CN111369364A - Electronic signature method and device based on super counter - Google Patents
Electronic signature method and device based on super counter Download PDFInfo
- Publication number
- CN111369364A CN111369364A CN202010134939.2A CN202010134939A CN111369364A CN 111369364 A CN111369364 A CN 111369364A CN 202010134939 A CN202010134939 A CN 202010134939A CN 111369364 A CN111369364 A CN 111369364A
- Authority
- CN
- China
- Prior art keywords
- electronic
- certificate
- signature
- super
- counter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 230000002194 synthesizing effect Effects 0.000 claims abstract description 25
- 230000008569 process Effects 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 16
- 230000015572 biosynthetic process Effects 0.000 claims description 7
- 238000003786 synthesis reaction Methods 0.000 claims description 7
- 238000012795 verification Methods 0.000 abstract description 15
- 238000010586 diagram Methods 0.000 description 10
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
Abstract
The application discloses electronic signature method and device based on super counter, which is applied to front-end equipment of the super counter and comprises the following steps: sequentially acquiring an original transaction voucher generated by the super counter and electronic signature information of a customer; performing digital signature based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate; sending the intermediate electronic voucher to the super counter; receiving an electronic seal and an intermediate electronic certificate returned by the super counter; and under the condition of verifying the intermediate electronic certificate without errors, synthesizing the intermediate electronic certificate and the electronic seal into the target electronic certificate. The electronic signature method and device based on the super counter realize that the original transaction certificate, the electronic signature and the electronic seal are combined into the final electronic certificate, thereby ensuring the integrity of the transaction certificate; the intermediate electronic certificate is digitally signed through the public key certificate, so that the electronic certificate is ensured to be tamper-proof, and the client signature and the public key certificate are synthesized into the electronic certificate and can be used for anti-repudiation verification work.
Description
Technical Field
The invention relates to the technical field of IT (information technology) security, in particular to an electronic signature method and device based on a super counter.
Background
With the rapid development of electronic commerce and national economy in recent years, the business types and service technologies of banking business are continuously developed and improved. Due to the fact that transaction processes of businesses in a bank are gradually complicated, more manual intervention is needed in the using process of a super counter, a paper application form of an application business is printed, signed, checked and recycled, and then subsequent transactions are conducted, customer experience satisfaction in the process is low, paper material recycling processes are complex to process, cost is increased when paper is used, and the process is not environment-friendly. Digital signature techniques are being developed to enhance customer experience. Electronic signature, namely, a client can check and sign transaction information on an electromagnetic screen of a super counter, so that the service transaction is performed quickly, the service transaction time is greatly saved, and the cost of consumables such as paper is saved.
However, the existing digital signature technology has the problems of poor integrity, poor repudiation resistance and poor tamper resistance of the formed electronic certificate.
Disclosure of Invention
In view of this, the present invention provides the following technical solutions:
an electronic signature method based on a super counter is applied to front-end equipment of the super counter and comprises the following steps:
the front-end equipment sequentially acquires an original transaction voucher generated by the super counter performing transaction processing according to the operation of a customer and the electronic signature information of the customer;
performing digital signature based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate;
sending the intermediate electronic voucher to the super counter;
receiving the electronic seal and the intermediate electronic certificate returned by the super counter;
and under the condition of verifying the intermediate electronic certificate without errors, synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate.
Optionally, the digitally signing based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate, including:
synthesizing the electronically signed information into the original transaction credential;
and digitally signing the original transaction certificate which is synthesized with the electronic signature information by adopting a private key of the front-end equipment to obtain an intermediate electronic certificate.
Optionally, the signature information of the digital signature includes a public key certificate.
Optionally, before the performing digital signature based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate, the method further includes:
detecting the validity of the public key certificate;
and if the public key certificate is valid, continuing the data signature processing.
Optionally, the method further includes:
a public-private key pair for signature is generated in advance, and a public key certificate is acquired from a certificate issuing server based on the generated public key.
