JP2009026076A - Document management system - Google Patents

Abstract

A document management system for managing a document with an electronic signature or a time stamp signature.
A document registration apparatus includes: a means for acquiring a document from a document management apparatus; a means for assigning a latest signature to the acquired document; and a document to which a latest signature is given by the assigning means. Means for registering with the device; The document management apparatus stores the document acquired by the acquiring unit, the document with the latest signature received from the document registration apparatus, and the document stored in the storing unit in association with each other. Means for storing a document with the latest signature as a new version of the document stored in the means.
[Selection] Figure 1

Description

  The present invention relates to a document management system for managing a document with an electronic signature or a time stamp signature.

  With the progress of the information society, digital documents created by a word processor or the like, and digital documents obtained by scanning a paper document by a copying machine or the like are managed by a document management system. From the viewpoint of security protection, document management is also performed by giving a digital signature to a digital document (for example, Patent Document 1). An electronic signature is signature information attached to a digital document in order to guarantee the validity of the digital document. By giving an electronic signature to a digital document, it is assured that the document creator is certified and that the document has not been tampered with. Furthermore, a time stamp signature is given to a digital document. A time stamp signature is information indicating the date and time when a digital document was created or updated. The third-party organization attaches a time stamp signature indicating accurate date and time information to the digital document, and performs the existence certification and non-falsification certification of the digital document at that time. On the other hand, when an electronic signature or time stamp signature is given to a digital document, the digital signature or time stamp signature must be given to the digital document again due to the expiration of the signature or the change of the certificate to be used There is also a corresponding technology.

JP 2007-26173 A

  In the prior art, a new signature is assigned to a digital document that has an expired signature or a certificate that cannot be revoked (confirmed whether it has expired). When managing, there are the following problems.

  1. I want to remove the problematic signature that prevents the certificate from being revoked and give it a new signature.

  2. I want to remove the signature that was given using the previous certificate because I want to use the new certificate to give the signature.

  3. Since the document has been falsified for some reason, I want to return the document to the state before the falsification.

  Accordingly, an object of the present invention is to provide a document management system or the like that solves the above problems.

  The document management system according to the present invention is a document management system including a document registration apparatus and a document management apparatus. The document registration apparatus gives a latest signature to the acquired document and a means for acquiring the document from the document management apparatus. Means for registering a document with the latest signature given by the granting means in the document management apparatus, the document management apparatus receiving from the document registration apparatus, means for storing the document obtained by the obtaining means, A means for associating the document with the latest signature with the document stored in the storage means and storing the document with the latest signature as a new version of the document stored in the storage means; It is characterized by providing.

  The document management method of the present invention is a method of managing a document by a document registration apparatus and a document management apparatus, wherein the document registration apparatus acquires a document from the document management apparatus, and the document registration apparatus converts the acquired document into the acquired document. The step of assigning the latest signature, the step of registering the document with the latest signature by the step of granting in the document management device, and the document obtained by the step of obtaining by the document management device The document management device associates the document with the latest signature received from the document registration device with the document stored in the storing step, and the document management device assigns the latest signature as a new version of the document. Storing the processed document.

  According to the present invention, it is possible to remove a problematic signature that cannot be used to confirm the revocation of a certificate, and to newly assign and save the signature.

  According to the present invention, since the signature is given using the new certificate, the signature given using the previous certificate can be removed.

  According to the present invention, since the document has been falsified for some reason, the document can be returned to the state before the falsification.

  An embodiment of the present invention will be described with reference to the drawings.

  FIG. 1 is a diagram showing an overall configuration of a document management system.

  In FIG. 1, a document management system includes a document registration apparatus 1001, a document verification apparatus 1002, a document management server (document management apparatus) 1003, a scanner 1004, a multifunction peripheral (MFP) 1005, a shared storage apparatus 1006, and a time stamp server / certificate. A server 1008 is provided.

  The document registration apparatus 1001 assigns a signature to a document file by exchanging information necessary for assigning a signature with the timestamp server / certificate server 1008, and creates a signed document file. Here, “giving a signature” is any one of “giving an electronic signature”, “giving a time stamp signature”, or “giving both an electronic signature and a time stamp signature”. Means. The document registration apparatus 1001 transmits the created document file with a signature to the document management server 1003 and causes the document management server 1003 to register the document file. Further, the document registration apparatus 1001 is connected to the scanner 1004 and has a function of importing a JPEG format document file from the scanner 1004 via TWAIN (Tool Without An Interacting Name). TWAIN is one of technical specifications for connecting an image input device such as a scanner or a digital camera to a personal computer. Further, the document registration apparatus 1001 can take in a document file from the shared storage device 1006.

