JP4584071B2 - Encrypted electronic document processing system, service providing apparatus, and electronic document output apparatus - Google Patents

Description

  The present invention relates to an encrypted electronic document processing system, a service providing apparatus, and an electronic document output apparatus, and more particularly to an encrypted electronic document processing system, a service providing apparatus, and an electronic document output suitable for secure transmission of an electronic document. Relates to the device.

  When an electronic document is transmitted on a communication network, means for encrypting and transmitting the electronic document has been taken as a countermeasure against eavesdropping on a communication path or a terminal device on the communication path.

Patent Document 1 provides a method for securely printing an electronic document required on the go by using unique secret information (Bluetooth address information) pre-assigned to a mobile phone as an encryption key. Yes. That is, the address information of Bluetooth used for encryption of the electronic document and the transfer instruction information of the electronic document are transmitted from the mobile phone to the document server storing the electronic document, and the document server encrypts the electronic document. And transfer to a print server that manages a printer installed in a public place. Next, when a print instruction is issued from the mobile phone to the print server, the document data is transferred to the printer. Furthermore, by transmitting Bluetooth address information from the mobile phone to the printer, the printer can decrypt and print the encrypted electronic document. As described above, there is the security of the encrypted electronic document and the convenience of outputting the electronic document.
JP 2002-366314 A

  However, in Patent Document 1, the mobile phone only gives instructions for transferring and printing an electronic document, and cannot confirm or correct the content of the electronic document before actually printing it. User convenience is low. Further, for communication between the document server and the mobile phone and between the print server and the mobile phone, real-time interaction (data processing for responding to requests) is required. In other words, the document server and the print server are always connected to the Internet, waiting for a request from a mobile phone, and responding to a request immediately is required. This leads to an increase in the operating cost of the entire system, which is a problem.

  The present invention has been made to solve the above-described problems, and one of the objects of the present invention is to secure the security of the encrypted electronic document and the convenience of outputting the electronic document without increasing the cost. It is to provide an encrypted electronic document processing system, a service providing apparatus, and an encrypted electronic document output apparatus capable of improving the above.

  In order to solve the above-described problem, according to an aspect of the present invention, an encrypted electronic document processing system includes a service providing apparatus including a first shared key storage unit that stores a shared key in advance, and a first shared key A shared key holding / output device including a second shared key storage unit that stores in advance the same shared key as the shared key stored in the storage unit, and a shared key non-holding output device that does not store the shared key in advance .

  The service providing apparatus includes a random extraction character string generation unit, a first encryption key generation unit, an electronic document encryption unit, a first encrypted electronic document transmission unit, and a random extraction character string transmission unit.

  The randomly extracted character string generation unit generates a randomly extracted character string that is a character string in which randomly extracted characters are arranged. The first encryption key generation unit uses a predetermined calculation method based on the shared key stored in the first shared key storage unit and the random extraction character string generated by the random extraction character string generation unit, using a predetermined calculation method. One encryption key is generated. The electronic document encryption unit encrypts the electronic document into the encrypted electronic document using the first encryption key generated by the first encryption key generation unit. The first encrypted electronic document transmission unit converts the encrypted electronic document encrypted by the electronic document encryption unit to a predetermined first output device of the shared key holding output device or the shared key non-holding output device. In addition, transmission is performed according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model. The random extraction character string transmission unit transmits the random extraction character string generated by the random extraction character string generation unit to the shared key holding output device via the first communication medium.

  The first output device includes an encrypted electronic document reception unit and a second encrypted electronic document transmission unit. The encrypted electronic document receiving unit receives the encrypted electronic document transmitted from the service providing apparatus. The second encrypted electronic document transmission unit transmits the encrypted electronic document received by the encrypted electronic document reception unit to a second different from the first output device of the shared key holding output device or the shared key non-holding output device. To the output device according to the one-way communication protocol.

  The second output device includes an encrypted electronic document receiving unit that receives the encrypted electronic document transmitted from the first output device.

  The shared key holding output device includes a randomly extracted character string reception unit, a second encryption key generation unit, a first electronic document decryption unit, and a first output unit. The randomly extracted character string receiving unit receives the randomly extracted character string transmitted from the service providing apparatus. The second encryption key generation unit uses a predetermined calculation method based on the shared key stored in the second shared key storage unit and the randomly extracted character string received by the randomly extracted character string receiving unit. 2 Generate an encryption key. The first electronic document decryption unit decrypts the encrypted electronic document received by the encrypted electronic document reception unit into an electronic document, using the second encryption key generated by the second encryption key generation unit. The first output unit outputs the electronic document decrypted by the first electronic document decryption unit.

  The service providing device or the shared key holding output device differs from the first communication medium in the first encryption key generated by the first encryption key generation unit or the second encryption key generated by the second encryption key generation unit. An encryption key transmission unit is provided that transmits to the shared key non-holding output device via the second communication medium.

  The shared key non-holding output device includes an encryption key receiving unit, a second electronic document decrypting unit, and a second output unit. The encryption key receiving unit receives the first encryption key transmitted from the service providing apparatus or the second encryption key transmitted from the shared key holding output apparatus. The second electronic document decryption unit decrypts the encrypted electronic document received by the encrypted electronic document reception unit into an electronic document using the first encryption key or the second encryption key received by the encryption key reception unit. The second output unit outputs the electronic document decrypted by the second electronic document decryption unit.

  According to this invention, a randomly extracted character string that is a character string in which randomly extracted characters are arranged is generated by the service providing apparatus of the encrypted electronic document processing system, and a pre-stored shared key; Based on the generated randomly extracted character string, the first encryption key is generated by a predetermined calculation method, and the generated first encryption key is used to encrypt the electronic document into the encrypted electronic document. The encrypted encrypted electronic document needs a response to the request in the application layer of the OSI reference model to the predetermined first output device of the shared key holding output device or the shared key non-holding output device. The randomly extracted character string that is transmitted according to the unidirectional communication protocol that is not performed is transmitted to the shared key holding output device via the first communication medium.

  Also, the first output device of the encrypted electronic document processing system receives the encrypted electronic document transmitted from the service providing device, and the received encrypted electronic document is the shared key holding output device or the shared key non-holding It is transmitted to a second output device different from the first output device among the output devices according to a one-way communication protocol.

  Also, the encrypted output document transmitted from the first output device is received by the second output device of the encrypted electronic document processing system.

  In addition, the randomly extracted character string transmitted from the service providing apparatus is received by the shared key holding output device of the encrypted electronic document processing system, and the pre-stored shared key and the received randomly extracted character string are Based on this, a second encryption key is generated by a predetermined calculation method, and the received encrypted electronic document is decrypted into an electronic document using the generated second encryption key, and the decrypted electronic document is output. Is done.

  In addition, the first communication key generated by the service providing apparatus or the shared key holding / outputting apparatus of the encrypted electronic document processing system or the second communication medium generated is different from the first communication medium. Via the shared key non-holding output device.

  In addition, the first encryption key transmitted from the service providing apparatus or the second encryption key transmitted from the shared key holding output apparatus is received and received by the shared key non-holding output apparatus of the encrypted electronic document processing system. Using the one encryption key or the second encryption key, the received encrypted electronic document is decrypted into an electronic document, and the decrypted electronic document is output.

  For this reason, since the encrypted electronic document encrypted according to the unidirectional communication protocol is transmitted, the configuration for transmission / reception is simplified compared to the case of being transmitted according to the bidirectional communication protocol, Costs such as operation costs and maintenance costs can be reduced.

  Further, the shared key holding output device cannot decrypt the encrypted electronic document unless it receives the randomly extracted character string generated by the service providing device, and the shared key non-holding output device Since the encrypted electronic document cannot be decrypted unless the encryption key is received via a second communication medium different from the first communication medium to which the sequence is transmitted, the security of the encrypted electronic document can be improved. .

  Further, since the encrypted electronic document can be decrypted and output by the shared key holding output device and the shared key non-holding output device, the convenience of outputting the electronic document can be improved.

  As a result, it is possible to provide an encrypted electronic document processing system capable of improving the safety of the encrypted electronic document and the convenience of outputting the electronic document without increasing the cost.

  Furthermore, since the randomly extracted character string is transmitted via the first communication medium and the encryption key is transmitted via the second communication medium, it is difficult to steal both the randomly extracted character string and the encryption key. It is possible to make it difficult to estimate the shared key from the randomly extracted character string and the encryption key.

  Further, since the encrypted electronic document is transmitted as it is to the second output device without being re-encrypted by the first output device, the service providing device sends it to the second output device via the first output device. The efficiency with which the encrypted electronic document is transmitted can be improved.

  Preferably, the first output device is a shared key holding output device, and the second output device is a shared key non-holding output device. The first output unit outputs the electronic document by displaying it, and the second output unit outputs the electronic document by printing it.

  According to this invention, a randomly extracted character string that is a character string in which randomly extracted characters are arranged is generated by the service providing apparatus of the encrypted electronic document processing system, and a pre-stored shared key; Based on the generated randomly extracted character string, the first encryption key is generated by a predetermined calculation method, and the generated first encryption key is used to encrypt the electronic document into the encrypted electronic document. The randomized character string generated by transmitting the encrypted encrypted electronic document to the first output device according to the one-way communication protocol that does not require a response to the request in the application layer of the OSI reference model Is transmitted to the first output device via the first communication medium.

  In addition, the first output device of the encrypted electronic document processing system receives the encrypted electronic document transmitted from the service providing device, and the received encrypted electronic document is transmitted to the second output device in one direction. Randomly extracted character string transmitted from the service providing apparatus is received according to the communication protocol, and based on the shared key stored in advance and the received randomly extracted character string, in a predetermined calculation method, A second encryption key is generated, the generated second encryption key is transmitted to the second output device via a second communication medium different from the first communication medium, and the generated second encryption key is used. The received encrypted electronic document is decrypted into an electronic document, and the decrypted electronic document is displayed and output.

  Further, the second output device of the encrypted electronic document processing system receives the encrypted electronic document transmitted from the first output device, receives the second encryption key transmitted from the first output device, Using the received second encryption key, the received encrypted electronic document is decrypted into an electronic document, and the decrypted electronic document is printed and output.

  For this reason, since the encrypted electronic document encrypted according to the unidirectional communication protocol is transmitted, the configuration for transmission / reception is simplified compared to the case of being transmitted according to the bidirectional communication protocol. Costs such as operation costs and maintenance costs can be reduced.

  In addition, the first output device cannot decrypt the encrypted electronic document unless it receives the randomly extracted character string generated by the service providing device, and the second output device does not receive the randomly extracted character string. Since the encrypted electronic document cannot be decrypted unless the encryption key is received via a second communication medium different from the first communication medium to which is transmitted, the security of the encrypted electronic document can be improved.

  In addition, since the electronic document displayed by the first output device can be confirmed and the electronic document can be printed by the second output device, the convenience of outputting the electronic document can be further improved.

  As a result, the security of the encrypted electronic document and the convenience of outputting the electronic document can be further improved without increasing the cost.

  More preferably, the service providing apparatus further includes an additional information encryption unit and a first encrypted additional information transmission unit. The additional information encryption unit encrypts additional information, which is a condition when the electronic document is output by the first output unit and the second output unit, using the first encryption key generated by the first encryption key generation unit. Encrypts into additional information. The first encrypted additional information transmission unit transmits the encrypted additional information encrypted by the additional information encryption unit to the first output device.

  The first output device further includes a first encrypted additional information receiving unit, a first additional information decrypting unit, and a second encrypted additional information transmitting unit. The first encrypted additional information receiving unit receives the encrypted additional information transmitted from the service providing apparatus. The first additional information decrypting unit decrypts the encrypted additional information received by the first encrypted additional information receiving unit into additional information using the second encryption key generated by the second encryption key generating unit. The second encrypted additional information transmitting unit transmits the encrypted additional information received by the first encrypted additional information receiving unit to the second output device. The first output unit outputs the electronic document according to the additional information decoded by the first additional information decoding unit.

  The second output device further includes a second encrypted additional information receiving unit and a second additional information decrypting unit. The second encrypted additional information receiving unit receives the encrypted additional information transmitted from the first output device. The second additional information decrypting unit decrypts the encrypted additional information received by the second encrypted additional information receiving unit into additional information using the second encryption key received by the encryption key receiving unit. The second output unit outputs the electronic document according to the additional information decoded by the second additional information decoding unit.

  According to the present invention, the additional information, which is a condition when the electronic document is output, is encrypted into the encrypted additional information by using the first encryption key generated by the service providing apparatus of the encrypted electronic document processing system. The encrypted additional information that has been encrypted is transmitted to the first output device.

  In addition, the encrypted additional information transmitted from the service providing apparatus is received by the first output device of the encrypted electronic document processing system, and the received encrypted additional information is received using the generated second encryption key. Is decrypted into additional information, and the received encrypted additional information is transmitted to the second output device, and an electronic document is output in accordance with the decrypted additional information.

  Further, the second output device of the encrypted electronic document processing system receives the encrypted additional information transmitted from the first output device and uses the received second encryption key to receive the received encryption. The additional information is decoded into the additional information, and the electronic document is output according to the decoded additional information.

  For this reason, since the additional information is encrypted and transmitted to the first output device and the second output device, the safety of the additional information can be improved.

  Also, since the electronic document is output according to the additional information, the conditions when the electronic document is output can be controlled from the service providing apparatus side.

  More preferably, the service providing apparatus sets a security level as a condition when the electronic document of the additional information is output in accordance with the first output apparatus and the second output apparatus from which the electronic document is output. An additional information setting unit is further provided. The additional information encryption unit encrypts the additional information whose security level is set by the additional information setting unit.

  According to this invention, when the electronic document of the additional information is output by the service providing apparatus of the encrypted electronic document processing system according to the first output apparatus and the second output apparatus from which the electronic document is output. A security level is set as a condition, and the additional information with the security level set is encrypted.

  For this reason, since the electronic document is output according to the additional information in which the security level is set when the electronic document is output according to the first output device and the second output device by the service providing device. The service providing apparatus can control the electronic document to be output at a security level corresponding to the output apparatus and the second output apparatus.

  More preferably, the random extraction character string transmission unit encrypts the random extraction character string generated by the random extraction character string generation unit using the shared key stored in the first shared key storage unit. A random extraction character string encryption unit that encrypts the extracted character string is included, and the encrypted random extraction character string encrypted by the random extraction character string encryption unit is transmitted.

  The random extraction character string receiving unit receives the encrypted random extraction character string transmitted from the service providing apparatus. The second encryption key generation unit decrypts the encrypted randomly extracted character string received by the randomly extracted character string receiving unit into a randomly extracted character string using the shared key stored in the second shared key storage unit And a second encryption key based on the shared key stored in the second shared key storage unit and the randomly extracted character string decrypted by the randomly extracted character string decryption unit. Is generated.

  According to the present invention, the generated random extracted character string is encrypted into the encrypted random extracted character string by using the shared key stored in advance by the service providing apparatus of the encrypted electronic document processing system. The encrypted encrypted random extracted character string is transmitted to the first output device.

  The first output device of the encrypted electronic document processing system receives the encrypted random sampled character string transmitted from the service providing device, and uses the pre-stored shared key to receive the received encrypted The randomly extracted character string is decrypted into a randomly extracted character string, and a second encryption key is generated based on the shared key stored in advance and the decrypted randomly extracted character string.

  For this reason, since the randomly extracted character string is encrypted and output to the first output device, the safety of the randomly extracted character string can be improved.

  Preferably, the second output device is a shared key holding output device, and the first output device is a shared key non-holding output device. The random extraction character string transmission unit converts the random extraction character string generated by the random extraction character string generation unit into an encrypted random extraction character string using the shared key stored in the first shared key storage unit. A random key extraction unit that encrypts a random extracted character string encrypted by the random extraction character string encryption unit and encrypts the random extracted character string encrypted by the common key non-output device Send to.

  The randomly extracted character string receiving unit receives the encrypted randomly extracted character string transmitted from the service providing device via the shared key non-holding output device. The second encryption key generation unit decrypts the encrypted randomly extracted character string received by the randomly extracted character string receiving unit into a randomly extracted character string using the shared key stored in the second shared key storage unit And a second encryption key based on the shared key stored in the second shared key storage unit and the randomly extracted character string decrypted by the randomly extracted character string decryption unit. Is generated.

  The first output unit outputs the electronic document by printing it. The second output unit outputs the electronic document by displaying it.

  According to this invention, a randomly extracted character string that is a character string in which randomly extracted characters are arranged is generated by the service providing apparatus of the encrypted electronic document processing system, and a pre-stored shared key; Based on the generated randomly extracted character string, the first encryption key is generated by a predetermined calculation method, and the generated first encryption key is used to encrypt the electronic document into the encrypted electronic document. The encrypted encrypted electronic document is transmitted to the first output device according to a one-way communication protocol that does not require a response to the request in the application layer of the OSI reference model, and a pre-stored shared key is used. The generated random extracted character string is encrypted into an encrypted random extracted character string, and the encrypted random extracted character string is transmitted from the first output device via the first communication medium. The second Is sent to the output device, a first encryption key is generated, via the second communication medium different from the first communication medium, it is transmitted to the first output device.

  Also, the first output device of the encrypted electronic document processing system receives the encrypted electronic document transmitted from the service providing device, and the received encrypted electronic document is the shared key holding output device or the shared key non-holding The first encryption key transmitted to the second output device different from the first output device of the output devices according to the one-way communication protocol and received from the service providing device is received, and the received first encryption key is received. Using the key, the received encrypted electronic document is decrypted into an electronic document, and the decrypted electronic document is displayed and output.

  The encrypted electronic document transmitted from the first output device is received by the second output device of the encrypted electronic document processing system, and the encrypted data is transmitted from the service providing device via the first output device. Randomly extracted character string is received and a pre-stored shared key is used, and the received encrypted random extracted character string is decrypted into a randomly extracted character string and decrypted with a pre-stored shared key A second encryption key is generated based on the randomly extracted character string by a predetermined calculation method, and the received encrypted electronic document is decrypted into an electronic document using the generated second encryption key. The decrypted electronic document is output by printing.

  For this reason, since the encrypted electronic document encrypted according to the unidirectional communication protocol is transmitted, the configuration for transmission / reception is simplified compared to the case of being transmitted according to the bidirectional communication protocol. Costs such as operation costs and maintenance costs can be reduced.

  In addition, the first output device cannot decrypt the encrypted electronic document unless the encryption key is received via the second communication medium different from the first communication medium to which the randomly extracted character string is transmitted. Since the second output device cannot decrypt the encrypted electronic document unless it receives the randomly extracted character string generated by the service providing device, the security of the encrypted electronic document can be improved.

  In addition, since the electronic document displayed by the first output device can be confirmed and the electronic document can be printed by the second output device, the convenience of outputting the electronic document can be further improved.

  As a result, the security of the encrypted electronic document and the convenience of outputting the electronic document can be further improved without increasing the cost.

  More preferably, the service providing apparatus further includes an additional information encryption unit and a first encrypted additional information transmission unit. The additional information encryption unit encrypts additional information, which is a condition when the electronic document is output by the first output unit and the second output unit, using the first encryption key generated by the first encryption key generation unit. Encrypts into additional information. The first encrypted additional information transmission unit transmits the encrypted additional information encrypted by the additional information encryption unit to the first output device.

  The first output device further includes a first encrypted additional information receiving unit, a first additional information decrypting unit, and a second encrypted additional information transmitting unit. The first encrypted additional information receiving unit receives the encrypted additional information transmitted from the service providing apparatus. The first additional information decrypting unit decrypts the encrypted additional information received by the first encrypted additional information receiving unit into additional information using the first encryption key received by the first encryption key receiving unit. The second encrypted additional information transmitting unit transmits the encrypted additional information received by the first encrypted additional information receiving unit to the second output device. The second output unit outputs the electronic document according to the additional information decoded by the first additional information decoding unit.

  The second output device further includes a second encrypted additional information receiving unit and a second additional information decrypting unit. The second encrypted additional information receiving unit receives the encrypted additional information transmitted from the first output device. The second additional information decrypting unit decrypts the encrypted additional information received by the second encrypted additional information receiving unit into additional information using the second encryption key generated by the second encryption key generating unit. The first output unit outputs the electronic document according to the additional information decoded by the second additional information decoding unit.

  According to the present invention, the additional information, which is a condition when the electronic document is output, is encrypted into the encrypted additional information by using the first encryption key generated by the service providing apparatus of the encrypted electronic document processing system. The encrypted additional information that has been encrypted is transmitted to the first output device.

  In addition, the first output device of the encrypted electronic document processing system receives the encrypted additional information transmitted from the service providing device, and the received encrypted additional information is received using the received first encryption key. Is decrypted into additional information, and the received encrypted additional information is transmitted to the second output device, and an electronic document is output in accordance with the decrypted additional information.

  Further, the second output device of the encrypted electronic document processing system receives the encrypted additional information transmitted from the first output device, and uses the generated second encryption key to receive the received encryption. The additional information is decoded into the additional information, and the electronic document is output according to the decoded additional information.

  For this reason, since the additional information is encrypted and transmitted to the first output device and the second output device, the safety of the additional information can be improved.

  Also, since the electronic document is output according to the additional information, the conditions when the electronic document is output can be controlled from the service providing apparatus side.

  More preferably, the first output device further includes a generation information storage unit that stores generation information indicating whether or not the second encryption key has been generated by the first output device. The output unit provided in the first output unit of the first output unit or the second output unit outputs the electronic document according to the additional information according to the generation information stored in the generation information storage unit.

  According to this invention, the first output device of the encrypted electronic document processing system stores the generation information indicating whether or not the second output key has been generated by the first output device, and the generated generation information is stored in the stored generation information. In response, an electronic document is output according to the additional information.

  Therefore, the electronic document can be output under different conditions depending on whether or not the second encryption key has been generated by the first output device.

  More preferably, the second output device further includes a generation information storage unit that stores generation information indicating whether or not the second encryption key has been generated by the second output device. The output unit provided in the second output device of the first output unit or the second output unit outputs the electronic document according to the additional information according to the generation information stored in the generation information storage unit.

  According to this invention, the second output device of the encrypted electronic document processing system stores the generation information indicating whether or not the second encryption key has been generated by the second output device, and the generated generation information is stored in the stored generation information. In response, an electronic document is output according to the additional information.

  Therefore, the electronic document can be output under different conditions depending on whether or not the second encryption key has been generated by the second output device.

  More preferably, the additional information includes electronic document metadata. Before the electronic document is output by the output unit included in the first output unit of the first output unit or the second output unit, the first output device is based on the metadata included in the additional information, A first output pre-processing unit that performs pre-processing of output of the electronic document is further provided. Before the electronic document is output by the output unit provided in the second output device of the first output unit or the second output unit, the second output device is based on the metadata included in the additional information, A second output pre-processing unit that performs pre-processing of output of the electronic document is further provided.

  According to the present invention, before the electronic document is output by the first output device of the encrypted electronic document processing system, preprocessing of output of the electronic document is performed based on the metadata included in the additional information. . Further, before the electronic document is output, the second output device of the encrypted electronic document processing system performs preprocessing of output of the electronic document based on the metadata included in the additional information.

  Therefore, output preprocessing based on the metadata of the electronic document can be performed without extracting metadata from the electronic document by the output device. As a result, the cost for providing a configuration for extracting metadata in the output device can be reduced.

  More preferably, the service providing apparatus further includes a predetermined information encryption unit and a first encrypted predetermined information transmission unit. The predetermined information encryption unit encrypts the predetermined information into encrypted predetermined information using the shared key stored in the first shared key storage unit. The first encrypted predetermined information transmission unit transmits the encrypted predetermined information encrypted by the predetermined information encryption unit to the first output device.

  The first output device further includes a first encrypted predetermined information receiving unit and a second encrypted predetermined information transmitting unit. The first encrypted predetermined information receiving unit receives the encrypted predetermined information transmitted from the service providing apparatus. The second encrypted predetermined information transmitting unit transmits the encrypted predetermined information received by the first encrypted predetermined information receiving unit to the second output device.

  The second output device further includes a second encrypted predetermined information receiving unit and a predetermined information decrypting unit. The second encrypted predetermined information receiving unit receives the encrypted predetermined information transmitted from the first output device. The predetermined information decrypting unit decrypts the encrypted predetermined information received by the second encrypted predetermined information receiving unit into predetermined information using the shared key stored in the second shared key storage unit.

  According to the present invention, the service providing apparatus of the encrypted electronic document processing system uses the shared key stored in advance, the predetermined information is encrypted into the encrypted predetermined information, and the encrypted predetermined information is stored. Sent to the first output device.

  Further, the first output device of the encrypted electronic document processing system receives the encrypted predetermined information transmitted from the service providing device, and transmits the received encrypted predetermined information to the second output device.

  The second output device of the encrypted electronic document processing system receives the encrypted predetermined information transmitted from the first output device and uses the pre-stored shared key to receive the encrypted predetermined information. Information is decoded into predetermined information.

  For this reason, it is possible to prevent the first output device from referring to the predetermined information, and it is possible to refer to the predetermined information from the second output device.

  More preferably, the predetermined information is an electronic signature for verifying falsification of the electronic document. The second output device further includes an electronic document verification unit that verifies the falsification of the electronic document using the predetermined information decoded by the predetermined information decoding unit.

  According to the present invention, the second output device of the encrypted electronic document processing system uses the electronic signature for verifying the falsification of the electronic document, which is the decrypted predetermined information, to verify the falsification of the electronic document. The Therefore, it is possible to verify the falsification of the electronic document printed by the second output device based on the electronic signature that is the predetermined information transmitted from the service providing device to the second output device.

  More preferably, the predetermined information is information relating to billing for the output of the electronic document in the second output device. The second output device further includes a charging unit that charges the output of the electronic document by the first output unit based on the predetermined information decoded by the predetermined information decoding unit.

  According to the present invention, the second output device of the encrypted electronic document processing system prints the electronic document based on the information relating to the charging for the output of the electronic document in the second output device, which is the predetermined information decrypted. You will be charged for this. For this reason, it is possible to charge for printing an electronic document based on information related to charging, which is predetermined information transmitted from the service providing apparatus to the second output apparatus.

  Preferably, each of the first encrypted electronic document transmission unit and the second encrypted electronic document transmission unit transmits the encrypted electronic document as an attachment file of an e-mail according to an e-mail protocol that is a one-way communication protocol. Send.

  According to the present invention, an encrypted electronic document is attached as an attached file of an e-mail according to an e-mail protocol, which is a one-way communication protocol, by the service providing apparatus and the first output apparatus of the encrypted electronic document processing system. Sent. For this reason, since the existing electronic mail protocol is used for transmitting the encrypted electronic document, it is not necessary to provide a special configuration for transmitting the encrypted electronic document, and the cost for configuring the encrypted electronic document processing system Can be reduced.

  Preferably, the encryption key transmission unit is configured such that the shared key non-holding output device that transmits the first encryption key or the second encryption key is encrypted by the first encrypted electronic document transmission unit or the second encrypted electronic document transmission unit. When it is authenticated as a shared key non-holding output device that has transmitted the encrypted electronic document by the transmission destination authentication unit, including a transmission destination authentication unit that authenticates whether or not the shared key non-holding output device has transmitted the document In addition, the first encryption key or the second encryption key is transmitted.

  According to the present invention, the shared key non-holding output device to which the first encryption key or the second encryption key is transmitted by the service providing device or the shared key holding output device of the encrypted electronic document processing system, When it is authenticated whether the output device is a shared key non-holding output device and is authenticated as a shared key non-holding output device that has transmitted an encrypted electronic document, the first encryption key or the second encryption key is transmitted Is done. Therefore, it is possible to prevent the first encryption key or the second encryption key from being transmitted to the shared key non-holding output device that has not transmitted the encrypted electronic document. As a result, it is possible to prevent an injustice to receive the first encryption key or the second encryption key even though the encrypted electronic document has not been received.

  Preferably, the service providing device, the shared key holding output device, and the shared key non-holding output device each store in advance secret information used for encrypting and decrypting the first encryption key or the second encryption key, respectively. A secret information storage unit is further provided.

  The electronic document encryption unit generates a third encryption key based on the secret information stored in the secret information storage unit and the first encryption key generated by the first encryption key generation unit. And encrypting the electronic document into the encrypted electronic document using the third encryption key generated by the third encryption key generation unit.

  The first electronic document decryption unit generates a fourth encryption key based on the secret information stored in the secret information storage unit and the second encryption key generated by the second encryption key generation unit. An encrypted electronic document is decrypted into an electronic document using the fourth encryption key generated by the fourth encryption key generation unit, including a generation unit.

  The second electronic document decryption unit generates a fifth encryption key based on the secret information stored in the secret information storage unit and the first encryption key or the second encryption key received by the encryption key reception unit. An encrypted electronic document is decrypted into an electronic document using the fifth encryption key generated by the fifth encryption key generation unit.

  According to the present invention, the third encryption key is generated by the service providing apparatus of the encrypted electronic document processing system based on the secret information stored in advance and the generated first encryption key. 3 Using the encryption key, the electronic document is encrypted into the encrypted electronic document.

  Further, the fourth encryption key is generated by the shared key holding output device of the encrypted electronic document processing system based on the secret information stored in advance and the generated second encryption key, and the generated fourth encryption key is generated. Using the key, the encrypted electronic document is decrypted into an electronic document.

  A fifth encryption key is generated by the shared key non-holding output device of the encrypted electronic document processing system based on the secret information stored in advance and the received first encryption key or second encryption key, Using the generated fifth encryption key, the encrypted electronic document is decrypted into the electronic document.

  Therefore, a third encryption key, a fourth encryption key, and a fifth encryption key are generated based on the first encryption key, the second encryption key, and the secret information, respectively, and the third encryption key, the fourth encryption key, and the fifth encryption key are generated. Since the encryption key is used for encryption and decryption of the electronic document, the security of the electronic document can be further improved.

  Preferably, the shared key holding / outputting device deletes the randomly extracted character string corresponding to the second encryption key used for decryption after the encrypted electronic document is decrypted into the electronic document by the first electronic document decryption unit. A random extraction character string deletion unit is further provided.

  According to this invention, after the encrypted electronic document is decrypted into the electronic document by the shared key holding output device of the encrypted electronic document processing system, the randomly extracted character string corresponding to the second encryption key used for the decryption Is deleted. For this reason, it is possible to prevent the randomly extracted character string from being used again to generate the second encryption key and to decrypt the encrypted electronic document with the generated second encryption key.

  Preferably, the encrypted electronic document processing system includes a plurality of shared key holding output devices. The first shared key storage unit stores the shared key in advance for each of the plurality of shared key holding output devices. The first encryption key generation unit is configured to execute the first encryption key based on the shared key stored in the first shared key storage unit according to the shared key holding output device to which the encrypted electronic document is transmitted and the randomly extracted character string. One encryption key is generated.

  According to this invention, the service providing apparatus of the encrypted electronic document processing system stores the shared key in advance for each of the plurality of shared key holding output apparatuses, and according to the shared key holding output apparatus to which the encrypted electronic document is transmitted. A first encryption key is generated based on the stored shared key and a randomly extracted character string. For this reason, since the shared key can be made different for each shared key holding output device, the security of the encrypted electronic document can be further improved.

  Preferably, the first output device receives the encrypted electronic document and the link information for receiving the encrypted electronic document from the service providing device after the encrypted electronic document is transmitted by the second encrypted electronic document transmission unit. And an electronic document replacement unit for replacing. The encrypted electronic document receiving unit requests the service providing device to transmit the encrypted electronic document based on the link information replaced by the electronic document replacing unit, and transmits the encrypted electronic document transmitted from the service providing device in response to the request. Receive the digitized electronic document again.

  According to this invention, after the encrypted electronic document is transmitted to the second output device by the first output device of the encrypted electronic document processing system, the encrypted electronic document provides the encrypted electronic document as a service providing device. The encrypted electronic document is replaced with the link information to be received from the service, the transmission of the encrypted electronic document is requested from the service providing apparatus based on the replaced link information, and the encrypted electronic document transmitted from the service providing apparatus in response to the request Is received again. Therefore, the user of the first output device can receive the encrypted electronic document based on the link information without performing the procedure for receiving the encrypted electronic document again. The number of users who receive the encrypted electronic document can be increased.

  Preferably, the service providing device is a computer, the first output device is a mobile phone, and the second output device is a printer.

  According to the present invention, the computer of the encrypted electronic document processing system generates a randomly extracted character string that is a character string in which randomly extracted characters are arranged, and generates a pre-stored shared key. Based on the randomly extracted character string, a first encryption key is generated by a predetermined calculation method, and the generated first encryption key is used to encrypt the electronic document into an encrypted electronic document. The encrypted encrypted electronic document is transmitted to the mobile phone in accordance with the one-way communication protocol that does not require a response to the request in the application layer of the OSI reference model, and the generated random extracted character string is the first communication It is transmitted via a medium to a shared key holding / outputting device that stores a shared key in advance in the mobile phone or printer.

  In addition, an encrypted electronic document transmitted from a computer is received by the mobile phone of the encrypted electronic document processing system, and the received encrypted electronic document is transmitted to the printer according to a one-way communication protocol.

  Also, the encrypted electronic document transmitted from the mobile phone is received by the printer of the encrypted electronic document processing system.

  In addition, a randomly extracted character string transmitted from a computer is received by a shared key holding / outputting device storing a shared key in advance in a mobile phone or a printer of the encrypted electronic document processing system, and stored in advance. Based on the key and the received randomly extracted character string, a second encryption key is generated by a predetermined calculation method, and the received encrypted electronic document is generated using the generated second encryption key. The electronic document is decrypted and the decrypted electronic document is output.

  Also, the first encryption key generated by the computer of the encrypted electronic document processing system or the shared key holding / outputting device storing the shared key of the mobile phone or printer in advance or the generated second encryption key. The encryption key is transmitted via a second communication medium different from the first communication medium to a shared key non-holding output device that does not store the shared key in advance in the mobile phone or the printer.

  Further, the first encryption key transmitted from the computer by the shared key non-holding output device that does not store the shared key of the mobile phone or printer of the encrypted electronic document processing system in advance, or the mobile phone or printer The second encryption key transmitted from the shared key holding output device that stores the shared key in advance is received, and the received encrypted electronic document is received using the received first encryption key or second encryption key Is decrypted into an electronic document, and the decrypted electronic document is output.

  For this reason, since the encrypted electronic document encrypted according to the unidirectional communication protocol is transmitted, the configuration for transmission / reception is simplified compared to the case of being transmitted according to the bidirectional communication protocol. Costs such as operation costs and maintenance costs can be reduced.

  In addition, a shared key holding output device that stores a shared key in advance in a mobile phone or a printer cannot decrypt an encrypted electronic document unless it receives a randomly extracted character string generated by a computer. The shared key non-holding output device that does not store the shared key in advance in the mobile phone or the printer receives the encryption key via the second communication medium different from the first communication medium to which the randomly extracted character string is transmitted. Unless this is done, the encrypted electronic document cannot be decrypted, so the security of the encrypted electronic document can be improved.

  Further, since the encrypted electronic document can be decrypted and output by the mobile phone and the printer, the convenience of outputting the electronic document can be improved.

  As a result, the security of the encrypted electronic document and the convenience of outputting the electronic document can be improved without increasing the cost.

  Furthermore, since the randomly extracted character string is transmitted via the first communication medium and the encryption key is transmitted via the second communication medium, it is difficult to steal both the randomly extracted character string and the encryption key. It is possible to make it difficult to estimate the shared key from the randomly extracted character string and the encryption key.

  Furthermore, since the encrypted electronic document is transmitted to the printer as it is without being re-encrypted by the mobile phone, the efficiency of transmitting the encrypted electronic document from the computer to the printer via the mobile phone can be improved.

  According to another aspect of the present invention, a service providing apparatus includes a shared key storage unit, an encryption key generation unit, an electronic document encryption unit, an encrypted electronic document transmission unit, a random extraction character string transmission unit, Is provided.

  The shared key storage unit stores the shared key in advance. The randomly extracted character string generation unit generates a randomly extracted character string that is a character string in which randomly extracted characters are arranged. The encryption key generation unit obtains the first encryption key by a predetermined calculation method based on the shared key stored in the shared key storage unit and the randomly extracted character string generated by the randomly extracted character string generation unit. Generate. The electronic document encryption unit encrypts the electronic document into the encrypted electronic document using the first encryption key generated by the encryption key generation unit. The encrypted electronic document transmission unit transmits the encrypted electronic document encrypted by the electronic document encryption unit to the first output device so that a response to the request is not required in the application layer of the OSI reference model. Send according to protocol. The random extraction character string transmission unit transmits the random extraction character string generated by the random extraction character string generation unit to the first output device.

  The encrypted electronic document transmitted to the first output device by the encrypted electronic document transmission unit is randomly extracted with the same shared key as the shared key stored in the shared key storage unit stored in advance in the first output device. The electronic document is decrypted and output using the second encryption key generated by a predetermined calculation method based on the randomly extracted character string transmitted to the first output device by the character string transmission unit.

  The encrypted electronic document transmitted to the first output device and transferred to the second output device by the encrypted electronic document transmission unit is generated by the first output device and transmitted to the second output device. Using the key, the electronic document is decrypted and output.

  According to the present invention, it is possible to provide a service providing apparatus capable of improving the safety of an encrypted electronic document and the convenience of outputting an electronic document without increasing costs.

  According to still another aspect of the present invention, a service providing apparatus includes a shared key storage unit, a randomly extracted character string generation unit, an encryption key generation unit, an electronic document encryption unit, and an encrypted electronic document transmission unit. And a randomly extracted character string transmission unit and an encryption key transmission unit.

  The shared key storage unit stores the shared key in advance. The randomly extracted character string generation unit generates a randomly extracted character string that is a character string in which randomly extracted characters are arranged. The encryption key generation unit obtains the first encryption key by a predetermined calculation method based on the shared key stored in the shared key storage unit and the randomly extracted character string generated by the randomly extracted character string generation unit. Generate. The electronic document encryption unit encrypts the electronic document into the encrypted electronic document using the first encryption key generated by the encryption key generation unit. The encrypted electronic document transmission unit transmits the encrypted electronic document encrypted by the electronic document encryption unit to the first output device so that a response to the request is not required in the application layer of the OSI reference model. Send according to protocol. The random extraction character string transmission unit transmits the random extraction character string generated by the random extraction character string generation unit to the first output device via the first communication medium. The encryption key transmission unit transmits the first encryption key generated by the encryption key generation unit to the second output device via a second communication medium different from the first communication medium.

  The encrypted electronic document transmitted to the first output device by the encrypted electronic document transmission unit is decrypted into an electronic document using the first encryption key transmitted to the first output device by the encryption key transmission unit. Is output.

  The encrypted electronic document transmitted to the first output device by the encrypted electronic document transmission unit and transferred to the second output device is the shared key stored in the shared key storage unit stored in advance in the second output device. To the electronic document using the second encryption key generated by a predetermined calculation method based on the same shared key and the randomly extracted character string transmitted to the second output device by the randomly extracted character string transmitting unit Decoded and output.

  According to the present invention, it is possible to provide a service providing apparatus capable of improving the safety of an encrypted electronic document and the convenience of outputting an electronic document without increasing costs.

  According to still another aspect of the present invention, an encrypted electronic document output device includes a random extraction character string receiving unit, an encrypted electronic document receiving unit, an encrypted electronic document transmitting unit, a shared key storage unit, An encryption key generation unit, an electronic document decryption unit, an output unit, and an encryption key transmission unit are provided.

  The randomly extracted character string receiving unit receives the randomly extracted character string generated by the service providing apparatus that stores the shared key in advance and transmitted from the service providing apparatus via the first communication medium. The encrypted electronic document receiving unit is configured to generate a first cipher generated by the service providing apparatus using a predetermined calculation method based on the shared key stored in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus. An encrypted electronic document obtained by encrypting the electronic document by the service providing apparatus is received using the key. The encrypted electronic document transmission unit sends the encrypted electronic document received by the encrypted electronic document reception unit to another output device according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model. Send. The shared key storage unit stores in advance the same shared key as the shared key stored in the service providing apparatus. The encryption key generation unit obtains the second encryption key by a predetermined calculation method based on the shared key stored in the shared key storage unit and the randomly extracted character string received by the randomly extracted character string receiving unit. Generate. The electronic document decryption unit decrypts the encrypted electronic document received by the encrypted electronic document reception unit into an electronic document, using the second encryption key generated by the second encryption key generation unit. The output unit outputs the electronic document decrypted by the electronic document decryption unit. The encryption key transmission unit transmits the second encryption key generated by the encryption key generation unit to another output device via a second communication medium different from the first communication medium.

  The encrypted electronic document transmitted to the other output device by the encrypted electronic document transmission unit is converted into an electronic document by the other output device using the second encryption key transmitted to the other output device by the encryption key transmission unit. Decoded and output.

  According to the present invention, it is possible to provide an encrypted electronic document output device capable of improving the safety of an encrypted electronic document and the convenience of outputting an electronic document without increasing costs.

  According to still another aspect of the present invention, an encrypted electronic document output device includes an encrypted electronic document reception unit, an encrypted electronic document transmission unit, an encryption key reception unit, an electronic document decryption unit, an output unit, Is provided.

  The encrypted electronic document receiving unit includes a first encryption generated by the service providing apparatus using a predetermined calculation method based on the shared key stored in advance in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus. An encrypted electronic document obtained by encrypting the electronic document by the service providing apparatus is received using the key. The encrypted electronic document transmission unit sends the encrypted electronic document received by the encrypted electronic document reception unit to another output device according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model. Send. The encryption key receiving unit receives the first encryption key generated by the service providing apparatus. The electronic document decryption unit decrypts the encrypted electronic document received by the encrypted electronic document reception unit into an electronic document using the first encryption key received by the encryption key reception unit. The output unit outputs the electronic document decrypted by the electronic document decryption unit.

  The encrypted electronic document transmitted to the other output device by the encrypted electronic document transmission unit is transmitted from the service providing device with the same shared key as the shared key stored in the service providing device stored in the other output device. Using the second encryption key generated by a predetermined calculation method based on the randomly extracted character string, the electronic document is decrypted and output by another output device.

  According to the present invention, it is possible to provide an encrypted electronic document output device capable of improving the safety of an encrypted electronic document and the convenience of outputting an electronic document without increasing costs.

  According to still another aspect of the present invention, an encrypted electronic document output device includes an encrypted electronic document reception unit, an encryption key reception unit, an electronic document decryption unit, and an output unit.

  The encrypted electronic document receiving unit includes a first encryption generated by the service providing apparatus using a predetermined calculation method based on the shared key stored in advance in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus. A cipher that is encrypted by a service providing device using a key and transmitted according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model from the service providing device via another output device. Receive a digitized electronic document. The encryption key receiving unit uses a predetermined calculation method based on the same shared key as the shared key stored in the service providing apparatus stored in advance in another output device and the randomly extracted character string transmitted from the service providing apparatus. A second encryption key generated by another output device is received. The electronic document decryption unit decrypts the encrypted electronic document received by the encrypted electronic document reception unit into an electronic document using the second encryption key received by the encryption key reception unit. The output unit outputs the electronic document decrypted by the electronic document decryption unit.

  The encrypted electronic document transmitted to the other output device is decrypted and output to the electronic document by the other output device using the previous second encryption key generated by the other output device.

  According to the present invention, it is possible to provide an encrypted electronic document output device capable of improving the safety of an encrypted electronic document and the convenience of outputting an electronic document without increasing costs.

  According to still another aspect of the present invention, an encrypted electronic document output device includes an encrypted electronic document reception unit, a randomly extracted character string reception unit, a shared key storage unit, an encryption key generation unit, and an electronic document A decoding unit and an output unit are provided.

  The encrypted electronic document receiving unit includes a first encryption generated by the service providing apparatus using a predetermined calculation method based on the shared key stored in advance in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus. A cipher that is encrypted by a service providing device using a key and transmitted according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model from the service providing device via another output device. Receive a digitized electronic document. The randomly extracted character string receiving unit receives the randomly extracted character string transmitted from the service providing apparatus. The shared key storage unit stores in advance the same shared key as the shared key stored in the service providing apparatus. The encryption key generation unit obtains the second encryption key by a predetermined calculation method based on the shared key stored in the shared key storage unit and the randomly extracted character string received by the randomly extracted character string receiving unit. Generate. The electronic document decryption unit decrypts the encrypted electronic document received by the encrypted electronic document reception unit into an electronic document using the second encryption key generated by the encryption key generation unit. The output unit outputs the electronic document decrypted by the electronic document decryption unit.

  The encrypted electronic document transmitted to the other output device is decrypted and output to the electronic document by the other output device using the first encryption key transmitted from the service providing device to the other output device.

  According to the present invention, it is possible to provide an encrypted electronic document output device capable of improving the safety of an encrypted electronic document and the convenience of outputting an electronic document without increasing costs.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the drawings used for the following description, the same parts are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

(First embodiment) Printing at a destination In the encrypted electronic document processing system 10 according to the present embodiment, a user holding a mobile phone 2 browses an electronic document safely at a business trip destination or the like, and if necessary An example of printing with a printer will be described.

  FIG. 1 is a configuration diagram of the entire encrypted electronic document processing system 10 according to the first embodiment. Referring to FIG. 1, the encrypted electronic document processing system 10 includes a service providing device, a first output device, and a second output device. In addition, each device is connected by a communication network 100, and information can be exchanged by electronic mail. E-mails are common and can be sent and received with files attached. In addition to the communication network 100, the first output device communicates with the second output device by short-range wireless communication such as infrared communication or Bluetooth communication. In the following, the service providing apparatus described so far is referred to as a computer 1 which is a personal computer (hereinafter referred to as a “personal computer”), a first output device as a mobile phone 2, and a second output device as a printer 3. Although described, other devices may be used.

  The computer 1 sends the encrypted electronic document to the mobile phone 2 by mail. At this time, the electronic document can be decrypted and browsed by the mobile phone 2. Further, if necessary, an e-mail attached with an electronic document is transferred from the mobile phone 2 to the printer 3 for safe printing with the printer 3 installed in the public facility. On the other hand, by transferring key information for decrypting the encrypted electronic document to the printer 3 by a method such as infrared communication, the electronic document is decrypted and printed by the printer 3 as well. The electronic document encrypted in the computer 1 is decrypted by the mobile phone 2 and the printer 3 respectively, but the processing authority of the electronic document in each output device is changed depending on the method for obtaining key information necessary for decryption.

  The second encryption key used for encrypting the electronic document is preferably a disposable encryption key that is different for each document for the purpose of reducing the risk of eavesdropping. This encryption key is called a disposable encryption key. The disposable encryption key generates a random character string (hereinafter referred to as “randomly extracted character string”) every time, and uses the randomly extracted character string and the first encryption key as specific information as an appropriate computing means. Can be generated by processing. The specific information is shared by the computer 1 and the mobile phone 2 and is called a shared key. The shared key is information kept secret from devices other than the computer 1 and devices other than the mobile phone 2. An electronic document encrypted with a disposable encryption key can only be decrypted using the same disposable encryption key.

  Note that the user of the computer 1 and the user of the mobile phone 2 may be the same or different. In the same case, the user refers to the electronic document only on the mobile phone 2 without having the computer 1 on a business trip. For this reason, an electronic document necessary for a business trip is encrypted and transmitted from the computer 1 to the mobile phone 2 in advance. When the users are different, for example, when the supervisor operates the computer 1, the subordinate of the sales staff operates the mobile phone 2, and the supervisor sends his / her work instructions or product materials. . In addition, the computer 1 may be a server computer that is not operated by a specific person and is automatically executed. When an event of a certain condition occurs, information regarding the event is automatically encrypted as an electronic document. A server system for transferring to the mobile phone 2 may be used.

  When the electronic document is encrypted and transmitted from the computer 1 to the mobile phone 2, the additional information is encrypted and sent in addition to the electronic document. This additional information is information to be referred to when the encrypted electronic document is processed by an apparatus other than the computer 1 and the mobile phone 2 other than the computer 1 sharing the shared key, that is, the printer 3. In the first embodiment, the additional information realizes permission to print the electronic document by the printer 3 and restricts saving the electronic document as a file in a storage device inside the printer 3. This is a description and definition of security related information.

  An electronic document encrypted by electronic mail is only transferred unilaterally between the devices. For this reason, real-time interaction (data processing for response to a request) of a data request and a response corresponding to the request, which is seen in a general server / client system, does not occur. Note that the absence of interaction means that it is not necessary to always provide a service online on a network basis. For example, if the printer 3 and the computer 1 are connected via a public network such as the Internet, a separate secure line facility such as a VPN (Virtual Private Network), a server facility, labor costs for operation, Maintenance costs are required, which is a problem in terms of cost. However, there is an advantage that this can be avoided if the electronic document encrypted by electronic mail is transferred unilaterally between the devices.

  FIG. 2 is an internal configuration of hardware of the computer 1 according to the first embodiment. Referring to FIG. 2, the computer 1 according to the first embodiment is realized by computer hardware, a program executed by the computer hardware, and data stored in the computer hardware. The computer 1 includes a communication IF (Interface) that provides connection to a CPU (Central Processing Unit) 11, a fixed disk 16, a local area network (hereinafter referred to as “LAN”), etc. ) 15, monitor 14, mouse 13B, keyboard 13A, memory 12, floppy (registered trademark) disk (hereinafter referred to as "FD (Floppy (registered trademark) Disk)") drive 17A, CD-ROM ( Compact Disk Read Only Memory) drive unit 17B. Further, in addition to the FD driving device 17A and the CD-ROM driving device 17B described above, an FD 171A is mounted as a recording medium on the FD driving device 17A. A CD-ROM 171B is mounted as a recording medium in the CD-ROM drive device 17B. The processing in the computer 1 is realized by computer hardware and software executed by the CPU 11. The software is read from the fixed disk 16 to the memory 12 and executed by the CPU 11. The computer hardware itself shown in FIG. 2 is general.

  FIG. 3 is a control block diagram of the mobile phone 2 according to the first embodiment. With reference to FIG. 3, the mobile phone 2 according to the first embodiment is realized by hardware equipped with a computer, a program executed by the hardware, and data stored in the hardware. The mobile phone 2 includes a communication IF 25A and a CPU 21. The cellular phone 2 further includes a monitor 24A, a microphone 23C, a speaker 24B, a camera 23B, a numeric keypad 23A, an external memory card slot 27, an infrared communication unit 25B, and a bus connected to the CPU 21. A computer program for realizing each function of the portable information is stored in a fixed area of the memory 22 of the mobile phone 2 or an external memory card 271 that is a recording medium inserted into the external memory card slot 27. And further transferred to the memory 22. Alternatively, the program may be transmitted from the network to the mobile phone 2 via the communication IF 25 </ b> A and stored in the memory 22. The hardware itself of the mobile phone 2 shown in FIG. 3 is general. Note that the input device of the mobile phone 2 is not limited to the above. For example, instead of the numeric keypad 23A, an externally connected keyboard, a touch panel, an input pen, a barcode reader, or the like that can input information by the user as an information input unit may be used.

  FIG. 4 is a hardware configuration of the printer 3 according to the first embodiment. With reference to FIG. 4, the printer 3 according to the first embodiment is realized by hardware mounted with a computer, a program executed by the hardware, and data stored in the hardware. The printer 3 includes a monitor 34A composed of an LCD or the like, a touch panel 33A, operation buttons 33B, a scanner 33C, and a printing unit 34B. The printer 3 further includes a communication IF 35A and an infrared communication module 35B. The printer 3 further includes a CPU 31, a memory 32, and a fixed disk 36 that are connected to each other via a bus. In the first embodiment, the fixed disk 36 is included. However, the present invention is not limited to this, and any flash memory, external memory card, FD, or CD- can be used as long as it is a storage device for storing a program. Other storage devices such as a ROM may be used. The processing in the printer 3 is realized by printer hardware and software executed by the CPU 31. Computer programs for realizing each function of the printer 3 are stored in the fixed disk 36. The program is loaded into the memory 32 when executed.

  FIG. 5 is a sequence diagram showing the distribution of the shared key, the randomly extracted character string, and the disposable encryption key among the computer 1, the mobile phone 2, and the printer 3 according to the first embodiment.

  In step S1301, in the computer 1 and the mobile phone 2, the shared keys 4A and 4B are held in advance in a part for managing the shared keys.

  In step S1302, a randomly extracted character string 5 is newly generated by the computer 1, and an operation for generating the disposable encryption key 6A is performed using the shared key 4A and the randomly extracted character string 5.

  In step S1303, the disposable encryption key 6A is obtained as a result of the calculation in step S1302. The disposable encryption key 6A is used for encrypting the electronic document and the additional information.

  In step S1304, the randomly extracted character string 5 generated by the computer 1 in step S1303 is transferred to the mobile phone 2 by electronic mail. Further, the disposable key 6B is calculated using the shared key 4B and the randomly extracted character string 5.

  In step S1305, the disposable encryption key 6B is obtained as a result of the calculation in step S1304. The disposable encryption key 6B is used for decrypting the electronic document and the additional information on the mobile phone 2.

  In step S1306, the disposable encryption key 6B in step S1305 is transmitted from the mobile phone 2 to the printer 3 by infrared communication. In the printer 3, the electronic document and the additional information are decrypted using the disposable encryption key 6B.

  As shown in FIG. 5, when the disposable encryption keys 6A and 6B are distributed to each terminal, a plurality of authorities can be realized in each terminal according to the generation method of the disposable encryption keys 6A and 6B.

  FIG. 6 is a block diagram illustrating a functional configuration of the computer 1 according to the first embodiment. According to FIG. 6, the computer 1 stores a document database unit 161 that stores an electronic document to be sent to the mobile phone 2 on a fixed disk 16 and additional information that describes restrictions when the electronic document is processed by the printer 3. 16, an additional information management unit 162 managed by the mobile phone 2, a shared key information management unit 163 that manages the shared key information shared by the mobile phone 2 and the computer 1 by the fixed disk 16, and a different disposable encryption key 6A each time. Randomly extracted character string generator 111 for generating randomly extracted character string 5, disposable key calculator 112 for calculating disposable encryption key 6A from shared key 4A and randomly extracted character string 5, and disposable encryption key 6A And an encryption unit 113 for encrypting the electronic document and the additional information. Furthermore, the computer 1 connects to the communication network 100 by controlling the communication IF 15 and the mail processing unit 114 that creates an electronic mail having the encrypted electronic document and the additional information and the randomly extracted character string 5 as an attached file. A communication control unit 115 that communicates with the other devices and transmits the created electronic mail.

  FIG. 7 is a block diagram showing a functional configuration of the mobile phone 2 according to the first embodiment. According to FIG. 7, the mobile phone 2 communicates with other devices connected to the communication network 100, and receives a communication control unit 215 that receives an e-mail, and processes an attached file included in the received e-mail. Also, a mail processing unit 214 that forwards an e-mail to another e-mail address, a shared key information management unit 263 that manages a shared key 4B shared between the mobile phone 2 and the computer 1, a shared key 4B, The disposable key calculation unit 212 for calculating the disposable encryption key 6B from the randomly extracted character string 5, the decryption unit 213 for decrypting the electronic document encrypted by the disposable encryption key 6B, and the electronic document decrypted by controlling the monitor 24A. And a display unit 216 for displaying. In the first embodiment, the method of obtaining the disposable encryption key 6B is called an authentication state. In other words, whether the disposable encryption key 6B is generated by the calculation based on the shared key 4B shared by the mobile phone 2 and the computer 1 and the randomly extracted character string 5, or obtained by receiving the disposable encryption key 6B directly from an external device. The authentication status indicates one of the received statuses. The mobile phone 2 includes an authentication state storage unit 221 that stores the authentication state and the disposable encryption key 6 </ b> B in the memory 22. The authentication status storage unit 221 can control the authority to process an electronic document that has been decrypted and returned to plain text. Furthermore, the cellular phone 2 includes a disposable key transmission unit 217 that controls the infrared communication unit 25B to transmit information on the disposable key 6B to the printer 3.

  FIG. 8 is a block diagram illustrating a functional configuration of the printer 3 according to the first embodiment. According to FIG. 8, the printer 3 communicates with other devices connected to the communication network 100, receives a communication control unit 315 that receives an email, and mail processing that processes an attached file included in the received email. Unit 314, a job holding unit 319 that temporarily holds an attached file of an e-mail, a disposable encryption key obtaining unit 312 that receives the disposable encryption key 6B transmitted from the mobile phone 2 by the infrared communication unit 35B, and a disposable encryption key The memory 32 stores the decryption unit 313 for decrypting the electronic document encrypted by the key 6B, the print unit 316 for printing the decrypted electronic document by controlling the printing unit 34B, and the authentication state and the disposable encryption key 6B. An authentication information storage unit 321 and additional information processing that restricts the processing method of the electronic document on the printer 3 according to the additional information. And a part 318.

  Tables 1 and 2 show examples of shared keys managed by the shared key information management unit 163 in FIG. 6 and the shared key information management unit 263 in FIG. 7, respectively. Referring to Table 1, in shared key information management unit 163 of computer 1, an entry is configured for each user ID for specifying the user of mobile phone 2. Each entry includes a user ID, a shared key 4A, and an e-mail address. Referring to Table 2, the shared key information management unit 263 of the mobile phone 2 includes the user ID assigned to the user of the mobile phone 2 and the shared key 4B. As a method of sharing the shared keys 4A and 4B between the computer 1 and the mobile phone 2, the computer 1 and the mobile phone 2 are connected by a USB connection cable, and the shared key 4A randomly generated by the computer 1 is connected to the mobile phone 2. It is good also as a shared key 4B of the mobile telephone 2 by transferring via a connection cable.

  Table 3 shows an example of additional information. In the present embodiment, the restriction items when the electronic document is processed by the printer 3 are described by the additional information. Referring to Table 3, the additional information is composed of a plurality of entry items, and defines whether each item of processing for the electronic document in the printer 3 is permitted or not permitted. For example, “save” for storing the electronic document in the storage device of the printer 3 is “impossible”, “print” for printing the electronic document is “permitted”, and the electronic document is sent to a terminal other than the printer 3 by communication means such as e-mail. “Transfer” to be transferred is “impossible”, and “display” for displaying the electronic document on the monitor of the printer 3 is “permitted”. Furthermore, the software operation of the printer 3 can be directly designated as the setting value of the item. For example, “immediately delete” is set as “processing after printing” which is processing for the electronic document after the electronic document is printed by the printer 3. As a method for specifying the operation of the software of the printer 3, a script language that can be directly processed by the software of the printer 3 may be used.

  The additional information shown in Table 3 is an example, and a combination of conditions of each entry item included in the additional information and a description of processing contents after printing may be freely set. As a result, the permissible level of electronic document processing in the printer 3 can be controlled according to the contents of the electronic document transmitted from the computer 1. Therefore, there is a merit that the security policy regarding the electronic document can be appropriately controlled by the information sender, that is, the user of the computer 1. For example, for an important electronic document whose contents should not be known to a third party, the example of additional information in Table 3 is appropriate. On the other hand, if the contents of the electronic document are public, by enabling the transfer item, it is possible to complete the printing at high speed by transferring the job to another printer 3 and performing shared printing simultaneously. Become. As a more specific setting method of each entry item of additional information in the computer 1, several patterns of typical condition combinations of each entry item are prepared, and the electronic document is encrypted when the computer 1 encrypts the electronic document. There is a method in which the user of the computer 1 selects from some additional information of a certain pattern in accordance with the contents of. Other examples of acceptable levels of electronic document processing in the printer 3 include setting a limited authority such as permitting printing only with a copy-prohibited watermark or printing only at a low resolution. May be. In this restriction example, it is possible to control to some extent even how the electronic document after printing is handled.

  FIG. 9 is a diagram showing a format of various information attached to the electronic mail according to the first embodiment. Referring to FIG. 9, electronic document 7 and additional information 8 are encrypted with disposable encryption key 6 </ b> A, and further randomly extracted character string 5 is added to encrypted electronic document 7 and additional information 8. ing. Each information of the encrypted information 9 obtained by encrypting the electronic document 7 and the additional information 8 and the randomly extracted character string 5 may be an individual file, or may be attached after being collected as one file. May be. When the files are collected as one file, it is necessary to insert specific information such as a delimiter character string for determining the delimiter of each information. If the risk of eavesdropping is evaluated here, the electronic document 7 is effective in eavesdropping on the communication path in the sense that the content is not referred to. The additional information 8 has an effect of preventing the security conditions applied by the printer 3 from being referred to for eavesdropping on the communication path. Even if the random extracted character string 5 is wiretapped on the communication path, the disposable encryption keys 6A and 6B cannot be calculated unless the shared key 4A of the computer 1 or the shared key 4B of the mobile phone 2 is held. Therefore, encryption is not performed on the randomly extracted character string 5 here. Further, not performing encryption also has an effect of reducing the burden on an output device having a low hardware specification such as the mobile phone 2, which in turn leads to an effect of improving the work efficiency of the user of the mobile phone 2.

  In FIG. 9, it is described that the electronic document 7 and the additional information 8 are encrypted together. However, even if there is no additional information 8, some control may be possible based on the acquisition path of the disposable encryption key 6B. For example, in each terminal that processes the encrypted electronic document 7, when the disposable encryption key 6B is generated by an operation based on the randomly extracted character string 5 and the shared key 4B, it is limited to processing the electronic document 7. On the other hand, when the disposable encryption key 6B is received from another terminal, the electronic document 7 can be displayed and printed, but can be stored in the internal storage area. This case corresponds to a case where a limited processing authority that cannot be performed is assigned in advance.

  FIG. 10 is a processing sequence diagram of the computer 1 and the mobile phone 2 according to the first embodiment. Referring to FIG. 10, in step S <b> 1101, CPU 11 of computer 1 designates destination mobile phone 2 to which an electronic mail is transmitted. Specifically, an e-mail address is designated as the other party.

  In step S1102, the CPU 11 selects an electronic document to be sent from the computer 1 to the mobile phone 2. At the same time, assuming that the electronic document 7 is transferred from the mobile phone 2 to the printer 3 and printed, the additional information 8 describing restrictions on processing of the electronic document 7 in the printer 3 is appropriately selected.

  In step S <b> 1103, the CPU 11 generates a random extraction character string 5 in the random extraction character string generation unit 111.

  In step S1104, the CPU 11 uses the randomly extracted character string 5 generated in step S1103 and the shared key 4A managed by the shared key information management unit 163 as a condition based on the e-mail address specified in step S1101. Calculation of the disposable encryption key 6A is performed using the selected shared key 4A.

  In step S1105, the CPU 11 performs encryption processing of the electronic document 7 selected in step S1102 and the additional information 8 using the disposable encryption key 6A. Here, the encryption method is a block encryption method, but is not specifically defined. If the length of the disposable encryption key 6A is insufficient, padding is performed appropriately, and if it is long, a hash may be calculated and used as the disposable encryption key 6A.

  In step S1106, the CPU 11 creates an e-mail with the encrypted encrypted information 9 (electronic document 7 and additional information 8) and the randomly extracted character string 5 as an attached file, and the destination specified in step S1101 The mobile phone 2 is used to send an e-mail.

  In step S <b> 1107, the CPU 21 of the mobile phone 2 receives the email transmitted from the computer 1.

  In step S1108, the CPU 21 extracts the randomly extracted character string 5 and the encrypted encrypted information 9 from the attached file of the e-mail.

  In step S1109, when the disposable encryption key 6B has not been received from another device, the CPU 21 manages the randomly extracted character string 5 and the shared key 4B managed by the shared key information management unit 263 of the mobile phone 2. Is used to calculate the disposable encryption key 6B.

  In step S1110, the CPU 21 temporarily stores the calculated disposable encryption key 6B in the authentication state storage unit 221. At this time, the CPU 21 turns ON a disposable encryption key generation flag indicating that the disposable encryption key 6B is calculated and generated in the mobile phone 2 based on the randomly extracted character string 5 and the shared key 4B. Further, the CPU 21 reads out the message ID included in the header information of the e-mail and the e-mail subject in the e-mail processing unit 214, and reads the read message ID and the subject in the authentication state storage unit 221, and the disposable encryption key 6B. And stored in a form associated with the disposable encryption key generation flag.

  In step S1111, the CPU 21 decrypts the electronic document 7 and the additional information 8 from the encrypted encrypted information 9 using the disposable encryption key 6B.

  In step S1113, if the disposable encryption key generation flag is ON, the CPU 21 advances the process to be executed to step S1112. If it is OFF, the CPU 21 advances the process to be executed to step S1114.

  In step S1112, the CPU 21 displays the decrypted electronic document 7 so that it can be browsed.

  In step S1114, the CPU 21 processes the decrypted electronic document 7 in accordance with the information described in the additional information 8.

  Next, when the user of the mobile phone 2 browses the decrypted electronic document 7 and wants to print it on paper, a process for printing the electronic document on the printer 3 installed in the public facility will be described.

  FIG. 11 is a processing sequence diagram of the mobile phone 2 and the printer 3 according to the first embodiment. Referring to FIG. 11, in step S <b> 1201, CPU 21 of mobile phone 2 transfers the e-mail received from computer 1 to printer 3. At this time, the e-mail is transferred while the attached file of the e-mail (encrypted information 9 obtained by encrypting the electronic document 7 and the additional information 8 and the randomly extracted character string 5) is attached.

  Note that, as is commonly done, a general file format such as a PDF (Portable Document Format) file or a JPEG (Joint Photographic Experts Group) file has a function of printing a file without the printer driver of the computer 1. To achieve this, the printer 3 has a function corresponding to the printer driver of the computer 1. Then, an e-mail address is assigned to each printer 3, an e-mail is received by a mail client function installed in the printer 3, and the contents of the PDF file or JPEG file received as an attached file are printed.

  In step S <b> 1202, the CPU 31 of the printer 3 receives the email transferred from the mobile phone 2.

  In step S1203, the CPU 31 extracts the encrypted encryption information 9 from the attached file of the e-mail. Further, the CPU 31 stores the job holding unit 319 as a print waiting job. At this time, the message ID included in the header information of the electronic mail is used as index information. That is, the job held in the job holding unit 319 is managed so that it can be searched using the message ID as a key.

  In step S1204, when the user of the mobile phone 2 completes the movement to the front of the printer 3, the CPU 21 of the mobile phone 2 first uses the infrared communication to set the message ID of the e-mail transferred in step S1201 to the printer. Forward to 3. The CPU 31 of the printer 3 confirms that the job corresponding to this message ID is on hold and returns a message to that effect to the mobile phone 2. The CPU 21 confirms that the printer 3 in communication is the destination printer 3 of the transferred e-mail, and authenticates the printer 3.

  When the printer 3 is authenticated, the CPU 21 transmits the disposable encryption key 6B temporarily stored in the authentication state storage unit 221 of the mobile phone 2 to the printer 3 using infrared communication. If the corresponding job is not on hold in the printer 3, the mail transfer has not arrived on the screen of the mobile phone 2, so the CPU 21 displays that fact. This is the case when printer authentication is performed for a printer 3 other than the mail transfer destination printer 3. For the authentication of the printer 3 by the mobile phone 2, another method such as confirmation of the e-mail address of the printer 3 may be used in combination, which has the effect of increasing the security related to the authentication.

  In step S <b> 1205, the CPU 31 receives the disposable encryption key 6 </ b> B at the disposable key acquisition unit 312 and temporarily stores it in the authentication state storage unit 321. At this time, since the CPU 31 does not generate the disposable encryption key 6B from the randomly extracted character string 5 and the shared key 4B, the CPU 31 determines that the disposable encryption key 6B is the randomly extracted character string 5 and the shared key 4B. Based on the above, the disposable encryption key generation flag indicating that it has been calculated and generated in the printer 3 is turned OFF.

  In step S1206, the CPU 31 decrypts the encrypted information 9 obtained by searching for the job waiting for printing stored in the job holding unit 319 with the message ID in step S1204 using the disposable encryption key 6B, and adds it to the electronic document 7. Information 8 is obtained.

  If the disposable encryption key generation flag is ON in step S1209, the CPU 31 advances the process to be executed to step S1210. If it is OFF, the CPU 31 advances the process to be executed to step S1207. Since the disposable encryption key generation flag is turned off in step S1205, the branch to step S1210 is not normally performed. However, if the printer 3 generates and generates a key for decrypting the electronic document from the shared key and the randomly extracted character string, the process to be executed proceeds to step S1210.

  In step S1207, since the disposable encryption key generation flag of the authentication status storage unit 321 is OFF, the CPU 31 refers to the additional information 8 and prints the electronic document 7 when printing is possible.

  In step S1208, since the disposable encryption key generation lag in the authentication status storage unit is OFF, the CPU 31 refers to the additional information 8 and immediately after printing the electronic document 7, the attached file of the email, the disposable encryption key 6B, And all the data regarding the decrypted electronic document 7 and the electronic document 7 of the additional information 8 are deleted.

  In step S1210, the CPU 31 prints the electronic document 7. In this case, the processing of the electronic document 7 is not particularly limited.

  In the above, the first embodiment has been described in which the service providing device is the computer 1, the first output device is the mobile phone 2, and the second output device is the printer 3. However, the present invention is not limited to this, and the service providing device may be a computer different from the computer 1, and the first output device is a PDA (Personal Digital Assistance) or notebook PC (Personal Computer) which is an output device different from the mobile phone 2. Alternatively, the second output device may be a TV, a projector device, a PC, or the like, which is an output device different from the printer 3.

(First Modification of First Embodiment) Print Meta Information as Additional Information In the first embodiment, the additional information 8 describes restrictions on processing of the electronic document 7 in the printer 3. In the first modification, a case will be described in which metadata of the electronic document 7 that is highly convenient information is added when printing as the additional information 8. Such additional information 8 shortens the printing processing time in the printer 3 so far, improves convenience, and leads to cost reduction of the printer 3.

  Table 4 shows an example of the additional information 8. In this modification, highly convenient information is described when the electronic document 7 is processed by the printer 3 using the additional information 8. Referring to Table 4, the additional information 8 includes information on the total number of pages included in the electronic document as the number of pages. In order to print the electronic document 7, the printer 3 analyzes the entire electronic document 7 and performs a ripping process for generating an image for printing. The total number of pages of the electronic document is information that becomes apparent only after the ripping process is completed in the printer 3. If the number of pages of the electronic document is known before the ripping process is performed by the printer 3, if the printer 3 is charged according to the number of printed pages, the charge for printing can be confirmed before the time-consuming ripping process is completed. For this reason, user convenience is improved.

  The additional information 8 includes information indicating whether the content included in the electronic document 7 is color or monochrome as color / monochrome information. This color / monochrome information can also be used as information for billing before printing, like the information on the number of pages. For this reason, there is a user merit that the charge for printing can be confirmed before the time-consuming ripping process is completed.

  Further, the additional information 8 includes thumbnail image data of each page of the electronic document 7 as thumbnail information. With this thumbnail information, the user can confirm the preview of the electronic document 7 to be printed before the time-consuming ripping process is completed. For this reason, there is a merit for the user.

  Since the total page number and color information of the electronic document are information that can be easily obtained by the computer 1, the computer 1 can easily add the total page number and color information as additional information. The same applies to thumbnail images. If the computer 1 can process an image format such as JPEG or TIFF (Tagged Image File Format), the computer 1 generates a thumbnail for each page of the electronic document in that image format. Thus, the generated thumbnail can be easily added as the additional information 8.

  As described above, the computer 1 performs in advance the count of pages, the determination of color, and the configuration of thumbnails, which are the pre-processing of printing originally performed by the printer 3. Accordingly, more general-purpose software of the computer 1 can be used instead of the printer-embedded software having a high development cost. For this reason, it is not necessary to develop printer embedded software. As a result, the cost of the printer 3 itself can be reduced.

  In the first embodiment, the additional information 8 is not used in the mobile phone 2. However, information that can be used for browsing the electronic document 7 on the mobile phone 2, for example, thumbnail images of each page may be used.

(Second Modification of the First Embodiment) Salt In the first embodiment, the encrypted information 9 obtained by encrypting the electronic document 7 and the additional information 8 and the randomly extracted character string 5 are converted into electronic data. It was transmitted from the computer 1 to the mobile phone 2 as an email attachment. The electronic document 7 and the additional information 8 were encrypted, but the randomly extracted character string 5 was not encrypted. As a result, there is an effect of reducing processing related to decryption in the mobile phone 2.

  On the other hand, the e-mail with the attached file is transferred from the mobile phone 2 to the printer 3. The randomly extracted character string 5 attached to the e-mail is referred to by the printer 3 in plain text. Further, the mobile phone 2 transmits the disposable encryption key 6B to the printer 3. For this reason, the printer 3 can refer to the randomly extracted character string 5 and the disposable encryption key 6B. Normally, the randomly extracted character string 5 is used together with the shared key 4B to generate the disposable encryption key 6B through an appropriate calculation. For this reason, the printer 3 that does not have the shared key 4B does not use the received randomly extracted character string 5, but uses the disposable encryption key 6B obtained by infrared communication as it is.

  However, if a malicious third party modifies the software of the printer 3 or replaces it with another printer 3 to impersonate the original printer 3, the random extracted character string 5 and the disposable encryption The key 6B is wiretapped. For this reason, there is a risk that the shared key 4B is estimated by brute force analysis. If the shared key 4B is analyzed, communication between the computer 1 and the mobile phone 2 can be decrypted in the future. As a result, the security of the entire system is lost.

  As a countermeasure against impersonation of the output device such as the printer 3 or the mobile phone 2, secret information (salt) hard-coded in advance is set in the software of the output device, and the disposable encryption key 6B is used to encrypt the electronic document 7. There is a method of using the second disposable encryption key newly obtained as a result of calculating the salt. The decryption process of the electronic document 7 in the output device uses the second disposable encryption key obtained as a result of calculating the first disposable encryption key 6B and the salt. The first disposable encryption key 6B is transmitted from the cellular phone 2 to the printer 3 by infrared communication.

  According to this method, the computer 1, the mobile phone 2, and the printer 3 constituting the encrypted electronic document processing system 10 each have shared secret information (salt), so that the electronic document 7 can be decrypted. On the other hand, since the terminal trying to impersonate does not have secret information, the electronic document 7 cannot be decrypted. As a result, the security of the entire system can be improved.

(Third Modification of First Embodiment) Randomly Extracted Character String 5 is Encrypted with Shared Key 4A In the first embodiment, encrypted electronic document 7 and additional information 8 are encrypted. The information 9 and the randomly extracted character string 5 are transmitted from the computer 1 to the mobile phone 2 as an email attachment. The electronic document 7 and the additional information 8 were encrypted, but the randomly extracted character string 5 was not encrypted. This is intended to alleviate the process of decryption by the mobile phone 2 as much as possible. As shown in the second modification of the first embodiment, when a malicious third party impersonates the printer 3, the shared keys 4A, 4A, There is a risk that 4B is estimated.

  On the other hand, there is a method of encrypting the randomly extracted character string 5 with the shared key 4A. FIG. 12 is a diagram illustrating a format of various types of information attached to an e-mail according to a third modification of the first embodiment. In the third modified example, there are encrypted information 9 obtained by encrypting the electronic document 7 and the additional information 8 with the disposable encryption key 6A, and encrypted information 9A obtained by encrypting the randomly extracted character string 5 with the shared key 4A. Each is attached to an e-mail as an attached file.

  FIG. 13 is a block diagram illustrating a functional configuration of the computer 1 according to the third modification example of the first embodiment. Explaining only the difference from FIG. 6, the first encryption unit 113A encrypts the electronic document 7 and the additional information 8 with the disposable encryption key 6A, and outputs it to the mail processing unit 114. The second encryption unit 113B performs encryption processing of the randomly extracted character string 5 using the shared key 4A, and outputs it to the mail processing unit 114.

  FIG. 14 is a block diagram illustrating a functional configuration of the mobile phone 2 according to a third modification of the first embodiment. Explaining only the difference from FIG. 7, the first decryption unit 213A decrypts the encrypted electronic document 7 with the disposable encryption key 6B. The second decryption unit 213B decrypts the encrypted randomly extracted character string 5 with the shared key 4B. The second decryption unit 213B outputs the decrypted randomly extracted character string 5 to the disposable key computation unit 212.

  Since the printer 3 does not process any randomly extracted character string 5, the same module configuration as that of the first embodiment can be used as it is.

  In addition to the method of encrypting the randomly extracted character string 5 with the shared key 4A, as a countermeasure against impersonation of the printer 3, when transferring the encrypted electronic document 7 from the mobile phone 2 to the printer 3, There is also a method of transferring after deleting the randomly extracted character string 5 included in the mail. In this case, encryption processing and decryption processing of the randomly extracted character string 5 using the shared keys 4A and 4B in FIGS. 13 and 14 are not required. However, the mobile phone 2 requires a processing process of deleting the randomly extracted character string 5 from the information attached to the e-mail.

(Second Embodiment) Coupon Printing In the first embodiment, the user who owns the mobile phone 2 can safely browse the electronic document 7 at a business trip destination or the like from the computer 1 to the mobile phone 2. The electronic document 7 encrypted with respect to the electronic mail 7 is sent by e-mail, and if necessary, the e-mail received from the computer 1 by the mobile phone 2 is printed by the printer 3 for printing by the printer 3 installed in the public facility. An example of forwarding to was shown. When the electronic document 7 is sent from the computer 1 to the mobile phone 2, since the shared keys 4A and 4B are shared with each other, the calculation is based on the randomly extracted character string 5 distributed simultaneously with the encrypted electronic document 7. The cellular phone 2 decrypts the encrypted electronic document 7 using the possible disposable encryption key 6B. On the other hand, when sent to the mobile phone 2 and the printer 3, the printer 3 does not have the shared secret information such as the shared keys 4A and 4B, and is therefore a disposable that is necessary for decrypting the encrypted electronic document 7. Since the encryption key 6B is required directly, the disposable encryption key 6B is transmitted from the mobile phone 2 to the printer 3 by infrared communication.

  In the encrypted electronic document processing system 10 according to the second embodiment described below, a general user who owns the mobile phone 2 obtains an electronic coupon from the computer 1 which is a service providing server, and stores such as a convenience store An example of printing will be described. Hereinafter, the electronic document 7 indicates an electronic coupon. Therefore, the electronic coupon of the second embodiment has a different purpose of use from the electronic document 7 of the first embodiment.

  A general user who owns the mobile phone 2 receives the electronic coupon by e-mail from the computer 1 which is a service providing server that performs an electronic coupon distribution service as the electronic document 7 via the Internet. The electronic coupon is a ticket for applying a discount at a store such as a convenience store or a restaurant. Furthermore, the user of the mobile phone 2 transfers the e-mail received from the computer 1 to the printer 3 in order to print the electronic coupon free of charge at the printer 3 of the store with which the service providing server is affiliated. In the present embodiment, an electronic coupon, which is the electronic document 7 to be encrypted, is restricted when it is processed by the mobile phone 2 of a general user, and the restriction is imposed on the printer 3 of the store that is affiliated with the server. There is no. Furthermore, a mechanism for making it impossible for the mobile phone 2 to illegally use special information for performing free printing in the printer 3 is also included. Note that the internal configuration of the hardware of the computer 1, the mobile phone 2, and the printer 3 according to the present embodiment is the same as that of the first embodiment, and therefore description thereof will not be repeated.

  FIG. 15 is a configuration diagram of the entire encrypted electronic document processing system 10A according to the second embodiment. Referring to FIG. 15, this encrypted electronic document processing system 10A includes a computer 1A that is a service providing device, a mobile phone 2A that is a first output device, and a second output installed in a public facility. There is a printer 3A as a device. In addition, each device is connected by a communication network 100, and information can be exchanged by electronic mail and Web. E-mails are common and can be sent and received with files attached.

  The computer 1A has the same configuration as that of the computer 1 according to the first embodiment. In the first embodiment, the computer 1 is a personal computer, but in the second embodiment, the computer 1A is a server. The personal computer and the server can be realized by similar hardware. Further, the mobile phone 2A and the printer 3A are the same components as the mobile phone 2 and the printer 3 of the first embodiment. In addition, the application method of the disposable encryption key, the randomly extracted character string, the shared key, etc. used for encrypting the electronic document is the same as that of the first embodiment. On the other hand, in the second embodiment, the computer 1A and the printer 3A can share a shared key and generate a disposable encryption key based on a randomly extracted character string. Further, the mobile phone 2A directly downloads and obtains the disposable encryption key.

  FIG. 16 is a sequence diagram showing distribution of a shared key, a randomly extracted character string, and a disposable encryption key among the computer 1A, the mobile phone 2A, and the printer 3A according to the second embodiment.

  In step S2601, in the computer 1A and the printer 3A, the shared keys 4C and 4D are held in advance in the respective shared key information management units.

  In step S2602, a randomly extracted character string 5A is newly generated by the computer 1A, and an operation for generating a disposable encryption key 6C is performed using the shared key 4C and the randomly extracted character string 5A.

  In step S2603, the disposable encryption key 6C is obtained as a result of the calculation in step S2603. The disposable encryption key 6C is used for encryption of the electronic coupon and the additional information.

  In step S2604, the randomly extracted character string 5A generated by the computer 1A in step S2602 is encrypted with the shared key 4C and then transmitted to the mobile phone 2A by electronic mail.

  In step S2605, the disposable encryption key 6C generated by the computer 1A in step S2603 is downloaded to the mobile phone 2A via the Web and used for decrypting the encrypted electronic coupon.

  In step S2606, the randomly extracted character string 5B held in the state encrypted with the shared key 4C in the mobile phone 2A is received by the printer 3A by e-mail. The randomly extracted character string 5B is decrypted with the shared key 4D, and a plaintext randomly extracted character string 5A is obtained. Further, the disposable key 6D is calculated using the shared key 4D and the randomly extracted character string 5A.

  In step S2607, the disposable encryption key 6D is obtained as a result of the calculation in step S2606. The disposable encryption key 6D is used for decrypting the electronic coupon by the printer 3A.

  In the mobile phone 2A, as shown in step S2605, the disposable encryption key 6C is acquired directly from the computer 1A, so the disposable encryption key generation flag in the authentication status storage unit is turned OFF, and the additional information processing unit With reference to the state, the additional information is applied to the processing of the electronic coupon. On the other hand, in the printer 3A, as shown in step S2607, the disposable encryption key 6D is generated based on the randomly extracted character string 5A and the shared key 4D. Therefore, the disposable encryption key generation flag in the authentication status storage unit is set to ON. Is done.

  FIG. 17 is a block diagram illustrating a functional configuration of a computer 1A according to the second embodiment. According to FIG. 17, the computer 1A includes a document database unit 161 for storing an electronic coupon to be sent to the mobile phone 2A on the fixed disk 16, and first additional information describing restrictions when the electronic coupon is processed by the mobile phone 2A. The first additional information management unit 162A that manages the fixed disk 16 and the shared key information management unit 163A that manages the shared key information shared by the printer 3A and the computer 1A using the fixed disk 16, and generates different disposable encryption keys each time A randomly extracted character string generating unit 111 for generating a randomly extracted character string 5A, a disposable key calculating unit 112 for calculating the disposable encryption key 6C from the shared key 4C and the randomly extracted character string 5A, and a disposable The first encryption unit 113C that encrypts the electronic coupon and the first additional information with the encryption key 6C, and the printer 3A A second additional information management unit 162B that manages the second additional information when processing the coupon, and a second encryption unit 113D that encrypts the randomly extracted character string 5A and the second additional information with the shared key 4C. Including. Furthermore, a mail processing unit 114 that creates an e-mail, a communication control unit 115 that controls the communication IF 15 to communicate with other devices connected to the communication network 100, and a Web processing unit that distributes the disposable encryption key 6C 116 is included. The Web processing unit 116 desirably supports an encryption processing function on a communication path such as SSL (Secure Socket Layer).

  FIG. 18 is a block diagram showing a functional configuration of a mobile phone 2A according to the second embodiment. According to FIG. 18, the mobile phone 2A receives a communication control unit 215 that performs communication with other devices connected to the communication network 100, and an electronic mail sent from the computer 1A, and transmits an attached file included in the electronic mail. A mail processing unit 214 that performs processing and forwards an e-mail to another e-mail address, a browser processing unit 218 that downloads a disposable encryption key from the computer 1A, and an electronic coupon encrypted by the disposable encryption key 6C A decryption unit 213 for decrypting, a display unit 216 for controlling the monitor 24A to display the decrypted electronic coupon, and an authentication state storage unit 221 for storing an authentication state indicating a method for obtaining the disposable encryption key 6C in the memory 22. Including. The browser processing unit 218 preferably supports an encryption processing function on a communication path such as SSL.

  FIG. 19 is a block diagram illustrating a functional configuration of the printer 3A according to the second embodiment. According to FIG. 19, the printer 3A communicates with other devices connected to the communication network 100 to receive an e-mail, and a mail process for processing an attached file included in the received e-mail. Encrypted by the shared key 4C, the shared key information management unit 363 that manages the shared key 4D that is shared by the computer 1A and the printer 3A, the job holding unit 319 that temporarily holds the attachment file of the e-mail, and the shared key 4C A second decryption unit 313B that decrypts the randomized extracted character string 5B and the second additional information, a disposable key computation unit 312A that computes the disposable encryption key 6D using the shared key 4D and the randomly extracted character string 5A, and a disposable An authentication state storage unit 321 for storing a method for obtaining the encryption key 6D, and an electronic coupon encrypted with the disposable encryption key 6D First decoding unit 313A for decoding, printing unit 316 for printing the electronic coupon decoded by controlling the printing unit 34B, and first addition for limiting the processing method of the electronic coupon on the printer 3A according to the first additional information It includes an information processing unit 318A and a second additional information processing unit 318B that limits the electronic coupon processing method on the printer 3A according to the second additional information.

  Note that the shared keys 4C and 4D between the computer 1A and the printer 3A are the same even if there are a plurality of printers 3A, for example, if they are the same partner. The reason for doing this is that the general user of the mobile phone 2A specifies the printer 3A for printing the electronic coupon before the electronic coupon is downloaded from the mobile phone 2A to the computer 1A side. This is because it is impossible without reporting to the computer 1A in advance information on which printer 3A will print.

  Tables 5 and 6 show examples of the first additional information and the second additional information, respectively. In the second embodiment, restrictions on processing an electronic coupon by the mobile phone 2A are described by the first additional information, and special information for free printing of the electronic coupon by the printer 3A by the second additional information. It is described.

  Referring to Tables 5 and 6, the first additional information is composed of a plurality of entry items, and defines permission or disapproval for each of the processing items for the electronic coupon in mobile phone 2A. For example, as for the first additional information, it is “impossible” to store the electronic coupon in the storage device of the main body of the mobile phone 2A, “impossible” to store the electronic coupon in the external memory card of the mobile phone 2A, and transfer to the outside by infrared rays. Defines “impossible” and “permitted” to be displayed on the monitor 24A of the mobile phone 2A.

  Furthermore, the software operation of the mobile phone 2A can be directly specified as the setting value of the item. For example, “process after mail transfer”, which is a process for an electronic coupon after an electronic mail is transferred to the outside in order to print the electronic coupon with the printer 3A, is defined as a process of “replace with a re-download link”. The process of “replace with a re-download link” is a process of replacing with an electronic mail in which link information for re-downloading the electronic coupon from the computer 1A is described instead of the encrypted electronic coupon. . Thereby, when the user of the mobile phone 2A wants to print the electronic coupon again, the electronic coupon can be downloaded again by the link information, so that it is not necessary to access the computer 1A again and perform the procedure. For this reason, there is an effect of increasing repeaters for the service provider. As a method for specifying the operation of the software of the mobile phone 2A, a script language that can be directly processed by the software of the mobile phone 2A may be used.

  The second additional information is composed of a plurality of entry items, and the additional information is defined for each of the processing items for the electronic coupon in the printer 3A. In particular, in the second embodiment, the password for realizing that the general user of the mobile phone 2A prints the electronic coupon free of charge in the printer 3A of the store that is affiliated with the operator of the computer 1A. 2 Defined in additional information. The password for free printing is encrypted with the shared key 4C so as not to be known to general users, and can be decrypted only by the printer 3A.

  In the printer 3A, the cost for printing is charged to the user during normal printing and copying, and the cost for printing is charged to the user when printing an electronic coupon with this free password specified. Is not charged, but is charged to the operator of the partner computer 1A.

  Further, the second additional information includes electronic signature data for the electronic coupon. The electronic signature data is data for verifying falsification of an electronic coupon based on the PKI (Public Key Infrastructure) technology. The electronic signature data has a hash value of an appropriate length of about several tens of bytes of the electronic coupon in the computer 1A on the transmission side. Thus, the data can be obtained by encryption with the secret key of the computer 1A. By comparing the result of calculating the same hash value as that of the computer 1A with the electronic coupon decrypted in the printer 3A and the data obtained by decrypting the electronic signature data using the public key of the computer 1A, the data is falsified in the middle. It can be verified whether there is any. In the second embodiment, when a general user of the mobile phone 2A tampers with additional information included in the electronic coupon, such as a discount rate or an expiration date, the electronic signature is verified by the printer 3A. It becomes possible to detect unauthorized tampering, and it is possible to stop the electronic coupon printing process in the printer 3A.

  The additional information shown in Tables 5 and 6 is an example, and since the allowable level of processing of the electronic coupon in the mobile phone 2A differs depending on the content of the electronic coupon, the computer 1A manages the plurality of first additional information. The operator of the computer 1A selects appropriate additional information according to the contents of the electronic coupon.

  FIG. 20 is a diagram showing a format of various information attached to an electronic mail according to the second embodiment. Referring to FIG. 20, electronic coupon 7A and first additional information 8A are encrypted with disposable encryption key 6C. . Further, the randomly extracted character string 5A and the second additional information 8B are encrypted using the shared key 4C. The encrypted information 9B obtained by encrypting the electronic coupon 7A and the first additional information 8A, and the encrypted information 9C obtained by encrypting the randomly extracted character string 5A and the second additional information 8B are respectively individual files. Or may be grouped as one file. When the files are collected as one file, it is necessary to insert a delimiter character string separately at the delimiter position for determining the delimiter of each information. If the risk for wiretapping is evaluated here, the electronic coupon 7A is effective in wiretapping on the communication path in the sense that the content is not referred to. The first additional information 8A has an effect of preventing the security condition in the mobile phone 2A from being referred to for eavesdropping on the communication path. The random additional character string 5A used for the calculation of the disposable encryption key 6D and the second additional information 8B including the password for free printing are not limited to eavesdropping on the communication path, but can be carried by general users. In the telephone 2A, since there is no shared key, these cannot be decrypted, and security is maintained.

  FIG. 21 is a processing sequence diagram of the computer 1A and the mobile phone 2A according to the second embodiment. The operator of the computer 1A provides a distribution service for the electronic coupon 7A, publishes the content for the mobile phone 2A on the Web, and sends an electronic mail from a person who desires the electronic coupon 7A. It is a trigger for the process of issuing the coupon 7A. That is, as a premise of FIG. 21, the general user of the mobile phone 2A accesses the Web of the computer 1A and sends an e-mail addressed to a specific e-mail address of the computer 1A, thereby acquiring the intention to acquire the electronic coupon 7A. Assume that it is displaying.

  Referring to FIG. 21, in step S2401, CPU 11 of computer 1A selects electronic coupon 7A requested from mobile phone 2A. At the same time, the CPU 11 selects the first additional information 8A describing the restriction items when the electronic coupon 7A is processed in the mobile phone 2A. The e-mail address of the mobile phone 2A can be acquired from the From address of the e-mail addressed to the computer 1A.

  In step S2402, the CPU 11 generates a random extraction character string 5A in the random extraction character string generation unit 111.

  In step S2403, the CPU 11 calculates the disposable encryption key 6C from the randomly extracted character string 5A generated in step S2402 and the shared key 4C managed by the shared key information management unit 163A. Since it is impossible to specify which printer 3A the mobile phone 2A performs printing on, the shared key is shared by the plurality of printers 3A and the computer 1A. For this reason, the process of selecting a shared key does not occur here.

  In step S2404, CPU 11 performs encryption processing of electronic coupon 7A selected in step S2401 and first additional information 8A using disposable encryption key 6C. Here, the encryption method is a block encryption method, but is not specifically defined. If the length of the disposable encryption key 6C is insufficient, padding is appropriately performed. If the length of the disposable encryption key 6C is long, a hash may be calculated and used as the disposable encryption key 6C.

  In step S2405, the CPU 11 performs encryption processing of the randomly extracted character string 5A generated in step S2402 and the second additional information 8B using the shared key 4C. Here, the encryption method is a block encryption method, but is not specifically defined. If the length of the shared key is insufficient, padding is performed appropriately, and if it is long, a hash may be calculated.

  In step S2406, the CPU 11 encrypts the encrypted information 9B encrypted in step S2404 (information obtained by encrypting the electronic coupon 7A and the first additional information 8A) and the encrypted information 9C encrypted in step S2405 (none. An e-mail is created with the attachment of the randomly extracted character string 5A and the second additional information 8B (encrypted information).

  In step S2407, the CPU 11 sets the destination as the mobile phone 2A of the other party and transmits an e-mail. Note that the CPU 11 describes a URL (Uniform Resource Locator) for downloading the disposable encryption key 6C in the e-mail body. This URL is a temporary URL set by the computer 1A so that once it is accessed by the mobile phone 2A and the disposable encryption key 6C is downloaded, it cannot be accessed again.

  In step S2408, the CPU 21 of the mobile phone 2A receives the e-mail transmitted from the computer 1A.

  In step S2409, the CPU 21 acquires link information of the disposable encryption key 6C described in the received electronic mail text.

  In step S2410, CPU21 accesses URL of link information using a browser.

In step S2411, the CPU 11 distributes the disposable encryption key 6C.
In step S2412, the CPU 21 downloads the distributed disposable encryption key 6C. At this time, since the CPU 21 does not generate the disposable encryption key 6C from the randomly extracted character string 6A and the shared key, the CPU 31 determines that the disposable encryption key 6C is the randomly extracted character string 6A and the shared key 4C. Based on the above, the disposable encryption key generation flag indicating that the calculation is generated in the mobile phone 2A is turned OFF.

  Note that when the mobile phone 2A accesses the computer 1A by the link information described in the e-mail transmitted from the computer 1A, the computer 1A authenticates the mobile phone 2A. When the disposable encryption key 6C is downloaded to the mobile phone 2A, the computer 1A changes the disposable encryption key 6C to an undownloadable state, and avoids the risk that a third party illegally obtains the disposable encryption key 6C. To do.

  In step S2413, the CPU 21 decrypts the encrypted electronic coupon 7A and the first additional information 8A using the disposable encryption key 6C.

  In step S2414, if the disposable encryption key generation flag is ON, the CPU 21 advances the process to be executed to step S2416. If it is OFF, the CPU 21 advances the process to be executed to step S2415. Since the disposable encryption key generation flag is turned off in step S2412, branching to step S2416 is not normally performed. However, if the mobile phone 2A generates a key for decrypting the electronic coupon 7A from the shared key and the randomly extracted character string, the process to be executed proceeds to step S2416.

  In step S2415, with reference to the additional information, the CPU 21 displays the electronic coupon 7A so that it can be browsed when the electronic coupon 7A can be displayed.

  In step S2416, CPU 21 displays decrypted electronic coupon 7A so that it can be browsed.

  In step S2411, the browser is used to download the disposable encryption key 6C. However, the present invention is not limited to this, and the disposable encryption key 6C may be attached to the electronic mail and transmitted from the computer 1A to the mobile phone 2A. However, it is necessary to reduce the risk of eavesdropping on the communication path by sending it separately from the e-mail containing the encrypted electronic coupon 7A.

  FIG. 22 is a processing sequence diagram of the mobile phone 2A and the printer 3A according to the second embodiment.

  Referring to FIG. 22, in step S2501, following the sequence in FIG. 21, CPU 21 advances the process to be executed to step S2504 when the disposable encryption key generation flag is ON. If it is OFF, the CPU 21 advances the process to be executed to step S2502. Note that since the disposable encryption key generation flag is turned OFF in step S2412, branching to step S2504 is not normally performed. However, if the mobile phone 2A generates a key for decrypting the electronic coupon 7A from the shared key and the randomly extracted character string, the process to be executed proceeds to step S2504.

  In step S2502, the CPU 21 transfers the email received from the computer 1A to the printer 3A. At this time, the attached file of the e-mail (the encrypted information 9B in which the electronic coupon 7A and the first additional information 8A are encrypted, and the encrypted in which the randomly extracted character string 5A and the second additional information 8B are encrypted) The electronic mail is transferred with the information 9C) attached. At this point, it is assumed that the user of the mobile phone 2A has moved to the front of the printer 3A. Therefore, the e-mail received from the computer 1A is not limited to mail transfer, and may be transferred by infrared communication or Bluetooth.

  In step S2503, according to the description of the first additional information 8A, the CPU 21 performs the process “replace with re-download link” described as the process after the mail transfer on the electronic coupon 7A.

  In step S2504, the CPU 21 performs the same process as in step S2502.

  In step S2510, CPU 31 of printer 3A receives the electronic mail transferred from mobile phone 2A.

  In step S2511, the CPU 31 extracts encrypted encrypted information 9B and encrypted information 9C from the attached file of the e-mail.

  In step S2512, the CPU 31 decrypts the randomly extracted character string 5B and the second additional information 8B from the encrypted encryption information 9C with the shared key 4D.

  In step S2513, the CPU 31 calculates the disposable encryption key 6D from the randomly extracted character string 5A and the shared key 4D.

  In step S2514, the CPU 31 temporarily stores the disposable encryption key 6D in the authentication state storage unit 321. At this time, since the CPU 31 generates the disposable encryption key 6D from the randomly extracted character string 5A and the shared key 4D, the CPU 31 determines that the disposable encryption key 6D is the randomly extracted character string 5A and the shared key 4D. Based on the above, the disposable encryption key generation flag indicating that it has been calculated and generated in the printer 3A is turned ON.

  In step S2515, the CPU 31 decrypts the electronic coupon 7A and the first additional information 8A from the encrypted information 9B using the disposable encryption key 6D.

  In step S2516, if the disposable encryption key generation flag is ON, the CPU 31 advances the process to be executed to step S2517. If it is OFF, the CPU 31 advances the process to be executed to step S2518. Since the disposable encryption key generation flag is turned ON in step S2514, branching to step S2518 is not normally performed. However, if the printer 3A does not generate a key for decrypting the electronic coupon 7A from the shared key 4D and the randomly extracted character string 5A, the process to be executed proceeds to step S2518.

In step S2517, CPU 31 prints electronic coupon 7A.
In step S2518, the CPU 31 processes the electronic coupon 7A according to the information described in the first additional information 8A.

  In step S2519, the CPU 31 confirms whether the second additional information 8B has been decrypted with the shared key 4D. If it has been decrypted, the CPU 31 advances the process to be executed to step S2520. If not decrypted, the CPU 31 advances the process to be executed to step S2521. Normally, since the second additional information 8B has been decoded in step S2512, the branch to step S2521 is not performed. However, if the second additional information 8B cannot be decoded, the process of step S2521 may be executed as an error process.

  In step S2520, based on the second additional information 8B, the CPU 31 charges the printing of the electronic coupon 7A not to the general user but to the partner service server operator.

  In step S2521, the CPU 31 charges the general user for printing the electronic coupon 7A as usual.

  Note that after the mail transfer from the mobile phone 2A to the printer 3A in step S2502, the randomly extracted character string 5B and the second additional information 8B included in the e-mail may be deleted from the mobile phone 2A. As a result, even if the e-mail is transferred again from the mobile phone 2A to the printer 3A, the randomly extracted character string 5B and the second additional information 8B are not transferred. Therefore, the printer 3A can generate the disposable key 6D based on the randomly extracted character string 5A and the shared key 4D only for the first mail transfer. Therefore, there is an effect that the user of the mobile phone 2A can avoid unlimited printing of the electronic coupon 7A for free. Furthermore, if the disposable coupon key 6C is deleted after the electronic coupon 7A is once decrypted in the cellular phone 2A and the printer 3A, then the encrypted electronic coupon 7A is decrypted by both the cellular phone 2A and the printer 3A. Literally has a single-use effect.

  In the above-described embodiment, the invention has been described as the encrypted electronic document processing systems 10 and 10A. However, the present invention is not limited to this, and can be understood as inventions of the computers 1 and 1A, the mobile phones 2 and 2A, and the printers 3 and 3A included in the encrypted electronic document processing systems 10 and 10A.

  In addition, as an encrypted electronic document processing method in which the processes shown in FIGS. 10, 11, 21, and 22 are executed by the computers 1, 1A, the mobile phones 2, 2A, and the printers 3, 3A, respectively. The invention can be caught. Further, as the encrypted electronic document processing programs for causing the computers 1, 1A, the mobile phones 2, 2A, and the printers 3, 3A to execute the processes shown in FIGS. 10, 11, 21, and 22, respectively. The invention can be caught.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

1 is a configuration diagram of an entire encrypted electronic document processing system according to a first embodiment. FIG. It is an internal structure of the hardware of the computer which concerns on 1st Embodiment. It is a control block diagram of the mobile phone according to the first embodiment. 1 is a hardware configuration of a printer according to a first embodiment. It is a sequence diagram which shows distribution | circulation of the shared key between the computer, mobile phone, and printer which concerns on 1st Embodiment, a random extraction character string, and a disposable encryption key. It is a block diagram which shows the functional structure of the computer which concerns on 1st Embodiment. It is a block diagram which shows the functional structure of the mobile telephone which concerns on 1st Embodiment. FIG. 2 is a block diagram illustrating a functional configuration of the printer according to the first embodiment. It is a figure which shows the format of the various information attached to the email which concerns on 1st Embodiment. It is a processing sequence diagram of the computer and the mobile phone according to the first embodiment. FIG. 3 is a processing sequence diagram of the mobile phone and the printer according to the first embodiment. It is a figure which shows the format of the various information attached to the electronic mail which concerns on the 3rd modification of 1st Embodiment. It is a block diagram which shows the functional structure of the computer which concerns on the 3rd modification of 1st Embodiment. It is a block diagram which shows the functional structure of the mobile telephone which concerns on the 3rd modification of 1st Embodiment. It is a block diagram of the whole encryption electronic document processing system which concerns on 2nd Embodiment. It is a sequence diagram which shows distribution | circulation of the shared key, a random extraction character string, and a disposable encryption key among a computer, a mobile telephone, and a printer concerning 2nd Embodiment. It is a block diagram which shows the functional structure of the computer which concerns on 2nd Embodiment. It is a block diagram which shows the functional structure of the mobile telephone which concerns on 2nd Embodiment. It is a block diagram which shows the functional structure of the printer which concerns on 2nd Embodiment. It is a figure which shows the format of the various information attached to the email which concerns on 2nd Embodiment. It is a processing sequence diagram of a computer and a mobile phone according to a second embodiment. It is a processing sequence figure of the mobile telephone and printer which concern on 2nd Embodiment.

Explanation of symbols

  1,1A computer, 2,2A mobile phone, 3,3A printer, 4A-4D shared key, 5,5A, 5B Randomly extracted character string, 6A-6D disposable encryption key, 7 electronic document, 7A electronic coupon, 8 addition Information, 8A first additional information, 8B second additional information, 9, 9A to 9C encrypted information, 10, 10A encrypted electronic document processing system, 11 CPU, 12 memory, 13A keyboard, 13B mouse, 14 monitor, 15 communication IF, 16 Fixed disk, 17A FD drive, 17B CDROM drive, 21 CPU, 22 memory, 23A numeric keypad, 23B camera, 23C microphone, 24A monitor, 24B speaker, 25A communication IF, 25B infrared communication unit, 27x memory Card slot, 31 CPU, 32 memory, 3 A touch panel, 33B operation button, 33C scanner, 34A monitor, 34B printing unit, 35A communication IF, 35B infrared communication unit, 36 fixed disk, 100 communication network, 111 random extraction character string generation unit, 112 disposable key calculation unit, 113 Encryption unit, 113A, 113C First encryption unit, 113B, 113D Second encryption unit, 114 Mail processing unit, 115 Communication control unit, 116 Web processing unit, 161 Document database unit, 162 Additional information management unit, 162A First 1 additional information management unit, 162B second additional information management unit, 163, 163A shared key information management unit, 171A FD, 171B CDROM, 212 disposable key calculation unit, 212A disposable key acquisition unit, 213 decryption unit, 213A first decryption unit 213B second decoding , 214 mail processing unit, 215 communication control unit, 216 display unit, 217 disposable key transmission unit, 218 browser processing unit, 219 additional information processing unit, 221 authentication status storage unit, 263 shared key information management unit, 271 external memory card, 312 Disposable key acquisition unit, 313 decryption unit, 313A first decryption unit, 313B second decryption unit, 314 mail processing unit, 315 communication control unit, 316 printing unit, 318 additional information processing unit, 318A first additional information processing unit, 318B 2nd additional information processing part, 319 Job reservation part, 321 Authentication status memory | storage part, 363 Shared key information management part.

Claims (26)

A service providing apparatus including first shared key storage means for storing a shared key in advance; and second shared key storage means for storing in advance the same shared key as the shared key stored in the first shared key storage means. An encrypted electronic document processing system comprising: a shared key holding output device provided; and a shared key non-holding output device that does not store the shared key in advance,
The service providing apparatus includes:
Randomly extracted character string generating means for generating a randomly extracted character string that is a character string in which randomly extracted characters are arranged;
Based on the shared key stored in the first shared key storage means and the randomly extracted character string generated by the randomly extracted character string generating means, the first encryption key is obtained by a predetermined calculation method. First encryption key generation means for generating;
Electronic document encryption means for encrypting an electronic document into an encrypted electronic document using the first encryption key generated by the first encryption key generation means;
The encrypted electronic document encrypted by the electronic document encryption unit is transferred to a predetermined first output device of the shared key holding output device or the shared key non-holding output device according to the OSI reference model. First encrypted electronic document transmission means for transmitting in accordance with a one-way communication protocol that does not require a response to the request in the application layer;
Randomly extracted character string transmitting means for transmitting the randomly extracted character string generated by the randomly extracted character string generating means to the shared key holding output device via the first communication medium,
The first output device includes:
An encrypted electronic document receiving means for receiving the encrypted electronic document transmitted from the service providing device;
The encrypted electronic document received by the encrypted electronic document receiving unit is transferred to a second output device different from the first output device of the shared key holding output device or the shared key non-holding output device. Second encrypted electronic document transmission means for transmitting in accordance with the one-way communication protocol,
The second output device includes:
An encrypted electronic document receiving means for receiving the encrypted electronic document transmitted from the first output device;
The shared key holding output device
Randomly extracted character string receiving means for receiving the randomly extracted character string transmitted from the service providing device;
Based on the shared key stored in the second shared key storage means and the randomly extracted character string received by the randomly extracted character string receiving means, the second cryptographic key is obtained by the predetermined calculation method. Second encryption key generation means for generating
First electronic document decrypting means for decrypting the encrypted electronic document received by the encrypted electronic document receiving means into the electronic document using the second encryption key generated by the second encryption key generating means; ,
First output means for outputting the electronic document decrypted by the first electronic document decryption means,
The service providing apparatus or the shared key holding output apparatus is
The first encryption key generated by the first encryption key generation unit or the second encryption key generated by the second encryption key generation unit via a second communication medium different from the first communication medium An encryption key transmitting means for transmitting to the shared key non-holding output device,
The shared key non-holding output device
Encryption key receiving means for receiving the first encryption key transmitted from the service providing apparatus or the second encryption key transmitted from the shared key holding output apparatus;
A second electronic device that decrypts the encrypted electronic document received by the encrypted electronic document receiving unit into the electronic document using the first encryption key or the second encryption key received by the encryption key receiving unit. Document decryption means;
An encrypted electronic document processing system comprising: second output means for outputting the electronic document decrypted by the second electronic document decryption means. The first output device is the shared key holding output device;
The second output device is the shared key non-holding output device;
The first output means outputs the electronic document by displaying it,
The encrypted electronic document processing system according to claim 1, wherein the second output unit outputs the electronic document by printing. The service providing apparatus includes:
Using the first encryption key generated by the first encryption key generation unit, additional information that is a condition when the electronic document is output by the first output unit and the second output unit is encrypted and added. Additional information encryption means for encrypting information;
A first encrypted additional information transmitting means for transmitting the encrypted additional information encrypted by the additional information encryption means to the first output device;
The first output device includes:
First encrypted additional information receiving means for receiving the encrypted additional information transmitted from the service providing device;
First additional information decryption for decrypting the encrypted additional information received by the first encrypted additional information receiving means into the additional information using the second encryption key generated by the second encryption key generating means Means,
A second encrypted additional information transmitting means for transmitting the encrypted additional information received by the first encrypted additional information receiving means to the second output device;
The second output device includes:
Second encrypted additional information receiving means for receiving the encrypted additional information transmitted from the first output device;
Second additional information decrypting means for decrypting the encrypted additional information received by the second encrypted additional information receiving means into the additional information using the second encryption key received by the encryption key receiving means; Further comprising
The first output means outputs the electronic document in accordance with the additional information decoded by the first additional information decoding means,
The encrypted electronic document processing system according to claim 2, wherein the second output means outputs the electronic document in accordance with the additional information decrypted by the second additional information decryption means. The service providing apparatus includes:
Additional information setting means for setting a security level as a condition when the electronic document of the additional information is output according to the first output device and the second output device to which the electronic document is output In addition,
4. The encrypted electronic document processing system according to claim 3, wherein the additional information encryption unit encrypts the additional information whose security level is set by the additional information setting unit. The randomly extracted character string transmission means includes:
Randomly encrypting the randomly extracted character string generated by the randomly extracted character string generating means into an encrypted random extracted character string using the shared key stored in the first shared key storage means Including extracted string encryption means,
Sending the encrypted random extracted character string encrypted by the random extracted character string encryption means;
The randomly extracted character string receiving means receives the encrypted random extracted character string transmitted from the service providing device,
The second encryption key generation means includes
Random extraction for decrypting the encrypted random extracted character string received by the random extracted character string receiving means into a random extracted character string using the shared key stored in the second shared key storage means Including string decoding means,
The second encryption key is generated based on the shared key stored in the second shared key storage unit and the randomly extracted character string decrypted by the randomly extracted character string decrypting unit. The encrypted electronic document processing system described in 1. The second output device is the shared key holding output device;
The first output device is the shared key non-holding output device;
The randomly extracted character string transmission means includes:
Random extraction for encrypting a random extracted character string generated by the randomly extracted character string generating means into an encrypted random extracted character string using the shared key stored in the first shared key storage means Including string encryption means,
Transmitting the encrypted random extraction character string encrypted by the random extraction character string encryption means to the shared key holding output device via the shared key non-holding output device;
The randomly extracted character string receiving means includes:
Receiving the encrypted randomly extracted character string transmitted from the service providing device via the shared key non-holding output device;
The second encryption key generation means includes
Random extraction for decrypting the encrypted random extracted character string received by the random extracted character string receiving means into a random extracted character string using the shared key stored in the second shared key storage means Including string decoding means,
Based on the shared key stored in the second shared key storage unit and the randomly extracted character string decrypted by the randomly extracted character string decrypting unit, the second encryption key is generated,
The first output means outputs the electronic document by printing;
The encrypted electronic document processing system according to claim 1, wherein the second output unit outputs the electronic document by displaying the electronic document. The service providing apparatus includes:
Using the first encryption key generated by the first encryption key generation unit, additional information that is a condition when the electronic document is output by the first output unit and the second output unit is encrypted and added. Additional information encryption means for encrypting information;
A first encrypted additional information transmitting means for transmitting the encrypted additional information encrypted by the additional information encrypting means to the first output device;
The first output device includes:
First encrypted additional information receiving means for receiving the encrypted additional information transmitted from the service providing device;
First additional information decryption for decrypting the encrypted additional information received by the first encrypted additional information receiving means into the additional information using the first encryption key received by the first encryption key receiving means. Means,
A second encrypted additional information transmitting means for transmitting the encrypted additional information received by the first encrypted additional information receiving means to the second output device;
The second output device includes:
Second encrypted additional information receiving means for receiving the encrypted additional information transmitted from the first output device;
Second additional information decryption for decrypting the encrypted additional information received by the second encrypted additional information receiving means into the additional information using the second encryption key generated by the second encryption key generating means. And further comprising means,
The first output means outputs the electronic document according to the additional information decoded by the second additional information decoding means,
The encrypted electronic document processing system according to claim 6, wherein the second output unit outputs the electronic document according to the additional information decrypted by the first additional information decrypting unit. The first output device includes:
Further comprising generation information storage means for storing generation information indicating whether or not the second encryption key has been generated by the first output device;
The output means provided in the first output device of the first output means or the second output means is configured to output the electronic according to the additional information according to the generation information stored in the generation information storage means. The encrypted electronic document processing system according to claim 3 or 7, which outputs a document. The second output device includes:
Further comprising generation information storage means for storing generation information indicating whether or not the second encryption key has been generated by the second output device;
The output means included in the second output device of the first output means or the second output means is configured to output the electronic according to the additional information according to the generation information stored in the generation information storage means. The encrypted electronic document processing system according to claim 3 or 7, which outputs a document. The additional information includes metadata of the electronic document,
The first output device includes:
Before the electronic document is output by the output means provided in the first output device of the first output means or the second output means, based on the metadata included in the additional information, A first output preprocessing means for preprocessing electronic document output;
The second output device includes:
Before the electronic document is output by the output means provided in the second output device of the first output means or the second output means, based on the metadata included in the additional information, 8. The encrypted electronic document processing system according to claim 3, further comprising second output preprocessing means for performing preprocessing of output of the electronic document. The service providing apparatus includes:
Predetermined information encryption means for encrypting predetermined information into encrypted predetermined information using the shared key stored in the first shared key storage means;
A first encrypted predetermined information transmitting means for transmitting the encrypted predetermined information encrypted by the predetermined information encryption means to the first output device;
The first output device includes:
First encrypted predetermined information receiving means for receiving the encrypted predetermined information transmitted from the service providing device;
A second encrypted predetermined information transmitting means for transmitting the encrypted predetermined information received by the first encrypted predetermined information receiving means to the second output device;
The second output device includes:
Second encrypted predetermined information receiving means for receiving the encrypted predetermined information transmitted from the first output device;
Predetermined information decrypting means for decrypting the encrypted predetermined information received by the second encrypted predetermined information receiving means into the predetermined information using the shared key stored in the second shared key storage means; The encrypted electronic document processing system according to claim 6. The predetermined information is an electronic signature for verifying falsification of the electronic document,
The second output device includes:
12. The encrypted electronic document processing system according to claim 11, further comprising electronic document verification means for verifying tampering of the electronic document using the predetermined information decrypted by the predetermined information decryption means. The predetermined information is information relating to billing for the output of the electronic document in the second output device,
The second output device includes:
12. The encrypted electronic document processing system according to claim 11, further comprising charging means for charging the output of the electronic document by the first output means based on the predetermined information decrypted by the predetermined information decrypting means. .   The first encrypted electronic document transmission unit and the second encrypted electronic document transmission unit are respectively configured to transmit the encrypted electronic document as an attachment file of an electronic mail according to an electronic mail protocol which is the one-way communication protocol. The encrypted electronic document processing system according to claim 1, wherein: The encryption key transmitting means includes
The shared key non-holding output device that transmits the first encryption key or the second encryption key transmits the encrypted electronic document by the first encrypted electronic document transmission unit or the second encrypted electronic document transmission unit. A destination authentication means for authenticating whether or not the shared key non-holding output device is,
The first encryption key or the second encryption key is transmitted when the transmission destination authentication unit authenticates the shared key non-holding output device that has transmitted the encrypted electronic document. Item 15. The encrypted electronic document processing system according to any one of Items 14 to 14. The service providing apparatus, the shared key holding output apparatus, and the shared key non-holding output apparatus are respectively
A secret information storage unit that prestores secret information used to encrypt and decrypt the first encryption key or the second encryption key;
The electronic document encryption means includes:
3rd encryption key production | generation means which produces | generates a 3rd encryption key based on the said secret information memorize | stored in the said secret information storage means and the said 1st encryption key produced | generated by the said 1st encryption key production | generation means ,
Encrypting the electronic document into the encrypted electronic document using the third encryption key generated by the third encryption key generating means;
The first electronic document decryption means includes:
4th encryption key production | generation means which produces | generates a 4th encryption key based on the said secret information memorize | stored in the said secret information storage means and the said 2nd encryption key produced | generated by the said 2nd encryption key production | generation means ,
Decrypting the encrypted electronic document into the electronic document using the fourth encryption key generated by the fourth encryption key generating means;
The second electronic document decryption means includes:
A fifth encryption key for generating a fifth encryption key based on the secret information stored in the secret information storage means and the first encryption key or the second encryption key received by the encryption key receiving means Including generating means,
The encrypted electronic document according to any one of claims 1 to 15, wherein the encrypted electronic document is decrypted into the electronic document by using the fifth encryption key generated by the fifth encryption key generating means. Document processing system. The shared key holding output device
Randomly extracted character string deletion that deletes the randomly extracted character string corresponding to the second encryption key used for decryption after the encrypted electronic document is decrypted into the electronic document by the first electronic document decryption means The encrypted electronic document processing system according to any one of claims 1 to 16, further comprising means. The encrypted electronic document processing system includes a plurality of shared key holding output devices,
The first shared key storage means stores the shared key in advance for each of the plurality of shared key holding output devices,
The first encryption key generation unit includes the shared key stored in the first shared key storage unit according to the shared key holding output device to which the encrypted electronic document is transmitted, and the randomly extracted character string. The encrypted electronic document processing system according to any one of claims 1 to 17, wherein the first encryption key is generated based on: The first output device includes:
An electronic document that replaces the encrypted electronic document with link information for receiving the encrypted electronic document from the service providing apparatus after the encrypted electronic document is transmitted by the second encrypted electronic document transmitting means. A replacement means,
The encrypted electronic document receiving means requests the service providing apparatus to transmit the encrypted electronic document based on the link information replaced by the electronic document replacing means, and the service providing apparatus in response to the request The encrypted electronic document processing system according to any one of claims 1 to 18, wherein the encrypted electronic document transmitted from the server is received again. The service providing device is a computer;
The first output device is a mobile phone;
The encrypted electronic document processing system according to any one of claims 1 to 19, wherein the second output device is a printer. Shared key storage means for storing the shared key in advance;
Randomly extracted character string generating means for generating a randomly extracted character string that is a character string in which randomly extracted characters are arranged;
Based on the shared key stored in the shared key storage means and the randomly extracted character string generated by the randomly extracted character string generating means, a first encryption key is generated by a predetermined calculation method. An encryption key generation means;
Electronic document encryption means for encrypting an electronic document into an encrypted electronic document using the first encryption key generated by the encryption key generation means;
Encryption for transmitting the encrypted electronic document encrypted by the electronic document encryption means to the first output device according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model Electronic document transmission means;
Randomly extracted character string transmitting means for transmitting the randomly extracted character string generated by the randomly extracted character string generating means to the first output device,
The encrypted electronic document transmitted to the first output device by the encrypted electronic document transmission unit is shared with the shared key stored in the shared key storage unit stored in advance in the first output device. Using the second encryption key generated by the predetermined calculation method based on the key and the randomly extracted character string transmitted to the first output device by the randomly extracted character string transmitting means, the electronic The document is decrypted and output,
The encrypted electronic document transmitted to the first output device and transferred to the second output device by the encrypted electronic document transmission means is generated by the first output device and transmitted to the second output device. A service providing apparatus that decrypts and outputs the electronic document using the second encryption key. Shared key storage means for storing the shared key in advance;
Randomly extracted character string generating means for generating a randomly extracted character string that is a character string in which randomly extracted characters are arranged;
Based on the shared key stored in the shared key storage means and the randomly extracted character string generated by the randomly extracted character string generating means, a first encryption key is generated by a predetermined calculation method. An encryption key generation means;
Electronic document encryption means for encrypting an electronic document into an encrypted electronic document using the first encryption key generated by the encryption key generation means;
Encryption for transmitting the encrypted electronic document encrypted by the electronic document encryption means to the first output device according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model Electronic document transmission means;
Randomly extracted character string transmitting means for transmitting the randomly extracted character string generated by the randomly extracted character string generating means to the first output device via a first communication medium;
Encryption key transmission means for transmitting the first encryption key generated by the encryption key generation means to a second output device via a second communication medium different from the first communication medium,
The encrypted electronic document transmitted to the first output device by the encrypted electronic document transmission unit uses the first encryption key transmitted to the first output device by the encryption key transmission unit, The electronic document is decrypted and output,
The encrypted electronic document transmitted to the first output device by the encrypted electronic document transmission unit and transferred to the second output device is stored in the shared key storage unit stored in advance in the second output device Is generated by the predetermined calculation method based on the same shared key as the shared key stored in and the randomly extracted character string transmitted to the second output device by the randomly extracted character string transmitting means. 2. A service providing apparatus that decrypts and outputs the electronic document using an encryption key. Randomly extracted character string receiving means for receiving a randomly extracted character string generated by a service providing device that stores a shared key in advance and transmitted from the service providing device via the first communication medium;
Using the first encryption key generated by the service providing apparatus by a predetermined calculation method based on the shared key stored in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus An encrypted electronic document receiving means for receiving an encrypted electronic document in which the electronic document is encrypted by the service providing device;
An encrypted electronic document for transmitting the encrypted electronic document received by the encrypted electronic document receiving means to another output device according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model A transmission means;
Shared key storage means for storing in advance the same shared key as the shared key stored in the service providing device;
Based on the shared key stored in the shared key storage means and the randomly extracted character string received by the randomly extracted character string receiving means, a second encryption key is generated by the predetermined calculation method Encryption key generation means for
Electronic document decryption means for decrypting the encrypted electronic document received by the encrypted electronic document reception means into the electronic document using the second encryption key generated by the second encryption key generation means;
Output means for outputting the electronic document decrypted by the electronic document decryption means;
Encryption key transmitting means for transmitting the second encryption key generated by the encryption key generating means to the other output device via a second communication medium different from the first communication medium,
The encrypted electronic document transmitted to the other output device by the encrypted electronic document transmission unit uses the second encryption key transmitted to the other output device by the encryption key transmission unit, and the other An encrypted electronic document output device that is decrypted and output to the electronic document by the output device. The service provision using the first encryption key generated by the service providing apparatus by a predetermined calculation method based on the shared key stored in advance in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus An encrypted electronic document receiving means for receiving an encrypted electronic document in which the electronic document is encrypted by the device;
An encrypted electronic document for transmitting the encrypted electronic document received by the encrypted electronic document receiving means to another output device according to a one-way communication protocol that does not require a response to a request in the application layer of the OSI reference model A transmission means;
Encryption key receiving means for receiving the first encryption key generated by the service providing device;
Electronic document decryption means for decrypting the encrypted electronic document received by the encrypted electronic document reception means into the electronic document using the first encryption key received by the encryption key reception means;
Output means for outputting the electronic document decrypted by the electronic document decryption means,
The encrypted electronic document transmitted to the other output device by the encrypted electronic document transmission means is the same shared key as the shared key stored in the service providing device stored in the other output device and the service. A cipher that is decrypted and output to the electronic document by the other output device using the second encryption key generated by the predetermined calculation method based on the randomly extracted character string transmitted from the providing device Electronic document output device. The service using the first encryption key generated by the service providing apparatus by a predetermined calculation method based on the shared key stored in advance in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus. The electronic document is encrypted by the providing device, and the encrypted electronic document transmitted according to the one-way communication protocol that does not require a response to the request in the application layer of the OSI reference model via the other output device from the service providing device is received An encrypted electronic document receiving means,
Based on the same shared key stored in advance in the other output device as the shared key stored in the service providing device and the randomly extracted character string transmitted from the service providing device, the other Encryption key receiving means for receiving the second encryption key generated by the output device;
Electronic document decryption means for decrypting the encrypted electronic document received by the encrypted electronic document reception means into the electronic document using the second encryption key received by the encryption key reception means;
Output means for outputting the electronic document decrypted by the electronic document decryption means,
The encrypted electronic document transmitted to the other output device is decrypted and output to the electronic document by the other output device using the previous second encryption key generated by the other output device. Encrypted electronic document output device. The service using the first encryption key generated by the service providing apparatus by a predetermined calculation method based on the shared key stored in advance in the service providing apparatus and the randomly extracted character string generated by the service providing apparatus. The electronic document is encrypted by the providing device, and the encrypted electronic document transmitted according to the one-way communication protocol that does not require a response to the request in the application layer of the OSI reference model via the other output device from the service providing device is received. An encrypted electronic document receiving means,
Randomly extracted character string receiving means for receiving the randomly extracted character string transmitted from the service providing device;
Shared key storage means for storing in advance the same shared key as the shared key stored in the service providing device;
Based on the shared key stored in the shared key storage means and the randomly extracted character string received by the randomly extracted character string receiving means, a second encryption key is generated by the predetermined calculation method Encryption key generation means for
Electronic document decrypting means for decrypting the encrypted electronic document received by the encrypted electronic document receiving means into the electronic document using the second encryption key generated by the encryption key generating means;
Output means for outputting the electronic document decrypted by the electronic document decryption means,
The encrypted electronic document transmitted to the other output device is decrypted into the electronic document by the other output device using the first encryption key transmitted from the service providing device to the other output device. An encrypted electronic document output device to be output.

Images