Optionally, after synthesizing the target electronic certificate, the method further includes:
and sending the target electronic certificate to the super counter so that the super counter stores and processes the target electronic certificate.
Optionally, the synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate includes:
and synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate in a PDF format.
An electronic signature device based on a super counter is applied to front-end equipment of the super counter and comprises:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for sequentially acquiring an original transaction certificate and electronic signature information of a client, which are generated by transaction processing of the super counter according to the operation of the client, by front-end equipment;
the digital signature module is used for carrying out digital signature on the basis of the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate;
the voucher sending module is used for sending the intermediate electronic voucher to the super counter;
the voucher receiving module is used for receiving the electronic seal returned by the super counter and the intermediate electronic voucher;
and the certificate synthesis module is used for synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate under the condition that the intermediate electronic certificate is verified and signed without errors.
Optionally, the digital signature module includes:
a signature synthesis module for synthesizing the electronic signature information into the original transaction voucher;
and the digital signature submodule is used for digitally signing the original transaction certificate which is synthesized with the electronic signature information by adopting a private key of the front-end equipment to obtain an intermediate electronic certificate.
Optionally, the signature information of the digital signature includes a public key certificate.
Compared with the prior art, the embodiment of the invention discloses an electronic signature method and device based on a super counter, which are applied to front-end equipment of the super counter and comprise the following steps: sequentially acquiring an original transaction voucher generated by transaction processing of the super counter according to the operation of a customer and electronic signature information of the customer; performing digital signature based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate; sending the intermediate electronic voucher to the super counter; receiving the electronic seal and the intermediate electronic certificate returned by the super counter; and under the condition of verifying the intermediate electronic certificate without errors, synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate. The electronic signature method and device based on the super counter are realized by combining an original transaction certificate, an electronic signature of a client and an electronic seal generated in the transaction process into a final electronic certificate, so that the integrity of the transaction certificate is ensured; the intermediate electronic certificate is digitally signed through the public key certificate, so that the electronic certificate is ensured to be tamper-proof, and the client signature and the public key certificate are synthesized into the electronic certificate and can be used for anti-repudiation verification work.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flowchart of an electronic signature method based on a super counter according to an embodiment of the present invention;
FIG. 2 is a flow chart of obtaining an intermediate electronic certificate by digital signature as disclosed in an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a schematic flow of digital signature and signature verification disclosed in the embodiments of the present invention;
fig. 4 is a schematic diagram illustrating public key certificate distribution management disclosed in an embodiment of the present invention;
FIG. 5 is a sequence diagram of an electronic signature mode disclosed in an embodiment of the present invention;
FIG. 6 is a schematic diagram of a flow chart of an electronic signature scheme according to an embodiment of the disclosure;
fig. 7 is a schematic view of an electronic signature verification process disclosed in the embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic signature device based on a super counter according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of an electronic signature method based on a super counter according to an embodiment of the present invention, where the method shown in fig. 1 is applied to a front-end device of the super counter, and referring to fig. 1, the electronic signature method based on the super counter may include:
step 101: and the front-end equipment sequentially acquires an original transaction voucher generated by the super counter performing transaction processing according to the operation of the customer and the electronic signature information of the customer.
The customer can carry out relevant transaction operation by self at the front-end equipment of the super counter, and correspondingly, the transaction operation triggered by the customer can carry out corresponding processing at the super counter, so that a transaction voucher is generated. After the transaction voucher is generated, the super counter returns the original transaction voucher to the front-end equipment for the customer to check and confirm; if the client confirms that no error exists after checking the original transaction certificate, the front-end equipment prompts the client to sign the name on an electromagnetic screen of the front-end equipment to confirm the original transaction certificate, and the front-end equipment can acquire the electronic signature information of the client.
Step 102: and carrying out digital signature on the basis of the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate.
After the electronic signature information and the original transaction certificate are obtained, the electronic signature information and the original transaction certificate can be synthesized, and relevant data, such as electronic signature pictures, electronic signature tracks and the like, can be encrypted, so that possible follow-up repudiation behaviors can be effectively prevented.
The specific implementation of the digital signature will be described in detail in the following embodiments and will not be described in excess here.
Step 103: and sending the intermediate electronic certificate to the super counter.
And after the front-end equipment processes the intermediate electronic certificate, the intermediate electronic certificate needs to be sent to a super counter at the rear end, so that the super counter can judge whether the electronic signature of the client is effective or not.
Step 104: and receiving the electronic seal returned by the super counter and the intermediate electronic certificate.
Under the condition that the electronic signature of the client is available, the super counter sends the electronic seal data required by the transaction and the intermediate electronic certificate to the front-end equipment, and the front-end equipment carries out subsequent further processing on the electronic certificate.
Step 105: and under the condition of verifying the intermediate electronic certificate without errors, synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate.
Since the intermediate electronic certificate is digitally signed by the front-end device, the intermediate electronic certificate is at risk of being tampered during the interaction with the super counter data. Therefore, after the front-end device receives the intermediate electronic certificate from the super counter, the front-end device needs to check the certificate to ensure that the intermediate electronic certificate is still the original intermediate electronic certificate and is not tampered with information, so that subsequent processing operation is urgently needed. When the front-end equipment checks and signs the intermediate electronic certificate and finds an error, the information in the intermediate electronic certificate is maliciously tampered, and subsequent related processing cannot be carried out, so that the safety of transaction and data is guaranteed.
If the front-end equipment verifies the intermediate electronic certificate without errors, the intermediate electronic certificate and the electronic seal can be synthesized into a target electronic certificate and a finally formed electronic certificate.
The super counter-based electronic signature method disclosed by the embodiment is realized by synthesizing an original transaction certificate, an electronic signature of a client and an electronic seal generated in a transaction process into a final electronic certificate, so that the integrity of the transaction certificate is ensured; the intermediate electronic certificate is digitally signed through the public key certificate, so that the electronic certificate is ensured to be tamper-proof, and the client signature and the public key certificate are synthesized into the electronic certificate and can be used for anti-repudiation verification work.
Fig. 2 is a flowchart of digitally signing to obtain an intermediate electronic certificate according to an embodiment of the present invention, and with reference to fig. 2, the digitally signing based on the electronic signature information and the original transaction certificate to obtain the intermediate electronic certificate may include:
step 201: synthesizing the electronically signed information into the original transaction credential.
The electronic signature information is synthesized into the original transaction certificate, so that the transaction information and the confirmation signature of the client can be visually seen from one transaction certificate.
Step 202: and digitally signing the original transaction certificate which is synthesized with the electronic signature information by adopting a private key of the front-end equipment to obtain an intermediate electronic certificate.
The private key can be password data generated by an encryption module of the front-end equipment or the super counter, and the private key cannot be known to other external equipment, so that the security is good.
The signature information of the digital signature comprises a public key certificate so that the subsequent front-end equipment can conveniently check and sign the intermediate electronic certificate returned by the super counter.
In another implementation, in the super counter-based electronic signature method, before performing digital signature based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate, the method may further include: and detecting the validity of the public key certificate. And if the public key certificate is valid, continuing the data signature processing.
In other implementations, the super counter-based electronic signature method may further include: a public-private key pair for signature is generated in advance, and a public key certificate is acquired from a certificate issuing server based on the generated public key. The public and private keys are generated in advance, and the public key certificate is obtained, so that the normal use of the public and private keys and the public key certificate in the subsequent transaction processing process can be ensured, and the smooth transaction is ensured.
In another implementation, in the super counter-based electronic signature method, after the synthesizing the target electronic certificate, the method further includes: and sending the target electronic certificate to the super counter so that the super counter stores and processes the target electronic certificate. After the final transaction voucher is obtained, the final transaction voucher needs to be filed, so that the final transaction voucher can be called and read in time when needed subsequently.
The synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate may include: and synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate in a PDF format. The target electronic certificate is stored and recorded in a PDF format, so that the target electronic certificate can be conveniently stored for a long time, and the actual requirements of enterprises are met.
In order to facilitate better understanding of the super counter-based electronic signature method disclosed in the embodiment of the present application, specific implementations related to the super counter-based electronic signature method will be described below, so that those skilled in the art can better implement the contents of the embodiment of the present application.
The digital signature referred to in the embodiments of the present application is a common physical signature similar to that written on paper, and can be implemented using a technique in the field of public key encryption, and is used to authenticate digital information. A set of digital signatures may define two complementary operations, one for signing and the other for verification.
The digital signature process can encrypt the summary information of the related data by the private key of the sender, and transmit the encrypted summary information and the original text to the receiver. The receiver can decrypt the encrypted digest information only by using the public key of the sender, and then generates a digest information for the received original text by using the HASH function, and compares the digest information with the decrypted digest information. If the two information are the same, the received information is complete and is not modified in the transmission process, otherwise, the information is modified, and therefore the digital signature can verify the integrity of the information. Digital signature is an encryption process and digital signature verification (i.e., signature verification) is a decryption process. Fig. 3 is a schematic diagram illustrating a principle flow of digital signature and signature verification disclosed in the embodiment of the present invention, which can be understood by referring to fig. 3.
In the specific implementation of the electronic signature method for the super counter disclosed in this embodiment, the electronic certificate generated after the transaction is finished may be stored in a PDF format conforming to a PDF/a (PDF/architecture) standard, which is an ISO-approved electronic Archive standard, so that the electronic certificate is convenient to store for a long time. On the premise of PDF format storage, the digital signature method of the electronic certificate based on the SM3 algorithm (elliptic curve public key cryptographic algorithm issued by the State crypto administration) of the encryption chip is realized based on research on the completeness, the anti-repudiation property and the anti-tampering property of the electronic certificate.
The principles of electronic signatures can be understood in conjunction with the following. The elements involved in the signing process are represented by the following symbols:
h, representing common elements of the transaction (transaction code, transaction log number, terminal number, accounting date, transaction time and the like);
m, representing the pre-processing of the electronic certificate to be signed to form a message for signature;
t represents the information of the private elements of the transaction;
s, representing an electronic seal;
c, electronically signing the client;
d, the length of the summary information to be signed is 256 bits;
d', digitally signing the information;
PDF, representing the final electronic certificate;
PrivateKey represents a private signature key;
and Z represents a transaction log number used for identifying the association relationship between the transaction certificate and the transaction.
∑H+T+S+C=PDF
The message M is combined with Z as the information to be signed and then a hash value is computed using the SM3 algorithm for digital signature. For length l (l < 2)64) The message M of bits, SM3 hash algorithm generates a hash value with a length of 256 bits after padding and iterative compression. After the hash value is calculated, the hash value is digitally signed using the private key.
In practical application, the front-end equipment of the super counter is provided with an electromagnetic signature screen (an electromagnetic capacitance encryption integrated screen or a signature board with an encryption chip), a national secret encryption chip can be integrated, a digital signature key is generated by the national secret chip arranged in the super counter, and a public key certificate used in digital signature is signed and issued by a certificate issuing server approved by an enterprise.
The front-end equipment of each super counter is registered and warehoused by a self-service equipment management and monitoring system (V end) before being accessed to an enterprise system for use, and then an equipment master key is distributed (remote key downloading) by a unified authentication platform of the enterprise. After the equipment is verified to be legal, the front-end equipment notifies the super counter background after deployment, the super counter background calls an encryption chip in the super counter front-end equipment to generate a public and private key pair interface to trigger the super counter equipment to generate a public and private key, then a public key in the front-end equipment is obtained, a public key certificate is signed and issued through a certificate issuing server, and then the public key certificate is downloaded to the front-end equipment encryption chip of the super counter for use in subsequent digital signature. If the front-end equipment of the super counter is lost, abandoned, maintained and the like, the record needs to be carried out in the self-service equipment management and monitoring system, the public key certificate in the equipment is set to be in an invalid state, and the digital signature cannot be carried out by using the public key certificate subsequently. The updating operation of the public key certificate is responsible for the front-end equipment of the super counter, the validity of the public key certificate is judged firstly when the front-end equipment of the super counter carries out digital signature each time, if the public key certificate is invalid, the encryption chip is called to regenerate a public and private key pair, the public key is used for signing again, and the obtained certificate is rewritten in the encryption chip of the super counter. The management flow is shown in fig. 4-6. Fig. 4 is a schematic diagram illustrating public key certificate distribution management disclosed in the embodiment of the present invention; FIG. 5 is a sequence diagram of an electronic signature mode disclosed in an embodiment of the present invention; fig. 6 is a schematic flow chart of an electronic signature mode disclosed in the embodiment of the present invention.
Referring to fig. 6, in step ①, the super counter first checks the validity of the public key certificate in the super counter signature screen (front-end device side) (if the public key certificate expires, the chip in the super counter device regenerates to a public-private key pair, and then transmits the public key to the certificate issuing server to generate and return the public key certificate in step ②), and then pushes the public key certificate to the front-end device of the super counter in step ③ for subsequent digital signature.
The super counter initiates a transaction, after the transaction is completed, the transaction voucher is transmitted to the front-end equipment through step ④, after the customer confirms information, electronic signature is carried out on a signature screen of the super counter, then the electronic signature of the customer is synthesized on the electronic voucher by the front-end equipment, the electronic voucher which is synthesized with the signature of the customer is digitally signed by a private key in the signature screen of the super counter (the signature information needs to contain public key certificate information for subsequent signature verification), and then the electronic voucher which is digitally signed and carries the signature of the customer is transmitted back to the super counter through step ⑤.
After receiving the electronic certificate returned in the step ⑤, the super counter transmits an electronic stamp and a signed electronic certificate required for transaction to the front-end equipment through the step ⑥, after receiving the electronic stamp and the signed electronic certificate, the front-end equipment firstly signs the signature of the electronic certificate, judges whether the electronic certificate is the electronic certificate sent to the super counter by the front-end equipment through the step ⑤, if the signature passes and the electronic certificate is not tampered, synthesizes the signed electronic certificate and the electronic stamp into a final electronic certificate, then updates the digital signature of the certificate, returns the final electronic certificate to the super counter through the step ⑦ after updating, and after receiving the certificate, the super counter stores the signed electronic certificate in the file management system of the enterprise through the step ⑧.
The electronic certificate generated by the scheme contains a public key, and the subsequent use can check the certificate by extracting the information of the public key. Fig. 7 is a schematic diagram of an electronic signature verification process disclosed in the embodiment of the present invention, and the verification process of the electronic certificate can be understood by referring to fig. 7.
The proposal synthesizes a transaction certificate, an electronic signature and an electronic seal which are generated in the transaction process into a complete electronic certificate as a paper certificate, and stores the complete electronic certificate into PDF according to the PDF/A standard for long-term storage, thereby ensuring the integrity of the transaction certificate; the digital certificate issued by the certificate issuing server is used for digitally signing the electronic certificate abstract, so that the electronic certificate is ensured to be tamper-proof; storing the electronic signature picture, signature track data and public key certificate information of the client into the electronic certificate, if legal dispute occurs in the later period, extracting relevant information and submitting the relevant information to a judicial authority for legal identification so as to prevent repudiation.
According to the electronic signature method based on the super counter, disclosed by the embodiment of the application, a public and private key pair is generated through an encryption chip, a public key certificate is generated through an encryption link and is stored in the encryption chip, and the public and private keys in the whole process have no leakage risk; the encrypted signature track, the signature note picture, the signature verification and the like are used for preventing repudiation; the anti-tampering links such as customer signature, electronic seal stamping and the like after transaction are ensured through PDF signature, signature verification, electronic seal and the like.
While, for purposes of simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present invention is not limited by the illustrated ordering of acts, as some steps may occur in other orders or concurrently with other steps in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
The method is described in detail in the embodiments disclosed above, and the method of the present invention can be implemented by various types of apparatuses, so that the present invention also discloses an apparatus, and the following detailed description will be given of specific embodiments.
Fig. 8 is a schematic structural diagram of an electronic signature device based on a super counter according to an embodiment of the present invention, where the device shown in fig. 8 is applied to a front-end device of a super counter, and referring to fig. 8, the electronic signature device 80 based on a super counter may include:
a first obtaining module 801, configured to sequentially obtain, by a front-end device, an original transaction certificate generated by the super counter performing transaction processing according to a customer operation and electronic signature information of the customer.
A digital signature module 802, configured to perform digital signature based on the electronic signature information and the original transaction certificate, so as to obtain an intermediate electronic certificate.
And the voucher sending module 803 is used for sending the intermediate electronic voucher to the super counter.
And the certificate receiving module 804 is used for receiving the electronic seal returned by the super counter and the intermediate electronic certificate.
And the certificate synthesis module 805 is configured to synthesize the intermediate electronic certificate and the electronic seal into a target electronic certificate when the intermediate electronic certificate is verified and checked.
The super counter-based electronic signature device disclosed by the embodiment is realized by synthesizing an original transaction certificate, an electronic signature of a client and an electronic seal generated in a transaction process into a final electronic certificate, so that the integrity of the transaction certificate is ensured; the intermediate electronic certificate is digitally signed through the public key certificate, so that the electronic certificate is ensured to be tamper-proof, and the client signature and the public key certificate are synthesized into the electronic certificate and can be used for anti-repudiation verification work.
The digital signature module 802 may include: a signature synthesis module for synthesizing the electronic signature information into the original transaction voucher; and the digital signature submodule is used for digitally signing the original transaction certificate which is synthesized with the electronic signature information by adopting a private key of the front-end equipment to obtain an intermediate electronic certificate.
The signature information of the digital signature comprises a public key certificate so that the subsequent front-end equipment can conveniently check and sign the intermediate electronic certificate returned by the super counter.
In other implementations, the electronic signature apparatus in the super counter may further include a certificate detection module, configured to detect validity of the public key certificate.
In other implementations, the super counter-based electronic signature device may further include: and the public and private key management module is used for generating a public and private key pair for signature in advance and acquiring a public key certificate from the certificate issuing server based on the generated public key.
In other implementations, the super counter-based electronic signature device may further include a storage management module, configured to send the target electronic certificate to the super counter, so that the super counter performs storage processing on the target electronic certificate.
The credential synthesis module is specifically operable to: and synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate in a PDF format.
For specific implementation of the electronic signature device based on the super counter and each module thereof, reference may be made to contents of corresponding parts in the method embodiment, and details are not repeated here.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An electronic signature method based on a super counter is applied to front-end equipment of the super counter, and is characterized by comprising the following steps:
the front-end equipment sequentially acquires an original transaction voucher generated by the super counter performing transaction processing according to the operation of a customer and the electronic signature information of the customer;
performing digital signature based on the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate;
sending the intermediate electronic voucher to the super counter;
receiving the electronic seal and the intermediate electronic certificate returned by the super counter;
and under the condition of verifying the intermediate electronic certificate without errors, synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate.
2. The super counter-based electronic signature method of claim 1, wherein said digitally signing based on said electronically signed message and said original transaction voucher to obtain an intermediate electronic voucher, comprises:
synthesizing the electronically signed information into the original transaction credential;
and digitally signing the original transaction certificate which is synthesized with the electronic signature information by adopting a private key of the front-end equipment to obtain an intermediate electronic certificate.
3. The super counter-based electronic signature method as claimed in claim 2, wherein the signature information of the digital signature includes a public key certificate.
4. The super-counter based electronic signature method of claim 3, further comprising, before said digitally signing based on said electronically signed message and said original transaction voucher to obtain an intermediate electronic voucher:
detecting the validity of the public key certificate;
and if the public key certificate is valid, continuing the data signature processing.
5. The super counter-based electronic signature method of claim 1, further comprising:
a public-private key pair for signature is generated in advance, and a public key certificate is acquired from a certificate issuing server based on the generated public key.
6. The super-counter based electronic signature method of claim 1, further comprising, after synthesizing the target electronic voucher:
and sending the target electronic certificate to the super counter so that the super counter stores and processes the target electronic certificate.
7. The super counter-based electronic signature method of claim 1, said synthesizing said intermediate electronic voucher and said electronic seal into a target electronic voucher, comprising:
and synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate in a PDF format.
8. The utility model provides an electronic signature device based on super sales counter, is applied to the front end equipment of super sales counter, its characterized in that includes:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for sequentially acquiring an original transaction certificate and electronic signature information of a client, which are generated by transaction processing of the super counter according to the operation of the client, by front-end equipment;
the digital signature module is used for carrying out digital signature on the basis of the electronic signature information and the original transaction certificate to obtain an intermediate electronic certificate;
the voucher sending module is used for sending the intermediate electronic voucher to the super counter;
the voucher receiving module is used for receiving the electronic seal returned by the super counter and the intermediate electronic voucher;
and the certificate synthesis module is used for synthesizing the intermediate electronic certificate and the electronic seal into a target electronic certificate under the condition that the intermediate electronic certificate is verified and signed without errors.
9. The super counter-based electronic signature device as recited in claim 8, wherein the digital signature module comprises:
a signature synthesis module for synthesizing the electronic signature information into the original transaction voucher;
and the digital signature submodule is used for digitally signing the original transaction certificate which is synthesized with the electronic signature information by adopting a private key of the front-end equipment to obtain an intermediate electronic certificate.
10. The super counter-based electronic signature method as claimed in claim 9, wherein the signature information of the digital signature includes a public key certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010134939.2A CN111369364B (en) | 2020-03-02 | 2020-03-02 | Electronic signature method and device based on super counter |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010134939.2A CN111369364B (en) | 2020-03-02 | 2020-03-02 | Electronic signature method and device based on super counter |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111369364A true CN111369364A (en) | 2020-07-03 |
| CN111369364B CN111369364B (en) | 2024-02-23 |
Family
ID=71206462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010134939.2A Active CN111369364B (en) | 2020-03-02 | 2020-03-02 | Electronic signature method and device based on super counter |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111369364B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112232813A (en) * | 2020-10-12 | 2021-01-15 | 国网上海市电力公司 | Renewable energy power consumption voucher management method and device based on block chain |
| CN113781223A (en) * | 2021-09-10 | 2021-12-10 | 中国农业银行股份有限公司 | Online transaction method and device, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012247858A (en) * | 2011-05-25 | 2012-12-13 | Yahoo Japan Corp | Authentication system and authentication method |
| CN107689007A (en) * | 2017-04-25 | 2018-02-13 | 平安科技(深圳)有限公司 | Tax excellent declaration form voucher generation method, device and computer-readable recording medium |
| CN108111311A (en) * | 2017-12-25 | 2018-06-01 | 福建升腾资讯有限公司 | A kind of method that bank counter electronic signature is realized based on national secret algorithm |
| CN109191119A (en) * | 2018-07-18 | 2019-01-11 | 南京怡化信息技术有限公司 | Method and system for digital signature and verification of electronic certificate |
| CN109859410A (en) * | 2019-01-29 | 2019-06-07 | 北京翔云在线数据技术有限公司 | A kind of wisdom terminal automatic teller machine and its application |
| CN109919579A (en) * | 2019-02-27 | 2019-06-21 | 上海棕榈电脑系统有限公司 | Electronic document contracting method, device, storage medium and equipment |
| CN110414193A (en) * | 2019-06-26 | 2019-11-05 | 珠海横琴新区润成科技股份有限公司 | A kind of safe encryption method and system of the close PDF document E-seal of state |
-
2020
- 2020-03-02 CN CN202010134939.2A patent/CN111369364B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012247858A (en) * | 2011-05-25 | 2012-12-13 | Yahoo Japan Corp | Authentication system and authentication method |
| CN107689007A (en) * | 2017-04-25 | 2018-02-13 | 平安科技(深圳)有限公司 | Tax excellent declaration form voucher generation method, device and computer-readable recording medium |
| CN108111311A (en) * | 2017-12-25 | 2018-06-01 | 福建升腾资讯有限公司 | A kind of method that bank counter electronic signature is realized based on national secret algorithm |
| CN109191119A (en) * | 2018-07-18 | 2019-01-11 | 南京怡化信息技术有限公司 | Method and system for digital signature and verification of electronic certificate |
| CN109859410A (en) * | 2019-01-29 | 2019-06-07 | 北京翔云在线数据技术有限公司 | A kind of wisdom terminal automatic teller machine and its application |
| CN109919579A (en) * | 2019-02-27 | 2019-06-21 | 上海棕榈电脑系统有限公司 | Electronic document contracting method, device, storage medium and equipment |
| CN110414193A (en) * | 2019-06-26 | 2019-11-05 | 珠海横琴新区润成科技股份有限公司 | A kind of safe encryption method and system of the close PDF document E-seal of state |
Non-Patent Citations (3)
| Title |
|---|
| MOHAMMAD A. ALAHMAD;: "A New Fragile Digital Watermarking Technique for a PDF Digital Holy Quran", 《2013 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTER SCIENCE APPLICATIONS AND TECHNOLOGIES》 * |
| 岳城如,朱鸣: "全行无纸化系统实施方案探究", pages 82 - 83 * |
| 郭正荣;周城;: "基于PKI的电子签章系统的实现", no. 09 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112232813A (en) * | 2020-10-12 | 2021-01-15 | 国网上海市电力公司 | Renewable energy power consumption voucher management method and device based on block chain |
| CN113781223A (en) * | 2021-09-10 | 2021-12-10 | 中国农业银行股份有限公司 | Online transaction method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111369364B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| ES2251415T3 (en) | ELECTRONIC METHOD FOR STORAGE AND RECOVERING ORIGINAL AUTHENTICATED DOCUMENTS. | |
| US8924302B2 (en) | System and method for electronic transmission, storage, retrieval and remote signing of authenticated electronic original documents | |
| US7162635B2 (en) | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents | |
| US20110231645A1 (en) | System and method to validate and authenticate digital data | |
| CN107146120B (en) | Electronic invoice generation method and generation device | |
| CN108092779A (en) | A kind of method and device for realizing electronic signature | |
| US20040139327A1 (en) | System and method for document-driven processing of digitally-signed electronic documents | |
| JP2004537822A (en) | Authentication electronic document management system and method | |
| US20110289318A1 (en) | System and Method for Online Digital Signature and Verification | |
| JPH11512841A (en) | Document authentication system and method | |
| US7606768B2 (en) | Voice signature with strong binding | |
| CN105635187B (en) | Method and device for generating electronic file with stamp and method and device for authenticating electronic file with stamp | |
| CN109118377B (en) | Processing method and system for claim settlement event based on block chain and electronic equipment | |
| US7660981B1 (en) | Verifiable chain of transfer for digital documents | |
| US20030196090A1 (en) | Digital signature system | |
| TWI486808B (en) | System for validating electronic insurance policy with certificate and method thereof | |
| CN111369364B (en) | Electronic signature method and device based on super counter | |
| US11301823B2 (en) | System and method for electronic deposit and authentication of original electronic information objects | |
| CN106559433B (en) | Method and system for fixing electronic evidence and user identity by using digital certificate | |
| US20070192589A1 (en) | System and method for encrypting webpage logs | |
| CN116611098B (en) | File encryption mobile storage method and system, storage medium and electronic equipment | |
| JP5159752B2 (en) | Communication data verification device and computer program therefor | |
| CN115879998A (en) | Offline use method for electronic ticket | |
| CN116545762A (en) | Financial electronic information authentication system and method | |
| TWM508733U (en) | Authentication system of electronic insurance policy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |