1221722 A7 B7 五、發明說明(丨) 【本發明之領域】 本發明係關於一種工作流程之存取控制機制,尤指一 種以電子憑證為基礎來進行工作流程之存取控制系統 〇 智 f 費 【本發明之背景】 按,所謂之工作流程係指在一個工作群組中,為了達 成某一個共同目的而需要多人協力以循序或平行工作的彤 式來共同完成的任務,而工作流程之建立主要包括 = 步驟: a.定義出在-個群組工作的環境下,所需要執行或控 管的事務性工作性質及其内容。 b·依據所定義的工作内容,再將其分為許多步騾,每 一步騾都包含在此階段所需要完成的項目清單。 c·決定各個步騾需要哪些專業背景的人員來執行。 d.決定各個步騾在流程執行時的順序。 e•找出可能因執行條件不同而會產生不同結果及影響 下一步騾執行之特殊步騾,並將其相關的執行狀態 條件定義清楚。 將工作流程中的所有執行步驟及步騾之間的關係圖 繪出,據以驗證流程之可行性。 g·根據各個步驟的不同需求,分別建立各階段所需要 的表單、工作指令、文件等項目。 印 41221722 A7 B7 V. Description of the invention (丨) [Field of the invention] The present invention relates to an access control mechanism for a workflow, especially an access control system for performing a workflow based on electronic credentials. [Background of the invention] According to this, the so-called workflow refers to a task in a work group that requires multiple people to work together in a sequential or parallel manner to achieve a common goal. The establishment mainly includes = steps: a. Define the nature and content of the transactional work that needs to be performed or controlled in a group work environment. b. According to the defined work content, it is divided into many steps, each step contains a list of items that need to be completed at this stage. c. Decide who needs professional background to perform each step. d. Decide the order of each step when the process is executed. e • Find out the special steps that may have different results and impacts due to different execution conditions, and define the relevant execution status conditions. Plot all the execution steps in the workflow and the relationship between the steps to verify the feasibility of the process. g. According to the different needs of each step, the forms, work instructions, documents and other items required for each stage are established separately. Imprint 4
h張尺㈣財闕家(21〇 x 297TiTh Zhang Ruler Wealth Family (21〇 x 297TiT
. ΦΜ--------^---------Μ0! (請先Μ讀背面之注意事項再填寫本頁) 1221722 A7 五、發明說明(> / 在既有之工作流程所採用的存取㈣機制,只能單纯 =密碼輸人的方式來㈣其對流程文件之絲權,即使丑 有角色基礎,例如美國專利USp6,〇88,679號案,係將每 指派一個或多個角色(例如課長、經理···等),並 疋義母個角色所能操作的動作或執行步驟,用以提供一種 基於角& ( R〇le_Based )的存取控制機制,卻 保證此文件之完整性(Integ吻)及不可否認性^;_ =rratiGn),因為僅以詢問密碼的方式來作為身分認 、’極易使文件於工作流程中遭受竄改或攻擊。 而為確認身分之正確性,遂有發展出利用電子憑證作 為身份驗證之方法,其係運用一種稱為公開金鑰密碼法的 技術’以產生公開金鑰與私密金鑰等兩把有關聯性的金 鑰在電子憑證技術中,任何人都可公開取得他人的公開 金鑰’而公開金瑜也是與私密金鑰持有人溝通時的對應 亦即A開金鑰可用以驗證以私密金鑰簽章過的訊息。 一在^子憑證中,使用者的公開金鑰是與使用者名稱及^辨 識貝訊緊密連結的。而電子憑證係由公正第三人(即認證 中)針對使用者及其公開金鑰所簽發。若發文者要對一 刀、件進行笔子簽章,是用發文者個人的私密金鑰對此文 件進行簽名的動作。接著,發文者將文件以及電子簽章透 過伺服,寄送給收文者。當伺服器及/或收文者收到之 ^便可使用發文者電子憑證中的公開金鑰來驗證電子簽 訂 線 智 慧 財 員 工 消 費 社 印 製 1221722 經濟部智慧財產局員工消費合作社印製 A7 五、發明說明(彡) 例如 Microsoft Exchange 及 Lotus Notes 中有關工 作流程的部份,即運用到電子憑證技術。然而其只是將原 先使用#句問密碼來做身份認1正的工作,改成由使用電子憑 証的方法來做身份認証,所以並沒有解決流程完整性及不 可否認性的問題,而且所有的流程重心都放在控管主機 上,易受攻擊。 因此,前述習知工作流程之存取控制機制仍存在有諸 夕缺失’而有予以改進之必要。 發明人爰因於此,本於積極發明之精神,虽思一種可 以解決上述問題之「以電子憑證為基礎來進行工作流程之 存取控制系統及方法」,幾經研究實驗終至完成此項嘉惠 世人之發明。 【本發明之概述】 本發明之主要目的係在提供一種以電子憑證為基礎來 進行工作流程之存取控制系統及方法,俾能確保文件工作 流程之完整性與不可否認性。 本發明之另一目的係在提供一種以電子憑證為基礎來 進行工作流程之存取控制系統及方法,俾能將工作流程之 過程與存取控制結合,避免將重心全放在控管主機上。 依據本發明之一特色,於所提出之以電子憑證為基礎 來進仃工作流程之存取控制系統中,該系統包括有一伺服 端及至少一客户端。其中,至少一客户端係可供起始一工 作流程,將一對應此工作流程之第一流程文件進行簽名 --------^---------^ (請先閱讀背面之注意事項再填寫本頁)ΦΜ -------- ^ --------- Μ0! (Please read the precautions on the back before filling in this page) 1221722 A7 V. Description of the invention (> The access mechanism used in the workflow can only be a way of entering passwords to gain access to the process files, even if it has a role basis, such as the US Patent No. 6,088,679. One or more roles (such as class leader, manager, etc.), and the actions or execution steps that can be performed by each role, to provide an access control