JP2012222594A - Signature server, signature system and signature processing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it possible to request a signature from a signer even when the signature environment of each signer is diverse, as well as enable signing by a signer to be made under the condition intended by a signature requester.SOLUTION: If a signer is an inside user, a request of a signature on a signature server side is made to a computer which the signer uses, or if the signer is not an inside user, an inquiry is made to the computer which the signer uses to know whether use of the signature server is needed. If the inquiry is responded to the effect that the signature serve is used, the computer which the signer uses is accessed to acquire the signature environment of the signer and, if the acquired signature environment is found to be inappropriate, the acquired signature environment is normalized. If the inquiry is responded to the effect that a signature is executed on the signer side, a request of signature execution on the signer side is made to the computer which the signer uses and, if the signature environment is found to be appropriate or the signature environment has been normalized, a request is made that a signature be executed on the signature server side.

Description

  The present invention relates to a signature server that requests an electronic signature, and more particularly, to a technique that ensures and verifies the validity of an electronic signature of a signer when a requester requests the electronic signature from a signer.

  In recent years, computerization of paper has been progressing in various fields. As a technique for guaranteeing the validity of an electronic document, there is an electronic signature technique. By using the electronic signature, it is possible to confirm whether the document has been tampered with, who has signed it, or the like.

  There is Patent Document 1 as a publicly known technique in which a client requests another person to implement an electronic signature. According to the technique of Patent Document 1, a signature requester writes information to be signed in a document in advance, and the signer views the document and implements the signature. This prevents a difference in consciousness between the requester and the signer, such as what to sign and what the document content is agreed upon, and makes it possible to agree on the intention.

  In addition, as a known technique other than the above, there is a technique that systematizes a request and execution of a signature in a workflow format and efficiently processes even when a plurality of signers successively sign (Non-Patent Document 1, Non-Patent Document 2). ). In Non-Patent Document 1 and Non-Patent Document 2, a signature server is provided as a hosting service, and all users involved in signatures such as a signature requester and a signer use one signature server. With this service, it is possible to request and implement a signature even between users of different companies. The signer can set the signer, the signing object, the reason for the signature to be selected, and the like to perform the processing flow, thereby allowing the signer to sign as intended.

US Patent Application Publication No. 2007/0061578

"CertaSign Online Help Contents", [online], Gemini Security Solutions, Inc., [Searched on December 10, 2010], Internet <URL: https://app.certasign.com/help/Helpv1.aspx> "MySignatureBook 1.1.3 FAQ", [online], TriCipher, Inc., [Searched on December 10, 2010], Internet <URL: https://safe-msb.tricipher.com/signaturebook/MSB_help.pdf>

  In the above known technique, all signers need to sign on the same signature server. However, not all signers use the same signing server. For example, the signer may use a different signing environment (such as when using a signature server that is centrally managed by the company or when using signing software on the client machine side). There is a problem that a signature request cannot be made. In particular, when requesting and creating a signature between users of different companies, it is considered that the signature environment used by the company is different. For example, there may be many situations where one user uses a signing server of a hosting service and the other user signs using his own signature server.

  In order to have the signer sign under the conditions specified by the signing client even in the situation where the signature request is made between users with different signature environments as described above, the implemented signature matches the condition specified by the signing client A separate mechanism for verifying whether to do this is necessary.

  Further, the above known technology does not consider the signer's signature environment (for example, whether it has a certificate designated by the signing requester or whether it has a signature function in the first place). No processing is shown when does not have a signature environment.

  The present invention has been made in view of the above-described problems. The signer's signature environment is determined, and even when the signer's signature environment varies, the signer is signed with the signature condition intended by the signer. An object of the present invention is to provide a signature system that can be used.

  A typical example of the invention disclosed in the present application is as follows. That is, a signature server connected to one or more computers, wherein the signature server includes one or more interfaces connected to the computers, a processor connected to the interfaces, and a memory connected to the processors. And the signing server determines whether or not the signing requester signer specifying signer is specified and whether the specified signer is an internal user permitted to use the signing server. And when the signer is determined to be an internal user, the computer used by the signer is requested to execute a signature using the signature server, and the signer is not an internal user. A user cooperation unit that inquires of the computer used by the signer whether or not the signature server is to be used, and whether or not the signature server is to be used. If the response is that the signature server is used, the signature environment of the signer is acquired, and if it is determined that the acquired signature environment is not appropriate, the signature that optimizes the acquired signature environment is obtained. An environment determination unit, and when the signature environment determination unit determines that the signature environment of the signer is appropriate, or when the signature environment is optimized Requests the signature execution using the signature server, and the user cooperation unit responds to the inquiry about the necessity of use of the signature server in response to the signer executing the signature, The signer side requests the computer used by the signer to execute the signature.

  According to the representative embodiment of the present invention, even when the signer has various signature environments, the signer can be signed under the signature condition intended by the signature requester.

It is a block diagram which shows the hardware and software structure of the signature system in the 1st Embodiment of this invention. It is a figure which shows an example of the account information in 1st Embodiment. It is a figure which shows an example of the signature request information in 1st Embodiment. It is a figure which shows an example of signature condition information. It is a figure which shows an example of the signature condition information in the modification of 2nd Embodiment. It is a figure for demonstrating a signature field. It is a figure which shows an example of the external server information in the 1st Embodiment of this invention. It is a flowchart which shows an example of the process about signature request | requirement, signature environment discrimination | determination, signature implementation, and verification which the signature server in the 1st Embodiment of this invention performs. It is a flowchart which shows an example of the process regarding the signature request | requirement, signature environment discrimination | determination, signature implementation, and verification which the signature server in the 2nd Embodiment of this invention performs. It is a flowchart which shows an example of the request of a signature performed in the signature system in the 3rd Embodiment of this invention, and a substitute process. It is a figure which shows the structure of the signature system in the 3rd Embodiment of this invention.

  Embodiments of the present invention will be described below. The embodiment described below is an example, and the present invention is not limited to this.

<First Embodiment>
FIG. 1 is a block diagram showing a hardware and software configuration of a signature system according to the first embodiment of the present invention. The signature system according to the first embodiment includes one or more signature servers 101a and 101b (hereinafter collectively referred to as signature server 101), one or more company signature servers 128, and one or more OCSP servers 117. One or more time stamp servers 118, one or more client terminals 119a and 119b that do not have a signature function (hereinafter collectively referred to as client terminals 119), and one or more client terminals that have a signature function 120.

