capacity. 5. The authentication management device according to any one of 4.   The return management unit makes the time-authenticated electronic data in a state that can be acquired by a user different from the user who has acquired the electronic data by the data acquisition unit. The authentication management device described in 1. When the authentication of the time when electronic data existed is called time authentication,
A data acquisition unit for acquiring electronic data to be updated for time authentication from a user;
When the time authentication of the electronic data to be updated acquired by the data acquisition unit is updated, the authentication update information that can detect falsification including the information of the update time that is the time when the time authentication is updated An authentication update information adding unit to be added to the updated electronic data;
A return management unit that makes electronic data updated with time authentication available to the user,
When electronic data with updated time authentication is acquired by a user, a data discarding unit that discards the electronic data;
Based on at least one of the update time information of the electronic data whose time authentication is updated and the authentication time information which is the time authenticated in the time authentication, information on the next update of the time authentication of the electronic data is stored in the user. An authentication management apparatus comprising: a notification unit that notifies When the authentication of the time when electronic data existed is called time authentication,
A data acquisition unit for acquiring a plurality of electronic data from a user;
An update target selection unit that selects electronic data to be updated for time authentication according to a predetermined update criterion from a plurality of electronic data acquired by the data acquisition unit;
When the time authentication of the electronic data to be updated selected by the update target selection unit is updated, the authentication update information that can detect falsification including the information of the update time that is the time when the time authentication is updated is time authentication. An authentication update information adding unit to be added to the updated electronic data,
A return management unit that makes electronic data updated with time authentication available to the user,
An authentication management apparatus comprising: a data discarding unit that discards electronic data whose time authentication has been updated by a user.   The update target selecting unit selects electronic data that has not been time-authenticated as electronic data to be newly time-authenticated from a plurality of electronic data acquired by the data acquisition unit. Authentication management device. When the authentication of the time when electronic data existed is called time authentication,
Obtaining electronic data subject to time authentication from a user;
When the acquired electronic data is time-authenticated, adding time authentication information that can be detected by tampering including information of the authentication time that is the time authenticated in the time authentication to the time-authenticated electronic data;
Making the time-authenticated electronic data in a state that can be acquired by the user;
A step of discarding the electronic data when the time-authenticated electronic data is acquired by the user;
And a step of notifying a user of information related to a time limit for time authentication of electronic data based on the information on the authentication time.   The authentication management method according to claim 10, further comprising a step of associating information for assisting identification of time-authenticated electronic data by the user with time-authenticated electronic data. When the authentication of the time when electronic data existed is called time authentication,
A function to acquire electronic data subject to time authentication from the user;
When the acquired electronic data is time-authenticated, a function of adding tampering-detectable time authentication information including authentication time information that is the time authenticated in the time authentication to the time-authenticated electronic data;
A function for making time-authenticated electronic data obtainable by a user;
When the time-authenticated electronic data is acquired by the user, the function of discarding the electronic data,
A computer program for causing a computer to realize a function of notifying a user of information related to a time limit of time authentication of electronic data based on authentication time information.

Images