  The shared storage device 1006 stores, for example, a document file transmitted by mail via the Internet 1007 or a document file transmitted from the multifunction peripheral 1005 by using the SMB or FTP transmission function. The document file stored in the shared storage device 1006 is a mixture of a document file that has not been signed and a document file that has been previously signed by another device, but many document files are still not signed. It has not been.

  When the document management server 1003 receives a registration request for a signed document file from the document registration apparatus 1001, the document management server 1003 registers the received signed document file. Further, the document management server 1003 searches the registered document file for the requested document file in response to a search request from the user.

  The document verification apparatus 1002 takes out a registered document file from the document management server 1003 and verifies a signature existing in the document file. The operation of the document verification apparatus 1002 will be described later.

  In FIG. 1, the document registration apparatus 1001 and the document verification apparatus 1002 are shown as separate apparatuses, but may be replaced with a single apparatus having the functions of both apparatuses.

  FIG. 2 is a block diagram showing in detail the internal configuration of the document registration apparatus, document verification apparatus, and document management server.

  In FIG. 2, 2000 is a client, 2100 is a server, 2300 is a time stamp server, and 2400 is a certificate server. The client 2000 is an apparatus having both functions of the document registration apparatus 1001 and the document verification apparatus 1002 shown in FIG. The server 2100 corresponds to the document management server 1003 shown in FIG. 1, and the time stamp server 2300 and the certificate server correspond to the time stamp server / certificate server 1008 shown in FIG.

  The client 2000 includes a user interface 2001, a command control unit 2002, a device control unit 2003, a file control unit 2004, and a document management control unit 2005. Further, the client 2000 includes a temporary data storage unit 2006, an image processing unit 2007, a time stamp processing unit 2008, an electronic signature processing unit 2009, and a certificate store 2010.

  The server 2100 includes a communication control unit 2101, a document management control unit 2102, a search control unit 2103, an image document processing unit 2104, and an OCR engine 2105. The server 2100 further includes a temporary data storage unit 2106, a database control unit 2107, a volume database 2108, an attribute database 2109, and a full text search database 2110.

  First, the configuration and operation of the client 2000 will be described.

  The user performs operations such as adding a signature to a document file, registering a document with a signature, searching for a registered document file, and verifying a document file via the user interface unit 200 of the client 2000 (see FIG. 6 to 12).

  The command control unit 2002 analyzes information input by the user via the user interface unit 2001 and performs processing. Further, the command control unit 2002 creates a command to be transmitted to the server 2100.

  A device control unit 2003 controls a device such as a scanner. A device control unit 2003 performs processing for capturing image data from a device such as a scanner via a TWAIN interface.

  The file control unit 2004 executes an input process for importing the document file stored in the shared storage device 1006 shown in FIG. In addition, the file control unit 2004 executes an input process for importing a signed document received from the multifunction peripheral 1005 and a signed document received from an external device via the Internet 1007 to the client 2000.

  A document management control unit 2005 performs processing according to images, files, and commands received via the user interface unit 2001.

  A temporary data storage unit 2006 stores temporary data. The temporary data storage unit 2006 temporarily stores data created in the process of performing image processing on the input file, data created in the process of communication with the server, and the like. The temporary data storage unit 2006 also stores data created when an electronic signature or a time stamp is added, or when an electronic signature added to a document file is verified.

  An image document processing unit 2007 performs processing such as creation of thumbnail images and image conversion of input images.

  The time stamp processing unit 2008 adds the time stamp to the document file and verifies the time stamp added to the document file while communicating with the time stamp server 2300.

  The electronic signature processing unit 2009 adds an electronic signature to the document file or verifies the electronic signature attached to the document file. In addition, when an electronic signature is given to a document file, the electronic signature processing unit 2009 extracts and processes the electronic signature from the certificate store 2010 that stores the certificate. When the electronic signature processing unit 2009 verifies the electronic signature, the electronic signature processing unit 2009 communicates with the certificate server 2400 to confirm the revocation of the certificate used for the electronic signature and to construct a certification path.

  The certificate store 2010 stores a certificate. In this embodiment, it is implemented as a processing unit of the client 2000, but what is prepared in the OS may be used.

  The communication control unit 2011 performs communication control with the server 2100. The communication control unit of this embodiment performs communication control specialized for the processing of the document verification system. Accordingly, the OS performs communication control such as TCP / IP.

  Next, the configuration and operation of the server 2100 will be described.

  The communication control unit 2101 performs communication control with the communication control unit 2011 of the client 2000. The communication control unit 2101 can perform communication simultaneously with the communication control units of many clients.

  The document management control unit 2102 distributes all processes related to document management.

  The search control unit 2103 processes a search request received from the client 2000 or creates a search index to be assigned to a registered document file.

  The image document processing unit 2104 extracts a search index from the registered document. The image document processing unit 2104 converts the document into a format that can be easily processed, and extracts a search index using the OCR engine 2105.

  The temporary data storage unit 2106 stores temporary data.

  The database control unit 2107 stores data corresponding to each database in the volume database 2108, the attribute database 2109, and the full text search database 2110. Further, the database control unit 2107 reads document data from each database and outputs it to the client 2000 in response to a search request from the client 2000.

  The volume database 2108 stores document data entities.

  The attribute database 2109 stores attribute information such as document data names, creation dates, and comments.

  The full-text search database 2110 creates index information based on text data extracted from registered document data, and stores the index information. Upon receiving a full text search request from the client 2000, the server 2100 searches the full text search database 2110.

  In this embodiment, the database control unit 2107 extracts data from each database in response to a search request received from the client 2000, and creates document data to be output to the client 2000. Assume that the user makes a change to the extracted document, and the file control unit 2004 executes an input process as a new document. In this case, the volume database 2108 stores the extracted document, the changed document, and each entity as history information of document data. This history information is managed by the database control unit 2107.

  Next, the signature registration processing until the document registration apparatus 1001 gives a signature to the document file and registers the document file with the signature in the document management server 1003, and the document verification apparatus 1002 verifies the document file to be verified. The document verification process will be described.

1. Signature Registration Processing The signature registration processing until the document registration apparatus 1001 gives a signature to a document file and registers the signed document file in the document management server 1003 will be described with reference to the drawings.

  FIG. 6 is a flowchart illustrating an example of the signature registration process.

  Before the signature registration process is executed, the document registration apparatus 1001 stores a hash function, a secret key, and a certificate corresponding to the secret key in advance. The certificate includes a public key. In addition, the certificate includes the serial number of the certificate, information about the server that issued the certificate, information about the owner of the private key (such as the name of the owner of the private key), the validity period of the certificate, etc. Information shall be described.

  In step 601, the document registration apparatus 1001 performs a certificate confirmation process for confirming whether a certificate used for signature (referred to as “target certificate”) is valid. Details of the certificate confirmation processing will be described later with reference to FIG.

  In step 602, if the document registration apparatus 1001 determines that the target certificate is valid, the process proceeds to step 603. If it is determined that the target certificate is not valid, the document registration apparatus 1001 proceeds to step 605.

  In step 603, the document registration apparatus 1001 performs an electronic signature adding process for adding an electronic signature to the document file and creating a new document file using the target certificate whose validity has been confirmed. Details of the electronic signature attaching process will be described later with reference to FIG.

  In step 604, the document registration apparatus 1001 performs a time stamp adding process for adding a time stamp signature to a new document file and creating a new document file. Details of the type stamping process will be described later with reference to FIG.

  In step 605, the document registration apparatus 1001 registers the document file with the signature generated in step 604 in the document management server 1003.

  When acquisition of a document from the document management apparatus 1001 and registration of a document with the latest signature are repeated a plurality of times, the document management server 1003 repeats saving a new version of the document a plurality of times. To save all registered documents.

  The above process is a process for creating a new document file by giving an electronic signature and a time stamp signature to the document file. In addition to this, without giving an electronic signature or timestamp signature to the document file, the document file before the signature is made different from the electronic signature or timestamp signature, and the two files are stored in association with each other. May be.

<Certificate confirmation process>
Details of the certificate confirmation process (step 601 in FIG. 6) for confirming the validity of the certificate used for the signature will be described with reference to FIG.

  In step 701, the document registration apparatus 1001 determines the issuer of the target certificate, and determines whether the issuer is a trusted certificate authority (certificate server). When making the determination, the document registration apparatus 1001 inquires the document management server 1003 which certificate authority is reliable. The document management server 1003 holds in advance information regarding which certificate authority can be trusted. As a result of the inquiry, if the issuer of the target certificate can be confirmed to be a trusted certificate authority, the document registration apparatus 1001 proceeds to the process of step 702, and if not confirmed, the process proceeds to the process of step 706. In this embodiment, it is assumed that the certificate server 1008 is an issuer of the target certificate and is a reliable certificate authority.

  In step 702, the document registration apparatus 1001 determines whether the validity period of the target certificate has expired. If the target certificate is within the valid period, the document registration apparatus 1001 proceeds to the processing of step 706, and if the valid period of the target certificate has expired, that is, if the target certificate has expired, The process proceeds to step 703.

