JP4413886B2 - Workflow system using electronic envelope - Google Patents

Description

  The present invention relates to a workflow system and method for performing a series of business processes involving a plurality of departments and people, and more particularly to a workflow system and method using an electronic envelope.

  With the spread of the Internet and LAN (Local Area Netwrok), a workflow system has been constructed to perform a series of business processes involving a plurality of departments and people. In a workflow system, when a person in charge accesses a core business server every time a work is processed, processing requests from clients are concentrated on the server, which not only increases the processing time but also causes the server to stop. In order to generate | occur | produce, the various methods of reducing the load of a server are used.

  As one technique for reducing the load on the server, a technique for making the client server system multi-tiered is known. For example, in a three-tier client server system, the core business server is not composed of a single server, but includes three servers: a Web server that serves as a window for clients, an application server that executes processing, and a database server that stores data. The process is made efficient by separating the server that is configured as a server and the server that executes the process.

An invention is also disclosed in which a plurality of servers having the same function are used to distribute the load on each server. For example, Patent Document 1 is an invention in which the number of clients accessing each server is managed as a load, and a processing request from a client is assigned to a server having the least load among a plurality of servers.
JP 2002-269061 A

  However, the above-described technology includes a technology for increasing the processing capability of the core business server or a server having a plurality of the same functions as a technology for reducing the load on the core business server of a client server system constructed for a workflow system or the like. This is a technique for distributing the load by using the server, and the process executed by the server cannot be processed by the client. Actually, among the processes executed by the core business server, there is a process that is better if the client processes a part of the content processed by the core business server.

  For example, it is a check of an attached file transmitted from the client. When sending multiple attachment files from the client to the core business server, send the attachment files from the client one by one to the core business server, check the attachment files sent from the client on the core business server side, The linking process is performed.

  If there is a mistake in one of the attached files sent from the client, there is a case where the processing on the core business server side becomes complicated and a problem occurs. For this reason, it is desirable that the attached file can be checked by the client rather than the server.

Accordingly, the present invention provides in a workflow system to perform a series of task processing according a plurality of departments and people, against the core business server client, the workflow system may delegate part of the processing according to the workflow For the purpose.

A first invention for solving the above-described problem is a workflow system configured by using an electronic envelope and connecting a server and a client to a network. The electronic envelope is included in the electronic envelope. The data includes all or a part of the data to be included in the electronic envelope as target data, and includes a tag describing a control code indicating the processing content executed by the client on the target data. An electronic envelope utilization unit that interprets the control code and executes processing corresponding to the control code for the target data, and the server includes an electronic envelope processing unit that processes the electronic envelope received from the client. The electronic envelope includes the target data as an attachment file, and a plurality of attachment files embedded in the electronic envelope. Tag describing the input field A for the user to select the serial client, and tags describing the control code A indicating the predetermined processing relating to checking of the attachment, the digital signature predetermined digital signature of the attachment A tag that describes a control code B indicating processing to be generated in accordance with a generation algorithm, and a tag that embeds the attached file and the digital signature in the electronic envelope, and the electronic envelope using means of the client includes the control code A In accordance with the digital signature generation algorithm indicated by the control code B using the digital signature generation key corresponding to the attachment file, after checking each of the attachment files selected in the input field A according to the input field A Digital signature of the attached file entered in Generates, the attachments and associate the digital signature to at least perform the process of embedding a predetermined tag of digital envelope, as the control code A, the electronic envelope, the control code indicating the file name of the attachment The electronic envelope using means executes a process of confirming that the file name of the attached file included in the electronic envelope matches the file name indicated by the control code. It is a workflow system.

Furthermore, the second invention is a workflow system configured by using an electronic envelope and a server and a client connected to a network, wherein the electronic envelope includes data contained in the electronic envelope, and the electronic envelope. All or part of the data included in the target data is included as a target data, and a tag describing a control code indicating the processing content executed by the client for the target data is included. The client interprets the control code. The electronic envelope using means for executing processing according to the control code for the target data, the server includes electronic envelope processing means for processing the electronic envelope received from the client,
The electronic envelope includes a tag describing an input field A for allowing the user of the client to select a plurality of attachment files to be embedded in the electronic envelope as the target data, and a predetermined check related to the attachment file check. A tag describing a control code A indicating the process of the above, a tag describing a control code B indicating a process of generating a digital signature of the attached file according to a predetermined digital signature generation algorithm, the attached file and the digital signature At least a tag embedded in an electronic envelope is included, and the electronic envelope using means of the client checks each of the attached files selected in the input field A according to the control code A, and then selects a digital corresponding to the attached file. Indicated by the control code A using a signature generation key According to a digital signature generation algorithm, a digital signature of the attached file input in the input field A is generated, and at least a process of associating the attached file with the digital signature and embedding it in a predetermined tag of an electronic envelope is performed, and the control As the code A, the electronic envelope includes a control code indicating the maximum capacity of the attached file, and the electronic envelope using means indicates the capacity of the attached file included in the electronic envelope by the control code. It is a workflow system characterized by executing a process for confirming that the capacity is below the maximum capacity .

Furthermore, the third invention is a workflow system configured by using an electronic envelope and a server and a client connected to a network, wherein the electronic envelope includes data contained in the electronic envelope, and the electronic envelope. All or part of the data included in the target data is included as a target data, and a tag describing a control code indicating the processing content executed by the client for the target data is included. The client interprets the control code. The electronic envelope using means for executing processing according to the control code for the target data, and the server includes electronic envelope processing means for processing the electronic envelope received from the client. Uses the target data as an attachment file, and uses a plurality of attachment files embedded in the electronic envelope as a user of the client. A tag that describes an input field A for selection, a tag that describes a control code A indicating a predetermined process related to the check of the attached file, and a digital signature of the attached file is generated according to a predetermined digital signature generation algorithm A tag that describes a control code B indicating processing to be performed, and a tag that embeds the attached file and the digital signature in the electronic envelope are included, and the electronic envelope using means of the client performs the input according to the control code A After checking each of the attached files selected in the field A, using the digital signature generation key corresponding to the attached file, the digital file is input in the input field A according to the digital signature generation algorithm indicated by the control code A. Generate a digital signature of the attached file and attach the attached file. At least a process of associating the file with the digital signature and embedding it in a predetermined tag of the electronic envelope, and as the control code A, the electronic envelope includes a control code indicating a data format of the attached file, The envelope utilization means is a workflow system that executes processing for confirming that the data format of the attached file included in the electronic envelope is a data format indicated by the control code .

Furthermore, a fourth invention is a workflow system configured by using an electronic envelope and a server and a client connected to a network, wherein the electronic envelope includes data included in the electronic envelope, and the electronic envelope. All or part of the data included in the target data is included as a target data, and a tag describing a control code indicating the processing content executed by the client for the target data is included. The client interprets the control code. The electronic envelope using means for executing processing according to the control code for the target data, and the server includes electronic envelope processing means for processing the electronic envelope received from the client. Uses the target data as an attachment file, and uses a plurality of attachment files embedded in the electronic envelope as a user of the client. A tag that describes an input field A for selection, a tag that describes a control code A indicating a predetermined process related to the check of the attached file, and a digital signature of the attached file is generated according to a predetermined digital signature generation algorithm A tag that describes a control code B indicating processing to be performed, and a tag that embeds the attached file and the digital signature in the electronic envelope are included, and the electronic envelope using means of the client performs the input according to the control code A After checking each of the attached files selected in the field A, using the digital signature generation key corresponding to the attached file, the digital file is input in the input field A according to the digital signature generation algorithm indicated by the control code A. Generate a digital signature of the attached file and attach the attached file. A control code indicating the number of attached files included in the electronic envelope as the control code A And the electronic envelope using means executes a process for confirming that the number of the attached files included in the electronic envelope is the number indicated by the control code. It is.

  According to the above-described present invention, the electronic envelope includes the input field A for allowing the user to select the attached file as the target data, and a tag indicating a control code indicating a predetermined process related to checking the attached file. The electronic envelope using means included in the client interprets the control code and executes the process indicated by the control code in the attached file selected by the user using the input field A. Thus, as long as the control code is described in the electronic envelope, the core business server can delegate a predetermined process related to the check of the attached file as a process related to the workflow. it can.

  Further, by including the control code for digital signature in the electronic envelope, various conditions relating to generation of the digital signature can be easily set. For example, the digital signature generation key used for each target data can be changed, or the same digital signature generation key can be used for all the target data. When the same digital signature generation key is used for all the target data, the user only has to select one digital signature generation key, so the workload of the user can be reduced.

It should be noted that a control code for confirming the file name, capacity, and data format of the attached file and the number of files of the attached file should be included as a control code indicating a predetermined process relating to the check of the attached file. By checking the file name, capacity, and data format of the attached file and the number of files of the attached file in advance on the client side, troubles of the core business server due to the lack of the attached file can be reduced. .

  Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram for explaining the configuration of a workflow system to which the present invention is applied. In the workflow system shown in FIG. 1, a plurality of clients 2 used by a user and a core business server 1 are connected via a network 4.

  An application for using the electronic envelope 3 is installed in each of the core business server 1 and the client 2. Further, workflow definition data in which a control code indicating the contents of processing of the electronic envelope 3 by the client 2 is described is embedded in the electronic envelope 3.

  When the electronic envelope 3 is processed by the client 2, the application installed in the client 2 interprets the control code embedded in the electronic envelope 3, and the processing indicated by the control code is executed, whereby the electronic envelope 3 Attachments embedded in are checked.

  FIG. 2 is a block diagram of the workflow system shown in FIG. The core business server 1 includes an electronic envelope database (DB: DataBase) 12 for storing the electronic envelope 3, an electronic envelope providing means 10 for providing the electronic envelope 3 to the client 2, and an electronic envelope transmitted from the client 2. 3 is an electronic envelope processing program 11 that is an application for processing 3.

  Each client 2 receives the electronic envelope 3 from the core business server and uses an electronic envelope utilization program 20 that is an application for using the received electronic envelope 3 and an attached file 5 attached to the electronic envelope 3. And information storage means 21 (for example, a hard disk) for storing the electronic envelope 3 and the like.

  The electronic envelope providing means 10 provided in the core business server 1 is realized by a website serving as a window for processing application work, and the electronic envelope providing means 10 sends the electronic envelope 3 requested by the client 2 to the client. 2 is transmitted. The electronic envelope 3 transmitted to the client 2 is stored in the electronic envelope database 12 provided in the basic business server 1.

  FIG. 3 is a diagram for explaining the structure of the electronic envelope 3 stored in the core business server 1. As shown in FIG. 3, the electronic envelope 3 includes a header field 30 in which data related to the format of the electronic envelope 3 and the like are stored, a message field 31 in which the contents of the electronic envelope 3 are described, and the entire electronic envelope 3. It has a signature field 32 in which a digital signature is stored. In addition, the structure of the electronic envelope 3 shown in FIG. 3 is only an example, and the structure of the electronic envelope 3 can be changed arbitrarily.

  The message field 31 of the electronic envelope 3 includes form data 310 that is data for displaying the electronic form of the electronic envelope 3 on the client 2 and workflow definition data 311 that defines the workflow. In the workflow definition data 311, a message for displaying an input field for inputting data in the client 2 and a control code indicating processing in the client 2 are described.

  The form data 310 is data for electronically displaying the application form on the client, and the electronic envelope utilization program 20 provided in the client 2 opens the electronic envelope 3 and reads the form data 310 so that the client 2, the electronic form of the electronic envelope 3 is displayed.

  The form data 310 is not provided with an input field for inputting data, and the message for displaying the input field is described in the workflow definition data 311 as described above.

  FIG. 4 is a diagram illustrating an example of the workflow definition data 311. The workflow definition data 311 is described in a structured document such as XML, and a work to be processed by the client 2 is defined by a <Work> tag 60.

  The WorkID attribute of the <Work> tag 60 is data for identifying the <Work> tag 60 and is “01” here. The Activity attribute of the <Work> tag 60 is data for identifying the client 2 and is “01” here. The value of the Operation attribute is data indicating completion of the work. Here, “unexec” means incomplete, and “exec” means completion. The value of the Operation attribute is rewritten from “unexec” to “exec” by the processed client 2, and the electronic envelope 3 is returned to the business backbone server 1.

  In the <Work> tag 60, a message for displaying the input field is described in the <InputField> tag 61, and a control code indicating the processing content of the input data is described in the <ControlCode> tag 62.

  FIG. 5 is a diagram for explaining a message related to an input field, FIG. 5 (a) is a diagram for explaining a message for displaying an input field, and FIG. 5 (b) is described in the form data 310 and input in the input field. 7 is a diagram for explaining a message for embedding the processed data in the electronic envelope 3. FIG.

  As shown in FIG. 5A, a message for displaying an input field displayed on the client 2 is described by a <Form> tag 63 as in XML and the like. The name attribute of the <Form> tag 63 is a variable name of data input by the <Form> tag 63 and can be referred to from other tags. Here, at least an input field for selecting the attached file 5 is described in a <Form> tag 63.

