Order placement and receiving system and order placement and receiving management method
The system addresses data security in tiered outsourcing by dividing private keys across multiple servers with strict access control, ensuring confidentiality and secure payment in inter-company transactions.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- LOGISTEED LTD
- Filing Date
- 2022-08-08
- Publication Date
- 2026-06-05
AI Technical Summary
In a tiered outsourcing structure, maintaining confidentiality of order and receipt information between companies is challenging due to the risk of private keys being lost, leaked, or accessed by unauthorized entities, compromising data security.
A system that divides private keys into multiple shares and distributes them across servers of multiple companies, including third-party entities, with strict access management to prevent unauthorized access and recovery of the private key, combined with encryption methods like ECDH-AES to secure communication.
Ensures confidentiality of inter-company order and receipt information by preventing unauthorized access and leakage, enhancing data security and enabling secure payment through supply chain finance.
Smart Images

Figure 0007870678000001 
Figure 0007870678000002 
Figure 0007870678000003
Abstract
Description
Technical Field
[0001] The present invention relates to an order receiving and placing system.
Background Art
[0002] For all or part of the work of one project, it is entrusted from a primary contractor to a first-tier company and then from the first-tier company to a second-tier company. In this way, through the process of re-entrustment and repeated entrustment, a chain-like or flow-like business entrustment structure is formed by repeatedly entrusting the work through ordering and order receiving in stages. At this time, the primary contractor, which is the first order placer, may operate a server that provides order receiving and placing information related to the work entrusted at each stage.
[0003] As the background art in this technical field, there is the following prior art. Patent Document 1 (Japanese Unexamined Patent Application Publication No. 2021-158548) discloses an information sharing management device including at least one of a plurality of information processing devices on a network, a storage device that holds information to be managed, a process of reading the information from the storage device, dividing the information into a predetermined number, encrypting each of the divided information obtained by the division with a different key to generate a predetermined number of encrypted information, a process of secretly distributing each of the keys to generate a predetermined number of decentralized keys, a process of extracting encrypted information corresponding to information indicated by an information providing request from another information processing device on the network or information related to a case in which an operator of the information processing device is involved from the generated encrypted information and transmitting the encrypted information to the other information processing device, and an arithmetic device that executes a process of distributing the predetermined number of decentralized keys to each information processing device on the network.
Prior Art Documents
Patent Documents
[0004]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0005] In the aforementioned outsourcing structure, communication between the primary and secondary companies needs to be kept confidential from the zero-tier company. For example, this confidentiality involves encrypting the primary company's order and receipt information so that the zero-tier company cannot decrypt it. In this case, if the zero-tier company's server holds the private key, the zero-tier company can decrypt the ciphertext. If the client terminals of the primary or secondary company hold the private key, there is a risk of the private key being lost or leaked. Furthermore, if a third-party company's server (for example, a financial institution) holds the private key, the third-party company may be able to access the zero-tier company's server and view the order and receipt information. Moreover, if the third-party company's server is illegally accessed and the private key is leaked, an attacker may be able to access the zero-tier company's server and view the order and receipt information.
[0006] This invention aims to conceal order and receipt information between companies in a tiered outsourcing structure. [Means for solving the problem]
[0007] A representative example of the invention disclosed in this application is as follows: an order placement and receiving system for managing orders and receiving in a commercial transaction in which orders and receipts are made in stages between multiple companies, comprising a first computing unit that executes a program and the 1 The system includes a first memory device accessible by the computing unit, a zero-level server that manages order information and order information, a second computing unit that executes programs and the aforementioned 2nd The system includes a second storage device accessible by the computing unit, a key management server that manages encryption keys for encrypting the order information and the order information, a third computing unit that executes programs and the Third The system has a third storage device accessible by the computing unit, and a plurality of key share holding servers each holding a portion of a plurality of key shares generated from the key, and a fourth computing unit that executes the program and the 4thThe key management server comprises a fourth storage device accessible by the computing device, and a terminal to which the order information and the order information are input and output. The key management server comprises an access rights management unit to which the second computing device assigns authentication information of companies that can acquire the key share to the key share, and a communication unit to which the second computing device distributes the key share to the key share holding server. The terminal comprises an information transmission unit to which the fourth computing device requests the key share from the key share holding server, a key recovery / generation unit to which the fourth computing device recovers an encryption key from a plurality of acquired key shares, an encryption / decryption unit to which the fourth computing device encrypts the input order information and decrypts the order information using the recovered encryption key, and a display unit to which the fourth computing device displays the decrypted order information. The information transmission unit transmits the encrypted order information to the zero-order server. The key share holding server comprises an authentication unit to which the third computing device determines whether or not to transmit the key share to each terminal based on the authentication information. [Effects of the Invention]
[0008] According to one aspect of the present invention, inter-company order and receipt information can be kept confidential. Other problems, configurations, and effects not mentioned above will be clarified by the following description of the embodiments. [Brief explanation of the drawing]
[0009] [Figure 1] This figure shows the solution concept of an embodiment of the present invention. [Figure 2] This diagram shows the configuration of the order placement and receiving system in Example 1. [Figure 3] This figure shows an example of the configuration of access rights information in Example 1. [Figure 4] This figure shows an example of the password information configuration in Example 1. [Figure 5] This is a sequence diagram of the key generation and distribution process in Example 1. [Figure 6] This is a sequence diagram of the order processing from a primary supplier to a secondary supplier in Example 1. [Figure 7]It is a sequence diagram of the order placement process from the primary company to the secondary company in Example 1. [Figure 8] It is a sequence diagram of the process for the secondary company in Example 1 to confirm an order. [Figure 9] It is a sequence diagram of the process from the delivery completion notice to the payment in Example 1. [Figure 10] It is a sequence diagram of the process from the delivery completion notice to the payment in Example 1. [Figure 11A] It is a diagram showing an example of an email sent from the zero - order company server in Example 1. [Figure 11B] It is a diagram showing an example of an email sent from the zero - order company server in Example 1. [Figure 11C] It is a diagram showing an example of an email sent from the zero - order company server in Example 1. [Figure 12] It is a diagram showing an example of an order information display screen in Example 1. [Figure 13] It is a diagram showing an example of an order information input screen in Example 1. [Figure 14] It is a diagram showing an example of an order information display screen in Example 1. [Figure 15] It is a diagram showing an example of a payment confirmation screen in Example 1. [Figure 16] It is a diagram showing the configuration of the order - receiving and placing system in Example 2. [Figure 17] It is a sequence diagram of the key generation and distribution process in Example 2. [Figure 18] It is a block diagram showing the physical configuration of the zero - order company server in Example 1.
Modes for Carrying Out the Invention
[0010] Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. Note that the following embodiments are merely examples of the present invention, and the present invention is not limited to the illustrated configurations.
[0011] Figure 1 is a diagram showing the solution concept of an embodiment of the present invention.
[0012] As mentioned above, a chain-like or flow-like business outsourcing structure (hereinafter simply referred to as the "business outsourcing flow") is formed by repeatedly outsourcing all or part of a project's work through ordering and receiving, starting from a zero-tier company to a first-tier company, and then from the first-tier company to a second-tier company, and so on, through sub-subcontracting and sub-subcontracting. The client at each stage is not limited to the ordering logistics company; there are both a client and a contractor at each stage. In this case, communication between the first-tier company and the second-tier company must be kept confidential from the zero-tier company. In particular, the amount of the outsourcing is highly confidential, and the amount of the outsourcing from the first-tier company to the second-tier company should not be known to the zero-tier company.
[0013] Therefore, in the order placement and receiving system of this embodiment, the private key used by primary and secondary companies is divided into multiple private key shares by secret sharing, and these private key shares are held on servers of multiple companies. Furthermore, the private key shares are distributed and held on servers of two or more companies, and in particular, they are distributed and held on multiple servers including third-party companies other than the zero-tier company, to prevent the recovery of the private key by having a specific company's server hold all of the private key shares. For example, in the (k,n) secret sharing scheme, the number of private key shares that each company's server can hold is (k-1) or less, and when n=k=2, the number of shares of each private key that each company can hold is one or less. Access rights to each private key share are managed so that only the server of a specific company can obtain and use the private key share.
[0014] The anonymization of order information through the aforementioned private key sharing can be combined with supply chain finance. Through supply chain finance, once the primary or secondary contractors notify the primary contractors of the completion of work, and the primary or secondary contractors approve the completion of work (payment), the financial institution pays the primary or secondary contractors the outsourcing fees, thereby improving the contractors' cash flow through early payment of outsourcing fees.
[0015] The terms "0th order," "1st order," "2nd order," etc., used in this specification and drawings are for identifying constituent elements and do not necessarily limit their number, order, or content. While this description outlines an example of applying the present invention to the transportation industry, particularly to the delivery of goods, the present invention is applicable not only to the transportation industry but also to any industry with a multi-stage outsourcing flow, such as the construction or manufacturing industries.
[0016] In this embodiment, the key share can be managed by distributing it among multiple companies, and the key share holders do not necessarily have to be the primary company and financial institutions. For example, a system provider, certification body, or public institution may hold the key share.
[0017] <Example 1> Figure 2 shows the configuration of the order placement and receiving system according to Embodiment 1 of the present invention.
[0018] The order placement and receiving system of Example 1 includes a zero-tier company server 100 (corresponding to the "zero-tier server" in the claim), a zero-tier company storage device 150 (corresponding to the "first storage device" in the claim), a third-party server 200 (corresponding to the "key share holding server" in the claim), a third-party company storage device 250 (corresponding to the "third storage device" in the claim), a key management server 300 (corresponding to the "key management server" in the claim), a zero-tier client 180, a primary client 400, and a secondary client 500 (clients 180, 400, and 500 correspond to the "terminals" in the claim). The zero-tier company server 100, the third-party server 200, the key management server 300, the zero-tier client 180, the primary client 400, and the secondary client 500 are connected via a network. The hierarchical structure of the order placement and receiving may be a multi-tiered structure including tertiary and quaternary companies in addition to secondary companies, but the explanation will focus on a two-tiered order placement and receiving structure from zero-tier to secondary companies.
[0019] The 0th-tier company server 100 is a computer operated by the 0th-tier company, its subsidiaries or other related companies, or a company contracted to manage the server, and has a mail notification unit 110, an order information transmission / reception unit 120, a share / pk transmission unit 130, and an authentication unit 140. The mail notification unit 110 creates and sends emails that trigger work for the 1st-tier and 2nd-tier companies. If a dedicated application is installed on the 1st-tier client 400 and the 2nd-tier client 500, the mail notification unit 110 may send notifications to the dedicated application instead of email. The order information transmission / reception unit 120 sends and receives order information with the 1st-tier client 400 and the 2nd-tier client 500. The share / pk transmission unit 130 transmits the private key share and public key stored in the storage device 150 in accordance with requests from the 1st-tier client 400 and the 2nd-tier client 500. The authentication unit 140 authenticates primary clients 400 and secondary clients 500 accessing the primary enterprise server 100 by referring to password information stored in the key management server 300. The authentication method used by the authentication unit 140 may be other than IP address and password. Since IP addresses can be impersonated, for example, a client certificate issued by the key generator may be used to authenticate that the client is legitimate. Alternatively, the key management server 300 may perform the authentication.
[0020] The storage device 150 is a storage device operated by a zero-tier company and stores encrypted data of order information from a primary-tier company to a secondary-tier company. The storage device 150 also stores encryption keys pk1, pk2, sk1-s1, and sk2-s1. pk1 is the public key of the primary-tier client 400, pk2 is the public key of the secondary-tier client 500, sk1-s1 is the private key share of the primary-tier client 400, and sk2-s1 is the private key share of the secondary-tier client 500. The storage device 150 may be configured separately from the zero-tier company server 100, or it may be configured together with the zero-tier company server 100 (i.e., as an auxiliary storage device 3 within the zero-tier company server 100).
[0021] The zero-level client 180 is a computer used by a zero-level company to access the zero-level company server 100, and it runs a web browser or a dedicated application.
[0022] The third-party server 200 is a computer operated by a third-party company such as a financial institution, and has a share transmission unit 210, an amount receiving unit 220, and an authentication unit 230 (corresponding to the "authentication unit" in the claim). The share transmission unit 210 transmits a private key share stored in the storage device 250 in accordance with requests from the primary client 400 and the secondary client 500. The amount receiving unit 220 receives data on the amount to be paid between companies, generates payment data, and transmits it to the financial institution's accounting system. The authentication unit 230 authenticates the primary client 400 and the secondary client 500 that access the third-party server 200 by referring to password information stored in the key management server 300.
[0023] The storage device 250 is a storage device operated by a third-party company and stores the cryptographic key shares sk1-s2 and sk2-s2. sk1-s2 are the private key shares of the primary client 400, and sk2-s2 are the private key shares of the secondary client. The storage device 250 may be configured separately from the third-party server 200, or it may be configured together with the third-party server 200 (i.e., as an auxiliary storage device within the third-party server 200).
[0024] The private key sk1 of the primary client 400 can be generated by recovering sk1-s1 stored in the storage device 150 and sk1-s2 stored in the storage device 250. Similarly, the private key sk2 of the secondary client 500 can be generated by recovering sk2-s1 stored in the storage device 150 and sk2-s2 stored in the storage device 250.
[0025] The storage devices 150 and 250 may be provided separately, or they may be a single storage device that is logically divided and used in a single physical manner.
[0026] The key management server 300 is a computer operated by a company other than a zero-order company, and has a communication unit 310 (corresponding to the "communication unit" in the claim), an access rights management unit 320 (corresponding to the "access rights management unit" in the claim), a splitting unit 330, a key generation unit 340 (corresponding to the "key generation unit" in the claim), and a storage unit 350 (corresponding to the "second storage device" in the claim). The communication unit 310 controls communication with other devices. The access rights management unit 320 authenticates primary clients 400 and secondary clients 500 that access the key management server 300 by referring to password information stored in the storage unit 350. The splitting unit 330 (corresponding to the "splitting unit" in the claim) splits the secret key generated by the key generation unit 340 to generate a secret key share. The secret key share may be generated using the (k,n) secret sharing scheme, but it may be generated by other methods as long as the encryption key can be split into multiple fragments in some way, such as an electronic cipher. The key generation unit 340 generates a key pair, including a private key and a public key, in accordance with a request from a primary client 400 or a secondary client 500. The storage unit 350 stores the password information and access rights information used by the access rights management unit 320 for authentication. Details of the access rights information are shown in Figure 3, and details of the password information are shown in Figure 4.
[0027] The storage unit 350 of the key management server 300 may store all or part of the private key share. The key management server 300 may be included in the group that stores the private key share.
[0028] The key management server 300 is a computer operated by a company that is neither a zero-tier company nor a third-party company (the key generator), but the key generator may also be a third-party company. If the key generator is a zero-tier company, the zero-tier company can know the private key, which is inappropriate.
[0029] As described in Example 2, the private key and public key may be generated by the primary client 400 and the secondary client 500, rather than by the key management server 300.
[0030] The primary client 400 is a computer used by a primary company to access the zero-tier company server 100 and the third-party server 200, and has an input unit 410, an information receiving unit 420, an information transmission unit 430 (corresponding to the "information transmission unit" in the claim), a display unit 440 (corresponding to the "display unit" in the claim), an encryption / decryption unit 450 (corresponding to the "encryption / decryption unit" in the claim), and a key recovery / generation unit 460 (corresponding to the "key recovery / generation unit" in the claim). Each part of the primary client 400 may be configured as a web browser or a dedicated application. The input unit 410 accepts data input from the user. The information receiving unit 420 receives data transmitted from other devices. The information transmission unit 430 transmits data to other devices. The display unit 440 displays the results of the calculation processing and the data received from other devices to the user. The encryption / decryption unit 450 decrypts the encrypted and transmitted data and generates plaintext data. The key recovery and generation unit 460 recovers and generates the original key from the collected key shares.
[0031] The secondary client 500 is a computer used by a secondary company to access the primary company server 100 and the third-party server 200, and has an input unit 510, an information receiving unit 520, an information transmission unit 530 (corresponding to the "information transmission unit" in the claim), a display unit 540 (corresponding to the "display unit" in the claim), an encryption / decryption unit 550 (corresponding to the "encryption / decryption unit" in the claim), and a key recovery / generation unit 560 (corresponding to the "key recovery / generation unit" in the claim). Each part of the secondary client 500 may be configured as a web browser or a dedicated application. The input unit 510 accepts data input from the user. The information receiving unit 520 receives data transmitted from other devices. The information transmission unit 530 transmits data to other devices. The display unit 540 displays the results of the calculation processing and the data received from other devices to the user. The encryption / decryption unit 550 decrypts the encrypted and transmitted data and generates plaintext data. The key recovery and generation unit 560 recovers and generates the original key from the collected key shares.
[0032] Here, the unauthorized acquisition of the private key share from the third-party server 200 by the zero-order enterprise server 100, and the unauthorized acquisition of the private key share from the zero-order enterprise server 100 by the third-party server 200, can be suppressed, for example, by making the source code of the zero-order enterprise server 100 and the third-party server 200 open source and releasing it.
[0033] Figure 18 is a block diagram showing the physical configuration of the 0th-order enterprise server 100 in this embodiment.
[0034] The zero-order enterprise server 100 in this embodiment is composed of a computer having a processor (CPU) 1, memory 2, auxiliary storage device 3, and communication interface 4. The zero-order enterprise server 100 may also have an input interface 5 and an output interface 8.
[0035] Processor 1 is an arithmetic unit that executes programs stored in memory 2. By executing various programs, Processor 1 realizes the functions of each functional unit of the 0th-order enterprise server 100 (for example, the email notification unit 110, the order information transmission / reception unit 120, the share / pk transmission unit 130, the authentication unit 140, etc.). Note that some of the processing performed by Processor 1 when executing programs may be executed by other arithmetic units (for example, hardware such as ASICs and FPGAs). The Processor 1 that realizes the functions of each functional unit of the 0th-order enterprise server 100 as described above corresponds to the "first arithmetic unit" in the claims.
[0036] Memory 2 includes ROM, a non-volatile memory element, and RAM, a volatile memory element. ROM stores immutable programs (e.g., BIOS). RAM is a high-speed, volatile memory element such as DRAM (Dynamic Random Access Memory), and temporarily stores programs executed by processor 1 and data used during program execution.
[0037] The auxiliary storage device 3 is, for example, a high-capacity, non-volatile storage device such as a magnetic storage device (HDD) or flash memory (SSD). The auxiliary storage device 3 also stores data used by the processor 1 when executing programs, and the programs that the processor 1 executes. In other words, programs are read from the auxiliary storage device 3, loaded into memory 2, and executed by the processor 1, thereby realizing the various functions of the 0th-order enterprise server 100.
[0038] Communication interface 4 is a network interface device that controls communication with other devices according to a predetermined protocol.
[0039] Input interface 5 is an interface to which input devices such as a keyboard 6 and a mouse 7 are connected and to receive input from the operator. Output interface 8 is an interface to which output devices such as a display device 9 and a printer (not shown) are connected and to output the program execution results in a format that the user can see. In addition, a user terminal connected to the zero-level enterprise server 100 via a network may provide the input and output devices. In this case, the zero-level enterprise server 100 may have the functionality of a web server, and the user terminal may access the zero-level enterprise server 100 using a predetermined protocol (e.g., http).
[0040] The program executed by processor 1 is provided to the zero-level enterprise server 100 via removable media (such as a CD-ROM or flash memory) or a network, and stored in a non-volatile auxiliary storage device 3, which is a non-temporary storage medium. For this reason, it is preferable for the zero-level enterprise server 100 to have an interface for reading data from the removable media.
[0041] The 0th-order enterprise server 100 is a computer system that operates on a single physical computer or on multiple logically or physically configured computers, and may operate on a virtual computer built on multiple physical computer resources. For example, the email notification unit 110, the order information transmission / reception unit 120, the share / pk transmission unit 130, and the authentication unit 140 may each operate on separate physical or logical computers, or multiple units may be combined and operate on a single physical or logical computer.
[0042] The physical configuration of the 0th-order enterprise server 100 has been explained with reference to Figure 18, but the other servers (third-party server 200, key management server 300) may have the same configuration. Furthermore, the 0th-order client 180, 1st-order client 400, and 2nd-order client 500 can also be configured with general-purpose computers, and the computers may have the same configuration as in Figure 18. Note that the processor (CPU) 1 (see Figure 18), which is one of the physical components of the third-party server 200, corresponds to the "third arithmetic unit" in the claim, the processor 1, which is one of the physical components of the key management server 300, corresponds to the "second arithmetic unit" in the claim, and the processor 1, which is one of the physical components of the 1st-order client 400 and 2nd-order client 500, corresponds to the "fourth arithmetic unit" in the claim.
[0043] Figure 3 shows an example of the configuration of access rights information in this embodiment.
[0044] Access rights information is used to determine whether or not access to the private key share is permitted, and it is recorded with the username, user ID, and IP address associated with it. The username is a name that uniquely identifies the user using the order placement and receiving system, and it is preferable to define it to include part of the company name. The user ID is a symbol or number that uniquely identifies the user. The IP address is the address assigned to clients 400 and 500 used by the user.
[0045] Access rights information may be stored on the primary enterprise server 100 and the third-party server 200, and may also be stored on the key management server 300.
[0046] Figure 4 shows an example of the password information configuration in this embodiment.
[0047] Password information is recorded with the user ID, password, and key information associated with it. The user ID is a symbol or number that uniquely identifies the user using the order placement and receiving system. The password is the password entered by the user and used for authentication. The key information is the identification information of the private key to which access rights are granted, authenticated by the user ID and password.
[0048] Password information is stored on the key management server 300.
[0049] Figure 5 is a sequence diagram of the key generation and distribution process in Example 1.
[0050] The information transmission unit 430 of the primary client 400 requests key generation from the key management server 300 (1001).
[0051] When the key management server 300 receives a key generation request, the key generation unit 340 generates a pair of private key sk1 and public key pk1 (1002). Then, the communication unit 310 of the key management server 300 requests an ID and password from the primary client 400 (1003).
[0052] In the primary client 400, when the input unit 410 receives the ID and password (1004), the information transmission unit 430 sends the ID and password to the key management server 300 (1005).
[0053] When the key management server 300 receives the ID and password, the splitting unit 330 splits the generated private key to generate private key shares sk1-s1 and sk1-s2 (1006). The access rights management unit 320 associates the generated private key shares with the received ID and password pair, thereby assigning access rights information based on the received ID and password to the generated private key shares (1007). The password information, including the ID and password, is then stored in the storage unit 350 (1008). The number of divisions of the private key and the storage location of the private key shares may be predetermined by the zero-level company. Alternatively, the number of divisions of the private key and the storage location of the private key shares may be changed for each company. The communication unit 310 of the key management server 300 then sends the private key share sk1-s1 and the public key pk1 to the zero-level company server 100 (1009).
[0054] The zero-order enterprise server 100 stores the received secret key share sk1-s1 in the storage device 150 (1010).
[0055] Furthermore, the communication unit 310 of the key management server 300 sends the other private key shares (sk1-s2) to the third-party server 200 (1011).
[0056] The third-party server 200 stores the received private key share in the storage device 250 (1012).
[0057] Furthermore, the communication unit 310 of the key management server 300 sends the client certificate to the primary enterprise server 100 (1013).
[0058] In this embodiment, ECDH-AES is used for encryption, but other encryption methods (e.g., symmetric-key, public-key, or hybrid) may also be used. For example, if a public-key encryption method is used, order information from a primary company to a secondary company will be encrypted with different public keys, resulting in different encrypted data for the primary company and the secondary company. On the other hand, with a hybrid encryption method (e.g., ECDH-AES) or a symmetric-key encryption method, the data seen by the primary company and the data seen by the secondary company will be the same encrypted data, so the amount of data stored in the storage devices 150 and 250 can be reduced with a symmetric-key or hybrid method compared to a public-key encryption method.
[0059] Figures 6 and 7 are sequence diagrams of the order processing from the primary supplier to the secondary supplier in Example 1.
[0060] The user of the zero-tier company inputs order information for work to be outsourced from the zero-tier company to the primary-tier company into the zero-tier client and sends it to the zero-tier company server 100 (1101).
[0061] When the 0th-tier enterprise server 100 receives order information for outsourced work, the email notification unit 110 sends an order email (1102). As shown in Figure 11A, this email contains information about a link that allows the 1st-tier client 400 to access the 0th-tier enterprise server 100 and confirm the order information.
[0062] When the display unit 440 of the primary client 400 displays the received email at the operation of a primary company user, the primary company user further operates the primary client 400 to select a link contained in the displayed email. When the input unit 410 accepts the selection of the link, the information transmission unit 430 accesses the selected link and requests order information from the zero-tier company server 100 (1103).
[0063] When the 0th-level enterprise server 100 receives a request for order information, the order information transmission / reception unit 120 sends the login screen display data to the 1st-level client 400 (1104).
[0064] When the display unit 440 of the primary client 400 displays the login screen, the user of the primary company enters their ID and password (1105). When the input unit 410 receives the ID and password, the information transmission unit 430 of the primary client 400 sends the entered ID and password to the zero-level company server 100 (1106).
[0065] The authentication unit 140 of the zero-level enterprise server 100 sends a password information retrieval request to the key management server 300 (1107).
[0066] When the key management server 300 receives a request to retrieve password information, the communication unit 310 sends the password information to the primary enterprise server 100 (1108).
[0067] When the 0th-tier enterprise server 100 receives password information, the authentication unit 140 authenticates the 1st-tier client 400 using the received password information (1109). If authentication is successful, the order information transmission / reception unit 120 sends order information to the 1st-tier client 400 (1110).
[0068] The display unit 440 of the primary client 400 displays the received order information based on the operation of the primary company user. As shown in Figure 12, the order information display screen is provided with an order button for secondary companies, and when the primary company user operates the order button, the order screen shown in Figure 13 is displayed. The primary company user selects the supplier for each product name, enters the amount, and operates the confirm button, at which point the input unit 410 accepts the secondary company to be supplied and the amount (1111).
[0069] Subsequently, the information transmission unit 430 of the primary client 400 sends the ID, IP address, and password, and requests the public key pk2 of the secondary client 500 and the private key share sk1-s1 of the primary client 400 from the zero-level enterprise server 100 (1112).
[0070] When the primary enterprise server 100 receives the ID, IP address, and password, the authentication unit 140 authenticates the primary client 400 by confirming that both the received ID, IP address, and password match the IP address in Figure 3 and the password in Figure 4 (1113). If authentication is successful, the share pk transmission unit 130 sends the public key pk2 of the secondary client 500 and the private key share sk1-s1 of the primary client 400 to the primary client 400 (1114).
[0071] Furthermore, the information transmission unit 430 of the primary client 400 sends the ID, IP address, and password to request the third-party server 200 to share the private key sk1-s2 of the primary client 400 (1115).
[0072] When the third-party server 200 receives the ID, IP address, and password, the authentication unit 230 requests the key management server 300 to retrieve the password information (1116).
[0073] When the key management server 300 receives a request to retrieve password information, the communication unit 310 sends the password information to the third-party server 200 (1117).
[0074] When the third-party server 200 receives the password information, the authentication unit 230 uses the received password information to authenticate the primary client 400 (1118). If authentication is successful, the share transmission unit 210 sends the private key share sk1-s2 of the primary client 400 to the primary client 400 (1119).
[0075] After the primary client 400 receives the private key shares sk1-s1 and sk1-s2, the key recovery / generation unit 460 recovers the private key sk1 from the two private key shares sk1-s1 and sk1-s2 (1120), and generates an AES symmetric key from the private key sk1 of the primary client 400 and the public key pk2 of the secondary client 500 (1121). Then, the encryption / decryption unit 450 encrypts the order information to the secondary company using the generated AES symmetric key (1122). Then, the information transmission unit 430 transmits the encrypted order information to the secondary company to the primary company server 100 (1123).
[0076] The primary enterprise server 100 stores the order information for secondary enterprises, encrypted using an AES common key, in the storage device 150.
[0077] Figure 8 is a sequence diagram of the process by which the secondary company in Example 1 confirms the order.
[0078] When the primary enterprise server 100 receives order information for secondary enterprises from the primary client 400, the email notification unit 110 sends an order email (1201). As shown in Figure 11B, this email contains information about a link that allows the secondary client 500 to access the primary enterprise server 100 and confirm the order information.
[0079] When the display unit 540 of the secondary client 500 displays the received email at the operation of a secondary company user, the secondary company user further operates the secondary client 500 to select a link contained in the displayed email. When the input unit 510 accepts the selection of the link, the information transmission unit 530 accesses the selected link and requests order information from the primary company server 100 (1202).
[0080] When the primary enterprise server 100 receives a request for order information, the order information transmission / reception unit 120 sends the login screen display data to the secondary client 500 (1203).
[0081] When the display unit 540 of the secondary client 500 displays the login screen, the user of the secondary company enters their ID and password (1204). When the input unit 510 receives the ID and password, the information transmission unit 530 of the secondary client 500 sends the entered ID and password to the primary company server 100 (1205).
[0082] The authentication unit 140 of the zero-level enterprise server 100 sends a password information retrieval request to the key management server 300 (1206).
[0083] When the key management server 300 receives a request to retrieve password information, the communication unit 310 sends the password information to the primary enterprise server 100 (1207).
[0084] When the primary enterprise server 100 receives the password information, the authentication unit 140 uses the received password information to authenticate the secondary client 500 (1208). If authentication is successful, the order information transmission / reception unit 120 sends the order information, the secondary client 500's private key share sk2-s1, and the primary client 400's public key pk1 to the secondary client 500 (1209).
[0085] When the secondary client 500 receives the private key share sk2-s1 and the public key pk1, the information transmission unit 530 of the secondary client 500 sends the entered ID and password to the third-party server 200 (1210).
[0086] When the third-party server 200 receives the ID, IP address, and password, the authentication unit 230 requests the key management server 300 to retrieve the password information (1211).
[0087] When the key management server 300 receives a request to retrieve password information, the communication unit 310 sends the password information to the third-party server 200 (1212).
[0088] When the third-party server 200 receives the password information, the authentication unit 230 uses the received password information to authenticate the secondary client 500 (1213). If authentication is successful, the share transmission unit 210 sends the private key share sk2-s2 of the secondary client 500 to the secondary client 500 (1214).
[0089] After the secondary client 500 receives the private key shares sk2-s1 and sk2-s2, the key recovery / generation unit 560 recovers the private key sk2 from the two private key shares sk2-s1 and sk2-s2 (1215), and generates an AES symmetric key from the private key sk2 of the secondary client 500 and the public key pk1 of the primary client 400 (1216). Then, the encryption / decryption unit 550 decrypts the order information to the secondary company using the generated AES symmetric key (1217). Then, the display unit 540 of the secondary client 500 displays the received order information based on the operation of the user of the secondary company. As shown in Figure 14, the order information display screen is provided with an approval button, and when the user of the primary company operates the approval button, the order acceptance and acceptance of the work to be entrusted from the primary company to the secondary company is confirmed (1218). The order information display screen may also be provided with buttons for further dividing the work and ordering it to a tertiary company. Then, the information transmission unit 530 sends approval for the order information to the 0th-level company server 100 (1219).
[0090] Figures 9 and 10 are sequence diagrams of the process from delivery completion notification to payment in Example 1.
[0091] First, the user of the secondary company accesses the primary company server 100, enters that the task is complete, and notifies the server of the completion of the task (1301).
[0092] A user of the 0th-tier company accesses the 0th-tier company server 100 from the 0th-tier client 180 to receive a notification of completion of work (1302). The 0th-tier client 180 displays a payment confirmation screen as shown in Figure 15, and by operating the approval button, the completion of the work outsourced to the 1st-tier company is approved, and payment to the 1st-tier company is approved (1303). When the input section of the 0th-tier client 180 receives the payment approval to the 1st-tier company, the 0th-tier client 180 sends the payment approval to the 1st-tier company server 100 (1304).
[0093] When the zero-tier enterprise server 100 receives payment authorization to the primary enterprise from the zero-tier client 180, the email notification unit 110 sends an order email (1305). This email contains information about a link that allows the primary client 400 to access the zero-tier enterprise server 100 and make a payment to the secondary enterprise, as shown in Figure 11C.
[0094] When the display unit 440 of the primary client 400 displays the received email at the operation of a primary company user, the primary company user further operates the primary client 400 to select a link contained in the displayed email. When the input unit 410 accepts the selection of the link, the information transmission unit 430 accesses the selected link and requests order information for the secondary company from the zero-tier company server 100 (1306).
[0095] When the 0th-level enterprise server 100 receives a request for order information, the order information transmission / reception unit 120 sends the login screen display data to the 1st-level client 400 (1307).
[0096] When the display unit 440 of the primary client 400 displays the login screen, the user of the primary company enters their ID and password (1308). When the input unit 410 receives the ID and password, the information transmission unit 430 of the primary client 400 sends the entered ID and password to the zero-level company server 100 (1309).
[0097] The authentication unit 140 of the zero-level enterprise server 100 sends a password information retrieval request to the key management server 300 (1310).
[0098] When the key management server 300 receives a request to retrieve password information, the communication unit 310 sends the password information to the primary enterprise server 100 (1311).
[0099] When the primary enterprise server 100 receives password information, the authentication unit 140 authenticates the primary client 400 using the received password information (1312). If authentication is successful, the order information transmission / reception unit 120 transmits order information to the secondary enterprise, and the share / pk transmission unit 130 transmits the primary client 400's private key share sk1-s1 and the secondary client 500's public key pk2 to the primary client 400 (1313).
[0100] Subsequently, the information transmission unit 430 of the primary client 400 sends the ID, IP address, and password to request the third-party server 200 to share the private key sk1-s2 of the primary client 400 (1314).
[0101] When the third-party server 200 receives the ID and password, the authentication unit 230 requests the key management server 300 to retrieve the password information (1315).
[0102] When the key management server 300 receives a request to retrieve password information, the communication unit 310 sends the password information to the third-party server 200 (1316).
[0103] When the third-party server 200 receives the password information, the authentication unit 230 uses the received password information to authenticate the primary client 400 (1317). If authentication is successful, the share transmission unit 210 sends the private key share sk1-s2 of the primary client 400 to the primary client 400 (1318).
[0104] After the primary client 400 receives the private key shares sk1-s1 and sk1-s2, the key recovery / generation unit 460 recovers the private key sk1 from the two private key shares sk1-s1 and sk1-s2 (1319), and generates an AES common key from the private key sk1 of the primary client 400 and the public key pk2 of the secondary client 500 (1320). Then, the encryption / decryption unit 450 decrypts the order information to the secondary company using the generated AES common key (1321). Then, the display unit 440 of the primary client 400 displays the received order information based on the operation of the primary company's user. As shown in Figure 15, the payment confirmation screen is provided with an approval button, and when the primary company's user operates the approval button, the completion of the commissioned work is approved, and payment from the primary company to the secondary company is confirmed (1322).
[0105] The information transmission unit 430 then notifies the zero-level company server 100 of the payment approval (1323) and transmits information on the payment amount for the contracted work to the third-party server 200 (1324).
[0106] When the third-party server 200 receives payment information, it creates transfer data from the primary company to the secondary company and executes the payment from the primary company to the secondary company.
[0107] Figures 11A to 11C show examples of emails sent from a zero-level enterprise server 100.
[0108] In this embodiment of the order placement and receiving system, notifications such as emails are used as triggers, and the links included in the notifications prompt the user to perform the next action. Figure 11A is an example of an email sent when a work order is placed from a zero-tier company to a primary-tier company, and it includes information about a link that allows the primary-tier client 400 to access the zero-tier company server 100 and confirm the order information. Figure 11B is an example of an email sent when a work order is placed from a primary-tier company to a secondary-tier company, and it includes information about a link that allows the secondary-tier client 500 to access the zero-tier company server 100 and confirm the order information. Figure 11C is an example of an email sent to the primary-tier company upon completion of work by the secondary-tier company, and it includes information about a link that allows the primary-tier client 400 to access the zero-tier company server 100 and confirm the order information and payment information.
[0109] Figure 12 shows an example of an order information display screen.
[0110] The order information display screen shown in Figure 12 is accessed via a link included in an email (Figure 11A) sent when a work order is placed from a zero-tier company to a primary-tier company. After logging in, the zero-tier company server 100 is accessed and displayed (steps 1110 and 1111 in Figure 6). The order information display screen shows the recipient (contractor), the ordering party (ordering party), information representing the work (order ID, order date, order date, order amount), and the details of the work (name of goods to be transported, quantity, origin, destination). The contractor (e.g., primary-tier company) can view the order information display screen to understand the order details.
[0111] The order information display screen includes a button for placing orders with secondary companies. When a primary company user clicks this button, the order information input screen (Figure 13) is displayed. The order information display screen also includes a "Do not accept order" button, which is used when a company does not wish to accept the order.
[0112] Figure 13 shows an example of an order information input screen.
[0113] The order information input screen shown in Figure 13 displays the recipient of the received work (the person subcontracting), the ordering party (the person ordering the received work), information representing the work (order ID, order date, order date, order amount), and the details of the work (name of goods to be transported, quantity, origin, destination). The details of the work section includes a field for entering the subcontractor and a field for entering the amount of the subcontract. It is preferable that the subcontractor be selectable from a dropdown menu. The user of the subcontracting company (for example, the primary company) looks at the order information input screen, decides on the subcontractor and the amount for each job (transportation), and enters it into the order information input screen. When the primary company user operates the confirmation button, the primary client 400 accepts the secondary company and amount of the order.
[0114] The order information received by the primary client 400 for the secondary company is encrypted using an AES symmetric key generated from the private key sk1 of the primary client 400 and the public key pk2 of the secondary client 500, and then sent to the zero-tier company server 100 (steps 1120 and 1121 in Figure 6).
[0115] Figure 14 shows an example of an order information display screen.
[0116] The order information display screen shown in Figure 14 is accessed via a link included in an email (Figure 11B) sent when a primary company places an order with a secondary company. This link is used to access the primary company server 100, and the screen is displayed after logging in (steps 1218 in Figure 8). The order information display screen shows the recipient (contractor), the ordering party (ordering party), information representing the work (order ID, order date, order date, order amount), and the details of the work (name of goods to be transported, quantity, origin, destination). The contractor (e.g., a secondary company) can view the order information display screen to understand the order details.
[0117] The order information display screen includes a "Do not accept" button, which is used when the company does not accept the order, and an "Approve" button, which is used when the company accepts the order. When a user from a secondary company presses the approve button, an approval notification is sent to the primary company server 100 (step 1219 in Figure 8).
[0118] Figure 15 shows an example of a payment confirmation screen.
[0119] The payment confirmation screen shown in Figure 15 is displayed when the secondary company completes its work (step 1302 in Figure 9) (step 1322 in Figure 10). The payment confirmation screen displays the recipient of the payment (the contractor for the outsourced work), information representing the work (order ID, order date, completion date and time, order amount), and details of the work (name of goods to be transported, quantity, origin, destination). The user of the outsourcing company (e.g., the primary company) checks the payment confirmation screen to verify the payment details.
[0120] The payment confirmation screen includes a "View Invoice" button to display the invoice from the secondary company (for example, in PDF format) and an "Approve" button to approve the payment. When a user from the primary company clicks the approve button, the payment approval is notified to the zero-tier company server 100 (step 1323 in Figure 10), and the payment amount information is sent to the third-party server 200 (step 1324 in Figure 10).
[0121] As described above, according to Embodiment 1 of the present invention, in a commercial transaction in which business outsourcing consisting of ordering and receiving is carried out in stages between multiple companies, order and receiving information between companies can be kept confidential. In particular, the amount of the outsourcing, which is highly confidential, can be kept confidential from companies at other stages.
[0122] <Example 2> Next, Embodiment 2 of the present invention will be described. In Embodiment 2, clients 400 and 500, rather than the key management server 300, generate key pairs and create a private key share. In Embodiment 2, the differences from Embodiment 1 will be mainly described, and the same components and processes as in Embodiment 1 will be denoted by the same reference numerals, and their descriptions will be omitted.
[0123] Figure 16 shows the configuration of the order placement and receiving system according to Embodiment 2 of the present invention.
[0124] The order placement and receiving system of Example 2 includes a zero-tier company server 100, a zero-tier company storage device 150, a third-party server 200, a third-party company storage device 250, a key management server 300, a zero-tier client 180, a primary client 400, and a secondary client 500. The zero-tier company server 100, the third-party server 200, the key management server 300, the zero-tier client 180, the primary client 400, and the secondary client 500 are connected via a network. The hierarchical structure of the order placement and receiving system may include a multi-tiered structure that includes not only secondary companies but also tertiary and quaternary companies, but the explanation will focus on a two-tiered order placement and receiving structure from zero-tier to secondary companies.
[0125] The zero-order enterprise server 100 is a computer operated by the zero-order enterprise, and its configuration is the same as in Example 1. The storage device 150 is a storage device operated by the zero-order enterprise, and its configuration is the same as in Example 1.
[0126] The zero-level client 180 is a computer used by a zero-level company to access the zero-level company server 100, and it runs a web browser or a dedicated application.
[0127] The third-party server 200 is a computer operated by a third-party company such as a financial institution, and its configuration is the same as in Example 1. The storage device 250 is a storage device operated by a third-party company, and its configuration is the same as in Example 1.
[0128] The key management server 300 is a computer operated by a company other than a 0th-tier company, and has a communication unit 310, an access rights management unit 320, and a storage unit 350. The communication unit 310 controls communication with other devices. The access rights management unit 320 authenticates primary clients 400 and secondary clients 500 that access the key management server 300 by referring to password information stored in the storage unit 350. The storage unit 350 stores the password information and access rights information used by the access rights management unit 320 for authentication.
[0129] The primary client 400 is a computer used by a primary company to access the zero-level company server 100 and the third-party server 200, and has an input unit 410, an information receiving unit 420, an information transmitting unit 430, a display unit 440, an encryption / decryption unit 450, a key recovery / generation unit 460, a key generation unit 470 (corresponding to the "key generation unit" in the claim), and a splitting unit 480 (corresponding to the "splitting unit" in the claim). Each unit of the primary client 400 may be configured as a web browser or a dedicated application. The dedicated application may be distributed from the third-party server 200 rather than the zero-level company server 100 in order to prevent the zero-level company server 100 from obtaining the key. The input unit 410 accepts data input from the user. The information receiving unit 420 receives data transmitted from other devices. The information transmitting unit 430 transmits data to other devices. The display unit 440 displays the results of the calculation process and the data received from other devices to the user. The encryption / decryption unit 450 decrypts the encrypted data that has been transmitted and generates plaintext data. The key recovery / generation unit 460 recovers and generates the original key from the collected key share. The key generation unit 470 generates a key pair including a private key and a public key for the primary client. The splitting unit 480 splits the private key generated by the key generation unit 470 to generate a private key share. The private key share is preferably generated using the (k,n) secret sharing scheme, but it may be generated by other methods as long as the encryption key can be divided into multiple fragments in some way, such as an electronic splitting code.
[0130] The secondary client 500 is a computer used by a secondary company to access the primary company server 100 and the third-party server 200, and has an input unit 510, an information receiving unit 520, an information transmitting unit 530, a display unit 540, an encryption / decryption unit 550, a key recovery / generation unit 560, a key generation unit 570 (corresponding to the "key generation unit" in the claim), and a splitting unit 580 (corresponding to the "splitting unit" in the claim). Each part of the secondary client 500 may be configured as a web browser or a dedicated application. The dedicated application may be distributed from the third-party server 200 rather than the primary company server 100 in order to prevent the primary company server 100 from obtaining the key. The input unit 510 accepts data input from the user. The information receiving unit 520 receives data transmitted from other devices. The information transmitting unit 530 transmits data to other devices. The display unit 540 displays the results of the calculation process and the data received from other devices to the user. The encryption / decryption unit 550 decrypts the encrypted data that has been transmitted and generates plaintext data. The key recovery / generation unit 560 recovers and generates the original key from the collected key share. The key generation unit 570 generates a key pair including a private key and a public key for the primary client. The splitting unit 580 splits the private key generated by the key generation unit 570 to generate a private key share. The private key share is preferably generated using the (k,n) secret sharing scheme, but it may be generated by other methods as long as the encryption key can be divided into multiple fragments in some way, such as an electronic splitting code.
[0131] Figure 17 is a sequence diagram of the key generation and distribution process in Example 2.
[0132] When the order placement and receiving system starts up, the communication unit 310 of the key management server 300 requests an ID and password from the primary client 400 and the secondary client 500 (1401, 1402).
[0133] In the primary client 400, when the input unit 410 receives the ID and password (1403), the key generation unit 470 generates a key pair including a private key sk1 and a public key pk1 for the primary client, the splitting unit 480 splits the generated private key to generate private key shares sk1-s1 and sk1-s2 (1404), and the information transmission unit 430 sends the ID, password, key pair, and private key shares to the key management server 300 (1405).
[0134] Furthermore, in the secondary client 500, when the input unit 510 receives the ID and password input (1406), the key generation unit 570 generates a key pair including a private key sk2 and a public key pk2 for the secondary client, the splitting unit 580 splits the generated private key to generate private key shares sk2-s1 and sk2-s2 (1407), and the information transmission unit 530 sends the ID, password, key pair, and private key shares to the key management server 300 (1408).
[0135] When the key management server 300 receives an ID, password, key pair, and private key share from a primary client 400 or a secondary client 500, the access rights management unit 320 uses the received ID and password to grant access rights to the private key share and stores the access rights information in the storage unit 350 (1409).
[0136] Subsequently, the communication unit 310 of the key management server 300 transmits the public keys pk1 and pk2, the private key shares sk1-s1 and sk2-s1, and access rights information to the zero-level enterprise server 100 (1410). The zero-level enterprise server 100 stores the received public keys, private key shares, and access rights information in the storage device 150 (1411).
[0137] Furthermore, the communication unit 310 transmits the other private key shares sk1-s2, sk2-s2 and access rights information to the third-party server 200 (1412). The third-party server 200 stores the received private key shares and access rights information in the storage device 250 (1413).
[0138] The number of divisions in the private key and the storage location of the private key shares should be predetermined by the zero-tier company. Alternatively, the number of divisions in the private key and the storage location of the private key shares may be changed for each primary and secondary company.
[0139] The processing after the private key share is stored in the 0th-order enterprise server 100 and the third-party server 200 is the same as in the aforementioned Embodiment 1.
[0140] As described above, in Embodiment 2 of the present invention, clients 400 and 500, rather than the key management server 300, generate key pairs and create private key shares. Therefore, the key management server does not need to maintain the function of generating keys, and the key management server only needs to manage access rights information and password information. In addition, clients 400 and 500 grant access rights information to the private key share and send it along with the password information to the 0th-level enterprise server 100 and the third-party server 200.
[0141] <Example 3> Next, Embodiment 3 of the present invention will be described. In Embodiment 3, the secret sharing threshold k is set to 3 or more. That is, there are two or more third-party companies, and the secret key share is held by three or more companies, including the zero-tier company. Note that in Embodiment 3, the differences from Embodiment 1 will be mainly explained, and the same components and processes as in Embodiment 1 will be denoted by the same reference numerals, and their explanations will be omitted. In this embodiment, the key share can be distributed and managed among multiple companies, and the key share holders do not have to be the zero-tier company and financial institutions. For example, a system provider, a certification body, or a public institution may hold the key share.
[0142] According to Embodiment 3 of the present invention, even if a 0th-tier company or a third-party company illegally obtains one private key share managed on their respective servers, and then illegally obtains a second private key share from another company, they cannot recover the encryption key unless they obtain a private key share from one or more other companies. Therefore, the deterrent effect on viewing order information by 0th-tier companies and third-party companies is enhanced. Furthermore, since an attacker cannot recover the encryption key unless they obtain three or more private key shares, the deterrent effect on the leakage of order information to attackers is enhanced.
[0143] <Example 4> Next, Embodiment 4 of the present invention will be described. In Embodiment 4, an electronic signature is added to the order information to prevent tampering with the order information. In Embodiment 4, the differences from Embodiment 1 will be mainly described, and the same components and processes as in Embodiment 1 will be denoted by the same reference numerals, and their descriptions will be omitted.
[0144] In Example 4, an electronic signature is attached to the order information to prevent tampering with the invoice amount when the secondary company requests payment from the primary company after delivery is complete. For example, in step 1216 of Figure 8, an electronic signature (e.g., the hash value of the order information) is attached to the approval of the order information sent from the secondary client 500 to the primary company server 100, and the electronic signature is sent to the primary company server 100. In step 1319 of Figure 10, when approving the completion of the outsourced work, the primary client 400 verifies that the electronic signature obtained from the order information matches the electronic signature given by the secondary client 500. If they match, approval is possible; if they do not match, approval is not possible. This prevents the secondary company from tampering with the invoice amount when approving payment to the primary company.
[0145] <Example 5> Next, Embodiment 5 of the present invention will be described. In Embodiment 5, single sign-on is achieved between servers. In Embodiment 5, the differences from Embodiment 1 will be mainly described, and the same components and processes as in Embodiment 1 will be denoted by the same reference numerals, and their descriptions will be omitted.
[0146] In Example 5, single sign-on is implemented between the primary enterprise server 100 and the third-party server 200. Specifically, an existing proxy authentication method is used, and each of the primary client 400 and secondary client 500 described in Example 1 has a dedicated agent. Once authentication by the key management server is successful, the dedicated agent automatically inputs the ID, password, and IP address during subsequent authentications. This eliminates the need for users to enter their passwords each time the primary client 400 or secondary client 500 requests the acquisition of a private key share from the primary enterprise server 100 or the third-party server 200, thus reducing the number of times users need to enter their passwords.
[0147] It should be noted that the present invention is not limited to the embodiments described above, but includes various modifications and equivalent configurations within the spirit of the attached claims. For example, the embodiments described above are described in detail for the purpose of clearly illustrating the present invention, and the present invention is not necessarily limited to having all the described configurations. Furthermore, some of the configurations of one embodiment may be replaced with those of another embodiment. Furthermore, configurations of other embodiments may be added to the configuration of one embodiment. Furthermore, some of the configurations of each embodiment may be added, deleted, or replaced with those of other embodiments.
[0148] Furthermore, each of the aforementioned configurations, functions, processing units, and processing means may be implemented in hardware, for example, by designing them as integrated circuits, or they may be implemented in software by having a processor interpret and execute programs that realize each function.
[0149] Information such as programs, tables, and files that implement each function can be stored in memory, hard disks, SSDs (Solid State Drives), or other storage media such as IC cards, SD cards, and DVDs.
[0150] Furthermore, the control lines and information lines shown are those deemed necessary for explanation purposes and do not necessarily represent all control lines and information lines required for implementation. In reality, it can be assumed that almost all components are interconnected. [Explanation of Symbols]
[0151] 100 0th-tier enterprise server 110 Email Notification Department 120 Order Information Transmission / Reception Unit 130 Share PK Transmission Unit 140 Authentication Department 150 Storage device 180 0th client 200 Third-party servers 210 Share transmission section 220 Amount receiving unit 230 Certification Department 250 Storage device 300 Key Management Server 310 Communications Department 320 Access Rights Management Department 330 Split section 340 Key generation section 350 Storage section 400 Primary Clients 410 Input section 420 Information Receiving Unit 430 Information Transmission Unit 440 Display section 450 Encryption and Decryption Unit 460 Key Recovery / Generation Unit 470 Key generation section 480 Split section 500 Secondary Clients 510 Input section 520 Information Receiving Unit 530 Information Transmission Unit 540 Display section 550 Cryptography and Decryption Unit 560 Key Recovery and Generation Unit 570 Key generation section 580 Split section
Claims
1. A system for managing the ordering and receiving of business in commercial transactions where business outsourcing consisting of ordering and receiving is carried out in stages between multiple companies, A first arithmetic unit that executes programs and a first storage device accessible by the first arithmetic unit, and a zero-level server that manages order information and order information, A key management server has a second arithmetic unit for executing a program and a second storage device accessible by the second arithmetic unit, and manages encryption keys for encrypting the order information and the order information. A third arithmetic unit that executes a program and a third storage device accessible by the third arithmetic unit, and a plurality of key share holding servers each holding a portion of a plurality of key shares generated from the key, A terminal comprising a fourth arithmetic unit for executing a program and a fourth storage device accessible by the fourth arithmetic unit, and to which the order information and the order information are input and output, The aforementioned key management server, The second computing unit includes an access rights management unit that assigns authentication information of a company capable of acquiring the key share to the key share, The second computing unit includes a communication unit that distributes the key share to the key share holding server, The aforementioned terminal is The fourth computing unit includes an information transmission unit that requests the key share from the key share holding server, The fourth arithmetic unit includes a key recovery and generation unit that recovers an encryption key from the acquired multiple key shares, The fourth arithmetic unit includes an encryption / decryption unit that uses the recovered encryption key to encrypt the input order information and decrypt the order information, The fourth arithmetic unit includes a display unit that displays the decoded order information, The information transmission unit transmits the encrypted order information to the zero-level server. The order placement and receiving system is characterized in that the key share holding server has an authentication unit that determines whether or not to transmit the key share to each terminal based on the authentication information.
2. The order placement and receiving system according to claim 1, After receiving notification from the zero-level server, the information transmission unit sends the authentication information to the key share holding server and requests the key share. The key recovery and generation unit recovers the encryption key from the key share obtained from the multiple key share holding servers. The encryption / decryption unit decrypts the order information received from the zero-level server using the recovered encryption key. The order placement and receiving system is characterized in that the display unit displays the decoded order information.
3. The order placement and receiving system according to claim 1, The information transmission unit, upon completion of the outsourced work, obtains the order information for the completed outsourced work from the zero-level server, transmits the authentication information to the key share holding server, and requests the key share. The key recovery and generation unit recovers the encryption key from the key share obtained from the multiple key share holding servers. The encryption / decryption unit uses the recovered encryption key to decrypt the order information received from the zero-level server. The order placement and receiving system is characterized in that the display unit displays the decoded order information and prompts approval for the completion of the commissioned work.
4. The order placement and receiving system according to claim 1, The aforementioned terminal is The key share is requested from the key share holding server, An order placement and receiving system characterized by acquiring the key share from each of the key share holding servers without going through the zero-level server.
5. The order placement and receiving system according to claim 1, The aforementioned key management server, The second arithmetic unit includes a key generation unit that generates the encryption key, An order placement and receiving system characterized in that the second computing unit has a division unit that generates a plurality of key shares from the encryption key.
6. The order placement and receiving system according to claim 1, The aforementioned terminal is The fourth arithmetic unit includes a key generation unit that generates the encryption key, An order placement and receiving system characterized in that the fourth arithmetic unit has a division unit that generates a plurality of key shares from the encryption key.
7. An order placement and receiving system according to claim 5 or 6, The partitioned section generates the key share using a (k,n) threshold secret sharing scheme. The order placement and receiving system is characterized in that the communication unit distributes (k-1) or fewer key shares to each of the key share holding servers.
8. In a commercial transaction in which outsourcing of work consisting of ordering and receiving is carried out in stages between multiple companies, the order management system manages the ordering and receiving of work, The order placement and receiving system includes a first arithmetic unit that executes programs and a first storage device accessible by the first arithmetic unit, and a zero-level server that manages order information and order information; a second arithmetic unit that executes programs and a second storage device accessible by the second arithmetic unit, and a key management server that manages encryption keys for encrypting the order information and order information; a third arithmetic unit that executes programs and a third storage device accessible by the third arithmetic unit, and a plurality of key share holding servers, each holding a portion of a plurality of key shares generated from the key; a fourth arithmetic unit that executes programs and a fourth storage device accessible by the fourth arithmetic unit, and a terminal to which the order information and order information are input and output. The aforementioned order management method is: The second computing unit assigns authentication information of a company capable of acquiring the key share to the key share, The second computing unit distributes the key share to the key share holding server, The fourth computing unit requests the key share from the key share holding server, The third computing device determines whether or not to transmit the key share to each terminal based on the authentication information. The fourth arithmetic unit recovers the encryption key from the multiple key shares acquired, The fourth computing unit encrypts the order information using the recovered encryption key, The fourth computing unit transmits the encrypted order information to the zero-level server. The fourth computing unit decrypts the order information received from the zero-order server using the recovered encryption key, A method for managing orders, characterized in that the fourth computing unit displays the decoded order information.