  In step 703, the document registration apparatus 1001 acquires a CRL (Certificate Revocation List) indicating a list of revoked target certificates from the certificate server 1008 that is the issuer of the target certificate.

  In step 704, the document registration apparatus 1001 determines whether the target certificate is included in the CRL. If the target certificate is included in the CRL, the document registration apparatus 1001 proceeds to the process of step 706 and invalidates the target certificate. On the other hand, if the target certificate is not included in the CRL, the document registration apparatus 1001 proceeds to step 705 and validates the target certificate.

<Digital Signature Adding Process (Step 603 in FIG. 6)>
Details of the electronic signature attaching process (step 603) will be described with reference to FIG.

  In step 901, the document registration apparatus 1001 calculates a hash value of the document file. The hash function used when calculating the hash value is, for example, known MD5 or SHA-1. If the signature is already included in the document file, the hash value including the signature is obtained.

  Details of the processing in step 901 will be described with reference to FIGS.

  FIG. 13A shows an original document 1301 without a signature. When an electronic signature is added to the original document 1301, only the original document 1301 is subject to hash value calculation. When an electronic signature (signature 1) is given to the document file shown in FIG. 13A by executing each process shown in FIG. 6, the document file shown in FIG. 13B is generated. The document file shown in FIG. 13B includes an original document 1301 and a signature 1. When an electronic signature is further added to the document file shown in FIG. 13B, both the original document 1301 and signature 1 are subjected to hash value calculation. When the electronic signature (signature 2) is added to the document file shown in FIG. 13B by executing each process shown in FIG. 6, the document file shown in FIG. 13C is generated. The document file shown in FIG. 13C includes an original document 1301, a signature 1 (1302), and a signature 2 (1303).

  Returning to FIG. 9, the flow of the electronic signature attaching process will be described.

  In step 902, the document registration apparatus 1001 encrypts the hash value calculated in step 901 with the private key included in the target certificate.

  In step 903, the document registration apparatus 1001 generates an electronic signature including the encrypted hash value and the target certificate. Examples of the electronic signature format include PKCS # 7 and Adobe's PDF signature. Note that the document registration apparatus 1001 may generate an electronic signature by further including information indicating that the document file is registered in the document management server 1003 and the generation time of the electronic signature.

  In step 904, the document registration apparatus 1001 associates the generated electronic signature with the document.

<Time stamp giving process (step 604 in FIG. 6)>
Details of the time stamp assigning process (step 6004) will be described with reference to FIG.

  In step 801, the document registration apparatus 1001 calculates the hash value of the document file to which the electronic signature is attached in the electronic signature attaching process (step 603).

  It is assumed that the document file before the electronic signature is given in step 603 is a document file including only the original document 1301 shown in FIG. In this case, in step 603, a document file including the original document 1301 and signature 1 (1302) shown in FIG. 13B is generated. In that case, in step 801, hash values are calculated for both the original document 1301 and signature 1 (1302).

  In step 802, the hash value calculated in step 801 is transmitted to a time stamp server (Time-Stamping Authority (TSA) 1008).

  In step 803, upon receiving the hash value, the time stamp server 1008 encrypts the received hash value with a secret key unique to the time stamp server 1008. Next, the time stamp server 1008 generates integrated information by integrating the encrypted hash value and the current time. Next, a time stamp token is generated so as to include the integrated information and a certificate having a public key corresponding to the secret key. When the generation of the time stamp token is completed, the time stamp server 1008 returns the time stamp token to the document registration apparatus 1001. The document registration apparatus 1001 receives the returned time stamp token.

  In step 804, the document registration apparatus 1001 generates a time stamp signature so as to include the received time stamp token and other necessary information. Next, the document registration apparatus 1001 generates a new document file by adding the generated time stamp signature to the document file generated by adding the electronic signature in step 803.

  Since the document management server 1003 registers the new document file generated in step 804, the file control unit 2004 executes a new document input process. Next, the volume database 2108 stores the retrieved document, the modified document, and the respective entities. Also, the database control unit 2107 manages information stored in the volume database 2108 as a document history. That is, the document management server 1003 manages all document file entities shown in FIG. 13 as document histories.

  Next, when the document registration apparatus 1001 takes in a document file, assigns a signature, and executes processing for registration in the document management server 1003, transition of a dialog box displayed on a display unit included in the document registration apparatus 1001 Will be explained.

  FIG. 3 is a diagram showing the transition of the dialog box.

  The dialog box 3000 is an initial dialog box. The user can select either “SCAN” or “FILE” on the dialog box 3000 using the keyboard and mouse connected to the document registration apparatus 1001.

  When the user selects “SCAN”, processing for registering the document file read by the scanner 1004 in the document registration apparatus 1001 is selected.

  When the user selects “FILE”, processing for registering the document file stored in the shared storage device 1006 in the document registration device 1001 is selected. A dialog box 3001 is a dialog box displayed on the display unit when the user selects “FILE” on the dialog box 3000.

  When the user selects “SCAN” and selects “Start” on the dialog box 3000, a scan dialog box 3002 for allowing the user to select various settings during scanning is displayed on the display unit. The user selects a color mode, resolution, and the like on the scan dialog box 3002. Next, when the user selects a scan button in the scan dialog box 3002, the scanner 1004 starts scanning the document and outputs a scanned image to the document registration apparatus 1001. The document registration apparatus 1001 temporarily saves the scanned image in a storage unit inside the apparatus (3003). Next, the document registration apparatus 1001 displays a continuous scan dialog box 3004 on the display unit for allowing the user to select whether or not to continue scanning with the scanner.

  When the user selects “Yes” on the continuous scan dialog box 3004, the document registration apparatus 1001 displays a scan dialog box 3002 on the display unit. On the other hand, when the user selects “No”, the document registration apparatus 1001 converts the scanned image stored in the storage means inside the apparatus into a PDF format document file (3005).

  Next, the document registration apparatus 1001 displays a preview dialog box 3006 on the display unit. A preview dialog box 3006 is a dialog box for previewing a PDF document file on the display unit. The user performs input of index information to be added to a PDF document file on the preview dialog box 3006. When the user selects “execute” on the preview dialog box 3006 when the input of the index information is completed, the document registration apparatus 1001 gives a signature to the PDF document file, and creates a new document file. Generate. Next, the document registration apparatus 1001 registers the newly generated document file with the document management server 1003 (3008).

  Note that the document registration apparatus 1001 displays a processing status display dialog box 3007 indicating the current processing status on the display unit until all document files are registered in the document management server 1003. When all the document files are registered in the document management server 1003, the document registration apparatus 100 deletes the processing status display dialog box 3007 from the display unit.

  On the other hand, when the user selects “FILE” and selects “START” on the dialog box 3000, a dialog box 3009 for selecting a document file to be imported is displayed.

  When the user selects “Add” in the dialog box 3009, the document registration apparatus 1001 displays a dialog box 3010 for allowing the user to specify a document file on the display unit. When the user designates a desired document file, the document registration apparatus 1001 displays a dialog box 3009 on the display unit again. The dialog box 3009 lists the names of document files specified by the user.

  When the user selects “OK” on the dialog box 3009, the document registration apparatus 1001 converts the files listed in the dialog box 3009 into PDF format document files (3005).

2. Document Verification Processing Next, document verification processing in which the document verification apparatus 1002 verifies a verification target document file will be described.

  The document verification apparatus 1002 extracts a document file with a signature registered in the document management server 1003, and verifies the signature existing in the extracted document file.

  The document verification apparatus 1002 determines a document file to be verified (referred to as a verification target document file), and starts verification of the document file. The verification result of the verification target document file is determined based on the “validity” of each signature included in the verification target document file.

  FIG. 10 is a flowchart showing a document verification process for verifying the validity of a document file including n signatures.

  In step 1001, the document verification apparatus 1002 counts the number of signatures included in the verification target document file, and sets the number to the variable n. Here, the signatures included in the verification target document file are numbered sequentially from the oldest one. For example, the signature 1 (1302) in the document file shown in FIG. 13C is numbered 1 and the signature 2 (1303) is numbered 2.

  In step 1002, the document verification apparatus 1002 determines whether n is a positive number. If n is 0, that is, if there is no signature to be verified, the document verification apparatus 1002 ends the verification process for the verification target document file. On the other hand, if n is 1 or more, that is, if there is a signature to be verified, the process proceeds to step 1003.

  In step 1003, the document verification apparatus 1002 performs verification processing on the nth signature included in the verification target document file. Details of the signature verification processing will be described later with reference to FIG.

  In step 1004, the document verification apparatus 1002 performs processing for obtaining a verification result for the verification target document file based on the verification result for the nth signature (referred to as “verification result integration processing”). The verification results include “valid” and “not valid”. “Valid” means that all the signatures in the document have not been tampered with, the certificate is valid and has not been edited after the signature. On the other hand, “invalid” means “certificate is not valid”, “edited”, or “has been tampered with”. Details of the verification result integration processing will be described later with reference to FIG.

  In step 1005, the document verification apparatus 1002 sets n minus 1 as a new n, and returns to step 1002. In this way, verification processing is performed for all signatures included in the document file, and a final verification result for the document file is obtained.

  Note that the final verification result coincides with the verification result obtained in step 1004 (verification result integration processing) when n = 1.

<Signature verification processing>
Next, details of the n-th signature verification process (step 1003) will be described with reference to FIG.

  First, the meaning contents of “tamper” and “edit” will be described.

  “Tampering” is an act of illegally changing a document file including a signature. For example, an act of opening a document file including a signature in a binary format and changing binary data (changing a bit of “0” to a bit of “1”) corresponds to “tampering”. That is, “tampering” refers to an act of changing data so that information before “tampering” is lost.

  “Editing” is an act of changing a document file including a signature by a legitimate method. For example, an act of opening a document file including a signature in the PDF format, changing the original document included in the PDF data, and further adding information indicating the changed contents to the document file corresponds to “edit”. . That is, “editing” refers to an act of changing data so that information before “editing” is not lost.

  Information indicating what changes have been made to the original document is referred to as “edit information”. For example, when editing is performed on the document file shown in FIG. 13C, the editing information 1304 is added to generate the document file shown in FIG.

  FIG. 11 is a flowchart showing the verification process of the nth signature.

  In step 1101, the document verification apparatus 1002 confirms whether or not the verification target document file has been tampered with after the nth signature is performed and before the (n + 1) th signature is performed. However, when the nth signature is the latest signature in the verification target document file, in step 1101, the document management server 1003 performs falsification on the verification target document file after the nth signature is performed. You may make it confirm whether it is not.

  When the nth signature is an electronic signature, the document verification apparatus 1002 uses the public key in the certificate included in the nth signature (electronic signature), and the hash included in the nth signature (electronic signature). Decrypts the value. Next, the document verification apparatus 1002 calculates a hash value from the document file before the nth signature (electronic signature) is given. Next, the document verification apparatus 1002 compares the decrypted hash value with the calculated hash value. If the two hash values are different as a result of the comparison, the document verification apparatus 1002 determines that “tampering” has been performed. On the other hand, when the two hash values are the same value, the document verification apparatus 1002 determines that “tampering” has not been performed.

  On the other hand, when the nth signature is a time stamp signature, in step 1101, the document verification apparatus 1002 uses the public key included in the nth signature to store the time stamp in the time stamp token included in the nth signature. Decrypt the hash value. Next, the document verification apparatus 1002 calculates a hash value from the document file before the nth signature is given. Next, the document verification apparatus 1002 compares the decrypted hash value with the calculated hash value. If the two hash values are different as a result of the comparison, the document verification apparatus 1002 determines that “tampering” has been performed. If the two hash values are the same value, the document verification apparatus 1002 determines that “tampering” has not been performed.

  In step 1102, the document verification apparatus 1002 confirms the validity of the certificate included in the nth signature. When the nth signature is an electronic signature, the processing content of step 1102 is the same as the “certificate confirmation processing” shown in FIG. However, the “certificate checking process” illustrated in FIG. 7 is performed by the document registration apparatus 1001, whereas the process of step 1102 is performed by the document verification apparatus 1002. In the “certificate confirmation process” shown in FIG. 7, the certificate is invalidated whenever the validity period of the certificate has expired at the time of performing the certificate confirmation process. On the other hand, in the processing of step 1102, even if the certificate validity period has expired at the time of certificate confirmation processing, if the time stamp signature is performed before the validity period expires, the certificate Is valid.

  If the nth signature is a time stamp signature, in step 1102, the document verification apparatus 102 determines that the time stamp signature is valid based on the validity period described in the time stamp token included in the time stamp signature. Check if it exists.

  In step 1103, the document verification apparatus 1002 confirms whether the original document has been edited after the nth signature. This is performed based on whether editing information is included in the verification target document file as shown in FIG.

<Verification result integration processing>
Details of the verification result integration processing (step 7004) will be described with reference to FIG.

  FIG. 12 is a flowchart showing verification result integration processing.

  In step 1201, the document verification apparatus 1002 determines whether the verification target document file has been tampered with with respect to the nth signature. If it is determined that falsification has been performed, the document verification apparatus 1002 proceeds to the processing of step 1204 and determines that “falsification verification result” is “falsified”. Thereafter, the document verification apparatus 1002 proceeds to the process of step 1202. On the other hand, if it is determined that no falsification has been performed, the document verification apparatus 1002 proceeds to the process of step 1202.

  In step 1202, the document verification apparatus 1002 determines whether the certificate included in the nth signature is valid. If it is determined that the certificate is not valid, the document verification apparatus 1002 proceeds to the processing of step 1205 and determines that the certificate verification result is “certificate is invalid”. Thereafter, the document verification apparatus 1002 proceeds to the process of step 1203. On the other hand, if it is determined that the document is valid, the document verification apparatus 1002 proceeds to the process of step 1203.