  When embedding a plurality of attached files 5 in the electronic file 3, a <Form> tag 63 is described in an <InputField> tag 61 for each attached file 5 embedded in the electronic envelope 3. Further, when generating a digital signature for the attached file 5, a <From> tag 63 for selecting a digital signature key used for the digital signature is described in the <InputField> tag 61, and a different digital for each attached file 5. When it is desired to use a signature key, a plurality of <From> tags 63 for selecting a digital signature key used for a digital signature are described in an <InputField> tag 61. Also, when a digital signature key common to all attached files 5 is to be used, one <From> tag 63 for selecting a digital signature key used for one digital signature is described in an <InputField> tag 61 Is done. Since the <InputField> tag 61 is not included in the form data 310, the data input method can be changed even for the same form data 310.

  FIG. 5B illustrates a message for embedding data input in the input field in the electronic envelope 3. In the form data 310, <Item> is used to embed data input in the input field. A tag 64 is described. Data input in the input field described in the <Work> tag 60 is embedded between <Item> tags 64 whose ItemID attribute has the same value as the WorkID attribute.

 When embedding the attached file 5, an <Attachment> tag 65 is described between the <Item> tags 64, and the variable name of the attached file 5 embedded in the electronic envelope 3 is indicated by the name attribute of the <Attachment> tag 65. For example, the attached file 5 selected in the input field of FIG. 5A and having the variable name “kosekitouhon” is compressed as described later and embedded in the <Attachment> tag 65 whose name attribute is “kosekitouhon”. It is.

  FIG. 6 shows a control code for processing the attached file 5. As shown in FIG. 6, the control code is expressed using a tag, and the contents of the processing executed by the electronic envelope utilization program 20 of the client 2 are indicated by the name of the tag.

  A <SignatureInfo> tag 70 is a tag describing a control code related to a digital signature, an <AlgorithmID> tag 71 is a tag describing a digital signature generation algorithm, and a digital signature generation algorithm used for generating a digital signature is data of this tag. Indicated. The <Signaturekey> tag 72 is a tag that describes an encryption key for verifying the digital signature added to the attached file 5 when the electronic envelope 3 is sealed. The digital signature verification selected by the user in the input field An encryption key (for example, a public key certificate) is embedded.

  Each tag described between the <AttachGuide> tags 73 is a tag indicating processing of the attached file 5.

  The <NumberofAttach> tag 74 is a control code indicating the number of attached files 5 attached to the <Work> tag 60 with the WorkID attribute “01”. FIG. 6 shows <01> and <Work with the WorkID attribute “01”. The number of attachments 5 selected by the tag 60 must be the same as the data of the <NumberofAttach> tag 74.

  Further, in the <File> tag 75, a control code for each attached file 5 is described. In FIG. 6, there is one <File> tag 75, but when a plurality of attached files 5 are attached, A plurality of <File> tags 75 are described, and each <File> tag 75 is identified by a Seq attribute. A serial number (for example, “00001”) is added to the Seq attribute.

  A <FileName> tag 75a, a <FileID> tag 75b, an <AcceptableExt> tag 75c, and a <SizeLimit> tag 75d are tags indicating contents to be checked for the attached file 5. A <SignatureFlag> tag 75e and a <Commpression> tag 75f are It is a tag indicating processing for embedding the attached file 5 in the electronic envelope 3. Further, a <Message> tag 75g indicating an error message when the control code is interpreted and executed is described in the <MessageDialog> tag 75g.

  The file name of the attached file 5 that is the target of the control code described between the <File> tags 75 is indicated by a <FileName> tag 75a. For example, in FIG. 6, the file name of the attached file 5 that is the target of the <File> tag 75 with the serial number “00001” is “family register copy”.

  Further, the name attribute of the <Attachment> tag 65 for embedding the attached file 5 in the electronic envelope 3 after processing with the control code is indicated by data of the <FileID> tag 75b. In FIG. 6, the <File> tag 75 whose Seq attribute is “00001” is “kosekitouhon”.

  The <AcceptableExt> tag 75c indicates the data format required for the attached file 5. In FIG. 6, the format of the attached file 5 that is the target of the <File> tag 75 whose serial number is “00001” is the GIF format. It is required to be. Further, the <SizeLimit> tag 75d indicates the maximum size capacity of the attached file 5. In FIG. 6, the capacity of the attached file 5 that is the target of the <File> tag 75 with the serial number “00001” is within 10 Kbytes. It is required to be.

  The <SignatureReq> tag 75e indicates the presence / absence of a digital signature. In FIG. 6, since the Flag attribute of the <SignatureReq> tag 75e is “Enable”, the attachment attached to the <File> tag 75 whose Seq attribute is “00001” A digital signature is added to the file 5 in accordance with the contents indicated by the <SignatureInfo> tag 70 in the <File> tag 75. The digital signature of the attached file 5 is embedded in the <Signature> tag 66 in FIG.

  When there are a plurality of <File> tags 75, the digital signatures of all the attached files 5 whose Flag attribute of the <SignatureReq> tag 75e is “Enable” are calculated according to the contents indicated by the <SignatureInfo> tag 70. Embedded in the electronic envelope 3.

  The <Commpression> tag 75f indicates the compression format (ZIP or the like) when compressing the attached file 5, and the attached file 5 that is the target of the <File> tag 75 with the serial number “00001” is the ZIP format. It is shown that it is compressed and embedded in the electronic envelope 3. The compressed data of the attached file 5 is embedded in the <Attachment> tag 65 shown in FIG.

  The electronic envelope utilization program 20 provided in the client 2 is a program for operating the CPU of the client 2 and can be realized by a mailer having the function of the electronic envelope utilization program 20 of the present invention.

  The electronic envelope utilization program 20 includes a function for opening the electronic envelope 3 received from the core business server 1, a function for creating the electronic envelope 3 by attaching an attachment file 5 to the electronic envelope 3, and the like. It is provided for an application using a general electronic envelope 3 such as a function of verifying a digital signature and adding a digital signature to the electronic envelope 3, a function of sealing the electronic envelope 3, and a function of transmitting the sealed electronic envelope 3. It has a function.

  Further, in addition to the functions described above, the electronic envelope utilization program 20 has a function of interpreting a control code included in the electronic envelope 3 and executing a process indicated by the control code. The electronic envelope utilization program 20 has a function for executing processing corresponding to the control code, and every time the control code described in the workflow definition data 311 of the electronic envelope 3 is read, a function corresponding to the read control code is obtained. Call and execute.

  From here, the content which the electronic envelope utilization program 20 interprets and executes the control code shown in FIG. 6 will be described. FIG. 7 is a diagram for explaining the <Item> tag 64 after the attachment file 5 is embedded. FIG. 8 is a diagram for explaining the contents of the <WorkFlow> tag 6 when the processing in the client 2 is completed. is there.

  When the user opens the electronic envelope 3 using the electronic envelope usage program 20, the electronic envelope usage program 20 reads the form data 310 and the electronic form is displayed on the client 2.

  When the electronic envelope 3 is sealed, the electronic envelope utilization program 20 installed in the client 2 executes processing based on the control code shown in FIG. 6 and checks the attached file 5 to enter the input field. The message shown in FIG. 7 is obtained by embedding the input data in the electronic envelope 3.

  That is, based on the control code shown in FIG. 6, when reading the <FileName> tag 75a, the electronic envelope utilization program 20 is selected in the input field whose name attribute is “kosekitouhon”, and the variable name is “kosekitouhon”. Confirm that the file name of a certain attached file 5 is “family register copy”. If the attached file 5 has not been selected, or if the file name of the selected attached file 5 is different from the data of the <FileName> tag 75a, the electronic envelope utilization program 20 is included in the <MessageDialog> tag 75g. Data of <Message> tag 75h (MessageID = "01") is displayed.

  Furthermore, the electronic envelope utilization program 20 confirms the data format of the selected attached file 5, and if the data format is not the GIF indicated by the <AcceptableExt> tag 75c, the <Message> tag included in the <MessageDialog> tag 75g 75h (MessageID = “02”) is displayed. Further, the electronic envelope utilization program 20 confirms the size of the attached file 5 and if the data capacity indicated by the <SizeLimit> tag 75d is exceeded, the <Message> tag 75h (MessageID = “ 03 ") data is displayed.

  After confirming the attached file 5, the electronic envelope utilization program 20 uses the encryption key for digital signature generation selected by the user because the value of the <SignatureReq> tag 75e is “Enable”, and the <SignatureInfo> tag 70 In accordance with the contents shown, the digital signature of the attached file 5 is generated, and the generated digital signature is embedded as the value of the <Signature> tag 66 in FIG.

  Further, the electronic envelope utilization program 20 compresses the selected attached file 5 in the format indicated by the <Commpression> tag 75f, and the <Attachment> tag 65 whose name attribute is “kosekitouhon” Embed as data.

  Also, the electronic envelope utilization program 20 confirms that the number of attached files 5 matches the data of the <NumberofAttach> tag 74. If they do not match, the data of the <Message> tag 75h (MessageID = “04”) included in the <MessageDialog> tag 75g is displayed, and the user is requested to select the missing attached file 5.

  After all processing indicated by the control code is completed, the electronic envelope utilization program 20 rewrites the Operation attribute of the <Work> tag 60 from “unexec” to “exec”, and sets the electronic envelope 3 on the core business server 1. Send.

  From here, the operation of the workflow system described so far will be described. FIG. 9 is a flowchart showing the operation procedure of the workflow system.

  The first step S1 of this procedure is a step in which the user operates the client 2 to access the basic business server 1 and obtains the electronic envelope 3 related to the application business from the basic business server 1. In this step, the user acquires the electronic envelope 3 from the core business server 1 by using the electronic envelope utilization program 20 provided in the client 2 or the like. Note that the user can also save the acquired electronic envelope 3 in the information storage means 21.

  The next step S2 is a step of opening the electronic envelope 3. In this step, the electronic envelope utilization program 20 opens the electronic envelope 3 acquired in step S1. When the electronic envelope 3 is opened, the data in the electronic envelope 3 is taken out, and the electronic form described in the form data 310 is displayed on the client 2.

  When a digital signature is added to the electronic envelope 3 acquired in step 1, the digital signature is verified with a designated encryption key. Further, when the encryption key for verifying the digital signature is embedded in the electronic envelope 3 in the form of a public key certificate, the public key certificate is also verified with the public key of the certificate authority that issued the public certificate.

  The next step S3 is a step for processing the electronic envelope 3. At this step, the electronic envelope utilization program 20 displays an input field for inputting data to be embedded in the electronic envelope 3 and an input field for selecting the attached file 5, and the user generates the data input, the attached file 5 and the digital signature. Perform operations such as selecting the encryption key to be used. In this step, the electronic envelope utilization program 20 temporarily stores data input by the user and information on selection of the attached file 5 in a memory such as the RAM of the client 2.

  The next step S4 is a step for sealing the electronic envelope 3. In this step, when the electronic envelope 3 is sealed, the electronic envelope utilization program 20 generates a digital signature of the input data by executing a process based on the control code described in the <Work> tag 60. After confirming the selected attached file 5, the electronic envelope utilization program 20 seals the electronic envelope 3. Further, when it is necessary to add a digital signature of the entire electronic envelope 3 or to encrypt the contents of the electronic envelope 3, these processes are executed in this step.

  The next step S <b> 5 is a step in which the electronic envelope 3 is next transmitted to the core business server 1. The electronic envelope utilization program 20 transmits the sealed electronic envelope 3 to the basic business server 1, and the electronic envelope 3 is opened and processed by the electronic envelope processing program 11 of the basic business server 1.

  The above description is only one embodiment of the present invention, and various modifications and changes are possible. In detail, if various control codes are defined, a module for executing processing for the defined control codes is incorporated in the electronic envelope utilization program 20, and the control codes are described in the electronic envelope 3, the client 2 performs electronic control according to the control codes. The envelope 3 is processed.

  In addition, by making all or part of the data included in the electronic envelope 3 and all or part of the data included in the electronic envelope 3 a target of the control code, each of all or part of the data included in the electronic envelope 3 is individually provided. A digital signature can be attached. That is, a digital signature can be attached to each attached file 5 included in the electronic envelope 3.

  When attaching a digital signature individually, a <Form> tag 63 for selecting a digital signature key to be used when calculating the digital signature is described in the workflow definition data 311, and further, in this <Form> tag 63 Provides an attribute (for example, a file name) for identifying the digital signature key. A tag for describing an attribute for identifying a digital signature key is provided in the <SignatureInfo> tag 70, and data for identifying the attached file 5 (for example, a <FileName> tag 75a) is described between the tags. Provide a tag. The electronic envelope utilization program 20 identifies the digital signature key from the contents of the tag describing the attribute for identifying the digital signature key, and the digital signature of the attached file 5 indicated by the tag describing the data for identifying the attached file 5 Is generated.

  In addition to a digital signature, a control code to which a time stamp is attached can be described. When describing a control code to which a time stamp is attached, a tag describing a URL of a time stamp server for registering all or a part of hash values of data included in the electronic envelope 3 is described as the control code.

  When the electronic envelope 3 includes a control code for attaching a time stamp to the electronic envelope 3, the electronic envelope utilization program 20 calculates a hash value of all or part of the data included in the electronic envelope 3 (for example, the attached file 5). After that, the hash value is registered in the time stamp server, the time stamp when the hash value is registered from the time stamp server is acquired and written in the electronic envelope 3.

  In addition, a control code for verifying a server digital signature that is a digital signature added to the electronic envelope 3 by the core business server 1 can be described. At this time, the client 2 stores a digital signature verification key, which is an encryption key for verifying the server digital signature, and the client 2 stores the digital signature specified by the digital signature verification key or control code selected by the user. The server digital signature included in the electronic envelope 3 is verified using the verification key.

  In addition, a control code for verifying the time stamp received from the time stamp server can be described. At this time, the client 2 stores a time stamp verification key, which is an encryption key for verifying the time stamp, and the client 2 performs time stamp verification specified by the time stamp verification key or control code selected by the user. The time stamp received from the time stamp server is verified using the key.

  In addition, a control code for verifying the validity of the digital signature verification key or the time stamp verification key can be described. At this time, the digital signature verification key and / or time stamp verification key is stored in the client 2 in the form of an electronic certificate. For example, if a control code indicating the URL of a certificate authority that issued an electronic certificate for a digital signature verification key or a time stamp verification key is described, the electronic envelope utilization program 20 can make an electronic inquiry by making an inquiry to the certificate authority indicated by the control code. You can check in advance whether the certificate has expired. Furthermore, if a control code indicating data related to the trust model (for example, a certificate authority serving as a trust anchor) is described in the control code, the reliability of the electronic certificate can be verified according to the trust model. Note that the certificate authority serving as the trust anchor may be included in the electronic envelope processing program itself instead of the control code.

  Further, in order to increase security at the time of distribution of the electronic envelope 3, a control code for encrypting all or a part of the data included in the electronic envelope 3 may be described. When encrypting, the client 2 can be specified by describing the data specifying the data to be encrypted, the data specifying the encryption algorithm, and the control code indicating the data specifying the encryption key used for encryption. The designated data is encrypted in accordance with the above algorithm, and the encrypted data is included in the electronic envelope 3 instead of plain text.

The figure explaining the structure of the workflow system to which this invention is applied. The block diagram of a workflow system. The figure explaining the structure of an electronic envelope. The figure which showed an example of workflow definition data. The figure explaining the message regarding an input field. The figure which showed an example of the control code described in the <Work> tag. The figure explaining the <Item> tag after data is embedded. The figure explaining the contents of the <WorkFlow> tag when one work is finished. The flowchart which showed the operation | movement procedure of the workflow system.

DESCRIPTION OF SYMBOLS 1 Core business server 10 Electronic envelope provision means 11 Electronic envelope processing program 12 Electronic envelope database 2 Client 20 Electronic envelope utilization program 21 Information storage means 3 Electronic envelope 30 Header field 31 Message field 310 Form data 311 Workflow definition data 32 Signature field 4 Network 5 attached file 6 <WorkFlow> tag, 60 <Work> tag, 61 <InputField> tag 62 <ControlCode> tag, 63 <Form> tag, 64 <Item> tag 65 <Attachment> tag, 66 <Sinature> tag 70 <SignatureInfo> tag, 71 <AlogrithmID> tag, 72 <SingatureKey> tag 73 <AttachGuide> tag, 74 <NumberofAttach> tag 75 <File> tag, 75a <FileName> tag, 75b <FileID> tag 75c <AcceptableExt> tag, 75d <Size Limit> tag 75e <SinnatureFlag> tag, 75f <Commpression> tag 5g <MessageDialog> tag, 75h <Message> tag

Claims (4)

A workflow system using an electronic envelope and configured by connecting a server and a client to a network,
The electronic envelope includes data included in the electronic envelope and all or part of the data included in the electronic envelope as target data, and a control code indicating a processing content executed by the client on the target data. A tag to be described is included, and the client includes electronic envelope using means for interpreting the control code and executing processing corresponding to the control code with respect to the target data, and the server receives from the client Electronic envelope processing means for processing the electronic envelope,
The electronic envelope includes a tag describing an input field A for allowing the user of the client to select a plurality of attachment files to be embedded in the electronic envelope as the target data, and a predetermined check related to the attachment file check. A tag describing a control code A indicating the process of the above, a tag describing a control code B indicating a process of generating a digital signature of the attached file according to a predetermined digital signature generation algorithm, the attached file and the digital signature Contains at least a tag to embed in an electronic envelope,
The electronic envelope using means of the client checks each of the attached files selected in the input field A according to the control code A , and then uses the digital signature generation key corresponding to the attached file to control the control code. In accordance with the digital signature generation algorithm indicated by B, at least a process of generating a digital signature of the attached file input in the input field A and associating the attached file with the digital signature and embedding it in a predetermined tag of the electronic envelope And
As the control code A, the electronic envelope includes a control code indicating the file name of the attached file, and the electronic envelope using means includes the file name of the attached file included in the electronic envelope. A workflow system characterized by executing processing for confirming that a file name indicated by a code matches . A workflow system using an electronic envelope and configured by connecting a server and a client to a network,
  The electronic envelope includes data included in the electronic envelope and all or part of the data included in the electronic envelope as target data, and a control code indicating a processing content executed by the client on the target data. A tag to be described is included, and the client includes electronic envelope using means for interpreting the control code and executing processing corresponding to the control code with respect to the target data, and the server receives from the client Electronic envelope processing means for processing the electronic envelope,
  The electronic envelope includes a tag describing an input field A for allowing the user of the client to select a plurality of attachment files to be embedded in the electronic envelope as the target data, and a predetermined check related to the attachment file check. A tag describing a control code A indicating the process of the above, a tag describing a control code B indicating a process of generating a digital signature of the attached file according to a predetermined digital signature generation algorithm, the attached file and the digital signature Contains at least a tag to embed in an electronic envelope,
  The electronic envelope using means of the client checks each of the attached files selected in the input field A according to the control code A, and then uses the digital signature generation key corresponding to the attached file to control the control code. In accordance with the digital signature generation algorithm indicated by A, generate at least the process of generating a digital signature of the attached file input in the input field A and associating the attached file with the digital signature and embedding it in a predetermined tag of the electronic envelope And
  As the control code A, the electronic envelope includes a control code indicating the maximum capacity of the attached file, and the electronic envelope using means determines that the capacity of the attached file included in the electronic envelope is the control code. A workflow system for executing a process of confirming that the capacity is equal to or less than a maximum capacity indicated. A workflow system using an electronic envelope and configured by connecting a server and a client to a network,
  The electronic envelope includes data included in the electronic envelope and all or part of the data included in the electronic envelope as target data, and a control code indicating a processing content executed by the client on the target data. A tag to be described is included, and the client includes electronic envelope using means for interpreting the control code and executing processing corresponding to the control code with respect to the target data, and the server receives from the client Electronic envelope processing means for processing the electronic envelope,
  The electronic envelope includes a tag describing an input field A for allowing the user of the client to select a plurality of attachment files to be embedded in the electronic envelope as the target data, and a predetermined check related to the attachment file check. A tag describing a control code A indicating the process of the above, a tag describing a control code B indicating a process of generating a digital signature of the attached file according to a predetermined digital signature generation algorithm, the attached file and the digital signature Contains at least a tag to embed in an electronic envelope,
  The electronic envelope using means of the client checks each of the attached files selected in the input field A according to the control code A, and then uses the digital signature generation key corresponding to the attached file to control the control code. In accordance with the digital signature generation algorithm indicated by A, generate at least the process of generating a digital signature of the attached file input in the input field A and associating the attached file with the digital signature and embedding it in a predetermined tag of the electronic envelope And
  As the control code A, the electronic envelope includes a control code indicating the data format of the attached file, and the electronic envelope using means includes a data format of the attached file included in the electronic envelope. A workflow system characterized by executing processing for confirming that the data format is indicated by a code. A workflow system using an electronic envelope and configured by connecting a server and a client to a network,
  The electronic envelope includes data included in the electronic envelope and all or part of the data included in the electronic envelope as target data, and a control code indicating a processing content executed by the client on the target data. A tag to be described is included, and the client includes electronic envelope using means for interpreting the control code and executing processing corresponding to the control code with respect to the target data, and the server receives from the client Electronic envelope processing means for processing the electronic envelope,
  The electronic envelope includes a tag describing an input field A for allowing the user of the client to select a plurality of attachment files to be embedded in the electronic envelope as the target data, and a predetermined check related to the attachment file check. A tag describing a control code A indicating the process of the above, a tag describing a control code B indicating a process of generating a digital signature of the attached file according to a predetermined digital signature generation algorithm, the attached file and the digital signature Contains at least a tag to embed in an electronic envelope,
  The electronic envelope using means of the client checks each of the attached files selected in the input field A according to the control code A, and then uses the digital signature generation key corresponding to the attached file to control the control code. In accordance with the digital signature generation algorithm indicated by A, generate at least the process of generating a digital signature of the attached file input in the input field A and associating the attached file with the digital signature and embedding it in a predetermined tag of the electronic envelope And
  As the control code A, the electronic envelope includes a control code indicating the number of files of the attached file to be included in the electronic envelope, and the electronic envelope using means includes the electronic envelope using the attached file included in the electronic envelope. A workflow system for executing a process of confirming that a number is a number indicated by the control code.

Images