JP6800045B2 - Signature support server, relay server, signature support program, and relay program - Google Patents

Description

The present invention relates to a signature support server, a relay server, a signature support program, and a relay program, and relates to, for example, an electronic PO Box system.

Email is widely used. E-mail is used not only for communication between individuals, but also as a means of communication between businesses and customers.
However, e-mail has a problem of poor reliability, for example, the address is invalid or the owner (user) of the e-mail address is left unattended.

Therefore, electronic PO Boxes, which provide users with electronic mailboxes under identity verification and expand conventional postal services on communication networks, have come to be used.
Since the electronic PO Box is as reliable as a physical mailbox,, for example, a business operator can create a contract with an electronic document file and deliver it as an electronic mail.

A technique using such an electronic PO Box includes "Service Providing System, Falsification Check Method and Falsification Check Program" of Patent Document 1.
In this technology, when a user accesses some server and receives a service from the server, an electronic PO Box is used to record the user's access history in the electronic PO Box.
By collating the history remaining on the server with the access history of the electronic PO Box, unauthorized access (spoofing, falsification, etc.) by a third party can be detected.

As described above, the electronic PO Box can deliver electronic mail to the user as a document file in the same way as the conventional mailing of documents in paper media, so the business operator can only send in conventional paper media such as contracts. The transaction documents can be sent to the electronic PO Box by electronic data.
As a result, the business side can greatly reduce the cost, the user side can save the trouble of receiving and storing the document, and the loss of the document can be prevented. Furthermore, it matches the direction of e-government promotion.
In addition, while such electronic PO Boxes are being promoted, the My Number system has been started, and the government is working in the direction that each citizen has his or her own My Number card (IC card).
The My Number card stores a private key for electronic signature, and has a function of electronically signing in the My Number card using this.

By the way, transaction documents are often required to be signed or stamped, but there is a problem that there is no means for signing or stamping a document file addressed to an electronic PO Box and returning it to the distributor.
Therefore, the user had to print out the document file on a paper medium, sign and seal it, and mail it to the distributor by ordinary mail.

Japanese Unexamined Patent Publication No. 2011-22825

An object of the present invention is to enable a user to electronically sign a file of an electronic mail piece sent to an electronic PO Box.

(1) In the invention according to claim 1, a connection means for connecting to a terminal having a connection interface with a portable semiconductor device that stores a private key and digitally signs using the private key, and an electronic private book box are used. The identification information receiving means that accepts the input of the identification information notified together with the original file that defines the signature content via the terminal, the signature target file specifying means that specifies the signature target file using the received identification information, and the above. A signature target value acquisition means for acquiring the signature target value of the specified signature target file, a signature target value transmission means for transmitting the acquired signature target value to the portable semiconductor device via the connection interface, and the portable type. Provided is a signature support server including an electronic signature receiving means for receiving an electronic signature generated by the semiconductor device using the transmitted signature target value via the connection interface.
(2) The signature support server according to claim 1, wherein the signature target value acquisition means calculates and acquires a signature target value from the specified signature target file in the invention according to claim 2. I will provide a.
(3) In the invention according to claim 3, an incidental means for attaching the received electronic signature to the specified signature target file and a signature target file output means for outputting the signature target file accompanied by the electronic signature. The signature support server according to claim 2, wherein the signature support server is provided.
(4) In the invention according to claim 4, the specified signature target file is decryptably encrypted with a predetermined password, and the password notified from the connected terminal together with the identification information in the electronic private book box. The signature target value acquisition means includes a password acquisition means for acquiring the password and a decryption means for decrypting the signature target file using the acquired password, and the signature target value acquisition means is a signature target from the decrypted signature target file. The signature support server according to claim 1, claim 2, or claim 3, characterized in that the value is acquired.
(5) The invention according to claim 5, wherein any one of claims 1 to 4 is provided with an erasing means for erasing the specified signature target file after a predetermined period. The signature support server described in the section is provided.
(6) In the invention according to claim 6, the signature content is specified, and the original file acquisition means for acquiring the original file associated with the predetermined electronic private book box account from the business server of the predetermined business entity and the above-mentioned acquisition. A signature target file creation means that creates a signature target file that corresponds to the original file and is a target of digital signature, an identification information generation means that generates identification information that identifies the created signature target file, and the acquired original file. And the original file transmitting means for transmitting the generated identification information to the predetermined electronic private book box account in correspondence with the signature, and the signature to be transmitted to the predetermined signature support server by associating the created signature target file with the generated identification information. The target file transmitting means, the signature receiving means for receiving the electronic signature generated for the transmitted signature target file from the signature support server, and the signature transmitting means for transmitting the received electronic signature to the business server. Provided is a relay server characterized in that the above is provided.
(7) In the invention according to claim 7, the signature target file creation means creates the signature target file by encrypting the signature target file so that it can be decrypted with a predetermined password, and the original file transmission means uses the password. The relay server according to claim 6, wherein the relay server is transmitted in association with the original file.
(8) The invention according to claim 8, wherein the signature target file creating means creates a copy of the original file as the signature target file, according to claim 6 or 7. Provide a relay server.
(9) In the invention according to claim 9, the signature target file creating means creates a plurality of signature target files corresponding to the original file, and the identification information generating means creates the created plurality of signature target files. The identification information is generated in correspondence with each of the above, and the signature target file transmitting means is characterized in that the created plurality of signature target files are associated with the generated identification information and transmitted to the signature support server. The relay server according to claim 6, claim 7, or claim 8 is provided.
(10) In the invention according to claim 10, a plurality of electronic PO Box accounts are associated with the acquired original file, and a list acquisition means for acquiring a list of the plurality of electronic PO Box accounts is provided. The relay according to claim 9, wherein the original file transmitting means associates the acquired original file with the generated identification information and transmits the acquired original file to a plurality of electronic PO Box accounts included in the acquired list. Provide a server.
(11) In the invention according to claim 11, a connection function for storing a private key and connecting to a terminal having a connection interface with a portable semiconductor device for electronically signing using the private key, and an electronic private book box are used. The identification information reception function that accepts the input of the identification information notified together with the original file that defines the signature content via the terminal, the signature target file identification function that specifies the signature target file using the received identification information, and the above. A signature target value acquisition function for acquiring the signature target value of the specified signature target file, a signature target value transmission function for transmitting the acquired signature target value to the portable semiconductor device via the connection interface, and the portable type. Provided is a signature support program that realizes an electronic signature receiving function in which a semiconductor device receives an electronic signature generated by using the transmitted signature target value via the connection interface, and a computer.
(12) In the invention according to claim 12, the original file acquisition function for defining the signature content and acquiring the original file associated with the predetermined electronic private book box account from the business server of the predetermined business entity and the above-mentioned acquisition. A signature target file creation function that creates a signature target file that corresponds to the original file and is a target of electronic signature, an identification information generation function that generates identification information that identifies the created signature target file, and the acquired original file. The original file transmission function that associates the generated identification information with the generated identification information and sends it to the predetermined electronic private book box account, and the signature that associates the created signature target file with the generated identification information and transmits it to the predetermined signature support server. A target file transmission function, a signature reception function for receiving an electronic signature generated for the transmitted signature target file from the signature support server, and a signature transmission function for transmitting the received electronic signature to the business server. , Is provided as a relay program that realizes on a computer.

According to the present invention, the user can add an electronic signature to the file of the electronic mail sent to the electronic PO Box.

It is a figure which showed the structure of an electronic mail system. It is a figure which showed the hardware structure such as a relay server. It is a figure for demonstrating the logical structure of each DB. It is a figure for demonstrating each screen. It is a flowchart for demonstrating the registration procedure to an electronic mail system. It is a flowchart for demonstrating the procedure which prepares to digitally sign. It is a flowchart for demonstrating the procedure of performing a digital signature. It is a figure for demonstrating the modification 1. FIG. It is a figure for demonstrating the modification 2.

(1) Outline of the Embodiment When the relay server 3 (FIG. 1) receives the contract file 10a addressed to the account 13 from the business server 2, it creates a duplicate contract file 10b and creates a duplicate contract file 10b. Generates identification information that identifies.
As a result, the contract file 10a, which is the original file defining the contents of the contract, and the contract file 10b, which receives an electronic signature instead, are associated with each other by the identification information.
Then, the relay server 3 transmits the contract file 10a and the identification information to the PO Box server 4, and transmits the contract file 10b and the identification information to the signature support server 5.

The user accesses his / her own account 13 from the terminal 6, browses the contract file 10a, and then makes a note of the identification information and refrains from doing so.
Then, the user visits the IC card terminal 8 installed in a public facility (for example, a convenience store or a government office) with his / her own IC card 7 (for example, a my number card) and the identification information that is reserved.

When the user sets the IC card 7 in the IC card terminal 8, the signature support server 5 and the IC card 7 are in a state of being able to communicate with each other via the IC card terminal 8.
The signature support server 5 prompts the user to input the identification information by using the display of the IC card terminal 8, and the user inputs the identification information reserved in response to the input from the IC card terminal 8. The IC card terminal 8 transmits the identification information input in this way to the signature support server 5.

The signature support server 5 identifies the contract file 10b by the identification information.
Further, the signature support server 5 requests the user to input a personal identification number for electronically signing with the IC card 7 by the IC card terminal 8.
When the signature support server 5 receives the password, it calculates the hash value of the contract file 10b and transmits the hash value and the password to the IC card 7 to instruct the execution of the electronic signature.

On the other hand, the IC card 7 generates an electronic signature by encrypting the hash value with the private key stored in the IC card 7 after confirming that the password is appropriate, and the signature support server 5 Send to.
The signature support server 5 attaches this electronic signature to the contract file 10b to generate the contract file 10c, and transmits this to the relay server 3. The relay server 3 transmits this to the business server 2.

As described above, the business server 2 can obtain the contract file 10c in which the user's electronic signature is made on the contract file 10a.
If there is an environment in which the user can access the IC card 7 from the terminal 6, the above processing can be performed at home, for example, but even if the user does not have such an environment personally, the public IC An electronic signature can be made using the card terminal 8.

(2) Details of the Embodiment FIG. 1 is a diagram showing a configuration of an electronic mail system 1 according to a first embodiment of the present invention.
The electronic mail system 1 includes business servers 2, 2, ..., relay servers 3, private book box servers 4, signature support servers 5, user terminals 6, 6, ... Operated by business entities A, B, .... The IC card terminals 8, 8, ..., IC cards 7, 7, ..., Etc. are arranged so as to be connectable via a communication network such as the Internet.

The communication performed by these is encrypted using, for example, SSL (Secure Sockets Layer) or the like, and the content is concealed from the outside.
In the following, explanations will be given in correspondence with the numbers shown in parentheses in the figure.

The business server 2 is a server operated by various business entities or individuals such as companies such as financial institutions, insurance companies, automobile dealers, real estate companies, and content sales companies, accounting offices, and government / local government agencies. The contract file 10a addressed to the user (for example, user A) is transmitted to the relay server 3 (1).

The contract file 10a is an electronic mail containing an account number corresponding to the address and address of the mail, document data of the contract, etc., and corresponds to the original file that is the original that defines the signature contents by the following processing. ..
In the present embodiment, the electronic mail to be processed is the contract file 10a, but the present invention is not limited to this, and other document files (for example, invoices) and contents can be digitally signed. Electronic information can be widely used.

The relay server 3 is a server operated by the relay server operator, intervenes between the business server 2, the private book box server 4, and the signature support server 5, and the user cooperates with the relay server 3 for the contract file 10a. To support the operation of digitally signing.
The relay server 3 includes a relay user DB 12 that stores user information of a user who has applied for the electronic signature support service.

As will be described later, the user information of the relay user DB 12 is composed of a user ID, an account number of the user in the PO Box server 4, identity verification information, opt-in information, and other information.
The identity verification information is composed of four basic information (user's name, date of birth, gender, address) and the like.

The opt-in information is information that identifies the business entity that transmits the contract file 10a that the user has specified to receive. The contract file 10a transmitted to the user from the business entity not specified in the opt-in information is blocked by the relay server 3.
The opt-in information is presented and registered by the user to the PO Box server 4, and the relay server 3 takes over the opt-in information and performs block processing on behalf of the PO Box server 4.

This is just an example, and in general, the PO Box server 4 performs block processing using opt-in information.
In this way, the relay server 3 reduces the load on the PO Box server 4 by performing block processing instead of the PO Box server 4, and can partially take over the business processing of the PO Box server 4.

The relay server 3 receives the contract file 10a transmitted by the business server 2 to the PO Box server 4 before it reaches the PO Box server 4.
In this way, the relay server 3 defines the signature content and acquires the original file (contract file 10a) associated with the predetermined electronic PO Box account (account 13) from the business server of the predetermined business entity. It has an acquisition means.
The method in which the relay server 3 acquires the contract file 10a from the business server 2 may be either a pull type or a push type.

The relay server 3 performs the following internal processing on the contract file 10a received from the business server 2 (2).
First, the relay server 3 communicates with a time stamp server (not shown) to add a time stamp to the contract file 10a. This prevents falsification of the contract file 10a.

Next, as an internal process for the signature support server 5, the relay server 3 duplicates the contract file 10a and encrypts the contract file 10a so that it can be decrypted with a predetermined password to generate the contract file 10b.

The contract file 10b corresponds to the original file (contract file 10a) and functions as a signature target file to be digitally signed, and the relay server 3 is provided with a signature target file creation means for creating the signature target file. There is.
Then, the signature target file creation means creates a signature target file by encrypting it so that it can be decrypted with a predetermined password, and creates a duplicate of the original file as the signature target file.

Further, the relay server 3 generates unique identification information associated with the contract file 10a and the contract file 10b. This makes it possible to identify the contract file 10a and the contract file 10b using the identification information.
As described above, the relay server 3 is provided with the identification information generation means for generating the identification information for identifying the signature target file.

Then, the relay server 3 associates (attaches) the identity verification information and the identification information of the user stored in the relay user DB 12 with the encrypted contract file 10b and transmits the encrypted contract file 10b to the signature support server 5 (3). ..
As described above, the relay server 3 is provided with a signature target file transmission means for associating the identification information with the signature target file and transmitting the identification information to the predetermined signature support server 5.
The reason why the contract file is encrypted to be the contract file 10b is to conceal the contents from the operator of the signature support server 5 and enhance the security.

As an internal process for the PO Box server 4, the relay server 3 attaches (corresponds to) the identification information and the password for decryption to the contract file 10a and transmits (corresponds) to the account 13 of the user of the PO Box server 4 (corresponding). 4).
The relay server 3 performs this attachment in such a form that the identification information and the password are also displayed when the user accesses the account 13 and browses the contract file 10a.

As a result, the user can write down the identification information and the password on a paper medium when viewing the contract file 10a.
As described above, the relay server 3 is provided with the original file transmitting means for associating the original file with the identification information and the password and transmitting the original file to a predetermined electronic PO Box account.

In the present embodiment, the contract file 10a, which is the copy source file, is used as the original, and the duplicated file is encrypted to be the contract file 10b. The file may be transmitted to the private book box server 4 as the original, and the copy source file may be encrypted and transmitted to the signature support server 5. As a result, it is possible to sign the original contract file transmitted from the business server 2 instead of copying.

The PO Box server 4 is, for example, a server operated by a public institution such as a postal service or an organization whose reliability is guaranteed to the same degree, and is an electronic PO Box for users who have registered after identity verification. Providing services.

The PO Box server 4 is provided with accounts 13, 13, ... For each user A, B, ..., And these accounts 13 are uniquely managed by the account number.
The PO Box server 4 authenticates the login from the terminal 6 to the account 13 by the password for the account 13 issued to each user.

Since the PO Box server 4 is highly public, it does not allow forwarding of electronic mail delivered to account 13 or reference from the outside.
Therefore, in the electronic mail system 1, the relay server 3, the PO Box server 4, the signature support server 5, and the IC card terminal 8 are linked to avoid the transfer and reference of the contract file 10a in the account 13, and the account. It enables the electronic signature of 13.

The terminal 6 is a computer connected to a communication network wirelessly or by wire, and is composed of, for example, a personal computer, a smart phone, a mobile phone, a game device, or the like.
The terminal 6 includes an output device such as a display for displaying a screen provided by the electronic mail site of the PO Box server 4, and an input device such as a keyboard and a touch panel for which the user operates.

The terminal 6 is a general-purpose terminal device used by a user, but is used in the electronic mail system 1 as follows.
The terminal 6 accesses the login screen of the PO Box server 4 by the user's operation, and sends the account number and the password for the account 13 entered by the user to the PO Box server 4 to the user's account 13. Log in (5).

Electronic mail addressed to the user is stored in the account 13, but the terminal 6 displays a list of these by user operation, selects a desired electronic mail from the list, and displays the contents. ..
When the user selects to display the contract file 10a, the terminal 6 displays the contents of the contract file 10a, the identification information associated therewith, and the encrypted contract on the electronic mail viewing screen provided by the PO Box server 4. The password for decrypting the document file 10b is displayed.
The user makes a note of the identification information and password for later digital signature.

The IC card 7 is an IC card containing an IC chip (semiconductor device), and a minor number card is a typical example.
In addition to card media such as electronic money cards and employee ID cards with built-in IC chips, there are smartphones with built-in IC chips, mobile phones, portable game machines, and the like. Further, a CPU of a smart phone or the like may replace the same function as the IC chip.

The IC card 7 includes an IC chip and an interface for connecting the IC chip to the IC card terminal 8.
There are two types of interfaces, contact type and non-contact type. In the case of the contact type, the IC card 7 is provided with an electrode for connection, and power is supplied and signals are transmitted and received through the contact of the electrodes.
In the non-contact type, an antenna for communication and power supply is embedded in the IC card 7, and power is supplied and signals are transmitted and received wirelessly.

The IC chip is a portable semiconductor device that functions as a computer equipped with a CPU, a storage device, and the like. The storage device includes a program for causing the CPU to digitally sign, a private key for digitally signing, and the like. It stores the public key certificate of the public key that forms a key pair with the private key, and the personal identification number that the user enters when digitally signing. In addition, the public key certificate records identity verification information (basic 4 information) that identifies the user.
The IC chip (IC card 7) functions as a portable semiconductor device that stores a private key and digitally signs using the private key.

When the hash value of the document file to be digitally signed is input to the IC chip, the CPU encrypts the hash value with the private key and attaches a public key certificate to the IC chip to digitally sign the document file.
The mechanism by which the electronic signature is performed is as follows.
The hash value is a signature target value (numerical value) calculated from the document file, and the hash value changes significantly if the contents of the document are slightly different. Also, the document file cannot be restored from the hash value. Therefore, there is a one-to-one correspondence between the document file and the hash value.

When this hash value is encrypted with the private key stored in the IC chip, it can be decrypted only with the public key corresponding to the private key.
Therefore, when the digital signature value (hash value) is decrypted with the public key corresponding to the private key and this is compared with the hash value of the document file to be verified for non-tampering, if both match, the relevant It can be confirmed that the user has signed the document file.

The IC card terminal 8 is, for example, a terminal (composite copier, ticket vending machine, etc.) installed in a convenience store, and includes a function of connecting to a communication network and a reader / writer connected to the IC card 7.
The IC card terminal 8 functions as a terminal provided with a connection interface (reader / writer or the like) with a portable semiconductor device that stores a private key and digitally signs using the private key.
When the IC card 7 is installed in the reader / writer, the IC card terminal 8 mediates the communication between the signature support server 5 and the IC card 7, and enables the communication between the signature support server 5 and the IC card 7.

The IC card terminal 8 also includes an output device such as a screen for displaying a message and an input device such as a keyboard for inputting information.
As a result, the IC card terminal 8 can give an instruction to the user to input the identification information and can accept the input of the identification information from the user.

A reader / writer can be connected to the terminal 6 so that the terminal 6 can exhibit the same function as the IC card terminal 8.
Therefore, for example, a user who has a reader / writer for an IC card 7 installed in a terminal 6 at home can digitally sign at home without going to the IC card terminal 8.
In this way, the electronic mail system 1 can digitally sign a user who has a reader / writer at home at home, but can also digitally sign a user who does not have such an environment with the IC card terminal 8. ..

The signature support server 5 and the IC card 7 perform electronic signatures as follows via the IC card terminal 8 configured in this way (6).
First, when the user installs the IC card 7 in the reader / writer of the IC card terminal 8, the IC card 7 and the signature support server 5 are connected via the IC card terminal 8.
Next, the IC card terminal 8 receives input of identification information and a password for decryption from the user, and transmits this to the signature support server 5.

When the signature support server 5 identifies the contract file 10b by the identification information, it decrypts the contract file 10b with a password, calculates the hash value of the decrypted contract file 10b, and sends it to the IC card 7.
The IC card 7 creates an electronic signature by encrypting the hash value with a private key and transmits it to the signature support server 5.
The outline of the electronic signature processing is as described above, but as will be described later, security can be enhanced by further inputting a personal identification number for electronic signature, identity verification, and the like.

The signature support server 5 receives the contract file 10b from the relay server 3 and stores it in the contract DB 14, and digitally signs the IC card 7 when the user requests it via the IC card terminal 8. At the same time, it is a server that transmits the created electronic signature to the relay server 3 (7).

More specifically, first, the signature support server 5 receives the encrypted contract file 10b from the relay server 3, the identity verification information and the identification information associated therewith, and stores them in the contract DB 14 in association with each other. To do.
Then, the signature support server 5 waits until there is a request for an electronic signature from the user via the IC card terminal 8.

When the user sets the IC card 7 in the IC card terminal 8 and performs a predetermined operation, the signature support server 5 starts communication with the IC card 7 via the IC card terminal 8.
In this way, the signature support server 5 includes a connection means for storing the private key and connecting to a terminal (IC card terminal 8) having a connection interface with a portable semiconductor device that digitally signs using the private key. ing.

Then, the signature support server 5 requests the user to input the identification information and the password for decryption via the IC card terminal 8, and receives the information input by the user from the IC card terminal 8.
Next, the signature support server 5 identifies the contract file 10b, which is the target of the electronic signature, by searching the contract DB 14 using the identification information as a search key, and decrypts the contract file 10b with a password.

In this way, the signature support server 5 receives the input of the identification information notified together with the original file that defines the signature content by the electronic private book box via the terminal (IC card terminal 8), and the received identification. It is provided with a means for identifying a signature target file for identifying a signature target file (contract file 10b) using information.
Further, the signature target file is encrypted so that it can be decrypted with a predetermined password, and the signature support server 5 is a password acquisition means for acquiring the password notified together with the identification information in the electronic private book box from the terminal (IC card terminal 8). And, it is provided with a decryption means for decrypting the signature target file by using the acquired password.

Then, the signature support server 5 requests the user to input the personal identification number for electronic signature set in the IC card 7 from the IC card terminal 8.
The signature support server 5 transmits the password input from the IC card terminal 8 to the IC card 7, and when the password is approved by the IC card 7, requests the IC card 7 to transmit the public key certificate. To do.
The PIN is transmitted directly from the IC card terminal 8 to the IC card 7 without going through the signature support server 5, and the IC card terminal 8 transmits the authentication result of the PIN to the signature support server 5. May be good.

Then, the signature support server 5 confirms the user's identity based on the identity verification information included in the public key certificate and the identity verification information transmitted from the relay server 3, and if the identity verification is successful, the decrypted contract file. A hash value is generated by calculation from 10b, and this is acquired.
As described above, the signature support server 5 includes a signature target value acquisition means for calculating and acquiring the signature target value (hash value) of the signature target file from the decrypted signature target file.

Then, the signature support server 5 transmits the generated hash value and the password to the IC card 7 and orders the IC card 7 to create an electronic signature using the hash value.
As described above, the signature support server 5 includes a signature target value transmitting means for transmitting the signature target value to the portable semiconductor device (IC chip of the IC card 7) via the connection interface of the IC card terminal 8.

The signature support server 5 receives an electronic signature for the contract file 10b created and transmitted by the IC card 7, attaches the electronic signature to the contract file 10b to create a signed contract file 10c, and is a relay server. Send to 3 (8).
In this way, the signature support server 5 signs the electronic signature receiving means for receiving the electronic signature generated by the portable semiconductor device using the signature target value via the connection interface, and the electronic signature received from the IC card 7. It is provided with ancillary means associated with the file and a signature target file output means for outputting a signature target file accompanied by a digital signature.

The signature support server 5 enhances security by erasing the encrypted contract file 10b and the decrypted contract file 10b from the contract DB 14 at a predetermined timing.
Here, as the predetermined timing, for example, when the contract file 10b is digitally signed, immediately after the transmission of the signed contract file 10c to the relay server 3 is completed, or a predetermined time after the completion. Erase after elapse.
On the other hand, when the contract file 10b is not digitally signed, it is deleted after the encrypted contract file 10b is received from the relay server 3 and the period permitted for the electronic signature has elapsed.

For example, one week may be uniformly specified as the period allowed for the electronic signature, and the period specified by each business entity for each contract file (default period if not specified). , For example, one week).
When the business entity specifies the period, the period specified together with the contract file 10a is transmitted from the business server 2 to the relay server 3, and the relay server 3 is specified together with the encrypted contract file 10b and the identity verification information. The contracted period is transmitted to the signature support server 5.
As described above, the signature support server 5 is provided with an erasing means for erasing the signature target file (contract file 10b) after a predetermined period.

When the relay server 3 receives the contract file 10c created by electronically signing the contract file 10b from the signature support server 5, the relay server 3 sends the received electronically signed contract file 10c to the contract file 10a. It is transmitted to the business server 2 (9).
As described above, the relay server 3 includes a signature receiving means for receiving the electronic signature generated for the signature target file and a signature transmitting means for transmitting the received electronic signature to the business server 2.

Although an example of the configuration of the electronic mail system 1 has been described above, various modifications are possible.
For example, in the electronic mail system 1, the signature support server 5 stores the contract file 10b and performs internal processing, but this internal processing is performed by the relay server 3, and the signature support server 5 is the relay server 3 and the IC card. It may be a server that simply mediates the communication of the terminal 8.

In this case, the relay server 3 stores the contract file 10b and receives the identification information from the IC card terminal 8 via the signature support server 5.
Then, the relay server 3 calculates a hash value from the contract file 10b and causes the IC card 7 to digitally sign.
In this example, the relay server 3 performs all the processing related to the electronic signature, and the relay server 3 also has the function of the signature support server 5.

The embodiment described above is suitable for, for example, when the relay server 3 and the signature support server 5 are operated by the same business entity, and the modified example is, for example, the IC card terminal 8 as the signature support server 5. This is a form suitable for using the server system of a convenience store in which the above is installed.

FIG. 2A is a diagram schematically showing a hardware configuration of the relay server 3.
The relay server 3 is configured by connecting a CPU 31, a ROM 32, a RAM 33, a communication control unit 34, a storage device 35, and the like via a bus line.
The CPU 31 is a central processing unit, operates according to a relay program (not shown) stored in the storage device 35, and performs the above-mentioned relay processing between the business server 2, the PO Box server 4, and the signature support server 5.

The ROM 32 is a read-only memory, and stores basic programs and parameters for operating the CPU 31.
The RAM 33 is a readable and writable memory, and provides a working memory when the CPU 31 performs relay processing such as duplication and encryption of the contract file 10b and generation of a URL.

The communication control unit 34 is an interface for connecting the relay server 3 and the communication network. The relay server 3 is connected to each business server 2, a PO Box server 4, a signature support server 5, and the like via a communication network connected by the communication control unit 34.
The storage device 35 is configured by using a storage medium such as a hard disk, and stores a relay program, a relay user DB 12, and the like for causing the CPU 31 to exert a relay processing function.

FIG. 2B is a diagram schematically showing a hardware configuration of the signature support server 5.
The signature support server 5 is configured by connecting a CPU 51, a ROM 52, a RAM 53, a communication control unit 54, a storage device 55, and the like via a bus line.
The functions of the CPUs 51 to RAM 53 are the same as those of the CPUs 31 to RAM 33.

The communication control unit 54 is an interface that connects the signature support server 5 and the communication network. The signature support server 5 is connected to the relay server 3, the IC card terminal 8, the IC card 7, and the like via the communication network connected by the communication control unit 54.
The storage device 55 is configured by using a storage medium such as a hard disk, and stores a program for electronically signing the CPU 51 in cooperation with the IC card 7, a contract DB 14, and the like.

FIG. 2C is a diagram schematically showing a hardware configuration of the IC card 7.
The IC card 7 is configured by connecting a CPU 71, a ROM 72, a RAM 73, a communication control unit 74, a storage device 75, and the like by a bus line, and these are formed on an IC chip.
The functions of CPU 71 to RAM 73 are the same as those of CPU 31 to RAM 33.

The communication control unit 74 includes an electrode (in the case of a contact type) and an antenna (in the case of a non-contact type) for connecting to the IC card terminal 8, and connects to the interface on the IC card terminal 8 side to perform communication. Do.
The storage device 75 stores a program for causing the CPU 71 to perform communication and electronic signature processing, a private key and public key certificate used for electronic signature, and a personal identification number for performing electronic signature processing. I remember.

FIG. 3A is a diagram showing a logical configuration of the relay user DB 12.
The relay user DB 12 is composed of "user ID", "account number", "identity verification information", "opt-in information", and other items for each user.
The "user ID" is ID information for the relay server 3 to identify the user.

The "account number" is the account number of the account 13 on the user's PO Box server 4.
The relay server 3 identifies the user by collating the destination account number of the contract file 10a transmitted by the business server 2 with the "account number", and identifies the user's identity verification information, opt-in information, and the like.
The "identity verification information" is the user's basic four information, and the "opt-in information" is the opt-in information set by the user.
This item is not necessary when the PO Box server 4 blocks electronic mail based on opt-in information.

FIG. 3B is a diagram showing a logical configuration of the contract DB14.
The contract DB 14 is a database that stores a set of identification information, a contract file, and an identity verification information transmitted from the relay server 3 for electronic signature, and is a database of "identification information", "contract file", and so on. It consists of "identity verification information" and other items.

The "identification information" is information that serves as a search key for identifying the contract file 10b, and is the identification information described above.
The "contract file" is an encrypted contract file 10b.
The "identity verification information" is the basic four information for identity verification, and has the same contents as the "identity verification information" of the relay user DB 12.

Although not shown, the hardware configuration of the IC card terminal 8 is the same as that of the signing support server 5, and the CPU, ROM, RAM, storage device, communication control unit, interface connected to the IC card 7, etc. are bus lines. It is connected and configured with.

Each figure of FIG. 4 is a diagram for explaining a screen on which a user operates.
FIG. 4A is a diagram showing an example of an electronic mail viewing screen 21 displayed on the terminal 6.
When you log in to the account 13 from the terminal 6, the electronic mail delivered to the account 13 is listed on the display. When the user selects and operates a desired electronic mail item from these, the content is displayed on the electronic mail reading screen 21.

In the example of the figure, the contents of the contract file 10a are displayed.
At the bottom of the electronic mail viewing screen 21, the identification information 22 attached to the contract file 10a is displayed as a "notification number", and the password 23 for decryption is also displayed together with this.
The user makes a note of the identification information 22 and the password 23 and brings them to the store where the IC card terminal 8 is installed.

FIG. 4B is a diagram showing an example of the identification information input screen 24 displayed on the display of the IC card terminal 8.
When the user installs the IC card 7 in the reader / writer of the IC card terminal 8 and selects an appropriate item from the menu screen displayed on the display of the IC card terminal 8, the identification information input screen 24 is displayed.
The identification information input screen 24 is provided with a notification number input field and a password input field, and the user inputs the identification information and the password that he / she wrote down in the notification number input field and the password input field, respectively, and sends a button (not shown). Select.
As a result, the IC card terminal 8 transmits the identification number and the password to the signature support server 5.

FIG. 4C is a diagram showing an example of the password input screen 26 displayed on the display of the IC card terminal 8.
The personal identification number input screen 26 includes a personal identification number input field, and is displayed immediately before the electronic signature is performed.
The user inputs the personal identification number in the personal identification number input field and selects a transmission button (not shown) in order to cause the IC card 7 to execute the electronic signature.
As a result, the signature support server 5 and the IC card 7 communicate with each other to digitally sign.

FIG. 5 is a flowchart for explaining a procedure for the user to register in the electronic mail system 1.
The following processing is performed by the CPU of the terminal 6 and each server according to a predetermined program.
First, the terminal 6 accesses the registration screen of the PO Box server 4 by the user's operation (step 5).

The PO Box server 4 transmits the registration screen data to the terminal 6 in response to this (step 10).
The terminal 6 receives the registration screen data from the PO Box server 4 and displays the registration screen on the display. The registration screen is provided with a field for entering identity verification information (basic 4 information) and opt-in information.
When the user inputs these and performs a transmission operation, the terminal 6 transmits these registration information to the PO Box server 4 (step 15).

When the PO Box server 4 receives the registration information from the terminal 6, it creates the account 13 of the user, and transmits the account number of the account 13 and the password for logging in to the terminal 6 (step 20).
Next, the PO Box server 4 transmits the account number, identity verification information, opt-in information, etc. of the created account 13 to the relay server 3 (step 25).

A user who does not wish to sign the signature support server 5 according to the present embodiment and only wishes to receive electronic mail from the corporate server notifies the PO Box server 4 to that effect when creating the account 13. It is also possible to do. In this case, the PO Box server 4 ends the registration process without performing the processes after step 25.

When the relay server 3 receives these information from the PO Box server 4, it issues a user ID, stores these information received from the PO Box server 4 in the relay user DB 12, and registers the user (step 30).

FIG. 6 is a flowchart for explaining a procedure for the electronic postal system 1 to prepare for electronic signature.
First, the business server 2 transmits the contract file 10a addressed to the account 13 of a specific user to the relay server 3 (step 100).

When the relay server 3 receives the contract file 10a, it communicates with a time stamp server (not shown) to acquire the time stamp of the contract file 10a in order to prevent falsification (step 105).
Next, the relay server 3 creates a copy of the contract file 10a and encrypts it to generate the contract file 10b, and further generates a password for decrypting the contract file 10b (step 110).

Next, the relay server 3 generates identification information for identifying the contract file 10b (step 115).
Then, the relay server 3 associates (attaches) the identification information with the password for decrypting the contract file 10b with the contract file 10a, and transmits the contract file 10a to the PO Box server 4 (step 120).
The PO Box server 4 receives the contract file 10a, the identification information, and the password, and stores and stores them in the account 13 specified as the destination of the contract file 10a (step 125).

Further, the relay server 3 searches the relay user DB 12 for the identity verification information, associates the encrypted contract file 10b with the identification information and the identity verification information, and transmits the identity verification information to the signature support server 5 (step 130).
The signature support server 5 receives the contract file 10b, the identification information, and the identity verification information from the relay server 3, associates them, and stores them in the contract DB 14 (step 135).

In this way, the PO Box server 4 and the signature support server 5 are ready to receive access from the terminal 6 and the IC card terminal 8, respectively, and wait until they are accessed by the user.

While the PO Box server 4 and the signing support server 5 are on standby, the terminal 6 accesses the PO Box server 4 by a user operation, sends an account number and a password, and logs in to the account 13 (step 140).
When the terminal 6 logs in to the account 13, the PO Box server 4 transmits screen data listing the electronic mails delivered to the account 13 to the terminal 6.

When the user operates the terminal 6 to select the contract file 10a from the list, the PO Box server 4 transmits the screen data for displaying the electronic mail viewing screen 21 (FIG. 4A) to the terminal 6. The contents of the contract file 10a, the identification information 22 associated therewith, and the password 23 are transmitted to the terminal 6 (step 145).

Upon receiving the screen data, the terminal 6 displays the electronic mail viewing screen 21 on the display to display the text, identification information and password of the contract file 10a (step 150). With reference to this, the user makes a note of the identification information and password.

FIG. 7 is a flowchart for explaining a procedure for electronically signing the electronic postal system 1.
The user goes to a store or the like where the IC card terminal 8 is installed with the identification information and the password written down.
The user installs the brought IC card 7 on the IC card terminal 8 and selects the electronic signature service by the electronic mail system 1 from the menu screen of the IC card terminal 8.
Then, the IC card terminal 8 connects to the signature support server 5, and communication between the signature support server 5 and the IC card 7 is started (step 205).

When the communication is started, the signature support server 5 generates the screen data of the identification information input screen 24 and transmits it to the IC card terminal 8 (step 210).
On the other hand, the IC card terminal 8 receives the screen data and displays the identification information input screen 24 on the display (step 215).

The user inputs the identification information and the password for decryption from the identification information input screen 24, and selects the send button.
As a result, the IC card terminal 8 transmits the identification information and the password to the signature support server 5 (step 220).

The signature support server 5 receives the identification information and the password from the IC card terminal 8, searches for the contract file 10b associated with the identification information, and decrypts the contract file 10b with the password. Then, the hash value is calculated from the decrypted contract file 10b (step 225).
Next, the signature support server 5 creates the password input screen data and transmits it to the IC card terminal 8 (step 230).

The IC card terminal 8 receives the password input screen data and displays the password input screen 26 on the display.
The user inputs the personal identification number for the electronic signature from the personal identification number input screen 26, and selects the send button.
As a result, the IC card terminal 8 transmits the password to the signature support server 5 (step 235).

When the signature support server 5 receives the password, it sends it to the IC card 7 and requests the transmission of the public key certificate (identity verification information) (step 240).
The IC card terminal 8 relays the request to the IC card 7 (step 245), and the IC card 7 receives the request.
The IC card 7 authenticates the received personal identification number and transmits the public key certificate (identity verification information) to the signature support server 5 (step 250).
The IC card terminal 8 relays the transmission of the public key certificate (step 255).

When the signature support server 5 receives the public key certificate from the IC card 7, the signature support server 5 converts the identity verification information included in the public key certificate and the identity verification information associated with the identification information in the contract DB 14. Match (step 260).
If the identity verification information cannot be collated, the signature support server 5 sends an error message to the IC card terminal 8 to end the process.
When the identity verification information can be collated, the signature support server 5 transmits an electronic signature command using the password and the hash value as parameters to the IC card 7 (step 265).
The IC card terminal 8 relays the command to the IC card 7 (step 270).

When the IC card 7 receives an electronic signature command from the signature support server 5, it confirms the password, encrypts the hash value with the private key to create an electronic signature, and transmits this to the signature support server 5 ( Step 275).
The IC card terminal 8 relays this transmission (step 280).

When the signature support server 5 receives the electronic signature from the IC card 7, it attaches the electronic signature to the decrypted contract file 10b to generate the contract file 10c and transmits it to the relay server 3 (step 285).
When the relay server 3 receives the electronically signed contract file 10c from the signature support server 5, it transmits the electronically signed contract file 10c to the business server 2 that is the source of the contract file 10a (step 290).
The business server 2 receives and stores the electronically signed contract file 10c (step 295).

As described above, the electronic mail system 1 can add an electronic signature to the electronic mail sent by the business server 2 to the PO Box server 4.
In addition, the business server 2 can obtain the user's intention for the electronic mail by receiving the signed electronic mail which is a document reflecting the user's willingness to agree on the contract or the like.

Further, even if the user does not have the equipment for connecting the IC card 7 to the communication network via the reader / writer, the electronic signature can be performed using the public IC card terminal 8 existing in the city.

(Modification example 1)
For example, contracts that require the consent of multiple people in one contract, such as joint guarantee contracts and rental contracts of financial institutions, are widely used.
In this modification, the electronic mail system 1 makes a contract with a plurality of persons in this way. The configuration of the electronic mail system 1 is the same as that of the embodiment.

FIG. 8 is a diagram for explaining a procedure for digitally signing a contract file by a plurality of persons.
In this example, user A is the main contractor, and users B and C are joint contractors. Although not shown, the accounts 13 of the users A, B, and C are the accounts 13A, 13B, and 13C, and the IC card terminals 8 used by the users A, B, and C are the IC card terminals 8A, 8B, and 8C. The IC card terminals 8A, 8B, and 8C may be the same IC card terminal 8 or different IC card terminals 8.

In addition, the contract file encryption and identity verification methods are the same as in the embodiment. In the following, in order to avoid complication, these processes are omitted, and the procedure for multiple people to digitally sign the contract file is performed. The outline will be explained according to the numbers shown in parentheses in the figure.

First, the business server 2 transmits the contract file 10a and the signer list 300 defining the user accounts 13A, 13B, and 13C to digitally sign the contract file 10a to the relay server 3 (1).
In the electronic mail system 1, users A, B, and C registered in the signer list 300 perform electronic signatures in this order, and user A, who is the main contractor, performs the first electronic signature.
In this way, a plurality of electronic PO Box accounts are associated with the original file (contract file 10a), and the relay server 3 obtains a list of the plurality of electronic PO Box accounts (signer list 300). It has an acquisition means.

The relay server 3 duplicates the contract file 10a to generate the contract file 10d, and also generates the identification information A corresponding to these.
Then, the relay server 3 refers to the signature list 300 and transmits the contract file 10a and the identification information A to the account 13A of the PO Box server 4 (2), and sends the contract file 10d and the identification information A to the account 13A. It is associated and transmitted to the signature support server 5 (3).

The user A browses the contract file 10a with the account 13A and makes a note of the identification information A. Then, the user A goes to the store where the IC card terminal 8A is installed, connects his / her own IC card 7A to the IC card terminal 8A, and inputs the reserved identification information A.
The signature support server 5 identifies the contract file 10d by the identification information A input by the user A from the IC card terminal 8A, transmits a hash value of the contract file 10d to the IC card 7A to digitally sign it, and then digitally signs the contract file 10d from the IC card terminal 8A. Receive the electronic signature.
Then, the signature support server 5 assigns the electronic signature to the contract file 10d to generate a contract file 10e to which the electronic signature of the user A is attached, and transmits this to the relay server 3 (4).

When the relay server 3 receives the contract file 10e from the signature support server 5, it uses this as the original file for the user B specified next to the user A in the signer list 300, duplicates the contract file 10e, and makes a contract. The file 10f is generated, and the identification information B corresponding to these is generated.
Then, the relay server 3 refers to the signer list 300, transmits the contract file 10e and the identification information B to the account 13B of the PO Box server 4 (5), and sends the contract file 10f and the identification information B to the signature support server. Send to 5 (6).
In this modification, different identification information A, B, and C are generated for the users A, B, and C, but the same information may be used.

The user B browses the contract file 10e with the account 13B and makes a note of the identification information B. Then, the user B goes to the store where the IC card terminal 8B is installed, connects his / her own IC card 7B to the IC card terminal 8B, and inputs the reserved identification information B.
The signature support server 5 identifies the contract file 10f by the identification information B input by the user B from the IC card terminal 8B, transmits a hash value of the contract file 10f to the IC card 7B to digitally sign it, and then digitally signs the contract file 10f from the IC card terminal 8B. Receive the electronic signature.
Then, the signature support server 5 assigns the electronic signature to the contract file 10f to generate 10 g of the contract file to which the electronic signatures of the users A and B are attached, and transmits this to the relay server 3 (7). ..

When the relay server 3 receives the contract file 10 g from the signature support server 5, it uses this as the original file for the user C specified next to the user B in the signer list 300, and duplicates the contract file 10 g to make the contract. The file 10h is generated, and the identification information C corresponding to these is generated.
Then, the relay server 3 refers to the signer list 300, transmits the contract file 10 g and the identification information C to the account 13C of the PO Box server 4 (8), and sends the contract file 10h and the identification information C to the signature support server. Send to 5 (9).

User C browses the contract file 10g with the account 13C and refrains from the identification information C. Then, the user C goes to the store where the IC card terminal 8C is installed, connects his / her own IC card 7C to the IC card terminal 8C, and inputs the reserved identification information C.
The signature support server 5 identifies the contract file 10h by the identification information C input by the user C from the IC card terminal 8C, transmits a hash value of the contract file 10h to the IC card 7C, digitally signs the signature, and causes the IC card terminal 8C to digitally sign. Receive the electronic signature.
Then, the signature support server 5 assigns the electronic signature to the contract file 10h to generate a contract file 10i to which the electronic signatures of the users A, B, and C are attached, and transmits this to the relay server 3 ( 10).

When the relay server 3 receives the contract file 10i digitally signed by all the members (users A, B, C) registered in the signer list 300, the relay server 3 transmits the contract file 10i to the business server 2 (11).
In this way, the business server 2 can obtain the contract file 10i digitally signed by the users A, B, and C registered in the signer list 300 in the order of registration.

In this way, the signature target file creation means provided in the relay server 3 creates and identifies a plurality of signature target files (contract files 10d, 10f, 10h) corresponding to the original files (contract files 10a, 10e, 10g). The information generation means generates identification information (identification information A, B, C) corresponding to each of the plurality of created signature target files, and the signature target file transmission means is the rawly created plurality of signature target files. Is transmitted to the signature support server 5 in association with the generated identification information.

Further, the original file transmitting means of the relay server 3 associates the acquired original file (contract file 10a with the contract file 10e, 10g generated from this) with the generated identification information (identification information A, B, C). , It is transmitted to a plurality of electronic PO Box accounts (accounts 13A, 13B, 13C) included in the acquired signer list 300.

In the first modification, the user B digitally signs the contract file 10e digitally signed by the user A, and the user C digitally signs the contract file 10g digitally signed by the users A and B. Therefore, for example, the user A. This is effective when the order of the electronic signatures is the requirement for the contract to take effect, such as the user B digitally signing on the condition that the digital signature is made.

Further, in the first modification, it is assumed that the users A, B, and C have the account 13 in the PO Box server 4, but it can be carried out even when there is a user who does not have the account 13.
For example, when the user A has the account 13 and the users B and C do not have the account 13, the identification information B and C for the users B and C are notified to the account of the user A, and the user A identifies. Information B and C are individually transmitted to users B and C.

In this way, even a user who does not have an account 13 can digitally sign by obtaining identification information separately as long as he / she has an IC card 7.
Further, since the electronic signature is performed via the communication network, a plurality of users can digitally sign one contract file 10 without facing each other.

(Modification 2)
In the first modification, the electronic signatures are superimposed in the order of user A → user B → user C, but in this modification, the contract file 10 is transmitted in parallel with the plurality of users A, B, and C to electronically. Have them sign.
FIG. 9 is a diagram for explaining a procedure for a plurality of persons to digitally sign the contract file 10 in parallel.
First, the business server 2 transmits the contract file 10a and the signer list 300 of the user accounts 13A, 13B, and 13C that digitally sign the contract file 10a to the relay server 3 (1).
The electronic mail system 1 causes users A, B, and C registered in the signer list 300 to digitally sign in parallel at the same time.

The relay server 3 prepares as many users as the number of users who duplicate the contract file 10a for the account 13 and digitally signs it, and generates identification information A, B, and C for each user. The identification information has a different value for each user.
Further, the relay server 3 duplicates the contract file 10a for the number of users for electronic signature to generate the contract file 10j.
In the following, the three contract files 10a and the contract file 10j are referred to as a contract file 10a1, a contract file 10a2, a contract file 10a3, and a contract file 10j1, a contract file 10j2, and a contract file 10j3.

Then, the relay server 3 refers to the signer list 300, associates the contract file 10a1 with the identification information A, and transmits the correspondence to the account 13A of the private book box server 4, and associates the contract file 10a2 with the identification information B. It is transmitted to the account 13B of the private book box server 4, and the contract file 10a3 is associated with the identification information C and transmitted to the account 13C of the private book box server 4 (2).
Further, the relay server 3 associates the contract file 10j1 with the identification information A, associates the contract file 10j2 with the identification information B, and associates the contract file 10j3 with the identification information C to transmit to the signature support server 5. (3).

The user A browses the contract file 10a1 with the account 13A and makes a note of the identification information A. Then, the user A goes to the store where the IC card terminal 8A is installed, connects his / her own IC card 7A to the IC card terminal 8A, and inputs the reserved identification information A.
The signature support server 5 identifies the contract file 10j1 corresponding to the identification information A input by the user from the IC card terminal 8A, and transmits the hash value of this to the IC card 7A to digitally sign the user. A contract file 10k with the electronic signature of A is generated and transmitted to the relay server 3 (4).

The user B browses the contract file 10a2 with the account 13B and makes a note of the identification information B. Then, the user B goes to the store where the IC card terminal 8B is installed, connects his / her own IC card 7B to the IC card terminal 8B, and inputs the reserved identification information B.
The signature support server 5 identifies the contract file 10j2 to be paired with the identification information B input by the user B from the IC card terminal 8B, and transmits the hash value of the contract file 10j2 to the IC card 7B for electronic signature. , Generates 10 liters of the contract file with the electronic signature of the user B and transmits it to the relay server 3 (5).

User C browses the contract file 10a3 with the account 13C and refrains from the identification information C. Then, the user C goes to the store where the IC card terminal 8C is installed, connects his / her own IC card 7C to the IC card terminal 8C, and inputs the reserved identification information C.
The signature support server 5 identifies the contract file 10j3 to be paired with the identification information C input by the user C from the IC card terminal 8C, and transmits the hash value of the contract file 10j3 to the IC card 7C for electronic signature. , A contract file 10 m to which the electronic signature of the user C is attached is generated and transmitted to the relay server 3 (6).

When the relay server 3 receives the contract files 10k, 10l, and 10m from the signature support server 5, it combines them to generate the contract file 10n (7) and transmits it to the business server 2 (8).
As described above, in the present modification, since a plurality of users individually digitally sign the signature file regardless of the description order of the signer list 300, the contract file 10n can be obtained quickly.

By the way, when there is a master-slave relationship between a plurality of contractors, for example, the contractor A is the borrower of the loan and the contractors B and C are the joint guarantors, the modification 1 and the modification 2 are combined. Just do it.
In this case, the electronic mail system 1 first acquires the electronic signature of the main contractor for the contract file 10.

Then, the contract file 10a is given the electronic signature of the main contractor to generate the contract file 10o, and the contract file 10o is transmitted in parallel to a plurality of subcontractors to obtain these electronic signatures. ..
Then, a contract file 10p, 10q, ... With the electronic signature of the subcontractor is generated, and these are combined into one.

According to the above-described embodiment and modification, it is possible to provide a signing service for a document viewed by the electronic PO Box service.
(1) In order to prevent leakage or falsification of important information, an electronic signature and time stamp are given in advance before linking the electronic data to the system, and the electronic data is not input unless the user inputs the identification information as a search key. Since the electronic data is not specified, the electronic data can be left in the encrypted state.
(2) When the system is linked, the data is linked in the encrypted state, and when the user actually signs the agreement electronically, the user inputs the identification information, and only the user links the data. The signature process can be executed so that the data can be viewed with.

1 Electronic mail system 2 Business server 3 Relay server 4 PO box server 5 Signature support server 6 Terminal 7 IC card 8 IC card terminal 10, 10a to q Contract file 12 Relay user DB
13 Account 14 Contract DB
21 Electronic mail browsing screen 22 Identification information 23 Password 24 Identification information input screen 26 PIN entry screen 31 CPU
32 ROM
33 RAM
34 Communication control unit 35 Storage device 51 CPU
52 ROM
53 RAM
54 Communication control unit 55 Storage device 71 CPU
72 ROM
73 RAM
74 Communication control unit 75 Storage device 300 Signer list

Claims (12)

A connection means for connecting to a terminal having a connection interface with a portable semiconductor device that stores a private key and digitally signs using the private key.
An identification information receiving means that accepts the input of the identification information notified together with the original file that defines the signature contents by the electronic PO Box via the terminal.
The signature target file identification means for specifying the signature target file using the received identification information, and
The signature target value acquisition means for acquiring the signature target value of the specified signature target file, and
A signature target value transmitting means for transmitting the acquired signature target value to the portable semiconductor device via the connection interface, and
An electronic signature receiving means for receiving an electronic signature generated by the portable semiconductor device using the transmitted signature target value via the connection interface.
A signature support server characterized by being equipped with. The signature support server according to claim 1, wherein the signature target value acquisition means calculates and acquires a signature target value from the specified signature target file. Ancillary means for attaching the received electronic signature to the specified signature target file, and
A signature target file output means for outputting a signature target file accompanied by the electronic signature, and
The signature support server according to claim 2, wherein the signature support server is provided. The identified file to be signed is encrypted so that it can be decrypted with a predetermined password.
A password acquisition means for acquiring the password notified together with the identification information in the electronic PO Box from the connected terminal.
A decryption means for decrypting the signature target file using the obtained password, and
Equipped with
The signature support server according to claim 1, claim 2, or claim 3, wherein the signature target value acquisition means acquires a signature target value from the decrypted signature target file. The signature support server according to any one of claims 1 to 4, further comprising an erasing means for erasing the specified signature target file after a predetermined period. An original file acquisition method that specifies the signature content and acquires the original file associated with the specified electronic PO Box account from the business server of the specified business entity.
A signature target file creation means for creating a signature target file that corresponds to the acquired original file and is a target of digital signature.
An identification information generating means for generating identification information for identifying the created signature target file, and
An original file transmitting means for associating the acquired original file with the generated identification information and transmitting the generated identification information to the predetermined electronic PO Box account.
A signature target file transmission means that associates the created signature target file with the generated identification information and transmits the signature target file to a predetermined signature support server.
A signature receiving means for receiving a digital signature generated for the transmitted signature target file from the signature support server, and
A signature transmission means for transmitting the received electronic signature to the business server, and
A relay server characterized by being equipped with. The signature target file creation means creates the signature target file by encrypting it so that it can be decrypted with a predetermined password.
The relay server according to claim 6, wherein the original file transmitting means transmits the password in association with the original file. The relay server according to claim 6, wherein the signature target file creating means creates a copy of the original file as the signature target file. The signature target file creation means creates a plurality of signature target files corresponding to the original file, and creates the signature target file.
The identification information generation means generates identification information corresponding to each of the plurality of signature target files created.
Claim 6, claim 7, or claim 8 characterized in that the signature target file transmission means transmits the created plurality of signature target files to the signature support server in association with the generated identification information. The relay server described in. A plurality of electronic PO Box accounts are associated with the acquired original file, and a list acquisition means for acquiring a list of the plurality of electronic PO Box accounts is provided.
The relay according to claim 9, wherein the original file transmitting means associates the acquired original file with the generated identification information and transmits the acquired original file to a plurality of electronic PO Box accounts included in the acquired list. server. A connection function that stores a private key and connects to a terminal equipped with a connection interface to a portable semiconductor device that digitally signs using the private key.
An identification information reception function that accepts the input of the identification information notified together with the original file that defines the signature content by the electronic PO Box via the terminal.
The signature target file identification function that identifies the signature target file using the received identification information, and
The signature target value acquisition function that acquires the signature target value of the specified signature target file, and
A signature target value transmission function for transmitting the acquired signature target value to the portable semiconductor device via the connection interface, and a signature target value transmission function.
An electronic signature receiving function for receiving an electronic signature generated by the portable semiconductor device using the transmitted signature target value via the connection interface, and
A signature support program that realizes on a computer. An original file acquisition function that specifies the signature content and acquires the original file associated with the specified electronic PO Box account from the business server of the specified business entity,
A signature target file creation function that creates a signature target file that corresponds to the acquired original file and is a target of digital signature.
The identification information generation function that generates the identification information that identifies the created signature target file, and
An original file transmission function that associates the acquired original file with the generated identification information and transmits it to the predetermined electronic PO Box account.
A signature target file transmission function that associates the created signature target file with the generated identification information and transmits the signature target file to a predetermined signature support server.
A signature receiving function that receives a digital signature generated for the transmitted signature target file from the signature support server, and
A signature transmission function that transmits the received electronic signature to the business server, and
A relay program that realizes on a computer.

Images