CN112118105A - Electronic file signature method and device and terminal equipment - Google Patents
Electronic file signature method and device and terminal equipment Download PDFInfo
- Publication number
- CN112118105A CN112118105A CN201910531500.0A CN201910531500A CN112118105A CN 112118105 A CN112118105 A CN 112118105A CN 201910531500 A CN201910531500 A CN 201910531500A CN 112118105 A CN112118105 A CN 112118105A
- Authority
- CN
- China
- Prior art keywords
- signing
- signature
- data
- request
- middleware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000004590 computer program Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 14
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 3
- VYZAMTAEIAYCRO-UHFFFAOYSA-N Chromium Chemical compound [Cr] VYZAMTAEIAYCRO-UHFFFAOYSA-N 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention is suitable for the technical field of computers, and provides a method, a device and a terminal device for signing an electronic file, wherein the method comprises the following steps: receiving a signature request carrying signature data sent by a signature platform through Socket service; the signing data is generated at least according to the signing object data and the signing public key; calling a Cryptographic Service Provider (CSP) to sign the signing data according to the signing request to obtain signing result data; and sending the signature result data to the signing platform through Socket service so that the signing platform completes signing on the signature object data according to the signature result data. The invention realizes a cross-browser electronic signature method, and solves the technical problems of signature failure or complex signature caused by browser reasons in the related technology.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a method and a device for signing an electronic file and terminal equipment.
Background
In recent years, with the implementation of national internet + strategy and the rapid development of mobile internet, the application fields of various electronic documents, such as electronic contracts, become more and more extensive, and large enterprises or government agencies realize document signing through an electronic document signing platform. In order to realize quick file signing and guarantee legal validity of signature, many systems are currently applied to Cryptographic Service Providers (CSPs), such as UKey, to realize signing, and different types of digital certificates of various manufacturers are increasingly applied to internet file signing scenes.
Because the hardware and the driver of the current CSP manufacturer are not uniform, the compatibility of the browser signature control is inconsistent, and a plurality of CSP manufacturers do not support the novel browsers such as Chrome and the like. However, users often use the browser according to personal habits, or have to use a very old browser version based on the limitation of some CSP manufacturers, which makes users often fail to sign for the browser reason, or the signing process is very tedious. Therefore, a new method for signing an electronic document is needed to solve the problem.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a terminal device for signing an electronic document, so as to solve the technical problem in the related art that a signing platform fails to sign or signs a signature fussy due to a browser.
A first aspect of an embodiment of the present invention provides a method for signing an electronic file, including:
receiving a signature request carrying signature data sent by a signature platform through Socket service; the signing data is generated at least according to the signing object data and the signing public key;
calling a Cryptographic Service Provider (CSP) to sign the signing data according to the signing request to obtain signing result data;
and sending the signature result data to the signing platform through Socket service so that the signing platform completes signing on the signature object data according to the signature result data.
A second aspect of an embodiment of the present invention provides a method for signing an electronic file, including:
generating signing data at least according to the data of the signing object and the public signature key, and sending a signing request carrying the signing data to the middleware through a Socket service so that the middleware calls the CSP (service provider) to sign the signing data according to the signing request to obtain signing result data;
receiving the signature result data sent by the middleware through the Socket service, and finishing the signature of the signature object data according to the signature result data
A third aspect of an embodiment of the present invention provides an apparatus for signing an electronic file, including:
the first receiving module is used for receiving a signature request which is sent by the signing platform and carries signing data through Socket service; the signing data is generated at least according to the signing object data and the signing public key;
the calling module is used for calling the CSP to sign the signing data according to the signing request to obtain signing result data;
and the first sending module is used for sending the signature result data to the signing platform through a Socket service so that the signing platform completes the signature of the signature object data according to the signature result data.
A fourth aspect of the embodiments of the present invention provides an apparatus for signing an electronic file, including:
the generating and sending module is used for generating signing data at least according to the data of the signing object and the public signature key, and sending a signing request carrying the signing data to the middleware through a Socket service so that the middleware calls the CSP (service provider) to sign the signing data according to the signing request to obtain signing result data;
and the receiving module is used for receiving the signature result data sent by the middleware through the Socket service and finishing the signature of the signature object data according to the signature result data.
A fifth aspect of embodiments of the present invention provides a terminal device, including a memory and a processor, where the memory stores a computer program operable on the processor, and the processor executes the computer program to implement the steps of the method according to the first aspect and/or the second aspect.
A sixth aspect of embodiments of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method according to the first and/or second aspect.
In the embodiment of the invention, a signing request which is sent by a signing platform and carries signing data is received through Socket service; calling a Cryptographic Service Provider (CSP) to sign the signing data according to the signing request to obtain signing result data; and sending the signature result data to the signing platform through Socket service so that the signing platform completes signing on the signature object data according to the signature result data. Because the signing platform supports Socket service, the middleware can be accessed in the mode; and the CSP is accessed through the middleware, so that the cross-browser electronic signature method is realized, and the technical problems of signature failure or complex signature caused by the browser in the related technology are solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of an implementation of a method for signing an electronic document according to an embodiment of the present invention;
FIG. 2 is a flow chart of an implementation of another method for signing an electronic document according to an embodiment of the present invention;
FIG. 3 is a flow chart of an implementation of another method for signing an electronic document according to an embodiment of the present invention;
FIG. 4 is a flow chart of an implementation of another method for signing an electronic document according to an embodiment of the present invention;
FIG. 5 is a flow chart of an implementation of another method for signing an electronic document according to an embodiment of the present invention;
FIG. 6 is a flow chart of an implementation of another method for signing an electronic document according to an embodiment of the present invention;
FIG. 7 is a flow chart of an implementation of another method for signing an electronic document according to an embodiment of the present invention;
FIG. 8 is a block diagram of an apparatus for signing an electronic document according to an embodiment of the present invention;
FIG. 9 is a block diagram of an apparatus for signing an electronic document according to an embodiment of the present invention;
fig. 10 is a schematic diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In order to explain the technical solution of the present invention, the following description is made with reference to the accompanying drawings in combination with the embodiments.
In order to make the technical solutions of the present invention better understood by those skilled in the art, the technical solutions in the embodiments of the present invention will be described below clearly and completely with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those of ordinary skill in the art based on the embodiments of the present invention should fall within the protection scope of the present invention without any creative effort. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
It should be noted that the description referring to "first" or "second", etc. in the terms of the description, the claims and the drawings of the present invention is only used for distinguishing similar objects, and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated, that is, these descriptions are not necessarily used for describing a particular order or sequence order. Furthermore, it should be understood that the descriptions may be interchanged under appropriate circumstances in order to describe embodiments of the invention.
Fig. 1 shows an implementation flow of a method for signing an electronic file according to an embodiment of the present invention, where the method flow includes steps S102 to S106. The method is suitable for the situation that signature is needed. The method is executed by an electronic file signing device, and the electronic file signing device is configured on a terminal device and can be realized by software and/or hardware. The specific implementation principle of each step is as follows.
S102, receiving a signature request carrying signature data sent by a signature platform through a Socket service; the signing data is generated at least according to the signing object data and the signing public key.
And step 102, the middleware receives a signature request carrying signature data sent by a signing platform through a Socket service. The middleware described in the embodiments of the present invention is an independent system software or service program, and resources are shared between different technologies by means of the middleware. The middleware is located on the operating system of the terminal device or the server, manages computer resources and network communication, and is software for connecting two independent applications or independent systems. As an embodiment of the present invention, the middleware may be a terminal application or a fast program.
The signing platform is a browser platform enabling signature object data to be signed. The signing platform can be a webpage application program or a website and the like supporting Socket service, and the specific implementation form of the signing platform is not limited by the invention. Socket services are typically supported by various browsers, such as Chrome, Firefox, Edge, FF, and the like.
The signature object data is an electronic file, and the electronic file includes but is not limited to an electronic contract, an important document, even non-papery data such as a picture or a photo. The signature object data may be stored in the signing platform in advance, may also be uploaded by the user in time, and may also be obtained from a third party device or a server or a cloud, which is not limited in this invention. However, after the user uploads or obtains the signature object data from the third-party device or the server or the cloud end in real time, the signature object data needs to be stored in the signing platform for final signature.
The signing platform generates signing data at least according to the signing object data and the signing public key, and sends a signing request carrying the signing data to the middleware through Socket service. And the middleware receives a signature request carrying the signing data sent by the signing platform.
It should be noted that the public signature key of the signing platform and the private key stored in the CSP mentioned later are a pair of keys, which may be symmetric or asymmetric keys, and accordingly, the encryption and decryption algorithm may be a symmetric encryption and decryption algorithm or an asymmetric encryption and decryption algorithm, including but not limited to RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC (elliptic curve encryption algorithm), which is not limited in this disclosure.
It is to be understood that the process of generating the signature data from the signature object data and the public signature key is a process of encrypting the signature object data.
Illustratively, the signature public key is used to perform encryption calculation on the signature object data to obtain a digest message as the signature data, or the signature public key and the signature object data are subjected to hash calculation to obtain a hash value as the signature data. It should be noted that the description is only exemplary and should not be construed as limiting the invention.
And S104, calling the CSP to sign the signing data according to the signing request to obtain signing result data.
And 104, the middleware calls the CSP to sign the signing data according to the signing request to obtain signing result data. The CSP includes, but is not limited to, UKey, Smart Key, etc.
In the embodiment of the invention, the middleware realizes the CryptoAPI standard, so that only the CSP is based on the CryptoAPI standard, but in general, the CSP supports the CryptoAPI. Therefore, in the embodiment of the invention, a Socket port is started by starting the middleware, the browser calls the middleware through the Web Socket, and the middleware calls the signature through the CryptoAPI of the operating system, so that the electronic file signature method across browsers is realized, and the technical problems of signature failure or complicated user operation caused by browser problems are solved.
Optionally, in an embodiment of the present invention, the invoking the CSP to sign the signing data according to the signing request to obtain signing result data includes:
and triggering the CSP to carry out user identity verification according to the signature request, and calling the CSP to sign the signature data to obtain signature result data if the user identity verification is passed.
And the middleware triggers the CSP to carry out user identity verification according to the signature request, and calls the CSP to sign the signed data to obtain signature result data only under the condition that the user identity verification is passed.
Illustratively, the middleware triggers the CSP to send a message requesting to input the PIN code, when the CSP receives the correct PIN code input by the user, the user identity verification is passed, and the middleware calls a private key stored in advance by the CSP to encrypt signed data to obtain signed result data.
S106, sending the signature result data to the signing platform through a Socket service, so that the signing platform completes signing on the signature object data according to the signature result data.
And 106, the middleware sends the signature result data to the signing platform through Socket service, and the signing platform finishes signing the signature object data after receiving the signature result data.
Illustratively, the signing platform generates a PDF document in a preset format, and displays the signature object data at a first preset position of the PDF document and the signature result data at a second preset position.
In the embodiment of the invention, the middleware is used for realizing the cross-browser electronic file signature, so that a user does not need to download different browser plug-ins respectively, care about CSP specific manufacturers and installation of different page signature controls, signature failure caused by browser problems is avoided, the operation steps are simplified, the signing efficiency is improved, the software deployment and debugging cost is reduced, and the electronic file signing scene is supplemented and perfected.
On the basis of the embodiment shown in fig. 1, fig. 2 shows a flowchart for implementing another electronic file signing method. As shown in fig. 2, steps 101 ', 101 ", and 101"' are also added prior to step 102 of the embodiment shown in fig. 1. It should be noted that the steps that are the same as those in the embodiment of fig. 1 are not repeated herein, please refer to the foregoing description.
S101', a certificate acquisition request sent by a signing platform is received through a Socket service.
The middleware receives a certificate acquisition request sent by the signing platform through a Socket service. Illustratively, the middleware receives a request for sending and acquiring a certificate, which is triggered by a signing platform when a preset condition is met, through a Socket service, where the meeting of the preset condition may trigger a predetermined virtual control and/or press a predetermined physical key for a user, or the user executes an operation gesture of a preset trajectory, or a focus changes along the preset trajectory, and the like. The focus may be a position of a finger of the user, a position of a cursor, or the like, which can be sensed by the display screen.
And S101', reading a signature certificate which is stored in the CSP in advance and comprises a signature public key according to the certificate acquisition request.
The middleware reads a signature certificate which is stored in the CSP in advance and comprises a signature public key according to the certificate acquisition request. Illustratively, the signature certificate may be a digital certificate including at least a public signature key.
S101', the signature certificate is sent to a signing platform through Socket service, so that the signing platform obtains a signature public key according to the signature certificate.
And the middleware sends the signature certificate to a signing platform through Socket service. And the signing platform verifies the signature certificate, acquires a signature public key in the signature certificate when the signature certificate passes the verification, then acquires signature object data, generates signing data at least according to the signature object data and the signature public key, and sends a signature request carrying the signing data to the middleware through a Socket service.
S102, receiving a signature request carrying signature data sent by a signature platform through a Socket service; the signing data is generated at least according to the signing object data and the signing public key.
And S104, calling the CSP to sign the signing data according to the signing request to obtain signing result data.
S106, sending the signature result data to the signing platform through a Socket service, so that the signing platform completes signing on the signature object data according to the signature result data.
In the embodiment of the invention, the process that the signing platform acquires the signature certificate through the middleware and acquires the signature public key in the signature certificate to generate the signing data is added, so that the security of the electronic file signature is greatly improved.
Fig. 3 shows an implementation flow of another method for signing an electronic file according to an embodiment of the present invention, where the method flow includes steps S302 and S304. The method is suitable for the situation that signature is needed. The method is executed by an electronic file signing device, and the electronic file signing device is configured on a terminal device and can be realized by software and/or hardware. It should be noted that, the embodiment is not described in detail, please refer to the corresponding description of the embodiment shown in fig. 1.
S302, generating signing data at least according to the signing object data and the signing public key, and sending a signing request carrying the signing data to the middleware through a Socket service, so that the middleware calls the CSP to sign the signing data according to the signing request to obtain signing result data.
S304, receiving the signature result data sent by the middleware through the Socket service, and finishing the signature of the signature object data according to the signature result data.
On the basis of the embodiment shown in fig. 3, fig. 4 shows a flowchart for implementing another electronic file signing method. As shown in fig. 4, steps 301' and 301 "are added before step 302 of the embodiment shown in fig. 3. It should be noted that the steps that are the same as those in the embodiment of fig. 3 are not repeated herein, please refer to the foregoing description.
S301', a certificate acquisition request is sent to the middleware through a Socket service, so that when the middleware receives the certificate acquisition request, a signature certificate which is stored in the CSP in advance and comprises a signature public key is read according to the certificate acquisition request;
and S301', receiving the signature certificate sent by the middleware through the Socket service, and obtaining a signature public key according to the signature certificate.
S302, generating signing data at least according to the signing object data and the signing public key, and sending a signing request carrying the signing data to the middleware through a Socket service, so that the middleware calls the CSP to sign the signing data according to the signing request to obtain signing result data.
S304, receiving the signature result data sent by the middleware through the Socket service, and finishing the signature of the signature object data according to the signature result data.
Optionally, on the basis of the embodiment shown in fig. 3 or fig. 4, the enabling the middleware to invoke the CSP to sign the signing data according to the signing request to obtain signing result data includes:
so that the middleware triggers the CSP to carry out user identity verification according to the signature request, and if the user identity verification is passed, the CSP is called to carry out signature on the signature data to obtain signature result data
Fig. 5 shows an implementation flow of another method for signing an electronic file according to an embodiment of the present invention, where the method flow includes steps S501 and S503. It should be noted that, the steps already described in the foregoing embodiments are not repeated herein, please refer to the foregoing.
S501, a signing platform generates signing data at least according to the signing object data and the signing public key, and sends a signing request carrying the signing data to a middleware;
s502, the middleware calls the CSP to sign the signing data according to the signing request to obtain signing result data, and the signing result data are sent to the signing platform through Socket service;
s503, the signing platform receives the signature result data and completes the signature of the signature object data according to the signature result data.
Fig. 6 shows an implementation flow of another method for signing an electronic file according to an embodiment of the present invention, where the method flow includes steps S601 and S605. It should be noted that, the steps already described in the foregoing embodiments are not repeated herein, please refer to the foregoing.
S601, the signing platform sends a certificate acquisition request to the middleware through a Socket service;
s602, when receiving the certificate acquisition request, the middleware reads a signature certificate pre-stored in CSP according to the certificate acquisition request, and sends the signature certificate to the signing platform through a Socket service;
s603, the signing platform receives the signature certificate and obtains a signature public key according to the signature certificate;
s604, the signing platform generates signing data at least according to the signing object data and the signing public key, and sends a signing request carrying the signing data to the middleware;
s605, the middleware calls the CSP to sign the signing data according to the signing request to obtain signing result data, and sends the signing result data to the signing platform through Socket service;
and S606, the signing platform receives the signature result data and completes the signature of the signature object data according to the signature result data.
The following describes an implementation process of the embodiment of the present invention through a specific scenario description. It should be noted that the description is only exemplary and should not be construed as limiting the invention.
