JP3622789B2 - General in-house personal authentication system - Google Patents

Description

【Technical field】
[0001]
The present invention relates to a general-purpose intra-organization personal authentication system for authenticating an individual belonging to an organization such as a company.
[Background]
[0002]
In recent years, with the development of computer networks and communication environments, businesses such as commercial activities represented by the Internet have become active. In addition to websites for consumer-to-business transactions such as shopping malls and auctions, there are also many sites for business-to-business transactions such as materials procurement, and various techniques such as settlement methods are associated with them. Has been developed.
In addition, in electronic commerce such as electronic procurement, a seller who wants to sell products and sell them, such as sending transaction information through the network, and in the case of selling or participating in bidding, etc. Without looking at each other, the procurement side is worried about whether the seller really exists or whether it has trust. For this reason, even a truly trustworthy business partner may lose the opportunity for commercial transactions due to the above problems.
DISCLOSURE OF THE INVENTION
[Problems to be solved by the invention]
[0003]
It is necessary to identify credit information, credit information, transaction history information, person information, region, price, payment conditions, other transaction condition information, and other information.
Moreover, although the example of the electronic commerce was given above, there are many other scenes in which information on companies and the like is determined.
For example, judgments regarding tendering of goods purchases and construction by companies and local governments in which companies participate, judgments on alliances with companies, contracts, decisions on mergers and joint ventures, etc. Even in this situation, it is necessary to accurately identify this information from an objective viewpoint.
For example, in the construction industry, bids can be restricted and screened by objective construction performance evaluation based on management item reviews, but there is no mechanism to replace management item reviews in other industries. In order to promote the digitization of goods procurement and application in an open environment, it is necessary to cooperate with a system that can obtain company information for grasping and judging the state of bid / application companies.
[0004]
Nowadays, various electronic signatures and electronic certificates for authentication have been developed in transactions and bidding using computer technology such as the Internet.
The Electronic Signature Law stipulates that a corporation that can authenticate a corporation and issue an electronic certificate is the Ministry of Justice's Commercial Registration and Certification Authority, and that a specific private certification authority authenticates individuals (natural persons).
However, an electronic certificate is issued to an individual who is a natural person. Therefore, even when individual authentication is performed and it can be proved that the person is a real person, the following serious problems remain.
That is, in most cases, a certificate at the person-in-charge level is required for procedures such as bidding and application for local governments and for procurement of private materials. At that time, the electronic certificate issued to the natural person cannot determine to which company the certificate owner belongs. In addition, the commercial registration authority is positioned like a company representative seal certificate, and only one certificate is issued to a company, and no certificate is issued to an individual company. For these reasons, work after accepting bids and applications and materials procurement work will not proceed smoothly.
Whether the individual really belongs to an organization such as a company, or even if he / she belongs, whether or not he / she has the authority to participate / determine / decide in transactions and bidding, etc. This is because it cannot be judged by itself. In addition, companies may retire or departments and positions may change, and it is necessary to respond to these updates and changes. In addition, companies themselves are often subject to mergers, bankruptcies, changes in credit information, and other changes.
[0005]
Therefore, the above-mentioned various problems are solved, and in the present invention, when authenticating an individual in transactions, bidding, contracts, etc. in an electronic space such as the Internet, the individual really belongs to an organization such as a company. It is an object of the present invention to provide a system that can authenticate whether or not there is an authority to participate, judge, and decide in transactions, bids, etc. even if he / she belongs.
Therefore, by incorporating a general-purpose company code or serial number into the electronic certificate and putting the company code, serial number, company personal information, company basic information, authority information, etc. into the authentication database, the company and individual information can be It is possible to authenticate in association with each other, and it is possible to authenticate individual business operators.
A further object of the present invention is to provide a system that allows a user to handle a single certificate even in a plurality of authentication systems such as a plurality of authentication sites with different operators.
[0006]
In the case of a conventional electronic certificate, a certificate for each authentication system is required. For example, there are a plurality of certificates for each municipality that performs electronic bidding, and a plurality of certificates for each service site. As a result, each user must have a dedicated certificate for each, which is cumbersome and inconvenient, trouble is expected, and the operator must issue his own certificate at high cost. did not become.
Here, if a general-purpose company code is incorporated into an electronic certificate and the use of an authentication database becomes open, there will be one authentication side for both the authentication side of operators such as local governments and companies, and the authenticated side of users such as bidders. It enables authentication work to be completed with a general-purpose electronic certificate.
Furthermore, in the present invention, by linking an authentication database for authentication using an electronic certificate and an organization information database of a company or the like, processing such as authentication can be performed based on the latest updated data at any time during authentication. It is also aimed to provide a simple system. Appropriate authentication processing can be performed by responding to retirement from a company, changes in departments and positions, and mergers, bankruptcies, changes in credit information, and other changes.
In addition, data can be collected, stored, and updated by the certification body, so that the authentication system of the present invention can be used without having to build a database individually for each WEB site that performs each authentication. Become.
[Means for Solving the Problems]
[0007]
In order to solve the above problem, in the invention according to claim 1,
A system in which information processing is performed by operation in a terminal such as a computer provided with input means, control means, display means, output means, storage means, etc.
An online data processing system such as a WEB server accessed from a user terminal;
A certification authority system connected to the online data processing system via a network,
The online data processing system is transmitted from a user terminal, Organization identification data such as general-purpose company codes, or serial numbers that identify individualsIncluding at least electronic certificate receiving means for receiving an electronic certificate, and authentication means for performing data transmission / reception with a certification authority system and performing user authentication processing,
The certification authority system includes an authentication database,AboveThe data stored in the authentication database includes organization identification data such as company codes, and individual authentication in the organization.A serial number identifying the individual,Personal authentication data including at least personal authority information in the organizationAssociated with,
AboveContains at least personal authority information extracted from the authentication databasePersonal authentication dataBased on the above, the above authentication means is included in the online data processing system.And includes at least authentication of personal authority information within the organizationIt is a general-purpose in-house personal authentication system that performs user authentication.
[0008]
In order to solve the above problem, in the invention according to claim 2,
The certification authority system is provided so as to be accessible from a plurality of online data processing systems, and user authentication for accessing online data processing systems such as a plurality of different WEB servers can be performed using the same electronic certificate. ,Claim 1It is a general-purpose in-house personal authentication system.
[0009]
In order to solve the above problem, in the invention according to claim 3,
The authentication database further includes information for each company identified by organization identification data such as a company code.Stored data including basic company information,Claim 1 or 2It is a general-purpose in-house personal authentication system.
[0010]
In order to solve the above problem, in the invention according to claim 4,
In the above certification authority system, a person having a predetermined authority of an organization such as a company holds an electronic certificate belonging to the organization.For each individual, within the organizationOrganization authority setting means to set personal authority is provided,
Contains at least personal authority information extracted from the authentication databasePersonal authentication dataBased on the above, the above authentication means is included in the online data processing system.And includes at least authentication of personal authority information within the organizationUser authentication,The method according to claim 1.It is a general-purpose in-house personal authentication system.
[0011]
In order to solve the above problem, in the invention according to claim 5,
In the certification authority system, which electronic certificate holder is the person who has the predetermined authority of the online data processing systemBy accessing the online data processing systemThere is a usage authority setting means to set whether or not it can be used,
Contains at least personal authority information extracted from the authentication databasePersonal authentication dataBased on the above, the above authentication means is included in the online data processing system.And includes at least authentication of personal authority information within the organizationPerform user authenticationDetermine whether it is available by accessing the online data processing system,Claim in any one of Claims 1-4It is a general-purpose in-house personal authentication system.
[0012]
In order to solve the above problem, in the invention according to claim 6,
The above authentication means is included in the online data processing system.Including at least authentication of personal authority information within the organizationUser authentication consists of user authentication for the availability of system and service usage, user authentication for authority over transactions, negotiations, contracts, etc., and user authentication for eligibility for bid participation and various applications / examinations. eitherIs,Claim 1-5It is a general-purpose in-house personal authentication system.
[0013]
In order to solve the above problem, in the invention according to claim 7,
Organization identification data such as general-purpose company codes and serial numbers that identify individuals are incorporated.The certification authority system is provided with usage authority application means for a user who owns an electronic certificate to access from the user terminal and apply for usage authority setting in the online data processing system to the usage authority setting means. ,Claim in any one of Claims 1-6It is a general-purpose in-house personal authentication system.
[0014]
In order to solve the above problem, in the invention according to claim 8,
The authentication database provided in the certification authority system is provided in cooperation with an organization information database that stores, stores, and updates organization information such as company information associated with organization identification data as a key. Reflecting updates and changesBased on the personal authentication data extracted from the authentication database and including at least personal authority information in the organization, the authentication means includes at least an authentication of the personal authority information in the organization in the online data processing system. The general-purpose in-house personal authentication system according to any one of claims 1 to 7It is characterized by being.
[0022]
【The invention's effect】
[0023]
BEST MODE FOR CARRYING OUT THE INVENTION
[0024]
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
The personal authentication system of the present invention is a system in which information processing is performed by operation on a terminal such as a computer provided with input means, control means, display means, output means, storage means and the like.
FIG. 1 is a system configuration diagram showing an example of a basic configuration of the system of the present invention.
An online data processing system such as a WEB server accessed from a user terminal, and a certification authority system connected to the online data processing system via a network.
The certification authority system uses an electronic certificate to perform an authentication process that combines organization identification data of a company or the like and personal authentication data, which is characteristic in the present invention, and operates the WEB site with the result of the authentication. Provide a function to return to the data processing system. Also, organization identification data of companies and the like and personal information belonging to the organization are linked to perform maintenance and management of data.
[0025]
The online data processing system accepts access from a user terminal at a WEB site, and performs electronic commerce, negotiations, bidding, contracts, and other data processing. In order to perform personal authentication of a user during data processing, it is provided to perform data processing in cooperation with the above-described certification authority system, and exchanges data for personal authentication with the certification authority system.
As a user terminal for connecting to the online data processing system, a computer terminal such as a personal computer or a workstation is usually used. In addition, user terminals include wireless communication terminals such as mobile phones equipped with a browser function that can be connected to the Internet, portable information terminals, Internet TVs, game machines, video conference systems, and other network connection functions. Widely includes appliances such as home appliances equipped with.
The computer terminal includes control means, storage means, input means, output means, display means, and the like. A computer network represented by the Internet has a function of transmitting and receiving conjunctions and data, and is usually provided with an application program such as a browser, e-mail software, and a word processor, and an operating system (OS).
[0026]
The online data processing system is usually composed of a server system, is connected to a communication means represented by the Internet, and is accessed from a user terminal connected to the communication means.
Here, the communication means includes a wide variety of forms such as the Internet, a network connected by a dedicated line, an intra-company LAN, an inter-company LAN, and a WAN. In addition, the form of the communication line used here widely includes forms of wired communication and wireless communication, and includes forms using satellite communication, Bluetooth, or the like.
Next, as an example of the configuration of the online data processing system, it can be configured by an application server, a database server, an authentication server, a WEB server, other mail servers as required, and other various devices. It is not limited to.
Each of these servers includes a form that is physically provided in the same apparatus, a form that physically includes a plurality of apparatuses, or a form that includes physically a plurality of apparatuses connected via a network. If a functionally similar function is realized, various forms are included.
[0027]
The online data processing system includes a WEB server that stores content data and a program to be accessed from a user terminal when accepting access from a user at a WEB site or the like via the Internet.
The content data includes a data file displayed on the WEB such as an HTML file and an XML file, a data file displayed on a mobile phone accessible to a WEB site such as a C-HTML file, and the like.
It is also possible to store character data files, audio data files, image data files, moving image data files, animation data files, and other various content data that are displayed or output by being inserted into these files. it can.
[0028]
A more specific example of the online data processing system is listed as follows.
This system is accessed by a user belonging to an organization such as a company, and performs ordering / contracting of inter-company transactions and other electronic commerce. In such a case, whether or not the accessed user is an individual belonging to the organization of the corresponding company or the like, or whether it is an individual belonging to the company and having authority for transactions, contracts, etc. When necessary, personal authentication is performed in cooperation with the certification body system.
Alternatively, the system is accessed by a user belonging to an organization such as a company and performs a bid such as delivery of an article, provision of a service, an order for construction, and participation in an estimate. For example, a case of accepting bid participation from a national or local government is an example. Even in such a case, whether the accessed user is an individual belonging to the organization of the corresponding company, etc., or whether it is an individual belonging to the organization and has authority to participate in bids and submit quotations, etc. When authentication is required, personal authentication is performed in cooperation with the certification authority system.
Alternatively, the organization is not limited to a company. For example, when a qualified person such as a lawyer or tax accountant is a user, a management group (lawyers association or tax accountant society) to which these qualified persons belong is an organization. Whether the accessing user is an individual who belongs to the organization of the relevant qualified person or an authorized individual in cases such as submission of various application documents and declaration documents using electronic data When authentication is required, personal authentication is performed in cooperation with the certification authority system.
These are all examples of the online data processing system, and the personal authentication system of the present invention can be used in various other forms.
The online data processing system is not limited to a WEB site configured by a WEB server. It can also be used for access by FTP or other methods, e-mail, peer-to-peer access, or other methods.
[0029]
The online data processing system is transmitted from a user terminal, Organization identification data such as general-purpose company codes, or serial numbers that identify individualsElectronic certificate receiving means for receiving an electronic certificate is provided.
The electronic certificate receiving means is an electronic certificate sent from the user terminal together with necessary data when applying for electronic commerce, applying for a contract, applying for bid participation, or other personal authentication is required for access from the user terminal. Receive the certificate. The received electronic certificate is stored in the online data processing system in the storage means together with the related data. The electronic certificate is issued to the certification authority system.Within the organizationUsed to make inquiries for personal authentication.
The online data processing system includes an authentication unit that transmits and receives data to and from the certification authority system and performs user authentication processing.
Sending electronic certificates from user terminals to online data processing systems
A user terminal having an electronic certificate transmits necessary information (such as what is necessary for commercial transactions, bids, etc.) to an online data processing system such as electronic commerce or a bid site as described above. Is sent with an electronic certificate attached or encrypted with the electronic certificate.
In the online data processing system such as the received WEB site, the authentication means uses organization identification information such as a company code included in the electronic certificate transmitted from the user terminal, or personal identification information such as a serial number for each individual. Is extracted and stored together with the received data of the required items. The organization identification information or personal identification information necessary for the authentication processing is transmitted to a later-described certification authority system, and the authentication processing is performed by referring to the authentication database.
Each piece of transaction condition information transmitted is securely protected by encrypted communication using an electronic certificate to which a company code is added.
[0030]
Here, authentication using an electronic certificate to which a company code is added is performed by individuals belonging to organizations such as companies that access transactions, bids, and other online data processing systems and transmit data.Organizational identification data such as general-purpose company codes, or electronic certificates that incorporate serial numbers that identify individualsReceived the grantDoIs.
FIG. 2 is a system configuration diagram showing an example of a configuration in which the certification authority system is provided so as to be accessible from a plurality of online data processing systems. User authentication for accessing online data processing systems such as a plurality of different WEB servers can be performed using the same electronic certificate.
Since the personal authentication system of the present invention performs authentication processing using organization identification data such as a general-purpose company code, it can be used universally in various online data processing systems. Each online data processing system such as an electronic commerce site and a bid site does not need to have an authentication database.
[0031]
Next, the certification authority system is provided with an authentication database.
The data stored in the authentication database includes at least organization identification data such as a company code and personal authentication data for authenticating an individual in the organization by associating the organization with the individual.Organization identification data such as a company code, a serial number for identifying an individual in order to authenticate an individual in the organization, and personal authentication data including at least personal authority information in the organization are associated with each other.
The organization identification data is organization identification data such as a general-purpose company code. As an example of a desirable form, the organization identification data is embedded in an electronic certificate. Correspondingly, data that associates an organization with an individual is stored in an authentication database. Remembered.
Further, it is desirable to store and manage company basic information in the authentication database.
As another form of data stored in the authentication database, there is a form in which an electronic certificate in which an organization identification data such as a company code is not incorporated as an electronic certificate and an individual serial number is used is used. It is done.
In this case, it is necessary to associate the organization and the individual by providing a correspondence table between the individual serial number and organization identification data such as a company code in the authentication database.
The authority information stored in the authentication database is, first of all, whether the individual to be authenticated belongs to a company or the like, or whether or not he / she has a predetermined authority There is authority information in the organization.
[0032]
In order to register and manage such authority information, the certification authority system has an organization authority setting means in which a person having a predetermined authority of an organization such as a company sets the authority of an individual who holds an electronic certificate belonging to the organization. Is provided.For each individual who holds an electronic certificate belonging to the organization, the authority of the individual within the organization is set.
When the administrator / responsible person of an organization such as a company establishes a function to set the authority of the electronic certificate holder in the organization, and the electronic certificate holder accesses the authentication system, Upon request, authority information for the associated “company” is provided. The authentication unit performs user authentication in the online data processing system based on authentication information including personal authority information in the organization extracted from the authentication database.
In addition, the second form of authority information is that an online data processing system such as a WEB site that conducts electronic commerce or bidding is used to apply for transactions or bids to organizations such as companies or individuals belonging to them. The authority of whether to give authority, such as participation, is given.
[0033]
When granting such authority information, the certificate authority system includes any electronic certificate holder who has the predetermined authority for the online data processing system.By accessing the online data processing systemUse authority setting means for setting whether or not to allow use is provided.
When the administrator / operator of the online data processing system has set up a function to set which electronic certificate holders can be used in their system, and the electronic certificate holder accesses the authentication system In addition, the set usage authority information is provided in response to a request from the authentication system.Based on the personal authentication data extracted from the authentication database and including at least personal authority information in the organization, the authentication means performs user authentication including at least authentication of the personal authority information in the organization in the online data processing system. The online data processing system is accessed to determine whether it can be used.
By setting such authority information, the use of attribute information as a person belonging to an organization such as a company, a public office, a group, or a school using a general-purpose digital certificate issued to an individual who is a natural person. Authentication can be performed based on the presence or absence of authority information. This is because it is necessary to issue an electronic certificate to a “business person” when using an electronic certificate in electronic bidding, electronic application, and inter-company electronic commerce between a company and the government. In order to issue and use an electronic certificate for a “business person”, a function of recognizing the existence certificate of the “company” to which the user belongs and the attribute information thereof is realized at the same time.
[0034]
An example of the electronic certificate used here is as follows, and is issued by a certification authority system connected to a network. The certification authority system is preferably a neutral third-party certification authority. In the system of the present invention, the issuing process can be performed in a certification authority system described later or a server linked therewith.
Various known schemes can be adopted as the electronic certificate, but a typical form is an electronic signature scheme based on a public key cryptosystem.
The public key cryptosystem is an encryption system that performs encryption and decryption (decryption) using a single key pair (public key and private key). What is encrypted with the private key can only be decrypted with the public key. A certification authority system, which is a trusted third-party organization, performs proof that the public key is definitely the original one. The certification authority issues an electronic certificate (electronic certificate) that proves the owner of the public key.
[0035]
In the personal authentication system of the present invention, the association between an individual who is a natural person and holds an electronic certificate and an organization such as a company belonging to the individual is performed using organization identification data such as a general-purpose company code. The preferred method should meet the following requirements:
First, it is possible to accurately specify which identification code corresponds to an organization information (company information) database that is generally distributed by an organization such as a company to which an individual who is an electronic certificate issuer belongs.
Second, when an organization such as a company to which an individual who is an electronic certificate issuer belongs is not recorded in a generally distributed company information database, an identification code is newly set. Needless to say, the identification code crosses the type of business and the business type, and needs to be managed and operated accurately.
Third, when the organization identification code is used, the minimum necessary information is disclosed free of charge, so that the information can be effectively used in an online data processing system using authentication.
[0036]
Next, an example of an electronic certificate issuance form performed by the certification authority system will be described.
First, the user terminal accesses the certification authority system, reports the public key to the certification authority system, and requests the issuance of an electronic certificate.
For example, in order for a user belonging to company A to register as a member, the user of company A must first apply for membership after entering the company name, name, romaji name, e-mail address, etc. in the certification authority system. Do.
The certification body confirms that it is based on a request from the principal. When there is an application for membership, the certification body system will examine Company A. However, in the examination, Company A may be examined using an existing company information database, etc. it can.
When the examination is passed, the information of the applicant user of the applicant company A is registered in the authentication database in the certification authority system in the certification database in the certification authority system.
When registering in the authentication database, when issuing an electronic certificate in response to an application from an affiliated organization (such as a company), the “principal” and the “corporate” to which it belongs are linked.
For connection with an organization such as a company, an identification code of a generally distributed company information database is used.
Incorporate a general company identification code into the electronic certificate.
Alternatively, for an electronic certificate that cannot incorporate a company identification key, a correspondence table between unique information stored in the electronic certificate such as a serial number and the company identification code of the company is used.
After registration, an electronic certificate (with public key) is sent to the user who requested it.
The above digital certificate, electronic certificate issuance processing, and configuration thereof are examples of desirable forms, and other forms of electronic certificates are used in the system of the present invention. be able to.
[0037]
The basic processing flow of the present invention will be described below with reference to FIG.
FIG. 3 is a system outline diagram showing an example of a basic processing flow of the system of the present invention.
First, as a precondition for authentication processing, applications and participation in transactions and bidding from online data processing systems such as WEB sites that conduct electronic commerce and bidding to organizations such as companies or individuals belonging to them In order to grant the right to determine whether or not to grant the right of use, the certificate authority system is accessed and the right information (use right information) is registered (S100).
Authority information (usage authority information) is used to determine whether the individual who is accessing the user belongs to the organization of the company or the like, and if it exists, authentication such as e-commerce or bidding The information is such that use is permitted by the processing.
In addition, when an administrator of an organization such as a company gives authority information (organization authority information) to whom authority is given among individuals belonging to the organization in advance, authority information (organization authority information) ) Is given, the information is such that if it actually exists, use is permitted by an authentication process such as electronic commerce or bidding.
[0038]
Next, user authentication processing in an online data processing system will be described. The contents of user authentication include, for example, user authentication regarding the availability of use of the system and services, etc., and whether the user has authority over transactions, negotiations and contracts Such as authentication, user participation regarding bidding and various application / examination qualifications.
The online data processing system is accessed from the user terminal, the data of the predetermined data items that the online data processing system requests for data input / transmission, such as application for electronic commerce and bid application, etc. are input, and the input electronic document Send. At this time, an electronic certificate is also transmitted (S101). If the electronic certificate is a private key method, the electronic document is encrypted (electronic signature) using this. The electronic certificate includes organization identification data such as a company code or a serial number for identifying an individual. Send electronic documents, ciphertexts, and public keys.
[0039]
Next, in the online data processing system, the electronic certificate receiving unit receives the data transmitted from the user terminal, decrypts the ciphertext using the attached public key, and verifies the signature. By comparing with the original electronic document, it can be confirmed that no unauthorized tampering has occurred.
At the same time, the authentication means makes an inquiry to the authentication database of the certification authority system in order to confirm that the owner of the private key corresponding to the public key has signed an electronic signature (S102). Based on the authentication information extracted from the authentication database and including at least personal authority information in the organization, the authentication means determines whether or not there is predetermined authority information, and performs user authentication in the online data processing system.
If the authentication database stores in advance the setting of which electronic certificate holder can use the person who has the predetermined authority of the online data processing system, the electronic certificate is stored. The registered user who owns the user through the user authentication inquiring to the certification authority system does not require user registration in each online data processing system.
It is desirable that the certification authority system provides attribute information of the associated “company” in response to an inquiry request from the online data processing system.
When the authentication is completed, the result is notified to the user terminal (S103), and transmission / reception of predetermined data necessary for data processing is performed.
As described above, the basic embodiment of the present invention enables personal authentication within an organization such as a company.
Further, even in a plurality of authentication systems (a plurality of authentication sites with different operators), the user only needs one certificate. In addition, since a general-purpose company code is incorporated in the electronic certificate and the use of the authentication database is open, there is one authentication side (operators such as local governments and companies) and one to be authenticated (bidders, users, etc.). Authentication work will be completed with a general-purpose electronic certificate.
[0040]
Next, an example of the flow of processing in another embodiment of the system of the present invention will be described with reference to FIG.
In a normal authentication operation using an electronic certificate, a user must be registered in advance and entered in an authentication database. New applicants can only use certificates after registering, and must register each time they bid for multiple local governments or use multiple services.
Therefore, as shown in FIG. 4, the usage authority application unit that the user who owns the electronic certificate accesses from the user terminal and applies the usage authority setting application in the online data processing system to the usage authority setting unit, It is desirable that the certificate authority system is provided.
Here, if there is an authentication database in which a general-purpose company code is embedded and the authorization information is entered (information on the other party to be permitted is registered in advance), the first registration is required. Users who have completed the certificate will then be able to bid on local governments and use the service site without having to register again. The WEB site side does not have to construct its own electronic authentication system.
[0041]
Next, an example of the flow of processing in this embodiment will be described with reference to FIG. 4 again.
This is a general-purpose application system that allows certificate holders (persons who own electronic certificates) to register at other sites by themselves.
When an application for setting usage rights in an online data processing system is approved and stored in the usage rights setting means, user authentication is performed for individuals who meet the specified conditions belonging to the organization to which the individual who owns the relevant electronic certificate belongs. Is recognized.
For example, when a certificate holder company (A) who has obtained a bid participation qualification in a certain local government (A) and is bidding with an electronic certificate is going to get a bid qualification in another local government (B) This is the case where the certificate holder itself, which is the user, takes action first, even if the publisher does not take action to pass authority information.
Upon obtaining the bid participation qualification of the local government A and accessing the certification body system (S200), the company A, which has been issued a certificate,
A registration application is made to the use application site (S201).
The company A's information is transmitted from the use application site to the tender site of the local government B (S202), the content is confirmed, and the qualification is examined. If it is OK, the company A can directly participate in bidding for the local government B (S203). This system can be an effective means when there is no advance data of each company on the site operator side.
[0042]
Next, an example of the flow of processing in another embodiment of the system of the present invention will be described with reference to FIG.
In FIG. 5, in an online data processing system including at least an electronic certificate receiving unit and an authentication unit, a data processing system is provided connected to a WEB site or the like that performs data transmission / reception and data processing via the Internet. The data processing system is a basic system in which an administrator who manages and operates a WEB site or the like performs data processing in the organization or the like. For example, a system for storing received data, a transaction, billing, accounting and other data processing, a system for managing user's customers, and the like are examples.
A data processing system that performs various data processing after user authentication uses organization identification data such as a company code used in the authentication database.
This makes it possible to seamlessly collaborate with electronic applications (acceptance), electronic contracts (start of transactions), and core systems (transactions to billing, etc.).
Ordinary electronic certificates are only specialized for authentication. After the authentication is completed, the site operator is forced to perform new work such as calling the customer's customer information and connecting it to the transaction information in order to proceed to the core business system (actual commercial transaction). If the use of the authentication database in which the electronic certificate is distributed and the company information is entered becomes open, the information of the company will be linked using the company code as a key after authentication. It is possible to proceed.
[0043]
Next, an example of the flow of processing in another embodiment of the system of the present invention will be described with reference to FIG.
In this embodiment, as shown in FIG. 6, the authentication database provided in the certification authority system is linked with an organization information database that stores, stores, and updates organization information such as company information associated with organization identification data as a key. Provided.
Companies are living creatures, and various changes such as mergers, bankruptcies, and dormancy can occur. However, for example, in the case of bidding by local governments, bankrupt companies and merged companies due to mergers lose their eligibility to participate in bidding, but the mechanism in which these fluctuation information and electronic certificates are linked is a commercial registration certificate authority or ordinary private certification. There is no station, and when such a situation occurs, a speedy response cannot be taken. In addition, an electronic certificate based on commercial registration cannot cope with company dormancy or unauthorized use of registration.
Here, when the company information is updated by linking the organization information (corporate information) database reflecting the change information of the company and the authentication database, the authentication database is updated at any time in real time or close to it. It is reflected (S300).
When there is a data update on a company that has become inaccessible to electronic application or electronic bidding due to bankruptcy or merger, a revocation list (CRL) is sent from the certification body system to the online data processing system (S301). The invalid processing list is stored in the online data processing system.
The online data processing system is accessed from the user terminal, the data of the predetermined data items that the online data processing system requests for data input / transmission, such as application for electronic commerce and bid application, etc. are input, and the input electronic document Is transmitted (S302). At this time, the electronic certificate is also transmitted, and in the online data processing system, the electronic certificate receiving means receives the data transmitted from the user terminal.
Next, when verifying the signature, a warning can be issued on the authentication system by checking with the invalid processing list (S303). If it is not in the invalid processing list, normal authentication processing is performed.
This enables the site operator to interact only with qualified users. User authentication that reflects the updating and fluctuation of organization information such as companies is enabled.
[0044]
Next, an example of the flow of processing in another embodiment of the system of the present invention will be described with reference to FIG.
In the present embodiment, the online data processing system is provided with a user database of customers and the like.
Companies vary, such as changing the trade name and address, but in a normal authentication system, maintenance is complicated (or impossible), and information at the time of registration is often left as it is.
Here, by connecting the organization information (company information) database that reflects the company's fluctuation information and the authentication database, the authentication database is updated and reflected at any time in real time or close to it when data is updated. (S400). If the data has been updated, the certification authority system provides the updated data by transmitting it to the online data processing system (S401), and updates the user database (S402). Information such as trade name changes and address changes can be provided, and the customer database on the site operator side can be maintained.
The update / variation of the organization information database for storing / accumulating / updating the organization information such as company information provided in cooperation with the authentication database can be used for the update / variation of the user database.
The customer database can be maintained, and the latest data can be referred to when the online data processing system is accessed from the user terminal (S403) and the authentication process is performed.
Next, an example of the flow of processing in another embodiment of the system of the present invention will be described with reference to FIG.
For example, in the construction industry, bids can be restricted and screened by objective construction performance evaluation based on management item reviews, but there is no mechanism to replace management item reviews in other industries. In order to promote the digitization of goods procurement and application in an open environment, it is necessary to cooperate with a system that can obtain company information for grasping and judging the state of bid / application companies.
[0045]
Here, by associating the organization information (company information) database having the credit information of the company with the authentication database, the site operator can check the credit status of each user. Moreover, if qualified screening information as authority information is input in the authentication database in advance, automatic company selection is possible.
In the present embodiment, the data stored in the organization information database includes organization credit information such as corporate credit information.
Organizational credit information includes, for example, a third party investigator providing basic information on companies, organization information, transaction volume and payment results, delivery results, other transaction information, financial information, member information, and other important information. Including quantitative or qualitative information. Further, based on such information, it is possible to store, store, and update indexes, scores, rankings, and other credit information indicating credit information.
In the present embodiment, it is desirable that the authority information stored in advance in the authentication database includes qualifying screening information based on credit information.
The qualifying screening information is data that is used as a reference for each online data processing system to perform screening processing based on the organization credit information in order to determine the qualification of the other party such as a transaction or a bid. It is characterized by narrowing down prospects by making judgments based on whether the transaction is possible, whether it is possible to bid, or priority, etc. To do.
In this case, first, data for determining a reference value or rating value table or the like is created beforehand from company information.
The reference value is, for example, a value such as a numerical value that is a criterion such that a rating of 50 points or more is not traded, and the rating value is a rank classification that is a determination criterion such as a rank of A that is 70 points or more. .
In the system of the present invention, in addition to the above-described reference value or rating value, various scales that serve as criteria for determination can be set in advance.
In addition, the allowable value can be changed on a case-by-case basis for the data on which the determination is made.
Thereby, in the data processing in the online data processing system, screening processing based on credit information is possible.
[0046]
Next, the company information acquisition agent extracts information (company code or the like) for acquiring company information from the transaction condition information to which the company code is added, and makes a search request to the company information providing server. In the search request, the merged data is transmitted to the company information acquisition server for acquiring company information in real time or batch processing.
Referring to FIG. 8, the organization credit information stored in the organization information database is stored in association with the data stored in the authentication database and organization identification data such as a company code. Extraction / reference is enabled (S500).
When performing an automatic screening process, eligible screening information is set and stored in advance in the authentication database from the online data processing system (S501).
The online data processing system is accessed from the user terminal, the data of the predetermined data items that the online data processing system requests for data input / transmission, such as application for electronic commerce and bid application, etc. are input, and the input electronic document Is transmitted (S502). At this time, the electronic certificate is also transmitted, and in the online data processing system, the electronic certificate receiving means receives the data transmitted from the user terminal.
Next, an inquiry is made to the authentication database (S503), and information including credit information of the organization such as the corresponding company is extracted using the company code or the like (S504). The data retrieved and extracted using the company code as a key is company information, and information such as sales and scores. In some cases, the data to be returned is only the judgment itself (YES / NO, etc.).
Using the credit information acquired in this way, the transaction availability, bid availability and priority are determined. Through the processing as described above, based on the rating value or limit value table, etc., the possibility of trading, judgment based on the priority order, etc. are performed to narrow down the promising destinations.
Next, the determination result obtained in the online data processing system from the data obtained as a result of the authentication period system notifies the company or the like who has transmitted information and applied for a transaction.
[Industrial applicability]
[0047]
As described above in detail, according to the present invention, when authenticating an individual in transactions, bidding, contracts, etc. in an electronic space such as the Internet, does the individual really belong to an organization such as a company? It is possible to provide a system capable of authenticating whether or not he / she has the authority to participate / determine / determine in transactions or bidding even if he / she belongs.
Therefore, by incorporating a general-purpose company code or serial number into the electronic certificate and putting the company code, serial number, company personal information, company basic information, authority information, etc. into the authentication database, the company and individual information can be It is possible to authenticate in association with each other, and it becomes possible to authenticate individual business operators.
Furthermore, according to the present invention, it is possible to provide a system that a user can handle with a single certificate even in a plurality of authentication systems such as a plurality of authentication sites with different operators. If a general-purpose company code is incorporated into an electronic certificate and the use of an authentication database becomes open, one general-purpose electronic certificate is provided for both the authentication side of operators such as local governments and companies, and the authenticated side of users such as bidders. The authentication work can be completed with the certificate.
Furthermore, according to the present invention, by linking an authentication database for authentication using an electronic certificate and an organization information database of a company or the like, processing such as authentication can be performed based on the latest updated data at any time during authentication. Possible systems can be provided. Appropriate authentication processing can be performed by responding to retirement from a company, changes in departments and positions, and mergers, bankruptcies, changes in credit information, and other changes.
In addition, data can be collected, stored, and updated by the certification body, so that the authentication system of the present invention can be used without having to build a database individually for each WEB site that performs each authentication. Become.
[Brief description of the drawings]
[0044]
FIG. 1 is a system configuration diagram showing an example of a basic configuration of a system of the present invention.
FIG. 2 is a system configuration diagram showing an example of a configuration in which a certification authority system is provided so as to be accessible from a plurality of online data processing systems.
FIG. 3 is a system outline diagram showing an example of the basic processing flow of the system of the present invention.
FIG. 4 is a system outline diagram showing an example of a basic processing flow of an embodiment of the system of the present invention.
FIG. 5 is a system outline diagram showing an example of a basic processing flow of an embodiment of the system of the present invention.
FIG. 6 is a system outline diagram showing an example of a basic processing flow of an embodiment of the system of the present invention.
FIG. 7 is a system outline diagram showing an example of a basic processing flow of an embodiment of the system of the present invention.
FIG. 8 is a system outline diagram showing an example of a basic processing flow of an embodiment of the system of the present invention.

Claims (8)

A system in which information processing is performed by operation in a terminal such as a computer provided with input means, control means, display means, output means, storage means, etc.
An online data processing system such as a WEB server accessed from a user terminal;
A certification authority system connected to the online data processing system via a network,
The online data processing system includes an electronic certificate receiving unit that receives organization identification data such as a general-purpose company code transmitted from a user terminal , or an electronic certificate incorporating a serial number for identifying an individual , Including at least authentication means for performing data authentication with the certification authority system and performing user authentication processing,
The said certification authority system, the authentication database is provided, the data to which the authentication database is stored, the serial number identifying the individual to authenticate the tissue identification data such as company code, the individuals within the organization, Is associated with personal authentication data that includes at least personal authority information within the organization ,
The extracted from the authentication database, based authority information of the individual within the organization to the personal authentication data including at least said authentication means is have your online data processing systems, users, including at least the authentication authority information of the individual within the organization A general-purpose in-house personal authentication system characterized by performing authentication. The certification authority system is provided so as to be accessible from a plurality of online data processing systems, and user authentication for accessing online data processing systems such as a plurality of different WEB servers can be performed using the same electronic certificate. characterized in that, general tissue personal authentication system of claim 1. 3. The general-purpose data according to claim 1 , wherein data including basic company information for each company identified by organization identification data such as a company code is further stored in the authentication database. In-house personal authentication system. The certification authority system includes an organization authority setting means for a person having a predetermined authority of an organization such as a company to set an authority of an individual in the organization for each individual who holds an electronic certificate belonging to the organization. And
Extracted from the authentication database, based authority information of the individual within the organization to the personal authentication data including at least said authentication means is have your online data processing system, comprising at least user authentication certification authority information of the individual within the organization The general-purpose in-house personal authentication system according to any one of claims 1 to 3, wherein: Use in the certification authority system to set which electronic certificate holder who has the predetermined authority of the online data processing system can access and use the online data processing system Authority setting means,
Extracted from the authentication database, based authority information of the individual within the organization to the personal authentication data including at least said authentication means is have your online data processing system, comprising at least user authentication certification authority information of the individual within the organization gastric row, and wherein the determining whether available by accessing the online data processing systems, general tissue personal authentication system according to any one of claims 1 to 4. The means of authentication is carried out have your on-line data processing system, at least including user authentication to authenticate the authority information of individuals in the organization, user authentication for the availability of use, etc. of systems and services, transactions and negotiations and contracts 6. The general purpose according to any one of claims 1 to 5 , characterized in that it is any one of user authentication for the presence / absence of authority to the user, and user authentication for the presence / absence of qualification for bid participation and various applications / examinations. In-house personal authentication system. And tissue identification data such as general corporate code, the user who owns the electronic certificate and the serial number has been incorporated for identifying the individual access from the user terminal, online data processing system with respect to the usage authority setting means The general-purpose in-house personal authentication system according to any one of claims 1 to 6 , characterized in that use authority application means for applying for use authority setting is provided in the certification authority system. The authentication database provided in the certification authority system is provided in cooperation with an organization information database that stores, stores, and updates organization information such as company information associated with organization identification data as a key. Based on personal authentication data extracted from the authentication database and including at least personal authority information in the organization, reflecting the update / variation , the above-mentioned authentication means uses the online data processing system to identify the personal authority information in the organization. 8. The general-purpose intra-organizational personal authentication system according to claim 1, wherein user authentication including at least authentication is performed .

Images