CN104618107B

CN104618107B - digital signature method and system

Info

Publication number: CN104618107B
Application number: CN201410849952.0A
Authority: CN
Inventors: 廖卫民; 张永强; 汪毅; 刘
Original assignee: Age Of Security Polytron Technologies Inc; Guangdong Authentication Technology Co Ltd
Current assignee: Age Of Security Polytron Technologies Inc; Guangdong Authentication Technology Co Ltd
Priority date: 2014-12-29
Filing date: 2014-12-29
Publication date: 2018-09-14
Anticipated expiration: 2034-12-29
Also published as: CN104618107A

Abstract

The invention discloses a kind of digital signature method and system, the method includes：Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document；Receive the identity information of the user to be signed；The cryptographic Hash of the identity information and the pdf document is sent to signature end；Receive identity information cryptographic Hash, IBE signing messages and IBE public keys that the signature end is generated according to the cryptographic Hash of the identity information and the pdf document；The identity information cryptographic Hash, the IBE signing messages and the IBE public keys are written to the signature field of the pdf document, complete digital signature.Implement the present invention, digital signature can be realized without issuing digital certificate to user, simple operation, signature are efficient, generate real-time IBE keys according to the identity information of user, it is difficult to forge, can reduce security risk and digital signature cost.

Description

Digital signature method and system

【Technical field】

The present invention relates to electronic signature technology fields, more particularly to a kind of digital signature method and system.

【Background technology】

With the release of law of electronic signature, many industries are digitally signed extensively using digital certificate.But in certain fields Scape is signed by digital certificate, still remains difficulty.Such as in insurance industry, insurance person is that user signs confirmation form of insuring, User's handwritten signature is needed, if under this scene, is signed using digital certificate, then is needed to believable CA mechanisms application number Certificate is issued digital certificate for user, is then digitally signed again.

And the process operation of certificate authority is complicated, it is long to take.It carries out also needing input PIN code when digital certificate is signed, After certificate expired, certificate update etc. is also carried out, operation is more complicated.In addition, being digitally signed using digital certificate, just must So it is related to private key for user problem.Certificate is hard certificate (being stored in hardware medium) or soft certificate (being stored with document form), is made It is safe it to be digitally signed comparison with hard certificate, but above-mentioned scene, is difficult to each user and provides a hard certificate.Existing solution Certainly scheme is all and the private key of soft certificate by the way of soft certificate, uses common equipment (the included shifting of insurance person's selling insurance Dynamic equipment is known as common equipment) carrying out signature, there are larger security risks.

Therefore, it is digitally signed by existing digital signature technology in public's type scene of above-mentioned similar insurance industry When operate it is complicated, take it is more, safety is low.

【Invention content】

Based on this, it is necessary to be operated when being digitally signed by existing digital signature technology for public's type scene numerous It is multiple, take the problem more, safety is low, a kind of digital signature method and system are provided.

A kind of digital signature method, includes the following steps：

Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document；

Receive the identity information of the user to be signed；

The cryptographic Hash of the identity information and the pdf document is sent to signature end；

Receive the identity information Hash that the signature end is generated according to the cryptographic Hash of the identity information and the pdf document Value, IBE signing messages and IBE public keys；

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys The signature field of the pdf document is written, completes digital signature.

A kind of digital signature system, including：

PDF preprocessing modules, the Hash for obtaining pdf document corresponding with user to be signed and the pdf document Value；

Identity information receiving module, the identity information for receiving the user to be signed；

Sending module, for sending the cryptographic Hash of the identity information and the pdf document to signature end；

Signing messages receiving module, the Kazakhstan for receiving the signature end according to the identity information and the pdf document Identity information cryptographic Hash, IBE signing messages and the IBE public keys that uncommon value generates；

Digital Signature module, for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE to sign The signature field of the pdf document is written in information and the IBE public keys, completes digital signature.

Above-mentioned digital signature method and system, by obtaining pdf document corresponding with user to be signed and PDF texts The cryptographic Hash of part receives the identity information of the user to be signed, by the cryptographic Hash of the pdf document, signature end according to Institute is written in identity information cryptographic Hash, IBE signing messages and the IBE public keys that the cryptographic Hash of identity information and the pdf document generates Digital signature can be realized without issuing digital certificate to user in the signature field for stating pdf document, and simple operation, signature are efficient, IBE keys are generated according to the identity information of user, it is difficult to be forged, can be reduced the security risk of common equipment digital signature.In addition, IBE key pairs are generated in real time, without issuing key and safeguarding the Light Directory Access Protocol and online certificate status in PKI system Agreement etc. significantly reduces digital signature cost.

A kind of digital signature method, includes the following steps：

Receive the identity information for the user to be signed that PDF processing ends are sent and PDF corresponding with the user to be signed The cryptographic Hash of file；

Hash calculation is carried out to the identity information, generates identity information cryptographic Hash；

Enter ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs；

Signature calculation is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs, generates IBE Signing messages；

The identity information cryptographic Hash, the institute of the signature field for the pdf document to be written are sent to the processing ends PDF The IBE public keys of IBE signing messages and the IBE cipher key pairs are stated, so that digital signature is completed in the processing ends PDF.

A kind of digital signature system, including：

Receiving module, for receive the processing ends PDF transmission user to be signed identity information and with it is described to be signed The cryptographic Hash of the corresponding pdf document of user；

Hash calculation module generates identity information cryptographic Hash for carrying out Hash calculation to the identity information；

IBE key pair modules, for using the identity information cryptographic Hash as the ginseng that enters of IBE key pair generating algorithms, life At IBE key pairs；

IBE signing messages modules, for the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document Signature calculation is carried out, IBE signing messages is generated；

Signing messages sending module, for sending the signature field for the pdf document to be written to the processing ends PDF The IBE public keys of the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, so that the PDF processing Complete digital signature in end.