As shown in fig. 7, a user first installs a UKey driver of each home UKey manufacturer in a computer, and then installs a desktop program of a cross-browser signature middleware, where the middleware implements a CryptoAPI standard and can read and use a signature certificate in the UKey. After the installation is finished, if the middleware is started, the middleware can regularly detect the UKey connected with the computer, read out an available signature certificate, display the signature certificate on a corresponding interface, and check the details of the corresponding certificate by clicking a check button.
And when a user logs in the signing platform to enter an electronic document signing interface and submits the electronic document signing, the signing platform reads the signing certificate in the UKey and uploads the signing certificate in the local calling middleware through Web Socket communication. The signing platform carries out signing object data preprocessing, stores the signing object data, calculates an abstract as signing data according to the signing object data and a signature public key in a signature certificate, and transmits the signing data to the middleware through Socket service for local signing after confirming that the signing data is correct. At the moment, the PIN code of the UKey is popped up in the user computer, and after the user inputs the correct PIN code, the UKey signature is completed. And the signing platform acquires the signature value and synthesizes the signature value into the document of the signature object data to complete the signing process.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 7 shows a block diagram of an apparatus for signing an electronic document according to an embodiment of the present invention, which corresponds to the method for signing an electronic document described in the above embodiment, and for convenience of description, only the parts related to the embodiment of the present invention are shown.
Referring to fig. 8, the apparatus for signing an electronic document includes:
the first receiving module 81 is configured to receive, through a Socket service, a signature request carrying signature data sent by a signing platform; the signing data is generated at least according to the signing object data and the signing public key;
the calling module 82 is used for calling the encryption service provider CSP to sign the signing data according to the signing request to obtain signing result data;
the first sending module 83 is configured to send the signature result data to the signing platform through a Socket service, so that the signing platform completes signing on the signature object data according to the signature result data. .
Optionally, the apparatus for signing an electronic file further includes:
the second sending module is used for receiving a certificate acquisition request sent by the signing platform through a Socket service;
the reading module is used for reading a signature certificate which is stored in the CSP in advance and comprises a signature public key according to the certificate acquisition request;
and the third sending module is used for sending the signature certificate to a signing platform through Socket service so that the signing platform obtains a signature public key according to the signature certificate.
Optionally, the invoking module 82 is specifically configured to:
and triggering the CSP to carry out user identity verification according to the signature request, and calling the CSP to sign the signature data to obtain signature result data if the user identity verification is passed.
Fig. 9 is a block diagram illustrating another apparatus for signing an electronic document according to an embodiment of the present invention, and only the parts related to the embodiment of the present invention are shown for convenience of illustration.
Referring to fig. 9, the apparatus for signing an electronic document includes:
the generating and sending module 91 is configured to generate signed data at least according to the data of the signature object and the public signature key, and send a signature request carrying the signed data to the middleware through a Socket service, so that the middleware calls the CSP to sign the signed data according to the signature request to obtain signature result data;
a first receiving module 92, configured to receive the signature result data sent by the middleware through a Socket service, and complete a signature on the signature object data according to the signature result data.
Optionally, the apparatus for signing an electronic document further includes:
the first acquisition module is used for sending an acquisition certificate request to the middleware through a Socket service, so that the middleware reads a signature certificate which is stored in the CSP in advance and comprises a signature public key according to the acquisition certificate request when receiving the acquisition certificate request;
and the second receiving module is used for receiving the signature certificate sent by the middleware through the Socket service and obtaining a signature public key according to the signature certificate.
Fig. 10 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 10, the terminal device 10 of this embodiment includes: a processor 100, a memory 101 and a computer program 102, such as an electronic file signing program, stored in said memory 101 and executable on said processor 100. The processor 100 executes the computer program 102 to implement the steps in the above-mentioned method embodiment of signing an electronic document, such as steps S102 to S106 shown in fig. 1 and steps S302 to S304 shown in fig. 3. Alternatively, the processor 100, when executing the computer program 102, implements the functions of the modules/units in the device embodiments, such as the functions of the modules 81 to 83 shown in fig. 8 and the functions of the modules 91 to 92 shown in fig. 9.
Illustratively, the computer program 102 may be partitioned into one or more modules/units that are stored in the memory 101 and executed by the processor 100 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 102 in the terminal device 10.
The terminal device 10 may be a smart phone, a computer, a tablet, etc. The terminal device 10 may include, but is not limited to, a processor 100, a memory 101. Those skilled in the art will appreciate that fig. 10 is merely an example of a terminal device 10 and does not constitute a limitation of terminal device 10 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.
The Processor 100 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 101 may be an internal storage unit of the terminal device 10, such as a hard disk or a memory of the terminal device 10. The memory 101 may also be an external storage device of the terminal device 10, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 10. Further, the memory 101 may also include both an internal storage unit and an external storage device of the terminal device 10. The memory 101 is used for storing the computer program and other programs and data required by the terminal device. The memory 101 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A method of electronic document signing, comprising:
receiving a signature request carrying signature data sent by a signature platform through Socket service; the signing data is generated at least according to the signing object data and the signing public key;
calling a Cryptographic Service Provider (CSP) to sign the signing data according to the signing request to obtain signing result data;
and sending the signature result data to the signing platform through Socket service so that the signing platform completes signing on the signature object data according to the signature result data.
2. The method of claim 1, wherein before receiving, through the Socket service, the signature request carrying the signing data sent by the signing platform, the method further comprises:
receiving a certificate acquisition request sent by a signing platform through Socket service;
reading a signature certificate which is stored in the CSP in advance and comprises a signature public key according to the certificate acquisition request;
and sending the signature certificate to a signing platform through Socket service so that the signing platform obtains a signature public key according to the signature certificate.
3. The method according to claim 1 or 2, wherein said invoking the CSP to sign the signed data according to the signature request to obtain signature result data comprises:
and triggering the CSP to carry out user identity verification according to the signature request, and calling the CSP to sign the signature data to obtain signature result data if the user identity verification is passed.
4. A method of electronic document signing, comprising:
generating signing data at least according to the data of the signing object and the public signature key, and sending a signing request carrying the signing data to the middleware through a Socket service so that the middleware calls the CSP (service provider) to sign the signing data according to the signing request to obtain signing result data;
and receiving the signature result data sent by the middleware through a Socket service, and finishing the signature of the signature object data according to the signature result data.
5. The method of claim 4, wherein prior to generating the signed data based at least on the signature object data and the public signature key, further comprising:
sending a certificate acquisition request to the middleware through a Socket service, so that the middleware reads a signature certificate which is stored in the CSP in advance and comprises a signature public key according to the certificate acquisition request when receiving the certificate acquisition request;
and receiving the signature certificate sent by the middleware through the Socket service, and obtaining a signature public key according to the signature certificate.
6. The method according to claim 4 or 5, wherein said causing middleware to invoke said CSP to sign said signed data according to said signature request to obtain signature result data comprises:
and triggering the CSP to carry out user identity verification by the middleware according to the signature request, and calling the CSP to sign the signature data to obtain signature result data if the user identity verification is passed.
7. An apparatus for electronic document signing, comprising:
the first receiving module is used for receiving a signature request which is sent by the signing platform and carries signing data through Socket service; the signing data is generated at least according to the signing object data and the signing public key;
the calling module is used for calling the CSP to sign the signing data according to the signing request to obtain signing result data;
and the first sending module is used for sending the signature result data to the signing platform through a Socket service so that the signing platform completes the signature of the signature object data according to the signature result data.
8. An apparatus for electronic document signing, comprising:
the generating and sending module is used for generating signing data at least according to the data of the signing object and the public signature key, and sending a signing request carrying the signing data to the middleware through a Socket service so that the middleware calls the CSP (service provider) to sign the signing data according to the signing request to obtain signing result data;
and the first receiving module is used for receiving the signature result data sent by the middleware through the Socket service and finishing the signature of the signature object data according to the signature result data.
9. A terminal device comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor, wherein the processor, when executing the computer program, performs the steps of the method according to any of claims 1 to 6.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910531500.0A CN112118105B (en) | 2019-06-19 | 2019-06-19 | Electronic file signing method and device and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910531500.0A CN112118105B (en) | 2019-06-19 | 2019-06-19 | Electronic file signing method and device and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112118105A true CN112118105A (en) | 2020-12-22 |
| CN112118105B CN112118105B (en) | 2024-03-01 |
Family
ID=73795514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910531500.0A Active CN112118105B (en) | 2019-06-19 | 2019-06-19 | Electronic file signing method and device and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118105B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030078880A1 (en) * | 1999-10-08 | 2003-04-24 | Nancy Alley | Method and system for electronically signing and processing digital documents |
| CN104301113A (en) * | 2014-10-17 | 2015-01-21 | 飞天诚信科技股份有限公司 | Digital signing method and system based on multiple certificates and multiple purposes |
| CN105553662A (en) * | 2014-10-29 | 2016-05-04 | 航天信息股份有限公司 | Dynamic digital right management method and system based on identification password |
| CN107094081A (en) * | 2017-06-28 | 2017-08-25 | 济南浪潮高新科技投资发展有限公司 | The solution that a kind of use UsbKey for supporting many browsers is digitally signed |
| CN107844946A (en) * | 2017-06-19 | 2018-03-27 | 深圳法大大网络科技有限公司 | A kind of method, apparatus and server of electronic contract signature |
| CN109087056A (en) * | 2018-06-15 | 2018-12-25 | 平安科技(深圳)有限公司 | Electronic contract signs method, apparatus and server |
| CN109815022A (en) * | 2017-11-21 | 2019-05-28 | 北京握奇智能科技有限公司 | A kind of internet banking system signature control solution and system |
-
2019
- 2019-06-19 CN CN201910531500.0A patent/CN112118105B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030078880A1 (en) * | 1999-10-08 | 2003-04-24 | Nancy Alley | Method and system for electronically signing and processing digital documents |
| CN104301113A (en) * | 2014-10-17 | 2015-01-21 | 飞天诚信科技股份有限公司 | Digital signing method and system based on multiple certificates and multiple purposes |
| CN105553662A (en) * | 2014-10-29 | 2016-05-04 | 航天信息股份有限公司 | Dynamic digital right management method and system based on identification password |
| CN107844946A (en) * | 2017-06-19 | 2018-03-27 | 深圳法大大网络科技有限公司 | A kind of method, apparatus and server of electronic contract signature |
| CN107094081A (en) * | 2017-06-28 | 2017-08-25 | 济南浪潮高新科技投资发展有限公司 | The solution that a kind of use UsbKey for supporting many browsers is digitally signed |
| CN109815022A (en) * | 2017-11-21 | 2019-05-28 | 北京握奇智能科技有限公司 | A kind of internet banking system signature control solution and system |
| CN109087056A (en) * | 2018-06-15 | 2018-12-25 | 平安科技(深圳)有限公司 | Electronic contract signs method, apparatus and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112118105B (en) | 2024-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11501533B2 (en) | Media authentication using distributed ledger | |
| JP6204986B2 (en) | Safe handling of server certificate errors in synchronous communication | |
| CN111164596A (en) | System integrity using attestation to a virtual trusted platform module | |
| CN110838071B (en) | Policy data processing method, device and server | |
| CN112039826B (en) | Login method and device applied to applet end, electronic equipment and readable medium | |
| CN110535659B (en) | Method, apparatus, electronic device and computer readable medium for processing data request | |
| CN111212075A (en) | Service request processing method and device, electronic equipment and computer storage medium | |
| CN110598460B (en) | Block chain-based electronic signature method and device and storage medium | |
| CN112131599A (en) | Method, device, equipment and computer readable medium for checking data | |
| CN113259342A (en) | Login verification method, device, computer equipment and medium | |
| CN117561508A (en) | Cross-session issuance of verifiable credentials | |
| CN113259494B (en) | File storage method and device, electronic equipment and storage medium | |
| CN112988311A (en) | On-line experimental method based on WEB server | |
| CN110875899A (en) | Data processing method, system and network system | |
| CN112925589B (en) | Calling method and device of expansion interface | |
| CN110602218B (en) | Method and related device for assembling cloud service in user-defined manner | |
| CN112632573A (en) | Intelligent contract execution method, device and system, storage medium and electronic equipment | |
| CN113378147A (en) | Method for user to log in service platform | |
| US11539711B1 (en) | Content integrity processing on browser applications | |
| CN112118105B (en) | Electronic file signing method and device and terminal equipment | |
| CN115482132A (en) | Data processing method and device for electronic contract based on block chain and server | |
| CN114912097A (en) | Certificate verification method and device, electronic equipment and storage medium | |
| CN110995437B (en) | ETC system-based user information input method, device, equipment and storage medium | |
| CN104426856A (en) | Application login method, device and user equipment | |
| CN111339518A (en) | Certificate storage method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |