JPH06334648A - Communicating method for electronic document with electronic sealing and terminal equipment for same - Google Patents

Abstract

PURPOSE:To obtain a communicating method and a terminal equipment which are capable of performing a data recovery when a data error is detected for sealing data, etc. CONSTITUTION:A sealer performs a compression function 103 for a message 101 and obtains compression data 105. A cipher function 112 where a secret key 110 read from an area 106 for sealer is defined as a key for the one where the compression data 105 and a fixed value 104 are coupled and sealing data 112 is obtained. The message 101 and sealing data 112 are passed to a confirmor and are backed up. The confirmor decodes sealing data and inspects whether a sealing error and a document error exist by a fixed value confirmation processing 216 and a compression data confirmation processing 220. The result is returned to the sealer. The sealer recognizes the generated error and retransmits the backed up sealing data and message according to the kind of the error.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of communicating an electronic document with an electronic seal and a terminal device for communicating such an electronic document.

[0002]

2. Description of the Related Art An electronic marking (digital signature) technique has been proposed as a technique for confirming the legitimacy of an electronic document transmitted and received via an electric communication path or the like (for example,
Name: Cryptography and information security, Editor: Shigeo Tsujii / Masao Kasahara, Publisher: Shokodo, pages 127-147).
They are generally realized by a method using public key encryption such as RSA encryption. Public key cryptography is a method in which an encryption key and a decryption key are paired, the encryption key is made public, and the decryption key is kept secret.

However, there is a possibility that a fraud or the like will occur due to the collusion of the user with respect to the disclosed encryption key. Therefore, it is necessary to authenticate whether or not the public key used in the above encryption is legitimate in order to demand higher security. In order to solve these problems, the public key certification method shown in FIG. 16 is presented.

In FIG. 16, the center 1601 publishes the one-way function f, and its inverse function f ^-1 is the secret of the center. When registering the public key of a certain user, the inverse function (f ⁻¹ ) 1605 is applied to the public key (PK) 1603 and the personal information (ID) 1604, and the value is public key proof (X) 1
It is set to 606 and is disclosed to the user.

In the user terminal 1602, the public key (PK) 160 and the result f (X) obtained by applying the one-way function f to the public key proof (X) 1606 before using the public key.
3 and personal information (ID) 1604 are compared to determine the validity of the public key. After the validity of the public key is confirmed, the electronic seal is confirmed using the public key.

[0006]

By the way, in a general system, a physical error on a medium such as a hard disk or a data error due to noise on a communication path,
Moreover, artificial fraud and the like may occur, and electronic marking systems are required to take measures to prevent them.

However, in the conventional electronic marking system, although the validity of the public key is judged as described above,
No measures were taken for data other than the public key, such as the seal data. That is, in the conventional electronic marking system, no measures have been taken for the marking data and the like to prevent the above-mentioned errors and artificial fraud. Further, when such an error occurs, it is necessary not only to detect it but also to recover data to some extent.

A first object of the present invention is to provide a communication method and a terminal device capable of detecting the occurrence of a data error or fraudulent activity with respect to marking data when transmitting and receiving a digitized document accompanied by an electronic marking. To do.

A second object of the present invention is to provide a communication method and a terminal device capable of recovering the data when the data error with respect to the stamp data or the like is detected.

[0010]

The present invention uses the following technique in contrast to the conventional electronic marking technique so as to be able to take measures even when an error or illegality occurs in data such as marking data.

First, at the time of creating a seal on the side of a sealer, an electronic document and seal data (digital signature) to be communicated
Backup. The confirmer side confirms the validity of the received seal data, and returns the confirmation result and the received seal data. Confirmation of the validity of the seal data on the confirmer side is performed as follows, for example.

The stamper side compresses the electronic document to be communicated to obtain compressed data. The stamper side connects the fixed value data unique to the system to the compressed data. The sealer creates seal data from the linked data using the private key. The confirmer side decrypts the seal data using the public key. The confirmer compares the fixed value data portion in the decryption result with the fixed value data unique to the system. If they match,
It can be considered that the private key and the public key correspond to each other, and there was no data error in the stamp data sent from the stamper side to the confirmer side. If they do not match, it can be considered that there has been tampering due to a data error or fraud. When they match, the confirmation end code is returned, and when they do not match, the seal error code is returned to the sealer as the confirmation result of the validity of the seal data.

When the confirmation end code is sent from the confirmer side, it can be considered that the seal stamp data has been normally transmitted, so the seal stamp data backed up by the seal stamper side is deleted.

When the stamper error code is sent from the confirmer side, the stamper side compares the stamp data returned from the confirmer side with the backup stamp data. If they do not match, it means that the stamp data has not been sent normally, so the backup seal data is retransmitted. When they match, it is understood that the private key and the public key do not correspond to each other.

If the private key and the public key do not correspond to each other, a private key exchange process may be appropriately performed.

Further, the confirmer side may confirm the legitimacy of the received electronic document, and as a result of the confirmation, the presence or absence of a document error may be transmitted to the stamper side. The legitimacy of the electronic document is confirmed, for example, as follows.

The stamp data is created and sent to the confirmer side in the same manner as in the case of confirming the validity of the stamp data. The confirmer side compresses the received electronic document to obtain compressed data. The confirmer side decrypts the received seal data using the public key. The confirmer compares the compressed data portion in the decoding result with the compressed data obtained above. If they match, the electronic document can be considered to have been successfully sent. If they do not match, it can be considered that there has been tampering due to a data error or fraud. If they match, a confirmation end code is returned, and if they do not match, a document error code is returned to the stamper side as a result of confirmation of the legitimacy of the electronic document.

When the confirmation end code is sent from the confirmer side, it can be considered that the electronic document has been normally transmitted, and therefore the electronic document backed up by the stamper side is deleted. When the document data error code is sent from the confirmer side, it means that the electronic document has not been normally sent. Therefore, the backup electronic document is retransmitted.

At the time of creating the stamp data, the electronic document to be communicated is divided into a plurality of partial documents, each of the partial documents is compressed to obtain a plurality of compressed data, and one compressed data is obtained. A compressor may be created, fixed value data unique to the system may be connected to the compressor, and the seal data may be created from the combined data using a secret key.

In this case, the confirmer side divides the received electronic document into a plurality of partial documents (the dividing method is the same as that at the time of creating the seal data), and compresses each of the partial documents to obtain a plurality of partial documents. Obtains compressed data, 1 from the plurality of compressed data
Verify the legitimacy of the received electronic document by creating two compressors, decrypting the received seal data using the public key, and comparing the compressor in the decryption result with the compressor created above. To do so.

Further, it is preferable to detect which partial document has been tampered with and the part of the partial document based on the comparison of the compressors. A part of the falsified partial document is sent to the stamper side together with the document error, and the stamper side resends the partial document.

After the confirmation of the legitimacy of the electronic document, if there is a document error, the electronic document may be automatically corrected. When the method of dividing the above-mentioned digitized document into a plurality of partial documents is adopted, the partial document in which falsification is detected is automatically corrected.

The present invention can be applied not only when exchanging an electronic document via a communication network, but also when exchanging an electronic document within one terminal device. In that case,
The stamper writes the digitized document and the stamp data in a predetermined writing area (for example, a hard disk provided in the terminal device), and the confirmer reads the data from the writing area. Data is also sent and received from the confirmer to the stamper.

Further, in this case, the confirmer can directly read the data backed up by the stamper. The confirmer can confirm the validity of the secret key by comparing the stamped data that has been backed up with the stamped data read from the writing area.

For backing up the stamp data and the like, a hard disk or a floppy disk provided in the terminal may be used. When exchanging electronic documents accompanied by an electronic seal, a removable storage medium (for example, an IC card) storing a private key or a public key is often distributed to each user. Therefore, the backup data is stored in the storage medium. May be stored.

[0026]

According to the present invention described above, it is possible to detect the illegality and error of the data generated in the electronic marking system. In addition, data loss can be prevented. The invention does not impair the safety of the electronic marking.

[0027]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 14 is a block diagram showing a system configuration of a communication system for a digitized document with an electronic seal according to an embodiment of the present invention.

In the figure, user terminals 1402, 140
3, 1404 are mutually connected by a communication network 1401. Each terminal can exchange data such as an electronic document with each other via the communication network 1401. Each user terminal has a display 1417 and a keyboard 14.
18, reader / writer 1419, program area 140
6, data area 1405, R / W (read / write)
Control unit 1407, CPU (central processing unit) 1408, communication control unit 1409, and I / O (input / output) control unit 14
Equipped with 10.

The program area 1406 stores various programs including a marking processing function 1415 and a confirmation processing function 1416. The seal processing function 1415 is an encryption function used to create seal data. The confirmation processing function 1416 is a decoding function for decoding the received stamp data.

In the data area 1405, the correction data 1
411, public key 1412 of all users, private key 14 of individual
13 and various data including backup data 1414 are stored. The modified data 1411 and the backup data 1414 will be described later.

The R / W control unit 1407 is used by the reader / writer 1
The input / output to / from 419 is controlled. As a result, the connection with the user-dedicated medium such as the IC card is established. CPU140
Reference numeral 8 controls execution of the entire process in the terminal 1402.
The communication control unit 1409 controls communication via the communication network 1401. The I / O control unit 1410 is used for the display 1
Input / output control of the keyboard 417 and the keyboard 1418 is performed.

Since the user terminal 1402 in this figure is based on the premise that one terminal is used personally by one individual (or a group of several people), the private key 1413 and backup data 1414 of the individual are the data. It is provided on the area 1405. On the other hand, an arbitrary user may own a medium for exclusive use of the user, such as an IC card, and store the user's private key and backup data in the medium.

In this case, the user inserts his or her own medium, for example, an IC card, into the reader / writer 1419, and the system executes the processing described later using the private key and backup data in the IC card. It is not necessary to provide the private key and backup data of the individual on the data area 1405. Of course, whether to use the data in the data area 1405 or the data in the IC card,
The user may specify it.

FIG. 15 shows an example of a medium dedicated to the user I
It is a block diagram which shows the structure of a C card.

The IC card 1501 is distributed to each user in advance as a medium exclusively for the user, and they are used when creating a seal. The inside is the program area 15
03, data area 1502, CPU 1505, and R / W control unit 1504.

In the program area 1503, the CPU 1
Various programs executed by 505 are stored. As described above, the data area 1502 stores various data including the private key 1506 of the individual and the backup data 1507. The R / W control unit 1504 controls input / output to / from a reader / writer into which this IC card is inserted. The CPU 1505 controls execution of the entire processing in the IC card 1501.

Next, an operation procedure in the system of FIG. 14 (when the IC card is used, the IC card of FIG. 15 is also used) will be described. The operation proceeds by a procedure in which the stamper creates a stamp, sends it to the confirmer, the confirmer confirms the stamp, and the stamper performs post-processing.

FIG. 1 is a diagram showing a stamp creating process. The stamper creates the stamp data by the following procedure and sends it to the confirmer.

First, the stamper applies the compression function 103 to the message 101 to be stamped. As a result, the compressed data 105 is obtained. Then, the fixed value 104 unique to the system is combined with the compressed data 105. Next, the private key 110 is read from the stamper area 106.

The stamper's area 106 is a medium (or a part of the medium) dedicated to the user that stores personal information, and uses an IC card 107, a floppy disk 108, a hard disk 109, or the like. Specifically, the user terminal 1402 of FIG. 14 reads the private key 1413 of the individual in the data area 1405. Also, FIG.
In the IC card 1501 of No. 5, the private key 1506 of the individual in the data area 1502 is read.

Next, a cryptographic function 1 using the secret key 110 as a key to the data obtained by combining the fixed value 104 and the compressed data 105.
Apply 11. The encryption function 111 is the marking processing function 1415 of FIG. As a result, the stamp data 112 is obtained.

Next, the message 101 and the stamp data 11
The backup process 113 is applied to the second item. The backup process 113 is a process of storing (backing up) the message 101 and the stamp data 112 in the stamper area 106. The backed up data corresponds to the backup data 1414 shown in FIG. 14 (or the backup data 1507 shown in FIG. 15 when an IC card is used). Message number 102 indicating the storage location at this time
To get

FIG. 4 shows the structure of backup data. The backed up message and the stamp data are stored in correspondence with each other, and a message number is attached to each.

Referring again to FIG. 1, finally, the transmission processing 11
4, the message 101, the message number 102, and the stamp data 112 are transmitted to the confirmer.

FIG. 2 is a diagram showing a seal confirmation process on the confirmer side. The confirmer performs the processing according to the following procedure.

First, the confirmer performs the message 204, the message number 202, and the stamp data 2 by the receiving process 201.
03 and receive.

Next, public key confirmation processing 209 using the public key 208 of the center and the public key seal 207 is performed on the public keys 206 of all users distributed in advance from the center. The public key information 205 is stored in the public keys 1412 of all users in the data area 1405 of FIG. If the public key confirmation processing 209 confirms the validity of the public key, the public key 2 corresponding to the stamper
11 can be read. On the contrary, when it is determined that the public key is invalid, public key exchange processing 210 is performed.

When the public key 211 corresponding to the stamper is obtained, the stamping data 203 is subjected to a decryption process 212 using the public key 211 as a key. As a result, data obtained by combining the result A213 and the result B214 is obtained. Decryption process 2
The decryption function used in 12 is the confirmation processing function 141 in FIG.
Equivalent to 6.

Next, a fixed value confirmation process 216 for comparing the result A 213 with a fixed value 215 unique to the system is performed. If the above values do not match, it is determined that a marking error has occurred, and a processing 217 for transmitting the marking error code, the message number, and the marking data to the marking person. After the transmission, this confirmation processing is ended.

On the contrary, in the fixed value confirmation processing 216, when the result A 213 and the fixed value 215 match, the compression function 218 is further applied to the message 204. As a result, compressed data 219 is obtained. Then, the compressed data confirmation processing 22 for comparing the result B 214 with the compressed data 219
Perform 0. If the above values match, message 20
4 and the seal 203 are judged to be valid, and the processing 222 for transmitting the confirmation end code and the message number is performed. On the contrary, if the above values do not match, it is determined that a message error has occurred, and processing 221 for transmitting the message error code and the message number to the stamper is performed.

FIG. 3 is a diagram showing the post-processing of the stamp creation on the stamper side. The stamper performs the processing in the following procedure.

First, the stamper performs the receiving process 301 to
Message number 302, code 304, and stamp data 30
Receive 3 and.

Next, the code inspection process 305 is performed. The code inspection process 305 is the code 3 received from the confirmer.
Reference numeral 04 is a process for inspecting a marking error code, a document error code, or a confirmation end code. Test results,
One of the following three processes is performed.

First, when the code 304 indicates a marking error, based on the message number 302, the stamper's area 306 (the same as the stamper's area 106 in FIG. 1).
From the stamp data 30 that was backed up at the time of stamping
Search for 7 and read. Further, a seal data comparison process 308 for comparing the seal data with the received seal data 303 is performed. If these data match,
Since it means that the public key and the private key are not associated with each other, the private key exchange processing 309 is performed. vice versa,
If they do not match, it is considered that an error has occurred on the communication path, and so the backup seal stamp data 307 is retransmitted to the confirmer (process 310).

When the code 304 indicates a document error as a result of the check in the code check processing 305, the message data 312 backed up at the time of printing is searched from the stamper's area 306 based on the message number 302. Read. Then, the message data 312 is retransmitted to the confirmer (process 311).

Further, as a result of the inspection in the code inspection processing 305, when the code 304 indicates the confirmation end, the corresponding message and the seal data are retrieved from the sealer area 306 based on the message number 302, and those data are retrieved. Erase.

Next, with reference to the flow charts, detailed procedures of the above-mentioned marking creation processing, marking confirmation processing, and marking creation post-processing will be described.

FIG. 5 is a flowchart of the stamp creating process described with reference to FIG.

At step 501, the stamp creating process is started. In step 502, the message M is compressed to obtain the compressor h (M). In step 503, the secret key SK is read from the stamper area. And step 504
Then, (fixed value F | h (M)) is encrypted with the secret key SK,
The stamp data T is obtained. However, | indicates connection.

Next, in step 505, the storage area is searched for in the sealer's area. The information indicating the position is set as the message number N. In step 506, the message M and the seal data T are stored in the storage location. In step 507, the message M, the message number N, and the stamp data T are transmitted to the confirmer. In step 508,
The seal marking process ends.

FIG. 6 is a flowchart of the marking confirmation process described with reference to FIG.

At step 601, the stamp confirmation process is started. In step 602, the message M, the message number N, and the stamp data T are received from the stamper. In step 603, the public key seal S is decrypted with the public key CK of the center to obtain the decrypted text Q. In step 604, the public keys P of all users are compressed to obtain a compressor h (P).

Next, in step 605, the decrypted text Q is compared with the compressor h (P). If Q = h (P), public key P
Is determined to be valid, and the process proceeds to step 607. Otherwise, it is determined that the public key P is invalid, and step 60
Go to 6. In step 606, the public key P is exchanged, and then the process proceeds to step 615.

At step 607, the public key PK of the stamper is read from the public key P. Then, in step 608,
The seal data T is decrypted with the public key PK to obtain (result A | result B). In step 609, the result A is compared with the fixed value F unique to the system. If the result A is equal to the fixed value F, it is judged that the marking data T is valid, and step 6
Proceed to 11. If not, it is determined that the stamp data T is invalid and the process proceeds to step 610. In step 610, the stamp error code, the message number N, and the stamp data T are transmitted to the stamper, and then the process proceeds to step 615.

In step 611, the message M is compressed to obtain the compressor h (M). In step 612, the result B is compared with the compressor h (M). Result B is compressor h
If it is equal to (M), it is determined that the message M is valid, and the process proceeds to step 614. Otherwise, it is determined that the message M is invalid and the process proceeds to step 613.

In step 613, the message error code and the message number N are transmitted to the stamper, and then the process proceeds to step 615. In step 614, the confirmation end code and the message number N are transmitted to the stamper, and then the process proceeds to step 615. In step 615, the marking confirmation process ends.

FIG. 7 is a flowchart of the post-marking preparation process described with reference to FIG.

In step 701, post-marking preparation processing is started. In step 702, the message number N
And the code C and the seal data T are received. Next, in step 703, it is determined whether the code C is a confirmation end code. If the code C is the confirmation end code, the process proceeds to step 704. Otherwise, go to step 705.

At step 704, the message M and the stamp data T at the position indicated by the message number N is erased from the stamper area. Then, step 712
Proceed to.

In step 705, it is determined whether the code C is a document error code. If code C is a document error code, go to step 706. Otherwise, proceed to step 708. In step 706,
The message M at the position indicated by the message number N is read from the stamper area. And step 70
In step 7, the message M is retransmitted to the confirmer. Then, it progresses to step 712.

At step 708, the stamp data T'at the position indicated by the message number N is read from the stamper area. Then, in step 709, the marking data T and T'are compared. If T = T ', it is determined that the secret key is invalid, and the process proceeds to step 710. Otherwise, it is determined that the secret key is valid, and the process proceeds to step 711.

In step 710, secret keys are exchanged, and the process proceeds to step 712. In step 711, the stamp data T is retransmitted to the confirmer, and the process proceeds to step 712. Step 71
In step 2, the process after stamping is completed.

(Modification 1) Next, a first modification of the above embodiment will be described. This modification is a modification of the compressed data generation and the confirmation method associated therewith in the above embodiment. The system configuration is shown in FIG. 14 and FIG. 1 described above.
Since it is the same as that of 5, the description is omitted.

FIG. 8 is a diagram showing a stamp creating process in this modification. The stamper creates the stamp data by the following procedure and sends it to the confirmer.

First, the stamper divides the message 801 to be stamped, and obtains a plurality of split messages 803. Next, the compression function 804 is applied to each divided message. As a result, the compressed data group 805 is obtained. Then, the compressed data group 805 is subjected to the compressor creation processing 806 (described in detail later) shown in FIG.
Get 7.

Next, the private key 8 is transferred from the sealer area 809.
Read 10. Then, the fixed value 808 and the compressor 807
An encryption function 811 having the secret key 810 as a key is applied to the data obtained by combining and. As a result, the stamp data 812 is obtained.
Further, a backup process 813 is performed on the message 801 and the stamp data 812, and the backup data is stored in the stamper area 809 as shown in FIG. At this time, the message number 802 indicating the storage position is obtained.

Finally, the sending process 814 sends the message 801, the message number 802, and the stamp data 812 to the confirmer.

FIG. 9 is a diagram showing a marking confirmation process in this modification. The confirmer performs the processing according to the following procedure.

First, the confirmer performs the message 904, the message number 902, and the stamp data 9 by the receiving process 901.
03 and receive.

Next, after the public key confirmation processing is performed in the same manner as in FIG. 2, the public key 9 corresponding to the stamper is selected from the public keys.
05 is read. Then, the public key 9 is added to the stamp data 903.
A decryption process 906 is performed using 05 as a key. This allows
Data obtained by combining the result A907 and the result B908 is obtained.

Next, a fixed value confirmation process 910 for comparing the result A907 with the fixed value 909 is performed. If the above values do not match, a transmission process 911 for transmitting the stamp error code, the message number, and the stamp data to the stamper is performed. After the transmission, this confirmation processing is ended.

On the contrary, in the fixed value confirmation processing 910, when the result A 907 and the fixed value 909 match, the message 904 is divided into a plurality of divided messages 912.
To get Next, the compression function 913 is applied to each divided message 912. As a result, the compressed data group 914 is obtained. Then, the compressed data group 914 is subjected to the compressor creation processing 915 (described later) shown in FIG.
Get 6. Next, a compressed data confirmation process 917 for comparing the result B 908 and the compressor 916 is performed.

Result B in the compressed data confirmation processing 917
When 908 and the compressor 916 match, the confirmation end code and the message number are transmitted (process 920).
On the contrary, when the above values do not match, the alteration part detection process 918 (described later) shown in FIG. 11 is performed to obtain the part identifier. The part identifier here is used to identify a certain message among a plurality of divided messages. Then, the message error code, the message number, and the site identifier are transmitted to the stamper (process 919).

FIG. 10 is a diagram showing a post-marking preparation process in this modification. The stamper performs the processing according to the following procedure.

First, the stamper receives the message number 1002, the code 1003, the stamp data 1004, and the part identifier 1005 by the receiving process 1001. Next, the code inspection processing 1006 is performed, and the code 1003 is executed.
To inspect. As a result, one of the following three processes is performed.

First, when the code 1003 indicates a marking error, the marking data 1008 backed up at the time of marking is retrieved and read from the marking person area 1007 based on the message number 1002. Further, a seal data comparison process 1010 for comparing the seal data with the received seal data 1008 is performed. If these data match, private key exchange processing 1011 is performed. On the contrary, if they do not match, the backup seal stamp data 1012 is retransmitted to the confirmer.

As a result of the inspection in the code inspection processing 1006, when the code 1003 indicates a document error, the sealer's area 100 is determined based on the message number 1002.
Message 1 backed up from 7
009 is searched and read. In addition, message 100
9 is divided, and only the divided message corresponding to the part identifier 1005 is retransmitted to the confirmer.

Furthermore, as a result of the inspection in the code inspection processing 1006, when the code 1003 indicates the confirmation end, the corresponding message and the seal data are retrieved from the sealer area 1007 based on the message number 1002, and those data are retrieved. Erase.

FIG. 11 shows the compressor creation process 80 of FIGS.
FIG. 10 is a diagram showing a processing method of the tampered part detection processing 918 of FIGS.

The compressed data group 1101 is obtained by compressing each of the divided messages. In the compressor creation processing, each compressed data is shifted by a specific bit to obtain an exclusive OR, and the result is used as a compressor 1102.

In the tampered part detecting process, the mismatched position is checked by comparing the compressors, and the tampered part of the message is detected. For example, when the specific portion 1104 in the compressor 1102 has changed, the affected data is the i-th compressed data 1103, so the i-th divided message corresponding to it has been changed due to an error or fraud. Can be judged.

(Modification 2) Next, a second modification of the above embodiment will be described. This modification is a modification of the message error processing in Modification 1 described above. Note that the system configuration is the same as in FIG. 14 and FIG. 15 described above, so description will be omitted. Further, since the marking creation processing and the marking creation post-processing are performed in the same procedure as in the second modification, description thereof will be omitted.

FIG. 12 is a diagram showing a marking confirmation process in this modification. The confirmer performs the processing according to the following procedure.
However, it is assumed that the fixed value confirmation processing and the compression processing for each divided message have been completed in the procedure described in the first modification.

The compressed data group 1203 is subjected to the compressor creation processing 1204 shown in FIG.
To get Next, a compressed data confirmation process 1206 for comparing the result B1202 which is a part of the decoding result of the stamp data and the compressor 1205 is performed. If the above values match,
The confirmation end code and the message number are transmitted, and the confirmation process ends (process 1207).

On the other hand, if the above values do not match,
The tampered part detection process 1208 shown by 1 is performed to obtain the part identifier. Here, it is assumed that the part identifier is i. Then, the automatic correction process 1 for the i-th divided message Mi
Perform 210. The automatic correction processing 1210 here is based on the automatic correction data 1209 shown in FIG.
The third divided message Mi is changed (automatically corrected). The automatic correction process 1210 will be described in detail later.

Next, compression processing 1211 is applied to the modified divided message Mi to obtain compressed data. Then, the obtained compressed data is exchanged with the i-th compressed data in the original compressed data group (process 1212), and the series of processes following the compressor creation process 1204 are executed again.

The above is repeated until the compressors match each other or the automatic correction data is completed. When the compressors do not match at all and the automatic correction data are all finished, it is determined that the automatic correction is impossible and the message error code, the message number, and the site identifier are transmitted to the stamper (process 121).
3).

FIG. 13 shows the automatic correction process 1210 of FIG.
It is a figure which shows the automatic correction data 1209 used in. As shown in the figure, the automatic correction data 1209 is composed of a pattern number and a correction pattern.

These data show the method of changing the divided message. It corresponds to the error expected in these systems, and the contents differ from system to system.

The first line means that all bits of the divided message are inverted in the automatic correction process. That is, the divided message is replaced with binary data, and 0 of the data is transformed into 1 and 1 is transformed into 0. The second line means that only the upper first bit of the fragment message is inverted. The third line means to invert only the upper 2 bits of the fragment message.

The 65th line means that only the upper 64 bits of the fragment message are inverted.
The 66th line means that the data expressed by the ASCII code of the divided message is changed to the EBCDIC code. The divided message is corrected based on such a correction pattern and replaced as shown in FIG. 12 for confirmation.

In the above embodiments and modifications, the system for exchanging electronic documents via a communication line has been described, but the exchange of documents is not limited to the system via a communication line. For example, a predetermined writing area (for example, a predetermined area on a hard disk) is provided in one device, and a stamper writes a message or stamp data in the writing area, and a confirmer writes those messages from the area. The present invention can be applied even when a document is exchanged by reading data.

Further, in this case, the confirmer directly accesses the data backed up by the stamper, compares the stamped data which has been backed up with the stamp data read from the writing area, and confirms the validity of the secret key. Sex confirmation can be performed.

[0105]

According to the present invention, it is possible to detect an illegality or an error of data occurring in the electronic marking system, and when the error occurs, recover the data,
It is possible to prevent data loss due to the above event.

[Brief description of drawings]

FIG. 1 is a diagram showing a marking creation process according to an embodiment of the present invention.

FIG. 2 is a diagram showing a marking confirmation process in the embodiment of the present invention.

FIG. 3 is a diagram showing a post-marking preparation process in an example of the present invention.

FIG. 4 is a diagram showing backup data according to the embodiment of this invention.

FIG. 5 is a flowchart of a stamp creating process according to the embodiment of the present invention.

FIG. 6 is a flowchart of a seal confirmation process according to the embodiment of the present invention.

FIG. 7 is a flowchart of post-marking preparation processing according to the embodiment of the present invention.

FIG. 8 is a diagram showing a marking creation process in a first modification of the present invention.

FIG. 9 is a diagram showing a marking confirmation process in a first modification of the present invention.

FIG. 10 is a diagram showing a post-marking preparation process in a first modification of the present invention.

FIG. 11 is a diagram showing a method of creating a compressor and detecting a falsified portion in a second modification of the present invention.

FIG. 12 is a diagram showing a marking confirmation process in a second modification of the present invention.

FIG. 13 is a diagram showing automatic correction pattern data in Modification 2 of the present invention.

FIG. 14 is a block diagram showing a system configuration of the present invention.

FIG. 15 is a block diagram showing an internal configuration of an IC card of the present invention.

FIG. 16 is a diagram showing a conventional public key certification method.

[Explanation of symbols]

101 ... Message 102 ... Message number 103 ... Compression function 104 ... Fixed value 105 ... Compressed data 106 ... Marker area 107 ... IC card 108 ... Floppy disk 109 ... Hard disk 110 ... Private key 111 ... Cryptographic function 112 ... Mark data 113 ... Backup process 114 ... Transmission process 1401 ... Communication network 1402 ... User terminal 1403 ... User terminal 1404 ... User terminal 1405 ... Data area 1406 ... Program area 1407 ... R / W control unit 1408 ... CPU 1409 ... Communication control unit 1410 ... I / O
Control unit 1411 ... Modified data 1412 ... Public key of all users 1413 ... Private key of individual 1414 ... Backup data 1415 ... Stamp processing function 1416 ... Confirmation processing function 1417 ... Display 1418 ... Keyboard 1419 ... Reader / writer

 ─────────────────────────────────────────────────── ─── Continuation of the front page (72) Seiichi Suzaki, 1099, Ozenji, Aso-ku, Kawasaki-shi, Kanagawa, Ltd. System Development Laboratory, Hitachi, Ltd. (72) Ryoichi Sasaki, 1099, Ozen-ji, Aso-ku, Kawasaki, Kanagawa Hitachi Systems Development Laboratory

Claims (30)

[Claims] 1. A method of communicating an electronic document in an electronic marking system using marking data created by a public key cryptosystem, wherein the marking person uses a private key to communicate with an electronic document. A stamp creating step of creating the stamp data to be added to the document, a backup step of backing up the digitized document and the stamp data on the stamper side, and a digitizing document from the stamper side to the confirmer side. The step of transmitting the stamp data, the step of receiving the digitized document and the stamp data on the confirmer side, and the validity of the stamp data received by the confirmer using the public key. A confirmation step for confirming the confirmation result, a return step for returning the confirmation result and the seal data in the confirmation step from the confirmer side to the sealer side, and the sealer side for the return step. The step of receiving the returned confirmation result and the seal data, and if the result of the above confirmation is a seal data error, the seal stamper has backed up the received seal data and the seal data backed up by the above backup step. And a secret key confirmation step for confirming the legitimacy of the secret key by comparing with. 2. A method of communicating an electronic document in an electronic marking system using marking data created by a public key cryptosystem, wherein the marking person uses a private key to communicate with the electronic document. The stamp creating step of creating the stamp data to be attached to the document, the backup step of backing up the digitized document and the stamp data on the stamper side, and the digitized document and the stamp data on the stamper side. In the specified writing area, the confirmer side reads the digitized document and the seal data from the writing area, and the confirmer side reads the seal data using the public key. The confirmation step for confirming the validity of the confirmation, the step of writing the confirmation result and the stamp data in the confirmation step in a predetermined area on the side of the confirmation, and the step of writing the confirmation data in the predetermined area on the side of the sealer. The step of reading the written confirmation result and the seal data, and if the result of the confirmation is a seal data error, the sealer backed up the read seal data and the backup step. A method of communicating a digitized document with an electronic seal, comprising: a secret key confirmation step of confirming the validity of the secret key by comparing with the seal data. 3. A method of communicating an electronic document in an electronic marking system using marking data created by a public key cryptosystem, wherein the marking person uses a private key to communicate with an electronic document. A stamp creation step of creating the stamp data to be added to the document, a backup step of backing up the digitized document and the stamp data in a predetermined backup area on the side of the stamper, and a digitization on the side of the stamper. The step of writing the document and the seal data in a predetermined writing area, the step of reading the digitized document and the seal data from the writing area on the confirmer side, and the step of using the public key on the confirmer side. , A confirmation step of confirming the validity of the read seal data, a step of reading backed up seal data from the backup area on the confirmer side, If the confirmation result is a seal data error, the confirmer side confirms the validity of the secret key by comparing the seal data read from the writing area with the seal data read from the backup area. A method of communicating an electronic document with an electronic seal, comprising: a secret key confirmation step. 4. The method of communicating an electronic document according to any one of claims 1 to 3, wherein the stamp creating step includes a step of compressing an electronic document to be communicated to obtain compressed data. The method further comprises the step of concatenating the fixed value data unique to the system with the compressed data, and the step of creating the imprinted data from the concatenated data using a secret key, wherein the imprinting confirmation step uses the public key to receive the received data. And a step of verifying the validity of the received stamp data by comparing the fixed value data in the result of the decoding with the fixed value data unique to the system. Communication method for electronic documents. 5. The method of communicating an electronic document according to claim 1, wherein the step of creating a seal divides the electronic document to be communicated into a plurality of partial documents. Compressing each of the partial documents to obtain a plurality of compressed data, creating one compressor from the plurality of compressed data, concatenating the system-specific fixed value data to the compressor, and Using the connected data to create seal data, the seal confirmation step includes the step of decrypting the received seal data using a public key, and the fixed value data in the decryption result. Is compared with fixed value data unique to the system, and the legitimacy of the received seal data is confirmed, and the communication method of the electronic document. 6. The method of communicating a digitized document according to claim 1, further comprising a document confirmation step of confirming the legitimacy of the digitized document on the confirmer side, and a result of the confirmation. And a step of transmitting the presence or absence of a document error to the stamper side, as a communication method of an electronic document. 7. The method of communicating an electronic document according to claim 6, wherein the step of creating the seal includes a step of compressing an electronic document to be communicated to obtain compressed data, and a system-specific method for the compressed data. The step of concatenating fixed value data of, and the step of creating seal data from the concatenated data using a secret key, the document confirmation step compresses the received electronic document to obtain compressed data. A compression step to obtain, a step of decrypting the received seal data using a public key, and a comparison of the compressed data in the decryption result with the compressed data obtained in the compression step to obtain the received digitized data. A method for communicating an electronic document, comprising the step of confirming the validity of the document. 8. The method of communicating a digitized document according to claim 6, wherein the step of creating the seal includes dividing the digitized document to be communicated into a plurality of partial documents, and each of the partial documents. Compressing to obtain a plurality of compressed data, creating one compressor from the plurality of compressed data, concatenating system-specific fixed value data to the compressor, and concatenating using a secret key. Creating stamp data from the obtained data, the document checking step includes dividing the received electronic document into a plurality of partial documents, and compressing each of the partial documents to obtain a plurality of compressed data. Then, a compression step of creating one compressor from the plurality of compressed data, a step of decrypting the received stamp data using a public key, and a compression step in the decryption result. A step of confirming the legitimacy of the received digitized document by comparing a decompressor with the compressor obtained in the compression step, and a tampered portion detection for detecting a tampered partial document by comparing the compressor. A method of communicating an electronic document, the method comprising: 9. The method of communicating an electronic document according to claim 1, further comprising: the seal data received or read in the secret key confirmation step and the seal seal data being backed up are the same. If not, a method of communicating an electronic document, comprising a step of resending the backed up stamp data from the stamper side to the confirmer side. 10. The method of communicating an electronic document according to claim 7, further, since the compressed data in the result of the decoding and the compressed data obtained in the compression step do not match, the document error is stamped A communication method of an electronic document, comprising the step of resending the electronic document from the stamper side to the confirmer side when the electronic document is transmitted to the confirmation side. 11. The method of communicating an electronic document according to claim 8, further, since the compressor in the result of the decryption and the compressor obtained in the compressing step do not match, the document error is stamped. A communication method of an electronic document, comprising the step of resending the partial document detected by the tampered part detecting step to the confirmer side when the partial document is transmitted to the confirmer side. 12. The method of communicating an electronic document according to claim 1, wherein the backup of the electronic document and the seal data in the backup step is performed on a removable storage medium. Communication method of characteristic electronic documents. 13. The method of communicating a digitized document according to claim 1, further comprising a document confirmation step of confirming the validity of the digitized document on the confirmer side, and a document error as a result of the confirmation. And a step of automatically correcting the electronic document, the communication method of the electronic document. 14. The method of communicating a digitized document according to claim 8, further comprising: on the confirmer side, automatically correct the partial document detected by the tampered part detecting step to check the validity of each partial document. A method of communicating an electronic document, comprising the step of repeatedly performing reconfirmation. 15. The electronic document communication method according to claim 14, wherein the confirmer side has accumulated in advance the types of errors that frequently occur in the system, and based on the accumulated data, the partial document A method for communicating an electronic document, characterized in that it is modified. 16. A transmission side terminal device for transmitting an electronic document accompanied by stamp data created by a public key cryptosystem, comprising a storage means for storing a private key of an individual, and a private key of the storage means. Using the, the stamp creating means for creating the stamp data to be attached to the digitized document to be communicated, the backup means for backing up the digitized document and the stamp data, and the digitized document and the stamp data are confirmed. Means for sending to the terminal device on the confirmer side, a means for receiving the result of confirmation of the validity of the seal data returned from the terminal device on the confirmer side and the seal data, and a seal data error is returned from the terminal device on the confirmer side. In this case, the private key confirmation means for confirming the legitimacy of the private key by comparing the received seal data with the seal data backed up by the backup means. Transmitting terminal device characterized by comprising a. 17. A receiving side terminal device for receiving an electronic document accompanied by imprint data created by a public key cryptosystem, wherein the electronic document and the imprint data are transmitted from the terminal device on the imprinter side. Means, a storage means that stores at least the public key of the user including the sealer, a seal confirmation means that confirms the validity of the received seal data using the public key of the storage means, and the seal A receiving side terminal device, comprising: a return means for returning the result of confirmation by the confirmation means and the received seal data. 18. The transmission-side terminal device according to claim 16, wherein the marking creating means compresses an electronic document to be communicated to obtain compressed data, and the compressed data is system-specific fixed value data. And a seal data is created from the connected data by using the private key of the storage means. 19. The transmission-side terminal device according to claim 16, wherein the stamp creating means divides the digitized document to be communicated into a plurality of partial documents and compresses each of the partial documents to obtain a plurality of partial documents. Compressed data is obtained, one compressor is created from the plurality of compressed data, system-specific fixed value data is concatenated to the compressor, and seal data is created from the concatenated data using a secret key. A transmitting side terminal device characterized by the above. 20. The receiving-side terminal device according to claim 17, which is for receiving the digitized document accompanied by the marking data transmitted from the transmitting-side terminal device according to claim 18 or 19, wherein the marking confirmation means is , Using the public key of the storage device,
A terminal device, which verifies the validity of the received seal data by decoding the received seal data and comparing the fixed value data in the decoding result with system-specific fixed value data. 21. The receiving side terminal device according to claim 17, which is for receiving an electronic document accompanied by imprint data transmitted from the transmitting side terminal device according to claim 18 or 19, further comprising: A terminal device on the receiving side, comprising: a document confirmation means for confirming the legitimacy of the encrypted document; and a document error transmitting means for transmitting the presence or absence of a document error to the transmitting side terminal device as a result of the confirmation. 22. The receiving-side terminal device according to claim 21, which is for receiving the digitized document accompanied by the seal data transmitted from the transmitting-side terminal device according to claim 18, wherein said document confirmation means is By compressing the received electronic document to obtain compressed data, using the public key of the storage means to decrypt the received seal data, and comparing the compressed data in the decryption result with the compressed data. A receiving side terminal device for confirming the legitimacy of the received electronic document. 23. The receiving-side terminal device according to claim 21, which is for receiving the digitized document accompanied by the seal data transmitted from the transmitting-side terminal device according to claim 19, wherein the document confirmation means is The received electronic document is divided into a plurality of partial documents, each of the partial documents is compressed to obtain a plurality of compressed data, one compressor is created from the plurality of compressed data, and the public key of the storage means is obtained. The received seal data is decrypted by using, and the legitimacy of the received electronic document is confirmed by comparing the compressor in the result of the decryption with the compressor, and the compressor is compared. Detecting the part of the partial document that has been tampered with by the document error transmitting means, and transmitting the presence or absence of a document error as a result of the confirmation and the part of the tampered partial document to the transmitting side terminal device. Receiving terminal device. 24. The transmission side terminal device according to claim 16, further, if the seal stamp data received by said secret key confirmation means and the seal stamp data backed up do not match, they are backed up. A sending side terminal device comprising means for retransmitting the stamped data to the receiving side terminal device. 25. An electronic document according to claim 22, for transmitting an electronic document accompanied by stamp data to the receiving side terminal device.
In the transmitting side terminal device described in (3), when a document error is transmitted from the receiving side terminal device, the computerized document is retransmitted to the receiving side terminal device. 26. A method for transmitting a digitized document with seal data to the receiving side terminal device according to claim 23.
In the transmission side terminal device according to the item (1), when a document error and a part of the tampered partial document are transmitted from the reception side terminal device, the partial document of the part is retransmitted to the reception side terminal device. Sending side terminal device. 27. The transmission-sided terminal device according to claim 16, wherein the backup of the digitized document and the stamp data by the backup means is performed on a removable storage medium. . 28. The terminal device according to claim 17, further comprising a document confirmation means for confirming the legitimacy of the received electronic document, and a document error if the confirmation result indicates that there is a document error. A terminal device on the receiving side, comprising: means for automatically correcting an electronic document. 29. The reception terminal device according to claim 23, further comprising automatically correcting the tampered partial document and reconfirming the validity of each partial document repeatedly. Side terminal device. 30. The receiving side terminal device according to claim 29, wherein the types of errors that frequently occur in the system are stored in advance, and the partial document is corrected based on the stored data. Side terminal device.