Above-mentioned digital signature method and system, according to the identity information for receiving the user to be signed that PDF processing ends are sent with And the cryptographic Hash of pdf document corresponding with the user to be signed, generate identity information cryptographic Hash, IBE key pairs and IBE signatures Information；And the identity information cryptographic Hash, the institute of the signature field for the pdf document to be written are sent to the processing ends PDF The IBE public keys of IBE signing messages and the IBE cipher key pairs are stated, so that digital signature is completed in the processing ends PDF.Without to User issues digital certificate and digital signature can be realized, and simple operation, signature are efficient, are generated according to the identity information of user IBE keys, it is difficult to forge, the security risk of common equipment digital signature can be reduced.In addition, generating IBE key pairs in real time, it is not necessarily to It issues key and safeguards Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, significantly reduce number Word signature cost.

A kind of digital signature method, includes the following steps：

Receive the identity information of the user to be signed；

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE keys The signature field of the pdf document is written in the IBE public keys of centering, completes digital signature.

A kind of digital signature system, including：

Digital Signature module, for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE to sign The signature field of the pdf document is written in the IBE public keys of information and the IBE cipher key pairs, completes digital signature.

Above-mentioned digital signature method and system, by obtaining pdf document corresponding with user to be signed and PDF texts The cryptographic Hash of part receives the identity information of the user to be signed, the Kazakhstan according to the identity information and with the pdf document Uncommon value, generates identity information cryptographic Hash, IBE key pairs and IBE signing messages；By the cryptographic Hash of the pdf document, the body of generation The signature field of the pdf document is written in part information cryptographic Hash, IBE signing messages and IBE public keys, without issuing digital card to user Digital signature can be realized in book, and simple operation, signature are efficient, generates IBE keys according to the identity information of user, it is difficult to pseudo- It makes, the security risk of common equipment digital signature can be reduced.In addition, IBE key pairs are generated in real time, without issuing key and maintenance Light Directory Access Protocol and online certificate status protocol in PKI system etc. significantly reduce digital signature cost.And it can The interaction for saving the processing ends PDF and end of signing, convenient for deployment.

【Description of the drawings】

Fig. 1 is the structural schematic diagram of the first implementation environment of the digital signature method of the embodiment of the present invention；

Fig. 2 is the flow diagram of digital signature method first embodiment of the present invention；

Fig. 3 is the structural schematic diagram of digital signature system first embodiment of the present invention；

Fig. 4 is the flow diagram of digital signature method second embodiment of the present invention；

Fig. 5 is the structural schematic diagram of digital signature system second embodiment of the present invention；

Fig. 6 is the structural schematic diagram of the second implementation environment of the digital signature method of the embodiment of the present invention；

Fig. 7 is the flow diagram of digital signature method third embodiment of the present invention；

Fig. 8 is the structural schematic diagram of digital signature system third embodiment of the present invention.

【Specific implementation mode】

To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into One step it is described in detail.

Although the step in the present invention is arranged with label, it is not used to limit the precedence of step, unless Based on the execution of the order or certain step that specify step needs other steps, otherwise the relative rank of step is It is adjustable.

Referring to Fig. 1, Fig. 1 is the structural schematic diagram of the first implementation environment of the digital signature method of the embodiment of the present invention.

Digital signature described in section Example or embodiment of first implementation environment shown in Fig. 1 for realizing the present invention Method, including ustomer premises access equipment 120, the processing ends PDF 140 and signature end 160, the ustomer premises access equipment 120 and the processing ends PDF 140 are connected by wireless network or cable network, and the processing ends PDF 140 can be connected with signature end 160 by Intranet.

Wherein, ustomer premises access equipment 120 may include smart mobile phone, desktop computer, notebook, personal digital assistant, tablet computer At least one of equal terminal devices are installed with essential information for acquiring user to be signed and identity information and PDF moulds The application program of panel sign.The processing ends PDF 140 may include the server for being deployed with PDF support systems.Signature end 160 may include It is deployed with Identity based encryption (Identity Based Encryption, IBE) system, further can also be deployed with other Asymmetric arithmetic signature system, such as RSA Algorithm signature system.

The processing ends PDF 140, can by network receive ustomer premises access equipment 120 acquire user to be signed essential information and The Kazakhstan of pdf document and the pdf document is called according to the information of reception or generated in real time to identity information and PDF template identifications Uncommon value, and sent the cryptographic Hash of the pdf document and the identity information to signature end 160 by network.

Signature end 160 can generate identity information according to the cryptographic Hash of the pdf document of reception and the identity information and breathe out Uncommon value, IBE signing messages and IBE public keys, and sent to the processing ends PDF 140.

Further, signature end 160 can also carry out the cryptographic Hash of the pdf document by preset RSA Algorithm private key Signature calculation generates RSA signature information, is sent to the processing ends PDF 140.Signature end 140, by the identity information cryptographic Hash, institute It states IBE signing messages and the signature field of the pdf document is written in the IBE public keys, complete digital signature.Further can also it incite somebody to action With the identity information cryptographic Hash, the pdf document of the IBE signing messages, the RSA signature information and the IBE public keys It is sent to ustomer premises access equipment 120, the pdf document after completing digital signature or further verification number label is shown to user to be signed The information added in the signature field of pdf document after name.

Preferably, RSA signature information is also can receive, and the signature field of ODF files is written.

Wherein, the processing ends PDF 140 and signature end 160 can independently be deployed in the service system using enterprise or unit In, it can be used for enterprise or unit with cloud mode.

This implementation environment, can make digital signing operations it is more convenient, signature it is efficient, given birth in real time according to the identity information of user At IBE keys, it is difficult to forge, the security risk of common equipment digital signature can be reduced, and IBE private keys only use once, generate IBE signing messages destroys the IBE private keys, can further decrease the security risk of common equipment digital signature.In addition, in real time IBE key pairs are generated, without issuing key and safeguarding the Light Directory Access Protocol and online certificate status protocol in PKI system Deng significantly reducing digital signature cost.

Referring to Fig. 2, the flow diagram of Fig. 2 digital signature method first embodiments of the present invention.

Digital signature method described in present embodiment runs on the processing ends PDF, it may include following steps：

Step S201 obtains the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document.

Step S202 receives the identity information of the user to be signed.

Step S203 sends the cryptographic Hash of the identity information and the pdf document to signature end.

Step S204 receives the body that the signature end is generated according to the cryptographic Hash of the identity information and the pdf document Part information cryptographic Hash, IBE signing messages and IBE public keys.

Step S205, by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and institute The signature field that the pdf document is written in IBE public keys is stated, digital signature is completed.

Present embodiment, by obtaining the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document, The identity information for receiving the user to be signed, by the cryptographic Hash of the pdf document, signature end according to the identity information and institute The label of the pdf document are written in identity information cryptographic Hash, IBE signing messages and the IBE public keys for stating the cryptographic Hash generation of pdf document Digital signature can be realized without issuing digital certificate to user in name domain, and simple operation, signature are efficient, according to the body of user Part information generates IBE keys and is difficult to forge, and can reduce the security risk of common equipment digital signature.In addition, it is close to generate IBE in real time Key pair, without issuing key and safeguarding Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, greatly Reduce digital signature cost.

Wherein, for step S201, it is preferable that the user to be signed can be insurance industry personnel to be insured, and also may be used Can also be the client of other industry and field for the patient of hospital's state of an illness information to be confirmed.It is waited for described in the pdf document It signs the essential information of user, the essential information may include the name of the user to be signed, address, phone or need user The other information of Signature Confirmation, the other information may include insuring insurance information that user thrown, the case history of patient or other Trade information.

Preferably, the Hash of pdf document and the pdf document that the corresponding user to be signed prestores can directly be transferred Value.Can also the pdf document be generated according to PDF template identifications and the essential information of the user to be signed in real time, according to real-time The pdf document of generation generates the cryptographic Hash of the pdf document in real time.

In one embodiment, the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document is obtained Step is further comprising the steps of：

Receive the essential information and PDF template identifications of the user to be signed.

Search the PDF filling templates of storage corresponding with the PDF template identifications.

The corresponding position that the essential information is written to the PDF filling templates, generates the pdf document.

Hash calculation is carried out to the pdf document, generates the cryptographic Hash of the pdf document.

Wherein, the essential information and PDF template identifications of the user to be signed can be sent by ustomer premises access equipment, the user End equipment could be an upwardly facing the mobile terminal of user to be signed.The ustomer premises access equipment receives the basic letter of the user to be signed of input Breath and the PDF template identifications (as numbered) for needing the PDF templates called, the information of reception is sent to the processing ends PDF.Can first by Essential information is assembled into XML data file, then by the HML data file transitions of assembling is byte arrays to the processing ends PDF It sends.

Preferably, Hash calculation can be carried out to the pdf document by hash algorithm customary in the art.

In another embodiment, the essential information is written to the corresponding position of the PDF filling templates, described in generation The step of pdf document, is further comprising the steps of：

The corresponding position that the essential information is written to the PDF filling templates generates editable PDF templates.

The editable PDF templates are sent to ustomer premises access equipment, so that the ustomer premises access equipment is according to preset remarks Information, into edlin, generates pdf document to the pdf document.

Receive the pdf document that the ustomer premises access equipment is sent.

The present embodiment generates pdf document, it can be ensured that the added information of pdf document has by being interacted with ustomer premises access equipment Effect property and accuracy.

Wherein, the preset remark information can be ustomer premises access equipment in the basic letter for receiving the user to be signed After the step of breath and PDF template identifications, collected user information or application message.

For step S202, it is preferable that the identity information includes the picture of the handwritten signature of the user to be signed, institute In the voice data for stating the finger print data of user to be signed, the face-image of the user to be signed and the user to be signed It is at least one.The identity information can also be the video data of the image containing the user to be signed.

Further, it may include timestamp in the identity information, the acquisition for characterizing identity information or entry time.

For step S203, the PDF can be sent to the signature end after the cryptographic Hash for getting the pdf document The cryptographic Hash of file sends the identity information to the signature end again receiving the identity information.

For step S204, the IBE signing messages can be IBE signature values.When the identity information includes timestamp When, the temporal information that the signature end is extracted from the identity information is also can receive, is when signing with the temporal information of reception Between.

For step S205, the label of the pdf document can be written into after the cryptographic Hash for getting the pdf document Name domain.After receiving the identity information cryptographic Hash, the IBE signing messages and the IBE public keys, then the PDF is written The signature field of file.

Preferably, the signature region of various information is preset in the signature field.

In one embodiment, it signs by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE It is further comprising the steps of before the step of signature field of the pdf document is written in information and the IBE public keys：

It receives the signature end and signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key The RSA signature information generated；

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys The step of signature field of the pdf document is written is further comprising the steps of：

By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, IBE signatures The signature field of the pdf document is written in information and the IBE public keys.

Preferably, the RSA signature information can be RSA signature value.

In other embodiments, signature end can also be by other asymmetric arithmetic private keys to the cryptographic Hash of the pdf document Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic is such as：DSA signature algorithm, ECC signature algorithms etc..

In one embodiment, by the identity information cryptographic Hash, the IBE signing messages, the RSA signature information and It is further comprising the steps of after the step of signature field of the pdf document is written in the IBE public keys：

It sends to ustomer premises access equipment and believes with the identity information cryptographic Hash, the IBE signing messages, the RSA signature The pdf document of breath and the IBE public keys.

The present embodiment can be shown to user to be signed with the identity information cryptographic Hash, described by ustomer premises access equipment The pdf document of IBE signing messages, the RSA signature information and the IBE public keys.

Further, the ustomer premises access equipment can be to the identity information cryptographic Hash, the IBE signing messages, institute The pdf document for stating RSA signature information and the IBE public keys is further verified, it is ensured that the correctness of digital signature.

Referring to Fig. 3, the structural schematic diagram of Fig. 3 digital signature system first embodiments of the present invention.

Digital signature system described in present embodiment is deployed in the processing ends PDF, it may include PDF preprocessing modules 1010, Identity information receiving module 1020, sending module 1030, signing messages receiving module 1040 and Digital Signature module 1050, In：

PDF preprocessing modules 1010, for obtaining pdf document corresponding with user to be signed and the pdf document Cryptographic Hash.

Identity information receiving module 1020, the identity information for receiving the user to be signed.

Sending module 1030, for sending the cryptographic Hash of the identity information and the pdf document to signature end.

Signing messages receiving module 1040, for receiving the signature end according to the identity information and the pdf document Cryptographic Hash generate identity information cryptographic Hash, IBE signing messages and IBE public keys.

Digital Signature module 1050 is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE The signature field of the pdf document is written in signing messages and the IBE public keys, completes digital signature.

Wherein, for PDF preprocessing modules 1010, it is preferable that the user to be signed can be that insurance industry is to be insured The patient of personnel or hospital state of an illness information to be confirmed can also be the client of other industry and field.The essential information can Name, address, phone including the user to be signed or the other information for needing user's signature to confirm, the other information can The case history or other industry information of the insurance information, patient thrown including the user that insures.

In one embodiment, PDF preprocessing modules 1010 may also include template identification receiving module, template searches mould Block, information add module and hash module, wherein：

The template identification receiving module is used to receive the essential information and PDF template identifications of the user to be signed.

The template searching module is used to search the PDF filling templates of storage corresponding with the PDF template identifications.

Described information add module is used to be written the essential information corresponding position of the PDF filling templates, generates The pdf document.

The hash module is used to carry out Hash calculation to the pdf document, generates the cryptographic Hash of the pdf document.

The present embodiment, by the essential information of user to be signed described in real-time reception and PDF template identifications, described in generation The cryptographic Hash of pdf document and the pdf document, it is ensured that the real-time effectiveness of data.

In another embodiment, described information add module can also be used to fill out the essential information write-in PDF The corresponding position of mold filling plate generates editable PDF templates.The editable PDF templates are sent to ustomer premises access equipment, so that The ustomer premises access equipment according to preset remark information to the pdf document into edlin, generate pdf document.Receive the use The pdf document that family end equipment is sent.

For identity information receiving module 1020, it is preferable that the identity information includes the hand-written of the user to be signed The picture of signature, the finger print data of the user to be signed, the face-image of the user to be signed and the user to be signed At least one of voice data.The identity information can also be the video data of the image containing the user to be signed.

For sending module 1030, institute can be sent to the signature end after the cryptographic Hash for getting the pdf document The cryptographic Hash for stating pdf document sends the identity information to the signature end again receiving the identity information.

For signing messages receiving module 1040, when the identity information includes timestamp, the label are also can receive The temporal information that name end is extracted from the identity information is the signature time with the temporal information of reception.

For Digital Signature module 1050, the PDF can be written into after the cryptographic Hash for getting the pdf document The signature field of file.After receiving the identity information cryptographic Hash, the IBE signing messages and the IBE public keys, then be written The signature field of the pdf document.

In one embodiment, signing messages receiving module 1040 can also be used to receiving the signature end pass through it is preset RSA Algorithm private key carries out the cryptographic Hash of the pdf document RSA signature information that signature calculation is generated；Digital Signature module 1050 are additionally operable to the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, IBE label The signature field of the pdf document is written in name information and the IBE public keys.

Preferably, the RSA signature information can be RSA signature value

In one embodiment, it may also include pdf document sending module, for being sent to ustomer premises access equipment with the body Part information cryptographic Hash, the pdf document of the IBE signing messages, the RSA signature information and the IBE public keys.

Referring to Fig. 4, the flow diagram of Fig. 4 digital signature method second embodiments of the present invention.

Digital signature method described in present embodiment runs on signature end, it may include following steps：

Step S401, receive the user to be signed that PDF processing ends are sent identity information and with the user to be signed The cryptographic Hash of corresponding pdf document.

Step S402 carries out Hash calculation to the identity information, generates identity information cryptographic Hash.

Step S403 enters ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE keys It is right.

Step S404 carries out signature meter by the IBE private keys of the IBE cipher key pairs to the cryptographic Hash of the pdf document It calculates, generates IBE signing messages.

Step S405 sends the identity information of the signature field for the pdf document to be written to the processing ends PDF The IBE public keys of cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, so that number label are completed in the processing ends PDF Name.

Present embodiment waits signing according to the identity information for receiving the user to be signed that the processing ends PDF are sent and with described The cryptographic Hash of the corresponding pdf document of name user, generates identity information cryptographic Hash, IBE key pairs and IBE signing messages；And to institute State the identity information cryptographic Hash of signature field of the processing ends the PDF transmission for the pdf document to be written, the IBE A.L.S.s The IBE public keys of breath and the IBE cipher key pairs, so that digital signature is completed in the processing ends PDF.Without issuing number to user Digital signature can be realized in certificate, and simple operation, signature are efficient, generates IBE keys according to the identity information of user, it is difficult to pseudo- It makes, the security risk of common equipment digital signature can be reduced.In addition, IBE key pairs are generated in real time, without issuing key and maintenance Light Directory Access Protocol and online certificate status protocol in PKI system etc. significantly reduce digital signature cost.

Wherein, for step S401, the user to be signed, the pdf document, the cryptographic Hash of pdf document, the identity Information and the essential information are identical as the relevant art feature in digital signature method first embodiment shown in Fig. 2.

For step S402, Hash calculation can be carried out to the identity information by hash algorithm customary in the art.Such as SHA1, SHA256, SHA512 scheduling algorithm.

It, can be by IBE key pair generating algorithms customary in the art, by the identity information cryptographic Hash for step S403 Enter ginseng as IBE key pair generating algorithms, generates IBE key pairs.

In one embodiment, the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document into It is further comprising the steps of after the step of row signature calculation, generation IBE signing messages：

Destroy the IBE private keys.

The present embodiment, IBE private keys only use once, generate IBE signing messages, destroy the IBE private keys, can further drop The security risk of low common equipment digital signature.

For step S404, IBE signature algorithms customary in the art can be used in the signature calculation.

For step S405, when the identity information includes timestamp, before sending information to the processing ends PDF, It is signing messages that the corresponding temporal information of extraction time stamp can be crossed from the identity information.Information is being sent to the processing ends PDF When transmit.

In one embodiment, it is sent to the processing ends PDF for being written described in the signature field of the pdf document Further include following before the step of IBE public keys of identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs Step：

Signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key, generates RSA signature letter Breath.

The identity information cryptographic Hash, the institute of the signature field for the pdf document to be written are sent to the processing ends PDF The step of stating the IBE public keys of IBE signing messages and the IBE cipher key pairs is further comprising the steps of：

The RSA signature information, described of signature field for the pdf document to be written is sent to the processing ends PDF The IBE public keys of identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs.

Preferably, (1977, three digit scholar Rivest, Shamir and Adleman were designed the preset RSA Algorithm A kind of algorithm) private key can be stored in encryption device.

It further, can also be by the private key of asymmetric arithmetic pair customary in the art to the cryptographic Hash of the pdf document Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic such as DSA signature algorithm, ECC signature algorithms etc..

Further, the identity letter of the signature field for the pdf document to be written is sent to the processing ends PDF After the IBE public keys for ceasing cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, the identity information is stored at signature end The IBE public keys of cryptographic Hash, the IBE signing messages, the RSA signature information and the IBE cipher key pairs.

Referring to Fig. 5, the structural schematic diagram of Fig. 5 digital signature system second embodiments of the present invention.

Digital signature system described in present embodiment is deployed in signature end, it may include receiving module 2010, Hash calculation Module 2020, IBE key pairs module 2030, IBE signing messages module 2040 and signing messages sending module 2050, wherein：

Receiving module 2010, the identity information of the user to be signed for receiving the transmission of the processing ends PDF and is waited for described The cryptographic Hash for the corresponding pdf document of user of signing.

Hash calculation module 2020 generates identity information cryptographic Hash for carrying out Hash calculation to the identity information.

IBE key pairs module 2030, for using identity information cryptographic Hash the entering as IBE key pair generating algorithms Ginseng generates IBE key pairs.

IBE signing messages module 2040, for the IBE private keys by the IBE cipher key pairs to the Kazakhstan of the pdf document Uncommon value carries out signature calculation, generates IBE signing messages.

Signing messages sending module 2050, for sending the signature for the pdf document to be written to the processing ends PDF The identity information cryptographic Hash in domain, the IBE public keys of the IBE signing messages and the IBE cipher key pairs, so that the PDF Complete digital signature in processing end.

Present embodiment waits signing according to the identity information for receiving the user to be signed that the processing ends PDF are sent and with described The cryptographic Hash of the corresponding pdf document of name user, generates identity information cryptographic Hash, IBE key pairs and IBE signing messages；And to institute State the identity information cryptographic Hash of signature field of the processing ends the PDF transmission for the pdf document to be written, the IBE A.L.S.s The IBE public keys of breath and the IBE cipher key pairs, so that digital signature is completed in the processing ends PDF.Without issuing number to user Digital signature can be realized in certificate, and simple operation, signature are efficient, generates IBE keys according to the identity information of user, it is difficult to pseudo- It makes, the security risk of common equipment digital signature can be reduced in addition, IBE key pairs are generated in real time, without issuing key and maintenance Light Directory Access Protocol and online certificate status protocol in PKI system etc. significantly reduce digital signature cost.

Wherein, the user to be signed, the pdf document, the cryptographic Hash of pdf document, described for receiving module 2010 Identity information and the essential information and the relevant art feature phase in digital signature method first embodiment shown in Fig. 2 Together.

For Hash calculation module 2020, Hash can be carried out to the identity information by hash algorithm customary in the art It calculates.It, can be by IBE key pair generating algorithms customary in the art, by the identity information for IBE key pairs module 2030 Cryptographic Hash enters ginseng as IBE key pair generating algorithms, generates IBE key pairs.

For IBE signing messages module 2040, IBE signature algorithms customary in the art can be used in the signature calculation.

In one embodiment, IBE signing messages module 2040 is additionally operable to destroy the IBE private keys.

For signing messages sending module 2050, when the identity information includes timestamp, sent out to the processing ends PDF It delivers letters before breath, it is signing messages that the corresponding temporal information of extraction time stamp can be crossed from the identity information.To PDF processing End transmits when sending information.

In one embodiment, digital signature system of the invention may also include RSA signature information module, for by pre- If RSA Algorithm private key signature calculation is carried out to the cryptographic Hash of the pdf document, generate RSA signature information.Signing messages is sent Module 2050 can also be used to send the RSA signature letter of the signature field for the pdf document to be written to the processing ends PDF The IBE public keys of breath, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs.

Referring to Fig. 6, Fig. 6 is the structural schematic diagram of the second implementation environment of the digital signature method of the embodiment of the present invention.

Digital signature described in section Example or embodiment of second implementation environment shown in Fig. 6 for realizing the present invention Method, including ustomer premises access equipment 220 and the signature server 240 based on PDF, the ustomer premises access equipment 220 and the label based on PDF Name server 240 is connected by wireless network or cable network.

Wherein, ustomer premises access equipment 220 may include smart mobile phone, desktop computer, notebook, personal digital assistant, tablet computer At least one of equal terminal devices are installed with essential information for acquiring user to be signed and identity information and PDF moulds The application program of panel sign.Signature server 240 based on PDF can be deployed with PDF support systems, Identity based encryption (Identity Based Encryption, IBE) system, further may also include RSA Algorithm system.

Signature server 240 based on PDF can receive the user's to be signed that ustomer premises access equipment 220 acquires by network Pdf document and described is called according to the information of reception or generated in real time to essential information and identity information and PDF template identifications The cryptographic Hash of pdf document, cryptographic Hash and the identity information further according to the pdf document generate identity information cryptographic Hash, IBE Signing messages and IBE public keys, and will be described in the write-in of the identity information cryptographic Hash, the IBE signing messages and the IBE public keys The signature field of pdf document completes digital signature.

The signature server 240 for being preferably based on PDF can also be by preset RSA Algorithm private key to the pdf document Cryptographic Hash carries out signature calculation, generates RSA signature information.And the RSA signature information is written to the signature of the pdf document Domain.

Further, the signature server 240 based on PDF can also will be with the RSA signature information, the identity information The pdf document of cryptographic Hash, the IBE signing messages and the IBE public keys is sent to ustomer premises access equipment 220, to user to be signed The letter added in the signature field of the pdf document after pdf document or further verification digital signature after displaying completion digital signature Breath.

This implementation environment, can make digital signing operations it is more convenient, signature it is efficient, given birth in real time according to the identity information of user At IBE keys, it is difficult to forge, the security risk of common equipment digital signature can be reduced.In addition, generating IBE key pairs, nothing in real time Key need to be issued and safeguard Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, significantly reduced Digital signature cost.And the interaction of the processing ends PDF and end of signing can be saved, convenient for deployment.

Referring to Fig. 7, the flow diagram of Fig. 7 digital signature method third embodiments of the present invention.

Digital signature method described in present embodiment runs on the signature server based on PDF, it may include following step Suddenly：

Step S701 obtains the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document.

Step S702 receives the identity information of the user to be signed.

Step S703 carries out Hash calculation to the identity information, generates identity information cryptographic Hash.

Step S704 enters ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE keys It is right.

Step S705 carries out signature meter by the IBE private keys of the IBE cipher key pairs to the cryptographic Hash of the pdf document It calculates, generates IBE signing messages.

Step S706, by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and institute The signature field of the pdf document is written in the IBE public keys for stating IBE cipher key pairs, completes digital signature.

Present embodiment, by obtaining the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document, The identity information of the user to be signed is received, the cryptographic Hash according to the identity information and with the pdf document generates body Part information cryptographic Hash, IBE key pairs and IBE signing messages；By the cryptographic Hash of the pdf document, the identity information Hash of generation The signature field of the pdf document is written in value, IBE signing messages and IBE public keys, can be realized without issuing digital certificate to user Digital signature, simple operation, signature are efficient, generate IBE keys according to the identity information of user, it is difficult to forge, can reduce public affairs The security risk of apparatus figure signature altogether.In addition, IBE key pairs are generated in real time, without issuing key and safeguarding in PKI system Light Directory Access Protocol and online certificate status protocol etc. significantly reduce digital signature cost.And PDF processing can be saved The interaction at end and signature end, convenient for deployment.

Wherein, step S701 and step S702 is wrapped with digital signature method first embodiment shown in Fig. 2 respectively The step S201 and S202 included is corresponding.Step S703 to step S705 distinguishes digital signature method second as shown in fig. 4 and implements Included step S402 is corresponding to step S404 in mode.Step S706 is implemented with digital signature method first shown in Fig. 2 Included step S205 is corresponding in mode.

In one embodiment, it signs by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE Further include following step before the step of signature field of the pdf document is written in the IBE public keys of information and the IBE cipher key pairs Suddenly：

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE keys The step of signature field of the pdf document is written in the IBE public keys of centering is further comprising the steps of：

By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, IBE signatures The signature field of the pdf document is written in the IBE public keys of information and the IBE cipher key pairs.

Further, can store the identity information cryptographic Hash, the IBE signing messages, the RSA signature information and The IBE public keys of the IBE cipher key pairs.

In another embodiment, in the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document It is further comprising the steps of after the step of carrying out signature calculation, generating IBE signing messages：

Destroy the IBE private keys.

Referring to Fig. 8, the structural schematic diagram of Fig. 8 digital signature system third embodiments of the present invention.

Digital signature system described in present embodiment is deployed in the signature server based on PDF, it may include PDF locates in advance Manage module 3010, identity information receiving module 3020, Hash calculation module 3030, IBE key pairs module 3040, IBE A.L.S.s Module 3050 and Digital Signature module 3060 are ceased, wherein：

PDF preprocessing modules 3010, for obtaining pdf document corresponding with user to be signed and the pdf document Cryptographic Hash.

Identity information receiving module 3020, the identity information for receiving the user to be signed.

Hash calculation module 3030 generates identity information cryptographic Hash for carrying out Hash calculation to the identity information.

IBE key pairs module 3040, for using identity information cryptographic Hash the entering as IBE key pair generating algorithms Ginseng generates IBE key pairs.

IBE signing messages module 3050, for the IBE private keys by the IBE cipher key pairs to the Kazakhstan of the pdf document Uncommon value carries out signature calculation, generates IBE signing messages.

Digital Signature module 3060 is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE The signature field of the pdf document is written in signing messages and the IBE public keys of the IBE cipher key pairs, completes digital signature.

Wherein, PDF preprocessing modules 3010 and identity information receiving module 3020 respectively with PDF preprocessing modules 1010 and Identity information receiving module 1020；Hash calculation module 3030, IBE key pairs module 3040, IBE signing messages module 3050 are divided Not with Hash calculation module 2020, IBE key pairs module 2030, IBE signing messages module 2040；Digital Signature module 3060 with Digital Signature module 1050 is corresponding.

In one embodiment, further include RSA signature information module, for passing through preset RSA Algorithm private key to described The cryptographic Hash of pdf document carries out signature calculation, generates RSA signature information；Digital Signature module 3060 can be additionally used in the RSA Signing messages, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs the write-in of IBE public keys described in Pdf document.

In one embodiment, IBE signing messages module 3050 can also be used to destroy the IBE private keys.

In summary, digital signature method of the invention can be applied to the number of the signature of insuring of the user that insures of insurance industry The field of word is signed, the state of an illness of medical industry patient user is signed digital signature and other public's type scene characteristics.Have Following advantage：

It can be digitally signed without issuing digital certificate, be convenient for operation management, IBE technologies to compare PKI technologies, innately The characteristics of be exactly can be more flexible than the operation of PKI technology, it is convenient.Using IBE technologies, asymmetric arithmetic is still fallen within, it can Meet the signature requirement of digital signature.

Reduce on common equipment use digital signature security risk, user when being signed using the program, The subscriber identity information (such as handwritten signature, fingerprint, video, sound, random number) that user generates differs, based on this generation IBE key pairs will also differ, and be used on common equipment in time, can not also forge the signature private key of the user, and it is private to sign Key is only only used once, and has been used and has been destroyed immediately, and the IBE private keys of user generate end from without departing from IBE keys.

Reduce cost, the real-time generation of IBE key pairs eliminates the process of delivering key, and the process of signature is can be What backstage executed, no OCSP, LDAP etc. safeguarded in powerful and complicated PKI systems, and be also to be finished to delete to private key, it saves The safety of private key is stored, significantly reduces application cost.

Simple operation prepares the information such as signing certificate without user in advance, you can the identity information for inputting itself is (such as hand-written Signature, fingerprint, video, sound etc.), IBE key pairs are generated at once, and sign to the data to sign, after signature The PDF document of formation standard.

The dexterous easily deployment of digital signature system, PDF support systems, IBE encryption systems and RSA Algorithm system.It can independent part Be deployed in enterprise, can also the pattern of cloud be supplied to enterprise to use.And what ustomer premises access equipment was directly interacted with digital signature system, Eliminate the interaction on the business backstage and digital signature system of enterprise or unit.

Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously Cannot the limitation to the scope of the claims of the present invention therefore be interpreted as.It should be pointed out that for those of ordinary skill in the art For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention Protect range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims

1. a kind of digital signature method, which is characterized in that include the following steps：

Receive the identity information of the user to be signed of ustomer premises access equipment；

Receive it is described signature end generated according to the cryptographic Hash of the identity information and the pdf document identity information cryptographic Hash, IBE signing messages and IBE public keys, wherein the signature end carries out Hash calculation to the identity information, generates the identity letter Cryptographic Hash is ceased, enters ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs, pass through institute The IBE private keys for stating IBE cipher key pairs carry out signature calculation to the cryptographic Hash of the pdf document, generate the IBE signing messages, The IBE key pairs include the IBE private keys and the IBE public keys；

The cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys are written The signature field of the pdf document completes digital signature.

2. digital signature method according to claim 1, which is characterized in that obtain PDF texts corresponding with user to be signed The step of cryptographic Hash of part and the pdf document, is further comprising the steps of：

Receive the essential information and PDF template identifications of the user to be signed, wherein the essential information includes described to be signed Name, address or the phone of user；

Search the PDF filling templates of storage corresponding with the PDF template identifications；

The corresponding position that the essential information is written to the PDF filling templates, generates the pdf document；

3. digital signature method according to claim 2, which is characterized in that the PDF is written in the essential information and is filled out The corresponding position of mold filling plate, the step of generating the pdf document, are further comprising the steps of：

The corresponding position that the essential information is written to the PDF filling templates generates editable PDF templates；

The editable PDF templates are sent to ustomer premises access equipment, so that the ustomer premises access equipment is according to preset remark information To the pdf document into edlin, pdf document is generated；

Receive the pdf document that the ustomer premises access equipment is sent.

4. digital signature method according to claim 1, it is characterised in that：

It is write by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys It is further comprising the steps of before the step of entering the signature field of the pdf document：

The signature end is received to give birth to the cryptographic Hash progress signature calculation of the pdf document by preset RSA Algorithm private key At RSA signature information；

The cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys are written The step of signature field of the pdf document, is further comprising the steps of：

By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages The signature field of the pdf document is written with the IBE public keys.

5. digital signature method as claimed in any of claims 1 to 4, which is characterized in that the identity information packet Include the picture of the handwritten signature of the user to be signed, the finger print data of the user to be signed, the user to be signed face At least one of the voice data of portion's image and the user to be signed.

6. a kind of digital signature system, which is characterized in that including：

PDF preprocessing modules, the cryptographic Hash for obtaining pdf document corresponding with user to be signed and the pdf document；

Identity information receiving module, the identity information of the user to be signed for receiving ustomer premises access equipment；

Signing messages receiving module, the cryptographic Hash for receiving the signature end according to the identity information and the pdf document Identity information cryptographic Hash, IBE signing messages and the IBE public keys of generation, wherein the signature end is breathed out by the identity information It is uncommon to calculate, the identity information cryptographic Hash is generated, using identity information cryptographic Hash the entering as IBE key pair generating algorithms Ginseng generates IBE key pairs, signature meter is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs It calculates, generates the IBE signing messages, the IBE key pairs include the IBE private keys and the IBE public keys；

Digital Signature module is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages The signature field of the pdf document is written with the IBE public keys, completes digital signature.

7. digital signature system according to claim 6, which is characterized in that the PDF preprocessing modules further include template Receiving module, template searching module, information add module and hash module are identified, wherein：

The template identification receiving module is used to receive the essential information and PDF template identifications of the user to be signed, wherein institute State name, address or the phone that essential information includes the user to be signed；

The template searching module is used to search the PDF filling templates of storage corresponding with the PDF template identifications；

Described information add module is used to be written the essential information corresponding positions of the PDF filling templates, described in generation Pdf document；

8. digital signature system according to claim 7, which is characterized in that described information add module is additionally operable to will be described The corresponding position of the PDF filling templates is written in essential information, generates editable PDF templates；Institute is sent to ustomer premises access equipment State editable PDF templates so that the ustomer premises access equipment according to preset remark information to the pdf document into edlin, Generate pdf document；Receive the pdf document that the ustomer premises access equipment is sent.

9. the digital signature system according to any one of claim 6 to 8, it is characterised in that：

The signing messages receiving module is additionally operable to receive the signature end by preset RSA Algorithm private key to PDF texts The cryptographic Hash of part carries out the RSA signature information that signature calculation is generated；

The Digital Signature module is additionally operable to the RSA signature information, the cryptographic Hash of the pdf document, the identity information The signature field of the pdf document is written in cryptographic Hash, the IBE signing messages and the IBE public keys.

10. a kind of digital signature method, which is characterized in that include the following steps：

Receive the identity information for the user to be signed that PDF processing ends are sent and pdf document corresponding with the user to be signed Cryptographic Hash；

Signature calculation is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs, generates IBE signatures Information；

The identity information cryptographic Hash, described of signature field for the pdf document to be written is sent to the processing ends PDF The IBE public keys of IBE signing messages and the IBE cipher key pairs, so that digital signature is completed in the processing ends PDF.

11. digital signature method according to claim 10, it is characterised in that：

In the identity information cryptographic Hash, described for sending signature field for the pdf document to be written to the processing ends PDF It is further comprising the steps of before the step of IBE signing messages and the IBE public keys of the IBE cipher key pairs：

Signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key, generates RSA signature information；

The identity information cryptographic Hash, described of signature field for the pdf document to be written is sent to the processing ends PDF The step of IBE signing messages and the IBE public keys of the IBE cipher key pairs, is further comprising the steps of：

The RSA signature information, the identity of the signature field for the pdf document to be written are sent to the processing ends PDF The IBE public keys of information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs.

12. the digital signature method according to claim 10 or 11, which is characterized in that passing through the IBE cipher key pairs IBE private keys the step of signature calculation is carried out to the cryptographic Hash of the pdf document, generates IBE signing messages after, further include with Lower step：

Destroy the IBE private keys.

13. a kind of digital signature system, which is characterized in that including：

Receiving module, for receive the processing ends PDF transmission user to be signed identity information and with the user to be signed The cryptographic Hash of corresponding pdf document；

IBE key pair modules generate IBE for entering ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms Key pair；

IBE signing messages modules carry out the cryptographic Hash of the pdf document for the IBE private keys by the IBE cipher key pairs Signature calculation generates IBE signing messages；

Signing messages sending module, for being sent to the processing ends PDF for being written described in the signature field of the pdf document The IBE public keys of identity information cryptographic Hash, the IBE signing messages, RSA signature information and the IBE cipher key pairs, so that described Complete digital signature in the processing ends PDF.

14. digital signature system according to claim 13, it is characterised in that：

Further include RSA signature information module, for being carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key Signature calculation generates RSA signature information；

The signing messages sending module is additionally operable to send the signature field for the pdf document to be written to the processing ends PDF The RSA signature information, the identity information cryptographic Hash, the IBE of the IBE signing messages and the IBE cipher key pairs it is public Key.

15. a kind of digital signature method, which is characterized in that include the following steps：

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs IBE public keys the signature field of the pdf document is written, complete digital signature.

16. digital signature method according to claim 15, it is characterised in that：

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE key pairs In the IBE public keys the step of signature field of the pdf document is written before, it is further comprising the steps of：

By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs The IBE public keys the step of signature field of the pdf document is written it is further comprising the steps of：

By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages The signature field of the pdf document is written with the IBE public keys of the IBE cipher key pairs.

17. digital signature method according to claim 15 or 16, which is characterized in that passing through the IBE cipher key pairs IBE private keys the step of signature calculation is carried out to the cryptographic Hash of the pdf document, generates IBE signing messages after, further include with Lower step：

Destroy the IBE private keys.

18. a kind of digital signature system, which is characterized in that including：

Digital Signature module is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages The signature field of the pdf document is written with the IBE public keys of the IBE cipher key pairs, completes digital signature.

19. digital signature system according to claim 18, it is characterised in that：

The Digital Signature module is additionally operable to the RSA signature information, the identity information cryptographic Hash, the IBE A.L.S.s The pdf document is written in breath and the IBE public keys of the IBE cipher key pairs.