  In step 1203, the document verification apparatus 1002 determines whether or not the nth signature has been edited on the verification target file. If it is determined that editing has been performed, the document verification apparatus 1002 proceeds to the processing of step 1206 and determines that “edit verification result” is “edited”.

  Before starting the verification result integration process, the document verification apparatus 1002 sets “tamper verification result” to “no falsification”, “certificate verification result” to “valid”, and “edit verification result” in advance. Set to “No editing”.

  It is assumed that “tampered” is set in step 1204 or “certificate is invalidated” in step 1205. In this case, the database control unit 2107 deletes the documents “tampered” and “certificate invalid” from all the document entities managed in the document history format on the volume database 2108. .

  Next, transition of a dialog box displayed on the display unit of the document verification apparatus 1002 when the document verification apparatus 1002 executes processing for verifying the document file registered in the document management server 1003 will be described.

  FIG. 4 shows transition of a dialog box displayed on the display unit included in the document verification apparatus 1001 when the document verification apparatus 1002 executes the verification process.

  A dialog box 4000 is a dialog box for displaying the name of a document file with a signature stored in the document management server 1003. When the document verification process is activated (4001), a dialog box 4002 is displayed on the display unit.

  A dialog box 4002 is a search condition setting dialog box displayed by the document verification apparatus 1001 when the user selects a search condition for searching for a desired document file from the document files registered in the document management server 1003. . When the user selects “Close” on the search condition setting dialog box 4002, the process ends.

  When the user selects a search condition on the search condition setting dialog box 4002 and selects “Search”, the document verification apparatus 1002 transmits the selected search condition to the document management server 1003. The document management server 1003 that has received the search condition searches the document data in the document management server 1003 according to the search condition (4003). The document management server 1003 transmits a plurality of document files as search results to the document verification apparatus 1002. When the document verification apparatus 1002 receives the search result, the document verification apparatus 1002 displays the search result on the search dialog box 4004.

  A search dialog box 4004 displays the number of document file names designated in advance by the user. When the user selects “next / previous” on the search dialog box 4004, the document management server 1003 searches again and the search result is displayed on the search dialog box 4004.

  When the user selects “verify” on the search dialog box 4004, the document verification apparatus 1002 verifies a plurality of document files as search results (4005), and displays the dialog box 4006 on the display unit.

  If the user selects “OK” on the dialog box 4006, the search dialog box 4004 is displayed again. On the search dialog box 4004, the verification result for each document file is newly displayed on the same line as the name of each document file.

<Verification result display screen>
A dialog box 5000 in FIG. 5 is an enlarged view of the search dialog box 4004 after the verification process. The dialog box 5000 is also a dialog box displayed on the display unit after the document verification apparatus 1002 finishes the document verification process shown in FIG.

  The verification result display area 5001 includes a document name area 5002, a verification result icon display area 5003, a verification result content display area 5004, a time stamp signature date / time display area 5005, and a final verification date / time display area 5006.

  A document name area 5002 is an area for displaying the document name of each document file.

  The verification result icon display area 5003 is an area for displaying the result of the verification process for each document file by an icon. There are four types of icons. The first is a check mark icon indicating that the document file is “valid”. The second is an “!” Icon indicating that “there is a problem other than tampering”. The third is an “outline!” Icon indicating “tampered”. The fourth is an “?” Icon indicating “unverified”. “Valid” is added to a document file whose result of the document verification process shown in FIG. 10 is “valid”. “There is a problem other than tampering” is added to the document file “certificate is not valid” or “edited” as a result of the document verification processing in FIG. “Tampered” is added to the document file “has been tampered” as a result of the document verification processing in FIG. “Unverified” is added to a document file that has not yet been verified in FIG.

  The verification result content display area 5004 displays “falsification verification result”, “certificate verification result”, and “edit verification result” obtained by the processing shown in FIG.

  A time stamp signature date and time display area 5005 indicates the date and time when the time stamp signature was last given.

  A final verification date display area 5006 shows the latest date and time among the dates and times when the document file was verified.

[Other embodiments]
An object of the present invention is to mount a recording medium on which a program code of software for realizing the functions of the above-described embodiments is recorded in a system or apparatus, and a computer such as the system reads and executes the program code stored in the recording medium. Is also achieved. A recording medium is a computer-readable recording medium. In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the recording medium storing the program code constitutes the present invention. Further, based on the instruction of the program code, an operating system (OS) running on the computer may perform part or all of the actual processing, and the functions of the above-described embodiments may be realized by the processing. In addition, after the program code read from the recording medium is written to the function expansion card or function expansion unit of the computer, the function expansion card or the like performs part or all of the processing based on the instruction of the program code. The embodiments described above may be implemented.

  When the present invention is applied to the recording medium, the recording medium stores program codes corresponding to the flowcharts described above.

It is a figure which shows the whole structure of a document management system. It is a block diagram which shows the internal structure of a document registration apparatus, a document verification apparatus, and a document management server. 6 is a diagram for explaining transition of a dialog box displayed on a display unit included in the document registration apparatus 1001. FIG. 10 is a diagram for explaining transition of a dialog box displayed on a display unit included in the document verification apparatus 1001 when the document verification apparatus 1002 executes verification processing. FIG. It is an enlarged view of a search dialog box 4004 after the verification process. It is a flowchart which shows a signature registration process. It is a flowchart which shows the certificate confirmation process which confirms the validity of the certificate used for a signature. It is a flowchart which shows a time stamp provision process. It is a flowchart which shows an electronic signature provision process. It is a flowchart which shows the document verification process which verifies the validity of the document file with respect to the document file containing n signatures. It is a flowchart which shows the verification process of nth signature. It is a flowchart which shows a verification result integration process. It is a figure which shows the relationship between a document file, a signature, etc.

Explanation of symbols

1001 Document registration apparatus 1002 Document verification apparatus 1003 Document management server 1004 Scanner 1005 Multifunction machine 1006 Shared storage apparatus 1007 Internet 1008 Time stamp server / certificate server

Claims (9)

In a document management system comprising a document registration device and a document management device,
The document registration device includes:
Means for obtaining a document from the document management device;
Means for giving a latest signature to the acquired document;
Means for registering the document with the latest signature by the means for giving in the document management apparatus;
The document management device includes:
Means for storing the document obtained by the obtaining means;
The latest signature received as a new version of the document stored in the storing unit by associating the document with the latest signature received from the document registration device with the document stored in the storing unit. A document management system comprising: means for storing a document to which is attached. When acquisition of the document from the document management device and registration of the document with the latest signature are repeated multiple times,
2. The document according to claim 1, wherein the storing unit stores all documents registered by the registering unit in the storing unit by repeatedly storing a new version of the document a plurality of times. Management system. A document management system further comprising a document verification device,
The document verification device includes:
First verification means for verifying a signature included in a document stored in the storage means and generating a first verification result;
Second verification means for verifying a signature included in the document with the latest signature and generating a second verification result;
The document management apparatus includes:
The apparatus according to claim 1, further comprising: a first deletion unit that deletes the document with the latest signature from the storage unit when the first verification result is different from the second verification result. Item 3. The document management system according to Item 1 or 2. The document verification device includes:
Further comprising third verification means for verifying signatures included in all documents registered by the registering means and generating a third verification result;
The document management apparatus includes:
When the third verification unit determines that the document has been tampered with, the second unit deletes from the storage unit the document for which tampering has been determined and all the documents registered by the registering unit after being tampered with The document management system according to claim 3, further comprising: a deleting unit. The document management apparatus includes:
When the third verification unit determines that the certificate of the document is not valid, the document for which the certificate is determined to be invalid and all documents registered after the document are deleted from the storage unit. 5. The document management system according to claim 4, further comprising third deletion means. In a document management system comprising a document registration device and a document management device,
The document registration device includes:
Means for obtaining a document from the document management device;
Means for giving a latest signature to the acquired document;
Means for registering the document with the latest signature by the means for giving in the document management apparatus;
First verification means for verifying a signature included in a document stored in the storage means included in the document management apparatus and generating a first verification result;
Second verification means for verifying a signature included in the document with the latest signature and generating a second verification result;
The document management apparatus includes:
Said storing means for storing a document acquired by said acquiring means;
The latest signature received as a new version of the document stored in the storing unit by associating the document with the latest signature received from the document registration device with the document stored in the storing unit. Means for storing a document with
Document management comprising: a first deleting unit that deletes the document with the latest signature from the storing unit when the first verification result and the second verification result are different from each other. system. In a method for managing documents by a document registration device and a document management device,
The document registration device acquiring a document from the document management device;
The document registration device assigning a latest signature to the acquired document;
The document registration device registering the document with the latest signature in the granting step in the document management device;
The document management device storing the document obtained by the obtaining step;
The document management device associates the document with the latest signature received from the document registration device with the document stored in the storing step, and assigns the latest signature as a new version of the document. A document management method comprising the step of: On the computer,
A computer-readable recording medium on which a program for executing the method according to claim 7 is recorded. On the computer,
A program for executing the method according to claim 7.

Images