CN104320252B - A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method - Google Patents
A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method Download PDFInfo
- Publication number
- CN104320252B CN104320252B CN201410508391.8A CN201410508391A CN104320252B CN 104320252 B CN104320252 B CN 104320252B CN 201410508391 A CN201410508391 A CN 201410508391A CN 104320252 B CN104320252 B CN 104320252B
- Authority
- CN
- China
- Prior art keywords
- seal
- electronic
- signature
- information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of mobile online tracking verification electronic intelligence seal and electronic signature management system and verification method, the system includes electronic intelligence seal, electronic signature, electronic signature application platform;Wherein, electronic intelligence seal include Wireless Internet access module, locating module, electronic signature read write line, touch display screen, memory module, photo module, clock circuit, microprocessor, electric supply installation, the on-line control module for being detected for real-time online and controlling the work of intelligent seal and on-line synchronous, for control intelligent seal write operation with information upload sequentially and complete upload control module, for being connected with service end when two-way ca authentication digital encryption module;Wherein, electronic signature is the information carrier that the electronic intelligence seal implements stamped signature;Wherein, electronic signature application platform provides electronic signature data storage and information authentication service;The present invention realizes seal Mobile Online tracking verification time, position, trace first, realizes safe efficient, complete anti-counterfeit of seals function.
Description
Technical field
The present invention relates to seal information technology, digital ca authentication technology, mobile Internet information management technique, specifically
Say it is to be related to a kind of mobile online tracking verification electronic intelligence seal and electronic signature management system.
Background technology
At present, official seal examination & approval and making has been carried out information system management, and official seal is every by its using traditional approach is still
The mode that the secondary blot pattern that leaves of impressing is compared with reserved specimen seal figure determines its validity, and this authentication mode can only be according to
By vision comparison, it is impossible to realize intelligent;The result of comparison is relatively approximate, it is impossible to accurate.
Application No. 2011103391075, it is entitled《Seal system and seal, signature paper》Patent, it is proposed that trace
Information-based scheme, electronic signature is combined into by by trace and RFID, and signature information is write into electronic signature, then will
Signature information is uploaded to service end storage management, downloads to client validation, realizes informationization and net that seal uses process
Network is managed and checking application.
Patent shortly before present patent application《A kind of seal information device, the electronics of offline use on-line authentication
Seal management system and authentication method》, propose by CA digital authenticating system combined with intelligent seal with solve seal and network it
Between information transmission security reliability scheme.Carried out online in checking, offline mode is still followed when seal is used.This kind of mode
Cause seal when in use outside network authentication management, there is potential safety hazard.In addition, seal uses meeting between checking
There is a time difference, be unfavorable for improving the efficiency of checking, particularly use frequently occasion in seal.And, seal was used
The data volume produced in journey is larger, is stranded in seal both inconvenient or dangerous.
The content of the invention:
In view of the defect that prior art is present, the invention aims to provide a kind of Mobile Online's tracking verification electronics intelligence
Can seal, electronic signature management system and verification method, the present invention can by development of Mobile Internet technology, CA digital authentication technologies,
Non-contact RF ID tag read technology combines and is combined into traditional seal body (photosensitive marking, rubber print, infiltration print etc.)
Electronic intelligence seal;Electronic signature is combined into traditional trace using non-contact RF ID label, as the carrier of signature information;
And using Mobile Online's management and CA digital authenticatings, realize that the safe handling of the electronic intelligence seal under network supervision and tracking are tested
Card;Time, place and trace during using stamped signature provide and collection as the complete information of collection stamped signature when electronic signature is verified
The consistent multiple spot checking of information, provides the user reliability, the non repudiation of electronic signature and the checking of associated trace
Technical implementation way.
To achieve these goals, the technical scheme is that:
A kind of mobile online tracking verification electronic intelligence seal, including:
Electric supply installation, for providing power supply for device, it is lithium battery power supply device;
Clock circuit, the continuous time for keeping seal internal independence supplies, during ensuring that seal carries out stamped signature operation,
Collect the accurate stamped signature time immediately;
Wireless Internet access module, sets up under ca authentication for the application interface by mobile interchange net mode and service end
Wireless data connection, carry out real time data information exchange;
Electronic signature read write line, for carrying out write operation and read operation to electronic signature;
Touch display screen, realizes the operational control to seal and shows seal operation information and electronic seal in real time for user
The reading writing information of mirror read write line, while aiding in user to realize the handwriting input of character information;
Microprocessor, for performing client application instruction, each unit realizes each correspondence in cooperative control device
Function;
It is characterized in that:Also include
Photo module, for seal when completing write operation and performing upload program, automatically turns on and according to artificial operation
Blot pattern is carried out to take pictures process;I.e. photographing instruction will before upload is carried out automatic;Under exposal model, touch display screen
As view finder, take pictures and be only limitted to blot pattern scope, press shutter and obtain trace picture, by determination key when being satisfied with, picture enters
Enter upload state, screen display upload progress, until completing to upload;
Locating module, after setting up normal connection in start, the module enters working condition, automatic receiving space or
The framing signal of person's network, obtains electronic intelligence seal position data, and is converted into information of place names through internal processes, with label
Chapter information network is uploaded to service end storage in the lump when putting on record;
Memory module, including ROM memory and RAM memory, wherein ROM memory are used to store the letter of persistence
Breath, including initial information that the driver and application program of intelligent seal, seal complete to be pre-installed when making (including seal name
Title, species, examine coding, Production Time etc.);Wherein RAM memory is used to store temporary information, including electronic signature read write line
The signature information or the information being made up of signature information and electronic signature serial number of reading that will be write, and photo module
The pictorial information of generation;
On-line control module, for real-time detection Wireless Internet access module networking state, and according to Wireless Internet access module networking
The working condition of state correspondence control electronic signature read write line;If detecting Wireless Internet access module to network successfully, electronics is opened
Seal read write line;If detect failed Wireless Internet access module networking or disconnection networking, control device disconnects electronic seal
Mirror read write line;
Upload control module, for the execution sequence for controlling electronic intelligence seal write operation to be uploaded with information;That is the module
When electronic signature read write line is in write operation, electronic signature serial number will be first obtained, service end registration is uploaded to, then by reading
Write after device execution write operation, photo module completion picture picked-up, start to perform upload operation instruction;Its order and interior for uploading
Rong Wei:Signature information, information of place names and trace picture;After the upload for receiving service end completes prompting, the module just allows to read
Write device and perform next operational order, otherwise, upload control module prevents the read-write operation of read write line;
And digital encryption authentication module, for performing network C A digital certification functions.
Further, the digital encryption module is encoded to encrypted body and identifies with seal, applies for and be provided with PKI encryption
The private key and digital certificate of system, and the digital root certificate of the service end networked therewith is pre-installed, built in this, as with service end
Unique key of vertical connection;When being connected with the electronic seal database foundation of service end every time, bi-directional digital identity is done first and is recognized
Card, confirms that bi-directional digital certificate is legal, and coupling while holding electronic intelligence seal on this basis in holding and service end
Working condition;Even electronic intelligence seal is reported the loss, then its digital certificate is just appeared among revoke certificates list, when the seal
During connection server, just it is disconnected because digital certificate is invalid, electronic intelligence seal just cannot be introduced into working condition.
The bi-directional digital authentication process includes that being connected bidirectional identification with the online application service interface of service end recognizes
Normal data exchange ciphering process after card process and completion access authentication, it is mainly by digital authenticating encrypting module
Digital certificate, private key and encryption and decryption treatment operation submodule are realized;It implements process:
The device of the electronic intelligence seal is set up connection and is taken to the web-based applications of service end by mobile data network
Business interface sends access request, and the online application service interface of service end generates a random authentication data, and by service end
Digital certificate issues seal device together;Seal device is using the numeral label in preset root certificate decryption service end digital certificate
Name, the certification digital certificate is legal, so as to obtain service end public key;Then, seal device is to the random authentication data that are received
Digital signature is done, then is encrypted with the public key of service end, by the random authentication data after encryption together with institute in seal device
The digital certificate of category together issues service end;After the online application service interface of service end receives the digital certificate of seal device,
I.e. to the certificate revocation list CRL that ca authentication system application is newest, the legitimacy of the seal digital certificate that checking is received is legal
Then obtain its public key;Private key of the service end belonging to is decrypted to the encrypted cipher text for transmitting, and obtains the random of seal device and recognizes
The digital signature of data is demonstrate,proved, the digital signature of the public key decryptions seal device of seal device is reused, what is reduced recognizes at random
Card data, the data of decryption are compared with former data, checking is met when identical and is required;Service end regeneration second is recognized at random
The data are encrypted, and be sent back to seal device by card data with the public key of the seal device;Seal device receives ciphertext
Afterwards, decrypted using built-in affiliated private key, obtain the second random authentication data;Second random authentication data and previous random number
Session key is generated according to by logic XOR, then the bi-directional digital verification process of seal device is completed;Seal device sends
Confirmation message, after the online application service interface of service end receives the confirmation message, generates session key in the same fashion;Complete
The symmetric key exchange process of normal data exchange, the bi-directional digital verification process of service end is completed.
Wherein described service end is described electronic signature application platform, for providing numeral for electronic intelligence seal
Certificate management service, electronic intelligence seal networking bi-directional digital authentication service, electronic seal database storage and data verification
Function.
Further, electronic signature is to accept the signature information carrier for implementing stamped signature operation, and the electronic signature is by RFID
What electronic tag combined with traditional trace and was sealed under traditional trace and constitutes;RFID, is by IC chip, aluminium
What film antenna, insulating barrier and label surface paster were constituted.
The present invention also provides a kind of electronic signature management system, it is characterised in that:Including above-mentioned electronic intelligence seal, electricity
Sub- seal, electronic signature application platform, the electronic signature application platform are alternatively referred to as service end;
Wherein, electronic signature, is that electronic intelligence seal performs the information carrier that stamped signature is operated;
Electronic signature application platform includes:
CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service;
Electronic seal database, for storing electronic signature serial number, signature information, information of place names, trace picture;
Service for checking credentials module, responds for the checking requirement to client, replys and uploads signature information and stock's label
Chapter information comparison result, and additional information of place names and trace picture are downloaded;
Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, will print when handling
Chapter examine coding generates and provides digital certificate and private key as encrypted body distinguishing mark;The service end of module prepackage simultaneously
Digital root certificate.
Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and
Download service is provided.
The electronic signature, is that electronic intelligence seal performs the information carrier that stamped signature is operated;Be by RFID with
Traditional trace is combined, and the label is encapsulated in the stamped signature position of stamped signature part by trace print;RFID, by IC chip, aluminium
Film antenna, insulating barrier composition, by upper and lower two-layer glue parcel, outer layer glue adhesive label facial tissue, bottom glue is pasted with stamped signature part;Outer layer
Label facial tissue be printed on blue fine-structure mesh line, in order to lock the relative position with red trace.
Further, described series electron seal management system also includes:
Mobile phone with NFC function, installs and enables mobile phone proving program for downloading, and can read the label of electronic signature
Chapter information, is shown in Mobile phone screen, and perform upload and authentication function.
The present invention also provides a kind of Mobile Online's tracking verification electronic signature verification method, it is characterised in that:By servicing
Implement the verification operation of electronic signature in end;The client for proposing checking request can be electronic intelligence seal, or NFC hands
Machine;Service end completes proving program and replys the result and provide additional identification information to download, and examine item by item is completed in client more
Card;Specifically include following steps:
(1) signature information collection to be verified and upload:Electronic signature to be verified is read using electronic signature read write line
Serial number and signature information, service is uploaded to using upload control module by the electronic signature serial number and signature information of reading
End;
(2) service end checking:Service end response verification asks open-authentication management module, with the electronic signature of upload sequentially
Number for index, in the electronic seal database at retrieval service end related signature information record, and with upload signature information ratio
It is right, obtain comparison result;
(3) checking is replied:Service end together returns the result together with the information of place names in the former record of retrieval, trace picture
Client is arrived again;
(4) multiple spot checking:Client checks trace, place name, and integrated service end comparison result by vision, draws final
Checking conclusion.
Database data collection storing process of the described electronic signature verification method also including early stage, including following step
Suddenly:
(1) Connection Service end:Electronic intelligence seal is started shooting, and plug-in starts, and client-side program interface passes through on wireless
Net module attempt with serve end program interface set up be connected, this connection procedure include in advance with cellular radio base station data link
Connection or with wideband data link on Wi-Fi hotspot connection, by digital encryption authentication module implement bi-directional digital certificate recognize
Card, realizes secure connection;On-line control module connection electronic signature read write line simultaneously carry out corresponding signature information generation and on
Pass related work;If factor word certificate revocation or other reasons cause network connection to disconnect, on-line control module disconnects
Electronic signature read write line forbids corresponding signature information to generate and information upload simultaneously;
(2) data have been passed completely to detect:After intelligent seal client realizes secure connection with service end, service is completed first
End data is completely detected and just enters normal information exchange state;If the data of service end completely detect that discovery has uploaded data and had scarce
, can immediately to the request of intelligent seal client proposition supplement missing data item, until son intelligence seal client meets wanting
Untill asking;
(3) data acquisition and write operation:When electronic intelligence seal performs write operation, there is data below to gather, register, write
Process alternately occurs:Read write line carries out pre-operation and sets up read-write relation and obtain electronic signature serial number with electronic signature, uploads
The serial number is uploaded to electronic seal database and registered in advance by control module, and clock circuit output time is basic with memory
The signature information is write electronic signature by information fusion into signature information, read write line, and photo module starts, and absorbs trace picture,
Locating module produces position data and switchs to information of place names through program;
(4) data are uploaded and storage:Upload control module performs predetermined upload program, and write operation is completed in seal device
Afterwards, upload function is opened, the order and content of upload are:Signature information, information of place names, trace picture;Complete above- mentioned information
Storage, service end sends upload and completes prompting to intelligent seal client, and the intelligent seal of control is operated into next record.
Described service end includes:
CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service;
Electronic seal database, storage electronic signature serial number, signature information, information of place names, trace picture;
Service for checking credentials module, the checking requirement to client is responded, and is replied and is uploaded signature information with stock's stamped signature letter
Breath comparison result, and additional information of place names and trace picture are downloaded;
Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, will print when handling
Chapter examine coding generates and provides digital certificate and private key as encrypted body distinguishing mark;The service end of module prepackage simultaneously
Digital root certificate.
Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and
Download service is provided.
Compared with prior art, beneficial effects of the present invention are as follows:
The present invention devises the full spectrum information acquisition capacities such as time, position, trace picture that a kind of offer seal is used
Electronic intelligence seal, by way of Mobile Online in seal use provide network supervision, information upload and information completely
Control, it is ensured that electronic intelligence seal uses environment safely and electronic signature tracking verification is rapidly and efficiently serviced;It is attached to electricity simultaneously
The CA digital authenticatings of the PKI encryption system between sub- intelligence seal and electronic signature application platform, establish it is safe, can not support
Bad network environment;First so that any time, the safety guarantee bar in any place are satisfied with the use of electronic intelligence seal
Part, realizes safe efficient, complete anti-counterfeit of seals function;
The present invention realizes comprehensive and perfect seal use information scheme:The information of comprising the time, position, comprising
Electronics, visual signature information, checks mechanism, it is ensured that each stamped signature is remembered by the full storage of electronic signature application platform
Record information completely is intact;
The present invention realizes that electronic signature multiple spot is recognized using electronic signature storage and the combination of service end database purchase
Card;Wherein, signature information is stored in electronic signature first, is uploaded to service end after taking-up again, realizes depositing record ratio with service end original
To checking;Trace picture is first uploaded to service end storage with information of place names, then downloads to client, is verified with visual manner respectively
Trace is consistent, positional is consistent;It is real to realize time and space information, physical print and electronic information, trace and label position
Put the checking of comprehensive association.
Brief description of the drawings
Fig. 1 is mobile online tracking verification electronic intelligence seal composition schematic diagram of the invention;
Fig. 2 is Mobile Online's tracking verification electronic signature management system schematic flow sheet of the invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered
Row is further described.
In view of existing official seal use environment is present, such as seal use information is chaotic, and many safety such as spurious information is spread unchecked is hidden
Suffer from, the present invention, using the links that there may be potential safety hazard of link, has been provided the user a kind of removable from seal
The electronic intelligence seal use environment dynamic, safety on line is used, in such circumstances, can effectively ensure that the reliability that official seal is used
Property, non repudiation.
Official seal is the symbol of right, the promise of interests, the proof of identity;The safe handling of official seal, the proof of non-repudiation
Power depends on providing security context and the technological means that official seal is used.
Official seal is false proof depending on following three elements:Public identity platform (including public's identification terminal), with independent digit
The seal body (being associated comprising the numeral with platform) of identity, the trace carrier of storage signature information.
According to existing CA digital authentication technologies and system, assign electronic intelligence seal and electronic signature management information platform with
Identity-independent in PKI encryption system, including digital certificate and private key, can set up reliable net by bidirectional digital certificate authentication
Network application programming interfaces couple, the official seal safe handling environment under the conditions of realizing online.
Based on above-mentioned purpose, main design idea of the present invention is:By with mobile Internet function, online ca authentication
, seal information device with non-contact RF ID chip read-write capability and traditional seal body (photosensitive marking, rubber print, ooze
Print through etc.) it is combined into an entirety;Using the label of non-contact RF ID chip package as electronic signature, stamped signature e-mail is stored
Breath, and be sealed under traditional trace, it is combined as intelligent trace;Using the electronic signature agrment information system based on mobile Internet
The online management and network C A authentication functions of system, by ad hoc real-time online control module, realize the signature information network storage
Safety on line with official seal is used;And by digital authenticating encrypt set up internet safe information Store, there is provided to user make with
The electronic signature information of reading is compared, and confirms reliability, the non repudiation of electronic signature and associated trace.
Specifically, as shown in figure 1, electronic intelligence seal of the present invention (electronic intelligence seal depends on traditional seal
On body, the electronic intelligence seal client that will be made up of modules is arranged at conjunction photosensitive marking, rubber print, infiltration print etc. and passes
On system seal body) it is made up of following part:
Clock circuit, Wireless Internet access module, electronic signature read write line, touch display screen, microprocessor, memory module,
Line traffic control module, locating module, photo module, upload control module, digital encryption authentication module, electric supply installation --- lithium battery
Deng.
The clock circuit, the continuous time for keeping seal internal independence supplies, to ensure that seal carries out stamped signature behaviour
When making, the accurately stamped signature time is collected immediately, while can also from network obtain temporal information to check and approve local day in networking
Phase and time.
The Wireless Internet access module, including antenna, GPRS/3G Transmit Receive Unit and part etc. application programming interfaces;It is logical
Cross wireless data of the mobile interchange net mode with the application interface foundation of service end under ca authentication to be connected, carry out real time data
Information is exchanged;
The electronic signature read write line, for carrying out write operation and read operation to electronic signature, the conversion of two generic operations,
Can be switched by touch display screen and controlled;It is in online by on-line control module control, only electronic intelligence seal when opening work
Could normal work when under state;Simultaneously electronic signature read write line in read-write operation again with upload control module co-ordination,
Realize writing data by the logical relation specified in seal and read the upload of data;Electronic signature read write line is read with electronic signature every time
Pre-operation is carried out before write operation, is mutually authenticated by three times, all information exchange encryption in case stop signal is intercepted;Read write line is passed through
Cross pre-operation and determine electronic signature upstate, and obtain its serial number.
Photo module, for seal when completing write operation and performing upload program, automatically turns on and according to artificial operation
Blot pattern is carried out to take pictures process;I.e. photographing instruction will before upload is carried out automatic;Under exposal model, touch display screen
As view finder, take pictures and be only limitted to blot pattern scope, press shutter and obtain trace picture, by determination key when being satisfied with, picture enters
Enter upload state, screen display upload progress, until completing to upload.
Locating module, after setting up normal connection in start, the module enters working condition, automatic receiving space or
The framing signal of person's network, obtains electronic intelligence seal position data, and through Program transformation into information of place names, believe with stamped signature
Breath network is uploaded to service end storage in the lump when putting on record;
The microprocessor, for performing client application instruction, each unit is realized respective in cooperative control device
Corresponding function, including networking uploads download function, authentication function, real-time online control read-write capability, signature information collection etc.
Function.
The memory module is made up of ROM and RAM, and ROM is used to storing the information of persistence, including intelligent seal drive
Dynamic program and application program (are such as managed, encrypting and decrypting is managed, RFID read-write management journey comprising network management, signature information
Sequence), seal initial information (including seal title, species, examine coding, Production Time etc.) for pre-installing when completing to make, RAM uses
In storage temporary information, including the signature information that will write of electronic signature read write line or reading by signature information and electronics
The information of seal serial number composition, and the pictorial information that photo module is produced;Signature information, it includes seal electronic information
Electronic signature serial number information that (seal title/species/numbering etc.), stamped signature time, electronic signature read write line are obtained etc..Seal
Coding is the seal unique order code assigned by system when public security is examined, as the mark of seal, can be corresponding with digital certificate,
Encoded by seal and transfer corresponding digital certificate;Label sequence code is that the RFID label tag chip that burning enters when making is unique
Identification code, for recognizing each chip, recognizes each electronic signature, recognizes each signature information for networking;Work as service
During the retrieval signature information of end, with the sequence code as foundation.
The on-line control module, for real-time detection Wireless Internet access module networking state, and according to Wireless Internet access module
The working condition of networking state correspondence control electronic signature read write line is this on-line control module when electronic intelligence seal is started shooting
Initialize installation is carried out, normal operating cycle state can be operated in, its output normality is disconnection;When receiving wireless networking
Module in line index, that is, carry out corresponding connection operation, then return to original state during no marks information;If specific detection
Networked successfully to Wireless Internet access module, online flag information is delivered to on-line control module by Wireless Internet access module, then electronic intelligence
Seal normal work, user opens electronic signature read write line as desired;If it is failed to detect Wireless Internet access module networking,
Control device is in and disconnects electronic signature read write line.
Upload control module, the function of the execution sequence uploaded with information with control electronic intelligence seal write operation;On
Control module is passed when electronic signature read write line is in write operation, electronic signature serial number will be first obtained, service end is uploaded to
Electronic seal database is registered, and after then performing write operation, photo module completion picture acquisition by read write line, starts to perform
Pass operational order;Its order for uploading and content are:Signature information, information of place names and trace picture;Receiving the upper of service end
Pass after completing prompting, the module just allows read write line to perform next operational order, otherwise, upload control module prevents read write line
Read-write operation;
This intelligent seal also includes digital authenticating encrypting module, and the digital encryption module is encoded to encrypted body mark with seal
Know, apply for and be provided with the private key and digital certificate of PKI encryption system, and the digital root card for pre-installing the service end networked therewith
Book, in this, as the unique key coupled with service end foundation;When coupling with the electronic seal database foundation of service end every time,
Ca authentication is done first, confirms that bi-directional digital certificate is legal and basic herein while holding couples with electronic seal database
The working condition of upper holding electronic intelligence seal.Even electronic intelligence seal is reported the loss, then its digital certificate just appears in cancellation card
Among book list, when the seal couples server, just disconnected because digital certificate is invalid, electronic intelligence seal just cannot be introduced into
Working condition.
The bi-directional digital authentication process includes being connected double with the online application service interface of electronic seal database
To the normal data exchange ciphering process after authentication procedures and completion access authentication, it is mainly encrypted by digital authenticating
Digital certificate, private key and encryption and decryption treatment operation submodule in module is realized.
Specifically as shown in Fig. 2 miscellaneous part of the invention and its information flow:
Electronic signature, the signature information that the operational order for carrying according to electronic signature read write line writes, by RFID electricity
Subtab is combined with trace by print envelope, and the electronic tag is that storage card RFID chip is encrypted in a noncontact, by penetrating
Frequency communication interface, security control unit and 8K Bit EEPROM composition.Its safety measure includes:It is mutually authenticated for three times, after certification
Information exchanging process in, all data are encrypted in case stop signal is intercepted, and every sequence number of chip can not uniquely change, often
There is separate cipher controlled one sector, and EEPROM is accessed in transmitting procedure has transmission cryptographic key protection, write once
Enter data to lock immediately, it is impossible to change, encapsulated in electronic tag mode.
Electronic signature application platform, authentication function and CA digital certification functions are managed with electronic signature information Store.Should
Platform is the system for taking into account electronic signature management and intelligent seal CA digital certification functions based on mobile Internet, with only
Vertical third party's identity provides electronic signature information management and seal main body authentication service.The initial generation process of electronic intelligence seal
Including:Seal unit user presses established procedure and completes preparation of official seal and electronic signature reservation;Initialization process is done before dispatching from the factory, is completed
The installation of the operating system and client-side program of intelligent seal, electronic signature will also do encrypted initialization, the intelligence with our unit
Seal pairing is used;Then seal digital certificate registration formality is handled, seal identification code is registered;The digital authenticating of intelligent seal adds
Close module is loaded into digital certificate, private key, encrypting and decrypting program, digital root certificate of service end for networking therewith etc..
The information flow of electronic intelligence seal and electronic signature application platform:
(1) Connection Service end:Electronic intelligence seal connection start, plug-in starts, and client-side program interface is by online
Module attempt with serve end program interface set up be connected, this connection procedure include in advance with cellular radio base station data link company
Connect or with wideband data link on Wi-Fi hotspot connection, by digital encryption authentication module implement bi-directional digital certificate recognize
Card, realizes secure connection;On-line control module connects electronic signature read write line and information generation and the related module of upload is normal
Work;If factor word certificate revocation or other reasons cause network connection to disconnect, on-line control module disconnects electronic signature
Read write line and information generation and the related module of upload forbid work;
(2) data have been passed completely to detect:After client realizes secure connection with service end, service end completes data and completely examines
Survey and just enter normal information exchange state;If the data of service end completely detect that discovery has uploaded data and had a lacuna, can immediately to
Client proposes the request of supplement missing data item, untill client meets requirement;
(3) data acquisition and write operation:Electronic intelligence seal perform write operation when, have data below gather, registration with
Process is write alternately to occur:Read write line carries out pre-operation and sets up read-write relation and obtain electronic signature serial number with electronic signature, on
The serial number is uploaded to electronic seal database and registered in advance by biography control module, the base of clock circuit output time and memory
The signature information that this information fusion is written into signature information and by read write line writes electronic signature, and photo module starts,
Intake trace picture, locating module produces position data and switchs to information of place names through program;
(4) data are uploaded and storage:Predetermined upload program is performed by upload control module into upper arq mode, it is sequentially
Include with content:Signature information, trace picture, information of place names;Above- mentioned information storage is completed, service end sends upload to client
Prompting is completed, system is operated into next record.
(5) checking is started:Display screen checking button is opened, electronic signature to be verified is read using electronic signature read write line
Serial number and signature information, the electronic signature serial number and signature information of reading are uploaded to service using upload control module
End;
(6) service end checking:Service end response verification asks open-authentication management module, with the electronic signature of upload sequentially
Number for index, retrieval electronic seal database in related signature information record, and with upload signature information compare, obtain ratio
To the result;
(7) checking is replied:Service end together returns the result together with the information of place names in the former record of retrieval, trace picture
Client is arrived again.
(8) multiple spot checking:Client by vision check trace, place name, and with service end comparison result synthesis, draw most
Conclusion is demonstrate,proved in final acceptance inspection.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto,
Any one skilled in the art the invention discloses technical scope in, technology according to the present invention scheme and its
Inventive concept is subject to equivalent or change, should all be included within the scope of the present invention.
Claims (10)
1. a kind of mobile online tracking verification electronic intelligence seal, including:
Electric supply installation, for providing power supply for device;
Clock circuit, the continuous time for keeping seal internal independence supplies, during ensuring that seal carries out stamped signature operation, collection
To the instant accurately stamped signature time;
Wireless Internet access module, for the nothing that the application interface by mobile interchange net mode and service end is set up under ca authentication
Line data cube computation, carries out real time data information exchange;
Electronic signature read write line, for carrying out write operation and read operation to electronic signature;
Touch display screen, realizes the operational control to seal and shows that seal operation information and electronic signature are read in real time for user
The reading writing information of device is write, while aiding in user to realize the handwriting input of character information;
Microprocessor, for performing client application instruction, each unit realizes each self-corresponding work(in cooperative control device
Energy;
It is characterized in that:Also include
Photo module, for seal when completing write operation and performing upload program, automatically turns on and manually operation completes trace
Figure is taken pictures extraction process;
Locating module, after setting up normal connection in start, the module enters working condition, automatic receiving space or net
The framing signal of network, obtains electronic intelligence seal position data, and is converted into information of place names through internal processes, believes with stamped signature
Breath network is uploaded to service end storage in the lump when putting on record;
Memory module, including ROM memory and RAM memory, wherein ROM memory are used to store the information of persistence,
Driver and application program including intelligent seal, seal complete the initial information pre-installed when making;Wherein RAM memory is used
In storage temporary information, including electronic signature read write line will write signature information, read by signature information and electronic seal
The pictorial information that the information and photo module of mirror serial number composition are produced;
On-line control module, for real-time detection Wireless Internet access module networking state, and according to Wireless Internet access module networking state
The working condition of correspondence control electronic signature read write line;If detecting Wireless Internet access module to network successfully, electronic signature is opened
Read write line;If detect failed Wireless Internet access module networking or disconnection networking, control device disconnects electronic signature and reads
Write device;
Upload control module, for the execution sequence for controlling electronic intelligence seal write operation to be uploaded with information;I.e. the module is in electricity
When sub- seal read write line is in write operation, electronic signature serial number will be first obtained, service end registration is uploaded to, then by read write line
Perform after write operation, photo module completion picture picked-up, start to perform upload operation instruction;Its order and content for uploading
For:Signature information, information of place names and trace picture;After the upload for receiving service end completes prompting, the module just allows read-write
Device performs next operational order, and otherwise, upload control module prevents the read-write operation of read write line;
And digital encryption authentication module, for performing network C A digital certification functions.
2. electronic intelligence seal according to claim 1, it is characterised in that:The digital encryption module is encoded to seal
Encrypted body is identified, the service end that the private key and digital certificate and prepackage for applying for and being provided with PKI encryption system are networked therewith
Digital root certificate, set up unique key for coupling in this, as with service end;Every time with the electronic seal database of service end
When setting up connection, bi-directional digital authentication is done first, confirm that bi-directional digital certificate is legal, and coupling in holding and service end
Keep the working condition of electronic intelligence seal on this basis simultaneously;Even electronic intelligence seal is reported the loss, then its digital certificate is just
Appear among revoke certificates list, when the seal couples server, be just disconnected because digital certificate is invalid, electronic intelligence
Seal just cannot be introduced into working condition.
3. electronic intelligence seal according to claim 2, it is characterised in that:The bi-directional digital authentication process includes
Bidirectional identity authentication process is connected with the online application service interface of service end and the normal data after access authentication is completed and handed over
Ciphering process is changed, it passes through digital certificate in digital authenticating encrypting module, private key and encryption and decryption treatment operation submodule and realizes;
It implements process:
The device of the electronic intelligence seal is set up connection and is connect to the online application service of service end by mobile data network
Mouthful send access request, the online application service interface of service end generates a random authentication data, and by the numeral of service end
Certificate issues seal device together;Seal device is recognized using the digital signature in preset root certificate decryption service end digital certificate
The digital certificate is demonstrate,proved legal, so as to obtain service end public key;Then, seal device does numeral to the random authentication data for being received
Signature, then be encrypted with the public key of service end, by the random authentication data after encryption together with number affiliated in seal device
Word certificate together issues service end;After the online application service interface of service end receives the digital certificate of seal device, i.e., to CA
The newest certificate revocation list CRL of Verification System application, the legitimacy of the seal digital certificate that checking is received is legal, obtains
Its public key;Private key of the service end belonging to is decrypted to the encrypted cipher text for transmitting, and obtains the random authentication data of seal device
Digital signature, reuse the digital signature of the public key decryptions seal device of seal device, the random authentication data for being reduced,
The data of decryption are compared with former data, checking is met when identical and is required;Service end regenerates the second random authentication data,
The data are encrypted with the public key of the seal device, and are sent back to seal device;After seal device receives ciphertext, utilize
Private key decryption belonging to built-in, obtains the second random authentication data;Second random authentication data pass through with previous random data
Logic XOR generates session key, then the bi-directional digital verification process of seal device is completed;Seal device sends confirmation and disappears
Breath, after the online application service interface of service end receives the confirmation message, generates session key in the same fashion;Complete normal
The symmetric key exchange process of data exchange, the bi-directional digital verification process of service end is completed.
4. electronic intelligence seal according to claim 1, it is characterised in that:Described service end is described electronic seal
Mirror application platform, for recognizing for electronic intelligence seal provides digital certificate management service, electronic intelligence seal networking bi-directional digital
Card service, electronic seal database storage and data verification function.
5. electronic intelligence seal according to claim 1, it is characterised in that:The electronic signature implements stamped signature behaviour to accept
The signature information carrier of work, the electronic signature is that RFID is combined and be sealed under traditional trace with traditional trace
And constitute;RFID, is made up of IC chip, aluminium film antenna, insulating barrier and label surface paster.
6. a kind of electronic signature management system, it is characterised in that:Including electronic signature, electronic signature application platform and above-mentioned power
Profit requires the electronic intelligence seal described in 1-5 any one;
Electronic signature, is that electronic intelligence seal performs the information carrier that stamped signature is operated;
Wherein, electronic signature application platform is service end, and it includes:
CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service;
Electronic seal database, for storing electronic signature serial number, signature information, information of place names, trace picture;
Service for checking credentials module, responds for the checking requirement to client, replys and uploads signature information with stock's stamped signature letter
Breath comparison result, and additional information of place names and trace picture are downloaded;
Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, examines seal when handling
Coding is criticized as encrypted body distinguishing mark, digital certificate and private key is generated and provide;The module pre-installs the number of service end simultaneously
Radical certificate;
Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and provides
Download service.
7. electronic signature management system according to claim 6, it is characterised in that:Described electronic signature management system is also
Including:
Mobile phone with NFC function, installs and enables mobile phone proving program for downloading, and can read the stamped signature letter of electronic signature
Breath, is shown in Mobile phone screen, and perform upload and authentication function.
8. a kind of Mobile Online's tracking verification electronic signature verification method, it is characterised in that:Electronic signature is implemented by service end
Verification operation;Propose that the client of checking request is the electronic intelligence seal described in any one of claim 1-5, or NFC
Mobile phone;Service end completes proving program and replys the result and provide additional identification information to download, and multiple spot is completed in client
Checking;Specifically include following steps:
(1) signature information collection to be verified and upload:The order of electronic signature to be verified is read using electronic signature read write line
Number and signature information, the electronic signature serial number and signature information of reading are uploaded to service end using upload control module;
(2) service end checking:Service end response verification asks open-authentication management module, is with the electronic signature serial number for uploading
Index, the related signature information record in the electronic seal database at retrieval service end, and compared with the signature information for uploading, obtain
Take comparison result;
(3) checking is replied:Together with the information of place names in the former record of retrieval, trace picture be together returned to the result by service end
Client;
(4) multiple spot checking:Client checks trace, place name, and integrated service end comparison result by vision, draws final checking
Conclusion.
9. electronic signature verification method according to claim 8, it is characterised in that:Described electronic signature verification method is also
Database data collection storing process including early stage, comprises the following steps:
(1) Connection Service end:Electronic intelligence seal is started shooting, and plug-in starts, and client-side program interface passes through wireless networking mould
Block is attempted being set up with serve end program interface and is connected, and this connection procedure includes being connected with cellular radio base station data link in advance
Or with wideband data link on Wi-Fi hotspot connection, bidirectional digital certificate authentication is implemented by digital encryption authentication module,
Realize secure connection;On-line control module connection electronic signature read write line carries out corresponding signature information generation and uploads phase simultaneously
The work of pass;If factor word certificate revocation or other reasons cause network connection to disconnect, on-line control module disconnects electronics
Seal read write line forbids corresponding signature information to generate and information upload simultaneously;
(2) data have been passed completely to detect:After intelligent seal client realizes secure connection with service end, service end number is completed first
Just enter normal information exchange state according to complete detection;If the data of service end completely detect that discovery has uploaded data and had lacuna,
The request of supplement missing data item can be proposed to intelligent seal client immediately, until son intelligence seal client meets requirement being
Only;
(3) data acquisition and write operation:When electronic intelligence seal performs write operation, there is data below to gather, register, write process
Alternately occur:Read write line carries out pre-operation and sets up read-write relation and obtain electronic signature serial number with electronic signature, uploads control
The serial number is uploaded to electronic seal database and registered in advance by module, the essential information of clock circuit output time and memory
Signature information is merged into, the signature information is write electronic signature by read write line, and photo module starts, and absorbs trace picture, positioning
Module produces position data and switchs to information of place names through program;
(4) data are uploaded and storage:Upload control module performs predetermined upload program, seal device complete write operation it
Afterwards, upload function is opened, the order and content of upload are:Signature information, information of place names, trace picture;Above- mentioned information is completed to deposit
Storage, service end sends upload and completes prompting to intelligent seal client, and the intelligent seal of control is operated into next record.
10. electronic signature verification method according to claim 8, it is characterised in that:Described service end includes:
CA authentication service module, there is provided each electronic intelligence seal networking bi-directional digital authentication service;
Electronic seal database, for storing electronic signature serial number, signature information, information of place names, trace picture;
Service for checking credentials module, responds for the checking requirement to client, replys and uploads signature information with stock's stamped signature letter
Breath comparison result, and additional information of place names and trace picture are downloaded;
Digital certificate management module, for receiving user's application, fulfils the formality for adding ca authentication system, examines seal when handling
Coding is criticized as encrypted body distinguishing mark, digital certificate and private key is generated and provide;The module pre-installs the number of service end simultaneously
Radical certificate;
Mobile phone proving program pushing module, for responding mobile phone short message instructions, answering mobile phone proving program download address, and provides
Download service.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410508391.8A CN104320252B (en) | 2014-09-26 | 2014-09-26 | A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410508391.8A CN104320252B (en) | 2014-09-26 | 2014-09-26 | A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104320252A CN104320252A (en) | 2015-01-28 |
CN104320252B true CN104320252B (en) | 2017-07-11 |
Family
ID=52375427
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410508391.8A Active CN104320252B (en) | 2014-09-26 | 2014-09-26 | A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104320252B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105303362A (en) * | 2015-09-17 | 2016-02-03 | 哈尔滨工程大学 | Web signature process method based on storage process |
CN106904008B (en) * | 2017-01-21 | 2022-09-06 | 六安宏伟芯片印章制造有限公司 | Intelligent seal impression of convenient management |
CN106904009A (en) * | 2017-04-27 | 2017-06-30 | 尹国华 | A kind of Intelligent anti-counterfeit seal |
CN109325325B (en) * | 2017-08-01 | 2022-04-12 | 群光电能科技股份有限公司 | Digital authentication system |
CN108573296B (en) * | 2018-07-02 | 2024-03-15 | 北京广弘电子信息技术有限公司 | Anti-counterfeiting device, anti-counterfeiting system and anti-counterfeiting method |
CN109263317B (en) * | 2018-08-15 | 2024-03-29 | 甲符御信(北京)科技有限公司 | Stamping method capable of preventing official seal from being forged |
CN111414978B (en) * | 2019-01-07 | 2023-05-30 | 中安网脉(北京)技术股份有限公司 | Entity seal management and control system based on RFID technology |
CN110588194A (en) * | 2019-09-24 | 2019-12-20 | 谭雯轩 | Stamp motion recognition-based official stamp for preventing counterfeit stamp, data system thereof and use method thereof |
CN114077641A (en) * | 2020-08-14 | 2022-02-22 | 支付宝(杭州)信息技术有限公司 | Block chain-based stamping processing method and device |
CN117171158B (en) * | 2023-11-02 | 2024-02-20 | 太一云境技术有限公司 | Service processing system and method based on digital certificate |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101017544A (en) * | 2007-02-15 | 2007-08-15 | 江苏国盾科技实业有限责任公司 | Conflated seal affix authentication method having electronic seal digital certification |
CN101093476A (en) * | 2006-06-21 | 2007-12-26 | 北京书生国际信息技术有限公司 | Method for positioning electronic stamper |
CN103729341A (en) * | 2013-12-31 | 2014-04-16 | 广东数字证书认证中心有限公司 | Method and device for positioning electronic seal and device for obtaining electronic seal |
-
2014
- 2014-09-26 CN CN201410508391.8A patent/CN104320252B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101093476A (en) * | 2006-06-21 | 2007-12-26 | 北京书生国际信息技术有限公司 | Method for positioning electronic stamper |
CN101017544A (en) * | 2007-02-15 | 2007-08-15 | 江苏国盾科技实业有限责任公司 | Conflated seal affix authentication method having electronic seal digital certification |
CN103729341A (en) * | 2013-12-31 | 2014-04-16 | 广东数字证书认证中心有限公司 | Method and device for positioning electronic seal and device for obtaining electronic seal |
Also Published As
Publication number | Publication date |
---|---|
CN104320252A (en) | 2015-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104320252B (en) | A kind of mobile online tracking verification electronic intelligence seal, electronic signature management system and verification method | |
CN104320251B (en) | A kind of offline seal information device, electronic signature management system and authentication method for using on-line authentication | |
CN101419657B (en) | Method for secure personalisation of an nfc chipset | |
CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
CN101589400B (en) | Right management method, its system, server device used in the system, and information device terminal | |
CN104380655B (en) | The mechanism of revocation status of certificate checking is carried out on constrained devices | |
CN103067914A (en) | Mobile trusted platform (mtp) existing on wtru | |
CN103339975A (en) | Method for exporting on a secure server data comprised on a UlCC comprised in a terminal | |
CN101656960A (en) | Point-to-point communication method based on near field communication and near field communication device | |
CN101167298A (en) | Method and device for accessing a sim card housed in a mobile terminal | |
CN101978675A (en) | System and method for securely issuing subscription credentials to communication devices | |
CN101667257B (en) | smart card for wireless card writing, wireless card writing server and method | |
US9208455B2 (en) | Wireless terminal device, communication system, and control method of wireless terminal device | |
CN102026180A (en) | M2M transmission control method, device and system | |
CN103457724B (en) | Method and system for point-to-point data safe transmission | |
CN108476223A (en) | The method and apparatus of the certification based on SIM for non-SIM device | |
CN102611694A (en) | Handheld terminal, system and battery information processing method thereof | |
AU2002365333A1 (en) | Method for registering and enabling pki functionalities | |
CN103400184B (en) | A kind of SIM, mobile terminal, system and recognition methods thereof | |
CN206601734U (en) | Transaction data processing terminal and system based on coded image | |
CN106027250A (en) | Identity card information safety transmission method and system | |
CN106452516A (en) | NFC security system for logistics distribution system | |
CN106027249B (en) | Identity card card reading method and system | |
CN106027457A (en) | Identity card information transmission method and system | |
CN106156677A (en) | Identity card card reading method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |