CN104320252B - A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method - Google Patents

Abstract

The invention discloses a kind of mobile online tracking verification electronic intelligence seal and electronic signature management system and verification method, the system includes electronic intelligence seal, electronic signature, electronic signature application platform；Wherein, electronic intelligence seal include Wireless Internet access module, locating module, electronic signature read write line, touch display screen, memory module, photo module, clock circuit, microprocessor, electric supply installation, the on-line control module for being detected for real-time online and controlling the work of intelligent seal and on-line synchronous, for control intelligent seal write operation with information upload sequentially and complete upload control module, for being connected with service end when two-way ca authentication digital encryption module；Wherein, electronic signature is the information carrier that the electronic intelligence seal implements stamped signature；Wherein, electronic signature application platform provides electronic signature data storage and information authentication service；The present invention realizes seal Mobile Online tracking verification time, position, trace first, realizes safe efficient, complete anti-counterfeit of seals function.

Description

A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and Verification method

Technical field

The present invention relates to seal information technology, digital ca authentication technology, mobile Internet information management technique, specifically Say it is to be related to a kind of mobile online tracking verification electronic intelligence seal and electronic signature management system.

Background technology

At present, official seal examination ＆ approval and making has been carried out information system management, and official seal is every by its using traditional approach is still The mode that the secondary blot pattern that leaves of impressing is compared with reserved specimen seal figure determines its validity, and this authentication mode can only be according to By vision comparison, it is impossible to realize intelligent；The result of comparison is relatively approximate, it is impossible to accurate.

Application No. 2011103391075, it is entitled《Seal system and seal, signature paper》Patent, it is proposed that trace Information-based scheme, electronic signature is combined into by by trace and RFID, and signature information is write into electronic signature, then will Signature information is uploaded to service end storage management, downloads to client validation, realizes informationization and net that seal uses process Network is managed and checking application.

Patent shortly before present patent application《A kind of seal information device, the electronics of offline use on-line authentication Seal management system and authentication method》, propose by CA digital authenticating system combined with intelligent seal with solve seal and network it Between information transmission security reliability scheme.Carried out online in checking, offline mode is still followed when seal is used.This kind of mode Cause seal when in use outside network authentication management, there is potential safety hazard.In addition, seal uses meeting between checking There is a time difference, be unfavorable for improving the efficiency of checking, particularly use frequently occasion in seal.And, seal was used The data volume produced in journey is larger, is stranded in seal both inconvenient or dangerous.

The content of the invention：

In view of the defect that prior art is present, the invention aims to provide a kind of Mobile Online's tracking verification electronics intelligence Can seal, electronic signature management system and verification method, the present invention can by development of Mobile Internet technology, CA digital authentication technologies, Non-contact RF ID tag read technology combines and is combined into traditional seal body (photosensitive marking, rubber print, infiltration print etc.) Electronic intelligence seal；Electronic signature is combined into traditional trace using non-contact RF ID label, as the carrier of signature information； And using Mobile Online's management and CA digital authenticatings, realize that the safe handling of the electronic intelligence seal under network supervision and tracking are tested Card；Time, place and trace during using stamped signature provide and collection as the complete information of collection stamped signature when electronic signature is verified The consistent multiple spot checking of information, provides the user reliability, the non repudiation of electronic signature and the checking of associated trace Technical implementation way.

To achieve these goals, the technical scheme is that：

A kind of mobile online tracking verification electronic intelligence seal, including：

Electric supply installation, for providing power supply for device, it is lithium battery power supply device；

Clock circuit, the continuous time for keeping seal internal independence supplies, during ensuring that seal carries out stamped signature operation, Collect the accurate stamped signature time immediately；

Wireless Internet access module, sets up under ca authentication for the application interface by mobile interchange net mode and service end Wireless data connection, carry out real time data information exchange；

Electronic signature read write line, for carrying out write operation and read operation to electronic signature；

Touch display screen, realizes the operational control to seal and shows seal operation information and electronic seal in real time for user The reading writing information of mirror read write line, while aiding in user to realize the handwriting input of character information；

Microprocessor, for performing client application instruction, each unit realizes each correspondence in cooperative control device Function；

It is characterized in that：Also include

Photo module, for seal when completing write operation and performing upload program, automatically turns on and according to artificial operation Blot pattern is carried out to take pictures process；I.e. photographing instruction will before upload is carried out automatic；Under exposal model, touch display screen As view finder, take pictures and be only limitted to blot pattern scope, press shutter and obtain trace picture, by determination key when being satisfied with, picture enters Enter upload state, screen display upload progress, until completing to upload；

Locating module, after setting up normal connection in start, the module enters working condition, automatic receiving space or The framing signal of person's network, obtains electronic intelligence seal position data, and is converted into information of place names through internal processes, with label Chapter information network is uploaded to service end storage in the lump when putting on record；

Memory module, including ROM memory and RAM memory, wherein ROM memory are used to store the letter of persistence Breath, including initial information that the driver and application program of intelligent seal, seal complete to be pre-installed when making (including seal name Title, species, examine coding, Production Time etc.)；Wherein RAM memory is used to store temporary information, including electronic signature read write line The signature information or the information being made up of signature information and electronic signature serial number of reading that will be write, and photo module The pictorial information of generation；

On-line control module, for real-time detection Wireless Internet access module networking state, and according to Wireless Internet access module networking The working condition of state correspondence control electronic signature read write line；If detecting Wireless Internet access module to network successfully, electronics is opened Seal read write line；If detect failed Wireless Internet access module networking or disconnection networking, control device disconnects electronic seal Mirror read write line；

Upload control module, for the execution sequence for controlling electronic intelligence seal write operation to be uploaded with information；That is the module When electronic signature read write line is in write operation, electronic signature serial number will be first obtained, service end registration is uploaded to, then by reading Write after device execution write operation, photo module completion picture picked-up, start to perform upload operation instruction；Its order and interior for uploading Rong Wei：Signature information, information of place names and trace picture；After the upload for receiving service end completes prompting, the module just allows to read Write device and perform next operational order, otherwise, upload control module prevents the read-write operation of read write line；

And digital encryption authentication module, for performing network C A digital certification functions.

Further, the digital encryption module is encoded to encrypted body and identifies with seal, applies for and be provided with PKI encryption The private key and digital certificate of system, and the digital root certificate of the service end networked therewith is pre-installed, built in this, as with service end Unique key of vertical connection；When being connected with the electronic seal database foundation of service end every time, bi-directional digital identity is done first and is recognized Card, confirms that bi-directional digital certificate is legal, and coupling while holding electronic intelligence seal on this basis in holding and service end Working condition；Even electronic intelligence seal is reported the loss, then its digital certificate is just appeared among revoke certificates list, when the seal During connection server, just it is disconnected because digital certificate is invalid, electronic intelligence seal just cannot be introduced into working condition.

The bi-directional digital authentication process includes that being connected bidirectional identification with the online application service interface of service end recognizes Normal data exchange ciphering process after card process and completion access authentication, it is mainly by digital authenticating encrypting module Digital certificate, private key and encryption and decryption treatment operation submodule are realized；It implements process：

The device of the electronic intelligence seal is set up connection and is taken to the web-based applications of service end by mobile data network Business interface sends access request, and the online application service interface of service end generates a random authentication data, and by service end Digital certificate issues seal device together；Seal device is using the numeral label in preset root certificate decryption service end digital certificate Name, the certification digital certificate is legal, so as to obtain service end public key；Then, seal device is to the random authentication data that are received Digital signature is done, then is encrypted with the public key of service end, by the random authentication data after encryption together with institute in seal device The digital certificate of category together issues service end；After the online application service interface of service end receives the digital certificate of seal device, I.e. to the certificate revocation list CRL that ca authentication system application is newest, the legitimacy of the seal digital certificate that checking is received is legal Then obtain its public key；Private key of the service end belonging to is decrypted to the encrypted cipher text for transmitting, and obtains the random of seal device and recognizes The digital signature of data is demonstrate,proved, the digital signature of the public key decryptions seal device of seal device is reused, what is reduced recognizes at random Card data, the data of decryption are compared with former data, checking is met when identical and is required；Service end regeneration second is recognized at random The data are encrypted, and be sent back to seal device by card data with the public key of the seal device；Seal device receives ciphertext Afterwards, decrypted using built-in affiliated private key, obtain the second random authentication data；Second random authentication data and previous random number Session key is generated according to by logic XOR, then the bi-directional digital verification process of seal device is completed；Seal device sends Confirmation message, after the online application service interface of service end receives the confirmation message, generates session key in the same fashion；Complete The symmetric key exchange process of normal data exchange, the bi-directional digital verification process of service end is completed.

Wherein described service end is described electronic signature application platform, for providing numeral for electronic intelligence seal Certificate management service, electronic intelligence seal networking bi-directional digital authentication service, electronic seal database storage and data verification Function.

Further, electronic signature is to accept the signature information carrier for implementing stamped signature operation, and the electronic signature is by RFID What electronic tag combined with traditional trace and was sealed under traditional trace and constitutes；RFID, is by IC chip, aluminium What film antenna, insulating barrier and label surface paster were constituted.

The present invention also provides a kind of electronic signature management system, it is characterised in that：Including above-mentioned electronic intelligence seal, electricity Sub- seal, electronic signature application platform, the electronic signature application platform are alternatively referred to as service end；

Wherein, electronic signature, is that electronic intelligence seal performs the information carrier that stamped signature is operated；

Electronic signature application platform includes：

CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service；

Electronic seal database, for storing electronic signature serial number, signature information, information of place names, trace picture；

Service for checking credentials module, responds for the checking requirement to client, replys and uploads signature information and stock's label Chapter information comparison result, and additional information of place names and trace picture are downloaded；

Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, will print when handling Chapter examine coding generates and provides digital certificate and private key as encrypted body distinguishing mark；The service end of module prepackage simultaneously Digital root certificate.

Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and Download service is provided.

The electronic signature, is that electronic intelligence seal performs the information carrier that stamped signature is operated；Be by RFID with Traditional trace is combined, and the label is encapsulated in the stamped signature position of stamped signature part by trace print；RFID, by IC chip, aluminium Film antenna, insulating barrier composition, by upper and lower two-layer glue parcel, outer layer glue adhesive label facial tissue, bottom glue is pasted with stamped signature part；Outer layer Label facial tissue be printed on blue fine-structure mesh line, in order to lock the relative position with red trace.

Further, described series electron seal management system also includes：

Mobile phone with NFC function, installs and enables mobile phone proving program for downloading, and can read the label of electronic signature Chapter information, is shown in Mobile phone screen, and perform upload and authentication function.

The present invention also provides a kind of Mobile Online's tracking verification electronic signature verification method, it is characterised in that：By servicing Implement the verification operation of electronic signature in end；The client for proposing checking request can be electronic intelligence seal, or NFC hands Machine；Service end completes proving program and replys the result and provide additional identification information to download, and examine item by item is completed in client more Card；Specifically include following steps：

(1) signature information collection to be verified and upload：Electronic signature to be verified is read using electronic signature read write line Serial number and signature information, service is uploaded to using upload control module by the electronic signature serial number and signature information of reading End；

(2) service end checking：Service end response verification asks open-authentication management module, with the electronic signature of upload sequentially Number for index, in the electronic seal database at retrieval service end related signature information record, and with upload signature information ratio It is right, obtain comparison result；

(3) checking is replied：Service end together returns the result together with the information of place names in the former record of retrieval, trace picture Client is arrived again；

(4) multiple spot checking：Client checks trace, place name, and integrated service end comparison result by vision, draws final Checking conclusion.

Database data collection storing process of the described electronic signature verification method also including early stage, including following step Suddenly：

(1) Connection Service end：Electronic intelligence seal is started shooting, and plug-in starts, and client-side program interface passes through on wireless Net module attempt with serve end program interface set up be connected, this connection procedure include in advance with cellular radio base station data link Connection or with wideband data link on Wi-Fi hotspot connection, by digital encryption authentication module implement bi-directional digital certificate recognize Card, realizes secure connection；On-line control module connection electronic signature read write line simultaneously carry out corresponding signature information generation and on Pass related work；If factor word certificate revocation or other reasons cause network connection to disconnect, on-line control module disconnects Electronic signature read write line forbids corresponding signature information to generate and information upload simultaneously；

(2) data have been passed completely to detect：After intelligent seal client realizes secure connection with service end, service is completed first End data is completely detected and just enters normal information exchange state；If the data of service end completely detect that discovery has uploaded data and had scarce , can immediately to the request of intelligent seal client proposition supplement missing data item, until son intelligence seal client meets wanting Untill asking；

(3) data acquisition and write operation：When electronic intelligence seal performs write operation, there is data below to gather, register, write Process alternately occurs：Read write line carries out pre-operation and sets up read-write relation and obtain electronic signature serial number with electronic signature, uploads The serial number is uploaded to electronic seal database and registered in advance by control module, and clock circuit output time is basic with memory The signature information is write electronic signature by information fusion into signature information, read write line, and photo module starts, and absorbs trace picture, Locating module produces position data and switchs to information of place names through program；

(4) data are uploaded and storage：Upload control module performs predetermined upload program, and write operation is completed in seal device Afterwards, upload function is opened, the order and content of upload are：Signature information, information of place names, trace picture；Complete above- mentioned information Storage, service end sends upload and completes prompting to intelligent seal client, and the intelligent seal of control is operated into next record.

Described service end includes：

CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service；

Electronic seal database, storage electronic signature serial number, signature information, information of place names, trace picture；

Service for checking credentials module, the checking requirement to client is responded, and is replied and is uploaded signature information with stock's stamped signature letter Breath comparison result, and additional information of place names and trace picture are downloaded；

Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, will print when handling Chapter examine coding generates and provides digital certificate and private key as encrypted body distinguishing mark；The service end of module prepackage simultaneously Digital root certificate.

Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and Download service is provided.

Compared with prior art, beneficial effects of the present invention are as follows：

The present invention devises the full spectrum information acquisition capacities such as time, position, trace picture that a kind of offer seal is used Electronic intelligence seal, by way of Mobile Online in seal use provide network supervision, information upload and information completely Control, it is ensured that electronic intelligence seal uses environment safely and electronic signature tracking verification is rapidly and efficiently serviced；It is attached to electricity simultaneously The CA digital authenticatings of the PKI encryption system between sub- intelligence seal and electronic signature application platform, establish it is safe, can not support Bad network environment；First so that any time, the safety guarantee bar in any place are satisfied with the use of electronic intelligence seal Part, realizes safe efficient, complete anti-counterfeit of seals function；

The present invention realizes comprehensive and perfect seal use information scheme：The information of comprising the time, position, comprising Electronics, visual signature information, checks mechanism, it is ensured that each stamped signature is remembered by the full storage of electronic signature application platform Record information completely is intact；

The present invention realizes that electronic signature multiple spot is recognized using electronic signature storage and the combination of service end database purchase Card；Wherein, signature information is stored in electronic signature first, is uploaded to service end after taking-up again, realizes depositing record ratio with service end original To checking；Trace picture is first uploaded to service end storage with information of place names, then downloads to client, is verified with visual manner respectively Trace is consistent, positional is consistent；It is real to realize time and space information, physical print and electronic information, trace and label position Put the checking of comprehensive association.

Brief description of the drawings

Fig. 1 is mobile online tracking verification electronic intelligence seal composition schematic diagram of the invention；

Fig. 2 is Mobile Online's tracking verification electronic signature management system schematic flow sheet of the invention.

Specific embodiment

In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered Row is further described.

In view of existing official seal use environment is present, such as seal use information is chaotic, and many safety such as spurious information is spread unchecked is hidden Suffer from, the present invention, using the links that there may be potential safety hazard of link, has been provided the user a kind of removable from seal The electronic intelligence seal use environment dynamic, safety on line is used, in such circumstances, can effectively ensure that the reliability that official seal is used Property, non repudiation.

Official seal is the symbol of right, the promise of interests, the proof of identity；The safe handling of official seal, the proof of non-repudiation Power depends on providing security context and the technological means that official seal is used.

Official seal is false proof depending on following three elements：Public identity platform (including public's identification terminal), with independent digit The seal body (being associated comprising the numeral with platform) of identity, the trace carrier of storage signature information.

According to existing CA digital authentication technologies and system, assign electronic intelligence seal and electronic signature management information platform with Identity-independent in PKI encryption system, including digital certificate and private key, can set up reliable net by bidirectional digital certificate authentication Network application programming interfaces couple, the official seal safe handling environment under the conditions of realizing online.

Based on above-mentioned purpose, main design idea of the present invention is：By with mobile Internet function, online ca authentication , seal information device with non-contact RF ID chip read-write capability and traditional seal body (photosensitive marking, rubber print, ooze Print through etc.) it is combined into an entirety；Using the label of non-contact RF ID chip package as electronic signature, stamped signature e-mail is stored Breath, and be sealed under traditional trace, it is combined as intelligent trace；Using the electronic signature agrment information system based on mobile Internet The online management and network C A authentication functions of system, by ad hoc real-time online control module, realize the signature information network storage Safety on line with official seal is used；And by digital authenticating encrypt set up internet safe information Store, there is provided to user make with The electronic signature information of reading is compared, and confirms reliability, the non repudiation of electronic signature and associated trace.

Specifically, as shown in figure 1, electronic intelligence seal of the present invention (electronic intelligence seal depends on traditional seal On body, the electronic intelligence seal client that will be made up of modules is arranged at conjunction photosensitive marking, rubber print, infiltration print etc. and passes On system seal body) it is made up of following part：

Clock circuit, Wireless Internet access module, electronic signature read write line, touch display screen, microprocessor, memory module, Line traffic control module, locating module, photo module, upload control module, digital encryption authentication module, electric supply installation --- lithium battery Deng.

The clock circuit, the continuous time for keeping seal internal independence supplies, to ensure that seal carries out stamped signature behaviour When making, the accurately stamped signature time is collected immediately, while can also from network obtain temporal information to check and approve local day in networking Phase and time.

The Wireless Internet access module, including antenna, GPRS/3G Transmit Receive Unit and part etc. application programming interfaces；It is logical Cross wireless data of the mobile interchange net mode with the application interface foundation of service end under ca authentication to be connected, carry out real time data Information is exchanged；

The electronic signature read write line, for carrying out write operation and read operation to electronic signature, the conversion of two generic operations, Can be switched by touch display screen and controlled；It is in online by on-line control module control, only electronic intelligence seal when opening work Could normal work when under state；Simultaneously electronic signature read write line in read-write operation again with upload control module co-ordination, Realize writing data by the logical relation specified in seal and read the upload of data；Electronic signature read write line is read with electronic signature every time Pre-operation is carried out before write operation, is mutually authenticated by three times, all information exchange encryption in case stop signal is intercepted；Read write line is passed through Cross pre-operation and determine electronic signature upstate, and obtain its serial number.

Photo module, for seal when completing write operation and performing upload program, automatically turns on and according to artificial operation Blot pattern is carried out to take pictures process；I.e. photographing instruction will before upload is carried out automatic；Under exposal model, touch display screen As view finder, take pictures and be only limitted to blot pattern scope, press shutter and obtain trace picture, by determination key when being satisfied with, picture enters Enter upload state, screen display upload progress, until completing to upload.

Locating module, after setting up normal connection in start, the module enters working condition, automatic receiving space or The framing signal of person's network, obtains electronic intelligence seal position data, and through Program transformation into information of place names, believe with stamped signature Breath network is uploaded to service end storage in the lump when putting on record；

The microprocessor, for performing client application instruction, each unit is realized respective in cooperative control device Corresponding function, including networking uploads download function, authentication function, real-time online control read-write capability, signature information collection etc. Function.

The memory module is made up of ROM and RAM, and ROM is used to storing the information of persistence, including intelligent seal drive Dynamic program and application program (are such as managed, encrypting and decrypting is managed, RFID read-write management journey comprising network management, signature information Sequence), seal initial information (including seal title, species, examine coding, Production Time etc.) for pre-installing when completing to make, RAM uses In storage temporary information, including the signature information that will write of electronic signature read write line or reading by signature information and electronics The information of seal serial number composition, and the pictorial information that photo module is produced；Signature information, it includes seal electronic information Electronic signature serial number information that (seal title/species/numbering etc.), stamped signature time, electronic signature read write line are obtained etc..Seal Coding is the seal unique order code assigned by system when public security is examined, as the mark of seal, can be corresponding with digital certificate, Encoded by seal and transfer corresponding digital certificate；Label sequence code is that the RFID label tag chip that burning enters when making is unique Identification code, for recognizing each chip, recognizes each electronic signature, recognizes each signature information for networking；Work as service During the retrieval signature information of end, with the sequence code as foundation.

The on-line control module, for real-time detection Wireless Internet access module networking state, and according to Wireless Internet access module The working condition of networking state correspondence control electronic signature read write line is this on-line control module when electronic intelligence seal is started shooting Initialize installation is carried out, normal operating cycle state can be operated in, its output normality is disconnection；When receiving wireless networking Module in line index, that is, carry out corresponding connection operation, then return to original state during no marks information；If specific detection Networked successfully to Wireless Internet access module, online flag information is delivered to on-line control module by Wireless Internet access module, then electronic intelligence Seal normal work, user opens electronic signature read write line as desired；If it is failed to detect Wireless Internet access module networking, Control device is in and disconnects electronic signature read write line.

Upload control module, the function of the execution sequence uploaded with information with control electronic intelligence seal write operation；On Control module is passed when electronic signature read write line is in write operation, electronic signature serial number will be first obtained, service end is uploaded to Electronic seal database is registered, and after then performing write operation, photo module completion picture acquisition by read write line, starts to perform Pass operational order；Its order for uploading and content are：Signature information, information of place names and trace picture；Receiving the upper of service end Pass after completing prompting, the module just allows read write line to perform next operational order, otherwise, upload control module prevents read write line Read-write operation；

This intelligent seal also includes digital authenticating encrypting module, and the digital encryption module is encoded to encrypted body mark with seal Know, apply for and be provided with the private key and digital certificate of PKI encryption system, and the digital root card for pre-installing the service end networked therewith Book, in this, as the unique key coupled with service end foundation；When coupling with the electronic seal database foundation of service end every time, Ca authentication is done first, confirms that bi-directional digital certificate is legal and basic herein while holding couples with electronic seal database The working condition of upper holding electronic intelligence seal.Even electronic intelligence seal is reported the loss, then its digital certificate just appears in cancellation card Among book list, when the seal couples server, just disconnected because digital certificate is invalid, electronic intelligence seal just cannot be introduced into Working condition.

The bi-directional digital authentication process includes being connected double with the online application service interface of electronic seal database To the normal data exchange ciphering process after authentication procedures and completion access authentication, it is mainly encrypted by digital authenticating Digital certificate, private key and encryption and decryption treatment operation submodule in module is realized.

Specifically as shown in Fig. 2 miscellaneous part of the invention and its information flow：

Electronic signature, the signature information that the operational order for carrying according to electronic signature read write line writes, by RFID electricity Subtab is combined with trace by print envelope, and the electronic tag is that storage card RFID chip is encrypted in a noncontact, by penetrating Frequency communication interface, security control unit and 8K Bit EEPROM composition.Its safety measure includes：It is mutually authenticated for three times, after certification Information exchanging process in, all data are encrypted in case stop signal is intercepted, and every sequence number of chip can not uniquely change, often There is separate cipher controlled one sector, and EEPROM is accessed in transmitting procedure has transmission cryptographic key protection, write once Enter data to lock immediately, it is impossible to change, encapsulated in electronic tag mode.

Electronic signature application platform, authentication function and CA digital certification functions are managed with electronic signature information Store.Should Platform is the system for taking into account electronic signature management and intelligent seal CA digital certification functions based on mobile Internet, with only Vertical third party's identity provides electronic signature information management and seal main body authentication service.The initial generation process of electronic intelligence seal Including：Seal unit user presses established procedure and completes preparation of official seal and electronic signature reservation；Initialization process is done before dispatching from the factory, is completed The installation of the operating system and client-side program of intelligent seal, electronic signature will also do encrypted initialization, the intelligence with our unit Seal pairing is used；Then seal digital certificate registration formality is handled, seal identification code is registered；The digital authenticating of intelligent seal adds Close module is loaded into digital certificate, private key, encrypting and decrypting program, digital root certificate of service end for networking therewith etc..

The information flow of electronic intelligence seal and electronic signature application platform：

(1) Connection Service end：Electronic intelligence seal connection start, plug-in starts, and client-side program interface is by online Module attempt with serve end program interface set up be connected, this connection procedure include in advance with cellular radio base station data link company Connect or with wideband data link on Wi-Fi hotspot connection, by digital encryption authentication module implement bi-directional digital certificate recognize Card, realizes secure connection；On-line control module connects electronic signature read write line and information generation and the related module of upload is normal Work；If factor word certificate revocation or other reasons cause network connection to disconnect, on-line control module disconnects electronic signature Read write line and information generation and the related module of upload forbid work；

(2) data have been passed completely to detect：After client realizes secure connection with service end, service end completes data and completely examines Survey and just enter normal information exchange state；If the data of service end completely detect that discovery has uploaded data and had a lacuna, can immediately to Client proposes the request of supplement missing data item, untill client meets requirement；

(3) data acquisition and write operation：Electronic intelligence seal perform write operation when, have data below gather, registration with Process is write alternately to occur：Read write line carries out pre-operation and sets up read-write relation and obtain electronic signature serial number with electronic signature, on The serial number is uploaded to electronic seal database and registered in advance by biography control module, the base of clock circuit output time and memory The signature information that this information fusion is written into signature information and by read write line writes electronic signature, and photo module starts, Intake trace picture, locating module produces position data and switchs to information of place names through program；

(4) data are uploaded and storage：Predetermined upload program is performed by upload control module into upper arq mode, it is sequentially Include with content：Signature information, trace picture, information of place names；Above- mentioned information storage is completed, service end sends upload to client Prompting is completed, system is operated into next record.

(5) checking is started：Display screen checking button is opened, electronic signature to be verified is read using electronic signature read write line Serial number and signature information, the electronic signature serial number and signature information of reading are uploaded to service using upload control module End；

(6) service end checking：Service end response verification asks open-authentication management module, with the electronic signature of upload sequentially Number for index, retrieval electronic seal database in related signature information record, and with upload signature information compare, obtain ratio To the result；

(7) checking is replied：Service end together returns the result together with the information of place names in the former record of retrieval, trace picture Client is arrived again.

(8) multiple spot checking：Client by vision check trace, place name, and with service end comparison result synthesis, draw most Conclusion is demonstrate,proved in final acceptance inspection.

The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any one skilled in the art the invention discloses technical scope in, technology according to the present invention scheme and its Inventive concept is subject to equivalent or change, should all be included within the scope of the present invention.

Claims (10)

1. a kind of mobile online tracking verification electronic intelligence seal, including：

Electric supply installation, for providing power supply for device；

Clock circuit, the continuous time for keeping seal internal independence supplies, during ensuring that seal carries out stamped signature operation, collection To the instant accurately stamped signature time；

Wireless Internet access module, for the nothing that the application interface by mobile interchange net mode and service end is set up under ca authentication Line data cube computation, carries out real time data information exchange；

Electronic signature read write line, for carrying out write operation and read operation to electronic signature；

Touch display screen, realizes the operational control to seal and shows that seal operation information and electronic signature are read in real time for user The reading writing information of device is write, while aiding in user to realize the handwriting input of character information；

Microprocessor, for performing client application instruction, each unit realizes each self-corresponding work(in cooperative control device Energy；

It is characterized in that：Also include

Photo module, for seal when completing write operation and performing upload program, automatically turns on and manually operation completes trace Figure is taken pictures extraction process；

Locating module, after setting up normal connection in start, the module enters working condition, automatic receiving space or net The framing signal of network, obtains electronic intelligence seal position data, and is converted into information of place names through internal processes, believes with stamped signature Breath network is uploaded to service end storage in the lump when putting on record；

Memory module, including ROM memory and RAM memory, wherein ROM memory are used to store the information of persistence, Driver and application program including intelligent seal, seal complete the initial information pre-installed when making；Wherein RAM memory is used In storage temporary information, including electronic signature read write line will write signature information, read by signature information and electronic seal The pictorial information that the information and photo module of mirror serial number composition are produced；

On-line control module, for real-time detection Wireless Internet access module networking state, and according to Wireless Internet access module networking state The working condition of correspondence control electronic signature read write line；If detecting Wireless Internet access module to network successfully, electronic signature is opened Read write line；If detect failed Wireless Internet access module networking or disconnection networking, control device disconnects electronic signature and reads Write device；

Upload control module, for the execution sequence for controlling electronic intelligence seal write operation to be uploaded with information；I.e. the module is in electricity When sub- seal read write line is in write operation, electronic signature serial number will be first obtained, service end registration is uploaded to, then by read write line Perform after write operation, photo module completion picture picked-up, start to perform upload operation instruction；Its order and content for uploading For：Signature information, information of place names and trace picture；After the upload for receiving service end completes prompting, the module just allows read-write Device performs next operational order, and otherwise, upload control module prevents the read-write operation of read write line；

And digital encryption authentication module, for performing network C A digital certification functions.

2. electronic intelligence seal according to claim 1, it is characterised in that：The digital encryption module is encoded to seal Encrypted body is identified, the service end that the private key and digital certificate and prepackage for applying for and being provided with PKI encryption system are networked therewith Digital root certificate, set up unique key for coupling in this, as with service end；Every time with the electronic seal database of service end When setting up connection, bi-directional digital authentication is done first, confirm that bi-directional digital certificate is legal, and coupling in holding and service end Keep the working condition of electronic intelligence seal on this basis simultaneously；Even electronic intelligence seal is reported the loss, then its digital certificate is just Appear among revoke certificates list, when the seal couples server, be just disconnected because digital certificate is invalid, electronic intelligence Seal just cannot be introduced into working condition.

3. electronic intelligence seal according to claim 2, it is characterised in that：The bi-directional digital authentication process includes Bidirectional identity authentication process is connected with the online application service interface of service end and the normal data after access authentication is completed and handed over Ciphering process is changed, it passes through digital certificate in digital authenticating encrypting module, private key and encryption and decryption treatment operation submodule and realizes； It implements process：

The device of the electronic intelligence seal is set up connection and is connect to the online application service of service end by mobile data network Mouthful send access request, the online application service interface of service end generates a random authentication data, and by the numeral of service end Certificate issues seal device together；Seal device is recognized using the digital signature in preset root certificate decryption service end digital certificate The digital certificate is demonstrate,proved legal, so as to obtain service end public key；Then, seal device does numeral to the random authentication data for being received Signature, then be encrypted with the public key of service end, by the random authentication data after encryption together with number affiliated in seal device Word certificate together issues service end；After the online application service interface of service end receives the digital certificate of seal device, i.e., to CA The newest certificate revocation list CRL of Verification System application, the legitimacy of the seal digital certificate that checking is received is legal, obtains Its public key；Private key of the service end belonging to is decrypted to the encrypted cipher text for transmitting, and obtains the random authentication data of seal device Digital signature, reuse the digital signature of the public key decryptions seal device of seal device, the random authentication data for being reduced, The data of decryption are compared with former data, checking is met when identical and is required；Service end regenerates the second random authentication data, The data are encrypted with the public key of the seal device, and are sent back to seal device；After seal device receives ciphertext, utilize Private key decryption belonging to built-in, obtains the second random authentication data；Second random authentication data pass through with previous random data Logic XOR generates session key, then the bi-directional digital verification process of seal device is completed；Seal device sends confirmation and disappears Breath, after the online application service interface of service end receives the confirmation message, generates session key in the same fashion；Complete normal The symmetric key exchange process of data exchange, the bi-directional digital verification process of service end is completed.

4. electronic intelligence seal according to claim 1, it is characterised in that：Described service end is described electronic seal Mirror application platform, for recognizing for electronic intelligence seal provides digital certificate management service, electronic intelligence seal networking bi-directional digital Card service, electronic seal database storage and data verification function.

5. electronic intelligence seal according to claim 1, it is characterised in that：The electronic signature implements stamped signature behaviour to accept The signature information carrier of work, the electronic signature is that RFID is combined and be sealed under traditional trace with traditional trace And constitute；RFID, is made up of IC chip, aluminium film antenna, insulating barrier and label surface paster.

6. a kind of electronic signature management system, it is characterised in that：Including electronic signature, electronic signature application platform and above-mentioned power Profit requires the electronic intelligence seal described in 1-5 any one；

Electronic signature, is that electronic intelligence seal performs the information carrier that stamped signature is operated；

Wherein, electronic signature application platform is service end, and it includes：

CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service；

Electronic seal database, for storing electronic signature serial number, signature information, information of place names, trace picture；

Service for checking credentials module, responds for the checking requirement to client, replys and uploads signature information with stock's stamped signature letter Breath comparison result, and additional information of place names and trace picture are downloaded；

Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, examines seal when handling Coding is criticized as encrypted body distinguishing mark, digital certificate and private key is generated and provide；The module pre-installs the number of service end simultaneously Radical certificate；

Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and provides Download service.

7. electronic signature management system according to claim 6, it is characterised in that：Described electronic signature management system is also Including：

Mobile phone with NFC function, installs and enables mobile phone proving program for downloading, and can read the stamped signature letter of electronic signature Breath, is shown in Mobile phone screen, and perform upload and authentication function.

8. a kind of Mobile Online's tracking verification electronic signature verification method, it is characterised in that：Electronic signature is implemented by service end Verification operation；Propose that the client of checking request is the electronic intelligence seal described in any one of claim 1-5, or NFC Mobile phone；Service end completes proving program and replys the result and provide additional identification information to download, and multiple spot is completed in client Checking；Specifically include following steps：

(1) signature information collection to be verified and upload：The order of electronic signature to be verified is read using electronic signature read write line Number and signature information, the electronic signature serial number and signature information of reading are uploaded to service end using upload control module；

(2) service end checking：Service end response verification asks open-authentication management module, is with the electronic signature serial number for uploading Index, the related signature information record in the electronic seal database at retrieval service end, and compared with the signature information for uploading, obtain Take comparison result；

(3) checking is replied：Together with the information of place names in the former record of retrieval, trace picture be together returned to the result by service end Client；

(4) multiple spot checking：Client checks trace, place name, and integrated service end comparison result by vision, draws final checking Conclusion.

9. electronic signature verification method according to claim 8, it is characterised in that：Described electronic signature verification method is also Database data collection storing process including early stage, comprises the following steps：

(1) Connection Service end：Electronic intelligence seal is started shooting, and plug-in starts, and client-side program interface passes through wireless networking mould Block is attempted being set up with serve end program interface and is connected, and this connection procedure includes being connected with cellular radio base station data link in advance Or with wideband data link on Wi-Fi hotspot connection, bidirectional digital certificate authentication is implemented by digital encryption authentication module, Realize secure connection；On-line control module connection electronic signature read write line carries out corresponding signature information generation and uploads phase simultaneously The work of pass；If factor word certificate revocation or other reasons cause network connection to disconnect, on-line control module disconnects electronics Seal read write line forbids corresponding signature information to generate and information upload simultaneously；

(2) data have been passed completely to detect：After intelligent seal client realizes secure connection with service end, service end number is completed first Just enter normal information exchange state according to complete detection；If the data of service end completely detect that discovery has uploaded data and had lacuna, The request of supplement missing data item can be proposed to intelligent seal client immediately, until son intelligence seal client meets requirement being Only；

(3) data acquisition and write operation：When electronic intelligence seal performs write operation, there is data below to gather, register, write process Alternately occur：Read write line carries out pre-operation and sets up read-write relation and obtain electronic signature serial number with electronic signature, uploads control The serial number is uploaded to electronic seal database and registered in advance by module, the essential information of clock circuit output time and memory Signature information is merged into, the signature information is write electronic signature by read write line, and photo module starts, and absorbs trace picture, positioning Module produces position data and switchs to information of place names through program；

(4) data are uploaded and storage：Upload control module performs predetermined upload program, seal device complete write operation it Afterwards, upload function is opened, the order and content of upload are：Signature information, information of place names, trace picture；Above- mentioned information is completed to deposit Storage, service end sends upload and completes prompting to intelligent seal client, and the intelligent seal of control is operated into next record.

10. electronic signature verification method according to claim 8, it is characterised in that：Described service end includes：

CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service；

Electronic seal database, for storing electronic signature serial number, signature information, information of place names, trace picture；

Service for checking credentials module, responds for the checking requirement to client, replys and uploads signature information with stock's stamped signature letter Breath comparison result, and additional information of place names and trace picture are downloaded；

Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, examines seal when handling Coding is criticized as encrypted body distinguishing mark, digital certificate and private key is generated and provide；The module pre-installs the number of service end simultaneously Radical certificate；

Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and provides Download service.