mechanism based on angle & (Role_Based), but Guarantee the integrity of this document (Integ kiss) and non-repudiation ^; _ = rratiGn), because only the way of asking for passwords is used for identity recognition, 'It is very easy for documents to be altered or attacked in the workflow. In order to confirm the correctness of identity, there have been developed methods to use electronic certificates as identity verification, which uses a technology called public key cryptography to generate two public keys and private keys. In the electronic certificate technology, anyone can publicly obtain the public key of others', and the public Jinyu is also the counterpart when communicating with the private key holder, that is, the A key can be used to verify the private key. Signed messages. First, in the ^ sub-certificate, the user's public key is closely linked with the user name and ^ identification Beixun. The electronic certificate is issued by a fair third party (that is, in the process of certification) against the user and his public key. If the author wants to sign a knife or document, it is an action to sign the document with the author ’s personal private key. Then, the author sends the document and electronic signature to the recipient through the servo. When the server and / or the recipient receives ^, they can use the public key in the sender's electronic voucher to verify the electronic signing line. Printed by the employee's consumer society. Description of the Invention (彡) For example, the parts of workflow in Microsoft Exchange and Lotus Notes apply electronic voucher technology. However, it only used the # sentence to ask the password to do identity verification, and changed it to use electronic credentials for identity verification, so it did not solve the problem of process integrity and non-repudiation, and all processes The focus is on the control host, which is vulnerable. Therefore, the access control mechanism of the above-mentioned conventional work process still has some defects and needs to be improved. Because of this, the inventor is based on the spirit of active invention, although he thinks of an "access control system and method based on electronic voucher for work flow" that can solve the above problems. After several research experiments, this project has been completed. Huishi invention. [Summary of the present invention] The main purpose of the present invention is to provide an access control system and method for performing work processes based on electronic vouchers, which can ensure the integrity and non-repudiation of document work processes. Another object of the present invention is to provide an access control system and method for performing work flow based on electronic vouchers, which can combine the process of work flow with access control and avoid focusing on the control host. . According to a feature of the present invention, in the proposed access control system based on the electronic voucher to enter the work flow, the system includes a server and at least one client. Among them, at least one client can be used to start a workflow, and a first process file corresponding to this workflow is signed -------- ^ --------- ^ (please first (Read the notes on the back and fill out this page)
木紙張標準(CNS)A4規格⑵〇_ 297公釐)Wood Paper Standard (CNS) A4 Specification ⑵〇_ 297 mm)
l厶厶L丨厶A 五二發明說明(叶) ΐ;:词服端,當客户端接收由词服端傳送過來之第 端。且’則在第二流程文件加上簽名後,傳回飼服 的電子二试Γ係供對一所收到的流程文件中的簽名以對應 別 π以騙祖,並檢查電子憑證中所包含之職稱識 斷簽名所收到的流程文件者是否有權限進行對 流程傳送至下4:1:程文件依其所對應之工作 作流程。 争簽名者,或結束所收到的流程文件之工 經濟部智慧財產局員工消費合作社印製 依據本發明之另—特色,所提出之以電子憑證為 進仃工作%程之存取控制方法係供在—舰端與至二一 客尸端間進行工作流程之存取控制,該方法包括步驟: 由—客尸端將—流程文件進行簽名後,傳送至該伺 俾以起始_工作流程’·(Β)該词服端對該流程文 =的簽名以對應的電子憑證加以驗證,並檢查該電子憑 ^中所包含之職稱識別碼,以判斷簽名該文件者是否有權 進㈣工作流程’如該流程文件之簽名正確且職稱符合 椎限,執行步驟(C),否則中斷該工作流程;(c)將 孩泥程又件依該工作流程之過程傳送至下一客户端,如血 下一客户端,則結束工作流程;以及,(D)該下一客户 端接收由該飼服端傳送過來之流程文件,在該流程文件加 上其簽名後,再傳回該伺服端。 本發明在流程文件中,加入了每一位成員的電子簽 章,故可絲文件的完整性及不可否認性。另外,加入了l 厶 厶 L 丨 厶 A May 2nd invention description (leaf) ΐ ;: Serving end, when the client receives the first end transmitted from the Serving end. And 'after adding the signature to the second process document, the electronic second test of the feeding service Γ is used to sign the signature in a received process document to correspond to π to cheat the ancestor, and check the electronic certificate contains The job title judges whether the person who received the process document has the authority to transmit the process to the next 4: 1: process document according to its corresponding work flow. According to another feature of the present invention, the consumer consortium of the Intellectual Property Bureau of the Ministry of Industry, Economics and Industry, who has signed the process document or completed the received process document, proposes an access control method based on electronic vouchers for work. —The access control of the workflow between the ship terminal and the 21 corpse terminal, the method includes the steps: After the-corpse terminal signs the process file, it is transmitted to the server to start the _work flow '· (B) The Serving End verifies the signature of the process text = with the corresponding electronic certificate, and checks the job title identification code contained in the electronic voucher ^ to determine whether the person who signed the document has the right to enter the workflow. If the signature of the process document is correct and the job title meets the vertebral limit, perform step (C), otherwise interrupt the workflow; (c) transfer the child mud process to the next client according to the process of the workflow, such as under the blood A client ends the workflow; and (D) the next client receives the process file transmitted from the feeding server, and adds the signature to the process file and then returns it to the server. In the present invention, the electronic signature of each member is added to the process file, so the integrity and non-repudiation of the Kesi file. Also, added
本紙張尺度適用中國國家標準(CNS)A4規格(2】〇 X 297公釐 丄厶厶1 /厶Ζ 丄厶厶1 /厶Ζ 經濟部智慧財產局員工消費合作社印製 第2圖 第3圖 第4圖 第5圖 【圖號説明] (1·〇 )文件 A7 B7 五、發明說明(S ) 職稱識別碼的㈣,可使#& 將職稱識別碼放進電子㈣φ 巧以間化。且本發明 決存取控制之問題,使位使簽名的同時,解 的正確性,而不再是將所有用者都可以驗證整個流程 程栌管伺服器,傀* *王技管的動作,過度依賴流 技g门服态,俾以達到分散風 荷,更增加其安全性。 目的,降低王機的負 =本發明設計制,能提供產業上湘,且確有增 進功效,故依法申請專利。 =貴審查委員能進—步瞭解本❹月之結構、特徵 ,.、6、’炫附以圖式及較佳具體實施例之詳細説明如 后: 【圖式簡單説明】 第1圖:係本發明之以電子憑證為基礎來進行工作流程之 存取控制系統的方塊圖。 係依據本發明之Χ·5〇9電子憑證的欄位示意圖。 係依據本發明之SMIME流程文件的部分示意圖c 係依據本發明之XML流程文件的部分示意圖。 係本發明之以電子憑證為基礎來進行工作流程之 存取控制方象的流程圖。 第6圖·係依據本發明之工作流程控管表。 2 0 )伺服端 8 丨·:------------ (請先閱讀背面之注意事項再填寫本頁) 訂---------線· 本紙張尺㈣Μ關X 297 公 ίΤ 1221722 經濟部智慧財產局員工消費合作社印製 A7 五、發明說明(b ) (3 0 ) ( 3 1 ) ( 32 )客户端 (5。)網路連、緣 (4。)流程控管表 【較佳具體實施例之詳細説明】 有關本發明之以電子憑證為基礎來 取控制系統及方法之一較佳實施例作机裎〈存 、 罕乂1貫她例,請先參照第1圖所示 之系統方塊圖,其包括有一伺服端20及複數個客户端、 ’該飼服端20與客户端30間係透過網路連線5〇而連 接’於本較佳實施例中’該網路連線5〇係為企業内部網路 (Intranet),該伺服端20係為一企業内之控管主 一客户端30係代表企業之-員工,如圖所示,此系統係用 以傳輸一數位化之文件1〇,俾以進行工作流程。 於本發明所進行之工作流程中,其流程文件包括有以 作為驗證之用的簽名,而用來驗證簽名的電子憑證中則具 有職稱,係可確認提供該電子憑證者之職位,二參照第^ 圖所示,其為一以χ·5 09為例之電子憑證的延伸部份,當 中之SubjectDirAUributes欄位係作為一職稱識別碼搁田 位,可供填入職稱識別碼,俾用以確認提供此電子憑證者 之職位等級。