  The company signature server 128 is accessible from the client terminal 119b in the same organization.

  The signature server 101, the client terminal 120, and the company signature server 128 are connected to the network via the I / Fs 104, 123, and 131, respectively. The signature server 101 receives an operation request and gives an operation instruction to an external device such as the client terminal 119 via the I / F 104.

  The signature server 101 includes a memory 102, a CPU 103, and an I / F 104.

  The CPU 103 receives an operation request from an external device such as the client terminal 119 and executes the operation through the I / F 104, notifies the external device of a signature request, and transmits an operation result.

  The memory 102 includes an account management program 105, a signature generation program 106, a signature verification program 107, a signature condition management program 108, a user cooperation program 109, a signature environment determination program 110, an external server cooperation program 111, account information 112, and signature request information 113. Signature condition information 114, external server information 115, and signature document information 116, which are connected to the CPU 103 and the I / F 104.

  The client terminal 120 includes a CPU 122, a memory 121, and an I / F 123.

  The CPU 122 receives an operation request from the signature server 101 or the like or an operation instruction from the signature server 101 or the like via the I / F 123. The memory 121 includes a signature generation program 124, a signature verification program 125, and an external server cooperation program 126, and is connected to the CPU 122 and the I / F 123.

  The company signature server 128 includes a memory 129, a CPU 130, and an I / F 131, and is connected to the client terminal 119b. The memory 129 includes a signature generation program 132, a signature verification program 133, and an external server cooperation program 134, and is connected to the CPU 130 and the I / F 131. The CPU 130 communicates with the signature server 101, the client terminal 119b, and the like via the I / F 131.

  Next, details of the software configuration of the signature system in the present embodiment will be described.

  First, information other than the program stored in the memory 102 of the signature server 101 will be described, and then the program information stored in the memory 102 will be described.

  The account information 112 is information used for authenticating a user who uses the signature server 101.

  FIG. 2 is a diagram illustrating an example of the account information 112 according to the first embodiment. The account information 112 includes four data items 201, 202, 203, and 204. An item 201 indicates a user ID for uniquely identifying a user. An item 202 indicates a password necessary for logging in to the signature server. An item 203 indicates information on the user's mail address. An item 204 indicates whether the user has an account issuance license for using the signature server. For example, in FIG. 2, since user A has 10 licenses, it indicates that he has the authority to issue 10 accounts. For example, when a user other than the user wants to use the signature server, an account of the signature server can be issued to the user. In FIG. 2, userB has 0 licenses and cannot issue an account.

  The signature request information 113 is information indicating who should sign what under what conditions when the signature requester requests the signer to sign.

  FIG. 3 is a diagram illustrating an example of the signature request information 113 according to the first embodiment. The signature request information 113 includes six data items, items 301, 302, 303, 304, 305, and 306. An item 301 indicates a request number for identifying a signature request made by the signature requester. An item 302 indicates information of a requester who has made a signature request. An item 303 indicates a user (signer) who wants to sign by the signature request.

  An item 304 indicates information on a signing condition that is used to sign a signer. This item refers to signature condition information 114 described later. An item 305 indicates a document to be signed in the signature request. An item 306 indicates the progress status of the signature request. For example, in FIG. 3, the status of request number 1 is “completed”, indicating that the signature by the requested signer has been completed. The status of request number 2 is “incomplete (1/2)”, indicating that the first signature of two requested signers has been completed.

  The signature condition information 114 is information indicating a signature condition (for example, a signature expiration date) when the signature requester requests the signer to sign, and is set before the signature requester requests the signature.

  FIG. 4 is a diagram illustrating an example of the signature condition information 114. FIG. 4A shows an example of the signature condition information 114 in the first embodiment, and FIG. 4B shows an example of the signature condition information 114 in the second embodiment to be described later.

  The signature condition information 114 is composed of one or more signature conditions 304. The signature condition 304 includes seven data items 401, 402, 403, 404, 405, 406, and 407. An item 401 indicates the signer's reason for signing. For example, “confirm” is set when a signature is requested with the intention of making the signer confirm the document, and “approval” is set when the signature is requested with the intention of allowing the signer to approve the document. Also, both “confirmation” and “approval” may be set to allow the signer to select either, or the user may be allowed to specify freely.

  An item 402 indicates information of a signer to be signed. In the example shown in FIG. 4, the signer's e-mail address is specified, but other information that can specify the signer, such as the account ID of the signing server, may be used. An item 403 indicates a signature expiration date. For example, the signature server may issue an alert to the signature requester when the signature is not performed by the set deadline.

  An item 404 is field information for entering signature data in the document, and indicates which part of the document is to be signed. The signature field will be described with reference to FIG. For example, when “field 1” is set in the item 404 described above, the signer signs the portion of the signature field 601 in FIG. 6, and when “field 2” is set, the signer 602 Sign the part.

  An item 405 indicates the type of certificate that can be used when the signer executes the signature in the requested signature. For example, in the example illustrated in FIG. 4, the certificate type is “sampleCA”, and the signer indicates that a certificate issued by sampleCA or a lower intermediate CA can be used for signature.

  An item 406 indicates whether or not the certificate validity / invalidation verification information needs to be included in the document signature. For example, if this item is “necessary”, the signer or other user also includes the validity verification result of the certificate used for the signature in the document. An item 407 indicates whether or not a time stamp needs to be included in the document in the signature of the document.

  The signature condition information 114 may include information related to signature conditions other than the items 401 to 407.

  The external server information 115 is information indicating the address of an external server with which the signature server 101 cooperates.

  FIG. 7 is a diagram illustrating an example of the external server information 115 according to the first embodiment of this invention. The external server information 115 includes three data items 701, 702, and 703.

  An item 701 is address information of an OCSP server used for certificate validity confirmation. An item 702 is address information of the time stamp server 118. An item 703 is address information of other signature servers. When the signature requester uses the signature server 101a, the other signature server is, for example, the signature server 101b. Another example of the signature server is a server used in an electronic experiment notebook system. Note that there may be server information other than the above, or a plurality of information of the same type of server may be registered. Further, the server address information may be specified by a URL or the like.

  The signature document information 116 is a document to be signed. The signature document information 116 is registered, for example, by uploading to the signature server 101 before a signature requester or the like makes a signature request. Note that a document signed by a signature request or a document being signed may be saved.

  Next, program information stored in the memory 102 of the signature server 101 will be described.

  The account management program 105 is a program for executing processing such as authenticating a user who uses the signature server 101 based on the account information 112 and permitting or prohibiting execution of an operation requested by the user.

  The signature generation program 106 is a program for signing a document. As the signature processing, for example, a hash value of a document is generated, the hash value is encrypted with the signer's private key, and the encrypted value is added to the document as a signature value. The hash value of the document is sent to the client terminal used by the signer, and the signer creates a signature value based on the hash value, and the signature server adds the signature value from the signer to the document. For example, processing other than the above may be performed.

  The signature verification program 107 is a program for verifying whether the signature executed by the signer is proper. Specifically, it is verified whether or not the signature value is correct and whether or not the implemented signature satisfies the signature request condition.

  The signature condition management program 108 is a program for creating, changing, and deleting the signature request information 113 and the signature condition information 114 based on a request from a signature requester or the like. The signing requester can set conditions for signing using this program and request the signing party to sign. For example, the signature requester sets signature request contents and conditions using this program, and issues an execution request for the set signature request to the signature server 101. The signature server 101 sends a signature request notification to the signer designated by the set signature request.

  The user cooperation program 109 is a program for performing a signature request notification to the signer, sending a signature result, receiving a signature executed on the signer side, and the like based on the signature request information set by the signature requester. For example, in the case of a signature request of request number 1 in FIG. 3, the user cooperation program 109 issues a signature request notification to the user of test@test.com.

  The signature environment determination program 110 is a program for acquiring / determining the signer's signature environment based on the response result regarding the signature method received from the signer. The signature environment determination program 110 also verifies whether the signer's signature environment matches the conditions specified by the signer, and if not, performs processing such as optimizing the signer's signature environment. It is also a program.

  The external server cooperation program 111 cooperates with an external server, for example, another signature server 101b, the OCSP server 117, and the time stamp server 118, and performs a signature request to the external signature server, an OCSP result, and a time stamp.

  Next, information stored in the memory 121 of the client terminal 120 and information stored in the memory 129 of the company signature server 128 will be described.

  Similar to the signature generation program 106, the signature generation programs 124 and 132 are programs for signing a document. The signature verification programs 125 and 133 are programs for verifying whether the signature created by the signer is appropriate. The external server cooperation programs 126 and 134 are programs for accessing an external server such as the OCSP server 117 and receiving operation requests and operation results. Note that the memories 121 and 129 may include information other than the above, for example, information stored in the memory 102.

  In FIG. 1, the client terminal A 119a, the client terminal B 120, and the client terminal C 119b belong to different organizations (organization A, organization B, organization C). For example, organization A is a medical institution and organization B is a pharmaceutical company. Organization A, organization B, and organization C are different companies. However, all or part of these client terminals may be in the same organization, or different signature environments may be in the same organization.

  The above is the hardware and software configuration of the signature system in the present embodiment.

  Next, based on the hardware and software configuration described above, details of a series of processes from requesting a signer to the signer, determination of a signature environment, implementation of signature, and verification in the present embodiment will be described. In the signature request process, the signature request information 113 and the signature condition information 114 are set in advance using the signature condition management program 108 by the signature requester. In response to a signature request execution request (for example, request number 1 in FIG. 3) from the signature requester, the signature server 101 makes a signature request to the signer. Details of the processing will be described below.

  FIG. 8 is a flowchart showing an example of processing for signature request, signature environment discrimination, signature implementation, and verification executed by the signature server 101 according to the first embodiment of the present invention.

  Upon receiving a request for executing a signature request from the signature requester, the account management program 105 looks at the contents of the request, and the signer is either an internal user registered in the signature server 101 or an unregistered user (hereinafter referred to as an external user). (Also called a user). An internal user registered in the signature server 101 is a user who is permitted to use the signature server 101. The account management program 105 determines the signer based on the contents of the item 303 of the signature request information 113, and then determines whether the signer is an external user based on the contents of the items 201 and 203 of the account information 112. (S801).

  If it is determined that the signer is an internal user registered in the signature server 101, the user cooperation program 109 notifies the signer that there is a signature request by e-mail or the like, and the signature corresponding to the signature request Is executed on the signature server 101 (S802, S808).

  Subsequently, based on an instruction from the signer, the signature generation program 106 and the signature verification program 107 perform signature verification (S809). Specifically, the signature is verified and the signature is verified so as to satisfy the items 401 to 407 of the signature condition 304 specified by the signature request information. For example, when the item 406 is “necessary”, the certificate verification result is also added to the signed document, and when the item 407 is “necessary”, the time stamp is also added to the signature document.

  When signing on the signature server 101 side, the processing of the signature server 101 is controlled so that it can be signed only under the conditions specified in the signature request (for example, if it is a signature reason, only the one specified in the item 401 is used. It is also possible to make it impossible for the user to select. In that case, instead of verifying all items of the signature condition 304 for the signed document, only the part that cannot be controlled only by the server side (for example, whether the signature expiration date has been observed or the specified certificate has been used) is to be verified. It may be.

  When the signature verification program 107 determines that the signature has been correctly performed by verifying the signature, the signature condition management program 108 updates the status 306 of the signature request information 113 and indicates that the requested signature has been completed on the signature server 101. The signature requester is notified by e-mail or the like, and the process is terminated (S810, S812, S813).

  The signed document may be stored on the signature server 101 so that it can be viewed by the signature requester or the like, or may be directly transmitted to the signature requester by e-mail or the like.

  On the other hand, if it is determined in step S810 that the signature has not been correctly performed, the signer may be notified to sign again, or for example, when the signature deadline has passed or the signer has rejected the signature. When there is a request, an alert is notified to the signature requester on the signature server 101 or by e-mail. The signature condition management program 108 performs processing such as continuation of signature request, content change, and cancellation based on an instruction from the signature requester, and ends the processing (S811). Also in the above, the status 306 may be updated (alert state or the like).

  If it is determined in step S802 that the signer is an external user, the user cooperation program 109 notifies the signer that there is a signature request by e-mail or the like, and the signature corresponding to the signature request is displayed on the signature server 101. An inquiry is made as to whether to implement or on the signer side (S803). Examples of signing on the signer side are a signature using signature software on the signer side, a signature using a signature server different from the signature server 101, and the like. The signature server 101 may accept a response from the signer by e-mail or the like, or may issue a temporary account of the signature server 101 and cause the signature server 101 to respond.

  If there is a response from the signer to sign on the signature server 101, the signature environment determination program 110 accesses the client terminal 119 used by the signer to determine the signer's signature environment, and the signature Information about the environment is acquired (S804, S805). When there is a response to sign on the signing server 101, for example, the signer logs in to the signing server using the temporary account of the signing server 101 and selects to sign the signing request on the signing server 101. This is the case. For example, the signature server 101 may include a management program (for example, ActiveX (registered trademark), JAVA (registered trademark) applet, etc.) for acquiring a user's signature environment on a web page (such as an html file) of the signature server accessed by the user. ), And when the user responds to a signature server use request (for example, when a dedicated button on the Web page is pressed), the management program is downloaded to the user's client terminal.

  The client terminal executes the management program on the client terminal and stores the user signature certificate (for example, a certificate stored in a medium such as a USB or IC card connected to the client terminal, or in the client terminal) And the acquired information is transmitted to the signature server 101. As an example, when the signature server 101 makes a certificate acquisition or signature creation request to a USB or IC card connected to a client terminal, a standard server such as PKCS # 11 is used via a management program. Access is possible by using a command conforming to the IC card access interface. In the case of the certificate in the client terminal, it can be obtained by accessing the certificate store of the browser.

  The signature environment determination program 110 verifies the signer's signature environment acquired by the above-described method, and determines whether or not the signature environment is appropriate (S806). As a verification method, it is verified whether the acquired certificate is valid or whether the certificate is a certificate of the type specified in the item 405 of the signature condition information 114 in the signature request. Other verifications, for example, verification may be performed until the owner email address described in the certificate matches the email address specified in the item 402, or the sample data is signed.

  When the signing environment determination program 110 determines that the signing environment of the signer is appropriate, the signing environment determination program 110 issues an account for using the signing server 101 to the signer and requests the signer to sign with the account. The process proceeds to step S809 (S807, S808). Note that account issuance is not arbitrarily permitted, but may be controlled such that issuance is permitted only when the signature requester has the license 204.

  On the other hand, the signer's signature environment may not be appropriate. For example, when a medium such as a USB that stores a signer's certificate does not support an interface (such as PKCS # 11) for access from a management program (a correct response even if a predetermined command is sent to the medium) May not be able to obtain the signer's signature environment. In that case, in step S806, the signature environment determination program 110 determines that the signer's signature environment is not appropriate.

  If it is determined in step S806 that the signer's signature environment is not appropriate, the signature environment determination program 110 optimizes the signer's signature environment (S814). For example, if there is a problem with the certificate, such as when the certificate has expired or the certificate type 405 is incompatible, the signer is updated and the certificate server 101 is accessed again. To wait for notification. Also, the external server cooperation program 111 of the signature server 101 makes a request for issuing the certificate of the signer to the certificate issuing organization specified in the item 405 of the signature condition information 114, and issues a certificate to the signer. The certificate may be downloaded by accessing the organization, or the medium on which the certificate is recorded may be sent to the signer.

  On the other hand, in the case of a problem in which the signature environment cannot be obtained due to not being able to access the medium storing the signer's certificate, not the certificate problem, the signature environment determination program 110 has, for example, the signer's permission. In this case, the signature processing program (software token) is transmitted to the client terminal of the signer, and the signer is requested to sign using the software token (S814). If the signature environment cannot be acquired, it may be determined that the signer's signature environment cannot be optimized.

  If the signature environment is optimized, the process proceeds to step S807 (S815). On the other hand, if the signature environment cannot be optimized, the environment determination program 110 sends an error notification to the signer or signature requester, updates the status 306 (for example, an error state), and proceeds to step S811 (S816).

  If the signer does not sign on the signing server in step S804, the user cooperation program 109 requests the signer to sign on the signer side (S817). The signature on the signer side is, for example, a signature using signature software on the signer side or a signature using an original signature server on the signer side.

  When requesting a signature from the signer, the document to be signed and the signature condition information 114 may be transmitted to the signer by e-mail or the like, or a temporary account of the signature server 101 is issued and the signature server 101 You may download necessary information. Also, if there is no room for user selection in the signature condition information 114, for example, when only "confirmation" is permitted for the reason of signature, this information is embedded in the document in advance and sent to the signer. Also good.

  The user cooperation program 109 receives the signature document implemented by the signer and verifies it with the signature verification program 107 (S818). Specifically, it is verified whether or not the signature is applied so as to satisfy the items 401 to 407 of the signature condition 304 specified by the signature request information 113.

  When signing on the signer side without using the signature server 101, it is necessary to verify all items because the signature processing cannot be controlled on the signature server 101 side. Specifically, by looking at the received signature document, whether the reason for signing and the signer match the items 401 and 402, whether the signature deadline is observed, whether the signature field specified in the item 404 is signed, the signature It is verified whether the type of the certificate used for the item 405 matches the item 405, and whether the certificate verification information and the time stamp are added / not added to the signed document according to the designated signature condition. As a result of the verification, if it is determined that the received signature document is appropriate, the process proceeds to step S812 (S819).

  On the other hand, if it is determined that the received signature document is inappropriate, it is determined whether or not the inappropriateness is equal to or less than a predetermined number of times (for example, 3 times) (S820). Returning to S817, the signer is requested to re-sign. On the other hand, if it is determined that the improper number exceeds the specified number, an error notification is sent to the signer or signature requester, the status is updated, and the process proceeds to step S811 (S821).

  In step S819, if the certificate verification information of the signature condition information is “necessary” but the certificate verification information is not added to the signature document, the signature document is inappropriate. You may judge. However, the external server cooperation program 111 verifies the validity of the certificate used for the signature with the OCSP server 117, and if the certificate is valid, adds the verification result to the signature document and ends (signature The document may be determined to be appropriate). However, if the certificate is invalid or if the certificate has expired after the signer signed the signature and the external server linkage program 111 verified the validity of the certificate, the signing server 101 notifies the signer to sign again.

  In step S817, when signing is performed on the signer side, in addition to signing at the client terminal of the signer, signing is performed using a signature server of the provider different from the signature server of the company or the signature server 101. May be. In that case, the same processing method as described above may be used, or the following processing may be performed. Hereinafter, only a part (step S817) in which processing is different from the above will be described.

  Processing when a response is received from the signer that the signature is signed not by the signature server 101 but by another signing server designated by the signer (for example, designated by a URL) will be described. The signature server 101 issues a signature request notification including information such as who needs to sign under what conditions to another signature server. Specifically, the signature server 101 sends the signature request information 113 and the signature condition information 114 regarding the signer to another signature server together with the document to be signed. The other signing server specifies the signer based on the received information (for example, the signer's e-mail address described in the signature condition information), and notifies the signer to sign. Another signing server cooperates with the signer to sign based on the designated condition or input from the signer, and transmits the signature result to the signing server 101.

  Note that it is also possible to authenticate each other in communication between the signature server 101 and another signature server and accept only a request from a valid signature server. When the signer executes the signature, in order to detect and prevent falsification of the document, the signature server 101 acquires and stores the hash value of the document to be signed, and the signed document acquired from the signer It is also possible to compare or send a document to be signed after adding a signature for falsification detection.

  Even when the signer performs the signature, the signer's signature environment may be acquired and a signature request may be made only when it is valid, as in step S805. Also, when the signer's signature environment is partially incorrect (for example, the signer's certificate satisfies the signature condition, but other conditions, such as the certificate verification result cannot be added to the signed document) Even if there is a response to execute the signature on the signer side, it may be requested to execute the signature on the signature server 101. As for the acquisition of the signature environment, as described above, the signer's client terminal may be able to acquire the signature environment, or the signer information (email address, etc.) is sent to the signature server used by the signer. ) May be specified for acquisition.

  In addition, the signer may make a wrong response to the inquiry about the use of the signature server 101 in step S803. For example, there is a case where the signer wants to use the signature server 101 to sign but he / she replies that he / she signed by mistake on the signer side. In order to deal with such a problem, the signature server 101 issues an alert notification to the signature requester or the like when the signature document is not transmitted from the signer within a certain period of time, for example, or from the signer to the signature requester. A function for issuing an alert notification may be provided.

  In step S805, the signer's signature environment is acquired. For example, for a signer who has already acquired the signing environment, the signer's signature environment is fully trusted and the signer's signature environment is re-established. May not be acquired.

  As described above, according to the signature system in the first embodiment, the signer to be signed is identified, and it is determined whether the user is an internal user who is permitted to use the signature server. If the signer is determined to be an internal user, the computer used by the signer is requested to execute a signature using the signature server. If the signer is determined not to be an internal user, the computer used by the signer is requested. To inquire whether the signature server is necessary. If there is a response to the use of the signature server in response to an inquiry about the necessity of using the signature server, the signer's signature environment is acquired from the computer used by the signer, and the acquired signature environment is If it is determined to be inappropriate, the acquired signature environment is optimized. In response to an inquiry about whether or not the signing server is to be used, if the signer responds that the signer should implement the signature, it requests the signer to perform the signature on the computer used by the signer. At the same time, when it is determined that the signer's signature environment is appropriate, or when the signing environment is optimized, a request is made to execute a signature using the signature server. This makes it possible to request a signer to sign even if the signer has various signing environments. Therefore, even when the signer signs in a signature environment different from the signature server used by the signature requester in the signature request, the signer can sign with the signature condition intended by the signature requester.

  In addition, as a process for optimizing the signing environment, the signer uses a process for sending the signing process to the signer, or the signer performs a process for sending the signing process to the signer. You can sign in an appropriate signing environment.

  Also, in response to an inquiry as to whether or not the signature server should be used, if there is a response that the signer should implement the signature, the signature condition information indicating the signature condition, the signature request information indicating the signature request content, and The signature target document is transmitted to the computer used by the signer. As a result, the signer can execute the signature with the signature conditions intended by the signature request based on the received signature condition information, signature request information, and the document to be signed.

  In addition, since the signing server verifies whether the signature made by the signer satisfies the signing condition, even if the signing is performed on the signer side, the signing was performed under the conditions intended by the signer. It can be verified.

<Second Embodiment>
Next, a second embodiment of the present invention will be described. In the first embodiment, an example in which a signature request is made to one signer with a single signature request has been described. In the second embodiment, an example of requesting signatures from a plurality of signers in a workflow format will be described.

  The configuration of the signature system in the second embodiment is the same as the configuration of the signature system in the first embodiment (see FIG. 1). Therefore, a detailed description of the system configuration is omitted.

  An example of the signature condition information 114 used in the signature system in the first embodiment is shown in FIG. An example of the signature condition information 114 used in the signature system in the second embodiment is shown in FIG. Compared with the signature condition information shown in FIG. 4A, the signature condition information shown in FIG. 4B is added with an order 410 indicating the order of the signers as a new signature condition item. That is, not only one signer but also a plurality of signers such as a first signer and a second signer can be designated as signers.

  Note that, among the configurations and processes in the second embodiment, detailed descriptions of the same components as those in the first embodiment are omitted. Hereinafter, in the second embodiment, details of processing of a signature request to a signer will be described.

  FIG. 9 is a flowchart showing an example of processing for signature request, signature environment discrimination, signature implementation, and verification executed by the signature server 101 according to the second embodiment of the present invention. However, in the present embodiment, the same processing as the signature request, signature environment determination, signature execution and verification processing (see FIG. 8) of the first embodiment is cited, and only the differences are cited. explain.

  In step S812, the signature condition management program 108 updates the status 306 of the signature request information 113 (S901). The signature condition management program 108 determines whether or not the updated status 306 is “incomplete” (S902). If the status 306 is not “incomplete” but “completed”, the process advances to step S813 (S904).

  On the other hand, if the status 306 is “incomplete”, the next signer is determined, the process returns to step S801, and the next signer is requested to sign (S903). For example, when the signature condition information is as shown in FIG. 4B, the signer next to the first signer is the second signer. Ask the signer to sign. If the first signer and the second signer are to sign the same document, the second signer is requested to sign the document signed by the first signer.

  In the above signature request, the user who receives the signature request performs the signature. However, for example, the request may include a user who does not need to sign, such as a user who only browses the document. Further, in the present embodiment, in addition to the above processing, the processing in step S818 is different from that in the first embodiment. The details will be described below.

  The signature verification program 107 receives a signature document from the signer and verifies the signature. If the signature of the signer is correct as a result of the verification, the signature verification program 107 determines whether the signature document has a signature that was performed before the signature of the signer. For example, in FIG. 4B, when the signature condition 304 is condition 1, the first signer's signature exists before the second signer's signature. As described above, the signature server 101 may determine based on the signature condition information 104 or may determine by examining the contents of the signature document. The signature verification program 107 similarly verifies the signature of the signature performed before when the signature performed before the signature of the signer is included in the signed document. If the signature document prior to the signer's signature is not included in the signed document, the verification process ends.

  Subsequently, a modification of the second embodiment of the present invention will be described. In this modification, an example in which a new signature condition item is added to the signature condition information 114 will be described.

  FIG. 5A is a diagram illustrating an example of the signature condition information 114 in the present modification. Compared with the signature condition information 114 in the second embodiment shown in FIG. 4B, in the signature condition information 114 shown in FIG. 5A, a new signature condition item is used instead of the signature condition items 405 to 407. A signature standard 420 indicating a signature standard to be complied with is provided.

  The signature standard is a predetermined signature standard such as SAFE (registered trademark) or HPKI. The signature standard 420 is defined including a requirement 421 regarding the signature document content and other requirements 422 (see FIG. 5B). Requirement 421 for signed document content defines in what form the document needs to be signed in order to comply with the signature standard. The other requirements 422 are not requirements regarding the contents of the signature document, but define processing that the signature server 101 must perform in order to comply with the signature standard.

  In the example shown in FIG. 5B, two standards (standard 1 and HPKI) are defined, but other standards may be included. In item 421, the certificate type, the certificate verification information, and the time stamp are the same as those in FIGS. 4A and 4B.

  In FIG. 5B, the signature logo is image data indicating the appearance of the signature. The signature logo allows you to specify what image is displayed on the screen when the signature is executed.

  In the item 422 of FIG. 5B, “operation log” determines whether or not the signature server 101 needs to collect an operation log of a user who uses the signature server 101 such as a signer. “Archive of signature document” determines whether or not the signature server 101 needs to archive the signature document. For example, in the item 422, when the standard is 1, the operation log is “necessary”, and therefore the signature server 101 needs to operate to acquire the operation log of the signer.

  The items 421 and 422 may include definitions other than those described above. Items 421 and 422 are defined by the signature system administrator or the like in the signature system, or the definition information is acquired from the organization or the like defining the signature standard and set in the signature system. Things used by the signature requester. However, the present invention is not limited to this, and other setting methods may be used.

  In the following, processing of a signature request to a signer in a modification of the second embodiment will be described. The flow of processing is the same as in the second embodiment (see FIG. 8). In the following, only the different parts of the process, namely the implementation and verification of the signature will be described.

  In step S808, the signature server 101 requests the signer to sign on the signature server 101. For this reason, the signature server 101 determines the signature standard of the signer and operates so as to comply with the signature standard. Specifically, the other requirement 422 corresponding to the signer's signature standard is referred to, and if the operation log is “necessary”, the operation log from the signer is acquired and stored. If the signature document archive is “necessary”, the document is archived after the signature is completed. The operation log may be acquired from an earlier stage, for example, when the signature requester uploads a document. Further, as the operation log, not only the operation log of the signer but also the operation log of every user for the document to be signed may be taken. The signature is executed so as to satisfy the items 401 to 404, 410, and 420 as in the second embodiment.

  Regarding the verification of the signature, the processing when the signature is performed not on the signature server 101 side but on the signer side is different (corresponding to steps S817 and S818 in FIG. 8). In step S817, the signature server 101 requests the signer to sign on the signer side. At this time, the signature server 101 determines the signer's signature standard and notifies under what conditions the signature should be made so as to comply with the signature standard. Specifically, the information of the items 421 to 422 indicated by the items 401 to 404 and the item 420 is notified as signature condition information of the signer together with the document to be signed.

  The signature server 101 receives a signature document implemented by the signer and verifies the signature. Specifically, as in the second embodiment, it is verified whether the signature document is signed so as to satisfy the conditions of the items 401 to 404 and the item 421. Further, it is verified whether the condition of the item 422 is also satisfied. For example, if the operation log is “necessary”, it is verified whether the operation log information is sent together with the signature document. For the operation log, an electronic signature may be added to the operation log on the signer side in order to prevent falsification by a third party. If the signature document archive is “necessary”, it is verified whether the signature document archive is sent together with the signature document. If the signature document archive is not sent, the signature server 101 may perform the archive.

  In FIG. 5A, the signature standard of the first signer is “Standard 1”, and the signature standard of the second signer is “HPKI”. In this case, the signature server 101 performs an operation corresponding to “Standard 1” when performing / verifying the signature of the first signer, and “HPKI” when performing / verifying the signature of the second signer. The operation corresponding to is performed. For example, in the case of the signature condition information 114 shown in FIG. 5A, the signature server 101 operates such that an operation log is required for the first signer and an operation log is not required for the second signer. .

  In the case of a signature request for requesting signatures of a plurality of signers, if at least one of the signers has an element of item 412 of “required”, all the other signers also have “required” the element. You may make it process as. That is, the signature server 101 determines whether or not there are a plurality of signers of the signature request when making a signature request. In the case of a plurality of items, the item 422 which is a requirement of the signature standard 420 corresponding to each signer is checked. For each element of the item 422, if any one of the signers is “required”, the other signers are also processed as “required” in this signature request.

  For example, in the signature condition information 114 shown in FIG. 5A, since one of the first signer and the second signer is the operation log “necessary”, the operation log is also acquired for the second signer. The signing server 101 may determine the operation method described above by referring to the signer's signature standard for each operation request from the signer, and determine the current signing server operation method in each signature request. Operation setting information (for example, “compliant with“ Standard 1 ”and“ document archive is also “necessary” in combination with other signers ”) is provided separately, and the operation method can be determined based on that. Good.

  The signing standard 420 may be arbitrarily selected from a plurality of standards by the signer. In that case, the verification of the signature performed on the signer side can be determined by verifying which signature standard the signature matches with the requirements of each signature standard. Based on the certificate information, determine which signature standard is used (for example, determine the signature standard-the certificate issuing organization has correspondence information and determine which certificate was used) The standard may be verified. In addition, information about which signature standard is used may be received from the signer and the standard may be verified. In the first embodiment as well, a processing method using the above-described signature standard may be used.

  As described above, according to the signature system in the second embodiment, whether or not all signers have signed based on the signature condition information indicating the signature conditions when there are a plurality of signers to be signed. If it is determined that all the signers have not signed, the next signer is requested to execute the signature. Thereby, even when there are a plurality of signers as signature request targets, it is possible to make a signature request to all the signers.

  In addition, when requesting signature execution, the signature condition information including information related to the signature standard, which is a predetermined signature standard, is transmitted to the computer used by the signer, thereby requesting implementation of the signature according to the signature standard. be able to.

<Third Embodiment>
Next, a signature system according to the third embodiment of the present invention will be described. In the third embodiment, an example in which a request to a signer is processed by another signer on behalf will be described. For example, a pharmaceutical company or a medical institution sometimes outsources a part of business to an agency such as a CRO (contract organization for development work) or an SMO (clinical trial facility management organization). This embodiment relates to a signature request in the case of such consignment or proxy, for example.

  FIG. 11 is a diagram illustrating a configuration of a signature system according to the third embodiment. In FIG. 11, the software configuration of the signature server and the client terminal (program information stored in a memory or the like) is not shown, but it is the same as the configuration of the first embodiment or the second embodiment. The description is omitted.

  The signature system according to the third embodiment includes at least one signature server 1001 (or / and signature server 1002), at least one OCSP server 1003, at least one time stamp server 1004, and at least one without a signature function. Client terminal 1005 (or / and client terminal 1006) and one or more client terminals 1007 (or / and client terminal 1008). Note that, as in the first embodiment and the second embodiment, the company signature server 128 and other devices may be included.

  In response to a request from the client terminal 1005, the client terminal 1006 performs the work of the client terminal 1005. Upon receiving a request from the client terminal 1007, the client terminal 1008 performs the work of the client terminal 1008.

  Of the present embodiment, the same processing as the signature request, signature environment determination, signature execution and verification processing of the second embodiment will be described, and only the differences will be described.

  FIG. 10 is a flowchart showing an example of a signature request and substitution process performed by the signature system according to the third embodiment of the present invention.

  In response to the signature request execution request from the signature requester, the account management program 105 determines the signer based on the contents of the signature request. The user cooperation program 109 notifies the signer that there is a signature request by e-mail or the like, and inquires whether to perform the request processing by itself or substitute it (S911). If there is a response from the signer that does not act on behalf, the process proceeds to step S801. If there is a response to act on behalf, the designation of the agent is accepted from the signer and the request content is updated (S912, S913, S915).

  Specifically, the signing server 101 issues a temporary account to the signer or designates a substitute from the signer by using an existing account or the like. The proxy is designated by, for example, specifying an e-mail address or the like. The signature server 101 updates the signature request information 113 and the signature condition information 114 in response to the designation of the agent. The signature request information 113 is newly updated in the item 303, and the item 306 is updated accordingly if, for example, the number of signers increases.

  For the signature condition information 114, the signature condition of the signer who made the proxy request may be set as the signature condition of the proxy as it is, or the signature requester or the proxy requester may newly set the signature condition. Good. For example, in the signature condition information shown in FIG. 4B, when the first signer requests substitution, a signature condition of the substitution is newly created in a column between the first signer and the second signer. Set the same signature conditions as the first signer. In the signature condition of the first signer, a value indicating that it is in place is set.

  In the signature condition information, information for determining whether or not each signer is acting may be provided separately. In the signature condition information shown in FIG. 4B, when the first signer makes a proxy request, the signature request of the proxy is made to the second signer as the next signer. In addition, for example, after the proxy signing is performed, the proxy result may be once confirmed (approval, signature, etc.) by the first signer and then requested to be signed by the next signer.

  The user cooperation program 109 notifies the agent that there is a signature request by e-mail or the like, inquires whether or not to perform the signature request process by itself or proceeds to step SS912 (S914). Also in the first embodiment, a processing method for performing the above-mentioned signature substitution may be used.

  As described above, according to the signature system in the third embodiment, when a signature substitution request is received from a computer used by the signer, signature condition information indicating a signature condition and signature request content based on the substitution request Update the contents of the signature request information indicating the request, and request the computer used by the substitute to perform the signature. As a result, not the signer but the agent who performs the signature on behalf of the signer can be requested to execute the signature.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes a design that does not depart from the gist of the present invention.

DESCRIPTION OF SYMBOLS 101 ... Signature server, 102, 121, 129 ... Memory, 103, 122, 130 ... CPU, 104, 123, 131 ... I / F, 105 ... Account management program, 106 ... Signature generation program, 107 ... Signature verification program, 108 ... Signal condition management program, 109 ... User cooperation program, 110 ... Signature environment determination program, 111 ... External server cooperation program, 112 ... Account information, 113 ... Signature request information, 114 ... Signature condition information, 115 ... External server information, 116 ... Signature document information, 117 ... OCSP server, 118 ... Time stamp server, 119,120 ... Client terminal, 124 ... Signature generation program, 125 ... Signature verification program, 126 ... External server cooperation program, 128 ... Own signature server, 132 ... Signature generator 133, signature verification program, 134 ... external server cooperation program, 1001 ... signature server A, 1002 ... signature server B, 1003 ... OCSP server, 1004 ... time stamp server, 1005 ... client terminal A, 1006 ... client terminal C, 1007 ... Client terminal B, 1008... Client terminal D

Claims (18)

