JP2006279349A - Schema document processing device and schema document processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a schema document processing device which has even convenience, capable of enciphering the optional part of a document, and is also capable of subjecting the enciphered document appropriately with respect to schema verification. <P>SOLUTION: The schema document processing device 21 is equipped with an input/output unit 211, which designates a part of the document which is required to be enciphered and a schema document processing unit 201 which produces a second schema document where its designated part is enciphered, and the enciphered part is capable of passing schema verification, corresponding to a first schema document which is capable of passing a schema verification, before it is enciphered. The schema document processing unit 201 sets messages which are transmitted so as to enable some partner, who can decipher the designated part to acquire the first schema document and to enable the other partner who cannot decipher the designated part so as to enable acquiring the second schema document. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a schema document processing apparatus and a schema document processing method that grammatically define the structure and contents that a document can take in structured documents such as XML and SGML.

  In recent years, a web service has been developed in which different services executed by a plurality of network devices are linked without human intervention to realize a series of processes. In the web service, an XML document is transmitted / received between a plurality of services, information is transmitted, and a series of processes proceeds. One of the technologies that support web services is the schema processing technology. In the technical field of structured documents such as XML and SGML, a schema is a grammatical definition of the structure and contents that a document can take. A language for describing a schema is called a schema language. Examples of schema languages for XML include DTD (Document Type Definition), W3C XML Schema, and RELAX NG. A specific description using a schema language is called a schema document.

  Since a web service is executed without human intervention, it is necessary to clearly define the format and meaning of the input / output data of the service so that machine processing is possible. If data that conforms to the rules is not passed, not only will the service return an incorrect result, but the service itself may go down. The above-mentioned problem can be avoided by defining a document allowed as an input or output of a service by a schema document and using the service after verifying whether a document passed between services satisfies the schema. In the technical field of XML, when a certain XML document D1 conforms to the tagging rules of the XML standard, it is said that “document D1 is well-formed”, and a schema document S with a certain XML document D2 defines. When all the element names, element hierarchical relationships, content types, and the like are satisfied, it is referred to as “document D2 is valid”. Needless to say, a document must be well-formed in order to be valid.

  Another technology that supports web services is encryption / decryption processing technology. As an international standard of encryption for XML documents, there is XML encryption (XML Encryption). When XML encryption is used, the substructure can be encrypted from any element in the document. In web services, the same document is often delivered and processed by a plurality of services, or a part of the document is copied and used by a plurality of services. At this time, there is a case where a part of the document can be used only for a specific service and kept secret from other services due to security requirements.

  For example, consider that a purchase order including credit card contents is transferred while adding information to the orderer, the bookstore, the credit card company, and the courier, and a series of processing is proceeded. At this time, it is desirable from the viewpoint of security that only the credit card company can process the portion of the credit card contents, and that only the credit settlement is transmitted to the bookstore and the delivery company. When XML encryption is used, the element describing the credit card contents by the orderer can be encrypted with an encryption key disclosed by the credit card company. At this time, only the credit card company can decrypt and use the encrypted elements, so that the book store and the delivery company do not need to know the contents of the credit card.

  7 and 8 are diagrams illustrating examples of schema documents. FIG. 9 is a diagram illustrating an example of an XML document that satisfies the rules indicated by the schema document illustrated in FIGS. 7 and 8. FIG. 10 is a diagram showing an example of a document obtained by encrypting a part of the XML document shown in FIG. For example, in the XML document shown in FIG. 9, let us consider encrypting a structure (ie, from the start tag <bo: creditCardInfo> to the end tag </ bo: creditCardInfo>) from the creditCardInfo element indicating the credit card contents. When encryption is performed using XML encryption, as shown in FIG. 10, this part is replaced with a lower structure from the EncryptData element. Here, if the schema document does not assume that the document element is encrypted, the encrypted document is determined to be invalid by the schema verification. For example, it is assumed that the schema document that defines the XML document in FIG. 9 is described as shown in FIGS. 7 and 8 using W3C XML Schema. That is, it is assumed that the schema document bo.xsd specified by the xsi: schemaLocation attribute in (C) of FIG. 9 is the one shown in FIGS. At this time, the XML document in FIG. 10 does not satisfy the rules of the schema document in FIG.

  Since invalid documents are inappropriate as input or output of the service, a series of processing in the web service does not end normally. On the other hand, for example, in the technique disclosed in Patent Document 1, the location and contents for changing the rules of the schema document are decided in advance, and the change rules describing this agreement are shared by each service, and at the time of validity verification When document elements that do not satisfy the specifications of the schema document appear, validity verification is performed again with the rules changed by applying the change rule.

JP 2004-342020 A

  However, the conventional technique has the following problem when it is desired to encrypt an arbitrary document element. First, in general verification processing, verification fails unless the specification of the schema document is satisfied. Therefore, when a document element that is not allowed to be encrypted in the schema document is encrypted, verification of the document including the element fails. In order to avoid this, it is necessary for the schema document creator to describe in advance in the schema document that the document element can be replaced in consideration of encryption requests by various service providers.

  For example, in FIG. 9, the orderer may want to encrypt the creditCardInfo element or less, may want to individually encrypt the cardNumberInfo element and the validThru element, or may want to encrypt the payerInfo element and the following together. Considering such various encryption possibilities, the schema description becomes complicated. If the schema description becomes complicated, not only will it take a lot of man-hours for the description, but also the possibility of description errors will increase, making subsequent expansion and maintenance difficult. The above problem also applies to the change rule disclosed in Patent Document 1.

  First, if the change rule is not described, the verification fails, so that any part cannot be encrypted. Also, if a change rule is created in consideration of the encryption request by the service provider, the change rule increases and becomes complicated. Furthermore, since change rules need to be shared by each service, maintenance to maintain consistency is difficult when changes or additions to the change rules occur.

  Another issue is that in the schema document that an element in the schema description can be replaced with an encrypted element, or what information is contained in the encrypted element when described as the change rule. Can be known by a service that cannot originally decrypt the information. For example, if it is known that the encrypted information is credit card information, there is a risk of being exposed to unauthorized decryption by a malicious attacker. Thus, it is not preferable from the viewpoint of encryption that the schema description and the change rule are widely known.

  Therefore, the present invention has been made in view of the above problems, and provides a schema document that can appropriately verify a schema of an encrypted document while having the convenience of being able to encrypt an arbitrary element of the document. It is an object to provide a processing device and a schema document processing method.

  In order to solve the above-described problem, the present invention provides a designation unit that designates a location to be encrypted in a document and a first schema document in which the document before encryption can pass the schema verification. Generation means for generating a second schema document that allows the encrypted document to pass the schema verification, and the first schema document can be acquired by a partner that can decrypt the designated place, and the designated place is decrypted. A schema document processing apparatus comprising setting means for setting a message to be transmitted so that the second schema document can be acquired for an impossible party. According to the present invention, it is possible to appropriately perform schema verification on an encrypted document while providing the convenience that an arbitrary element of the document can be encrypted.

  The generation unit generates the second schema document for each different encryption key. The setting means applies the same encryption to the entity or reference of the first schema document when a portion in the document is encrypted. Thereby, acquisition of the schema document according to the other party can be realized. The schema document processing apparatus of the present invention further includes verification means for performing schema verification using at least one of the first schema document and the second schema document. The schema document processing apparatus of the present invention further includes processing means for performing a predetermined process for a valid document as a result of the schema verification.

  The present invention provides a step of designating a portion to be encrypted in a document and a first schema document that can pass the pre-encryption document by schema validation. Generating a second schema document that can be passed in the step, and obtaining the first schema document for a partner that can decrypt the designated location, and the second schema document for a partner that cannot decrypt the designated location. A schema document processing method including: setting a message to be transmitted so that the schema document can be acquired. According to the present invention, it is possible to appropriately perform schema verification on an encrypted document while providing the convenience that an arbitrary element of the document can be encrypted.

  The schema document processing method of the present invention further includes a step of generating the second schema document for each different encryption key.

  The schema document processing method of the present invention further includes a step of applying the same cipher as that when a portion in the document is encrypted to the entity or reference of the first schema document. Thereby, acquisition of the schema document according to the other party can be realized. The schema document processing method of the present invention further includes a step of performing schema verification using at least one of the first schema document and the second schema document. The schema document processing method of the present invention further includes a step of performing a predetermined process for a valid document as a result of the schema verification.

  According to the present invention, it is possible to provide a schema document processing apparatus and a schema document processing method capable of appropriately performing schema verification on an encrypted document while having the convenience that an arbitrary element of the document can be encrypted. Can do.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to examples.

  FIG. 1 is a diagram showing a system configuration according to the first embodiment of the present invention. As shown in FIG. 1, the system 1 includes service devices 21 to 2n. These are connected via the network 3. The service device 21 includes a schema document processing unit 201, a message reception unit 202, a message transmission unit 203, a message storage unit 204, a document storage unit 205, a schema document storage unit 206, a schema verification unit 207, an encryption unit 208, and a decryption unit. 209, a service processing unit 210 and an input / output unit 211.

  Each service device 21-2n transmits and receives messages via the public network 3 and executes a series of processes. Here, the service includes, for example, hotel reservation, aircraft reservation, rental car reservation and the like. A message to be transmitted / received is in a SOAP envelope format (that is, an XML document format), and an XML document serving as an input / output of the service processing unit 210 is included in the body of the SOAP envelope. Before the XML document is passed to the service processing unit 210 that actually processes the service, verification by the schema verification unit 207 is performed, and only a valid document is processed by the service processing unit 210. In this embodiment, W3C XML Schema is used as the schema language. In this embodiment, an arbitrary element (s) in a document is encrypted using a single encryption key that allows only a specific service device to decrypt the contents. The input / output unit 211 is for specifying a portion to be encrypted in the document. The encryption key is held in the encryption unit 208.

  The schema document processing unit 201 generates a second schema document in which a document whose designated portion is encrypted can pass in the schema verification according to the first schema document in which the document before encryption can pass in the schema verification, A message to be transmitted is set so that the first schema document can be acquired for a partner that can decrypt the designated part and the second schema document can be obtained for a partner that cannot decrypt the designated part. At this time, the schema document processing unit 201 applies the same encryption as when the portion in the document is encrypted to the entity or reference of the first schema document. Here, the actual state of the schema document is the schema document itself. The schema verification unit 207 performs schema verification using the first schema document or the second schema document. The service processing unit 210 performs predetermined processing on a valid document as a result of the schema verification.

  FIG. 2 is a diagram schematically illustrating processing executed by the schema document processing unit 201 before the SOAP envelope 31 is transmitted to the other service devices 22 to 2n. FIG. 5 is a diagram showing a processing flow of the schema document processing unit 201 related to the processing described in FIG.

  In step S11, the schema document processing unit 201 receives an instruction of an element to be encrypted in the XML document D. Reference numeral 32 indicates an element to be encrypted. In step S <b> 12, the schema document processing unit 201 detects, from the schema document S, a portion where the definition of the element 32 to be encrypted exists. In step S13, the schema document processing unit 201 determines that the same type of element as the element 32 to be encrypted exists in the other part of the XML document D, and all the same type of elements are to be encrypted ( The process proceeds to step S14) and step S16. In step S13, when the same type of element as the element 32 to be encrypted does not exist in the other part of the XML document D, the process proceeds to step S16.

  In step S16, a schema document S 'is generated by replacing the portion where the definition of the element to be encrypted in the original schema document S is described with the schema description defining the encrypted element. In the example of FIGS. 9 and 10, the schema document S in this process is as shown in FIGS. 7 and 8, and the newly generated schema document S ′ is shown in FIGS. ) Is replaced with a schema description below the <EncryptedData> element defined in the XML encryption standard.

  If an element of the same type as the element to be encrypted exists in another part of the document and the same type of element is not encrypted, the newly-created schema document S ′ includes the element before encryption and the encryption. The definition of both elements after conversion must be included. Therefore, for the elements to be encrypted that have the same type, the place where the definition of the element to be encrypted in the original schema document S is described is either the element before encryption or the element after encryption. The schema document S ′ is generated by replacing the encrypted description with the schema description that defines the encrypted elements in other portions (step S15). Referring to FIGS. 9 and 10 as an example of a schema description in which one of the elements can be selected, the schema document S ′ is immediately below <EncryptedData> element immediately after <xsd: choice> immediately before FIG. </ Xsd: choice> is inserted immediately after FIG. 8B. The schema description can be changed by actually overwriting or importing the schema description.

  In step S17, the schema document processing unit 201 causes the encryption unit 208 to encrypt the element. In step S18, the schema document processing unit 201 replaces the schema document referenced from the XML document D from S to S 'in the "schema assignment and enveloping" in FIG. In step S19, the schema document processing unit 201 generates a SOAP envelope 31 having the XML document D in the SOAP body 33 and the schema reference to S in the SOAP header 34. For this reason, the original schema document S is referenced from elements in the SOAP header 34 of the SOAP envelope 31 including the XML document D.

  In step S <b> 20, the schema document processing unit 201 causes the encryption unit 208 to encrypt the schema reference of the SOAP header 34 using the same encryption key as the encryption of the element. That is, the header element is encrypted using the same encryption key as the encryption of the document element. For this reason, the service device that can decrypt the element of the document can also decrypt this header element, so that the original schema document S can be obtained. In this embodiment, the xsi: schemaLocation attribute is also used in the SOAP header for schema reference. In step S 21, the SOAP envelope 31 is transmitted to the public network 3 using the message transmission unit 203.

  FIG. 3 is a diagram schematically showing processing executed by the schema document processing unit 201 when the encrypted portion can be decrypted after the SOAP envelope 31 is received from another service apparatus via the public network 3. . FIG. 4 is a diagram schematically showing processing executed by the schema document processing unit 201 when the encrypted portion cannot be decrypted after the SOAP envelope 31 is received from another service device via the public network 3.

FIG. 6 is a diagram illustrating a processing flow of the schema document processing unit 201 related to the processing described in FIGS. 3 and 4. In step S <b> 31, the schema document processing unit 201 tries the decryption unit 209 to decrypt the header 34 of the received SOAP envelope 31. If the header 34 cannot be decrypted in step S32, the schema document processing unit 201 proceeds to step S33. If the schema document processing unit 201 does not include the schema reference in the decrypted part in step S34, the process proceeds to step S33.
In this case, since the schema document S cannot be obtained, the schema document S ′ referred to by the document D is used in the subsequent schema verification. That is, in step S33, the schema document processing unit 201 extracts the XML document D in the body 33 from the received SOAP envelope 31, stores it in the document storage unit 205, and proceeds to step S38.

  If the header 34 can be decrypted and the decrypted portion includes a schema reference, the schema document S can be obtained from the schema reference 35 of the header 34. In step S35, the schema document processing unit 201 uses the received schema reference of the document D in the body 33 of the SOAP envelope 31 as a reference to the schema document S so that the schema document S is used in the subsequent schema verification. Replace. In step S 36, the schema document processing unit 201 extracts the document D in the body 33 from the received SOAP envelope 31 and stores it in the document storage unit 205. In step S37, the schema document processing unit 201 decrypts the encrypted element in the document. In step S38, the schema document processing unit 201 causes the schema verification unit 207 to verify the validity of the schema. If it is appropriate in step S39, the verified document is passed to the service processing unit 210 in step S40, and the service is executed.

The embodiment of the present invention has been described above. In the description so far, the description has been based on the XML-related technology that has already been standardized.
1) The document is structured in a tree structure format,
2) There is a schema language for the tree structure format,
3) There is an encryption method for the subtree of the tree structure,
4) Metadata can be added to the document,
5) It is obvious that the present invention can be applied when the metadata can be encrypted by the encryption method.

  Next, a second embodiment of the present invention will be described. In the first embodiment, one encryption key that can be decrypted by a specific service device is used. This may be verified by using a schema document generated for each encryption key by preparing a plurality of encryption keys, encrypting each encryption key in association with the encrypted portion of the document. By using the encryption key and encryption location properly, it is possible to control the location where the contents can be known for a plurality of service devices in one document, and each service device with a schema document corresponding to the encryption Can be verified. In the book ordering example described above, in addition to encrypting the credit card content, the ordered content may be encrypted so that the credit card company does not know the specific name of the book. it can. The configuration of the service device is the same as that of the first embodiment, and will be described with reference to FIG.

  FIG. 11 is a diagram illustrating a schematic diagram of the SOAP envelope 131 and the XML document D in a case where encryption with different encryption keys is performed at a plurality of locations of a document for different services. As for processing in the schema document processing unit 201, a new schema document is generated for each encryption key. A reference to the original schema document is not written in the SOAP header 34, but a plurality of schema documents corresponding to elements that can be decrypted are written in the SOAP header 34.

  The hatched portion 41 in FIG. 11 and the hatched portion 42 of the lattice are portions encrypted with different encryption keys. The schema document S1 allows a document including an encryption element of a lattice part and a decrypted hatched part. The schema document S2 includes an encrypted element with a hatched portion and allows a document with a lattice portion decrypted. The schema document S3 allows a document including encrypted elements of a hatched portion and a lattice portion.

  Next, the processing of the schema verification unit 201 performs verification for each schema reference and document element that can be decrypted corresponding to one encryption key. Only when all the verifications are valid, the service processing unit 210 passes the document to execute the service. The document delivered here is a document obtained by decrypting all document elements that can be decrypted by the service device. The process when there is no portion that can be decoded is the same as in the first embodiment.

  Referring to the example of FIG. 11, when a certain service device can decode both the hatched portion and the lattice portion, verification when the hatched portion is decoded and verification when the lattice portion is decoded are performed. . If any verification is valid, a document obtained by decoding the hatched portion and the lattice portion is passed to the service processing unit 210.

  In each of the above embodiments, the reference to the schema document is used. However, it may be configured so that the schema document is included in the document and the envelope as an entity. In the above embodiment, the reference to the original schema document is described in the header of the envelope. This may include a reference to the schema document in the encrypted part of the document, and if the reference to the schema document is included after decryption, the schema reference of other parts in the document may be deleted. .

  In the above embodiment, a plurality of service devices perform distributed processing via a network. Alternatively, a shared document storage device may exist and each service device may access it. In this case, the processes 1 to 4 in FIG. 2 are performed before writing to the shared document storage device, and writing is performed instead of “transmission” 5. Then, at the time of reading from the shared document storage device, reading is performed instead of “reception” of 1 in FIGS. In the above-described embodiment, the encryption unit has an encryption key corresponding to the service device. However, the encryption unit may be configured to appropriately distribute the encryption key. The distribution method may be a network method such as a public key method or a method using an access control ticket, or may be a physical method such as mailing a medium on which a key is recorded.

  In the present invention, when an arbitrary element of a document is encrypted, a schema document in which the document including the encrypted element is valid is generated. Then, the schema document can be obtained from the document including the encrypted element, and the schema document including the decrypted element is valid for the service capable of decrypting the encrypted element. It was made available. Therefore, the side that encrypts the document can encrypt any element of the document without being bound by the original schema. Then, the side receiving the encrypted document can verify the received document using the schema document corresponding to the element that can be decrypted.

  The schema document processing method according to the present invention is realized using, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and the program is stored in a hard disk device, a CD-ROM, Each step is realized by installing from a portable storage medium such as a DVD or a flexible disk, or downloading from a communication circuit, and the CPU executing this program.

  Although the preferred embodiments of the present invention have been described in detail above, the present invention is not limited to the specific embodiments, and various modifications, within the scope of the gist of the present invention described in the claims, It can be changed.

It is a figure which shows the system configuration | structure concerning the Example of this invention. It is a figure explaining the process which a schema document process part performs before transmitting a certain document D via a public network. It is a figure explaining the process which a schema document process part performs, when an envelope containing a certain document D is received via a public network and an encryption part can be decoded. It is a figure explaining the process which a schema document process part performs, when an envelope containing a certain document D is received via a public network and an encryption part cannot be decoded. It is a figure which shows the processing flow of the schema document process part in connection with the process demonstrated in FIG. FIG. 5 is a diagram illustrating a processing flow of a schema document processing unit related to the processing described in FIGS. 3 and 4. It is a figure which shows the first half part of an example of a schema document. It is a figure which shows the latter half part of an example of a schema document. FIG. 9 is a diagram illustrating an example of an XML document that satisfies a rule indicated by the schema document illustrated in FIGS. 7 and 8. It is a figure which shows the example of the document which encrypted some XML documents shown in FIG. It is a figure explaining the case where the encryption by a different encryption key is performed in several places of a document for different services.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 System 21-2n Service apparatus 3 Network 201 Schema document processing part 202 Message receiving part 203 Message transmission part 204 Message storage part 205 Document storage part 206 Schema document storage part 207 Schema verification part 208 Encryption part 209 Decryption part 210 Service processing Section 211 Input / output section

Claims (10)

A specifying means for specifying a portion to be encrypted in the document;
Generating means for generating a second schema document in which the document encrypted in the designated portion can pass in the schema verification according to the first schema document in which the document before encryption can pass in the schema verification;
A setting for setting a message to be transmitted so that the first schema document can be acquired for a partner that can decrypt the designated location, and the second schema document can be obtained for a partner that cannot decrypt the designated location. And a schema document processing apparatus. The schema document processing apparatus according to claim 1, wherein the generation unit generates the second schema document for each different encryption key. 2. The schema document processing apparatus according to claim 1, wherein the setting unit applies the same encryption as when the portion in the document is encrypted to the entity or reference of the first schema document. 2. The schema document processing apparatus according to claim 1, further comprising verification means for performing schema verification using at least one of the first schema document and the second schema document. 5. The schema document processing apparatus according to claim 4, further comprising processing means for performing predetermined processing on a valid document as a result of the schema verification. Specifying the location to be encrypted in the document;
Generating a second schema document in which the specified portion of the encrypted document can pass the schema verification in response to a first schema document that the document before encryption can pass the schema verification;
A step of setting a message to be transmitted so that the first schema document can be acquired for a partner that can decrypt the designated location, and the second schema document can be obtained for a partner that cannot decrypt the designated location. When,
A schema document processing method comprising: 7. The schema document processing method according to claim 6, further comprising the step of generating the second schema document for each different encryption key. 7. The schema document processing method according to claim 6, further comprising the step of applying the same encryption as that used when encrypting a portion in the document to the entity or reference of the first schema document. The schema document processing method according to claim 6, further comprising a step of performing schema verification using at least one of the first schema document and the second schema document. The schema document processing method according to claim 9, further comprising a step of performing a predetermined process on a valid document as a result of the schema verification.

Images