JP2002342145A - Authentication system for electromagnetic record, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a safe electromagnetic record authentication system by which a burden of authenticating an accessing person can be reduced in a server and an electromagnetic record is not always requested to be stored in a client side. SOLUTION: This authentication system consists of an authentication client system and authentication storage server systems connected through the Internet, the authentication client system distributedly transmits fragment information prepared from an electromagnetic record to a plurality of authentication storage server systems, and also outputs restoration information needed to restore the electromagnetic record, the authentication storage server systems store the transmitted fragment information and transmit the fragment information and information showing authentication results to the authentication client system, and the authentication client system extracts the fragment information from the authentication storage server systems by using the restoration information and restores the electromagnetic record.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electromagnetic record authentication system, and more particularly, to an electromagnetic record authentication system of a type in which an electromagnetic record is stored in a server.

[0002] In this specification, the authentication storage server is:
In addition to receiving authentication information (information used for identifying an accessor such as an ID and a password) to authenticate the accessor, storing information transmitted from the authentication client, and responding to a transmission request from the authentication client, A server having a function of transmitting the stored information.
A server in this specification refers to any device that is connected to a client via the Internet and provides services to the client.

In this specification, an authentication client is a client connected to an authentication storage server via the Internet, and outputs a result of authentication of an input electromagnetic record. A client in this specification refers to any device that is connected to a server via the Internet and receives services from the server.

[0004] In this specification, all devices are computers, microprocessors, electronic devices, storage devices, portable terminals, portable telephones, electric appliances, electronic circuits, etc. Includes, but is not limited to, all systems connected by communications, wireless communications, etc.

[0005] In this specification, the authentication result information is information including information indicating the authentication result of the fragment information. Here, the information indicating the authentication result refers to information such as a bit, a flag, data, and text indicating that the authentication storage server has received and stored the fragment information from the authentication client. The fragment information itself does not correspond to the information indicating the authentication result.

[0006] In the present specification, fragment information is fragmentary information created from an electromagnetic record and does not include information that alone can restore the entire electromagnetic record.

[0007]

2. Description of the Related Art Conventionally, there are roughly the following two methods for authenticating electromagnetic records using a certification organization. The first method relies on public key cryptography, in which a certification body receives an electromagnetic record from a client side, adds information such as a fixed date to the record, and then uses the secret key of the certification body. This is a method in which an electronic signature is returned with an electronic signature, and the client side stores an electromagnetic record with an electronic signature. (Assuming that this method is used for content certification mail,
JP-A-11-261549). The second method is to store electromagnetic records to be certified in the certification body (this method is used for content certification mail,
JP-A-11-234330).

[0008] The first method has an advantage that it is not necessary to keep an electromagnetic record in a certification authority. However, since it relies on public key cryptography, the amount of calculation is large, the digital signature may be forged, and it is necessary to store an authenticated electromagnetic record on the client side. It has disadvantages such as burdening the user.

In the second method, since the electromagnetic records must be stored in the certification organization, a huge amount of information is collected at the certification organization, and there is a problem that security is uneasy. However, the use of public key cryptography is not always required, so that the amount of calculation can be reduced, and the storage of authenticated electromagnetic records on the client side is not necessarily required, so that the load on the storage device on the client side can be reduced. There are advantages.

[0010] The above is the authentication of electromagnetic records. In contrast to this, in the authentication of an accessor, conventionally, a method of receiving a service from one server and inputting an ID and a password in the server has been mainstream. Was. However, IDs and passwords are not always highly secure as a method of authenticating an accessor, and there is a great risk of spoofing, especially in the Internet, which is a public network. Therefore, it has been proposed to authenticate an accessor using a public key cryptosystem, but the security of a server that stores a secret key becomes a problem.
A distributed authentication server that authenticates an accessor by distributing secret key information to a plurality of authentication servers is known (Japanese Patent Application Laid-Open Nos. 8-204696 and 2000-83).
021). However, since high-speed access is required for authentication of accessors, it is a serious problem that the load of computation required by the public key cryptosystem is applied to the server, which is a serious problem. (Japanese Patent Laid-Open No. 2000-83021). In other words, there is a problem in that when the reliability of the authentication of the accessor in the server is to be improved, the burden of the authentication of the accessor in the server increases.

[0011]

SUMMARY OF THE INVENTION It is an object of the present invention to reduce the burden of authentication of an accessor on a server, and it is not always necessary to store an electromagnetic record on a client side. It is to provide an authentication system for records.

[0012]

SUMMARY OF THE INVENTION The present invention is an authentication client connected to an authentication storage server via the Internet, which receives an input of an electromagnetic record and obtains a fragment which is fragmentary information of the electromagnetic record. The information is distributed and transmitted to a plurality of authentication storage servers, and a diffusion system that outputs restoration information necessary for restoring the electromagnetic record, and receives input of restoration information output from the diffusion system,
A restoration system for making a transmission request to the plurality of authentication storage servers, receiving the transmitted fragment information, and restoring the electromagnetic record.

An authentication storage server connected to an authentication client via the Internet, comprising: an access authentication means for authenticating an accessor; and information transmitted from the authentication client when authentication of the access authentication means is successful. When the authentication of the access authentication unit succeeds, the information received from the authentication client is acquired from the information storage unit, and the information on the transmission request and the information on the transmission request are stored. An authentication storage server system comprising: an information transmission unit that transmits authentication result information that is information including information indicating an authentication result to the authentication client.

Further, the present invention provides a diffusion system constituting an authentication client system. Further, a restoration system constituting an authentication client system is provided. The present invention also provides an authentication system including an authentication client system and an authentication storage server system connected via the Internet.

[0015]

DESCRIPTION OF THE PREFERRED EMBODIMENTS As an embodiment of the authentication system of the present invention, an authentication system including 3000 authentication storage server systems and one authentication client system will be described as an example.

FIG. 1 is a block diagram schematically showing an entire authentication system including 3000 authentication storage server systems and one authentication client system. The outline of the system will be described below with reference to FIG.

First, an authentication client system 101 which is an embodiment of the authentication client system of the present invention will be described. The authentication client system 101
This is a computer system including a diffusion system 102 and a restoration system 103. Here, the diffusion system 102
Is an embodiment of the diffusion system of the present invention, and the restoration system 103 is an embodiment of the restoration system of the present invention.

The spread system according to the present invention includes the steps of: receiving input of an electromagnetic record; distributing fragment information of the electromagnetic record to a plurality of authentication storage servers via the Internet; Any device that extracts fragment information transmitted to the storage server and outputs restoration information that is information necessary for restoring the electromagnetic record.

The diffusion system 102 of this embodiment receives an input of an electromagnetic record (151), and transmits the fragment information of the electromagnetic record in a distributed manner to 3000 authentication storage server systems 104 (153). (152) A computer system that extracts fragment information transmitted to 3000 authentication storage server systems 104 and outputs restoration information necessary for restoring the electromagnetic record (152).

Here, examples of the electromagnetic record include an electronic document such as a contract, a digital data file of a photograph, a moving image file, and a computer program. Documents such as contracts can also be converted into electronic data using a scanner or the like to become electromagnetic records. In this embodiment, a document file of a meeting record created in a company is used as an electromagnetic record. The file name of the document file of the meeting minutes used here is KAIGI. DOC. This is a document file created by a word processor or the like, and its contents are as follows: "May 6, 2001, 2:00 pm to 4:00 pm, first conference room, attendees X, Y, Z, meeting agenda R Regarding the price of the new product, the cost of manufacturing the new product XR is 399 yen, and competitors are planning to ship 400 units from April next year .... Omitted Is 450
I have to go to the market in yen. "

The spread system 102 receives the input of the document file of the conference proceedings (151), and performs encryption, division, and redundancy processing as described later to create 3000 pieces of fragment information. Although encryption and redundancy are performed in this embodiment, they may not be performed.

Further, the diffusion system 102 stores access information for accessing the authentication storage server system 104. In the present embodiment, a URL address of a server of the authentication storage server system 104 and authentication information (information for identifying an access person, and an ID and a password in the present embodiment) are used as the access information. It should be noted that any information that specifies the authentication storage server system 104, such as an IP address or a serial number of the authentication storage server, is used in place of the URL address. It is also possible to use other information for authenticating the accessor. Further, in the present embodiment, the access information is stored in advance on the hard disk which is the access information storage means of the diffusion system 102, but the access information is automatically acquired via the Internet by the diffusion system 102. It is also possible. For example, a web browsing unit is mounted on the spreading system 102, and an external web site is provided with a list of authentication storage servers,
Provide a service that provides information on the evaluation of the reliability of the authentication storage server and the usage fee of the authentication storage server,
It is also possible to automatically obtain the access information by downloading the access information from an external Web site. In this specification, the reliability of the authentication storage server means that the fragment information stored in the authentication storage server is lost or the operation of the authentication storage server is stopped, so that the stored fragment information cannot be retrieved later. It refers to the evaluation of danger, in addition to quantitative indicators such as numerical values, A, B,
Includes those indicated by qualitative indices such as C rank. As described above, by automatically acquiring access information via the Internet, many authentication storage servers can be selected as appropriate based on the latest information on reliability and usage charges, and flexible. This has the effect of realizing a simple authentication system.

The spreading system 102 accesses the 3000 authentication storage server systems 104 via the Internet, transmits IDs and passwords, and transmits each piece of fragment information to each authentication storage server system 104. That is, 3000 pieces of fragment information are distributed and transmitted to 3000 pieces of authentication storage server systems 104 (153). It is preferable that the ID and the password are different for each authentication storage server system 104.

A method using an ID and a password is a simple authentication method for an accessor, and is not necessarily highly reliable. However, for some of the 3000 authentication storage server systems 104, even if a third party obtains fragment information by breaking a password, it is difficult to restore an electromagnetic record. In this sense, it is difficult to transmit and store fragment information in a distributed manner, even if the security of the accessor authentication is low for each authentication storage server, but it is difficult and safe to restore the electromagnetic record. This has the effect that the burden of authentication of the accessor can be reduced.

The spreading system 102 generates and outputs restoration information (152). In the present embodiment, the restoration information is output as a file to a flexible disk, but the information can be output to another recording medium such as a memory card, output to a network, or output to a memory or a hard disk in a computer. Is also possible. Details of the restoration information will be described later.

The restoration system of the present invention is any device that receives restoration information, accesses a plurality of authentication storage servers, receives fragment information via the Internet, and restores an electromagnetic record.

The restoration system 103 of this embodiment receives the input of the restoration information (152), and uses the URL address, ID and password of the authentication storage server system to execute 300
The user accesses the zero authentication storage server systems 104 via the Internet, requests transmission of fragment information, retrieves the fragment information from the authentication storage server systems 104, respectively, and stores
4 receives the authentication result information output (15
4) It is a computer system.

In the present embodiment, the restoration information is input by reading a file of the restoration information stored in the flexible disk. However, the restoration information can be read from another recording medium such as a memory card or received from a network. Alternatively, the input can be received from a memory or a hard disk in the computer.

The restoration system 103 stores the extracted 30
The 00 pieces of fragment information are subjected to error correction, integration, and decryption processing to be restored and output as a document file of the meeting minutes, and the 30 pieces of information transmitted from the authentication storage server system 104.
A summary of the 00 pieces of authentication result information is output (158). Here, decoding and error correction are performed in this embodiment, but may not be performed. The details of the authentication result information will be described later.

The restoration system and the diffusion system can be used separately. For example, the spreading system may be owned by the principal, and the restoration system may be owned by a third party. In this case, the person himself / herself authenticates the electromagnetic record by passing the restoration information to a third party. For example, if a judge as a third party has the restoration system 103, the plaintiff as the principal submits a storage medium such as a flexible disk in which the restoration information is stored to the judge, and the judge sends the restoration system 103. 103
May be loaded with the restoration information. Then, by looking at the summary of the authentication result information output at that time, the judge can determine whether or not the document file of the minutes has been received and stored by the authentication storage server on the specific day. .
In this way, by using the restoration system and the spreading system separately, the restoration information is passed to the person who owns the restoration system, and thereby the authentication of the electromagnetic record at a geographically distant place from the owner of the spreading system. Has the effect that it can be performed easily.

Next, an authentication storage server system 104 which is an embodiment of the authentication storage server system of the present invention will be described. The authentication storage server system of the present invention is any device including an access authentication unit, an information storage unit, and an information transmission unit.

The authentication storage server system 104 of the present embodiment
Is a computer system including an access authentication unit 105, an information storage unit 106, and an information transmission unit 107. In the present embodiment, the authentication storage server system 10
4 uses an ftp server that transmits information to the Internet using the ftp file transfer protocol. In this regard, another server such as a web server or a mail server can be used. The server in the present specification refers to a device connected to the client via the Internet and providing a service to the client. Therefore, the server includes software for exchanging files with each other without passing through a central server such as Gnutella. A computer also functions as a server in relation to a computer (client) that receives an authentication service, and is therefore included in the concept of a server in this specification.

The access authentication means of the present invention is any device that obtains authentication information from an authentication client and authenticates an accessor. Access authentication means 1 of this embodiment
Reference numeral 05 denotes a computer system that receives an ID and a password from the authentication client system 101 (153 and 154) and determines whether or not the accessor has an access right by comparing the ID and the password stored in the hard disk with a set of the ID and the password. Specifically, the ID sent from the authentication client system 101 via the Internet
The password is compared with the set of ID and password stored in the hard disk. If there is the same one, it is determined that the user has the access right.

When there is no identical one, the transmission of electronic money is requested, and when the electronic money is transmitted, an ID and a password are issued on the spot by random numbers or the like and transmitted to the spreading system 102. It is also possible to treat it as having access authority. If you do this,
Since there is no need to register ID and password in advance,
There is an effect that it becomes easy to use the authentication storage server.

The information storage means of the present invention is any device that stores information transmitted from an authentication client when authentication by the access authentication means succeeds. When the access authentication unit 105 determines that the user has the access right, the information storage unit 106 of the present embodiment
2 is a computer system that stores fragment information transmitted via the Internet. Specifically, ft
The file of the fragment information transmitted by the p-file transfer protocol is stored on the hard disk. In this embodiment,
Once a file is stored, even a person who has input a correct ID and password cannot delete or overwrite the file. By doing so, it is possible to prevent the fragment information from being changed even if the ID and the password are broken, and there is an effect that the security of the system is improved. The change may be made possible, or the change may be made only when a special password for change or the like is input. The information storage unit 106 also stores the ID of the sender of the fragment information and the date and time when the fragment information was stored, in preparation for the output of the authentication result information.

[0036] The information transmitting means of the present invention means that, when the authentication of the access authenticating means is successful, the information requested to be transmitted from the authentication client is obtained from the information storage means, and the information requested to be transmitted and the authentication result information Are all devices that send the authentication request to the authentication client.

When the access authenticating means 105 determines that the user has the access right, the information transmitting means 107 of this embodiment receives the transmission request from the restoration system 103 (154). Receiving the file of the stored fragment information specified by (157), and storing the stored file and the authentication result information,
This is a computer system that transmits (154) to the restoration system 103 via the Internet by the ftp file transfer protocol. If there is no information specified by the transmission request, authentication result information indicating that authentication is not performed is transmitted (154). In this embodiment, the transmission request is made by designating a file name (a request for transmission of KAIGI.DOC). Then, a file specified by the specified file name is searched from the directory corresponding to the ID of the accessor on the hard disk of the information storage unit 106, and if the file exists,
A file in which the file and the authentication result information corresponding to the file are recorded is acquired and transmitted to the restoration system 103 using the ftp file transfer protocol. If the file does not exist, authentication result information indicating that authentication is not performed is generated and transmitted in the present embodiment, but an empty file and authentication result information may be generated and transmitted. As the transmission request, in addition to the designation of the file name, it is possible to use arbitrary information that can specify the stored information, such as the stored content and the date and time of the storage.

In this embodiment, as the authentication result information, the ID of the sender of the fragment information, the fixed date information that guarantees the date when the fragment information is stored, and the authentication word indicating that the authentication is performed or not are performed. Use information consisting of items. As an example of authentication result information, when performing authentication,
"ID: We will certainly authenticate that we received and stored the above information from ABC1039 on June 4, 2001". If you do not authenticate, you will get "cannot authenticate."

As the authentication result information, 3 used in the embodiment is used.
In addition to the items, various information such as the name of the authentication storage server system, the location, the name of the person in charge, the contact information, the digital signature, the ID of the transmission request source, and the IP address can be used. Note that these pieces of information may be used as the authentication result information when authentication is not performed.

The above is the outline of the entire authentication system in this embodiment. FIG. 2 is a block diagram illustrating details of the spreading system 102 in the present embodiment. The details of the spreading system 102 will be described below with reference to FIG.

The encryption means of the present invention is any device for encrypting data. Encryption means 2 in the present embodiment
01 receives the input of the document file of the minutes (15
1) Encrypt data using an encryption key and output (2)
52), and outputs the encryption key (251). Although DES is used as the encryption method, any other encryption method can be used. The result of encrypting the document file of the meeting minutes is, for example, “D% 23s (omitted) K & 4e
It becomes a meaningless data string like "＄".

The division means is any device that divides data into a plurality of pieces of information. The dividing means 202 in the present embodiment receives the input of the encrypted data (25
2) The data is divided into a plurality of data, and data is added and output so that the data can be integrated later (253).
In this embodiment, the file is divided into 1000 files, and a division number n (n is 1 to 100) is added to the head of the n-th file.
(A natural number of 0) and 1000 which is the total number.
For example, examples of division of the above-described encrypted data include "1-1000-D% 23s", (omitted), and "1000-1000-K & 4e @". 1000 files of such data can be created.

The redundancy means of the present invention is any device that makes data redundant so that error correction can be performed later. The redundancy means 203 in the present embodiment receives the input of the divided information (253), and outputs the redundant information enabling error correction and error checking to be performed later (254). In this embodiment, three replicated files are created for one file, and a copy number m (m is a natural number from 1 to 3) and a copy number of 3 are added to the head of the m-th file. For example, three data created by duplicating the above-mentioned divided data of “1-1000-D% 23s” is “1-3-1-1000-
D% 23s "," 2-3-1-1000-D% 23
s "and" 3-3-1-1000-D% 23s ". There will be 3000 files of such data.

In this embodiment, the duplication is performed by making a copy. However, other methods such as the use of an error correction code may be used. If the degree of redundancy is significant, coupled with the Internet's characteristic of having a large number of connected users,
An effect is obtained that the reliability of the authentication storage server can be lowered, which cannot be considered with the common sense of the conventional certification organization. For example, if you make 100,000 copies, even if your personal computer is not always connected to the Internet, some of the 100,000 computers will need to be restored to electromagnetic records, for example, a few years later. Since it can be expected to be connected, it can be used as an authentication storage server. Restoring and retransmitting the original electromagnetic record every few months is even more certain.
It is also possible to provide an Internet browser or OS with an authentication storage server function so that an individual can access the Internet or start up a computer and become an authentication storage server without being conscious. If such an individual authentication storage server collects a small amount of electronic money of about 0.1 yen at the time of authentication, the user weighs the importance of the information to be authenticated and the cost to reduce redundancy. Since the degree is changed, it is possible to prevent the network from being used unnecessarily.

Further, when the redundancy is performed, there is an effect that a system extremely resistant to disasters and the like can be realized in combination with the characteristics of the Internet that connects countries around the world. For example, if 50 copies are created and transmitted to a reliable authentication storage server in 50 countries around the world (for example, a national or local government authentication storage server), the authentication storage servers in multiple countries may be Even if they are destroyed at the same time due to such natural disasters or simultaneous cyber-terrorism, an authentication service is not stopped and an extremely secure system can be configured.

In the present embodiment, data is transferred by performing processing in the order of the encryption means, the division means, and the redundancy means. However, the three orders can be changed. And / or the redundancy means can be omitted.

In this embodiment, information output through encryption, division, and redundancy is used as 3000 pieces of fragment information.
However, the method of generating fragment information is not limited to this, and it is necessary to generate fragment information by adding or converting various information such as adding information such as a transmission date and adding a digital signature. Is also possible. For example, other information may be mixed to make it difficult to understand that the information is fragment information, or information printed on a document file, image file, audio file, or the like using an electronic watermark may be used as fragment information. By doing this,
Even if the ID and password are broken by a third party and intruded into the server, it is possible to obscure that there is fragment information there, resulting in an effect that security is improved.

Also, by using a secret information sharing method proposed in the distributed authentication server, a matrix (simultaneous polynomial) operation at another stage is performed, and even if less than half the pieces of fragment information are collected, the original information is estimated. Although it is not possible, it is also possible to generate fragment information that can restore the original information if a majority of correct information is collected. Further, in the present embodiment, the encryption, division and redundancy are performed by the operation of the CPU of the computer, but the processing can be performed using a dedicated chip such as a digital signal processor (DSP).

The access information storage means of the present invention is any device that stores access information required to access a plurality of authentication storage servers. The access information database 204 of the present embodiment is an embodiment of access information storage means, and stores URL addresses, IDs, and passwords required to access 3000 authentication storage server systems in a table format. It is a computer system. That is, each row of the table contains a URL address,
It contains the ID and password to be sent at that URL address. For example, the first line is "ftp: // AB
C. DEF. com, DOG34, 39439DH
D ", the second line is" ftp: //GHI.JKL.c
o. jp, JFU3032, iriti48t ”(omitted), line 3000 is“ ftp: //UVW.XY
Z. com, CAT53, 2902kh39d ”(in a comma, a delimiter).

The table of the access information database may include a column of information such as information on the reliability of the authentication storage server and a usage fee. By doing so, a plurality of authentication storage servers can be automatically selected and switched according to the budget and the required reliability, and the convenience is improved. Also,
The stored access information may have more than 3000 (eg, 50,000) rows. In this case, 3000 authentication storage servers can be appropriately selected and used from 50,000 according to the budget and the purpose of use.

The access information database 204 outputs a URL address, an ID, and a password necessary for accessing the 3000 authentication storage server systems that transmit the fragment information (255, 256).

The fragment information transmitting means is any device that transmits fragment information using access information. The fragment information transmitting means 205 of the present embodiment receives the URL address, ID and password necessary for accessing the 3000 authentication storage server systems (255), and sends the URL address to the ftp server of the URL address via the Internet. Access is made by transmitting the ID and password, and the fragment information is transmitted by the ftp file transfer protocol (1
53) Computer system. In this embodiment, the fragment information is transmitted in a file format. Here, an appropriate file name may be generated, but in the present embodiment, the same KAIGI. DOC is used.

In this embodiment, 3000 pieces of fragment information are all transmitted to 3000 different authentication storage server systems. For example, 3000 pieces of fragment information are transmitted to 2500 authentication storage server systems. It is not preferable, but possible to change a plurality of pieces of fragment information to be transmitted to one authentication storage server, for example. Further, it is also possible to change the file name to be transmitted for each piece of fragment information.

The restoration information output means is any device that outputs restoration information. Restoration information output means 20 of the present embodiment
Numeral 6 receives a URL address necessary to access the authentication storage server system (256), receives an encryption key (251), generates restoration information, and outputs it to a flexible disk in a file format (152). It is. The file name in which the restoration information is recorded may be an appropriate file name.
GI. FUK is used. In this embodiment, one encryption key, one file name of a file to be restored, and 3000 pieces of access information are used as the restoration information.
An example of one encryption key is “r6fjFi83” which is a character string of eight characters, for example. The file name of one file to be restored is KAIGI. DOC is used. 3000 access information is 3000
A set of URL addresses, IDs, and passwords of the ftp servers, for example, “ft” as the first access information
p: // ABC. DEF. com, DOG34, 394
39DHD ", (2nd to 2999th are omitted), 3
As the 000th access information, “ftp: // UV
W. XYZ. com, CAT53, 2902kh39
d ". That is, the restoration information is “r6fjF
i83, KAIGI. DOC, ftp: // ABC. D
EF. com, DOG34, 39439DHD, (omitted), ftp: // UVW. XYZ. com, CAT5
3,2902kh39d ”(comma is a delimiter).

The above restoration information is only an example. The following is a modification example. First, it is possible not to include an encryption key when there is no encryption means or when a public key encryption method is used for the encryption means. When the encryption key is different for each piece of fragment information, a plurality of encryption keys can be included.

Second, an IP address or the like can be used in addition to the URL address. Further, when the correspondence between the server serial number and the URL address of the authentication storage server is stored in another storage location, the serial number of the authentication storage server can be used.

Third, it is also possible to use other authentication information other than the ID and the password, such as a personal identification number, a digital signature, and fingerprint data. Fourth, in this embodiment, since the file name to be restored is the same as the file name of the 3000 pieces of fragment information, one restored file name is used as restoration information. Instead of a file name to be restored, a file name of 3000 different pieces of fragment information can be used. It is also possible for the authentication storage server to manage fragment information transmitted from a plurality of users by using a serial number unique to the server instead of the file name. In this case, the serial number received from the authentication storage server is used instead of the file name. Can also be used. Furthermore, the authentication storage server can provide a command sequence or a program describing a procedure for extracting fragment information instead of a file name. In this case, a command sequence or a program is used instead of a file name. Is possible.

The generated restoration information is output and stored in a recording medium such as a flexible disk. If this recording medium is stored, the document file of the meeting record can be restored in the restoration system, so that it is not always necessary to save the document file of the meeting record which is the original electromagnetic record on the client side. Depending on the degree of division and redundancy, the restoration information may have a larger data amount than the original electromagnetic recording. However, if the degree of division / redundancy is reduced, the data amount of the restored information is generally smaller than that of the original electromagnetic recording, so that the load on the storage device on the client side can be reduced. This has the effect.

Since each piece of fragment information generated in this embodiment does not include all the information of the original conference proceedings, some pieces of fragment information may be intercepted in the course of transmission through the Internet, or the administrator of the authentication storage server may be intercepted. Even if the fragment information is intercepted, the document file of the original minutes cannot be easily restored and is safe. In particular, if the authentication storage server is distributed all over the world, it is difficult to intercept all fragment information, and there is a danger that the original electromagnetic record will be restored regardless of the presence or absence of encryption or encryption strength Is less.

However, it is necessary to consider the regional difference in the assignment of the confirmation date of the authentication result information and the language of the authentication text. Therefore, when the authentication storage server system 104 is distributed internationally, a mechanism for correcting the authentication date of the authentication result information based on the date change line is provided, and the authentication word is a binary value indicating authentication success and authentication failure. It is desirable to use data.

FIG. 3 shows a restoration system 1 in this embodiment.
FIG. 3 is a block diagram showing details of the third embodiment. Referring to FIG.
The details of the restoration system 103 will be described below. The fragment information extracting means is any device that accesses the authentication storage server via the Internet using the restoration information and receives the fragment information and the authentication result information.

The fragment information extracting means 301 of this embodiment receives the restoration information (152), and 3,000 authentication storage server systems 1 based on the access information included in the restoration information.
04 via the Internet to access the information transmission means 107 and the file name KA
IGI. Send a DOC file transmission request (15
4) The file name KAIGI. Receiving the DOC file and the authentication result information (15
4). And 3000 KAIGI. The DOC file and the encryption key included in the restoration information are output (35).
1) A computer system that outputs authentication result information (354).

The error correction means of the present invention is any device that performs error correction using redundancy. The error correction means 302 of the present embodiment has 3000 KAIGI. DOC
(351) and the encryption key included in the restoration information (351). By reading the head of the DOC file, three redundant files that should have the same contents are selected. That is,
In the above example, first, the first data is “1-3-
1-1000 "," 2-3-1-1000 "," 3-3
A file “−1−1000” is selected, and the contents excluding the part “1-3-1-1” which is the head data are determined by majority decision. Then, “1-3”, “2-3”, and “3-3” as the first data are deleted. In this way, one file starting with “1-1000” is created. Therefore, even if some of the redundant files cannot be obtained or have incorrect information due to a malfunction of the Internet line or a malfunction of the storage device on the server side, two of the three files are normal. If so, the error can be corrected and the file before redundancy can be restored. Then, the thus restored 1000 files and the encryption key are output (352).

The integrating means is any device that converts a plurality of data into a smaller number of data. The integrating means 303 of the present embodiment receives 1000 files and the encryption key (352), and reads “1-1000”, “2-1000”, etc., which are the first part of the 1000 files, to obtain 1000 files. By obtaining the order of the files and removing the leading parts “1-1000” and “2-1000” representing the order, the 1000 files are sequentially combined to form one encrypted file. Restore. Then, one encrypted file and the encryption key thus restored are output (353).

The decryption means of the present invention is any device that decrypts encrypted data. The decryption means 304 of the present embodiment receives one encrypted file and an encryption key (353), and decrypts the file before being encrypted using the encryption key, thereby obtaining the document file of the meeting minutes. Is restored and output (158). If the restoration has failed, a file containing an error message indicating the restoration failure is output.

The authentication result summarizing means of the present invention is any device that outputs at least a summary result of authentication result information. The authentication result summarizing means 305 of this embodiment receives the authentication result information from the 3000 authentication storage server systems (153) and outputs a summary of the authentication result information (158).
It is a computer system. In this embodiment, the restored document file of the minutes and the summary of the authentication result information are output to the hard disk. The summary of the authentication result information in the present embodiment is a ratio of the information indicating the authentication result in the authentication result information that the authentication was successful, whether or not the restoration of the electromagnetic record has succeeded as a whole, and if successful, the determination is made. The date is as follows: "Of the 3000 authentication storage servers, 2980 authentications were successful, and the electronic record was successfully restored as a whole. The final date is June 4, 2001." is there. It is also possible to output all 3000 pieces of authentication result information one by one in addition to the summary.

FIG. 4 is a flowchart of the process of the diffusion system 102. First, the diffusion system 102 receives an input of a document file of a meeting record (401). Next, the input document file of the meeting minutes is encrypted by the encryption means 201 (402). Next, the document file of the encrypted minutes is divided by the dividing means 202 (40).
3). Next, the document file of the divided minutes is made redundant by the redundancy means 203 (404). Next, the URL address, ID, and password necessary for accessing the authentication storage server system are read from the access information database 204 (405). This is performed after encryption, division, and redundancy in the present embodiment, but may be performed before encryption, division, and redundancy, or may be performed in parallel. Next, the read URL address and ID
Using the password and the password, the fragment information is transmitted by the fragment information transmitting unit 205, and the restoration information output unit 206 outputs the restoration information (406). In the embodiment, the transmission of the fragment information and the output of the restoration information are performed first in the embodiment, but the transmission of the fragment information may be performed simultaneously, or the output of the restoration information may be performed first.

FIG. 5 is a flowchart of the processing of the restoration system 103. First, the restoration system 103 receives an input of restoration information (501). Next, the fragment information extracting means 301 accesses the authentication storage server system 104 using the restoration information, and receives and acquires the fragment information and the authentication result information (502). Next, the error correction means 302 performs error correction on the obtained 3000 pieces of fragment information using the redundancy (503). Next, the integrating unit 303 integrates the fragment information of the file on which the error correction has been performed (504). Next, the decrypting means 304 decrypts the integrated file (505). Then, the document file of the decrypted meeting minutes and the information obtained by summarizing the received authentication result information by the authentication result summarizing means 305 are output (506). In the embodiment, the output of the summarized information is performed simultaneously with the decrypted document file of the meeting minutes. However, the output of the summarized information can be performed at any time after step 502.

FIG. 6 is a flowchart of the processing of the authentication storage server system 104. First, the authentication storage server system 104 receives an ID and a password from the authentication client system 101 (601). next,
The access authentication unit 105 determines whether the input ID and password are present in the stored set of ID and password, and proceeds to step 603 if they are present, and proceeds to step 608 if they are not present (602). ). If there is, it is determined whether or not a transmission request of the contents stored in the information transmitting unit 107 has been made. If the transmission request has been made, the process proceeds to step 604, and if not, the process proceeds to step 607 (603). ). If the transmission request has been made, the information transmitting means 107 searches whether or not the fragment information for which the transmission request has been made is stored in the information storage means 106.
If not stored, the process proceeds to step 606 (60
4). When fragment information is stored, the information transmitting means 1
07 transmits fragment information and authentication result information to the effect of authentication to the authentication client system 101 (605). If the fragment information is not stored, the information transmitting means 107
Authentication result information indicating that authentication is not performed is transmitted (606). If no transmission request has been made, the information storage unit 106
Receives and stores the fragment information (607). When the access authentication unit 105 determines that the input ID and password do not exist in the stored set of ID and password, the access of the authentication client system 101 is rejected (608).

The authentication system comprising 3000 authentication storage server systems and one authentication client system described above is an embodiment of the authentication client system, authentication storage server system, diffusion system, restoration system, and authentication system of the present invention. It is only an example, and changes can be made without departing from the spirit of the present invention.

For example, the number of authentication storage server systems constituting the authentication system of the present invention is not necessarily 3000, but can be changed to any number as long as it is 2 or more.

In this embodiment, the authentication client system, the authentication storage server system, the diffusion system, the restoration system, and the authentication system are configured as computer systems. Internet-connected digital home appliances equipped with a device and a microprocessor may be used.

In this embodiment, the document file of the meeting minutes is used as an object to be authenticated. However, it can be used for authenticating a document such as a contract taken in by a scanner. Further, the present invention can also be used for authentication of the date of establishment of a computer program, authentication of the date of establishment of an electronic document including a description of an electronic document describing the contents of the invention, and video recording of a site where the invention is performed, and the like.

Further, a content certification electronic mail system will be described as a modification of the present embodiment. Since the configuration is almost the same as that of the present embodiment, only the different points are described. First, an electronic mail file is used as an electromagnetic record instead of a document file of a meeting record. The e-mail file is a file that includes the source and destination e-mail addresses and the text of the e-mail.

The spreading system 102 adds an electronic mail address and a subject of the transmission destination to each piece of fragment information created, and transmits the fragment information to the authentication storage server system 104. A subject that can be distinguished from other subjects, such as “Meeting record. # 4983954”, is used.

The information transmitting means 107 includes an electronic mail transmitting means. As the e-mail transmission means, a computer equipped with an e-mail mailer program is used. The e-mail transmitting means transmits the fragment information requested to be transmitted as an attached file to the e-mail address of the transmission destination under the subject. Only the fragment information is transmitted to the destination e-mail address, and the authentication result information is not transmitted.

Then, to the authentication result information transmitted by the information transmitting means 107 to the authentication client system 101, information for authenticating that the fragment information has been transmitted to the e-mail address of the transmission destination of the content proof e-mail is added. That is, as an example of the authentication result information, “ID: ABC1
No. 039, the above information is received and stored on June 4, 2001, and the above information is sent to the e-mail address XXX @ XXX. XXX. CO. We will certainly authenticate what you send to JP. " In addition,
The electronic mail transmitting means may further receive the delivery proof information from the transmission destination, and may add information to authenticate that the delivery has been made to the authentication result information.

At the transmission destination, e-mails having the same subject are collected, the attached file is read out, and the transmitted fragment information is subjected to error correction / integration / decryption by a system that performs error correction means, integration means, and decryption means. To restore the original electromagnetic record. However, in the case of encryption, it may be necessary to input an encryption key. In that case, the encryption key may be sent separately by e-mail or the like, or may be included in the fragment information.

The authentication result summarizing means 305 outputs a summary of the 3000 pieces of authentication result information sent from the information transmitting means 107. The summary includes information indicating that the transmission was successful at the e-mail address. , "3
Of the 000 authentication storage servers, authentication success was 2980
2,975 successfully transmitted to the following e-mail addresses. As a whole, the restoration of the electromagnetic record and the e-mail address XXX @ XXX. XXX. CO. J
Transmission to P was successful. The final date is June 4, 2001. ].

[0080]

As is apparent from the above description, according to the present invention, it is possible to reduce the burden of authentication of an accessor on a server, and it is not always required to store an electromagnetic record on the client side. A secure electromagnetic record authentication system can be provided.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an outline of an entire authentication system including 3000 authentication storage server systems and one authentication client system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing details of a spreading system of an authentication system including 3000 authentication storage server systems and one authentication client system according to an embodiment of the present invention.

FIG. 3 is a block diagram showing details of an authentication system restoration system including 3000 authentication storage server systems and one authentication client system according to an embodiment of the present invention.

FIG. 4 is a flowchart of a process of a diffusion system in an authentication system including 3000 authentication storage server systems and one authentication client system according to an embodiment of the present invention.

FIG. 5 is a flowchart of processing of a restoration system in an authentication system including 3000 authentication storage server systems and one authentication client system according to an embodiment of the present invention.

FIG. 6 is a flowchart of a process of the authentication storage server system in the authentication system including 3000 authentication storage server systems and one authentication client system according to an embodiment of the present invention.

[Explanation of symbols]

 Reference Signs List 101 authentication client system 102 spreading system 103 restoration system 104 authentication storage server system 105 access authentication means 106 information storage means 107 information transmission means 201 encryption means 202 division means 203 redundancy means 204 access information database 205 fragment information transmission means 206 restoration information Output means 301 Fragment information extraction means 302 Correction means 303 Integration means 304 Decryption means 305 Authentication result summarization means

Claims (17)

[Claims] 1. An authentication client connected to an authentication storage server via the Internet, receiving an electromagnetic record and transmitting fragment information, which is fragmentary information of the electromagnetic record, to a plurality of authentication storage servers. A spreading system that transmits the data in a distributed manner and outputs restoration information necessary for restoring the electromagnetic record; and receives an input of the restoration information output from the spreading system and sends a transmission request to the plurality of authentication storage servers. To receive the transmitted fragment information,
A restoring system for restoring the electromagnetic record. 2. The authentication client system according to claim 1, wherein the restoration system receives authentication result information that is information including information indicating an authentication result of the transmitted fragment information. 3. The authentication client system according to claim 2, wherein the restoration system includes an authentication result summarizing unit that outputs a summary of the received authentication result information. 4. The spread system according to claim 1, further comprising access information storage means for storing access information necessary to access the plurality of authentication storage servers. Authentication client system. 5. The method according to claim 1, wherein the spreading system automatically obtains the access information and information on the reliability of the authentication storage server via the Internet. Authentication client system. 6. The spreading system has encryption means for encrypting information, and the restoration system has decryption means for decrypting information encrypted by the encryption means.
The authentication client system according to claim 1. 7. The spreading system has redundancy means for making information redundant, and the restoration system has error correction means for correcting an error using the information made redundant by the redundancy means. Item 7. An authentication client system according to any one of Items 1 to 6. 8. An authentication storage server connected to an authentication client via the Internet, wherein the access authentication means authenticates an accessor and, when the authentication of the access authentication means succeeds, the authentication storage server transmits the authentication result. Information storage means for storing information, if the authentication of the access authentication means is successful, obtain from the information storage means information received a transmission request from the authentication client,
An authentication storage server, comprising: an information transmission unit configured to transmit, to the authentication client, information that has received the transmission request and authentication result information that includes information indicating an authentication result of the information that has received the transmission request. system. 9. The authentication storage server system according to claim 8, wherein the authentication result information includes fixed date information that guarantees a date and time when the information requested to be transmitted is stored. 10. The authentication storage server system according to claim 8, wherein the information storage unit prohibits a change of the stored information. 11. The information transmission unit according to claim 8, wherein the information transmission unit transmits the information requested to be transmitted to an e-mail address designated by an authentication client.
0. The authentication storage server system according to any one of 0. 12. A spreading system constituting the authentication client system according to claim 1. 13. A restoration system constituting the authentication client system according to claim 1. 14. Connected via the Internet,
An authentication system comprising an authentication client and an authentication storage server, wherein the authentication client is the authentication client system according to any one of claims 1 to 7, and the authentication storage server is any one of claims 8 to 11. An authentication system, which is the authentication storage server system according to any one of the above. 15. A program for causing a computer to function as the diffusion system according to claim 12. 16. A program for causing a computer to function as the restoration system according to claim 13. 17. A program for causing a computer to function as the authentication storage server system according to any one of claims 8 to 11.