CN104320251B - A kind of offline seal information device, electronic signature management system and authentication method for using on-line authentication - Google Patents

Abstract

The invention discloses a kind of offline seal information device, electronic signature management system and authentication method for using on-line authentication, its seal information device includes：Clock circuit, touch display screen, electronic signature read write line, memory, data generation and management module, microprocessor, digital encryption and decryption authentication module, usb interface module, photo module and electric supply installation；Its electronic signature management system includes：The electronic signature that is made up of RFID label tag and trace, the electronic intelligence seal being made up of seal information device and traditional seal, client, service end etc..The present invention is compared by service end ca authentication, decryption digital signature, signature information for the signature information additional digital signature in electronic signature, and when verifying electronic signature, realizes signature information integrality and non repudiation certification；Ca authentication system is introduced physical seal informationization in use, realizing reliable authentication of the electronic signature on the basis of ca authentication by the present invention first.

Description

A kind of offline seal information device for using on-line authentication, electronic signature management system System and authentication method

Technical field

The present invention relates to seal information technology, digital ca authentication technology, internet information administrative skill, is specifically It is related to a kind of offline seal information device and electronic signature management system and authentication method for using on-line authentication.

Background technology

At present, the environment that seal uses is to store seal examination ＆ approval management data and seal system by seal information management system Make data and seal user data, establish seal and register system.Seal using be come by the trace of its each stamped signature it is true Its fixed validity, the certification for stamped signature trace is by the way that (reserved specimen seal is a physical print, is put on record in advance with reserved specimen seal Bank or other administrative departments are resided in, usual seal refers to a physical print, and electronic signature is then electronic information, record The related information of physical print, and is locked with physical print space correlation.) comparison realize.

Conventional technical scheme is to gather the trace picture of stamped signature each time, uploads the management that networks, and downloads certification.This print Problems be present in the authentication mode of mark picture：Artificial vision can only be relied on to compare, intellectuality can not be realized；The result of comparison is only There is approximate result.Stamped signature trace has no obvious characteristic, the more feature without uniqueness, and its authentication techniques and means can not meet reality Apply on border.

Application No. 2011103391075, it is entitled《Seal system and seal, signature paper》Patent in propose trace Information-based scheme, by combining RFID label tag in trace, label signature information is write, network storage information management is uploaded, carries For downloading the certification trace true and false, realize seal and use the informationization of process and administrative authentication pattern.Penetrating involved by the patent Frequency chip technology can ensure safe data transfer between chip and read-write equipment, using the teaching of the invention it is possible to provide each chip uniqueness The information of feature and electronization.This security information guarantee is limited only between electronic signature and seal information device.Although Add the network platform and provide popular certification identification as public medium, but the potential safety hazard of network transmission can not meet its certification Reliability and non-repudiation.On the other hand, seal needs often mobile use, changes environment, it is impossible to which guarantee has available at any time Network environment.

In view of various defects existing for prior art are, it is necessary to which one kind of seeking can use under off-line state and can provide safety The technology of certification, after applicant carries out many trials, the existing ca authentication technology based on PKI systems is found, can be to hand over Easy both sides provide the certification mode of the non-repudiation of online mode, but how to print this mode expansion to electronic intelligence Chapter technical field, the verification process since off the net is completed, finally complete the process of certification on the net

The content of the invention

In view of defects in the prior art, the invention aims to provide a kind of print of off-line using on-line authentication Chapter informationization device and electronic signature management system, the seal information device can combine a kind of new with traditional seal Electronic intelligence seal, can by RFID label tag with storing signature information on the electronic signature that traditional trace forms and its is corresponding Digital signature；The present invention combined by network C A authentication functions, based on PKI key code system with seal using process, from Under wire state, signature information and digital signature are together written in electronic signature by the seal information device, are read in certification The information is taken, it is decrypted through online ca authentication, it was demonstrated that the true complete and non-repudiation of signature information, and and then determination seal The legal identity of main body.

To achieve these goals, technical scheme：

A kind of offline seal information device for using on-line authentication, the seal information device are arranged at seal chapter body On, it is characterised in that：It includes

Electric supply installation, for providing power supply for device；

Clock circuit, for holding meanss internal independence continuous time supply, with ensure device carry out stamped signature operation when, Collect the accurate stamped signature time immediately；

Touch display screen, for real-time displaying device operation information, current signature information to be written and from electronic seal The signature information to be certified read in view of this, while be additionally operable to realize the operational control and handwriting input to electronic signature read write line The auxiliary operation of information；

Electronic signature read write line, corresponding write operation is carried out to electronic signature for the operational control according to touch display screen Or read operation；Every time with carrying out pre-operation before electronic signature read-write operation, by being mutually authenticated three times, the information after certification In exchange process, all data are encrypted to be intercepted to prevent stop signal；Read write line determines that electronic signature can use by pre-operation, and obtains Take its sequence code；

Memory, for storage device run driver and application program and seal electronics and information infrastructure data (including Seal title, species, examination ＆ approval seal numbering, enable date etc.), it is (including to be written or to be additionally operable to store seal ephemeral data The signature information of reading, to be uploaded or download information)；

Data generate and management module, and when device performs write operation, data i.e. stamped signature is write for generate electronic signature Information and digital signature, wherein signature information include seal title, species, examination ＆ approval seal numbering, stamped signature time, additional identification Deng wherein digital signature is above-mentioned signature information to be delivered into digital encryption and decryption authentication module by this module institute is encrypted Obtain, above-mentioned signature information and digital signature are delivered to electronic signature read write line by this subsequent module, perform write operation；Execution is write After operation, for forming the data to be uploaded for including recording write operation number, wherein data to be uploaded include RFID label tag order Code, signature information, digital signature etc., persist memory module storage；When device performs read operation, for by the stamped signature of reading Information is delivered to touch display screen progress data and shown, can be checked with imprinted graphics information, and wait to be uploaded；

Digital encryption and decryption authentication module, in device write operation, digital signature being done to signature information and delivers to data Generation and management module；Be additionally operable to connect client and during by Internet connection services end in device, there is provided digital certificate and Digital signature encryption and decryption operates, and realizes bidirectional digital certificate authentication；

And coordinate the microprocessor of above-mentioned modules for controlling.

The electric supply installation is button cell and lithium battery duplicate supply device.

Further, described device also includes USB communication interface modules, for coupling with computer client, the visitor Family end is that can be built in service end registration dedicated for connecting the middleware of seal information device by internet and service end Vertical connection, the information for the storage to be uploaded that device built-in storage is stored are uploaded to service end.

Described data generation and management module are additionally operable to when device performs and uploads data, according to write record number of operations And time sequencing uploads signature information data to be uploaded one by one, and stamped signature to be uploaded is checked at the end of each upload procedure Data upload quantity, if uploading quantity error occurs, prompt to upload mistake in touch display screen, to supply upload data.

Further, described device also includes photo module, for the feature image of real time shooting stamped signature part characteristic portion, Additional information as above-mentioned stamped signature data is stored in memory in the lump.In service end, the picture will be bound with signature information, when When service end provides the signature information service for checking credentials, while the result is replied, there is provided the picture downloading service；User can Verification is done using the picture being shown on touch display screen screen with original paper to realize and imprinted graphics information audit process, stamped signature The key feature of part includes：The title and the amount of money of invoice, the target of contract and the amount of money, the date of stamped signature and signature etc..It passes through Management with the feature image of signature information binding is supported, further safety assurance is provided for electronic signature.

Described memory includes ROM memory and RAM memory；The ROM memory is used for storage device operation and driven Dynamic program and application program and seal electronics and information infrastructure data (including seal title, species, examination ＆ approval seal numbering, enable day Phase etc.), RAM memory is used to deposit seal ephemeral data, including it is to be written or read signature information, it is to be uploaded or under Information carrying ceases.

Described digital encryption and decryption authentication module is built-in CPU card, and it includes the identity obtained when being examined with the seal i.e. Digital certificate, private key and authentication management sub-module corresponding to seal approval number；Described digital encryption and decryption authentication module is same When pre-install service end digital root certificate；The private key is used to be digitally signed processing to current signature information to be written； The authentication management sub-module is for processing and the encryption and decryption processing of being made an abstract before digital signature to signature information；Service end Digital root certificate is used for the digital certificate of certificate server.

The present invention seal information device signature information carrier to be dealt with, be RFID, by IC chip, Aluminium film antenna, insulating barrier composition, are wrapped in, outer layer glue adhesive label facial tissue, bottom glue is pasted with stamped signature thing by upper and lower two layers of glue； RFID label tag is sealed under traditional trace, forms electronic signature；Seal information device combines with traditional seal body, is referred to as Electronic intelligence seal, and electronic signature is exactly the information carrier after electronic intelligence seal implementation stamped signature.The core of every RFID label tag Piece possesses sequence number and can not uniquely changed, and there is separate cipher controlled each sector, is accessed in transmitting procedure EEPROM has transmission cryptographic key protection, and one-time write data lock immediately, it is impossible to change.

In the seal information device of the present invention photo module that is equipped with support service end electronic signature management system for The support of seal feature image collection；To increase the collection of key feature under lifting important events, gathered and signed using camera module The picture of privileged sites on chapter part, as stamped signature additional information, website storage is together uploaded to signature information.In service end, The picture will be bound with signature information, when service end provides the signature information service for checking credentials, while the result is replied, Picture download is provided；User checks using the picture being shown on screen with original paper.The key feature of stamped signature part includes： The title and the amount of money of invoice, the target of contract and the amount of money, the date of stamped signature and signature etc..Pass through the feature bound with signature information The management of picture is supported, further safety assurance is provided for electronic signature.

The present invention also provides a kind of new safe and reliable electronic signature management system, it is characterised in that：

The system includes some above-mentioned seal information devices, carries signature information and the electronic signature of digital signature, The client of networking is provided for above-mentioned seal information device, and by client-side management, digital certificate management, digital authenticating pipe The service end of the modules such as reason, electronic seal database, verification management composition.

The client of the electronic signature management system, it is a client-side program, is installed on belonging to seal information device The computer management workstation of unit, client's fulfillment service end registration formality can connect client via internet, there is provided USB Interface is connected with seal information device；Switching of the seal information device Jing Guo client can connect server of the system.

The client manager module of the server of the system, the registration of user can be received, manage simultaneously each visitor of secure connection Family end.

The digital certificate management module of the server of the system, user application procedure is handled in receiving, by seal approval code As distinguishing mark, generate and provide digital certificate and private key.

The digital authenticating management module of the server of the system, by managing the digital certificate of each seal information device, Safeguard the Revocation Lists of digital certificate, there is provided CA authentication service.All clients being connected with service end are offered to seal letter The digital certificate that breath makeup is put, realizes the bi-directional digital certification with service end.

The electronic seal database of the server of the system, storage RFID tag sequence code, signature information, stamped signature part feature The information such as picture；The unique sequence numbers code that the RFID tag sequence code is gone out when being and making using laser ablation procedure programming, each Signature information is all with this sequence code, as index when retrieving.

The electronic signature verification management module of the server of the system, it can make and dual recognize for electronic signature revene lookup Card；The electronic signature checking of service end, which is replied, includes two contents：The integrity result of signature information digital signature decryption, stamped signature The authenticity result that information compares with online former record information.

The server of the system also includes mobile phone proving program pushing module, and the module pushes away for providing mobile phone checking software Business is sent, responds mobile phone short message instructions, answering mobile phone checking software download address, and provide download service；With NFC function Mobile phone, download and install and enable proving program, the signature information of electronic signature can be read, be shown in Mobile phone screen, can be with trace Graphical information compares and applies for that service end provides authentication service.

The basic setup of the invention described above：Signature information is write to electronic signature by seal information device and numeral is signed Name, the connection established by client and service end on the basis of digital authenticating, realize that signature information uploads safely；Its is most important Purpose is exactly that the authentication service of electronic signature is provided by service end.

Corresponding, the present invention also provides a kind of electronics based on above-mentioned seal information device, client and service end Seal on-line authentication method：

Including：

I, start prepare：Above-mentioned seal information device is opened, and connects client, while passes through the numeral with service end Certificate two-way authentication, establish the connection with service end；If the digital certificate has been logged out, disconnecting；

II, collection information：Enter certification mode, at the same time certification with seal information device after service end successful connection Request is uploaded to service end；By the electronic signature read write line of device close to electronic signature to be certified, RFID label tag order is read Code, signature information and digital signature, signature information are shown in touch display screen；

III, upload information：Information to be uploaded is uploaded to service end by client；

IV, decrypted authentication：Service extracts seal approval code after terminating to certification request from the upload information of receiving, from Digital authenticating management module retrieves the seal digital certificate, extracts the client public key in the certificate, decrypts the numeral of the user Signature, implement the digest algorithm of acquiescence, informative abstract is obtained from the signature information of upload, and ratio is done with the informative abstract of decryption Right, if identical, full authentication passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, is extracted from the upload information of receiving RFID tag sequence code, the former record in searching database, the signature information of upload is compared with former record, if complete phase Together, then certification is compared to pass through；

VI, reply result：Two kinds of authentication results are returned to client by service end simultaneously, are shown in seal information device Touch display screen on.

The authentication method is not limited only to complete using seal information device, can also be completed using mobile phone, To realize that popular electronic signature identifies that it includes：

I, start prepare：Mobile phone is opened, establishes network connection, opens NFC function, starts mobile phone checking software；

II, collection information：By mobile phone NFC antenna position close to electronic signature to be certified, read RFID tag sequence code, Signature information and digital signature, signature information are shown on Mobile phone screen；

III, upload information：Start the upload function of mobile phone checking software, application checking information is uploaded to service end；

IV, full authentication：After service terminates to certification request, seal approval code is extracted from the upload information of receiving, The seal digital certificate is retrieved, extracts the client public key in the certificate, decrypts the digital signature of the user, implements plucking for acquiescence Algorithm is wanted, informative abstract is obtained from the signature information of upload, and is compared with the informative abstract of decryption, if identical, Full authentication passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, is extracted from the upload information of receiving RFID tag sequence code, the former record in searching database, the signature information that mobile phone uploads is compared with former record of service end, If identical, true certification passes through；

VI, reply result：Two kinds of authentication results are returned to mobile phone terminal by service end simultaneously, are shown on Mobile phone screen.

Above-mentioned authentication method realizes the electronic signature information gathering process for also including early stage；Its detailed process includes：

I, stamped signature prepare：Stamped signature position attaching rfid tag is being treated,

II, generation data：Operate seal information device touch display screen button, open write operation, data generation and Management module generation electronic signature writes data, i.e. signature information and digital signature, and the data are sent to electronic signature read write line,

III, stamped signature operation：Chapter of impressing is signed on the rfid labels, completes to write behaviour when electronic signature read write line connects RFID label tag Make；Data generate and management module forms the data to be uploaded for including recording write operation number after write operation is completed, including RFID tag sequence code, signature information, digital signature, remain memory and keep in；

IV, networking certification：Seal information device is connected to client by USB, client-side program is opened, clicks on and touch Display screen connecting key is touched, opens digital authenticating process；

V, information upload：Once seal information device and service end establish normal connection by certification, and device will be certainly Dynamic opening imformation upload procedure, deposits information to be uploaded by memory, is uploaded one by one by write record, until upload successfully completely, Memory space is vacateed in memory cleaning.

Compared with prior art, beneficial effects of the present invention：

The present invention proposes a kind of new seal use information collection authentication mode, first using digital signature as electronic seal Anti-counterfeiting information in mirror, digital signature is decrypted by online ca authentication and obtains authentication result.The present invention first draws ca authentication system It is information-based in use, assigning the seal information device with seal combination of entities with the private of PKI key code system to enter physical seal Key and digital certificate, the signature information is implemented into digital signature as additional while signature information is stored in into electronic signature The anti-counterfeiting information of storage, such a mode have the characteristics of flexible and convenient to use in off-line case；Simultaneously at regular intervals will label Chapter information and digital signature are uploaded to the database purchase of service end；When carrying out signature information checking, it is necessary to bar of networking online Checking information is uploaded under part, service end draws signature information integrity result by decrypting digital signature, by being counted with online Signature information authenticity result is drawn according to comparison；, can picture the invention enables that need not be networked during seal information device work Traditional seal is flexibly used like that, and safety on line certification is provided when being verified for electronic signature.

The additional seal feature image that the seal information device of the present invention and electronic signature management system are provided simultaneously The function of collection, storage and checking；And verify that electronic signature function provides popular identification implementation for client using mobile phone.

Brief description of the drawings

Fig. 1：The present invention --- seal information device composition schematic diagram；

Fig. 2：The present invention --- use on-line authentication electronic signature management system information flow schematic diagram offline.

Embodiment

In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered Row is further described.

Traditional seal device, ca authentication technology and radio frequency chip technology together form one kind by the present invention The new device and method that progress seal use information collection and certification are gone using electronic signature；The electronic signature is by passing System trace is combined with RFID, and RFID is sealed between trace and stamped signature part by traditional trace.

Main design idea of the present invention：

The seal information device that the present invention uses is noted in ca authentication system by seal approval code as mark in advance Volume entity, obtains digital certificate and private key, and be stored in the CPU card built in it.Noted in the information-based device to electronic signature While entering signature information, digital signature is done to the information；The use of the digital signature belongs to the private key encryption process of the seal, With security and non repudiation.Signature information verification process is completed online, and digital certificate is provided by the third party of trust Management, the third party of trust manages the digital certificate of all seal entities and certificate revokes list, when service end receives stamped signature After information verification request, the digital certificate of the seal entity is retrieved according to the signature information of upload, decrypts the digital signature of upload, The signature information summary of decryption is compared with the upload signature information summary recalculated, obtains the integrality of signature information The result；Again according to the former record of RFID tag sequence code searching database of upload, compare inspection, obtains signature information Authenticity verification result；Above two result is replied to inquiry end by service end, if the online record has feature image, will be carried Download and check for the picture.

The network service end of electronic signature management system of the present invention, periodically receive the information of seal information device upload. The information includes electronic tag sequence code, signature information and feature image.The seal information device of the present invention can be according to initial The condition of setting, with set time interval networking upload the electronic tag sequence code being stored in the device, signature information and Feature image.The service end of electronic signature management system can provide the upload, storage, download function of stamped signature data.When seal is believed When networking is put in breath makeup, first by ca authentication, determine that digital certificate is effective.When because losing or being stolen, user applies for amounts written off Word certificate, the seal information device will be unable to network, and can not also upload the data in seal.

And then the technical scheme is that：

Such as Fig. 1, the seal information device is arranged on seal chapter body, forms intelligent seal, it includes：

Button cell and lithium battery duplicate supply device, for providing power supply for device；

Clock circuit, for holding meanss internal independence continuous time supply, with ensure device carry out stamped signature operation when, The accurate stamped signature time immediately is collected, is easy to device to write accurate signature information；

Touch display screen, for real-time displaying device operation information (current time, seal title, coding, species etc.), when (stamped signature time and seal electronic information etc., the seal electronic information include seal unit name to preceding signature information to be written Title, seal species, additional marking (user-defined Contract NO, invoice number etc.), electronic signature sequence code etc.) with And the signature information to be certified read from electronic signature, while be additionally operable to realize operational control to electronic signature read write line, Make the auxiliary operations such as view finder use and handwritten input information when opening camera module；

Corresponding write operation or read operation are carried out to electronic signature for the operational control according to touch display screen；Often The secondary pre-operation with before electronic signature read-write operation, by being mutually authenticated three times, in the information exchanging process after certification, all numbers Intercepted according to encrypting to prevent stop signal；Read write line determines that electronic signature can use by pre-operation, and obtains its sequence code；

Photo module, for absorbing the picture at stamped signature part information photo eigen position, as the additional of above-mentioned signature information Feature image is stored in memory module in the lump；In service end, the picture will be bound with signature information, when service end provides the label During chapter information authentication service, while the result is replied, there is provided the picture is downloaded；User is available to be shown on screen Picture is checked with original paper.The key feature of stamped signature part includes：The title and the amount of money of invoice, the target of contract and the amount of money, stamped signature Date and signature etc..Supported by the management for the feature image bound with signature information, provided further for electronic signature Safety assurance.

Memory, for storage device run driver and application program and seal electronics and information infrastructure data (including Seal title, species, examination ＆ approval seal numbering, enable date etc.), it is additionally operable to store seal electronic information ephemeral data and (including treats Write-in or the signature information read, to be uploaded or download information)；Its specific described memory module stores including ROM Device and RAM memory；The ROM memory be used for storage device operation driver and application program and basic data (including Seal title, species, examination ＆ approval seal numbering, enable date etc.), RAM memory is used to deposit ephemeral data, including it is to be written or The signature information that has read, to be uploaded or download information.

Data generate and management module, data generation and management module, when device performs write operation, for generating electronics Seal writes data i.e. signature information and digital signature, wherein signature information include seal title, species, examination ＆ approval seal numbering, Stamped signature time, additional identification etc., wherein digital signature are that above-mentioned signature information is delivered into digital encryption and decryption certification by this module Module is encrypted acquired, and above-mentioned signature information and digital signature are delivered to electronic signature read-write by this subsequent module Device, perform write operation；After performing write operation, for forming the data to be uploaded for including recording write operation number, wherein to be uploaded Data include RFID tag sequence code, signature information, digital signature etc., persist memory module storage；Performed in device and read behaviour When making, show, can be checked with imprinted graphics information, and wait for the signature information of reading to be delivered into touch display screen progress data It is to be uploaded；The data are generated and management module is additionally operable to when device performs and uploads data, according to write record number of operations and Time sequencing uploads signature information data to be uploaded one by one, and stamped signature data to be uploaded are checked at the end of each upload procedure Quantity is uploaded, if uploading quantity error occurs, prompts to upload mistake in touch display screen, to supply upload data.

And for controlling the microprocessor for coordinating that respective function is realized on above-mentioned modules.

Digital encryption and decryption authentication module, in device write operation, digital signature being done to signature information and delivers to data Generation and management module；Be additionally operable to connect client and during by Internet connection services end in device, there is provided digital certificate and Digital signature encryption and decryption operates, and realizes bidirectional digital certificate authentication；

Described digital encryption authentication module is built-in CPU card, and it includes digital certificate corresponding with the seal identity, private Key and authentication management sub-module；Described digital encryption and decryption authentication module pre-installs the digital root certificate of service end simultaneously；It is described Private key is used to be digitally signed encryption to the informative abstract of current signature information to be written；The authentication management submodule Summary computing and encryption and decryption processing of the block for the signature information before obtaining digital signature；The digital root certificate of service end is used In the digital certificate of certificate server；Further, the digital encryption and decryption authentication module is the private key intelligence of built-in PKI systems Card, after device forms a signature information to be written, and informative abstract is done to the data and imposed at digital signature encryption Reason, the informative abstract of involved signature information of the above-mentioned digital encryption and decryption authentication module in decryption processes are encrypted Extraction is realized by the algorithm given tacit consent to, can be real in digital encryption and decryption authentication module internal preset default algorithm program It is existing.

The present invention seal information device signature information carrier to be dealt with, be RFID, by IC chip, Aluminium film antenna, insulating barrier composition, are wrapped in, outer layer glue adhesive label facial tissue, bottom glue is pasted with stamped signature thing by upper and lower two layers of glue； RFID label tag is sealed under traditional trace, forms electronic signature；Seal information device combines with traditional seal body, is referred to as Electronic intelligence seal, and electronic signature is exactly the information carrier after electronic intelligence seal implementation stamped signature.The core of every RFID label tag Piece possesses sequence number and can not uniquely changed, and there is separate cipher controlled each sector, is accessed in transmitting procedure EEPROM has transmission cryptographic key protection, and one-time write data lock immediately, it is impossible to change.

The present apparatus also includes USB communication interface modules, couples for the client with terminal, and the client is electricity The legitimate client of the service end registration of sub- seal management system, it can be established and connected by internet and service end.

The present invention also provides a kind of new safe and reliable electronic signature management system, the system have client and Service end, as shown in Fig. 2 being described below：

The client that the electronic signature management system of the present invention is included, is a client-side program, is installed on seal information The computer management workstation of affiliated unit is put in makeup, and electronic signature service can be connected via internet after fulfiling registration formality End, the client provide USB interface and are connected with seal information device；Switching of the seal information device Jing Guo client can Connect server of the system.All clients being connected with service end are offered to the digital certificate of seal information device, realize With the bi-directional digital certification of service end.

The service end that the electronic signature management system of the present invention is included includes client manager module, digital authenticating management Module, digital certificate management module, electronic seal database, signature information comparison and digital signature deciphering module and mobile phone Proving program pushing module.

Described client manager module, the registration of user can be received, manage simultaneously each client of secure connection.

The digital authenticating management module of the server of the system, by managing the digital certificate of each seal information device, Safeguard the Revocation Lists of digital certificate, there is provided CA authentication service.All clients being connected with service end are offered to seal letter The digital certificate that breath makeup is put, realizes the bi-directional digital certification with service end.

User application procedure is handled in the digital certificate management module of described server of the system, receiving, is examined and is compiled by seal Code is used as distinguishing mark, generates and provides digital certificate and private key.

The electronic seal database of the server of the system, storage RFID tag sequence code, signature information, stamped signature part feature The information such as picture；The RFID tag sequence code is to make the unique sequence numbers generation gone out during the label using laser ablation procedure programming Code, each signature information is with this sequence code, as index when retrieving.

The electronic signature verification management module of the server of the system, it can make for the electronic signature checking request of client Go out double authentication reply, the electronic signature checking of service end, which is replied, includes two contents：Signature information decrypts integrity result, with The authenticity result that online former record compares.

The mobile phone proving program pushing module provides mobile phone for service end and verifies software transmission service, responds SMS Instruction, answering mobile phone checking software download address, and download service is provided；The corresponding mobile phone for carrying NFC function, can download peace Fill and enable proving program, the signature information of electronic signature can be read, and apply for that service end provides authentication service.

The basic setup of the present invention：Signature information and digital signature are write to electronic signature by seal information device, The connection established by client and service end on the basis of digital authenticating, realize that signature information uploads safely；Its most important mesh Be exactly by service end provide electronic signature the service for checking credentials；

Wherein described checking or authentication method are to implement the process using seal information device, and it is specifically included：

I, start prepare：Above-mentioned seal information device is opened, and client, behaviour are connected by USB communication interface modules Make client by digital certificate two-way authentication, establish the connection with service end；If digital certificate has been logged out, in connection It is disconnected；

II, collection information：Status display with service end successful connection is in touch display screen, now, opens display screen On certification button, seal information device enters certification mode, and at the same time certification request is uploaded to service end；By device Electronic signature read write line reads RFID tag sequence code, signature information and digital signature, stamped signature close to electronic signature to be certified Presentation of information is in touch display screen；

III, upload information：Start the upload key in touch display screen, information to be uploaded is uploaded to service by client End, display screen prompting upload successfully；

IV, decrypted authentication：Service terminates to certification request, electronic signature authentication module is opened, from the upload information of receiving Middle extraction seal approval code, the seal digital certificate is retrieved, extracts the client public key in the certificate, decrypts the number of the user Word is signed, and is implemented the digest algorithm of acquiescence, informative abstract is obtained from the signature information of upload, and do with the informative abstract of decryption Compare, if identical, decrypted authentication passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, is extracted from the upload information of receiving RFID tag sequence code, the former record in searching database, the signature information of upload is compared with former record, if complete phase Together, then certification is compared to pass through；

VI, reply result：Two kinds of authentication results are returned to client by service end simultaneously, are shown in seal information device Touch display screen on.

If VII, occurring a certain condition missing for some reason, single authentication result can be still provided；Even certification when, signature information Do not upload, it is possible to only do digital signature decryption verification；But if digital signature fails, and only goes out comparison, reliability is not Foot, at this moment, using taking pictures, picture can do circumstantial evidence.

The authentication method is not limited only to complete using seal information device, can also be completed using mobile phone, To realize that popular electronic signature identifies that it includes：

I, start prepare：Mobile phone is opened, establishes network connection, opens NFC function, starts mobile phone checking software；

II, collection information：By mobile phone NFC antenna position close to electronic signature to be certified, read RFID tag sequence code, Signature information and digital signature, signature information are shown on Mobile phone screen；

III, upload information：Start the upload function of mobile phone checking software, the upload program in software is by automatic Connection Service End, checking information is uploaded to service end, prompts to upload successfully；

IV, integrity verification：Service terminates to certification request, open-authentication management module, from the upload information of receiving Seal approval code is extracted, the seal digital certificate is retrieved, extracts the client public key in the certificate, decrypt the numeral of the user Signature, implement the digest algorithm of acquiescence, informative abstract is obtained from the signature information of upload, and ratio is done with the informative abstract of decryption Right, if identical, integrity verification passes through；

V, comparison：Service end deploys comparison after completing decrypted authentication, is extracted from the upload information of receiving RFID tag sequence code, the former record in searching database, the signature information of upload is compared with former record, if complete phase Together, then authenticity verification passes through；

VI, reply result：Two kinds of authentication results are returned to mobile phone terminal by service end simultaneously, are shown on Mobile phone screen.

If VII, occurring a certain condition missing for some reason, single authentication result can be still provided.

Above-mentioned authentication method realizes the electronic signature information gathering process for also including early stage；Its detailed process includes：

I, stamped signature prepare：Stamped signature position attaching rfid tag is being treated,

II, generation data：Operate seal information device touch display screen button, open write operation, data generation and Management module generation electronic signature writes data, i.e. signature information and digital signature, and the data are sent to electronic signature read write line,

III, stamped signature operation：Chapter of impressing is signed on the rfid labels, completes to write behaviour when electronic signature read write line connects RFID label tag Make；Data generate and management module forms the data to be uploaded for including recording write operation number after write operation is completed, including RFID tag sequence code, signature information, digital signature, remain memory and keep in；

IV, networking certification：Seal information device is connected to client by USB, client-side program is opened, clicks on and touch Display screen connecting key is touched, opens digital authenticating process；

V, information upload：Once seal information device and service end establish normal connection by certification, and device will be certainly Dynamic opening imformation upload procedure, deposits information to be uploaded by memory, is uploaded one by one by write record, until upload successfully completely, Memory space is vacateed in memory cleaning.

In the seal information device of the present invention photo module that is equipped with support service end electronic signature management system for The support of seal feature image collection；To increase the collection of key feature under lifting important events, gathered and signed using camera module The picture of privileged sites on chapter part, as stamped signature additional information, website storage is together uploaded to signature information.In service end, The picture will be bound with signature information, when service end provides the signature information service for checking credentials, while the result is replied, Picture download is provided；User checks using the picture being shown on screen with original paper.The key feature of stamped signature part includes： The title and the amount of money of invoice, the target of contract and the amount of money, the date of stamped signature and signature etc..Pass through the feature bound with signature information The management of picture is supported, further safety assurance is provided for electronic signature.

Embodiment 1：Device of the present invention it is customized and default

The makeup of technology provider advance customized information is put and electronic signature and implements to initialize；Seal user is with defined hand Renewal reason scribes official seal application, and preparation of official seal enterprise is completed the making of traditional stamp head part by approval in-formation, and by seal Information-based device is assembled into complete electronic intelligence seal with stamp head part, by approval information to electronic intelligence before it dispatches from the factory Seal and electronic signature carry out secondary information setting and encryption；

Seal user holds electronic intelligence seal and handles seal registers entities and application seal numeral card to CA authentication service end Book, and digital certificate and private key are disposably generated, it is stored in the CPU card of electronic intelligence seal；

Start enables electronic intelligence seal, the normal use under offline mode.Electronic intelligence seal needs periodically networking, will The signature information of storage uploads.The device must access network service end in certification.First start needs to set initial operation People's password, clock initial value is set, does networking initial setting up.The USB of device is accessed into computer client during networking, passes through interconnection Net is established with service end and connected, and electronic intelligence seal and site for service two-way authentication digital certificate, completion couple with service end.When After electronic intelligence seal reports the loss cancellation, original digital certificate enters in the Revocation Lists that website is specially safeguarded, couples every time all Need to detect the table, digital certificate, which appears in connection in Revocation Lists, can be forced to disconnect.

Embodiment 2：Electronic intelligence seal uses process：

I, stamped signature prepare：Stamped signature position attaching rfid tag is being treated,

II, generation data：Operate seal information device touch display screen button, open write operation, data generation and Management module generation electronic signature writes data, i.e. signature information and digital signature, and the data are sent to electronic signature read write line,

III, stamped signature operation：Chapter of impressing is signed on the rfid labels, completes to write behaviour when electronic signature read write line connects RFID label tag Make；Data generate and management module forms the data to be uploaded for including recording write operation number after write operation is completed, including RFID tag sequence code, signature information, digital signature, remain memory and keep in；

IV, networking certification：Seal information device is connected to client by USB, client-side program is opened, clicks on and touch Display screen connecting key is touched, opens digital authenticating process；

V, information upload：Once seal information device and service end establish normal connection by certification, and device will be certainly Dynamic opening imformation upload procedure, deposits information to be uploaded by memory, is uploaded one by one by write record, until upload successfully completely, Memory space is vacateed in memory cleaning.

Embodiment 3：The verification process of electronic signature

Included using seal information device implementation process：

I, start prepare：Above-mentioned seal information device is opened, and client, behaviour are connected by USB communication interface modules Make client by digital certificate two-way authentication, establish the connection with service end；If digital certificate has been logged out, in connection It is disconnected；

II, collection information：Status display with service end successful connection is in touch display screen, now, opens display screen On certification button, seal information device enters certification mode, and at the same time certification request is uploaded to service end；By device Electronic signature read write line reads RFID tag sequence code, signature information and digital signature, stamped signature close to electronic signature to be certified Presentation of information is in touch display screen；

III, upload information：Start the upload key in touch display screen, information to be uploaded is uploaded to service by client End, display screen prompting upload successfully；

IV, decrypted authentication：Service terminates to certification request, electronic signature authentication module is opened, from the upload information of receiving Middle extraction seal approval code, the seal digital certificate is retrieved, extracts the client public key in the certificate, decrypts the number of the user Word is signed, and is implemented the digest algorithm of acquiescence, informative abstract is obtained from the signature information of upload, and do with the informative abstract of decryption Compare, if identical, decrypted authentication passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, is extracted from the upload information of receiving RFID tag sequence code, the former record in searching database, the signature information of upload is compared with former record, if complete phase Together, then certification is compared to pass through；

VI, reply result：Two kinds of authentication results are returned to client by service end simultaneously, are shown in seal information device Touch display screen on.

Included using NFC mobile phone implementation process：

I, start prepare：Mobile phone is opened, establishes network connection, opens NFC function, starts mobile phone checking software；

II, collection information：By mobile phone NFC antenna position close to electronic signature to be certified, read RFID tag sequence code, Signature information and digital signature, signature information are shown on Mobile phone screen；

III, upload information：Start the upload function of mobile phone checking software, the upload program in software is by automatic Connection Service End, checking information is uploaded to service end, prompts to upload successfully；

IV, decrypted authentication：Service terminates to certification request, electronic signature authentication module is opened, from the upload information of receiving Middle extraction seal approval code, the seal digital certificate is retrieved, extracts the client public key in the certificate, decrypts the number of the user Word is signed, and is implemented the digest algorithm of acquiescence, informative abstract is obtained from the signature information of upload, and do with the informative abstract of decryption Compare, if identical, decrypted authentication passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, is extracted from the upload information of receiving RFID tag sequence code, the former record in searching database, the signature information of upload is compared with former record, if complete phase Together, then certification is compared to pass through；

VI, reply result：Two kinds of authentication results are returned to mobile phone terminal by service end simultaneously, are shown on Mobile phone screen.

The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto, Any one skilled in the art the invention discloses technical scope in, technique according to the invention scheme and its Inventive concept is subject to equivalent substitution or change, should all be included within the scope of the present invention.

Claims (10)

1. a kind of offline seal information device for using on-line authentication, the seal information device are arranged on seal chapter body, It is characterized in that：It includes

Electric supply installation, for providing power supply for device；

Clock circuit, for holding meanss internal independence continuous time supply, with ensure device carry out stamped signature operation when, collection To the instant accurate stamped signature time；

Touch display screen, for real-time displaying device operation information, current signature information to be written and from electronic signature The signature information to be certified read, while be additionally operable to realize the operational control to electronic signature read write line and handwritten input information Auxiliary operation；

Electronic signature read write line, electronic signature is carried out for the operational control according to touch display screen corresponding write operation or Read operation；Every time with carrying out pre-operation before electronic signature read-write operation, read write line determines that electronic signature can use by pre-operation, And obtain its sequence code；

Memory, for storage device operation driver, application program and seal electronics and information infrastructure data, it is additionally operable to store Seal ephemeral data；

Data generate and management module, and when device performs write operation, data i.e. signature information is write for generate electronic signature And digital signature, wherein signature information include seal title, species, examination ＆ approval seal numbering, stamped signature time, additional identification, wherein Digital signature be by this module by above-mentioned signature information deliver to digital encryption and decryption authentication module be encrypted it is acquired, Above-mentioned signature information and digital signature are delivered to electronic signature read write line by subsequent module, perform write operation；After performing write operation, use Include recording the data to be uploaded of write operation number in formation, wherein data to be uploaded also include RFID tag sequence code, stamped signature Information, digital signature；When device performs read operation, show for the signature information of reading to be delivered into touch display screen progress data Show；

Digital encryption and decryption authentication module, in device write operation, digital signature to be done to signature information and delivers to data generation And management module；And for connecting client and during by Internet connection services end in device, there is provided digital certificate sum Word signature encryption and decryption operation, realizes bidirectional digital certificate authentication；

And coordinate the microprocessor of above-mentioned modules for controlling.

2. seal information device according to claim 1, it is characterised in that：Described device also includes USB communications and connect Mouth mold block, for coupling with computer client, the client is information-based dedicated for connection seal in service end registration The middleware of device, it can be established and connected by internet and service end, the storage to be uploaded that device built-in storage is stored Information is uploaded to service end.

3. seal information device according to claim 1, it is characterised in that：Described data generation and management module are also For when device performs and uploads data, according to write record number of operations and time sequencing by signature information data to be uploaded by Bar uploads, and checks stamped signature data to be uploaded at the end of each upload procedure and upload quantity, if uploading quantity there is error, Prompt to upload mistake in touch display screen, to supply upload data.

4. seal information device according to claim 1, it is characterised in that：Described device also includes photo module, uses In the feature image of real time shooting stamped signature part characteristic portion, the additional information as stamped signature data is stored in memory in the lump.

5. seal information device according to claim 1, it is characterised in that：Described digital encryption and decryption authentication module is Built-in CPU card, it include the corresponding digital certificate of the identity i.e. seal approval number that is obtained when being examined with the seal, private key and Authentication management sub-module；Described digital encryption and decryption authentication module pre-installs the digital root certificate of service end simultaneously；The private key is used In being digitally signed processing to current signature information to be written；The authentication management sub-module is right before being used for digital signature Signature information make an abstract processing and encryption and decryption processing；The digital root certificate of service end is used for the digital certificate of certificate server.

A kind of 6. electronic signature management system, it is characterised in that：

The system includes some seal information devices, carries signature information and the electronic signature of digital signature, is above-mentioned print Chapter informationization device provides the client of networking, and by client manager module, digital certificate management module, digital authenticating pipe Manage module, electronic seal database, the service end of verification management module composition.

7. electronic signature management system according to claim 6, it is characterised in that：The visitor of the electronic signature management system Family end, it is a client-side program, is installed on the computer management workstation of seal information device affiliated unit, the client provides USB interface is connected with seal information device so that switching of the seal information device Jing Guo client can connect system clothes Business end；The client manager module of the server of the system is used for the registration for receiving user, manages simultaneously each client of secure connection； The digital certificate management module of the server of the system handles user application procedure for receiving, by seal approval code as knowledge Do not indicate, generate and provide digital certificate and private key；The digital authenticating management module of the server of the system is used to pass through management The digital certificate of each seal information device, the Revocation Lists of digital certificate are safeguarded, to provide CA authentication service；The system clothes The electronic seal database at business end is used to store RFID tag sequence code, signature information, signature characteristic picture information；The system The electronic signature verification management module of system service end is used for for electronic signature revene lookup and makes double authentication.

8. electronic signature management system according to claim 7, it is characterised in that：The server of the system also includes mobile phone Proving program pushing module, the module are used to provide mobile phone checking software transmission service, respond mobile phone short message instructions, answering mobile phone Software download address is verified, and download service is provided；Mobile phone with NFC function, download and install and enable proving program, can The signature information of electronic signature is read, is shown in Mobile phone screen, can be compared with imprinted graphics information and apply for that service end provides certification Service.

9. a kind of electronic signature on-line authentication method, implement verification process using seal information device, it is characterised in that：

Including：

I, start prepare：Above-mentioned seal information device is opened, and connects client, while passes through the digital certificate with service end Two-way authentication, establish the connection with service end；If the digital certificate has been logged out, disconnecting；

II, collection information：Enter certification mode with seal information device after service end successful connection, at the same time certification request It is uploaded to service end；By the electronic signature read write line of device close to electronic signature to be certified, RFID tag sequence code, label are read Chapter information and digital signature, signature information are shown in touch display screen；

III, upload information：Information to be uploaded is uploaded to service end by client；

IV, decrypted authentication：Service extracts seal approval code after terminating to certification request from the upload information of receiving, from numeral Authentication management module retrieves seal digital certificate, extracts the client public key in the certificate, decrypts the digital signature of the user, real The digest algorithm of acquiescence is applied, informative abstract is obtained from the signature information of upload, and is compared with the informative abstract of decryption, if complete Exactly the same, then full authentication passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, and RFID marks are extracted from the upload information of receiving Sequence code is signed, the former record in searching database, the signature information of upload is compared with former record, if identical, compared Certification is passed through；

VI, reply result：Two kinds of authentication results are returned to client by service end simultaneously, are shown in touching for seal information device Touch on display screen.

10. authentication method according to claim 9, it is characterised in that：Described authentication method is not limited only to using print Chapter informationization device is completed, and can also be completed using mobile phone, to realize that popular electronic signature identifies that it includes：

I, start prepare：Mobile phone is opened, establishes network connection, opens NFC function, starts mobile phone checking software；

II, collection information：By mobile phone NFC antenna position close to electronic signature to be certified, RFID tag sequence code, stamped signature are read Information and digital signature, signature information are shown on Mobile phone screen；

III, upload information：Start the upload function of mobile phone checking software, application checking information is uploaded to service end；

IV, full authentication：After service terminates to certification request, seal approval code is extracted from the upload information of receiving, is retrieved Go out the seal digital certificate, extract the client public key in the certificate, decrypt the digital signature of the user, the summary for implementing acquiescence is calculated Method, informative abstract is obtained from the signature information of upload, and compared with the informative abstract of decryption, if identical, completely Certification passes through；

V, compare certification：Expansion compares certification after service end completes decrypted authentication, and RFID marks are extracted from the upload information of receiving Sequence code is signed, the former record in searching database, the signature information that mobile phone uploads is compared with former record of service end, if completely Identical, then true certification passes through；

VI, reply result：Two kinds of authentication results are returned to mobile phone terminal by service end simultaneously, are shown on Mobile phone screen.