CN101089880A - Electronic signature method - Google Patents
Electronic signature method Download PDFInfo
- Publication number
- CN101089880A CN101089880A CNA2007100168619A CN200710016861A CN101089880A CN 101089880 A CN101089880 A CN 101089880A CN A2007100168619 A CNA2007100168619 A CN A2007100168619A CN 200710016861 A CN200710016861 A CN 200710016861A CN 101089880 A CN101089880 A CN 101089880A
- Authority
- CN
- China
- Prior art keywords
- signature
- leaf
- file
- page
- signing messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
An electronic-signing method includes obtaining file to be signed, obtaining signature information with signature time, generating digital abstract according to said file to be signed and said signature information or generating signature result according to said file to be signed and said signature information.
Description
Technical field
The present invention relates to a kind of electric endorsement method, relate in particular to a kind of visual electronic signature method.
Background technology
The method that signs electronically in the prior art is: at first, file is calculated one section code, i.e. digital digest by the hash algorithm that both sides arrange.Guarantee that on mathematics as long as change in the described file any one, the digital digest value that recalculates will not conform to original value; Secondly, this digital digest value is encrypted with sender's private key, send to the recipient together with original then, and the digital digest that produces promptly claims digital signature; At last, after the take over party receives digital signature, message is calculated digest value, be decrypted the digital digest value of untiing with public-key cryptography then and compare, as equating then to illustrate that my file is really from alleged sender with the sender with same hash algorithm.
In said process, the electronic signature of generation is being followed the file of being signed as annex usually.Electronic signature can not be told signer's identity intuitively, usually to lean on other means to learn, as the user name etc. of e-mail or directly inform by the signer, the signer who is informed is insecure. the signer also will send his digital certificate usually, the addressee could the last identity of determining the signer with the public key verifications of CA (Certificate Authority, certification authority).Therefore, demand occurring a kind of method of electronic signature intuitively urgently.
In addition, in said process, electronic signature does not combine with the time.Because the time of the main frame at operation of electronic signature place is to change, and can arbitrarily be changed, and does not have uniqueness, therefore the real time that can't learn described operation of electronic signature.Secondly, the positional factor at signature operation place is not taken into account in the process of above-mentioned electronic signature, thereby its signature does not change with the variation of signature position yet, the result of its electronic signature is the same with respect to different signature positions (place in other words), thereby do not have uniqueness on the space, also just can't obtain the positional information of concrete operation of electronic signature.
Therefore, demand occurring the method for the electronic signature of a kind of time uniqueness that can guarantee operation of electronic signature or space uniqueness urgently.
Summary of the invention
Technical matters to be solved by this invention is, provides a kind of feasible electronic signature to have the electric endorsement method of time uniqueness or space uniqueness.
In order to address the above problem, the present invention proposes a kind of electric endorsement method, may further comprise the steps:
Signature file is treated in a, acquisition;
B, acquisition comprise the signing messages of signature time or signature operation position;
C, generate digital digest according to described signature file and the described signing messages treated; Perhaps, produce the signature result according to described signature file and the described signing messages treated.
Another technical matters to be solved by this invention is, a kind of visual electronic signature method is provided.
In order to address the above problem, the present invention proposes a kind of electric endorsement method, and it is by increasing following steps between described step a and step b:
A1, generate target signature page or leaf according to the described signature file for the treatment of;
Increase following steps between step b and the step c:
B1, in described target signature page or leaf, add the signing messages posting field;
B2, described signing messages is added into described signing messages posting field generates the signature page or leaf;
And step c is specially at least according to described signature page or leaf and utilizes hash algorithm to generate described digital digest; Perhaps, at least described signature page or leaf is carried out PKI (Public Key Infrastructure, Public Key Infrastructure) digital signature and produce the signature result.
Wherein, described step a1 is specially:
The signature user uses picture or literal as target signature page or leaf;
And described step c is specially according to described and treats signature file and described signature page or leaf and utilize hash algorithm to generate described digital digest; Perhaps, treat that to described signature file and described signature page or leaf carry out the PKI digital signature and produce the signature result.
Wherein, described step a1 specifically can also be:
Judge the described form for the treatment of signature file,
If text formatting then is converted to the target signature page or leaf of picture format to the described signature file part for the treatment of of major general; And, described step c is specially according to described and treats the remainder and the described signature page or leaf of signature file and utilize hash algorithm to generate described digital digest, perhaps, the described of remainder treated that signature file and described signature page or leaf carry out the PKI digital signature and produce the signature result;
If picture format, then to major general's one part directly as target signature page or leaf; And, described step c is specially according to described and treats the remainder and the described signature page or leaf of signature file and utilize hash algorithm to generate described digital digest, perhaps, the described of remainder treated that signature file and described signature page or leaf carry out the PKI digital signature and produce the signature result;
If extended formatting except that text formatting and picture format, then the user uses any picture or literal as target signature page or leaf; And described step c is specially according to described and treats signature file and described signature page or leaf and utilize hash algorithm to generate described digital digest, perhaps, treats that to described signature file and described signature page or leaf carry out the PKI digital signature and produce the signature result.
Wherein, also comprise between described step b2 and the step c:
C0, judge whether the described signature file for the treatment of also comprises annex, if comprise, the content that generates described digital digest institute basis among the then described step c also comprises described annex, and the object that perhaps carries out the PKI digital signature also comprises described annex.
Preferably, the signing messages posting field among the described step b1 is the frame around the described target signature page or leaf.
Wherein, described step b2 is specially:
Described signing messages is write in the described signing messages posting field, and the target signature page or leaf that writes this moment behind the described signing messages becomes the signature page or leaf.
In order to realize second above-mentioned goal of the invention, can also comprise also between step a and step b that the signature user uses any picture or the literal step as the signature page or leaf;
And, described step c is specially according to described and treats signature file, described signature page or leaf and described signing messages and utilize hash algorithm to generate digital digest, perhaps treats that to described signature file, described signature page or leaf and described signing messages carry out the PKI digital signature and produce the signature result.
Wherein, also comprise between described step b and the step c:
C0, judge whether the described signature file for the treatment of also comprises annex, if comprise, the content that generates described digital digest institute basis among the then described step c also comprises described annex, and the object that perhaps carries out the PKI digital signature among the step c also comprises described annex.
Optionally, in the described signing messages except that described signature operation position from signature operation place main frame obtains, remaining information obtains from server.
Implement the present invention and can realize the intuitive visualization that signs electronically, and the time that should signature or the uniqueness in space, thereby guarantee the reliability of signing.
Description of drawings
Fig. 1 be electric endorsement method of the present invention based on the network structure block diagram of an embodiment of system;
Fig. 2 is based on the process flow diagram of an embodiment of the course of work of network structure shown in Figure 1;
Fig. 3 is the process flow diagram of an embodiment of the concrete registration process of step 20 among Fig. 2;
Fig. 4 is the process flow diagram of an embodiment of the concrete electronic signature process of step 21 among Fig. 2;
Fig. 5 is the synoptic diagram that target signature page or leaf adds frame;
Fig. 6 is the synoptic diagram of the signature page or leaf behind the interpolation signing messages;
Fig. 7 is the process flow diagram of another embodiment of the concrete electronic signature process of step 21 among Fig. 2;
Fig. 8 is the process flow diagram of an embodiment of the concrete proof procedure of step 22 among Fig. 2;
Fig. 9 is the process flow diagram of another embodiment of the concrete proof procedure of step 22 among Fig. 2;
Figure 10 is the process flow diagram of another embodiment of the concrete proof procedure of step 22 among Fig. 2;
Figure 11 is the process flow diagram of another embodiment of the concrete electronic signature process of step 21 among Fig. 2.
Embodiment
Whole process below in conjunction with the elaboration electric endorsement method of the present invention of accompanying drawing system.
With reference to figure 1, illustrate electric endorsement method of the present invention based on the network structure block diagram of an embodiment of system.As shown in the figure, system described in the present embodiment adopts SOA (Service Oriented Architecture, the Service-Oriented Architecture Based) network architecture to realize that it specifically comprises:
Wherein, server 11 is at first collected the subscriber data of client 10 by registration process 13 and is stored in the database 12, described subscriber data comprises authentication information and user's register information, this user's register information comprises client login user name, land password, described authentication information comprises the information of can be unique determining this registered user, for example this user is to unique answer of certain problem, ID (identity number) card No., information such as impression of the hand or other biological specimen, the contact details that also comprise the user, telephone number for example, phone number, e-mail addresses etc. perhaps also comprise authentication password that another is used etc. when authentication.Wherein, can adopt Ethernet to be connected communication between described server 10 and the client 11, Internet etc. for example, or adopt communication communication, GPRS (Gerneral Packer Radio Service, GPRS (General Packet Radio Service)) data transfer mode etc. for example.
With reference to figure 2, illustrate process flow diagram based on an embodiment of the course of work of network structure shown in Figure 1.As shown in the figure, may further comprise the steps:
With reference to figure 3, illustrate the process flow diagram of an embodiment of the concrete registration process of step 20 among Fig. 2.Adopt the WEB enrollment page of client user's logon server to register the mode of operation in the present embodiment.As shown in the figure, may further comprise the steps:
Step 201, the client user sends register requirement; Be that the client user initiates register requirement to the system manager of server end, the request mode not only can adopt the main frame of form to described system manager place of the list of WEB to send request, also can adopt the artificial mode of passing through Email etc.;
Step 202, server-side system keeper accepts described request and notifies described client user to send personal information; Described personal information comprises subscriber authentication information and user's register information, this user's register information comprises user name, the corresponding landing password that is used for client and lands, described authentication information comprises the information of can be unique determining this registered user, ID (identity number) card No., impression of the hand or other biological specimen information such as (for example fragment of sound) for example, the contact details that also comprise the user, for example telephone number, phone number, e-mail address etc. perhaps also comprise authentication password that another is used etc. when authentication.
Step 203, the client user receives after the notice of uploading personal information that described system manager sends that just the demand according to described personal information sends personal information to the system manager;
Step 204 after the system manager receives described personal information, judges that described personal information has or not illegal material; For example, whether ID (identity number) card No., phone number, e-mail address be up to specification, whether have and conflict with registered user's personal information, whether clear clear the meeting the requirements of biological specimen such as impression of the hand, fragment of sound data, and judge this user whether be this system towards the user, for example concerning an enterprise, judge that then whether this user is the employee of enterprise, judges perhaps whether this user's authority meets the requirements or the like; If legal then execution in step 205, otherwise execution in step 207;
Step 205 is for this client user creates user name, initially lands password and send it to the client user.Here for the reason of safety, can adopt the mode of Email, perhaps the mode of SMS is sent to the user, perhaps still adopts the WEB mode to send;
Step 206, to the corresponding field of the database of server end, execution in step 208 then with the user name created in described client user's personal information and the step 205 and password storage.
Step 207 finishes registration process and reports an error to the client user.Promptly finish this registration, and the reason of will makeing mistakes is sent to the user; The mode that reports an error when wrong appears in the registration process that this point is similar to e-mail accounts;
Step 208, this registration process of this client user finishes.
The foregoing description has just adopted the mode of WEB registration, can also adopt the mode of Email registration here, and perhaps the mode of registering by the register interface of client etc. the invention is not restricted to this.
With reference to figure 4, illustrate the process flow diagram of an embodiment of the concrete electronic signature process of step 21 among Fig. 2.Before setting forth present embodiment, at first describe the implication of two kinds of electronic signatures: the true picture frame is signed, and is meant that signature page or leaf and signing messages and corresponding frame are stored as a picture; The virtual graph frame is signed, and is meant that signature page or leaf and signing messages are separated storage, does not synthesize a picture and stores, and Zui Da benefit is to save storage space like this.
In the present embodiment treating that signature file is a text formatting, and with it part or all to be converted to picture format be that example describes as target signature page or leaf, this signature mode is actually a kind of situation that the true picture frame is signed.As shown in the figure, may further comprise the steps:
Step 210 obtains to treat signature file.The described signature file for the treatment of is meant the document that need carry out signature operation, for example official document, examination and approval document or the like, and obtaining these methods for the treatment of signature file can be by the relevant file of network download, perhaps signer input characters or iconography or the like voluntarily.
Step 211 generates target signature page or leaf.Because treating signature file is text formatting, therefore the described signature file for the treatment of is shown on screen, and utilize the screenshotss instrument that the signature file for the treatment of of described text formatting is converted to picture format as target signature page or leaf, if the signature file for the treatment of of described text formatting can't show by a screen on screen fully, can be by repeatedly screenshotss and the mode that the picture behind the screenshotss is synthetic generate a complete target signature page or leaf, if perhaps other picture files of having stored can be opened this document and itself and the picture that is intercepted are synthesized target signature page or leaf in addition, perhaps also can only choose the described part of signature file for the treatment of and be converted to picture format as target signature page or leaf, remainder and described target signature page or leaf merge as the target signature file; Wherein, the technology that a plurality of pictures is synthesized a picture can be synthesized (the synthetics that client-side program provides 2D to sign the page or leaf image by simple 2D Flame Image Process instrument, the user also can select for example photoshop of third-party instrument for use, firework or the like), by (for example calling the 2D graph function, drawImage function in the Java 2D image function storehouse) realizes, owing to be that known technology is not described in detail at this.
Step 212 obtains signing messages.Its detailed process is that at first the user of client sends request by inputing user name, password to server, the described signing messages of request download; Then, whether server receives described request and checks described username and password and mate, if coupling then reaches the client user with under the signing messages; Described username and password is by being distributed in the above-mentioned registration process, described signing messages comprises the (territory that described client was positioned at for example, position at address name, signature time, signature operation place, perhaps the IP address of place main frame, MAC (media access control, the medium Access Control) address, processor ID etc.), the information such as URL (Uniform Resource Location, URL(uniform resource locator)) address of server; Wherein, the position at described signature operation place is at first obtained on local host by the client at user place, then this positional information is uploaded onto the server, and by server the true and false of described positional information is verified, certainly, can not verify here yet.
Step 213 is for target signature page or leaf adds frame.Described frame is the rectangle frame of the annular around described target signature page or leaf, be divided into upper side frame, lower frame, left frame, left frame again according to its different position at described target signature page or leaf, the area maximum of wherein said lower frame, concrete situation can be with reference to figure 5, and frame of broken lines is described frame among the figure; Certainly, this only is an embodiment, in what and the following step 214 of the signing messages that the size of described each frame depends in the step 212 to be obtained which frame described signing messages is added in and decides.Wherein, the adding method of described frame can with reference to following described (hypothetical target signature page or leaf width be X, length is Y):
At first, use 2D image function instrument to generate a blank image, its width is 2 times of the X width that adds left and right side frame, and its length is that Y adds the width of upper side frame and the width of lower frame; The width of described left and right side frame, the width of upper and lower side frame can be set as required;
Secondly, use 2D image function instrument described target signature page or leaf to be copied on the described blank image by the position of design; Here can realize that described position by design is meant the width of defined upper and lower, left and right frame in the previous step in the mode of difference figure layer;
At last, generate new target signature page or leaf; That is, can realize by the mode of Flatten Image.
Step 214 is added into described frame with described signing messages and generates the signature page or leaf.Client utilizes 2D image function instrument (for example, the drawstring function in the Java 2D image function storehouse etc.) that the form of described signing messages with picture write in the described frame, specifically can be added in the lower frame, and situation can be with reference to shown in Figure 6 in detail.In addition, the user can select whether to add remark information etc. according to individual demand.After this step was finished, the content on described target signature page or leaf and frame and the frame was promptly together as the signature page or leaf.
Step 215 judges that the described signature file for the treatment of has or not annex, if then execution in step 216 is arranged, otherwise execution in step 220.
Step 216 generates the target signature file.When the signature file for the treatment of of text formatting described in the step 211 all is converted to picture format as target signature page or leaf, and when finally being converted to the signature page or leaf, then with file of described signature page or leaf and described annex merging as the target signature file; When the signature file for the treatment of of text formatting described in the step 211 partly is converted to picture format as target signature page or leaf, and finally be converted to when signing page or leaf, then described signature page or leaf, remaining described signature file and the described annex treated are merged as the target signature file.Wherein, the process of merging into a file can adopt following method: client-side program uses the ZIP Library (ZIP storehouse) in ZIP (a kind of compressed format commonly used) instrument or its higher level lanquage bag that carries (for example Java language bag) that described signature page or leaf is merged into single ZIP document files as the target signature file with described annex, or described annex is continued to be added in the ZIP document of original target signature file.
Step 217 generates digital digest or uses PKI (Public Key Infrastructure, Public Key Infrastructure) technology to generate digital signature.The process of described generation digital digest is that object utilizes One-Way Encryption hash algorithm (hash algorithm) to generate one section code for the binary code with described target signature file, and described One-Way Encryption hash algorithm (hash algorithm) can adopt MD5 algorithm, SHA-1 algorithm etc.If use the PKI digital signature, then described digital signature module is integrated in the client for calling, at this moment, the signature user will manually import private key, or in advance private key is kept at (on USB flash disk) on the local main frame, read by client, perhaps also can call the external digital signature blocks and operate.Because the PKI digital signature technology is quite ripe prior art, no longer further sets forth at this.
Need to prove, owing to comprised signing messages in the described target signature file, and comprise signature time, the positional information at signature operation place, address name in this signing messages, and described signature temporal information obtains from server, and the positional information at described signature operation place obtains and also obtained from server by server authentication, described address name from signature operation place main frame.Therefore the target signature file that will comprise above-mentioned signing messages again carries out PKI (Public Key Infrastructure, Public Key Infrastructure) digital signature, perhaps directly generate digital digest, can guarantee that just the result of PKI digital signature and the digital digest that directly generates have temporal uniqueness based on the described signature time, have based on the uniqueness on the space of described signature operation position; And, can guarantee described user's (being the signer) signer's uniqueness by the authentication process itself of step 22, prevent from that other people from replacing signature or forcing the signer run counter to its real will to sign.The detailed process of step 22 can be with reference to follow-up description.Even described time uniqueness is meant that it also is different that same user carries out twice its result of signature in same place to identical file, because the asynchronism(-nization) of twice signature; Described space uniqueness is meant that same user also is different in different places to identical file its result that signs at one time; Even described signer's uniqueness be meant different users to identical file in same place, the same time signs consequently different, signer's uniqueness was should be not doubt originally, but because identity is stolen and look for the problem of people's allograph, whether the signer of signature file is exactly that the signer who is claimed has just existed query actually, therefore just can guarantee signer's uniqueness by the authentication process itself of step 22.
Step 219 is uploaded to the database storing of server end and turns to step 223 to carry out.Be about to store in the database that described file logging is uploaded to server end.
Step 220 generates digital digest or uses PKI (Public Key Infrastructure, Public Key Infrastructure) technology to generate digital signature.The process of described generation digital digest is that object utilizes One-Way Encryption hash algorithm (hash algorithm) to generate one section code for the binary code with described signature page or leaf, and described One-Way Encryption hash algorithm (hash algorithm) can adopt MD5 algorithm or SHA-1 algorithm or the like.If use the PKI digital signature, then described digital signature module is integrated in the client for calling, at this moment, the signature user will manually import private key, or in advance private key is kept at (on USB flash disk) on the local main frame, read by client, perhaps also can call the external digital signature blocks and operate.Because the PKI digital signature technology is quite ripe prior art, no longer further sets forth at this.
Need to prove, owing to comprised signing messages in the described signature page or leaf, and comprise signature time, the positional information at signature operation place, address name in this signing messages, and described signature temporal information obtains from server, and the positional information at described signature operation place obtains and also obtained from server by server authentication, described address name from signature operation place main frame.Therefore the signature page or leaf that will comprise above-mentioned signing messages again carries out the PKI digital signature, perhaps directly generate digital digest, can guarantee that just the result of PKI digital signature and the digital digest that directly generates have temporal uniqueness based on the described signature time, have based on the uniqueness on the space of described signature operation position; And, can guarantee described user's (being the signer) signer's uniqueness by the authentication process itself of step 22, prevent from that other people from replacing signature or forcing the signer run counter to its real will to sign.The detailed process of step 22 can be with reference to follow-up description.Even described time uniqueness is meant that it also is different that same user carries out twice its result of signature in same place to identical file, because the asynchronism(-nization) of twice signature; Described space uniqueness is meant that same user also is different in different places to identical file its result that signs at one time; Even described signer's uniqueness be meant different users to identical file in same place, the same time signs consequently different, signer's uniqueness was should be not doubt originally, but because identity is stolen and look for the problem of people's allograph, whether the signer of signature file is exactly that the signer who is claimed has just existed query actually, therefore just can guarantee signer's uniqueness by the authentication process itself of step 22.
Step 222 is uploaded to the database storing of server end and turns to step 223 to carry out.Be about to store in the database that described file logging is uploaded to server end.
Step 223 finishes the flow process of this electronic signature.
With reference to figure 7, illustrate the process flow diagram of another embodiment of the concrete electronic signature process of step 21 among Fig. 2.In the present embodiment to treat that signature file can be audio frequency, video or multimedia form, or text or picture format etc., it chooses picture or input characters arbitrarily by the user, perhaps chooses the business card masterplate as target signature page or leaf, and this signature mode is a kind of for true picture frame label also.As shown in the figure, may further comprise the steps:
Step 2100 obtains to treat signature file.The described signature file for the treatment of is meant the document that need carry out signature operation, for example a section audio data or video data or the like, obtaining these methods for the treatment of signature file can be by the relevant file of network download, perhaps signer inputting audio or video information or the like voluntarily.
Step 2101 is judged to have or not the business card masterplate, if then execution in step 2102 is arranged, otherwise execution in step 2103.Wherein, described business card masterplate is cut-and-dried and this user-dependent information of user, and it can be picture format or text formatting etc.
Step 2102 is called described business card masterplate, and execution in step 2104 then.Being about to described user's preprepared business card masterplate and accessing, can be that it is presented on the screen.
Step 2103, the user chooses arbitrarily picture or literal as masterplate.Described literal can directly be imported in the documents editing window by the user, and is presented on the screen.
Step 2104 generates target signature page or leaf.No matter be the business card masterplate described in the step 2102, or picture arbitrarily or literal that the user described in the step 2103 chooses, if not picture format all can be converted to picture format (but how it specifically realizes relevant information in the refer step 211) through sectional drawing, and as target signature page or leaf, if picture format is then directly as target signature page or leaf; Perhaps, any image that can directly the user be chosen or literal are not converted to picture format yet, directly as target signature page or leaf.Whether the difference of the two maximum is, if be converted to picture format, then may take bigger storage space, for changing and can be determined by the signature user.
Step 2105 is signed page or leaf as the target signature file with described signature file and the described target treated.That is, the described signature file for the treatment of is attached to described target signature page or leaf with the form of annex, this step can be by treating that with described signature file is packaged as the ZIP compressed file and realizes with target signature page or leaf.
Step 2106 obtains signing messages.The associated description of the specific implementation of this step in can refer step 212.
Step 2107 is for described target signature page or leaf adds frame.The associated description of the specific implementation of this step in can refer step 213.
Step 2108 is added into described signing messages described frame and generates the signature page or leaf.The associated description of the specific implementation of this step in can refer step 214.
Step 2109 judges that the described signature file for the treatment of has or not annex, if then execution in step 2110 is arranged, otherwise execution in step 2114.
Step 2110 generates the target signature file.Be about in the former target signature file signature page or leaf, treat signature file, and described annex merges into new target signature file, the associated description of the specific implementation of this step in can refer step 216.
Step 2111 generates digital digest or uses PKI (Public Key Infrastructure, Public Key Infrastructure) technology to generate digital signature.The associated description of the specific implementation of this step in can refer step 217.
Step 2112, the spanned file record.Equally, the associated description of the specific implementation of this step in can refer step 218.
Step 2113 is uploaded to the database storing of server end and turns to step 2117 to carry out.Be about to store in the database that described file logging is uploaded to server end.
Step 2114 generates digital digest or uses PKI (Public Key Infrastructure, Public Key Infrastructure) technology to generate digital signature.The associated description of the detailed process of this step in can refer step 220.
Step 2115, the spanned file record.Detailed process of this step and the associated description that realizes in can refer step 218.
Step 2116 is uploaded to the database storing of server end.The associated description of the detailed process of this step in can refer step 222.
Step 2117 finishes the flow process of this electronic signature.
With reference to Figure 11, illustrate the process flow diagram of another embodiment of the concrete electronic signature process of step 21 among Fig. 2.In the present embodiment, the described signature file for the treatment of can be the file of any form.The actual a kind of situation for virtual graph frame label of present embodiment as shown in the figure, may further comprise the steps:
Step 2300 obtains to treat signature file; The described signature file for the treatment of is meant the document that need carry out signature operation, for example official document, examination and approval document, audio/video conference write down or the like, obtaining these methods for the treatment of signature file can be by the relevant file of network download, perhaps signer input characters or iconography or the like voluntarily.
Step 2303, the user chooses arbitrarily picture or literal as masterplate.Described literal can directly be imported in the documents editing window by the user, and is presented on the screen, for example in the window of described client.
Present embodiment is with the different of maximum embodiment illustrated in fig. 4, among the embodiment shown in Figure 4 with the frame that generates and the signing messages on this frame all as the part of described signature page or leaf, that is to say that described signature page or leaf is an image file that comprises target signature page or leaf, frame and signing messages, its storage also is to store as picture format; And in the present embodiment, only be as the signature page or leaf in the step 214 and be shown on the screen according to one of described signature page or leaf and the interim generation of signing messages, and described signing messages is not made as a whole image file with described signature page or leaf and stored, but separate storage.Do like this and can save storage space, because the signature page or leaf of picture format will take bigger storage space.
Need to prove, owing to comprised signing messages in the described target signature file, and comprise signature time, the positional information at signature operation place, address name in this signing messages, and described signature temporal information obtains from server, and the positional information at described signature operation place obtains and also obtained from server by server authentication, described address name from signature operation place main frame.Therefore the target signature file that will comprise above-mentioned signing messages again carries out the PKI digital signature, perhaps directly generate digital digest, can guarantee that just the result of PKI digital signature and the digital digest that directly generates have temporal uniqueness based on the described signature time, have based on the uniqueness on the space of described signature operation position; And, can guarantee described user's (being the signer) signer's uniqueness by the authentication process itself of step 22, prevent from that other people from replacing signature or forcing the signer run counter to its real will to sign.The detailed process of step 22 can be with reference to follow-up description.Even described time uniqueness is meant that it also is different that same user carries out twice its result of signature in same place to identical file, because the asynchronism(-nization) of twice signature; Described space uniqueness is meant that same user also is different in different places to identical file its result that signs at one time; Even described signer's uniqueness be meant different users to identical file in same place, the same time signs consequently different, signer's uniqueness was should be not doubt originally, but because identity is stolen and look for the problem of people's allograph, whether the signer of signature file is exactly that the signer who is claimed has just existed query actually, therefore just can guarantee signer's uniqueness by the authentication process itself of step 22.
Among another embodiment of the concrete electronic signature process of step 21, the described signature file for the treatment of is the file that has passed through signature in Fig. 2, and promptly this embodiment is specially a kind of method of signature again.To briefly set forth this method below:
The first step, the user that sign again submits the request of inquiry file record to server.The purpose of this step is, the file logging that makes this user find him to sign once more;
Second step, server response described request, and at described user client display file record.Comprise signature page or leaf, annex, signature result (digital digest or PKI digital signature result), endorsement method (forming digital digest or PKI digital signature) in the described file logging, can also comprise signing messages or the like;
In the 3rd step, described user differentiates the problem of having judged whether to described file logging.Here, the first judges the authenticity of described electronic signature, and it two is that described user judges whether to agree signature this document; Whether the authenticity for electronic signature is judged, can obtain the result that signs by the endorsement method that this document is repeated in the described file logging, and compare consistent with signature result in the described file logging described signature result;
In the 4th step,, then it is signed electronically if described user is without demur to this document.The process of described electronic signature is comparatively simple with respect to the process of Fig. 4 and embodiment shown in Figure 7, because the signature of the target here page or leaf is promptly from the signature page or leaf in the described file logging, the object of signature also comprises annex in the described file logging (the original signature file of partly or entirely treating, and this treats the annex of signature file etc.).Therefore, its detailed process can be with reference to the later process of step 212 among the figure 4, or the later process of step 2106 among Fig. 7, for fear of repetition, be not further elaborated for detailed process, here only describe: in the present embodiment with regard to its place that should be noted that, this user who signs once more also needs after electronic signature information addings such as described signature result, endorsement methods to described file logging, sign for the virtual graph frame, also need this user's who signs once more signing messages is appended in the described file logging.Independent file logging can also be created for the user that signs once more by system, and this document record only need be preserved signing messages again and comprise the file logging identification number of original signature file.
Need to prove that described signing messages posting field is not limited to described frame, can also be a zone that only is positioned at signature page or leaf below, can be shape arbitrarily, and the present invention is not limited.
In addition, the operation of carrying out the synthetic or demonstration of image etc. in this embodiment is not limited to the 2D tool image, can also adopt more advanced 3D rendering instrument etc.
With reference to figure 8, illustrate the process flow diagram of an embodiment of the concrete proof procedure of step 22 among Fig. 2.As shown in the figure, may further comprise the steps:
Step 2210 sends the affirmation request according to reservation mode.Be after server end receives described signature file, just send the request of confirming signature to the signature user of described signature according to the mode of reserving.Wherein, the mode of described reservation is by being provided by user or system manager in the described registration process 20, and it comprises a kind of in the following manner at least: Email, landline telephone, mobile phone, internet instant communication instrument, manual type; Described E-mail mode is meant by server end and sends the affirmation request to user's left e-mail address in registration process 20, described landline telephone mode is meant by server end confirms request to user's left landline telephone tone information in registration process 20, described mobile phone mode is meant by server end and sends the affirmation request of short message form or the affirmation request of tone information formula to user's left Mobile Directory Number in registration process 20, described internet instant communication instrument mode is meant by server end to user left internet instant communication instrument (OICQ for example in registration process 20, ICQ, MSN or the like) ID sends the affirmation request message, described manual type is meant by another user (user with identity validation authority in the system, notary public of system manager or engagement etc. for example) left possible communication mode in registration process 20, the mode of for example making a phone call is manually passed on described affirmation request.
In addition, the content in the described affirmation request comprises a kind of in the following information at least: signature time, signature place, signature file title, signature file summary, described signature file uniqueness sign etc.
Judge that described signature is the signature of own true wish if described user is final, then execution in step 2215, otherwise execution in step 2213.
With reference to figure 9, illustrate the process flow diagram of another embodiment of the concrete proof procedure of step 22 among Fig. 2.As shown in the figure, may further comprise the steps:
This process can also be the process of an interaction, automatically confirm signer's identity with signer's interaction by system, for example in confirming request, signer user is required that login system carries out authentication, behind the User login, system can point out the user to input the identity validation password so that identity verification; Perhaps the system prompt user reads passage, and system recording is gathered this stored in sample sound and database user's sample and compared and confirm identity.
Step 2224, server end judge whether described authorization information is correct, if correct, then execution in step 2226, otherwise execution in step 2225.Whether an identifying code that needs checking and registration process to reserve is consistent for described identifying code mode, correct if unanimity is then thought, otherwise otherwise.For described mode of answering a question, only need to judge that answer that the user provides is whether consistent with left answer in the registration process, correct if unanimity is then thought, otherwise otherwise.
With reference to Figure 10, illustrate the process flow diagram of another embodiment of the concrete proof procedure of step 22 among Fig. 2.As shown in the figure, may further comprise the steps:
The take over party is manually in this embodiment, but can also be computing machine or the like.
In a word, different identity validation modes solves the different problems in the electronic signature, and this also is that user and system manager will consider when the identity validation mode is set.If the identity validation mode is implicit expression Email and way of short messages, this can solve the stolen problem of identity; If the identity validation mode is the mode of explicit interaction, not only can solve the stolen problem of identity, and can determine whether the signer is voluntary or is not to sign under conscious mind ground situation, this be because of:
● signer user is if coerced down but not signature and identity validation that aspiration ground carries out, and this user can deliberately answer wrong interactive problem or identification cipher, and system can warn to relevant system manager, and the system manager will take corresponding measure.
● signer user is if in non-conscious mind ground situation, and this user can not answer questions the problem in the interaction
● signer user participates in identity validation and answers questions interactive problem, particularly parcel used the interaction of this control methods of sound can get rid of by other people allograph may, this user's identity just can be confirmed so, system looks signature and is recorded as effectively, and this electronic signature meets all legal requiremnts of traditional signatures.It except that have can not distorting property, also have non repudiation.
Above disclosed is a kind of preferred embodiment of the present invention only, can not limit the present invention's interest field certainly with this, and therefore the equivalent variations of doing according to claim of the present invention still belongs to the scope that the present invention is contained.
Claims (10)
1, a kind of electric endorsement method comprises:
Signature file is treated in a, acquisition;
B, acquisition comprise the signing messages of signature time or signature operation position;
C, generate digital digest according to described signature file and the described signing messages treated; Perhaps, produce the signature result according to described signature file and the described signing messages treated.
2, the method for claim 1 is characterized in that, also comprises between step a and the step b:
A1, generate target signature page or leaf according to the described signature file for the treatment of;
Also comprise between step b and the step c:
B1, in described target signature page or leaf, add the signing messages posting field;
B2, described signing messages is added into described signing messages posting field generates the signature page or leaf;
And step c is specially at least according to described signature page or leaf and utilizes hash algorithm to generate described digital digest; Perhaps, at least described signature page or leaf is carried out the PKI digital signature and produce the signature result.
3, method as claimed in claim 2 is characterized in that,
Described step a1 is specially:
The signature user uses picture or literal as target signature page or leaf;
And described step c is specially according to described and treats signature file and described signature page or leaf and utilize hash algorithm to generate described digital digest; Perhaps, treat that to described signature file and described signature page or leaf carry out the PKI digital signature and produce the signature result.
4, method as claimed in claim 2 is characterized in that,
Described step a1 is specially:
Judge the described form for the treatment of signature file,
If text formatting then is converted to the target signature page or leaf of picture format to the described signature file part for the treatment of of major general; And, described step c is specially according to the described remainder of signature file and the described signature page or leaf treated and utilizes hash algorithm to generate described digital digest, perhaps, the described remainder of signature file and the described signature page or leaf treated carried out PKI digital signature generation signature result;
If picture format, then to major general's one part directly as target signature page or leaf; And, described step c is specially according to described and treats the remainder and the described signature page or leaf of signature file and utilize hash algorithm to generate described digital digest, perhaps, the described remainder of signature file and the described signature page or leaf treated carried out PKI digital signature generation signature result;
If extended formatting except that text formatting and picture format, then the user uses picture or literal as target signature page or leaf; And described step c is specially according to described and treats signature file and described signature page or leaf and utilize hash algorithm to generate described digital digest, perhaps, treats that to described signature file and described signature page or leaf carry out the PKI digital signature and produce the signature result.
5, as claim 2 or 3 or 4 described methods, it is characterized in that, also comprise between described step b2 and the step c:
C0, judge whether the described signature file for the treatment of also comprises annex, if comprise, the content that generates described digital digest institute basis among the then described step c also comprises described annex, and the object that perhaps carries out the PKI digital signature also comprises described annex.
As claim 2 or 3 or 4 described methods, it is characterized in that 6, the signing messages posting field among the described step b1 is the frame around the described target signature page or leaf.
7, as claim 2 or 3 or 4 described methods, it is characterized in that described step b2 is specially:
Described signing messages is write in the described signing messages posting field, and the target signature page or leaf that writes this moment behind the described signing messages becomes the signature page or leaf.
8, the method for claim 1 is characterized in that, comprises also that between described step a and step b the signature user uses picture or the literal step as the signature page or leaf;
And, described step c is specially according to described and treats signature file, described signature page or leaf and described signing messages and utilize hash algorithm to generate digital digest, perhaps treats that to described signature file, described signature page or leaf and described signing messages carry out the PKI digital signature and produce the signature result.
9, method as claimed in claim 8 is characterized in that, also comprises between described step b and the step c:
C0, judge whether the described signature file for the treatment of also comprises annex, if comprise, the content that generates described digital digest institute basis among the then described step c also comprises described annex, and the object that perhaps carries out the PKI digital signature among the step c also comprises described annex.
10, as arbitrary described method in the claim 1,2,3,4,8,9, it is characterized in that, in the described signing messages except that described signature operation position from signature operation place main frame obtains, remaining information obtains from server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007100168619A CN101089880A (en) | 2007-07-13 | 2007-07-13 | Electronic signature method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007100168619A CN101089880A (en) | 2007-07-13 | 2007-07-13 | Electronic signature method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101089880A true CN101089880A (en) | 2007-12-19 |
Family
ID=38943232
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007100168619A Pending CN101089880A (en) | 2007-07-13 | 2007-07-13 | Electronic signature method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101089880A (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101751612A (en) * | 2008-12-18 | 2010-06-23 | 鸿富锦精密工业(深圳)有限公司 | System for approving electronic contract and method therefor |
CN101964710A (en) * | 2010-09-26 | 2011-02-02 | 用友软件股份有限公司 | Digital signature and signature authenticating method |
CN102867039A (en) * | 2012-08-31 | 2013-01-09 | 北京奇虎科技有限公司 | Adding and reading method and device of multimedia annotations |
CN104539434A (en) * | 2015-01-23 | 2015-04-22 | 济南同智伟业软件股份有限公司 | Electronic seal system and electronic seal method based on time stamp and GPS location |
CN105122251A (en) * | 2013-02-04 | 2015-12-02 | Hsc收购有限责任公司 | System and method for certifying attendance at a promotional event |
CN105281913A (en) * | 2015-09-17 | 2016-01-27 | 杭州猿人数据科技有限公司 | Electronic evidence processing method and system for electronic signature and dynamic code service systems |
CN105354733A (en) * | 2015-10-21 | 2016-02-24 | 百度在线网络技术(北京)有限公司 | Acknowledgement authentication method and apparatus |
CN105577768A (en) * | 2015-12-17 | 2016-05-11 | 山东尚德软件股份有限公司 | Service examination and approval electronic realization method |
CN106611311A (en) * | 2015-10-23 | 2017-05-03 | 镇江金软计算机科技有限责任公司 | Network payment implementation method |
CN106650504A (en) * | 2016-12-28 | 2017-05-10 | 中国科学院计算技术研究所 | Abstract extraction method and detection method aiming at Web webpage data |
CN106992863A (en) * | 2016-10-18 | 2017-07-28 | 北京中认环宇信息安全技术有限公司 | Electric endorsement method and device |
CN107704164A (en) * | 2017-08-09 | 2018-02-16 | 厦门天锐科技股份有限公司 | A kind of terminal identifier generation system and method based on screenshotss |
CN108052842A (en) * | 2017-12-12 | 2018-05-18 | 万兴科技股份有限公司 | Storage, verification method and the device of signed data |
CN108155995A (en) * | 2016-12-02 | 2018-06-12 | 中国移动通信有限公司研究院 | A kind of authentication method and system, mobile terminal, certificate server |
CN108370318A (en) * | 2015-12-21 | 2018-08-03 | 万事达卡国际股份有限公司 | Method and system for the block chain modification for using digital signature |
CN108932413A (en) * | 2017-05-22 | 2018-12-04 | 腾讯科技(北京)有限公司 | A kind of digital signature generation method, device and storage medium |
CN110349010A (en) * | 2019-07-11 | 2019-10-18 | 中国工商银行股份有限公司 | Business voucher generation method, device, electronic equipment and medium |
CN112686648A (en) * | 2021-01-31 | 2021-04-20 | 重庆渝高科技产业(集团)股份有限公司 | Electronic signature management method and system for auditing signature files |
-
2007
- 2007-07-13 CN CNA2007100168619A patent/CN101089880A/en active Pending
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101751612A (en) * | 2008-12-18 | 2010-06-23 | 鸿富锦精密工业(深圳)有限公司 | System for approving electronic contract and method therefor |
CN101964710A (en) * | 2010-09-26 | 2011-02-02 | 用友软件股份有限公司 | Digital signature and signature authenticating method |
CN101964710B (en) * | 2010-09-26 | 2012-10-10 | 用友软件股份有限公司 | Digital signature and signature authenticating method |
CN102867039A (en) * | 2012-08-31 | 2013-01-09 | 北京奇虎科技有限公司 | Adding and reading method and device of multimedia annotations |
CN102867039B (en) * | 2012-08-31 | 2015-04-01 | 北京奇虎科技有限公司 | Adding and reading method and device of multimedia annotations |
CN105122251A (en) * | 2013-02-04 | 2015-12-02 | Hsc收购有限责任公司 | System and method for certifying attendance at a promotional event |
CN104539434A (en) * | 2015-01-23 | 2015-04-22 | 济南同智伟业软件股份有限公司 | Electronic seal system and electronic seal method based on time stamp and GPS location |
CN105281913B (en) * | 2015-09-17 | 2019-01-15 | 杭州猿人数据科技有限公司 | Electronic evidence processing method, system and dynamic code service system for electronic signature |
CN105281913A (en) * | 2015-09-17 | 2016-01-27 | 杭州猿人数据科技有限公司 | Electronic evidence processing method and system for electronic signature and dynamic code service systems |
CN105354733A (en) * | 2015-10-21 | 2016-02-24 | 百度在线网络技术(北京)有限公司 | Acknowledgement authentication method and apparatus |
CN106611311A (en) * | 2015-10-23 | 2017-05-03 | 镇江金软计算机科技有限责任公司 | Network payment implementation method |
CN105577768A (en) * | 2015-12-17 | 2016-05-11 | 山东尚德软件股份有限公司 | Service examination and approval electronic realization method |
CN108370318A (en) * | 2015-12-21 | 2018-08-03 | 万事达卡国际股份有限公司 | Method and system for the block chain modification for using digital signature |
CN106992863A (en) * | 2016-10-18 | 2017-07-28 | 北京中认环宇信息安全技术有限公司 | Electric endorsement method and device |
CN108155995A (en) * | 2016-12-02 | 2018-06-12 | 中国移动通信有限公司研究院 | A kind of authentication method and system, mobile terminal, certificate server |
CN106650504A (en) * | 2016-12-28 | 2017-05-10 | 中国科学院计算技术研究所 | Abstract extraction method and detection method aiming at Web webpage data |
CN106650504B (en) * | 2016-12-28 | 2019-04-02 | 中国科学院计算技术研究所 | A kind of abstract extraction method and detection method for Web page face data |
CN108932413A (en) * | 2017-05-22 | 2018-12-04 | 腾讯科技(北京)有限公司 | A kind of digital signature generation method, device and storage medium |
CN108932413B (en) * | 2017-05-22 | 2021-04-30 | 腾讯科技(北京)有限公司 | Digital signature generation method and device and storage medium |
CN107704164A (en) * | 2017-08-09 | 2018-02-16 | 厦门天锐科技股份有限公司 | A kind of terminal identifier generation system and method based on screenshotss |
CN108052842A (en) * | 2017-12-12 | 2018-05-18 | 万兴科技股份有限公司 | Storage, verification method and the device of signed data |
CN108052842B (en) * | 2017-12-12 | 2021-09-03 | 万兴科技股份有限公司 | Signature data storage and verification method and device |
CN110349010A (en) * | 2019-07-11 | 2019-10-18 | 中国工商银行股份有限公司 | Business voucher generation method, device, electronic equipment and medium |
CN110349010B (en) * | 2019-07-11 | 2023-10-24 | 中国工商银行股份有限公司 | Service credential generation method, device, electronic equipment and medium |
CN112686648A (en) * | 2021-01-31 | 2021-04-20 | 重庆渝高科技产业(集团)股份有限公司 | Electronic signature management method and system for auditing signature files |
CN112686648B (en) * | 2021-01-31 | 2024-01-30 | 重庆渝高科技产业(集团)股份有限公司 | Electronic signature management method and system for auditing signature file |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101089880A (en) | Electronic signature method | |
US11743038B2 (en) | Methods and systems of providing verification of information using a centralized or distributed ledger | |
CN101090320A (en) | Indentify authorization method for dectronic signature | |
CN110098932B (en) | Electronic document signing method based on safe electronic notarization technology | |
US20200380810A1 (en) | Electronic voting system and control method | |
US20080209516A1 (en) | Signature and identity authentication and documentation using a third party witnessed authenticator via a video conference | |
CN112487778A (en) | Multi-user online signing system and method | |
CN108229188A (en) | It is a kind of to be signed documents with tagged keys and verification method | |
US20020038290A1 (en) | Digital notary system and method | |
CN106656505A (en) | Mobile terminal electronic signature system based on event certificate and mobile terminal electronic signature method thereof | |
CN105591744A (en) | Network real-name authentication method and system | |
CA2947086A1 (en) | System and method for secure voting | |
CN108234442A (en) | Obtain method, system and the readable storage medium storing program for executing of contract | |
CN113515756B (en) | High-credibility digital identity management method and system based on block chain | |
Helm | Distributed Internet voting architecture: A thin client approach to Internet voting | |
GB2391438A (en) | Electronic sealing for electronic transactions | |
US11496316B1 (en) | System and method for identity verification for online dating | |
KR102120418B1 (en) | Method for providing mutual certification of contents in social media service and, server, user device and application implementing the method | |
KR101897342B1 (en) | System and method of providing a security and anonymity service | |
KR101963577B1 (en) | Method and apparatus for processing inquiry and answer | |
CN113992380B (en) | Trusted employee certificate authentication method and system based on network mapping certificate | |
Lax et al. | A new approach for electronic signature | |
Spirakis et al. | Attribute based credentials towards refined public consultation results and effective egovernance | |
Kindt | D3. 14: Model implementation for a user controlled biometric authentication | |
CN113128245A (en) | Method for generating and managing enterprise chain code |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20071219 |