A signing server connected to one or more computers,
The signature server comprises one or more interfaces connected to the computer, a processor connected to the interface, and a memory connected to the processor,
The signing server
A signer identification part that identifies the signer of the signature request destination;
A user determination unit for determining whether the specified signer is an internal user permitted to use the signature server;
When the signer is determined to be an internal user, the computer used by the signer is requested to execute a signature using the signature server, and when the signer is determined not to be an internal user, A user cooperation unit that inquires of the computer used by the signer whether or not the signature server should be used;
If there is a response to the use of the signature server in response to an inquiry as to whether or not the signature server is to be used, the signature environment of the signer is acquired. A signature environment determination unit that optimizes the signature environment
With
The user cooperation unit uses the signature server when the signing environment determination unit determines that the signing environment of the signer is appropriate, or when the signing environment is optimized. In response to an inquiry about the necessity of use of the signature server, when the signer side responds that the signer side performs the signature, the user cooperation unit sends a signer to the computer used by the signer. Request a signature on the side,
A signature server characterized by that. The signature environment determination unit causes the signer to use an appropriate certificate for signing as a process for optimizing the signature environment, or transmits a signature processing program to a computer used by the signer. Process
The signature server according to claim 1. In response to an inquiry as to whether or not the signature server should be used, the user cooperation unit sends a signature condition information indicating a signature condition and a signature indicating a signature request content when there is a response that the signer performs a signature. Send the request information and the document to be signed to the computer used by the signer.
The signature server according to claim 1. The signature server further includes a signature verification unit that verifies whether a signature executed by a signer satisfies a signature condition.
The signature server according to claim 1. When there are a plurality of signers as signing request destinations, the user cooperation unit determines whether or not all the signers have signed based on signature condition information indicating a signature condition, and executes the signature. If it is determined that there is an unsigned signer, the next signer is requested to execute the signature.
The signature server according to claim 1. The user cooperation unit requests a computer used by the signer to perform a signature based on a signature standard;
The signature server according to claim 1. Upon receiving a signature substitution request from a computer used by the signer, the user cooperation unit receives signature condition information indicating a signature condition and signature request information indicating a signature request content based on the substitution request. Update and ask the computer used by the agent to sign
The signature server according to claim 1. One or more computers, a first signature server, an external server that is a separate server from the first signature server, and at least one of the one or more computers, the signature server, and the external server are connected. A signature system comprising:
The first signature server comprises one or more interfaces connected to the computer, a processor connected to the interface, and a memory connected to the processor,
The first signature server is
A signer identification part that identifies the signer of the signature request destination;
A user determination unit for determining whether the specified signer is an internal user permitted to use the first signature server;
If it is determined that the signer is an internal user, the computer used by the signer is requested to execute a signature using the first signature server, and it is determined that the signer is not an internal user. A user cooperation unit that inquires of the computer used by the signer whether or not the first signature server is to be used;
When there is a response to the use of the first signature server in response to an inquiry as to whether or not the first signature server is to be used, the signer's signature environment is acquired and it is determined that the acquired signature environment is not appropriate Then, a signature environment determination unit that optimizes the acquired signature environment,
An external server cooperation unit that acquires necessary information from the external server based on signature condition information indicating a signature condition;
With
If the signing environment determination unit determines that the signing environment of the signer is appropriate, or if the signing environment has been optimized, the user cooperation unit sets the first signature server. Requesting the use of the signature used, the user cooperation unit uses the signer when there is a response to the signer side to execute the signature in response to the inquiry about the necessity of using the first signature server. Ask the computer to sign on the signer side,
A signature system characterized by that. The signature system further includes a second signature server different from the first signature server,
When the first signature server responds to the inquiry about the necessity of using the first signature server with a response that the signature using the second signature server is performed, the signature condition information indicating the signature condition Sending the signature request information indicating the signature request content and the signature target document to the second signature server;
The signature system according to claim 8. A signature processing method using a signature server connected to one or more computers,
The signature server comprises one or more interfaces connected to the computer, a processor connected to the interface, and a memory connected to the processor,
The signature processing method is:
The signing server identifying a signer to be signed;
The signing server determines whether the identified signer is an internal user authorized to use the signing server;
If the signer determines that the signer is an internal user, the signing server requests the computer used by the signer to perform signing using the signing server;
If the signer determines that the signer is not an internal user, the signing server inquires of the computer used by the signer whether the signing server should be used;
If there is a response to use of the signature server in response to an inquiry about the necessity of use of the signature server, the signature server acquires the signer's signature environment and determines that the acquired signature environment is not appropriate Then, the step of optimizing the acquired signature environment,
When it is determined that the signing environment of the signer is appropriate, or when the signing environment is optimized, the signing server requests execution of a signature using the signing server; ,
In response to an inquiry about whether or not the signing server should be used, when the signer side responds that the signer should execute the signature, the signing server executes the signature on the computer used by the signer on the signer side Step to request,
A signature processing method. In the step of optimizing the signing environment, the certificate used by the signer is made a proper certificate, or a program for signing processing is transmitted to a computer used by the signer.
The signature processing method according to claim 10. In the step of requesting the signer to execute the signature, the signature condition information indicating the signature condition, the signature request information indicating the signature request content, and the signature target document are sent to the computer used by the signer. Send,
The signature processing method according to claim 10. The signature processing method is:
The signature server further comprises verifying whether a signature made by the signer satisfies a signature condition;
The signature processing method according to claim 10. The signature processing method is:
When there are a plurality of signers subject to signature request, the signature server determines whether or not all signers have signed based on signature condition information indicating a signature condition, and the signature is not signed And further comprising the step of requesting the next signer to perform the signature if it is determined that
The signature processing method according to claim 10. In the step of requesting signature execution to the computer used by the signer, the signature execution based on the signature standard is requested.
The signature processing method according to claim 10. The signature processing method is:
When the signature server receives a signature substitution request from the computer used by the signer, the signature server updates the signature condition information indicating the signature condition and the signature request information indicating the signature request content based on the substitution request. And further requesting the computer used by the agent to execute the signature.
The signature processing method according to claim 10. The signature processing method is:
The signature server further includes obtaining necessary information from an external server based on signature condition information indicating a signature condition;
The signature processing method according to claim 10. The signature processing method is:
In response to an inquiry about the necessity of use of the signature server, when there is a response to execute a signature using a signature server different from the signature server, the signature server includes signature condition information indicating a signature condition, Further including the step of transmitting signature request information indicating the contents of the signature request and a document to be signed to the other signature server,
The signature processing method according to claim 10.

Images