JP7032626B1 - Book data storage device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve convenience of a user for storing book data necessary for ensuring authenticity for a long period of time. A book data storage device includes a signature storage unit that stores electronic certificates; an upload reception unit that accepts uploads of book data; a book data storage unit that stores book data; and a book data that presents book data. The presentation unit; the signature selection unit that accepts the selection of the user account that has the authority to electronically sign the book data; the approval reception unit that accepts the approval of the electronic signature for the library data; the signature that grants the electronic signature to the library data. The granting unit; the signing time stamp requesting unit that requests the issuance of the signing time stamp; the signing time stamping unit that assigns the signing time stamp to the book data; and the long-term signing time stamp requesting issuance. It includes a signature request unit and a long-term signature assigning unit that assigns a long-term signature time stamp to book data. [Selection diagram] Fig. 2

Description

Patent Law Article 30 Paragraph 2 Applicable Reiwa Disclosure on May 18, 2nd year at TP Holdings Co., Ltd. (1-2-20 Senba Higashi, Minoo City, Osaka Prefecture, 5th floor, Wallman Building)

This specification discloses a technique relating to a book data storage device.

Some of the book data stored in the book data storage device needs to ensure its authenticity for a long period of time. For example, in the case of book data created by electromagnetic recording of design books in architectural design work, it is required to add an electronic signature of the architect and store it in a state where the authenticity is ensured for 15 years. .. As a technique for ensuring the authenticity of book data, it is known to use an electronic signature, a time stamp, and a long-term signature (see, for example, Patent Document 1).

Japanese Unexamined Patent Publication No. 2013-733605

Sufficient studies have not been made on improving the convenience of users who store book data that is necessary to ensure authenticity for a long period of time.

The techniques disclosed herein can be realized in the following forms.

(1) The book data storage device in one form disclosed in the present specification is a cloud service that is configured to be communicable with a user terminal device via the Internet and stores book data in a user account accessed through the user terminal device. I will provide a. This book data storage device has a signature storage unit configured to store a private key for each user account; an upload reception unit that accepts uploads of book data from a user account accessed through the user terminal device; and an upload reception unit. A book data storage unit that stores the book data received by the unit; and a book data presentation unit that presents the book data stored in the book data storage unit to a user account that is accessed through the user terminal device; A signature selection unit that accepts selection of a user account having electronic signature authority to be given to the book data from the user account for uploading the book data; and a user from the user account selected in the signature selection unit. With the approval reception unit that accepts the approval of the electronic signature for the book data uploaded together with the account selection and stored in the book data storage unit; the approval of the electronic signature from the user account selected in the signature selection unit. When accepted, the private key of the user account stored in the signature storage unit is used to electronically sign the book data uploaded and stored in the book data storage unit in accordance with the selection of the user account. When the approval of the electronic signature is received from the user account selected in the signature selection unit, the signing time stamp is issued to the book data to which the electronic signature of the user account is given. The signing time stamp requesting unit that requests the first time authentication station via the above; the signing time stamp issued by the first time authentication station is stored in the book data storage unit and the signing time. The signing time stamping unit to be attached to the book data to which the stamp is issued; and the issuance of a long-term signing time stamp to the book data stored in the book data storage unit and to which the signing time stamp is attached. A long-term signature requesting unit that requests a second time authentication authority via the Internet; the long-term signature time stamp issued by the second time authentication office is stored in the book data storage unit and used for the long-term signature. It is provided with a long-term signature giving unit to be given to the book data to which the time stamp is issued.
According to this form of the book data storage device, the user who uploads the book data can select a user account having the authority to digitally sign the book data at the time of uploading, thereby performing a digital signature on the book data, a time stamp at the time of signing, and the like. In addition, it is possible to proceed with the addition of a time stamp for long-term signature. As a result, it is possible to improve the convenience of the user who stores the book data necessary for ensuring the authenticity for a long period of time.

(2) The book data storage device of the above-described form is further uploaded to the e-mail address associated with the user account selected in the signature selection unit in accordance with the selection of the user account, and is uploaded to the book data storage unit. A signature requesting unit may be provided to send an e-mail requesting approval of an electronic signature for the stored book data.
According to this form of the book data storage device, it is possible to prompt the holder of the user account who is not logged in to the book data storage device to approve the electronic signature.

(3) In the book data storage device of the above form, the upload reception unit accepts the upload of the second book data using the same file name as the first book data already stored in the book data storage unit. In this case, the book data storage unit separately stores the first book data and the second book data to which the same file name is given; the book data presentation unit is accessed through the user terminal device. The first book data stored in the book data storage unit and the second book data may be presented to the user account separately.
According to the book data storage device of this form, the authenticity of each of the book data before and after the update stored under the same file name can be ensured for a long period of time.

(4) In the book data storage device of the above embodiment, the process of requesting the issuance of the signature time stamp by the signing time stamp requesting unit, and the signing time stamp being converted into the book data by the signing time stamping unit. At least one of a process of assigning, a process of requesting the issuance of the long-term signature time stamp by the long-term signature requesting unit, and a process of assigning the long-term signature time stamp to the book data by the long-term signature granting unit. The processing may be performed with priority given to a time zone in which the access frequency from the user account to the book data storage unit decreases.
According to this form of the book data storage device, it is possible to prevent the system resources of the book data storage device from becoming tight when accessing the book data storage unit from the user account, and the access speed from the user account to the book data storage unit. Can be suppressed.

(5) In the book data storage device of the above embodiment, the process of requesting the issuance of the signature time stamp by the signing time stamp requesting unit, and the signing time stamp of the signing time stamp by the signing time stamping unit. At least a process of imparting data to the data, a process of requesting the issuance of the long-term signature time stamp by the long-term signature requesting unit, and a process of assigning the long-term signature time stamp to the book data by the long-term signature granting unit. A processing time zone setting unit may be provided in which a time zone for performing one processing is set based on the access frequency from the user account to the book data storage unit.
According to this form of the book data storage device, the access from the user account to the book data storage unit is set during the time period for processing with an external certificate authority according to the change in the access frequency from the user account to the book data storage unit. It can be set to a time zone when the frequency decreases. As a result, it is possible to prevent the system resources of the book data storage device from becoming tight when accessing the book data storage unit from the user account, and to suppress a decrease in the access speed from the user account to the book data storage unit.

The technique disclosed in the present specification can be realized in various forms different from the book data storage device. The technique disclosed in the present specification can be realized, for example, in the form of a method of storing book data, a computer program of a book data storage device, a user terminal device, a book data storage system, and the like.

It is explanatory drawing which shows the book data storage system. It is explanatory drawing which shows the detailed structure of a book data storage apparatus. It is a flowchart which shows the upload acceptance process executed by a book data storage apparatus. It is explanatory drawing which shows an example of the upload acceptance screen. It is explanatory drawing which shows an example of the upload acceptance screen. It is a flowchart which shows the electronic signature process which a book data storage apparatus performs. It is explanatory drawing which shows an example of the signature approval screen. It is a flowchart which shows the time stamp processing at the time of signature executed by a book data storage apparatus. It is a flowchart which shows the long-term signature processing which a book data storage apparatus performs. It is a flowchart which shows the processing time zone setting process executed by the book data storage apparatus in 2nd Embodiment.

A. 1st Embodiment FIG. 1 is an explanatory diagram showing a book data storage system 10. The book data storage system 10 is a system for storing book data created by electromagnetically recording books such as design drawings, contracts, and minutes. The book data storage system 10 includes a user terminal device 100, a book data storage device 200, an electronic certificate authority 300, and a time certificate authority 400.

The user terminal device 100 of the book data storage system 10 is a computer configured to be operable by the user. By receiving the issuance of a user account from the book data storage device 200, the user who operates the user terminal device 100 can log in to the book data storage device 200 through the user terminal device 100 using the user account. A user who has logged in to the book data storage device 200 can receive the provision of the book data storage service, which is a cloud service for storing book data, from the book data storage device 200. A user who uses the book data storage service can upload the book data stored in the user terminal device 100 to the book data storage device 200 and save the book data within the range of the authority granted to the user account. The book data stored in the device 200 can be viewed and downloaded from the user terminal device 100. Further, a user who uses the book data storage service can give an electronic signature to the book data stored in the book data storage device 200 within the range of the authority granted to the user account.

The book data storage device 200 of the book data storage system 10 is a cloud server that is configured to be communicable with the user terminal device 100 via a computer network 800 and realizes a server function by cloud computing. The book data storage device 200 provides a book data storage service, which is a cloud service for storing book data, to a user account accessed through the user terminal device 100. The computer network 800 includes the Internet, a mobile phone communication network, a local area network and a wireless local area network.

The electronic certificate authority 300 of the book data storage system 10 is configured to be able to issue an electronic certificate to a user who has a user account of the book data storage service. When the authenticity of the issued digital certificate is lost, the electronic certificate authority 300 revokes the digital certificate and issues a certificate revocation list showing the revoked digital certificate.

The time certification authority 400 of the book data storage system 10 is configured to be able to issue a time stamp given to the book data stored in the book data storage device 200. The time stamp given to the book data proves that the book data exists before the time indicated by the time stamp and that the book data has not been tampered with after that time.

FIG. 2 is an explanatory diagram showing a detailed configuration of the book data storage device 200. The book data storage device 200 includes a main control unit 210 and a network communication unit 220. The main control unit 210 controls each unit of the book data storage device 200. The network communication unit 220 is configured to be connectable to the computer network 800.

The book data storage device 200 further includes an account management unit 230, an account database unit 232, and a signature storage unit 234 as a configuration for managing user accounts.

The account management unit 230 of the book data storage device 200 manages processes related to the user account, such as issuing a user account, updating the user account, and deleting the user account. The account management unit 230 receives instructions for processing regarding the user account from the management account through the graphical user interface displayed on the user terminal device 100 of the management account that manages the user account.

The account database unit 232 of the book data storage device 200 stores registration information related to the user account, such as the user's name, login identification number, login password, access authority, affiliation group, e-mail address, and expiration date.

The signature storage unit 234 of the book data storage device 200 is configured to be able to store a digital certificate for each user account. The electronic certificate stored in the signature storage unit 234 is electronic data issued by the electronic certificate authority 300 to the user of the user account registered in the account database unit 232, and is included in the registration information of the account database unit 232. Associated and saved. In the present embodiment, the account management unit 230 requests the digital certificate authority 300 to issue a new digital certificate before the expiration date of the digital certificate stored in the signature storage unit 234 expires, and the signature storage unit 230. It is possible to renew the digital certificate stored in 234.

The book data storage device 200 further includes a book data storage unit 240, an upload reception unit 242, and a book data presentation unit 244 as configurations for storing and inputting / outputting book data.

The book data storage unit 240 of the book data storage device 200 stores the book data received by the upload reception unit 242 from the user account accessed through the user terminal device 100. The storage file format of the book data stored in the book data storage unit 240 may be any format to which a long-term signature format can be applied, and in this embodiment, it is a PDF (Portable Document Format).

The upload reception unit 242 of the book data storage device 200 accepts the upload of the book data Dw1 from the user account accessed through the user terminal device 100. The upload reception unit 242 accepts the upload of the book data Dw1 through the graphical user interface displayed on the user terminal device 100 of the user account. In the present embodiment, the file format of the book data Dw1 that can be received by the upload reception unit 242 is the storage file format (PDF in this embodiment) adopted by the book data storage unit 240. In another embodiment, the upload receiving unit 242 receives the upload of the book data Dw1 in a file format (for example, a vector format) different from the storage file format adopted by the book data storage unit 240, and then the book data. The file format of Dw1 may be converted to the save file format.

The book data presentation unit 244 of the book data storage device 200 presents the book data stored in the book data storage unit 240 to a user account accessed through the user terminal device 100. The book data presentation unit 244 presents the book data stored in the book data storage unit 240 through the graphical user interface displayed on the user terminal device 100 of the user account. The presentation of the book data by the book data presentation unit 244 includes browsing the book data in the user terminal device 100, downloading the book data by the user terminal device 100, and displaying the attached information of the book data in the user terminal device 100.

In the present embodiment, when the upload reception unit 242 accepts the upload of the second book data using the same file name as the first book data already stored in the book data storage unit 240, the book data storage unit 240 Saves the first book data and the second book data to which the same file name is given separately. The book data storage unit 240 manages the first book data and the second book data as separate book data by using the identification code used only internally. The book data presentation unit 244 separately presents the first book data and the second book data stored in the book data storage unit 240 to the user account accessed through the user terminal device 100. The book data presentation unit 244 presents the first book data and the second book data as book data having the same file name at different update times.

The book data storage device 200 further includes a signature selection unit 252, a signature request unit 254, an approval reception unit 256, and a signature granting unit 258 as a configuration for assigning an electronic signature ES to the book data Dw1.

The signature selection unit 252 of the book data storage device 200 selects a user account (signature authority account) having the authority of the electronic signature ES to be given to the book data Dw1 from the user account (upload account) for uploading the book data Dw1. To accept. The signing authority account is one or more user accounts and may include the upload account itself. In the present embodiment, the signature selection unit 252 presents the user account previously associated with the upload account as a selection candidate for the signature authority account.

The signature requesting unit 254 of the book data storage device 200 approves the electronic signature ES for the book data Dw1 uploaded and stored in the book data storage unit 240 in accordance with the selection of the signature authority account for the signature authority account. Ask. In the present embodiment, the signature requesting unit 254 notifies the signature authority account logged in to the book data storage service of the approval request for the electronic signature ES, and also addresses the e-mail address associated with the signature authority account. , Sends an e-mail requesting approval of the digital signature ES for the book data Dw1 uploaded in conjunction with the selection of the signature authority account.

The approval reception unit 256 of the book data storage device 200 accepts the approval of the electronic signature ES for the book data Dw1 uploaded from the signature authority account in accordance with the selection of the signature authority account and stored in the book data storage unit 240. The approval reception unit 256 accepts the approval of the electronic signature ES from the signature authority account through the graphical user interface displayed on the user terminal device 100 of the signature authority account.

When the signature granting unit 258 of the book data storage device 200 receives the approval of the digital signature ES from the signature authority account, the signature authority uses the digital certificate of the signature authority account stored in the signature storage unit 234 to sign the signature authority. An electronic signature ES is given to the book data Dw1 uploaded in accordance with the selection of the account and stored in the book data storage unit 240. The signature granting unit 258 encrypts the hash value generated from the book data Dw1 using the hash function with the private key corresponding to the public key certified by the digital certificate, and uses the hash value as the digital signature ES for the book data. By binding to Dw1, the book data Dw2 to which the electronic signature ES is attached is generated. In the book data storage unit 240, the book data Dw2 to which the electronic signature ES is attached is stored in place of the book data Dw1 before the electronic signature ES is attached.

The book data storage device 200 further includes a signing time stamp requesting unit 262 and a signing time stamping unit 264 as a configuration for assigning the signature time stamp TS1 to the book data Dw2. In the present embodiment, the book data storage device 200 completes the addition of the signature time stamp TS1 to the book data Dw2 within a few days after receiving the approval of the electronic signature ES from the signature authority account.

When the signature time stamp requesting unit 262 of the book data storage device 200 receives the approval of the electronic signature ES from the signature authority account selected by the signature selection unit 252, the book to which the electronic signature ES of the signature authority account is given. The time stamp TS1 at the time of signature for the data Dw2 is requested to the time certification authority 400 (first time certification authority) via the computer network 800. The signature time stamp requesting unit 262 sends a hash value generated from the book data Dw2 to which the electronic signature ES of the signature authority account is attached to the time certificate authority 400, and the signature time stamp to which the time information is added to the hash value. Request the time certification authority 400 to issue TS1.

The signature time stamping unit 264 of the book data storage device 200 issues the signature time stamp TS1 issued by the time certificate authority 400 (first time certificate authority), and the signature time stamp TS1 is issued to the book. It is added to the book data Dw2 stored in the data storage unit 240. The signing time stamping unit 264 combines the signing time stamp TS1 issued by the time authentication station 400 with the book data Dw2 to which the signing time stamp TS1 is issued, so that the signing time stamp TS1 can be used. The given book data Dw3 is generated. In the book data storage unit 240, the book data Dw3 to which the signature time stamp TS1 is attached is stored in place of the book data Dw2 before the signature time stamp TS1 is attached.

The book data storage device 200 further includes a long-term signature requesting unit 272 and a long-term signature granting unit 274 as a configuration for assigning a long-term signature to the book data Dw3. In the present embodiment, the book data storage device 200 completes the long-term signature on the book data Dw3 within a few days after the book data Dw3 to which the electronic signature ES is given by all the signature authority accounts is generated.

The long-term signature requesting unit 272 of the book data storage device 200 issues the long-term signature time stamp TS2 to the book data Dw3 stored in the book data storage unit 240 and to which the signature time stamp TS1 is attached via the computer network 800. Request to the time certification authority 400 (second time certification authority). In the present embodiment, the time certification authority that issues the long-term signature time stamp TS2 is the same as the time certification authority that issues the signature time stamp TS1. In another embodiment, the time certificate authority that issues the long-term signature time stamp TS2 may be a time certificate authority different from the time certificate authority that issues the signature time stamp TS1.

The long-term signature granting unit 274 of the book data storage device 200 stores the long-term signature time stamp TS2 issued by the time certification authority 400 in the book data storage unit 240, which is the issue target of the long-term signature time stamp TS2. It is given to the existing book data Dw3. The long-term signature granting unit 274 combines the long-term signature time stamp TS2 issued by the time certification authority 400 with the book data Dw3 to be issued by the long-term signature time stamp TS2 based on the long-term signature format (PAdES). By doing so, the book data Dw4 to which the time stamp TS2 for long-term signature is attached is generated. The book data storage unit 240 stores the book data Dw4 to which the long-term signature time stamp TS2 is attached, instead of the book data Dw3 before the long-term signature time stamp TS2 is attached.

Before the expiration date (for example, 10 years) of the long-term signature time stamp TS2 attached to the book data Dw4 has passed, the long-term signature requesting unit 272 issues an additional long-term signature time stamp TS3 to the time certificate authority 400. Request to. After that, the long-term signature granting unit 274 combines the additional long-term signature time stamp TS3 issued by the time certification authority 400 with the book data Dw4 to which the additional long-term signature time stamp TS3 is issued. Generates book data Dw5 with an additional long-term signature time stamp TS3. The book data storage unit 240 stores the book data Dw5 to which the long-term signature time stamp TS3 is attached, instead of the book data Dw4 before the additional long-term signature time stamp TS3 is attached.

The book data storage device 200 further includes a processing time zone setting unit 280 as a configuration for managing processing for the electronic certificate authority 300 and the time certificate authority 400. The processing time zone setting unit 280 sets a processing time zone PT for performing processing on the electronic certificate authority 300 and the time certification authority 400, which are external certificate authorities. In the present embodiment, the processing time zone setting unit 280 sets the processing time zone PT for executing the processing to the electronic certificate authority 300 and the time authentication authority 400 based on the instruction by the administrator of the book data storage device 200. In the present embodiment, the processing time zone PT is set to a time zone in which the access frequency from the user account to the book data storage unit 240 decreases (for example, a continuous night time zone from midnight to 4:00 am). There is. As a result, the processing to the external certificate authority is performed with priority given to the time zone in which the access frequency from the user account to the book data storage unit 240 decreases. From the viewpoint of efficiently using the system resources of the book data storage device 200, priority is given to a time zone in which at least one process for the external certificate authority reduces the access frequency from the user account to the book data storage unit 240. It is preferable to carry out.

Each function of the book data storage device 200 is realized by software based on a computer program. At least a part of each function of the book data storage device 200 may be realized in terms of hardware based on the circuit configuration.

FIG. 3 is a flowchart showing an upload acceptance process executed by the book data storage device 200. 4 and 5 are explanatory views showing an example of the upload reception screen 510. The upload acceptance process of FIG. 3 is a process of accepting the upload of the book data Dw1 through the upload acceptance screen 510 (FIGS. 4 and 5) displayed on the user terminal device 100. The book data storage device 200 starts the upload acceptance process of FIG. 3 in response to a request from a user account accessed through the user terminal device 100.

After starting the upload acceptance process of FIG. 3, the library data storage device 200 displays the upload acceptance screen 510 on the web browser in the user terminal device 100 of the user account (step S110). The book data storage device 200 accepts the upload of the book data Dw1 from the user terminal device 100 to the book data storage device 200 through the upload reception screen 510, and has the authority of the electronic signature ES to be given to the book data Dw1. Accepts the selection of the digital signer who is the user of the authorized account.

Moving on to the description of FIGS. 4 and 5, the upload acceptance screen 510 is a screen for accepting the upload of the book data Dw1 and the selection of the electronic signature. The upload reception screen 510 is a graphical user interface (GUI) displayed based on the function of the web browser. The upload reception screen 510 includes a file selection button 511, a file list display unit 512, a registration button 518, and a close button 519 (see FIG. 4A).

The file selection button 511 of the upload reception screen 510 is a button that accepts an operation input for proceeding to the selection of the book data (file) stored in the user terminal device 100. When the file selection button 511 is clicked, another screen (not shown) for selecting the book data is displayed superimposed on the upload reception screen 510.

The file list display unit 512 of the upload reception screen 510 is an area for displaying a list of the book data Dw1 to be uploaded selected through the file selection button 511. The file selection button 511 displays, as information about the book data Dw1, the file name of the book data Dw1, the electronic signature required for the book data Dw1, the comment about the book data Dw1, the processing result for the book data Dw1, and the like. It is configured to be possible.

The file list display unit 512 is further configured to be able to display a selection button 513 and a clear button 514 (see FIG. 4B). The selection button 513 and the clear button 514 are displayed for each book data Dw1 to be uploaded selected through the file selection button 511. When the clear button 514 is clicked, the book data Dw1 is deleted from the list of the file list display unit 512. When the selection button 513 is clicked, the signer selection screen 515 that accepts the selection of the electronic signer is superimposed on the upload acceptance screen 510 (see FIG. 5C).

The signer selection screen 515 includes a candidate list display unit 515L, a selection button 516, and a cancel button 517. The candidate list display unit 515L displays the candidates of the electronic signature signer and accepts the designation of the candidates by clicking. The selection button 516 is a button that accepts the candidate designated in the candidate list display unit 515L as the selection of the electronic signature holder. When the selection button 516 is clicked, the signer selection screen 515 is deleted, and the candidate designated in the candidate list display unit 515L is selected as the electronic signer. On the other hand, when the cancel button 517 is clicked, the signer selection screen 515 is deleted and the selection of the electronic signer is canceled.

The registration button 518 of the upload reception screen 510 is a button for registering the book data Dw1 and the electronic signature person selected on the upload reception screen 510 in the book data storage device 200. When the registration button 518 is clicked, the book data Dw1 selected on the upload reception screen 510 is uploaded to the book data storage device 200, and the electronic signature required for the book data Dw1 is transferred to the book data storage device 200. be registered. On the other hand, when the close button 519 is clicked, the upload acceptance screen 510 is deleted and the upload of the book data is stopped.

Returning to the description of FIG. 3, after displaying the upload acceptance screen 510 (step S110), the book data storage device 200 determines whether or not there is a request for selection of the electronic signature holder by clicking the selection button 513 (step S112). ), Waits until there is a request to select the electronic signer (step S112: "NO").

When there is a request to select an electronic signer (step S112: “YES”), the book data storage device 200 causes the user terminal device 100 to display the signer selection screen 515 (step S113). After that, the book data storage device 200 determines whether or not there is a registration request for the book data Dw1 by clicking the registration button 518 (step S114), and waits until there is a registration request for the book data Dw1 (step S114: ". NO ").

When there is a request for registration of the book data Dw1 (step S114: "YES"), the book data storage device 200 accepts the upload of the book data Dw1 from the user terminal device 100 through the upload reception screen 510, and the book data Dw1. Accepts the selection of electronic signatories required for (step S116). After that, the book data storage device 200 stores the book data Dw1 uploaded from the user terminal device 100 in the book data storage unit 240 (step S118), and sets the status (state) of the book data Dw1 in the electronic signature ES. It is set to "waiting for signature", which is a state of waiting for grant (step S119). After that, the book data storage device 200 ends the upload acceptance process of FIG.

FIG. 6 is a flowchart showing an electronic signature process executed by the book data storage device 200. FIG. 7 is an explanatory diagram showing an example of the signature approval screen 520. The electronic signature process of FIG. 6 is a process of accepting the approval of the electronic signature ES through the signature approval screen 520 (FIG. 7) displayed on the user terminal device 100. The book data storage device 200 starts the electronic signature process of FIG. 6 in response to a request from the signature authority account accessed through the user terminal device 100.

After starting the electronic signature process of FIG. 6, the book data storage device 200 displays the signature approval screen 520 on the web browser in the user terminal device 100 of the signature authority account (step S120). The book data storage device 200 presents the book data Dw1 for which the approval of the electronic signature ES is requested to the signature authority account through the signature approval screen 520, and approves the digital signature ES for the book data Dw1. Accept from a signing authority account.

Moving on to the description of FIG. 7, the signature approval screen 520 is a screen for accepting the approval of the electronic signature ES. The signature approval screen 520 is a graphical user interface (GUI) displayed based on the function of the web browser. The signature approval screen 520 includes a file list display unit 522, a signature button 528, and a close button 529.

The file list display unit 522 of the signature approval screen 520 is an area for displaying a list of book data Dw1 for which approval of the electronic signature ES is requested for the logged-in signature authority account. The file list display unit 522 can display the status, file name, file path, data size, file format of the book data Dw1, as well as the person who updated the book data Dw1 and the date and time of the update, as information about the book data Dw1. It is configured. The file list display unit 522 is further configured to display a check box 524. The check box 524 is displayed for each book data Dw1 displayed on the file list display unit 522. When the check box 524 is clicked, the book data Dw1 is selected as a target for approving the grant of the digital signature ES.

The signature button 528 of the signature approval screen 520 is a button for confirming the approval of the electronic signature ES for the book data Dw1 selected by the check box 524 in the file list display unit 522. When the signature button 528 is clicked, the approval of the electronic signature ES for the book data Dw1 selected in the file list display unit 522 is accepted by the book data storage device 200. On the other hand, when the close button 529 is clicked, the signature approval screen 520 is erased and the approval of the electronic signature ES is stopped.

Returning to the description of FIG. 6, after displaying the signature approval screen 520 (step S120), the book data storage device 200 determines whether or not the electronic signature ES is approved by clicking the signature button 528 (step S122). ), Wait until the approval of the electronic signature ES is received (step S122: "NO"). When the approval of the digital signature ES is received (step S122: “YES”), the book data storage device 200 generates the book data Dw2 in which the digital signature ES is added to the book data Dw1, and the digital signature ES is given. Instead of the previous book data Dw1, the book data Dw2 to which the electronic signature ES is attached is stored in the book data storage unit 240 (step S124).

After storing the book data Dw2 to which the electronic signature ES is given to the book data Dw1 (step S124), the book data storage device 200 determines whether or not all the electronic signature ESs necessary for the book data Dw2 are given. (Step S126). When all the necessary electronic signature ESs are given to the book data Dw2 (step S126: “YES”), the book data storage device 200 is waiting for the status of the book data Dw2 to be given the signature time stamp TS1. After setting the state to "signature processing in progress" (step S128), the electronic signature processing of FIG. 6 is terminated. On the other hand, when all the necessary electronic signature ESs are not given to the book data Dw2 (step S126: “NO”), the book data storage device 200 continuously sets the status of the book data Dw2 to “waiting for signature”. After that (step S129), the electronic signature process of FIG. 6 is terminated.

FIG. 8 is a flowchart showing a signature time stamp process executed by the book data storage device 200. The signature time stamp process of FIG. 8 is a process of adding the signature time stamp TS1 to the book data Dw2. The book data storage device 200 periodically starts the signature time stamp process of FIG.

After starting the signature time stamp process of FIG. 8, the book data storage device 200 stores the book data Dw2 whose status is "signature processing" in the book data storage unit 240 as a target for assigning the signature time stamp TS1. It is determined whether or not it has been performed (step S130). When there is no book data Dw2 to which the signature time stamp TS1 is to be assigned (step S130: “NO”), the book data storage device 200 ends the signature time stamp process of FIG.

When there is the book data Dw2 to which the time stamp TS1 at the time of signature is given (step S130: “YES”), whether or not the book data storage device 200 is the processing time zone PT set by the processing time zone setting unit 280. (Step S132). In the present embodiment, the processing time zone PT is set as a continuous nighttime zone from midnight to 4:00 am as a time zone in which the access frequency from the user account to the book data storage unit 240 decreases. If it is not the processing time zone PT (step S132: “NO”), the book data storage device 200 ends the signature time stamp processing of FIG.

In the case of the processing time zone PT (step S132: “YES”), the book data storage device 200 executes the signature time stamp request processing (step S134). In the signature time stamp request process (step S134), the book data storage device 200 transmits a hash value generated from the book data Dw2, which is the target of the signature time stamp TS1, to the time certificate authority 400, and uses the hash value as the hash value. Request the time certificate authority 400 to issue the signature time stamp TS1 to which the time information is attached.

After executing the signature time stamp request process (step S134), the library data storage device 200 executes the signature time stamp assignment process (step S136). In the signing time stamping process (step S136), the book data storage device 200 combines the signing time stamp TS1 issued by the time authentication station 400 with the book data Dw2 to which the signing time stamp TS1 is issued. By doing so, the book data Dw3 to which the signature time stamp TS1 is attached is generated, and the book data Dw3 to which the signature time stamp TS1 is attached is replaced with the book data Dw2 before the signature time stamp TS1 is attached. Is stored in the book data storage unit 240. In the signature time stamp request process (step S134), the book data storage device 200 sets the status of the book data Dw3 to "signature completed" in which the digital signature has been added. After executing the signature time stamping process (step S136), the book data storage device 200 ends the signature time stamp process of FIG.

FIG. 9 is a flowchart showing a long-term signature process executed by the book data storage device 200. The long-term signature process (FIG. 9) is a process of adding the long-term signature time stamps TS2 and TS3 to the book data Dw3 and Dw4. The book data storage device 200 periodically starts the long-term signature process of FIG.

After starting the long-term signature processing of FIG. 9, the book data storage device 200 targets the long-term signature time stamps TS2 and TS3 to update the book data Dw3 whose status is "signature completed" and the long-term signature. It is determined whether or not the necessary book data Dw4 is stored in the book data storage unit 240 (step S140). When the book data Dw3 and Dw4 to be given the long-term signature time stamps TS2 and TS3 do not exist (step S140: “NO”), the book data storage device 200 ends the long-term signature process of FIG.

When there are book data Dw3 and Dw4 to be given the long-term signature time stamps TS2 and TS3 (step S140: "YES"), the book data storage device 200 has a processing time zone set by the processing time zone setting unit 280. It is determined whether or not it is a PT (step S142). In the present embodiment, the processing time zone PT is set as a continuous nighttime zone from midnight to 4:00 am as a time zone in which the access frequency from the user account to the book data storage unit 240 decreases. If it is not the processing time zone PT (step S142: “NO”), the library data storage device 200 ends the long-term signature processing of FIG.

In the case of the processing time zone PT (step S142: “YES”), the book data storage device 200 executes the long-term signature request processing (step S144). When the first long-term signature is given in the long-term signature request processing (step S144), the book data storage device 200 transfers the hash value generated from the book data Dw3 to which the long-term signature time stamp TS2 is given to the time certificate authority 400. Requests the time certificate authority 400 to issue a long-term signature time stamp TS2 that is transmitted and has time information added to the hash value. When updating the long-term signature in the long-term signature request processing (step S144), the book data storage device 200 transmits the hash value generated from the book data Dw4 to which the long-term signature time stamp TS3 is attached to the time certificate authority 400. Requests the time certificate authority 400 to issue a long-term signature time stamp TS3 in which time information is added to the hash value.

After executing the long-term signature request process (step S144), the library data storage device 200 executes the long-term signature grant process (step S146). When the first long-term signature is given in the long-term signature granting process (step S146), the library data storage device 200 issues the long-term signature time stamp TS2 issued by the time authentication station 400, and issues the long-term signature time stamp TS2. By combining with the target book data Dw3, the book data Dw4 to which the long-term signature time stamp TS2 is attached is generated, and the long-term signature is replaced with the book data Dw3 before the long-term signature time stamp TS2 is attached. The book data Dw4 to which the time stamp TS2 is attached is stored in the book data storage unit 240. When updating the long-term signature in the long-term signature granting process (step S146), the library data storage device 200 sets the long-term signature time stamp TS3 issued by the time authentication station 400 as the issue target of the long-term signature time stamp TS3. By combining with a certain book data Dw4, the book data Dw5 to which the long-term signature time stamp TS3 is attached is generated, and the long-term signature time is replaced with the book data Dw4 before the long-term signature time stamp TS3 is attached. The book data Dw5 to which the stamp TS3 is attached is stored in the book data storage unit 240. In the long-term signature granting process (step S146), the book data storage device 200 sets the status of the book data Dw4 to "long-term signature completion" in which the long-term signature has been granted, and sets the status of the book data Dw5 to the long-term signature. Set to "Long-term signature renewal" when the renewal is completed. After executing the long-term signature imparting process (step S146), the library data storage device 200 ends the long-term signature process of FIG.

According to the first embodiment described above, the user who uploads the book data Dw1 selects the user account having the authority of the electronic signature ES at the time of uploading, so that the electronic signature ES and the signature for the book data Dw1 are signed. The time stamp TS1 and the long-term signature time stamps TS2 and TS3 can be added. As a result, it is possible to improve the convenience of the user who stores the book data necessary for ensuring the authenticity for a long period of time.

Further, since the signature granting unit 258 sends an e-mail requesting the approval of the electronic signature ES to the e-mail address associated with the user account, the holder of the user account who is not logged in to the library data storage device 200 is notified. Approval of the electronic signature ES can be promoted.

In addition, since the first book data and the second book data to which the same file name is given can be separately saved and presented, each of the book data before and after the update saved under the same file name is genuine. Sex can be ensured for a long period of time.

Further, the signature time stamp request process (step S134 in FIG. 8), the signature time stamp grant process (step S136 in FIG. 8), the long-term signature request process (step S144 in FIG. 9), and the long-term signature grant process (FIG. 9). Step S156) is performed with priority given to a time zone (night time zone) in which the access frequency from the user account to the book data storage unit 240 decreases. As a result, it is possible to suppress the system resource of the book data storage device 200 from becoming tight when accessing the book data storage unit 240 from the user account, and to suppress a decrease in the access speed from the user account to the book data storage unit 240. ..

B. 2nd Embodiment The book data storage device 200 of the 2nd embodiment is the same as the 1st embodiment except that the operation of the processing time zone setting unit 280 is different. The processing time zone setting unit 280 of the second embodiment is the first except that the processing time zone PT for performing processing with an external certificate authority is set based on the access frequency from the user account to the book data storage unit 240. It is the same as the embodiment.

FIG. 10 is a flowchart showing a processing time zone setting process executed by the book data storage device 200 in the second embodiment. The processing time zone setting process of FIG. 10 is a process of setting a processing time zone PT for performing processing with the time authentication authority 400. The book data storage device 200 periodically starts the processing time zone setting process of FIG. The processing time zone setting process may be executed at least once every week, every month, every six months, and every year.

After starting the processing time zone setting process of FIG. 10, the book data storage device 200 confirms the access frequency from the user account to the book data storage unit 240 (step S150). In the present embodiment, the access frequency to the book data storage unit 240 is recorded in the main control unit 210.

After confirming the access frequency (step S150), the book data storage device 200 sets a processing time zone PT for performing processing with the time authentication authority 400 based on the access frequency from the user account to the book data storage unit 240. (Step S152). The book data storage device 200 sets the processing time zone PT by giving priority to the time zone in which the access frequency from the user account to the book data storage unit 240 decreases. The processing time zone PT may be set to a different time zone depending on the day of the week, holidays, seasons, and the like. After setting the processing time zone PT (step S152), the book data storage device 200 ends the processing time zone setting process of FIG.

According to the second embodiment described above, as in the first embodiment, it is possible to improve the convenience of the user who stores the book data necessary for ensuring the authenticity for a long period of time. Further, the time during which the access frequency from the user account to the book data storage unit 240 decreases in the processing time zone PT for performing the processing with the time certificate authority 400 according to the change in the access frequency from the user account to the book data storage unit 240. Can be set as a band. As a result, it is possible to suppress the system resource of the book data storage device 200 from becoming tight when accessing the book data storage unit 240 from the user account, and to suppress a decrease in the access speed from the user account to the book data storage unit 240. ..

C. Other Embodiments The techniques disclosed in the present specification are not limited to the above-described embodiments, examples and modifications, and can be realized by various configurations without departing from the spirit thereof. For example, among the technical features in the above-described embodiments, examples and modifications, those corresponding to the technical features in each embodiment described in the column of the outline of the invention solve a part or all of the above-mentioned problems. It can be replaced and combined as appropriate to, or to achieve some or all of the above effects. In addition, technical features not described as essential in this specification may be deleted as appropriate.

When the book data storage device 200 has an operation on the book data storage unit 240 by the user account, the book data storage device 200 may notify the operation content by e-mail to the preset mail address of the user account. The operation to be notified may be at least one such as uploading and downloading book data, changing the file name, changing the comment, deleting the file, changing the file sharing setting, moving the file between folders, and changing the attribute of the folder. .. The e-mail notifying the operation content may include a URL for accessing the book data to be notified by the user account of the mail recipient.

The upload receiving unit 242 of the book data storage device 200 may accept the upload of the book data Dw1 from an external user other than the user account registered in the account database unit 232. For example, the upload reception unit 242 may issue a URL for accessing the book data storage unit 240 to an external user based on an instruction from the user account, and accept the upload of the book data Dw1 through the URL. .. In this case, the upload receiving unit 242 may set restrictions on access from external users (for example, the number of accesses, data capacity, access period, etc.).

The book data presentation unit 244 of the book data storage device 200 may present the book data stored in the book data storage unit 240 to an external user other than the user account registered in the account database unit 232. .. For example, the book data presentation unit 244 may issue a URL for accessing the book data storage unit 240 to an external user based on an instruction from the user account, and present the book data through the URL. In this case, the book data presentation unit 244 may set restrictions on access from external users (for example, the number of accesses, data capacity, access period, etc.).

The book data storage device 200 may be able to set an upper limit value of the data capacity that can be stored in the book data storage unit 240. In this case, the book data storage device 200 may be able to set the upper limit of the data capacity for each user account or for each account group composed of a plurality of user accounts.

The book data storage device 200 may be able to set an accessible period for each folder in which the book data is stored in the book data storage unit 240. In this case, the book data storage device 200 may be able to set the period during which the folder can be accessed for each user account, or may be set for each account group composed of a plurality of user accounts. ..

When the book data storage device 200 can accept input of attribute values (for example, customer name, importance, design date, classification, etc.) associated with the book data stored in the book data storage unit 240 from the user account. The setting of each item of the attribute value (for example, attribute value name, input format, display target or not, search target or not, input required or not, etc.) may be configured to be accepted from the management account. ..

10 ... Book data storage system 100 ... User terminal device 200 ... Book data storage device 210 ... Main control unit 220 ... Network communication unit 230 ... Account management unit 232 ... Account database unit 234 ... Signature storage unit 240 ... Book data storage unit 242 ... Upload reception unit 244 ... Book data presentation unit 252 ... Signature selection unit 254 ... Signature request unit 256 ... Approval reception unit 258 ... Signature granting unit 262 ... Signature time stamp requesting unit 264 ... Signature time stamping unit 272 ... Long-term signature request Part 274 ... Long-term signature granting part 280 ... Processing time zone setting part 300 ... Electronic authentication station 400 ... Time authentication station 510 ... Upload reception screen 511 ... File selection button 512 ... File list display part 513 ... Selection button 514 ... Clear button 515 ... Signer selection screen 515L ... Candidate list display unit 516 ... Selection button 517 ... Cancel button 518 ... Registration button 591 ... Close button 520 ... Signature approval screen 522 ... File list display unit 524 ... Check box 528 ... Signing button 522 ... Close button 800 … Computer network Dw1 ～ Dw5… Book data ES… Electronic signature PT… Processing time zone TS1… Signing time stamp TS2… Long-term signature time stamp TS3… Long-term signature time stamp

Claims (4)

A book data storage device that is configured to be able to communicate with a user terminal device via the Internet and provides a cloud service for storing book data in a user account accessed through the user terminal device.
A signature storage unit configured to store the private key for each user account,
An upload reception unit that accepts uploads of book data from a user account accessed through the user terminal device, and
The book data storage unit that stores the book data received by the upload reception unit, and the book data storage unit.
A book data presentation unit that presents the book data stored in the book data storage unit to a user account that is accessed through the user terminal device, and a book data presentation unit.
A signature selection unit that accepts the selection of a user account that has the authority to digitally sign the book data from the user account that uploads the book data.
From the user account selected in the signature selection unit, the approval reception unit that accepts the approval of the electronic signature for the book data uploaded together with the selection of the user account and stored in the book data storage unit.
When the approval of the electronic signature is received from the user account selected in the signature selection unit, the digital signature is uploaded together with the selection of the user account using the private key of the user account stored in the signature storage unit. A signature-imparting unit that adds an electronic signature to the book data stored in the book data storage unit, and a signature-imparting unit.
When the approval of the electronic signature is received from the user account selected by the signature selection unit, the issuance of the signature time stamp for the book data to which the electronic signature of the user account is given is issued at the first time via the Internet. The signature time stamp request part requested from the certificate authority and
A signature time stamping unit that stores the signature time stamp issued by the first time certificate authority in the book data storage unit and assigns the signature time stamp to the book data to which the signature time stamp is issued.
A long-term signature requesting unit that requests a second time certificate authority to issue a long-term signature time stamp for the book data stored in the book data storage unit and to which the signature time stamp is attached.
The long-term signature granting unit that stores the long-term signature time stamp issued by the second time certification authority in the book data storage unit and assigns the long-term signature time stamp to the book data to which the long-term signature time stamp is issued. Prepare ,
The process of requesting the issuance of the signing time stamp by the signing time stamp requesting unit, the process of assigning the signing time stamp to the book data by the signing time stamping unit, and the long-term signing process by the long-term signing requesting unit. At least one of the process of requesting the issuance of the signature time stamp and the process of assigning the long-term signature time stamp to the book data by the long-term signature granting unit is performed from the user account to the book data storage unit. A library data storage device that is implemented with priority given to the time when the access frequency to is low . The book data storage device according to claim 1, further uploaded to the e-mail address associated with the user account selected in the signature selection unit in accordance with the selection of the user account, and the book data storage. A book data storage device including a signature requesting unit that sends an e-mail requesting approval of an electronic signature for the book data stored in the unit. The book data storage device according to claim 1 or 2.
When the upload reception unit accepts the upload of the second book data using the same file name as the first book data already stored in the book data storage unit, the book data storage unit has the same file name. The first book data and the second book data to which the above is given are distinguished and saved.
The book data presenting unit separately presents the first book data and the second book data stored in the book data storage unit to a user account accessed through the user terminal device. Book data storage device. The document data storage device according to any one of claims 1 to 3 , further, a process of requesting issuance of the signing time stamp by the signing time stamp requesting unit, the signing time. The process of adding the signature time stamp to the book data by the stamp giving unit, the process of requesting the issuance of the long-term signature time stamp by the long-term signature request unit, and the long-term signature time by the long-term signature assigning unit. A book data storage device including a processing time zone setting unit that sets a time zone for performing at least one process of assigning a stamp to the book data based on the access frequency from the user account to the book data storage unit. ..

Images