文件10中並具有流程資訊以供識別所進行之 工作流程或驗證存取權限,如第3圖所示以安全電子郵件 SMIME為例之文件,其eSSSeCurityLabei欄位可用以儲 存文件1 0之流程識別碼,第4圖則顯示一以X μ l為例之文 件’其利用X M L程式碼表示文件1 〇之流程資訊,包括流 私紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) --------^--------- (請先閱讀背面之注意事項再填寫本頁) /zz A7This paper size applies to China National Standard (CNS) A4 specifications (2) 0X 297 mm 公 1 / 厶 丄 厶 厶 丄 厶 厶 1 / 厶 员工 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs Figure 4 and Figure 5 [Illustration of Drawing Numbers] (1 · 〇) File A7 B7 V. Description of the Invention (S) The title identification code can be used to put the title identification code into the electronic ㈣φ to make it easier. The present invention solves the problem of access control, and enables the signature to ensure the correctness of the solution at the same time. It is no longer necessary for all users to verify the entire process. Manage the server. Relying on the flow of g-gate service, to achieve distributed wind load, and increase its safety. Purpose, to reduce the burden of the king machine = the design system of the present invention, can provide industry in Hunan, and indeed has improved efficacy, so apply for a patent according to law = Your reviewing committee can further understand the structure and characteristics of this month. 6. The detailed description of the preferred embodiment with the attached drawings is as follows: [Simplified description of the drawings] Figure 1: It is the access control of the work flow based on the electronic voucher of the present invention The block diagram of the system is a schematic diagram of the field of the X · 509 electronic certificate according to the present invention. It is a partial diagram of the SMIME process file according to the present invention. C is a partial diagram of the XML process file according to the present invention. The flowchart of the process of access control based on the electronic voucher is shown in Fig. 6. Figure 6 is a work flow control table according to the present invention. 2 0) Servo end 8 丨 ·: ------- ----- (Please read the precautions on the back before filling this page) Order --------- Thread · This paper ruler ㈣Mguan X 297 Public Τ 1221722 Printed by the Employees' Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 V. Description of the invention (b) (30) (31) (32) Client (5.) Network connection, edge (4.) Process control table [detailed description of the preferred embodiment] Related to this One of the preferred embodiments of the control system and method based on the electronic voucher is invented as an example. Please refer to the block diagram of the system shown in Figure 1, which includes a server. 20 and a plurality of clients, 'the feeding end 20 and the client 30 are connected through a network 50 and Connected to 'in the preferred embodiment', the network connection 50 is an enterprise intranet, the server 20 is a controller in an enterprise, and the client 30 is an employee of the enterprise. As shown in the figure, this system is used to transmit a digitized file 10 for the work flow. In the work flow performed by the present invention, the process file includes a signature for verification, and the electronic certificate used to verify the signature has a title, which can confirm the position of the person who provided the electronic certificate. ^ As shown in the figure, it is an extension of an electronic voucher taking χ · 5 09 as an example. The SubjectDirAUributes field is used as a job title identification code. It can be used to fill in the job title identification code. Job level of the person who provided this e-voucher. Document 10 also has process information for identifying the work process performed or verifying access permissions. As shown in Figure 3, the eSSSeCurityLabei field can be used to store the process identification of document 10. Figure 4, Figure 4 shows a file using X μl as an example. It uses XML code to represent the process information of file 10, including smuggled paper. The size of the paper conforms to the Chinese National Standard (CNS) A4 specification (210 X 297 mm). ) -------- ^ --------- (Please read the notes on the back before filling this page) / zz A7
請參照第5圖所示本發明之方法的一較佳實施例,於 D中幻牛1 〇内所儲存之流程僅包含流程識別碼, =服端2G則包括有—如第6圖所示之流程控管表4〇,其 么:有所有工作现程相關内容,包括有流程識別碼、流程 %、以及流程過程等,當—客户端31欲起始—工作流 二例如為請假流程,首先,於文件1〇中儲存之流程識別 ,該客户端31對文件1〇進行簽名(步驟“Ο", =過:财顿峨#1()輪_2()(步驟 伺服端20則驗證文件之簽名(步驟s5〇3),以確認 ^^訊是否正確,若非本人簽名或簽名錯誤,則工作流 =敗’不再繼續進行;若經驗證後確認無誤,則賴端 別^ ㈣中取得該客户端31所代表之員工的職稱識 .’、並自又件1〇中取得流程識別碼(步驟S504 )。 接下來將文件! 〇之泥程識別碼與流程控管表4 〇内之 碼騎㈣,以取料域程之财«名者應 :備《職位(步驟S5G5)等流程過程資訊,於此範例 其丄又件Μ流程識別碼為F1,故舰端可比對流程控 :表4〇而得知進行中之工作流程名稱為請假,於步驟 6中再由又件1〇中之簽名資訊以判斷簽名者之職稱 Η張尺度適用中國國家標羊 • -------1 ^--------- (請先閱讀背面之注意事項再填寫本頁) 10 1221722 經濟部智慧財產局員工消費合作社印製 11Please refer to a preferred embodiment of the method of the present invention as shown in FIG. 5. The process stored in D Niu Niu 10 only includes the process identification code, = server 2G includes-as shown in Fig. 6 The process control table 40, why: there are all relevant contents of the current work process, including the process identification code, process%, and process process, etc., when-the client 31 wants to start-the second workflow is the leave process, for example, First, the process stored in the file 10 is identified, and the client 31 signs the file 10 (step "0 ", = over: Caidunya # 1 () 轮 _2 () (step 20, the server verifies The signature of the document (step s503) to confirm the correctness of the message. If it is not the signature or signature of the person, the workflow = failure 'do not continue; if it is confirmed after verification, it is not good. Obtain the job title of the employee represented by the client 31. ', and obtain the process identification code from step 10 (step S504). Next, file! The mud course identification code and the process control table 4 〇 Riding the yard to get the wealth of the domain process «Celebrities should: prepare the" position (step S5G5) and other processes In this example, the process ID of the second process is F1, so the ship-side can compare the process control: Table 40. It is known that the name of the ongoing workflow is leave. The signature information is used to judge the title of the signer. The scale is applicable to Chinese national standard sheep. ------- 1 ^ --------- (Please read the precautions on the back before filling this page) 10 1221722 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs11
X 297公釐) A7 五、發明說明(3 ) 識別碼的等級是否有權限進行該工作流程,如資格符合, 則工作流程可繼續進行,否則工作流程失敗。 、於步驟S507中,伺服端20簽發一電子收據回覆給客 户·‘ 1用以通知客户端3 1該文件已被祠服端2 0收到且 ^也播疾。伺服端20並檢查該工作流程F1是否已完成 (步驟S 5 0 8 )’如是’則結束工作流程,否則根據工作 泥程之過程將文件傳給下一個客户端30 (步驟S509 ), 於此範例中,係為代表課長R4之客户端3 2,此客户端W 收到文件1 〇後,驗證該文件之簽名(步騾s 5 i 〇 ),客户 鳊3 2亦可選擇不驗證文件之簽名,如無誤則加上自己的簽 名(步驟S 5 1 1 ),之後,再執行步驟s 5 〇 2,以將文件傳 回至飼服端’以此方式進行工作流程直至流程結束。 於前述工作流程之存取控制系統及方法中,文件1 〇中 吓可儲存有進行之工作流程的完整資訊,以活動申請流程 F2為例,文件1〇中係同時儲存有流程識別碼為,流程 名稱為,活動申請’,流程過程為,委員R2—小組長R3s主 委R8->委員R2,等資訊,如此,伺服端2〇内無需包括有流 私控管表4 0,而於步騾s 5 〇 5中,可由文件丨〇所提供之工 作流程資訊來驗證存取權限及決定文件傳遞之順序。此 外’客户端30中亦可儲存有流程控管表4〇,如此,於步 银S 5 1 1中,客户端亦可驗證存取權限,以利工作流程進 行〇 . --------訂---------線 (請先閱讀背面之注意事項再填寫本頁) 1221722 A7 B7 五、發明說明(卞) 説明可知’本發明藉由檢查流程 表,並配合員工電子憑”的職稱以進行存取; 除了可以保證流程的完整性及不可否認性外,在二 亦不須重新韻㈣,且將職稱的㈣加到電; 心正中、,可減低伺服主機的負荷,更增加其安全性。此 二卜於職務代理的問題,也可以利用發行—張短時間的 :子憑証,在該電子簽章職位欄填入其代理的職位,或另 町一新的職位及在控管主機上的流程控管表中新增其相對 應的工作流程。 一综上所陳,本發明無論就目的、手段及功效,在在均 -員不其迴異於習知技術之特徵,為「以電子憑證為基礎來 進行工作流程之存取控制系統及其方法」之一大突破,懇 7貴審查委員明察,早曰賜准專利,俾嘉惠社會,實感 德便。惟應注意的是,上述諸多實施例僅係為了便於説明 而舉例而已,本發明所主張之權利範圍自應以申請專利範 圍所述為準,而非僅限於上述實施例。 · I — - — ! — 訂— — — — — — ·線 | (請先閱讀背面之注意事項再填寫本頁) 經濟部智慧財產局員工消費合作社印製X 297 mm) A7 V. Description of the invention (3) Whether the level of the identification code is authorized to carry out the work flow. If the qualifications are met, the work flow can continue, otherwise the work flow fails. In step S507, the server 20 issues an electronic receipt to the client. ‘1 is used to notify the client 31 that the file has been received by the temple server 20 and is also broadcast. The server 20 checks whether the work flow F1 has been completed (step S 5 0) 'If yes', the work flow is ended, otherwise the file is transmitted to the next client 30 according to the work mud process (step S509), here In the example, it is the client 3 2 representing the R4. After receiving the file 10, the client W verifies the signature of the file (step 骡 5i 〇). The client 鳊 32 can also choose to not verify the file. Signature, if it is correct, add your own signature (step S 5 1 1), and then execute step s 502 to return the file to the feeding end 'to carry out the workflow until the end of the process. In the access control system and method of the foregoing workflow, complete information of the ongoing workflow can be stored in the file 10. Taking the event application process F2 as an example, the file 10 also stores the process identifier at the same time. The process name is “Activity Application”, and the process is: Member R2—Group Leader R3s Chairman R8-> Committee R2, and other information. In this way, the server 20 does not need to include the private flow control table 40. In step 505, the access information and the order of file delivery can be verified by the workflow information provided by the file. In addition, the client 30 can also store a process control table 40. In this way, the client can also verify the access right in the step 5 S1 11 to facilitate the workflow. ------ --Order --------- line (please read the precautions on the back before filling this page) 1221722 A7 B7 V. Description of the invention (卞) The description shows that the present invention checks the flow chart and cooperates with employees Electronic title "for access; in addition to ensuring the integrity and non-repudiation of the process, there is no need to re-rhythm and add the title of the title to electricity; the heart of the heart can reduce the servo host Load, and increase its security. This problem can also be used for the issue of the agency, you can also use the issue-Zhang short-term: sub-certificate, fill in the position of the agency in the electronic signature post column, or another new one Corresponding work processes are added to the position and the process control table on the control host. In summary, the present invention, regardless of the purpose, means and effect, is different from what it is known to. The characteristic of technology is "work flow access control based on electronic voucher One of the major breakthroughs in “systems and methods” is that the review committee clearly observed that he would grant a quasi-patent as early as possible to benefit the society and feel good. However, it should be noted that the above-mentioned embodiments are merely examples for the convenience of description. The scope of the claimed rights of the present invention should be based on the scope of the patent application, rather than being limited to the above-mentioned embodiments. · I —-—! — Order — — — — — — · Line | (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs