JPH07182431A - Electronic slip processing system with stamping function - Google Patents

Abstract

PURPOSE:To freely set a confirming subject end to improve the safety and the handling performance of an electronic slip processing system by expressing the characters end the print of seal on a slip in 8 language form that handles the documents, the images, etc., in a unific way and by grasping the correspon dence between data end the print of seal, etc. CONSTITUTION:A security server 100 produces the coding and decoding keys of each user by a key generation system of open key codes and stores the produced keys in a stamping individual. file and a shared file together with the data on the print of seal, an ID number, a password number, etc. An electronic slip device A orders a user to select a subject that is electronically stamped and confirmed among the format, the data and the processing contents of an electronic slip. Then the device A produces an electronic stamp by means of the stamping individual, file and transmits an electronic slip attached with the print of seal showing a stamping fact. An electronic slip device B confirms that the received electronic slip is not altered based on the shared file end then writes data on the slip. Then another user is ordered to select a confirming subject among the elements of the electronic slip and transmits a slip attached with the print of seal showing 8 stamping fact.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for creating and processing electronic slips, and more particularly to an electronic slip processing system with a marking function suitable for electronic marking of electronic slips.

[0002]

2. Description of the Related Art In business processing, work is formulated by introducing slips to improve the efficiency and succession of work. A slip is a layout of many tables, character strings, pictures, graphs, etc. on one sheet of paper (hereinafter referred to as the form or layout of the slip). Items to be written and calculation formulas are determined (hereinafter, this is referred to as a slip processing definition).

In recent years, office automation (O
As a result of the wave of A), the digitization of slips is done by a word processor (W
P) has made progress, and the efficiency of creating, storing, copying, printing, and transmitting slip formats has advanced. Further, with the advent of office processors and spread sheets, not only the slip format but also the slip processing definition can be computerized, and the efficiency of slip processing such as slip calculation and tabulation has been realized. For example,
Koizumi et al., "OAsquare (Part 1-Part 5), a comprehensive object operating environment for developing slip-based software" (Procedures of the 47th National Convention of Information Processing Society of Japan (second half of 1993) pp5-311)
In (5-320), the slips handled in office work are handled as slips even on the computer, the basic components of the slips are composed of formats, data, and processing definitions, and at least the formats and data are stored in the same file. By managing the correspondence between data and format by item name, and providing a means for detecting data from this item name and a means for executing the processing content described by the item name, multiple types of data can be obtained without depending on the format of the slip. It proposes a slip processing method that can execute the aggregation processing for slips. Further, by storing the format and data in a text format of a common language in a file, a computer system equipped with an interpreter of this language can use the above method regardless of the model.

On the other hand, in clerical work using a slip, a seal or signature is applied to the slip in order to ensure the responsibility of the slip and the legitimacy of the approval. Electronic marking technology is an electronic version of this function. Japanese Unexamined Patent Publication No. 4-111061 discloses an authentication system and an authentication mark generating device that use a fingerprint to identify an authorized person and generate seal imprint data on an electronic slip. However, this method did not take sufficient measures such as detection of data tampering.

After the person imprints it, it is detected that the data of the target electronic document (composed of letters, numbers and symbols) has been tampered with, or someone other than the person imprints it on the person. As a method for preventing impersonation, a method using an electronic seal has been proposed. In the United States, it is called a digital signature because it is signed instead of a seal. The digital signature or electronic seal is also referred to as electronic authentication because it is for authenticating whether the electronic document is correct.

For example, Sasaki et al., “Trends in Authentication Technology in Transactions Using Computer Networks” (Journal of the Institute of Electronics, Information and Communication Engineers, VOL.71, No.12, pp1285-1287, 1988 12
The outline of the electronic marking method disclosed in (Mon.) is as follows. (Shown in FIG. 18) (Procedure 1) The sender A compresses the document M using the hash function h to create a compressor V (= h (M)). Since the compressor is used for authentication, it is also called an authenticator. For the hash function h, it is desirable that V be completely changed if M is changed by 1 bit, and a ciphertext block chaining method or the like is used. In this method, data is encrypted in 64-bit block units, and the exclusive OR of this ciphertext output and the data of the next block is used as the input for the next encryption. For more details, Shinichi Ikeno, Kenji Koyama,
"Modern Cryptography" (The Institute of Electronics, Information and Communication Engineers (1986), pp6
6-67).

(Procedure 2) The sender A uses a public key encryption (for example, Warwick Ford, Brain O'Higgins, "Public") using a key (also called an encryption key) SA that is kept secret with respect to this V.
Key Cryptgrapy and Open System Interconnection ",
IEEE Communication Magazine July 1992, pp30-35)
The cryptographic process D is performed by the electronic seal CA (= D (SA,
V)) is created. Then, M and CA are sent to the recipient B.

(Procedure 3) Recipient B uses CA's private key (also called decryption key) PA corresponding to SA, performs decryption processing E by the same public key encryption as in (Procedure 2), and compresses V Restore (= E (PA, CA)). This V is referred to as V1.

(Procedure 4) The recipient B uses the same hash function as M (procedure 1) for the compressor V (= h).
(M)) is created. This V is referred to as V2.

(Procedure 5) Recipient B receives V1 of (Procedure 3)
Then, by verifying V2 in (Procedure 4), it is authenticated that M and CA correspond.

If V1 and V2 are different, it can be immediately detected that M has been tampered with. This is because even if a person other than the sender A falsifies M to forge another document M ′, since the SA is unknown, the electronic seal CA ′ that is consistent with M ′ cannot be created. This function can be realized by public key encryption in which the encryption key SA cannot be estimated even if the decryption key PA is notified.

In the following, the authentication, the seal and the imprint are used as follows.

(1) Authentication: Confirm that the target range has not been tampered with.

(2) Marking: Used in the following two meanings.

(A) The act of the transmitting side to show that it is responsible for the contents of the target range. (B) CA of (Procedure 2) above. (3) Imprint: Image data showing the shape of a seal to show that it has been imprinted.

[0016]

The above-mentioned prior art has the following problems. (1) The target of authentication (imprinting) is the entire document consisting of letters, numbers, and symbols, and no consideration has been given to the method of authenticating arbitrary parts. For this reason, something like a memo field or a field after the second person who sees the slip will be subject to authentication, and if someone else fills in the field later, it will be tampered with. It had been treated.
In addition, although the first person did not intend to be the subject of authentication, in many cases the next person wants to write important things in that field and make it the subject of authentication, but such a processing form is not supported. It wasn't done.

(2) Documents such as slips include not only letters and numbers, but also figures such as ruled lines of votes and images such as photographs and seal imprints. Further, in the case of electronic slips, calculation for processing definition is performed. Although there are formulas, etc., the detection method for these alterations was not considered. Therefore, there is a problem that the characters and numbers are not tampered with, only the imprint of the electronic seal is tampered with, and even though Mr. A stamped the stamp, it can appear as if Mr. B stamped. there were. Further, there is a problem that even if the table shape or the processing method is falsified, it cannot be detected. Further, there is a problem that alteration of data indicating the authentication range itself cannot be detected.

The object of the present invention is to solve these problems,
It is intended to provide an electronic voucher processing system with a marking function that allows the user to freely set the authentication target and is safe and easy to use.

[0019]

In order to solve the above problems, the following means are used. (A) Introducing a means by which each person who handles a slip can directly specify an authentication target on the screen of the processing device by using a mouse, and sets the value of the authentication target flag column for the specified portion to, for example, Set to 1.

(B) On the other hand, in a language format in which not only letters and numbers but also images and figures are handled in a unified manner, tables, letters, imprints, and processing methods on slips are displayed and the data is stored in a memory or a file. (For example, Koizumi et al., "A comprehensive object operating environment for developing slip-based software, OAsquare (No. 1) -Purpose and outline-" Proc. Of the 47th National Convention of Information Processing Society of Japan (second half of 1993) 312). further,
It has means for associating the parts, characters, seal imprints, processing methods, etc. in the table designated in (a) with each part of the data in the language format. Given each language format, it is possible to easily associate which part represents what by interpreting the data.

(C) Next, a compressor is created by the above method with respect to the authentication target data corresponding to the portion in which the authentication target flag column is set to 1. In this method, if the authentication target part is changed even by 1 bit, the compressor becomes completely different. Next, the compressor is encrypted using the public key cryptosystem and its own secret key. Note that (c) may be the same as the conventional electronic authentication technique.

[0022]

By adopting the means (a) and (b), each person can easily specify any authentication target. Then, by applying the means (c) to the specified object, if the specified object is changed, the compressor also changes, so that the change after marking can be reliably detected. In addition, since the electronic seal, which is the secret key encrypted by the principle of public key cryptography, can be created only by the person himself, only the person himself can tamper with the seal.

By the above means, each person can freely specify the authentication part, so that the memo field and the fields written by the second and subsequent persons can be excluded from the authentication target of the first person, The second and subsequent persons can be the target of authentication. As a result, the problem (1) can be solved, and the seal imprint itself, the figure, the processing method, etc. can be designated as the authentication target, so that the tampering of the seal imprint itself, the figure, the processing method, etc. can be detected. Can be solved.

[0024]

DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to FIGS. FIG. 1 is an overall view of an electronic slip processing system with a marking function for realizing the present invention. This system includes a security server 100 and electronic slip devices 200a and 200.
b, 200c, a network 300 and the like.

In the security server 100, (a) an encryption key (also referred to as a secret key) and a decryption key (also referred to as a public key) of each user are created using the key generation method of public key encryption (1)
01), (b) Input the imprint data, ID number, PIN, etc. (102), (c) Create a personal file for marking
The data of (103), (a) and (b) are stored, (d) the common file for marking is created and the data of (104), (a) and (b) are stored.

The electronic slip apparatus A200a creates an electronic slip consisting of (a) format, data, and process definition (20).
1a), (b) Among the parts of the format, data, and processing contents of each element constituting the electronic slip, the user a is allowed to select an object to be authenticated by pressing the electronic seal (202a), (c) Personal file for the seal An electronic seal is created using the private key and public key cryptography in (for user a), and an electronic slip with a seal having a seal imprint indicating that the seal has been attached is sent to the network (203a).

In the electronic slip device B200b, (a) it is confirmed whether or not the stamped electronic slip received from the network has been tampered with by using the public key and public key encryption for the user a in the shared stamp file. (201b), (b)
Data is additionally written on the electronic slip, and the user b is allowed to select an object to be authenticated by pressing the electronic seal among the parts of the format, data, and processing contents of each element forming the electronic slip (202
b), (c) Personal file for imprinting (for user b) Create an electronic imprint by using the private key and public key encryption, attach the imprint indicating the imprinting to another imprint field, and attach the imprint. The electronic slip is sent to the network (203b).

The security server 100 and the electronic slip devices 200a, 200b, 200c are connected to each other via a network 300, and the security server 10
0 and the electronic slip devices 200a, 200b, 200c exchange authentication data 301 necessary for authenticating whether or not the slip has been tampered with. Further, the electronic slips 302a and 302b with the seal are exchanged between the electronic slip devices 200a, 200b and 200c.

FIG. 2 shows the configuration of the security server 100, which is a processing device 11 for the security server.
0, display 120, floppy disk drive 130, electronic marking floppy disk 140, marking personal file 149, public key storage hard disk 150, marking common file 159, keyboard 16
0, a scanner 170, and the like. A personal file 149 for imprinting is stored on the floppy disk 140 for electronic imprinting, and the hard disk 15 for public key storage is stored.
In 0, the common seal file 159 is stored. The security server 100 is used by a security administrator. Further, it is connected to the electronic slip devices 200a, 200b, 200c and the like of FIG. 1 via the network 300.

FIG. 3 shows a floppy disk 14 for electronic marking.
The data structure of the seal personal file 149 in 0 is shown.
The personal file for stamp 149 includes an ID number 141 representing a certain user, a personal identification number 142 of the person, seal imprint data 143 having the person's seal imprint as image data, a secret key 144 based on a public key cryptosystem, and an issue number. 145 etc. Further, it may have valid period information 146 and the like.
The floppy disk 140 containing the personal file 149 for marking is distributed to each user who uses the electronic slip device 200, and if the number of users is N, N sheets are made. The method of creating and using the data in the floppy disk will be described later.

FIG. 4 shows a hard disk 15 for storing the public key.
The structure of the shared stamp file 159 in 0 is shown. File 159 contains ID number 151 and issue number 1 for each user.
52, a public key 153 and the like. ID number 151
The issue number 152 and the issue number 152 need to match the ID number 141 and issue number 145 in the personal stamp file 149, respectively.

FIG. 5 shows a procedure for the security administrator to generate data in the floppy disk 140 and the hard disk 150 by using the processing device 110 and the program which constitute the security server 100. 2 steps 101, 102, 103,
104 is described in detail.

(1) The counter K of the program in the processor 110 is set to 0 (1010). (2) Add 1 to K and count the issue number (10
20). (3) The value of K and the value of N are compared, and if K ≦ N, 1040
Perform the following processing, otherwise end the processing.
(1030). Here, N represents the number of users.

(4) A private key / public key pair based on the public key cryptosystem is created using the key generation program and stored in the memory in the processing device 110 (1040). The public key and private key pairs are obtained by creating two large integers that are disjoint from each other, and the detailed algorithm is Goto et al., "RSA encryption key high-speed generation method" (The Institute of Electronics, Information and Communication Engineers, D -1, Vol72-d-1, No3, pp213-220, 198
It is disclosed in 9). (5) The ID numbers 141 and 151 of the target person and the personal identification number 142 input by the security administrator from the keyboard 160 are stored in the memory of the processing device 110 (105
0). The personal identification number 142 is preliminarily heard from the target person by the security administrator, but may be directly input by the target person.

(6) The security administrator is the scanner 1
The imprint 171 pressed on the paper input from 70 is processed by the processing device 1.
It is stored in the memory 10 (1060). It is also possible to input the imprint by means other than a scanner. Further, in this embodiment, one seal imprint data is handled for each person,
It is also possible to properly use a job stamp, a real stamp, or an approval stamp.

(7) Using the data stored in the memory, the personal file for marking 149 in the floppy disk 140 for electronic marking newly inserted by the security administrator.
In addition, as shown in FIG. 3, ID number 1 representing one user
41, the personal identification number 142 of the person, the seal imprint data 143 having the person's seal imprint as image data, the secret key 144 based on the public key cryptosystem, the issue number K145, and the like are written (1070). (8) Using the data stored in the memory, the common seal file 159 in the public key storage hard disk 150
The user K's ID number 151 and issue number K shown in FIG.
The public key 152 and the public key 153 are written (1080).

By repeating the above steps 1020 to 1080 for all users (N), the contents shown in FIGS. 3 and 4 are stored in the floppy disk and the hard disk. Although the present embodiment has been described on the assumption that a floppy disk is used, the same function can be achieved by using an IC card or an optical disk.

FIG. 6 shows the hardware structure of the electronic slip device 200. The electronic slip device 200 includes a processing device 210 for the electronic slip device, a keyboard 220, a floppy disk drive device 230, a mouse 240, a display 250, a hard disk drive device 260, and the like. The authentication range setting file 90 is stored in the hard disk drive 260.
1 and an electronic slip data storage file 902 are stored. The floppy disk 140 in FIG. 6 is the same as the floppy disk 140 in FIG. The hard disk drive 260 includes an authentication range setting file 90.
1 and an electronic slip data storage file 902 are stored.

Hereinafter, it is assumed that the electronic slip device 200 is used by the user a. Electronic slip processing device A210
In a, (1) an electronic slip is created by the user using the mouse 240, the keyboard 220, the display device 250 and the editing program (201). (2) The authentication target range is designated by the operation of the mouse 240 by the user (202). (3) The data to be authenticated is encrypted using the public key encryption and the private key of the user a to create the electronic seal,
An electronic slip with a seal is sent to the network (20
3).

Details of the method 201 for creating an electronic slip will be described with reference to FIG. (1) The electronic slip is laid out on the display device 250 using the mouse 240 and the keyboard 220 (2
011). A paper slip usually consists of a plurality of tables, a character area, and a stamp field. FIG. 8A shows an example of a layout result (also called a format) of an electronic voucher in which an image of a paper voucher is realized on the display device 250. 8 a)
The electronic voucher 800 shown in FIG. 7 (which may be called an electronic voucher sheet when the electronic voucher 800 that does not contain data is referred to as an electronic voucher sheet) has tables 810, 811, 812,
It is composed of a character area 820, a seal imprint display field 830, and the like. Tables 810, 811, and 812 are composed of a table top item 840, table side items 851 and 852, cells 860, 861 and 862 into which numerical values and characters should be inserted when used. Figure 8
The layout result shown in a) can be saved in a language format. For example, Kobayashi et al., "OAsquare (Part 2) -Voucher Layout Designation Method-Overall Object Operating Environment for Voucher-Based Software Development"
The 7th National Convention Lecture Proceedings pp5-313-314) discloses a method for saving forms in a language format.

(2) Cells 860 and 8 in the electronic slip 800
The keyboard 22 defines the processing definition for 61, 862, etc.
It is performed using 0 or the like (2012). For example, if the user wants to enter a value obtained by multiplying the unit price by the quantity into the total field shown in a) of FIG. 8, the user a specifies that on the screen, and the calculation formula is generated in the script language. , When a value is entered in the unit price and quantity cells at the time of use, the value corresponding to the total cell is calculated. The above procedure is the same as that of Koike et al., "OAsquare (Part 3) -Environmental Object Operation Environment for Voucher-based Software Development-Electronic Voucher Processing Method-" (Information Processing Society of Japan (second half of 1993))
It is disclosed in the 47th National Convention Lectures, pp5-315-326). An example of the process definition statement is shown in b) of FIG. The process definition statement 890 is usually defined in the form of an expression and is held in a memory or a disk.

(3) Data is input to the cell of the electronic slip 800 (2013). An example of the electronic slip in which data such as characters and numbers are input to the electronic slip sheet and the result calculated by using the process definition result is also displayed is shown in FIG. 8C). In c) of FIG. 8, the product name, unit price, and quantity are the keyboard 22.
The input data 801 is input from 0 or the like, and the values in the total column and the total column are the calculation result 802 obtained by calculation. In this embodiment, the person who creates the electronic slip sheet and the person who first enters the data are the same, but the electronic slip sheet created by the user a is the network 3 shown in FIG.
00 in the database server, or another electronic slip device 200b via a mail server,
A person who sends it to 200c and uses the device (for example, user b)
You can also get the data first. When one slip sheet is used and various data is input, the slip sheet may be copied in advance.

On the right side of FIG. 9, a storage file 902 of the electronic slip created as described above is shown. The electronic slip data storage file 902 has a table layout data storage area 98.
0, processing definition statement storage area 982, seal imprint storage area 984,
It consists of various cell data storage areas 991-99m. In the table layout data storage area 980, the layout result obtained in the process 2011 of (1) above is stored in the language format. The calculation formula and the like obtained by the process 2012 of (2) above are stored in the process definition statement storage area 982. The cell data storage area 991-99m stores the result of the processing 2013 of (3) above. As the data in the seal imprint storage area 984, as described with reference to FIG. 11, the imprint data 143 in the floppy disk 140 set via the floppy disk drive device 230 and the electronic slip device 210 is stored.

Authentication range setting file 90 on the left side of FIG.
1 is a table layout storage address 910, a table layout authentication flag 915, a process definition statement storage address 920, a process definition statement target address 925, a seal imprint data storage address 930, a seal imprint data target flag 935, and various cell data storage addresses 951-95m. , Cell authentication target flag 9
It consists of data such as 61-96m. The various addresses indicate the top address of the electronic slip data storage file 902. Various flags of the certificate range setting file 901 will be referred to in the description of FIG. It should be noted that although the description has been given here assuming that the data is stored in the form of files 901 and 902 on the disk, the data may be stored in the main memory.

FIG. 10 shows a flowchart of the authentication range selection processing 202. (1) The various authentication target flag fields 915, 925, 935, 961-96m of the authentication range setting file 901 are cleared to zero (2021). (2) The user a is allowed to specify the cell to be authenticated among the characters and numbers written in each cell in the table constituting the electronic slip 800 by the mouse 240 or the like (2022).

(3) The value of the authentication target flag column 961-96m corresponding to the set cell is set to 1 (2023).

(4) Let the user a specify with the mouse 240 and the menu whether or not the result of layout of the slip is also the object of authentication, and if it is, the value of the table data authentication object flag column 915 is set to 1 (2024). , 2025). Furthermore, it is possible to specify whether to authenticate each layout of each table as well as the entire layout.

(5) Let the user a specify with the mouse 240 and the menu whether or not the processing definition text of the slip is also to be authenticated, and if it is, set the value of the processing definition text authentication target flag column 925 to 1. (2026, 2027). further,
It is possible to specify not only the entire process definition sentence but also the authentication target for each process definition sentence for each cell. (6) Whether the imprint data itself is also the authentication target is specified to the user a by the mouse 240 and the menu. Then, if it is a target, the value of the seal imprint data authentication target flag column 935 is set to 1 2028-2029. Furthermore, it is possible to specify not only the entire stamp imprint field but also whether or not each stamp imprint field is to be authenticated. The electronic slip 800 is created by the above processing, the area to be authenticated is designated, and the file 90 shown in FIG.
It is stored in the disk 260 in the form of 1,902.

Next, the process of marking the electronic slip 800 in which the data is input and the authentication range is designated will be described with reference to FIG. (1) User a is instructed to imprint (20
31).

(2) Write the specified authentication target in the authentication target table (2032). Specifically, the authentication target flags 915, 925, 9 of the authentication range setting file 901
The data corresponding to the object whose value is 1 out of 35, 961-96 m is read from the electronic slip data storage file 902 and written in the authentication object table of the main memory.

(3) A compressor V is created using the hash function for the data in the authentication target table by the method shown in FIG. 18 (2033). (4) Insert the floppy disk 140 into the floppy disk drive device 230 and take out the data in the floppy disk 140 to the main memory of the processing device 210.
(2034). In the floppy disk 140, an ID number 141 representing the user a, a personal identification number 142 of the person, seal imprint data 143 having the seal imprint of the person as image data,
Private key 144 based on public key cryptosystem, issue number 145
Etc. In addition, it has valid period information 146 and the like. In order to prevent anyone other than the person from taking out the data on the floppy disk, an ID number and a personal identification number are entered so that other data can be taken out only when the value is the same as the personal identification number 142 in the floppy disk. Further, it is possible to prevent the private key from being read if the period has passed by using the valid period information 146 or the like.

(5) An electronic seal is created (2035). Specifically, by using the extracted private key 144 and the public key cryptosystem embedded in the program, the compressor V is encrypted as shown in FIG. 18, thereby creating the electronic seal CA.

(6) The extracted seal imprint data 143 is displayed in the target seal imprint display field (2036). FIG. 12 shows a specific example in which a seal imprint is displayed. The seal imprint 831 corresponds to the seal imprint data 143 and indicates that the name of the user a is Sasaki. The case where only one type of imprint data is provided has been described, but it is also possible to properly use a job stamp, a real stamp, an approval stamp, or the like according to the purpose.

(7) An electronic slip table 1500 with a seal for the user a as shown in FIG. 13 is created, and the electronic slip device corresponding to the next person in the imprint display field is passed through the network 300 of FIG. Send (2037). Here, it is assumed that the user is Mr. b who is a section chief and uses the electronic slip device B200b. It should be noted that it is possible to send it to a person other than the person next to the seal imprint display field. The electronic slip table 1500 with the seal for the user a includes the data 1520 in the electronic slip data storage file and the seal related information 1570 for the user a.
And data storage information 1510 indicating the storage positions thereof. The seal-related information 1570 for the user a is the user a
ID number 1540 (contents are the same as ID number 151),
The electronic seal stamp 1550 for the user a (created in the above step (5)), the imprint data 1560 for the user a (the contents are the same as the imprint data 143), and the authentication range setting flag for the user a are set in the step (5). Similarly, it consists of encrypted data 1530. The reason why the authentication range setting flag for the user a is encrypted is to prevent tampering or forgery by a third party.

Next, the process of the user b of the electronic slip device B200b that has received the electronic seal-attached slip data will be described. Here, the configuration of the electronic slip device 200b is basically the same as that of FIG. The processing method will be described with reference to the flowchart of FIG. Here, the user b is assumed to be the superior and section manager of the user a.

(1) The electronic stamp attached slip data 1500 sent from the electronic slip apparatus A 200a is received and displayed on the display 250b of FIG. 6 in the form of the electronic slip 800 of FIG. 12 (1610). (2) It is confirmed whether the range authenticated by the user a is tampered with or not (1620). The specific method will be described later with reference to FIG.

(3) Based on the examination result, it is determined whether there has been tampering (1630). (4) If it is known that the authentication target has been tampered with, an alarm indicating that it has been tampered with is displayed (1640).

(5) If it is confirmed that the authentication target has not been tampered with, the seal imprint is displayed using the seal imprint data 1560 for the user a in FIG. Is displayed (1650). If it is confirmed that the file has not been tampered with, it is possible to display nothing as the default.

(6) If the input ID number and personal identification number match the ID number and personal identification number in the inserted floppy disk 140b, respectively, the contents of the personal stamp file 149 are processed as shown in FIG. It is taken out to the main memory inside (1660). The extracted contents are used for the user b ID number 1810, the user b personal identification number 1820,
Imprint data 1830 for user b, private key 18 for user b
Call 40. If they do not match, an alarm is issued and the process ends. Further, if it is known that the person who does not match the person who is the second person in the imprint column matches the ID number in the disc, an alarm can be issued and the processing can be terminated.

(7) The user b is inquired as to whether or not to newly write in the cell of the slip (for example, the cell 862 of FIG. 8A) (1670). If not written, the process proceeds to step 1710. (8) If new writing is performed, the user b selects the cell, and the written value is stored in the electronic slip data storage file corresponding to the corresponding cell in the electronic stamped slip data 1500 in FIG. Rewrite data 1520
(1680). (9) The user b is inquired as to whether or not the description content is to be newly authenticated (1690). If it is not the subject of authentication, the process proceeds to 1710.

(10) If the authentication range is set, the cell name corresponding to the public key encryption algorithm and the user b secret key 1840 is encrypted (1700). The encrypted name is called modified cell name encrypted data 1850. here,
In order to reduce the amount of data, a method of saving only the cell name that has been modified in the authentication range is adopted, but all the authentication target flag fields for user b may be saved separately.

(11) The electronic stamped slip data 1500 from the user a, the ID number 1810 for the user b, the imprint data 1830 for the user b, the corrected cell name encrypted data 18
By adding 50, the data storage information 1510
FIG. 16 shows the result of correcting the above. User b shown in FIG.
1 is sent to the electronic slip device 200c of the other party via the network 300 of FIG. 1, the mail server, etc. (1710).

Next, details of the authentication method of 1620 are shown in FIG.
Will be explained. (1) The same ID number 1540 for user a as shown in FIG. 13 is the same as the ID number 15 in the shared marking file 159 shown in FIG.
1 is retrieved and retrieved, and the corresponding public key 153 is stored in the main memory of the processing device 210 of FIG. 6 via the network 300 (1910). Also, as a search key, I
The issue number may be used instead of the D number. Further, in the present embodiment, the method of using the ID number sent to the user a is used, but the user b uses this I
The method of inserting the D number can be realized similarly.

(2) The electronic seal 1550 for user a and the authentication range setting flag encrypted data 1530 for user a are
The public key encryption algorithm described above and the above public key 15
Decrypt using 3 (1920). If it is created by the user a himself, it can be correctly decrypted by public key encryption. The decrypted electronic seal 1550 for user a is called a decryption seal 1985 and is stored in the main memory. The decrypted authentication range setting flag encrypted data for user a is referred to as a decryption flag 1987.

(3) Based on the information of the decryption flag 1985, the data to be authenticated is retrieved from the data in the electronic slip data storage file (1930). (4) In the same method as the processing 2033 of FIG. 11, the above (3)
A compressor 1987 of the data to be authenticated is created and stored in the main memory (1940). (5) Decoding seal 1985 and compressor 19 on main memory
Compare with 87 (1950). It is known that both parties become the same if no one is tampered with by electronic authentication.

(6) If both are the same as the result of the above comparison, it is displayed that the data has not been tampered with in the range to be authenticated.
(1960). (7) If both are different, it is displayed that the data has been tampered with in the authentication range (1970).

Next, the processing in the electronic slip device C200c which receives the data from the electronic slip device B200b is shown in FIG.
It will be described based on. As shown in FIG. 17, this method is basically the same as that of the user b shown in FIG. 14, and in FIG. 14, the confirmation of whether or not the authentication target of only the user a has been tampered with is the user b. The presence or absence of falsification of the authentication target of a (a) is checked (1621), and the presence or absence of falsification of the authentication target of the user b is checked (1622).

In this embodiment, the number of users of the authentication function is three, but the present invention can be similarly applied to the case of four or more users. Further, it is possible to output the electronic slip created by the present invention by a printer server or the like. As described above, the intended function can be achieved.

[0069]

EFFECTS OF THE INVENTION In a language format that handles not only documents but also images and figures in a unified manner, tables, characters, and seal imprints on slips are displayed, and the data in that language format is used as parts, characters, and seal imprints in the table. By providing a means for ascertaining how they correspond and allowing them to be specified through the graphical user interface, it becomes possible to specify any subject as the authentication range. As a result, the memo field and 2
Fields written by the second and subsequent persons can be excluded from the authentication target, and the second and subsequent persons can be targeted by the authentication.

Further, the seal imprint itself can be designated as an authentication target. Then, the change after stamping can be surely detected by forming the compressor in such a way that if the authentication target portion changes even if it is 1 bit, it becomes completely different from the designated target. By encrypting this compressor using the public key cryptosystem and its own secret key, it is possible to generate a ciphertext that can only be created by the person himself, so that the ciphertext generated by a person other than the person himself cannot be used as his seal. Therefore, a safe and easy-to-use electronic voucher with an electronic marking function can be realized, and many transactions conventionally performed using paper can be realized on a computer network.

[Brief description of drawings]

FIG. 1 is an overall system diagram of an electronic slip device with a marking function according to an embodiment of the present invention.

FIG. 2 is a configuration diagram of a security server of the electronic voucher with a signature function of FIG.

FIG. 3 is a data structure in a floppy disk created by the security server.

FIG. 4 is a data structure of a public key list created by a security server.

FIG. 5 is a flow chart of creating electronic seal related information in the security server.

FIG. 6 is a configuration of an electronic slip device (1).

FIG. 7 is an example of an electronic slip.

FIG. 8 is an example of a script language for defining a table.

FIG. 9 is a file format of an electronic slip sheet.

FIG. 10 is a flowchart for designating an authentication target of an electronic slip.

FIG. 11 shows a procedure for marking an electronic slip.

FIG. 12 is an example of an electronic seal display result.

FIG. 13 is a structure (1) of slip data with an electronic seal.

FIG. 14 is a processing flow of the electronic slip device (2).

FIG. 15 shows an authentication procedure.

FIG. 16 is a structure B of electronic stamped slip data.

17 is a processing flow of the electronic slip device C. FIG.

FIG. 18 shows a basic method of electronic marking (digital signature).

[Explanation of symbols]

100 ... Security server, 200 ... Electronic slip device,
300 ... Network, 110 ... Server Security Server Processing Device, 120 ... Display Device, 130 ...
Floppy disk drive device, 140 ... Floppy disk for electronic marking, 150 ... Hard disk for storing public key, 160 ... Keyboard, 170 ... Scanner, 210
... A processing device for an electronic slip device.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification number Internal reference number FI Technical location H04L 9/14 (72) Inventor Tatsuto Aoshima 1099, Ozenji, Aso-ku, Kawasaki-shi, Kanagawa Hitachi, Ltd. System Development Laboratory (72) Inventor Kazuo Takaragi 1099 Ozenji, Aso-ku, Kawasaki, Kanagawa Prefecture Hitachi Ltd. System Development Laboratory (72) Inventor Seiichi Suzaki 1099, Ozenji, Aso-ku, Kawasaki, Kanagawa Hitachi Ltd. Manufacturing Systems Development Laboratory (72) Inventor Keijiro Hori 5030 Totsuka-cho, Totsuka-ku, Yokohama, Kanagawa Prefecture Hitachi Ltd. Software Development Division

Claims (7)

[Claims] 1. An electronic voucher processing system comprising a plurality of processing devices connected to each other via a network, wherein the first processing device comprises: a) an encryption key for each user using a key generation method of public key encryption; Create a decryption key, b) Input the imprint data, ID number, personal identification number, etc. from the input means, and c) Store the data obtained in steps a) and b) in the personal stamp file and the common stamp file. However, one of the plurality of second processing devices is: d) creating an electronic slip consisting of a plurality of elements each consisting of a format, data, and a processing definition, and e) based on the user's instruction, Select an element to be authenticated by pressing the electronic seal from a plurality of elements, save the flag in the column corresponding to the selected element in the authentication target flag table, and f) the encryption key in the first personal seal file. Use public key cryptography, etc. The electronic slip with a seal in which a first electronic seal for the range specified in the authentication target flag table is created, and the first seal imprint data corresponding to the first electronic seal is added to the imprint column is used. The other one of the second processing devices sends the information to the network, and g) the presence / absence of tampering or the like in the stamped electronic slip received via the network is determined by using the decryption key in the shared stamp file. Judgment is performed using public key cryptography and a flag in the authentication target flag table, h) information is added to the stamped electronic slip, and e) electronic stamps are printed from the plurality of elements based on a user's instruction. Select the element to be authenticated by pressing and save the flag in the column corresponding to the selected element in the authentication target flag table, i) use the encryption key and public key encryption in the second personal file for stamping, etc. hand The second electronic seal for the range specified in the authentication target flag table is created, and the electronic slip with the seal in which the second seal imprint data corresponding to the second electronic seal is added to another seal imprint column is the network. An electronic slip system with a marking function, which is to send to 2. The second processing device is the first or second device.
2. The electronic slip system with a sealing function according to claim 1, which holds information indicating whether or not the stamp imprint data itself should be subject to authentication. 3. The electronic slip system with a stamp function according to claim 1, wherein the second processing device also holds information for designating a flag field itself of the authentication target flag table as an authentication target. 4. The second processing device determines the next circulation destination after marking based on the information regarding the arrangement of the marking columns, and sends the electronic slip with the marking to the circulation destination to the network. The electronic slip system with the marking function according to claim 1, further comprising means. 5. The electronic slip system with a stamp function according to claim 1, wherein the seal imprint data can be selected from a plurality of seal imprint data according to the purpose. 6. An electronic slip processing system comprising a plurality of processing devices connected to each other via a network, wherein the first processing device stores the identification information of each user and the seal imprint data in a file, and a plurality of second processing devices. One of the processing devices, creates an electronic slip consisting of a plurality of elements based on a user's instruction, and selects an element to be authenticated from the plurality of elements based on a user's instruction. , The user's identification information and the imprint data corresponding to the identification information are extracted from the file and added to the electronic slip to create an electronic slip with a seal, and the electronic slip is sent to the network. One is to determine whether or not the stamped electronic slip received from the network is invalid based on the identification information, add information to the stamped electronic slip, and based on a user's instruction. An element to be authenticated is selected from a plurality of elements, and user identification information and imprint data corresponding to the identification information are taken out from the file and added to the electronic slip to create an electronic slip with a seal. Then, the electronic slip system with a marking function is characterized in that it is sent to the network. 7. An electronic slip processing system comprising a plurality of processing devices connected to each other via a network, wherein the first processing device stores identification information of each user and seal imprint data in a file, and a plurality of second processing devices are stored. One of the processing devices, creates an electronic slip consisting of a plurality of elements based on a user's instruction, and selects an element to be authenticated from the plurality of elements based on a user's instruction. , A user-identification information and imprint data corresponding to the identification information are taken out from the file and added to the electronic slip to create an electronic slip with a seal, and the electronic slip is sent to the network. Electronic slip system.