WO2008015740A1 - Document verifying program, recording medium, document verifying method, and document verifying device - Google Patents

Abstract

A document verifying program for verifying the authenticity of an electronic document. An electronic document is inputted and received. The inputted electronic document is divided into constituent elements. A true or pseudo random number is allocated to each constituent element in the order of appearance position of the divided constituent elements in the electronic document. In such a way, even if alteration such as order exchange or transfer (copying) of a partial document constituting the electronic document is performed, the authenticity of the electronic document can be verified.

Description

 Specification

 Document verification program, recording medium, document verification method, and document verification apparatus

 The present invention relates to a document verification program, a recording medium, a document verification method, and a document verification apparatus that verify the authenticity of an electronic document.

 Background art

 Conventionally, as a technique for verifying the authenticity of an electronic document, a technique using an electronic signature has been provided. This electronic signature technology can authenticate the creator of an electronic document by giving an electronic signature to each electronic document and determine the authenticity of the electronic document, thereby ensuring the authenticity of the electronic document. It is.

 [0003] On the other hand, using this digital signature technology is very useful in terms of preventing tampering by unauthorized users, but there are problems in terms of effective use of electronic documents. . This is because in electronic signature technology, if any kind of editing is performed on an electronic document, the validity of the edited electronic document cannot be guaranteed.

 [0004] For this reason, even when information that cannot be disclosed or unnecessary information is included in the electronic document, editing such as deletion from the electronic document cannot be performed. It was a factor that significantly reduced. Along with this, there is a demand for a technology that can edit electronic documents and that can protect electronic documents by unauthorized users.

 [0005] For example, a technique has been provided for sanitizing an unpublished partial document by dividing the electronic document into partial documents and designating whether the document is public or private (for example,

See Non-Patent Document 1 below. o Using this sanitized signature technology ensures the integrity of the public part of the electronic document and the confidentiality of the private part.

[0006] In addition, a technique is provided in which an electronic document is divided into partial documents, and an electronic signature is added to each partial document (see, for example, Patent Document 1 below). By specifying, the non-public partial document is deleted, and the integrity of the public part in the electronic document is guaranteed. [0007] Here, the electronic document extracted by the above conventional technique will be described. FIG. 16 is an explanatory diagram showing an example of a digital signature technique in the prior art. As shown in FIG. 16, the original document 1600 is divided into partial documents (for example, “Taro Suzuki”), and an electronic signature is attached to each partial document.

 [0008] In the sanitized document 1601, a partial document having confidentiality in the original document 1600 is sanitized by the technique according to Non-Patent Document 1 described above.

[0009] In addition, the extracted document 1602 is obtained by extracting an arbitrary partial document from the original document 1600 by the technique according to Patent Document 1 described above.

[0010] Patent Document 1: Japanese Patent Application Laid-Open No. 2006-60722

 Non-Patent Document 1: Kunihiko Kashiwazaki, Mitsuru Iwamura, Tsutomu Matsumoto, Ryoichi Sasaki, Hiroshi Yoshiura, Satoru Tezuka, Hideki Imai “Electronic document sanitization technology with controllable disclosure conditions” 2004 Cryptography and Information Security Symposium Proceedings

 Disclosure of the invention

 Problems to be solved by the invention

 [0011] However, in the above-described prior art of Non-Patent Document 1, the length of the sanitized portion can be estimated even if a partial document designated as a non-public part is sanitized. For this reason, there is a possibility that it is possible to estimate the number of characters in the sanitized partial document, and there is a problem that confidentiality cannot be guaranteed.

 [0012] Here, the above-described problems will be specifically described. When the sanitized document 1601 shown in Fig. 16 is published, the specific age cannot be specified, but in addition to "5-year-old Suzuki Niro", there are three families over 6 years old and the sanitized document 1601. It is possible to estimate what is described in. As described above, there is a problem that even if a confidential partial document is painted, it is not possible to completely guarantee confidentiality.

[0013] Further, in the above-described prior art of Patent Document 1, when the integrity of each partial document is guaranteed by the digital signature added to each partial document constituting the electronic document, an authentic electronic document is obtained. Will be authenticated. For this reason, there is a problem that even if the partial document constituting the electronic document is exchanged in an incorrect order or transferred (copied), it may be authenticated as an authentic electronic document. [0014] Here, the above-described problems will be specifically described. The extracted document 1602 shown in FIG. 16 describes partial documents of “Taro Suzuki” and “35 years old” extracted from the original document. In the conventional technique described above, since the authenticity is verified by the electronic signature added to each partial document, it is determined that the extracted document 1602 is authentic.

 [0015] However, the age of Taro Suzuki (38 years old) described in the original document 1600 coincides with the age of Taro Suzuki (35 years old) described in the extracted document 1602. Not. In other words, the extracted document 1602 is an electronic document that has been tampered with, and is not a genuine electronic document. As described above, there is a problem that even if the original document 1600 is tampered with (such as name or age replacement), the extracted document 1602 is authenticated as a genuine electronic document.

 [0016] In order to solve the above-described problems caused by the prior art, the present invention corrects the authenticity of the electronic document after the modification even when the modification of the order of partial documents constituting the electronic document is performed. An object of the present invention is to provide a document verification program, a recording medium, a document verification method, and a document verification apparatus capable of verifying the authenticity.

 Means for solving the problem

In order to solve the above-described problems and achieve the object, a document verification program, a recording medium, a document verification method, and a document verification apparatus according to the present invention are provided for verifying the authenticity of an electronic document. A document verification method and a document verification apparatus, which accepts input of the electronic document, divides the input electronic document into arbitrary constituent elements, and follows the order of appearance of the divided constituent elements in the electronic document A true random number or a pseudo-random number (hereinafter referred to as “random number”) is assigned to each of the constituent elements.

 [0018] According to the present invention, the authenticity of the electronic document after the modification can be verified even if the modification such as the exchange of the order of the components constituting the electronic document is performed.

In the above invention, a genuine random number or a pseudo-random number (hereinafter referred to as “common random number”) common to each component may be assigned to each divided component. [0020] According to the present invention, even if a modification that transcribes another electronic document power component is made, the authenticity of the electronic document after the modification can be verified.

[0021] In the above invention, an electronic signature for each component may be generated, and the generated electronic signature may be set for a corresponding component.

[0022] According to the present invention, the validity of each component can be determined based on the electronic signature set for each component, and the integrity of each component can be guaranteed.

[0023] Further, in the above-described invention, designation of an arbitrary component constituting the electronic document may be received, and the designated arbitrary component may be extracted from the electronic document. .

 According to the present invention, it is possible to extract an arbitrary component from an electronic document.

[0025] Further, in the above invention, an input of an electronic document constituted by any extracted constituent element is received, and a random number assigned to each input constituent element is determined by each constituent element in the electronic document. It may be determined whether or not the order regarding the appearance position of the electronic document is followed, the authenticity of the electronic document is verified based on the determination result, and the verification result may be output.

 [0026] According to the present invention, the authenticity of the electronic document after the modification can be verified even if the modification such as the exchange of the order of the components constituting the electronic document is performed.

 [0027] In the above invention, validity of each component may be determined based on an electronic signature set for each of the arbitrary components.

[0028] According to the present invention, the validity of each component can be determined based on the electronic signature set for each component, and the integrity of each component can be guaranteed.

[0029] In the above invention, it may be determined whether or not the common random number assigned to each component is common to the extracted arbitrary components.

[0030] According to the present invention, the authenticity of the electronic document after the modification can be verified even when the modification that transcribes another electronic document force component is performed.

[0031] Further, in the above invention, an aggregated electronic signature obtained by aggregating electronic signatures for each of the components is generated, and an arbitrary component extracted based on the generated aggregated electronic signature is used. Let's judge the validity of the electronic document composed of

 [0032] According to the present invention, the validity of an electronic document can be determined based on the aggregated electronic signature, and the integrity of the electronic document can be guaranteed.

[0033] Further, in the above invention, an aggregated electronic signature in which electronic signatures for each constituent element are aggregated is generated, and designation of a partial document to be forcibly disclosed among constituent elements constituting the electronic document is received. The digital signature set for the specified component may be deleted.

 According to the present invention, an arbitrary component in the electronic document can be forcibly disclosed, that is, it can be designated as a component that cannot be deleted thereafter. The invention's effect

 [0035] According to the document verification program, the recording medium, the document verification method, and the document verification apparatus according to the present invention, the modification is performed even when the modification of the order of the partial documents constituting the electronic document is performed. There is an effect that the authenticity of the electronic document can be verified later.

 Brief Description of Drawings

 FIG. 1 is a system configuration diagram of an electronic document publishing system according to Embodiment 1 of the present invention.

 FIG. 2 is a block diagram showing a hardware configuration of the document verification apparatus according to the first embodiment of the present invention.

 FIG. 3 is a block diagram showing a functional configuration of the document verification apparatus according to the first embodiment of the present invention.

 FIG. 4 is an explanatory diagram showing an example of an original document to which an electronic signature is added.

 FIG. 5 is a flowchart showing an electronic signature generation processing procedure executed in the document verification apparatus according to the first embodiment of the present invention.

 FIG. 6 is a flowchart showing an electronic document extraction processing procedure executed in the document verification apparatus according to the first embodiment of the present invention.

FIG. 7 is an explanatory diagram showing an example in which a partial document is extracted from an original document by electronic document extraction processing. FIG. 8 is an explanatory diagram showing an example of a forged extracted document.

[9] Figure 9 is an explanatory diagram showing an example of partial document order exchange and transfer.

 FIG. 10 is a flowchart showing a procedure of electronic document verification processing executed in the document verification apparatus according to Embodiment 1 of the present invention.

 FIG. 11 is a flowchart showing a digital signature generation processing procedure executed in the document verification apparatus according to the second embodiment of the present invention.

 FIG. 12 is a flowchart showing an electronic document extraction processing procedure executed in the document verification apparatus according to the second embodiment of the present invention.

 FIG. 13 is a flowchart showing a procedure of electronic document verification processing executed in the document verification apparatus according to Embodiment 2 of the present invention.

 FIG. 14 is a flowchart showing an electronic document extraction processing procedure executed in the document verification apparatus according to the third embodiment of the present invention.

[15] FIG. 15 is an explanatory diagram showing an example of an original document and an extracted document in which partial documents to be forcibly disclosed are set.

 FIG. 16 is an explanatory diagram showing an example of a digital signature technique in the prior art. Explanation of symbols

 100 electronic document publishing system

 101, 102 Document verification device

 103 network

 301 Input section

 302 Division

 303 Allocation

 304 generator

 305 Setting section

 306 Designated part

 307 Extractor

308 judgment part 309 Verification Department

 310 Output section

 311 Mandatory Disclosure Designation Department

 312 Deletion part

 BEST MODE FOR CARRYING OUT THE INVENTION

Hereinafter, preferred embodiments of a document verification program, a recording medium, a document verification method, and a document verification apparatus according to the present invention will be described in detail with reference to the accompanying drawings.

[0039] (Embodiment 1)

 (System configuration of electronic document publishing system 100)

 First, the system configuration of the electronic document publishing system according to the first embodiment of the present invention will be described. FIG. 1 is a system configuration diagram of the electronic document publishing system according to the first embodiment of the present invention.

 As shown in FIG. 1, an electronic document publishing system 100 includes a document verification device 101 used by a user who releases information and a document verification device 102 used by a user who requests information disclosure. It is configured. The document verification apparatus 101 and the document verification apparatus 102 are connected via a network 103.

 [0041] The electronic document published by the electronic document publishing system 100 includes highly confidential personal information such as an electronic result table issued by an educational institution or an electronic family register issued by an administrative organization. The electronic document publishing system 100 is a system that can guarantee the confidentiality of such personal information and verify the authenticity of the personal information that has been tampered with.

 The document verification apparatus 101 on the information disclosure side can create an electronic result table and an electronic family register as public information. In addition, the document verification apparatus 101 processes the created electronic document (for example, an electronic result table or an electronic family register) into a state in which the authenticity can be verified, and stores it in the electronic document DB.

Hereinafter, an electronic document to be processed into a state in which the document verification apparatus 101 can authenticate is referred to as an original document. A specific explanation when processing the electronic document and the specific storage contents of the electronic document DB will be described later. [0044] When the document verification apparatus 101 receives a request signal indicating a request for disclosure of information from the document verification apparatus 102, the document verification apparatus 101 retrieves the corresponding electronic document (an electronic document that can be genuinely verified) from the electronic document DB. Search for. Then, the retrieved electronic document is transmitted to the document verification apparatus 102 as a disclosed document. Further, when transmitting the search result (searched electronic document) to the document verification apparatus 102, the document verification apparatus 101 can remove the confidential document included in the search result.

 [0045] The confidential document is, for example, information that is not information that should be disclosed from the viewpoint of personal information protection, information that is constrained by national secrets, and the like. The user of the document verification apparatus 101 can delete information that is not disclosed by specifying arbitrary information in the original document. In this case, the document verification apparatus 101 creates a disclosure document (extracted document) from which information that should not be disclosed from the original document is deleted, and transmits the created disclosure document to the document verification apparatus 102.

 The document verification device 102 on the information request side can transmit a request signal indicating a request for information disclosure to the document verification device 101 on the information disclosure side. Then, the document verification apparatus 102 receives the disclosed document from the document verification apparatus 101 as a result of transmitting the request signal. Further, the document verification apparatus 102 can verify the authenticity of the received disclosure document. In other words, the document verification device 102 on the information requesting side can verify the authenticity of the published information, except for the part where the viewpoint power such as information protection has been deleted.

 [0047] The user of the document verification apparatus 102 can acquire only desired information by designating arbitrary information in the disclosed document. In this way, the user who requests information disclosure can arbitrarily modify the content of the disclosed document.

 [0048] For example, a user who is a student of a certain educational institution makes a request for publication of an electronic report to the document verification apparatus 101 installed in the educational institution. As a result, the user can acquire the requested electronic report, and can arbitrarily change the contents of the electronic report. Specifically, for example, it is possible to make illegal modifications such as deleting the contents of subjects with poor grades from the electronic gradebook or transferring the scores of subjects with good grades to bad grades.

[0049] In this way, information whose contents are arbitrarily modified by the user is stored in the document verification device (for example, For example, the document verification apparatus 101, 102) can verify the authenticity and verify whether or not an unauthorized modification has been made! /.

 [0050] Here, the device used by the user who created the personal information such as the electronic results table and the electronic family register is the document verification device 101, and the device used by the user requesting information disclosure is the document verification device 102. However, some information may be created in the document verification apparatus 102 and made public to the user who uses the document verification apparatus 101.

 [0051] (Hardware configuration of document verification apparatus)

 Next, a hardware configuration of the document verification apparatus (for example, the document verification apparatuses 101 and 102 shown in FIG. 1) according to the first embodiment of the present invention will be described. FIG. 2 is a block diagram showing a hardware configuration of the document verification apparatus according to the first embodiment of the present invention.

 [0052] In FIG. 2, the document verification apparatus includes a CPU 201, ROM 202, RAM 203, HDD (hard disk drive) 204, HD (node disk) 205, and FDD (flexible disk drive) 206, which are detachable. An FD (flexible disk) 207, a display 208, an IZF (interface) 209, a keyboard 210, a mouse 211, a scanner 212, and a printer 213 are provided as an example of a recording medium. Each component is connected by a bus 200! RU

 Here, the CPU 201 controls the entire document verification apparatus (for example, the document verification apparatuses 101 and 102 shown in FIG. 1). The ROM 202 records programs such as a boot program and a document verification program related to an electronic signature generation process, an electronic document extraction process, and an electronic document verification process described later. The RAM 203 is used as workware for the CPU 201.

 The HDD 204 controls the read Z write of data to the HD 205 according to the control of the CPU 201. The HD 205 stores data written under the control of the HDD 204. In the HD 205, for example, the electronic document DB shown in FIG. 1 is constructed.

 [0055] The FDD 206 controls the read Z write of data to the FD 207 according to the control of the CPU 201. The FD 207 stores data written under the control of the FDD 206, and causes the document verification apparatus to read data stored in the FD 207.

[0056] As a removable recording medium, the power of FD207, CD-ROM (CD-R, CD-R W), MO, DVD (Digital Versatile Disk), memory card, etc. The display 208 displays data such as documents, images, and function information, as well as a cursor, icons, or toolbox. As the display 208, for example, a CRT, a TFT liquid crystal display, a plasma display, or the like can be adopted.

 [0057] The IZF 209 is connected to a network 103 such as the Internet through a communication line, and is connected to other devices via the network 103. The I / F 209 manages an internal interface with the network 103 and controls input / output of data from an external device. For example, a modem or a LAN adapter can be adopted as the I ZF209.

 [0058] The keyboard 210 includes keys for inputting characters, numbers, various instructions, and the like, and inputs data. Alternatively, a touch panel type input pad or a numeric keypad may be used. The mouse 211 is used to move the cursor, select a range, move a window, change its size, and so on. A track ball or a joystick may be used as long as they have the same function as a pointing device.

 [0059] The scanner 212 optically reads an image and reads the image data into the document verification apparatus. Note that the scanner 212 may have an OCR function. The printer 213 prints image data and electronic documents. As the printer 213, for example, a laser printer or an inkjet printer can be employed.

 [0060] (Functional configuration of document verification apparatus)

 Next, a functional configuration of the document verification apparatus (for example, the document verification apparatuses 101 and 102 shown in FIG. 1) according to the first embodiment of the present invention will be described. FIG. 3 is a block diagram showing a functional configuration of the document verification apparatus according to the first embodiment of the present invention. In FIG. 3, the document verification apparatus includes an input unit 301, a division unit 302, an allocation unit 303, a generation unit 304, a setting unit 305, a specification unit 306, an extraction unit 307, a determination unit 308, and a verification unit. Part 309, compulsory disclosure specification part 311 and deletion part 312 are composed of force.

[0061] The input unit 301 receives an input of an electronic document. Here, the electronic document is a general term for documents handled on a computer, and is electronic data created using a document creation application or the like. Examples of the electronic document include confidential personal information such as an electronic result table and an electronic family register. Electronic documents are stored in the document verification device. Or may be created by another device. If an electronic document is created on another device, the network such as the Internet 10

3 through the document verification apparatus.

[0062] The dividing unit 302 divides the electronic document input by the input unit 301 into arbitrary constituent elements. An arbitrary component may be one component for each byte from the beginning of the electronic document (here, the beginning when the input electronic document is read), or for each sentence or word. It can be a single component.

[0063] Further, if the electronic document is a document described in XML (Extensible Markup Language) language or the like, the minimum constituent element constituting the document is selected as one constituent element.

 The assigning unit 303 assigns a genuine random number or a pseudo-random number (hereinafter referred to as “random number”) to each constituent element according to the order of the appearance position of the constituent element divided by the dividing part 302 in the electronic document. The order related to the appearance position is the order defined by the arrangement of each component in the electronic document. Specifically, for example, a random number may be assigned to each component so as to be in ascending order or descending order according to the reading order when the electronic document is read in the document verification apparatus.

 Here, the true random number is each element included in an irregular number sequence having no regularity. Specifically, genuine random numbers are generated by using random physical phenomena. The pseudo-random number means each element included in a number sequence that looks like a random number sequence that is obtained by deterministic calculation but has no regularity. Specifically, pseudo-random numbers are random numbers that are generated on a computer and are as difficult to predict as possible. This pseudo random number can be generated using, for example, a pseudo random number generator (pseudo random number generation method). A pseudo-random number generator is a device that can output a sequence that cannot be distinguished from random numbers by a polynomial time calculator.

[0066] The generated random numbers are assigned to each component so as to be in ascending order or descending order. For example, a random number is assigned to each component so that the value of the random number increases in order according to the order of the appearance position in the electronic document. A specific method for generating and assigning random numbers will be described later. [0067] In addition, the assigning unit 303 assigns a random number (hereinafter, "common random number") common to each constituent element divided by the dividing unit 302 to each constituent element. Moyo. The common random number is a random number set to be unpredictable for each electronic document, and is a value common to all the components constituting the electronic document. The common random number is generated using, for example, the pseudo random number generator.

 The generation unit 304 generates an electronic signature for each component divided by the dividing unit 302. Here, the electronic signature is a method for authenticating the validity of data (electronic document) or signature information added to the electronic document. The electronic signature can be realized, for example, by using a public key encryption method. Specifically, electronic signature is a technique used when an electronic document is transmitted to a communication partner and when the user wants to prove to the communication partner that he / she has transmitted the electronic data.

 [0069] In other words, an electronic signature, like a physical signature (such as a seal), is used to prove the correct author of the electronic document and the legitimacy of the electronic document (that has been tampered with). belongs to. Furthermore, an electronic signature can only be created by the person himself, and the validity of the electronic signature can be verified by any user.

 In order to realize this, for example, the principle of public key cryptography is used. Specifically, it is used that only a user who has a private key (signature key) can create a signature text (electronic document with an electronic signature added). The public key (verification key) is disclosed so that verification can be performed by any user.

 Here, a series of flow from creation of electronic signature to verification will be described. The creator of the electronic signature (hereinafter referred to as “sender”) creates a public key and a private key in advance according to the public key cryptosystem. Then, make the private key private to you and make only the public key public to the other party. The sender creates an electronic signature using the private key for the electronic document to be signed.

Next, the sender adds an electronic signature to the original electronic document and transmits it to the communication partner (hereinafter referred to as “receiver”). The recipient receives the original electronic document and the electronic signature. The receiver verifies the electronic signature with the public key published by the sender.

[0073] The recipient receives a value obtained from the original electronic document and public key, and a value obtained from the electronic signature. Whether or not matches. At this time, if these values match, the validity of the electronic document and the sender is proved. On the other hand, if the values do not match, it can be detected that the electronic document or electronic signature has been tampered with.

 [0074] Since the public key (verification key) must be guaranteed to be valid even if it is disclosed, it is conceivable that the public key is signed by a trusted organization. In addition, specific schemes for realizing digital signatures include RSA signature schemes based on prime factorization and ESIGN signatures, Elgamal signatures and DSA signatures based on discrete logarithms, and elliptical Elgalmal signatures and elliptical DSAs based on elliptical discrete logarithms. There are signatures.

 In addition, the generation unit 304 may generate an aggregated electronic signature in which electronic signatures for each component are aggregated. Aggregated digital signatures are a collection of digital signatures generated for each component. Specifically, for example, the aggregated electronic signature may be constituted by the product of the electronic signatures of the respective constituent elements! Or may be constituted by the sum of the electronic signatures of the respective constituent elements.

 The setting unit 305 sets the electronic signature for each component generated by the generation unit 304 for the corresponding component. Specifically, for example, the setting unit 305 records the electronic signature for each component generated by the generation unit 304 in the electronic document DB in association with the corresponding component.

 The designation unit 306 accepts designation of arbitrary constituent elements that constitute the electronic document. Specifically, the user of the document verification apparatus designates arbitrary constituent elements constituting the electronic document by operating the keyboard 210 and the mouse 211. Here, random numbers are assigned to the constituent elements constituting the electronic document here, and a corresponding electronic signature is set.

 The extraction unit 307 extracts an arbitrary component designated by the designation unit 306 from the electronic document. Specifically, the extraction unit 307 extracts an arbitrary constituent element designated by the designation unit 306 together with a random number assigned to the constituent element. Hereinafter, an electronic document composed of extracted components is referred to as an “extracted document”.

[0079] It should be noted that a configuration element other than the configuration element extracted by the extraction unit 307 in the electronic document may be deleted together with a random number assigned to the other configuration element. Good. In this case, electronic signatures set for other components are also deleted.

 Furthermore, an electronic signature set in another component may be deleted from the aggregated electronic signature generated by the generation unit 304. Specifically, for example, if an integrated electronic signature is configured by the product of electronic signatures set for each component !, the aggregate electronic signature is set for other components! Divide.

 In addition, the input unit 301 may accept an input of an electronic document configured by an arbitrary component extracted by the extraction unit 307. Specifically, the input unit 301 receives an input of an extracted document that is a verification target of authenticity.

 The determination unit 308 determines whether or not the random number force assigned to each component input by the input unit 301 is in accordance with the order related to the appearance position of each component in the electronic document. Specifically, the determination unit 308 determines whether or not the random numbers assigned to the constituent elements constituting the electronic document are in ascending or descending order according to the order of the appearance positions of the constituent elements in the electronic document. Determine whether.

 [0083] Further, the determination unit 308 may determine the validity of each component based on the electronic signature set for each arbitrary component extracted by the extraction unit 307. Good. Specifically, the determination unit 308 verifies the electronic signature set for each arbitrary component and determines whether or not the verification is successful. For example, the electronic signature set for each arbitrary component is decrypted, and it is determined whether or not the decryption result matches the arbitrary component.

 [0084] Furthermore, the determination unit 308 determines whether or not the common random number force extracted by the allocating unit 303 is assigned to each component, and whether or not it is common to any component extracted by the 307. .

 In addition, the determination unit 308 determines the validity of the electronic document configured by the arbitrary components extracted by the extraction unit 307 based on the aggregated electronic signature generated by the generation unit 304. Also good. Here, the aggregated electronic signature is obtained by deleting the electronic signature set in the component other than the component extracted by the extraction unit 307. Specifically, it is determined whether or not the aggregated electronic signature passes verification.

The verification unit 309 verifies the authenticity of the electronic document based on the determination result of the determination unit 308. Specifically, for example, the verification unit 309 determines that the random number assigned to each component by the determination unit 308 is in accordance with the order related to the appearance position of each component in the electronic document. Verifies that is authentic.

 [0087] The verification unit 309 may verify that the electronic document is authentic when the determination unit 308 determines that each component is valid. Further, the verification unit 309 may verify that the electronic document is authentic when the common random number assigned to each component is common to any component.

 The output unit 310 outputs the verification result of the verification unit 309. Specifically, when the verification unit 309 verifies that the electronic document is authentic, a verification result indicating a verification success is output. In addition, when the verification unit 309 verifies that the electronic document is not authentic, a verification result indicating a verification failure may be output.

 The compulsory disclosure designating unit 311 accepts designation of a partial document to be compulsorily disclosed among components constituting the electronic document. Here, the partial document to be forcibly disclosed is a partial document that cannot be deleted, and is a partial document that is forcibly extracted from the electronic document by the extraction unit 307.

 The deletion unit 312 deletes the electronic signature set in the component designated by the compulsory disclosure designation unit 311. That is, since the digital signature is deleted by the deletion unit 312, the component designated by the compulsory disclosure designation unit 311 is in a state where no digital signature is set. In this case, the determination unit 308 does not determine the validity of a component for which an electronic signature is not set.

 [0091] Note that the input unit 301, the division unit 302, the allocation unit 303, the generation unit 304, the setting unit 305, the designation unit 306, the extraction unit 307, the determination unit 308, the verification unit 309, the output unit 310, the forced disclosure designation unit Specifically, the 311 and the deletion unit 312 are executed, for example, by causing the CPU 201 to execute a program recorded in a recording medium such as ROM 202, RAM 203, and HD 2005 shown in FIG. By realizing the function.

 [0092] (Procedures for Various Processes of Document Verification Apparatus)

Next, procedures of various processes executed in the document verification apparatus will be described. First, the electronic signature addition process when processing an electronic document so that it can be authentically verified. I will explain. Specifically, this digital signature adding process is a process executed in an information disclosure apparatus such as the document verification apparatus 101 shown in FIG.

 Here, first, an electronic document to which an electronic signature has been added by an electronic signature generation process executed by the document verification apparatus will be described. FIG. 4 is an explanatory diagram showing an example of an original document to which an electronic signature is added. As shown in Fig. 4, the original document, which is an electronic document, is divided into partial documents (in this case, each word is a partial document).

 [0094] Then, a document ID and a partial document ID that cannot be predicted using random numbers are added to each divided partial document. Here, the original document with the document ID and partial document ID added is referred to as “original document with ID added”.

 [0095] The document ID is a value set for each original document, and is a value added to all partial documents constituting one original document. Here, the document ID is “35”, which is added to all the partial documents. Note that the document ID corresponds to a common random number assigned to the components constituting the electronic document by the assigning unit 303 described above.

 [0096] Further, the partial document ID is a different value for each partial document, and is added to each partial document so as to be in ascending order according to the order of the appearance positions of the partial documents constituting the original document. Here, the partial document IDs using random numbers are in ascending order (“02” → “28” → “39” → “56” → “87” in order from the leftmost partial document (“This”) constituting the original document. ) To be added to each partial document. The partial document ID corresponds to a random number assigned to each component by the assigning unit 303 described above according to the order of the appearance position in the electronic document.

 [0097] Further, an electronic signature generated for each partial document is added to each partial document constituting the original document. Here, the electronic signature generated for each partial document (word) σ

 1

~ Σ 1S is added to each corresponding partial document. Specifically, for example,

Five

 The electronic signature “σ” is added to the divided document “This”. The electronic signature is as described above.

 1

 This corresponds to the electronic signature generated by the generation unit 304 for each component constituting the electronic document.

 [0098] (Procedure for Electronic Signature Generation Processing of Document Verification Device)

Next, the procedure of the electronic signature generation process that is executed by the document verification device! Rush Light up. FIG. 5 is a flowchart showing an electronic signature generation processing procedure executed in the document verification apparatus according to the first embodiment of the present invention. In the flowchart of FIG. 5, the document verification apparatus first determines whether or not it has received the input of the original document (step S501).

 [0099] The original document is highly confidential personal information such as an electronic result table created by an employee of an educational institution or an electronic family register ledger created by an employee of an administrative institution. The original document may be configured to be created by the document verification apparatus, or may be configured to acquire other apparatus capabilities.

 Here, when the input is accepted after waiting for the input of the original document (step S501: Yes), the input original document is divided into partial documents (step S502). The partial document is a component constituting the original document and can be arbitrarily defined. Specifically, for example, as shown in FIG. 4, the original document may be divided by using individual words constituting the original document as partial documents.

 Next, a document ID and a partial document ID are added to each partial document divided in step S502 (step S503). The document ID is a value set for each original document, and is set to be unpredictable using a random number. The partial document ID is a value set for each divided partial document, and is set to be unpredictable using a random number.

 [0102] The random numbers set as the document ID and the partial document ID are generated using the above-described pseudo-random number generator or the like. Then, using the generated random number, a document ID common to all the partial documents constituting the original document is added, and different partial document IDs are added to each partial document in ascending order.

 [0103] "Adding document ID and partial document ID" may be described by actually adding the document ID and partial document ID to the original document. The document ID and the partial document ID related to the document may be associated with each other.

[0104] Here, an example of an adding method for adding different partial document IDs to each partial document in ascending order (or descending order) will be described. For example, a random number generated by a pseudo-random number generator is added to each partial document as a partial document ID. In this case, until the random numbers added to each partial document are in ascending order (or descending order), random number generation and Repeat the addition.

 [0105] As another example, random numbers corresponding to the number of partial documents divided in advance are generated, the generated random numbers are rearranged in ascending or descending order (sort), and added to each partial document. You may make it do. In this case, random numbers corresponding to the number of partial documents may be generated by using a hash function that can generate a fixed-length random number from the input original data.

 Returning to the description of the flowchart in FIG. 5, next, an electronic signature is calculated for each partial document divided in step S502 (step S504). Electronic signature calculation methods include the RSA signature, El Gamal signature, and DSA signature described above.

 Then, the calculated electronic signature is added to each corresponding partial document (step S 505). Specifically, the electronic signature calculated for each partial document is set in association with the corresponding partial document, and an electronic document (original document) with the electronic signature added is created.

 [0108] Finally, the original document with the electronic signature added is saved in the electronic document DB (step S506), and the series of processing according to this flowchart ends. The electronic document DB is a database built on a recording medium such as HD205.

 [0109] In the electronic document DB, the document ID and the partial document ID added in step S503 are stored in association with each partial document together with the original document with the electronic signature added. Specifically, for example, the electronic document DB stores the original document shown in FIG. 4, the original document with the ID added, and the added electronic signature.

 [0110] Note that the processing in step S504 and step S505 can be performed at any timing as long as the original document is divided into partial documents in step S502. For example, before adding the document ID and partial document ID in step S503, the processing in step S504 and step S505 in this flowchart may be performed.

[0111] This makes it possible to verify the authenticity of the electronic document even if the partial document constituting the electronic document is changed in order or transferred. [0112] (Electronic document extraction processing procedure of document verification device)

 Next, the procedure of the electronic document extraction process executed in the document verification apparatus will be described. The user of the document verification apparatus can extract only desired information from the electronic document to which the electronic signature is added by the above-described electronic signature generation process. A document ID and partial document ID are added to an electronic document with an electronic signature. Specifically, for example, only publicly available information can be extracted from electronic public documents including national secrets.

 FIG. 6 is a flowchart showing an electronic document extraction processing procedure executed in the document verification apparatus according to the first embodiment of the present invention. In the flowchart of FIG. 6, the document verification apparatus first receives an input of an original document with an electronic signature added (step S601).

 [0114] Next, it is determined whether or not the designation of an arbitrary partial document constituting the original document has been received (step S602). Specifically, for example, the user operates the keyboard 210 and the mouse 211 to designate an arbitrary partial document to be extracted from the original document displayed on the display 208.

 [0115] Here, after accepting the designation of an arbitrary partial document, if accepted (step S602: Yes), it is added to other partial documents other than the designated partial document and the other partial documents. The electronic signature that has been deleted is deleted (step S603). Specifically, the partial document specified as the extracted document is deleted (added document ID and partial document ID are also removed) and added to each partial document. Delete the digital signature that has been added.

 Finally, the designated partial document is extracted from the original document (step S604), and the series of processing according to this flowchart is terminated.

 Thus, by designating an arbitrary partial document in the electronic document, an arbitrary partial document can be extracted from the electronic document.

Here, the electronic document when a partial document arbitrarily designated by the user is extracted from the original document with the electronic signature shown in FIG. 4 will be described. FIG. 7 is an explanatory diagram showing an example in which a partial document is extracted from the original document by the electronic document extraction process. Here is a case where the extraction is done by two users. An example will be described.

 As shown in FIG. 7, when the first user designates a partial document other than “is” as the partial document to be extracted, the partial document other than “is” is selected from the original documents shown in FIG. (Extracted document 701) is extracted. In this case, data related to “is” is deleted from the original document with the ID shown in FIG. 4 and the electronic signature “σ” added to “is” is deleted.

 2 divided.

 Subsequently, when a partial document other than “a” is designated as a partial document to be extracted by the second user, a partial document other than “a” is extracted from the extracted document 701. In this case, the data related to “a” is deleted from the extracted document 701, and the electronic signature “σ” added to “a” is deleted.

 Three

 [0121] In addition to the modifications executed by the above-described electronic document extraction process, modifications such as order exchange and transfer (copying) of partial documents constituting the electronic document are performed in each document verification apparatus and electronic document editing apparatus. May be done. In order to detect such a modification, a document ID and a partial document ID are added to each partial document constituting the electronic document. The significance of document IDs and partial document IDs will be described below.

 [0122] (Significance of document ID)

 First, the meaning of the document ID added in step S503 of the flowchart shown in FIG. 5 will be described. FIG. 8 is an explanatory diagram showing an example of a forged extracted document. As shown in Fig. 8, in the case of a legitimate extracted document 801 that has not been illegally edited (extracted), the document ID added to each partial document is a value common to all partial documents. It is. Specifically, the “35” power added as the document ID is common to all partial documents.

 [0123] On the other hand, for example, in the case of a forged extracted document 802 in which a partial document is illegally extracted such as by transferring a partial document from another electronic document, the document ID added to each partial document is Not common to all partial documents. Specifically, the document ID “48” added to “That” transcribed from another electronic document is different from the document ID “35” added to another partial document.

[0124] As described above, is the document ID added to each partial document constituting the extracted document common? By judging whether or not, the legitimacy of the extracted document can be detected, and the transfer of the partial document having the power of another electronic document can be prevented.

 [0125] (Significance of partial document ID)

 Next, the significance of the partial document ID added in step S503 of the flowchart shown in FIG. 5 will be described. FIG. 9 is an explanatory diagram showing an example of partial document order exchange and transfer. An extracted document 901 indicates an electronic document when a partial document is legitimately extracted from the original document shown in FIG.

 [0126] The forged extracted document 902 is an electronic document created using the extracted document 901 from which a partial document has been legitimately extracted. Specifically, the counterfeit extracted document 902, which is an illegal extracted document, is created by exchanging the order of the partial documents constituting the extracted document 901.

 In order to detect the legitimacy of this forged extracted document 902, it is determined whether or not the partial document ID added to each partial document is in ascending order. In the forged extracted document 902, the order of the partial document ID added to each partial document is “02” → “87” → “56”, which is not in ascending order. Therefore, it is possible to detect that the forged extracted document 902 is an illegally extracted electronic document.

 [0128] The forged extracted document 903 is an electronic document created using the extracted document 901 from which the partial document has been extracted. Specifically, a forged extracted document 903, which is an illegal extracted document, is created by transferring (copying) a partial document from the extracted document 901.

 [0129] Also when detecting the legitimacy of the forged extracted document 903, it is determined whether or not the partial document ID added to each partial document is in ascending order. In the forged extracted document 903, the order of the partial document ID added to each partial document is “02” → “56” → “56”, and is not in ascending order. Therefore, it is possible to detect that the forged extracted document 903 is an electronic document that has been illegally extracted.

[0130] In this way, by determining whether or not the partial document ID added to each partial document constituting the extracted document is in ascending order, the order of partial documents in the same extracted document can be exchanged and transferred. Can be detected. Partial document extraction (deletion) is performed. Even in this case, the ascending order of partial document IDs is maintained, so there is no effect on partial document order exchange and transcription detection.

 [0131] (Procedure of electronic document verification processing of document verification apparatus)

 Next, an electronic document verification process performed by the document verification apparatus will be described. FIG. 10 is a flowchart showing the procedure of the electronic document verification process executed in the document verification apparatus according to the first embodiment of the present invention.

 In the flowchart shown in FIG. 10, it is first determined whether or not the input of the extracted document has been accepted (step S 1001). An extracted document is an electronic document extracted by the electronic document extraction process described above. An electronic document that has been modified after extraction is also referred to as an extracted document here.

 [0133] If the input is accepted after waiting for the extracted document to be input (step S 100 1: Yes), all the document IDs added to the partial documents constituting the extracted document have the same value. It is determined whether or not (step S1002).

 [0134] If all document IDs added to each partial document have the same value (step S1002: Yes), whether or not the partial document ID added to each partial document is in ascending order is checked. Judge (Step S1003). Specifically, it is determined whether or not the partial document ID added to each partial document has a value increasing in the order of the partial documents constituting the extracted document.

 [0135] If the partial document IDs added to each partial document are in ascending order (step S1 003: Yes), the extracted document is configured based on the digital signature added to each partial document. It is determined whether or not all partial documents to be valid are valid (step S1004). Specifically, the validity of each partial document is judged by verifying the electronic signature added to each partial document that constitutes the extracted document and judging the result.

 [0136] If all the partial documents are valid (step S1004: Yes), a verification result indicating that the extracted document has been successfully verified is output (step S1005), and the series of processing according to this flowchart ends.

[0137] If the document IDs added to the partial documents are not all the same value in step S1002 (step S1002: No), a verification result indicating a verification failure is output (step S1006). ), A series of processes according to this flowchart is terminated. [0138] Furthermore, if the partial document ID added to each partial document is not in ascending order in step S1003 (step S1003: No), a verification result indicating a verification failure is output (step S1006). Then, a series of processes according to this flowchart is finished.

 [0139] If all the partial documents are valid in step S1004 (step S1004: No), a verification result indicating a verification failure is output (step S1006), and this flowchart is displayed. The series of processes by is terminated.

[0140] Thus, the authenticity of the extracted document can be verified even when the partial documents constituting the electronic document are changed in order, transferred, or the like.

 [0141] As described above, according to the document verification apparatus according to the first embodiment of the present invention, even when the partial document constituting the electronic document is changed in order, transferred, or modified. The authenticity of the modified electronic document (extracted document) can be verified.

 [0142] Specifically, the legitimacy of each partial document can be determined based on an electronic signature added to each partial document constituting the electronic document. Also, by determining whether the partial document ID added to each partial document constituting the electronic document is in ascending order (or descending order), the partial documents can be exchanged in order and transferred within the same electronic document. It can be detected. Further, the validity of the electronic document can be detected by determining whether or not the document ID added to each partial document constituting the electronic document is common.

 [Embodiment 2]

 Next, a second embodiment of the document verification apparatus described above will be described. In the second embodiment, in the electronic signature generation processing of the document verification apparatus, an integrated electronic signature obtained by integrating electronic signatures calculated for each partial document is calculated, and the electronic document is verified using the integrated electronic signature.

 (Procedure of electronic signature generation processing of document verification apparatus)

First, the procedure of the digital signature generation process executed by the document verification apparatus will be described. FIG. 11 is a flowchart showing a digital signature generation processing procedure executed in the document verification apparatus according to the second embodiment of the present invention. In the flowchart of FIG. 11, the document verification apparatus first determines whether or not the input of the original document has been accepted (step S 1101). Here, when input is accepted after waiting for input of the original document (step S1101: Yes), the input original document is divided into partial documents (step S1102). Then, a document ID and a partial document ID are added to each divided partial document (step S1103). Specifically, unpredictable random numbers are added as document IDs and partial document IDs. For the partial document ID, a random number is added so as to be in ascending order according to the appearance position of each partial document.

 Next, the electronic signature for each partial document divided in step S1102 is calculated (step S1104). Then, the calculated electronic signature is added to each corresponding partial document (step S 1105).

 [0147] Next, an aggregated digital signature obtained by aggregating the digital signatures calculated for each partial document is calculated.

(Step S1106). Specifically, the aggregate digital signature is calculated by multiplying the digital signature of each partial document calculated in step S1104. For example, if the electronic signature power S “(7 to _σ ”) of each partial document calculated in step S 1104 is

 1 5

 ^ "^" Name σ ヽ “σ = σ X σ X σ X σ X σ I.

 1 2 3 4 5

 [0148] Finally, the original document with the electronic signature added is stored in the electronic document DB together with the aggregated electronic signature calculated in step S1106 (step S1107), and a series of processing by this flow chart is completed. To do.

Note that the processing in step S1106 may be performed after adding the electronic signature of each partial document in step S1104 and before adding the electronic signature in step S1105. Yeah!

This makes it possible to verify the authenticity of the electronic document even when the partial document constituting the electronic document is changed in order, transferred, or the like.

 [0151] (Procedure of electronic document extraction process of document verification device)

 Next, the procedure of the electronic document extraction process executed in the document verification apparatus will be described. FIG. 12 is a flowchart showing an electronic document extraction processing procedure executed in the document verification apparatus according to the second embodiment of the present invention.

[0152] In the flowchart of FIG. 12, the document verification apparatus first adds an electronic signature. The input of the original document and the aggregated electronic signature is accepted (step S 1201). Next, it is determined whether or not the designation of an arbitrary partial document constituting the original document has been received (step S 1202).

 [0153] Here, after accepting the designation of an arbitrary partial document, if accepted (step S1202: Yes), it is added to other partial documents other than the designated partial document and other partial documents. The digital signature that has been deleted is deleted (step S1203). Next, the combined electronic signature input in step S1201 is added to other partial documents other than the specified arbitrary partial document, and the electronic signature is divided (step S1204).

 Specifically, for example, the electronic signature added to the partial document constituting the original document is “σ to σ”, and the electronic signature power σ σ σ added to the designated partial document is

1 5 1 3 4

, Σ '', other partial documents other than the partial document specified from the aggregate digital signature σ

Five

 The electronic signature attached to

 Divide "2". In this case, the aggregate digital signature σ is expressed as “σ = σ

 1

X σ X σ X σ

 3 4 5 ”and θ.

 [0155] Finally, the designated partial document is extracted from the original document (step S1205), and the series of processing according to this flowchart is terminated. It should be noted that the processing in step S 1203 and step S 1204 may be executed simultaneously or in the reverse order.

 Thus, by designating an arbitrary partial document in the electronic document, an arbitrary partial document can be extracted from the electronic document.

[0157] (Procedure of electronic document verification processing of document verification apparatus)

 Next, an electronic document verification process performed by the document verification apparatus will be described. FIG. 13 is a flowchart showing the procedure of the electronic document verification process executed in the document verification apparatus according to the second embodiment of the present invention.

In the flowchart shown in FIG. 13, the document verification apparatus first determines whether or not the input of the extracted document and the aggregated electronic signature has been accepted (step S 1301). If the extracted document and aggregated digital signature are entered and accepted (Step S1301: Yes), all document IDs added to each partial document constituting the extracted document will be added. Whether or not the same value is determined (step S1302). [0159] If the document ID added to each partial document has the same value (step S1302: Yes), whether the partial document ID added to each partial document is in ascending order or not is checked. Judge (Step S1303). Specifically, it is determined whether or not the partial document ID added to each partial document has a value increasing in the order of the partial documents constituting the extracted document.

 [0160] Here, if the partial document IDs added to each partial document are in ascending order (step S1 303: Yes), the extracted document is valid based on the aggregated digital signature input in step S1301. It is determined whether or not there is a certain force (step S1304). Specifically, the legitimacy of the extracted document is judged using the aggregated electronic signature.

 [0161] If the extracted document is valid (step S1304: Yes), a verification result indicating the verification success of the extracted document is output (step S1305), and the series of processing according to this flowchart ends.

 [0162] If the document IDs added to the partial documents are not all the same value in step S1302 (step S1302: No), a verification result indicating a verification failure is output (step S1306). Then, a series of processes according to this flowchart is finished.

 [0163] Furthermore, in step S1303, if the partial document ID added to each partial document is not in ascending order (step S1303: No), a verification result indicating a verification failure is output (step S1306). Then, a series of processes according to this flowchart is finished.

 [0164] If the extracted document is not valid in step S1304 (step S13 04: No), a verification result indicating a verification failure is output (step S1306), and a series of processing by this flow chart is performed. finish.

 [0165] Thereby, even if the partial document constituting the electronic document is changed in order, transferred, or the like, the authenticity of the extracted document can be verified. Further, by using the aggregated electronic signature when judging the legitimacy of the extracted document, it is possible to simplify the electronic document verification process.

[0166] As described above, according to the document verification apparatus according to the second embodiment of the present invention, even when the partial document constituting the electronic document is changed in order, transferred, or the like is modified. The authenticity of the modified electronic document (extracted document) can be verified. In addition, when judging the validity of an electronic document, an aggregated electronic signature generated for each electronic document is used. As a result, it is possible to simplify the electronic document verification process.

 [Embodiment 3]

 Next, a third embodiment of the document verification apparatus described above will be described. In the third embodiment, the compulsory disclosure characteristic (property) can be set for an arbitrary partial document among the partial documents constituting the electronic document. That is, it is possible to make a setting for forcibly disclosing (cannot be deleted) specific information in the electronic document regardless of the intention of the user (extractor).

It should be noted that the procedure of the electronic signature generation process of the document verification apparatus! Since it is the same as the procedure of the electronic signature generation process of the document verification apparatus according to the second embodiment, the description is omitted.

 [0169] (Procedure of electronic document extraction processing of document verification device)

 Next, the procedure of the electronic document extraction process executed in the document verification apparatus will be described. FIG. 14 is a flowchart showing an electronic document extraction processing procedure executed in the document verification apparatus according to the third embodiment of the present invention.

 In the flowchart of FIG. 14, the document verification apparatus first receives an input of an original document to which an electronic signature has been added and an aggregated electronic signature (step S 1401). Next, it is determined whether or not the designation of the partial document to be forcibly disclosed has been received (step S1402).

 [0171] The partial document to be forcibly disclosed is a partial document that is compulsorily extracted without being designated as a partial document extracted by the user, and indicates a partial document that cannot be deleted. In step S1402, if the specification of the partial document to be forcibly disclosed is accepted (step S14 02: Yes), the specified partial document is set as the partial document to be forcibly disclosed and added to the partial document to be forcibly disclosed. The digital signature to be deleted is deleted (step S 1403).

 Specifically, for example, electronic signatures “σ 1 -σ 2” respectively corresponding to the partial documents “Partial document 1 to Partial document 5” constituting the original document are added. At this time, forced open

 1 5

 When the partial document 4 is designated as the partial document to be indicated, the electronic signature “σ” added to the partial document 4 is deleted.

 Four

Note that the partial document set as the partial document to be forcibly disclosed is regarded as a partial document to be extracted even when the electronic document extraction process is executed by the next user thereafter. Forcibly extracted (forcibly disclosed) without specifying.

 Next, it is determined whether or not the designation of the partial document to be extracted has been received (step S140 4). Here, it waits for the designation of the partial document to be extracted, and if it is accepted (step S1404: Yes), it is added to other partial documents other than the designated partial document and the other partial documents. The electronic signature is deleted (step S1405). If it is determined in step S1402 that the designation of the partial document to be forcibly disclosed is not accepted (step S1402: No), the process proceeds to step S1404.

 [0175] At this time, the partial document designated as the partial document to be forcibly disclosed in step S1402 is not deleted even if it is not designated as the extracted document in step S1404. The electronic signature attached to the partial document to be forcibly disclosed has been deleted in step S 1403!

 Next, the digital signature added to the other partial document other than the specified arbitrary partial document is divided into the aggregated digital signature input in step S 1401 (step S 1406). Specifically, for example, an aggregate electronic signature σ force ^ σ = σ X σ X σ X σ X σ ''

 1 2 3 4 5 If the digital signature strength ^ σ '' added to other partial documents (partial document 2 to be deleted) other than the partial document specified as the partial document to be extracted, the aggregated electronic signature σ is 「Σ

 2

 = σ X σ X σ X σ

 1 3 4 5 ”. The electronic signature σ added to the partial document 4 set as the partial document to be compulsory disclosed is not divided into σ.

 Four

 Finally, the partial document specified in step S 1404 is extracted from the original document (step S 1407), and the series of processing according to this flowchart ends.

 Thus, by designating an arbitrary partial document in the electronic document, it is possible to extract an arbitrary partial document from the electronic document. In addition, by setting the partial document to be forcibly disclosed, it is possible to prohibit (forcibly extract) the deletion of the partial document in the subsequent electronic document extraction process.

[0179] Here, an outline of extracting an electronic document partial document in which a partial document to be forcibly disclosed is set will be described with reference to FIG. FIG. 15 is an explanatory diagram illustrating an example of an original document and an extracted document in which a partial document to be forcibly disclosed is set. As shown in FIG. 15, the electronic signatures σ to σ corresponding to the partial documents 1 to 5 constituting the original document are attached. Caro has been. The aggregated electronic signature σ at this time is indicated by the product of the electronic signatures σ to σ.

 1 5

 The

 [0180] At this time, when the partial document 4 is set as the partial document to be forcibly disclosed, the electronic signature σ attached to the partial document 4 is deleted. In addition, as a partial document to be extracted

 Four

 Document When partial document 3 and partial document 5 are specified, it is specified as an extracted document and a partial document to be forcibly disclosed, and partial document 2 is added to partial document 2 and deleted with electronic signature σ. The

 2

 [0181] As a result, the electronic documents that are extracted as original documents are extracted as partial document 1, partial document 3, partial document 4, and partial document 5. In addition, the aggregated electronic signature σ at this time is obtained by dividing “σ = σ X

 2 1 σ X σ X σ I.

 3 4 5

 [0182] (Procedure of electronic document verification processing of document verification apparatus)

 Next, an electronic document verification process performed by the document verification apparatus will be described. The electronic document verification process of the document verification apparatus according to the third embodiment is almost the same as the procedure of the electronic document verification process of the document verification apparatus according to the second embodiment, and therefore only the different parts will be described. .

 Here, in place of the electronic document verification process of the document verification apparatus according to the second embodiment described above, extraction is performed based on the individual electronic signature added to each partial document constituting the input extracted document. It may be configured to include a step of determining the validity of the document.

 Specifically, for example, in the flowchart shown in FIG. 13, before each step of step S1304, based on the individual electronic signature added to each partial document, each partial document constituting the extracted document is displayed. Add a process to judge validity. Then, the legitimacy of the partial document is judged based on the electronic signature for each partial document, and if there is any partial document that has been illegally modified, a verification result indicating a verification failure is output.

[0185] Even if this step is added, since the electronic signature added to the compulsory disclosure partial document has been deleted, the validity of the electronic signature for the compulsory disclosure partial document is determined. Is not done. For this reason, a normal electronic document in which the electronic signature added to the partial document to be forcibly disclosed does not affect the electronic document verification process. Verification processing can be executed.

 [0186] Thereby, even if the partial document constituting the electronic document is changed in order or transferred, the authenticity of the extracted document can be verified.

 [0187] As described above, according to the document verification apparatus according to the third embodiment of the present invention, even when the partial document constituting the electronic document is changed in order, transferred, or the like. The authenticity of the modified electronic document (extracted document) can be verified. In addition, by setting the partial document to be forcibly disclosed, it is possible to prohibit (forcibly extract) the deletion of the partial document in the subsequent electronic document extraction process.

 Note that the document verification method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. This program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk, a CD-ROM, an MO, and a DVD, and is executed when the recording medium force is also read by the computer. The program may be a transmission medium that can be distributed through a network such as the Internet.

 Industrial applicability

As described above, the document verification program, the recording medium, the document verification method, and the document verification apparatus according to the present invention are useful for the technology for verifying the authenticity of an electronic document. This is suitable for a document verification technique that makes it impossible to exchange the order of partial documents that constitute a document.

Claims

The scope of the claims

 [1] A document verification program for verifying the authenticity of an electronic document,

 An input step for accepting input of the electronic document;

 A dividing step of dividing the electronic document input by the input step into arbitrary components;

 An assigning step of assigning each constituent element a true random number or a pseudo random number (hereinafter referred to as “random number”) according to the order of appearance positions of the constituent elements divided by the dividing step in the electronic document;

 A document verification program characterized by causing a computer to execute.

 [2] In the assigning step, a genuine random number or a pseudo random number (hereinafter referred to as “common random number”!) Is assigned to each component divided by the dividing step. The document verification program according to claim 1, wherein:

 [3] A generation step of generating an electronic signature for each component;

 A setting step for setting the electronic signature generated by the generation step for a corresponding component;

 2. The document verification program according to claim 1, wherein the computer is executed.

 [4] A designation step for accepting designation of any component constituting the electronic document, an extraction step for extracting any component designated by the designation step from the electronic document,

 4. The document verification program according to claim 1, wherein the computer is executed by the computer. 5.

[5] An extracted document input step for accepting input of an electronic document composed of arbitrary components extracted by the extraction step;

 A determination step for determining whether or not random numbers assigned to each component input by the extracted document input step are in accordance with an order related to the appearance position of each component in the electronic document;

A verification step for verifying the authenticity of the electronic document based on the determination result of the determination step When,

 An output step for outputting a verification result of the verification step;

 5. The document verification program according to claim 4, wherein the computer is executed.

 6. The document verification program according to claim 5, wherein the determination step causes the validity of each component to be determined based on an electronic signature set for each of the arbitrary components. .

 [7] The determination step is characterized in that it is determined whether the common random number assigned to each component by the assignment step is a force common to any component extracted by the extraction step. The document verification program according to claim 5.

 [8] In the generation step, an aggregated electronic signature is generated by aggregating the electronic signatures for each component.

The determination step makes it possible to determine the validity of an electronic document configured by an arbitrary component extracted by the extraction step based on the aggregated digital signature generated by the generation step. Item 6. The document verification program according to item ₅ .

 [9] The generating step generates an aggregated electronic signature in which electronic signatures for each component are aggregated,

 A compulsory disclosure designation step of accepting designation of a partial document to be compulsorily disclosed among the components constituting the electronic document;

 A deletion step of deleting the electronic signature set in the component designated by the mandatory disclosure designation step;

 5. The document verification program according to claim 4, wherein the computer is executed.

 10. A recording medium readable by the computer in which the document verification program according to any one of claims 1 to 9 is recorded.

[11] A document verification method for verifying the authenticity of an electronic document,

 An input step for receiving input of the electronic document;

A divider that divides the electronic document input in the input step into arbitrary components. About

 An assigning step of assigning a genuine random number or a pseudo random number to each component according to the order of appearance positions of the component divided by the dividing step in the electronic document;

 A document verification method comprising:

 A document verification device for verifying the authenticity of an electronic document,

 Input means for receiving input of the electronic document;

 A dividing means for dividing the electronic document input by the input means into arbitrary constituent elements;

 Assigning means for assigning a genuine random number or a pseudo-random number to each constituent element according to the order of appearance positions of the constituent elements divided by the dividing means in the electronic document;

 A document verification apparatus comprising: