CN105007162A - Trusted electronic signature system and electronic signature method - Google Patents
Trusted electronic signature system and electronic signature method Download PDFInfo
- Publication number
- CN105007162A CN105007162A CN201510375815.2A CN201510375815A CN105007162A CN 105007162 A CN105007162 A CN 105007162A CN 201510375815 A CN201510375815 A CN 201510375815A CN 105007162 A CN105007162 A CN 105007162A
- Authority
- CN
- China
- Prior art keywords
- signature
- trusted
- terminal
- document
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a trusted electronic signature system and an electronic signature method. The system comprises a trusted electronic signature terminal, a trusted electronic signature management system and a certificate authority center, which are connected in sequence. An electronic signature process comprises a step of completing signature of an electronic document under the trusted system environment, and a step of completing verification of the electronic document under the trusted system environment. In comparison with the prior art, the trusted electronic signature system and the electronic signature method have the advantages of capabilities of effectively guaranteeing the security of the electronic signature, increasing the product functions and promoting competence, strong practicability and easiness in popularization, and can be applied to trusted server products of a company.
Description
Technical field
The present invention relates to field of information security technology, specifically a kind of practical, Credible electronic signature system and electric endorsement method.
Background technology
Along with the progress of information technology, electronic signature technology plays more and more important effect in E-Government and ecommerce.Current electronic signature all realizes on generic terminal devices, and because the structure of trusted context on ordinary terminal also also exists many difficult points, the fail safe therefore signed electronically cannot effectively be ensured.Based on this, now provide a kind of Credible electronic signature system and electric endorsement method, by adopting credible password module, the fail safe of effective guarantee electronic signature.
Summary of the invention
Technical assignment of the present invention is for above weak point, provides a kind of practical, Credible electronic signature system and electric endorsement method.
A kind of Credible electronic signature system, its structure comprises the Credible electronic signature terminal, Credible electronic signature management system, the Certificate Authority that are linked in sequence, wherein:
The built-in credible password module of Credible electronic signature terminal, completes the signature to electronic document and authentication function under the believable environment of system;
Trusted signature management system is responsible for issuing of identifying file to be signed and is uploaded, and user by high trusted signature terminal reading electronic document, and carries out the work of signature and certifying signature, and terminal is communicated with trusted signature management system by serial communication;
Certificate Authority is responsible for issuing of certificate.
Described credible password module selects the SSX44 safety chip of national technology, crypto module key EK is adopted to identify the identity of trusted computing password support platform, under platform owner authorizes, a pair state close algorithm SM2 double secret key is generated at SSX44 chip internal, PKI sends to user to use, and private key is kept at SSX44 inside and can not derives.
Described trusted signature terminal comprises several, corresponding, connected trusted signature management system is provided with several, and connected by Internet Transmission between all trusted signature management systems, all trusted signature management systems all connect Certificate Authority, and at least one trusted signature terminal and coupled trusted signature management system are signer; At least one trusted signature terminal and coupled trusted signature management system are signer is sign test side.
Use an electric endorsement method for above-mentioned trusted system, its specific implementation process is:
The signature to electronic document is completed under above-mentioned trusted system environment;
The checking to electronic document is completed under above-mentioned trusted system environment.
Described signature process is:
When using trusted signature terminal to electronic document signature, produce key by the credible password module in this terminal, this key comprises the PKI and private key that send to user;
User uses public-key to Certificate Authority application signing certificate, and after certificate issuance, electronic document to be signed is handed down to trusted signature terminal by trusted signature management system;
User opens electronic document in terminal, the integrality of reading documents, to guarantee that document to be signed is not subject to third party and distorts issuing in process;
When determining that document can press signature button after not being tampered, sign to document at the private key of credible password module, signed data and public key certificate are sent to trusted signature management system by terminal of signing afterwards, complete electronic signature process.
The credible password module of the trusted signature terminal inner of described signer is SSX44 chip, and generate a pair SM2 PKI and private key, and PKI is sent to user, private key is then kept at the inside of SSX44; When starting to sign, the SM2 private key using SSX44 inside to generate is signed to document.
Described proof procedure is:
The trusted signature management system of signer uses Internet Transmission that signature document and signed data are sent to sign test side, and signature document, signed data and public key certificate are issued to the trusted signature terminal of oneself by the signature management system of sign test side;
The trusted signature terminal of sign test side investigates the authenticity of public key certificate, then from public key certificate, extracts PKI, then carries out sign test to signature document, obtains the result of sign test, and return to coupled signature management system, complete the process of electronically validating signature.
A kind of Credible electronic signature system of the present invention and electric endorsement method, have the following advantages:
A kind of Credible electronic signature system that the present invention proposes and electric endorsement method, the fail safe of effective guarantee electronic signature, can be applied to the trusted servers product of company, increases the function of product, promotes the market competitiveness, practical, is easy to promote.
Accompanying drawing explanation
Accompanying drawing 1 is that the present invention realizes schematic diagram.
Embodiment
Below in conjunction with the drawings and specific embodiments, the invention will be further described.
The invention provides a kind of Credible electronic signature system, as shown in Figure 1, its structure comprises the Credible electronic signature terminal, Credible electronic signature management system, the Certificate Authority that are linked in sequence, wherein:
The built-in credible password module of Credible electronic signature terminal, completes the signature to electronic document and authentication function under the believable environment of system;
Trusted signature management system is responsible for issuing of identifying file to be signed and is uploaded, and user by high trusted signature terminal reading electronic document, and carries out the work of signature and certifying signature, and terminal is communicated with trusted signature management system by serial communication;
Certificate Authority is responsible for issuing of certificate.
Described credible password module selects the SSX44 safety chip of national technology, crypto module key EK is adopted to identify the identity of trusted computing password support platform, under platform owner authorizes, a pair state close algorithm SM2 double secret key is generated at SSX44 chip internal, PKI sends to user to use, and private key is kept at SSX44 inside and can not derives.
SSX44 chip certificate meets X.509 V3 standard, being signed, guaranteeing its feasibility, for setting up the one-to-one relationship of crypto module key EK and SSX44 chip before platform uses by trusted third party.
Described trusted signature terminal comprises several, corresponding, connected trusted signature management system is provided with several, and connected by Internet Transmission between all trusted signature management systems, all trusted signature management systems all connect Certificate Authority, and at least one trusted signature terminal and coupled trusted signature management system are signer; At least one trusted signature terminal and coupled trusted signature management system are signer is sign test side.
Use an electric endorsement method for above-mentioned trusted system, its specific implementation process is:
The signature to electronic document is completed under above-mentioned trusted system environment;
The checking to electronic document is completed under above-mentioned trusted system environment.
Described signature process is:
When using trusted signature terminal to electronic document signature, produce key by the credible password module in this terminal, this key comprises the PKI and private key that send to user;
User uses public-key to Certificate Authority application signing certificate, and after certificate issuance, electronic document to be signed is handed down to trusted signature terminal by trusted signature management system;
User opens electronic document in terminal, the integrality of reading documents, to guarantee that document to be signed is not subject to third party and distorts issuing in process;
When determining that document can press signature button after not being tampered, sign to document at the private key of credible password module, signed data and public key certificate are sent to trusted signature management system by terminal of signing afterwards, complete electronic signature process.
The credible password module of the trusted signature terminal inner of described signer is SSX44 chip, and generate a pair SM2 PKI and private key, and PKI is sent to user, private key is then kept at the inside of SSX44; When starting to sign, the SM2 private key using SSX44 inside to generate is signed to document.
Described proof procedure is:
The trusted signature management system of signer uses Internet Transmission that signature document and signed data are sent to sign test side, and signature document, signed data and public key certificate are issued to the trusted signature terminal of oneself by the signature management system of sign test side;
The trusted signature terminal of sign test side investigates the authenticity of public key certificate, then from public key certificate, extracts PKI, then carries out sign test to signature document, obtains the result of sign test, and return to coupled signature management system, complete the process of electronically validating signature.
Embodiment:
As shown in Figure 1, Credible electronic signature terminal, Credible electronic signature management system comprise first and second liang of groups, and wherein Party A is signer, and Party B is sign test side, and it is specifically signed and sign test process is:
1), when using trusted signature terminal first to electronic document signature, generate a pair SM2 PKI and private key by the SSX44 chip of terminal first inside, and PKI is sent to user, private key is then kept at the inside of SSX44.
2) user use SSX44 to generate PKI to Certificate Authority application signing certificate, after certificate issuance, electronic document to be signed is handed down to signature terminal first by trusted signature management system.
3) user opens electronic document in terminal first, the integrality of reading documents, to guarantee that document to be signed is not subject to third party and distorts issuing in process.
4) when determining that document can press signature button after not being tampered, the SM2 private key generated before SSX44 inner utilization is signed to document, and signed data and public key certificate are sent to trusted signature management system first by terminal first of signing afterwards.
5) user uses Internet Transmission that signature document and signed data are sent to sign test side, and signature document, signed data and public key certificate are issued to the trusted signature terminal second of oneself by the signature management system of sign test side.
6) terminal second of signing investigates the authenticity of public key certificate, then from public key certificate, extracts PKI, then carries out sign test to signature document, obtains the result of sign test, and returns to signature management system second.
Thus complete the process of whole electronic signature and certifying signature.
Above-mentioned embodiment is only concrete case of the present invention; scope of patent protection of the present invention includes but not limited to above-mentioned embodiment; claims of any a kind of Credible electronic signature system according to the invention and electric endorsement method and the those of ordinary skill of any described technical field to its suitable change done or replacement, all should fall into scope of patent protection of the present invention.
Claims (7)
1. a Credible electronic signature system, is characterized in that, comprises the Credible electronic signature terminal, Credible electronic signature management system, the Certificate Authority that are linked in sequence, wherein:
The built-in credible password module of Credible electronic signature terminal, completes the signature to electronic document and authentication function under the believable environment of system;
Trusted signature management system is responsible for issuing of identifying file to be signed and is uploaded, and user by high trusted signature terminal reading electronic document, and carries out the work of signature and certifying signature, and terminal is communicated with trusted signature management system by serial communication;
Certificate Authority is responsible for issuing of certificate.
2. a kind of Credible electronic signature system according to claim 1, it is characterized in that, described credible password module selects the SSX44 safety chip of national technology, crypto module key EK is adopted to identify the identity of trusted computing password support platform, under platform owner authorizes, generate a pair state close algorithm SM2 double secret key at SSX44 chip internal, PKI sends to user to use, and private key is kept at SSX44 inside and can not derives.
3. a kind of Credible electronic signature system according to claim 1 and 2, it is characterized in that, described trusted signature terminal comprises several, corresponding, connected trusted signature management system is provided with several, and connected by Internet Transmission between all trusted signature management systems, all trusted signature management systems all connect Certificate Authority, and at least one trusted signature terminal and coupled trusted signature management system are signer; At least one trusted signature terminal and coupled trusted signature management system are signer is sign test side.
4. use an electric endorsement method for above-mentioned trusted system, it is characterized in that, specific implementation process is:
The signature to electronic document is completed under above-mentioned trusted system environment;
The checking to electronic document is completed under above-mentioned trusted system environment.
5. the electric endorsement method of the above-mentioned trusted system of use according to claim 4, is characterized in that, described signature process is:
When using trusted signature terminal to electronic document signature, produce key by the credible password module in this terminal, this key comprises the PKI and private key that send to user;
User uses public-key to Certificate Authority application signing certificate, and after certificate issuance, electronic document to be signed is handed down to trusted signature terminal by trusted signature management system;
User opens electronic document in terminal, the integrality of reading documents, to guarantee that document to be signed is not subject to third party and distorts issuing in process;
When determining that document can press signature button after not being tampered, sign to document at the private key of credible password module, signed data and public key certificate are sent to trusted signature management system by terminal of signing afterwards, complete electronic signature process.
6. the electric endorsement method of the above-mentioned trusted system of use according to claim 5, it is characterized in that, the credible password module of the trusted signature terminal inner of described signer is SSX44 chip, generate a pair SM2 PKI and private key, and PKI is sent to user, private key is then kept at the inside of SSX44; When starting to sign, the SM2 private key using SSX44 inside to generate is signed to document.
7. the electric endorsement method of the above-mentioned trusted system of use according to claim 4, is characterized in that, described proof procedure is:
The trusted signature management system of signer uses Internet Transmission that signature document and signed data are sent to sign test side, and signature document, signed data and public key certificate are issued to the trusted signature terminal of oneself by the signature management system of sign test side;
The trusted signature terminal of sign test side investigates the authenticity of public key certificate, then from public key certificate, extracts PKI, then carries out sign test to signature document, obtains the result of sign test, and return to coupled signature management system, complete the process of electronically validating signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510375815.2A CN105007162A (en) | 2015-07-01 | 2015-07-01 | Trusted electronic signature system and electronic signature method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510375815.2A CN105007162A (en) | 2015-07-01 | 2015-07-01 | Trusted electronic signature system and electronic signature method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105007162A true CN105007162A (en) | 2015-10-28 |
Family
ID=54379690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510375815.2A Pending CN105007162A (en) | 2015-07-01 | 2015-07-01 | Trusted electronic signature system and electronic signature method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105007162A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452793A (en) * | 2016-11-21 | 2017-02-22 | 航天信息股份有限公司 | Method and system of electronic signature |
| CN108111311A (en) * | 2017-12-25 | 2018-06-01 | 福建升腾资讯有限公司 | A kind of method that bank counter electronic signature is realized based on national secret algorithm |
| CN109246055A (en) * | 2017-07-10 | 2019-01-18 | 智业互联(厦门)健康科技有限公司 | Medical information secure interactive system and method |
| CN113221072A (en) * | 2021-04-16 | 2021-08-06 | 江苏先安科技有限公司 | Third party countersignature and verification method based on android system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7565528B1 (en) * | 1998-01-12 | 2009-07-21 | Deutsche Telekom Ag | Method for generating asymmetrical cryptographic keys by the user |
| US20090217034A1 (en) * | 1994-01-13 | 2009-08-27 | Sudia Frank W | Multi-step digital signature method and system |
| CN101931631A (en) * | 2010-09-15 | 2010-12-29 | 北京数字证书认证中心有限公司 | Method for digital signatures capable of establishing reliable correspondence with handwritten signatures |
-
2015
- 2015-07-01 CN CN201510375815.2A patent/CN105007162A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090217034A1 (en) * | 1994-01-13 | 2009-08-27 | Sudia Frank W | Multi-step digital signature method and system |
| US7565528B1 (en) * | 1998-01-12 | 2009-07-21 | Deutsche Telekom Ag | Method for generating asymmetrical cryptographic keys by the user |
| CN101931631A (en) * | 2010-09-15 | 2010-12-29 | 北京数字证书认证中心有限公司 | Method for digital signatures capable of establishing reliable correspondence with handwritten signatures |
Non-Patent Citations (1)
| Title |
|---|
| 李伟: "《基于可信密码模块的电子签名系统设计与实现》", 《万方-学位》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452793A (en) * | 2016-11-21 | 2017-02-22 | 航天信息股份有限公司 | Method and system of electronic signature |
| CN109246055A (en) * | 2017-07-10 | 2019-01-18 | 智业互联(厦门)健康科技有限公司 | Medical information secure interactive system and method |
| CN109246055B (en) * | 2017-07-10 | 2020-12-25 | 智业互联(厦门)健康科技有限公司 | Medical information safety interaction system and method |
| CN108111311A (en) * | 2017-12-25 | 2018-06-01 | 福建升腾资讯有限公司 | A kind of method that bank counter electronic signature is realized based on national secret algorithm |
| CN108111311B (en) * | 2017-12-25 | 2021-11-19 | 福建升腾资讯有限公司 | Method for realizing bank counter electronic signature based on state cryptographic algorithm |
| CN113221072A (en) * | 2021-04-16 | 2021-08-06 | 江苏先安科技有限公司 | Third party countersignature and verification method based on android system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106301782B (en) | Electronic contract signing method and system | |
| CN105790938B (en) | Safe unit key generation system and method based on credible performing environment | |
| CN103490901B (en) | Key based on combination key system generates and distribution method | |
| CN108173659B (en) | Certificate management method and system based on UKEY equipment and terminal equipment | |
| US20150350196A1 (en) | Terminal authentication system, server device, and terminal authentication method | |
| CN104580250A (en) | System and method for authenticating credible identities on basis of safety chips | |
| EP3001598B1 (en) | Method and system for backing up private key in electronic signature token | |
| CN103503366A (en) | Managing data for authentication devices | |
| CN103051453A (en) | Digital certificate-based mobile terminal network security trading system and digital certificate-based mobile terminal network security trading method | |
| CN103701598A (en) | SM2 signature algorithm-based double-check signature method and digital signature equipment | |
| WO2020038137A1 (en) | Two-dimensional code generation method, data processing method, apparatus, and server | |
| CN103514410A (en) | Dependable preservation and evidence collection system and method for electronic contract | |
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| JP2012530311A5 (en) | ||
| CN104486087B (en) | A kind of digital signature method based on remote hardware security module | |
| CN105635070B (en) | Anti-counterfeiting method and system for digital file | |
| CN104753881A (en) | WebService security certification access control method based on software digital certificate and timestamp | |
| CN103078742A (en) | Generation method and system of digital certificate | |
| CN104734851A (en) | Electronic seal method and system | |
| EP2827529B1 (en) | Method, device, and system for identity authentication | |
| US11308240B2 (en) | Cryptographic circuit and data processing | |
| CN103684797A (en) | Subscriber and subscriber terminal equipment correlation authentication method and system | |
| CN103888442A (en) | System with integration of visualization biological characteristics and one-time digital signature and method thereof | |
| CN104270376A (en) | Platform integrity verification method | |
| CN105007162A (en) | Trusted electronic signature system and electronic signature method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151028 |