CN113360878B - Signature method, device, server and medium - Google Patents
Signature method, device, server and medium Download PDFInfo
- Publication number
- CN113360878B CN113360878B CN202010152645.2A CN202010152645A CN113360878B CN 113360878 B CN113360878 B CN 113360878B CN 202010152645 A CN202010152645 A CN 202010152645A CN 113360878 B CN113360878 B CN 113360878B
- Authority
- CN
- China
- Prior art keywords
- client
- middleware
- information
- ukey
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application is applicable to the technical field of information security, and provides a signature method, a signature device, a server and a medium, wherein the method comprises the following steps: when user information is received, determining client middleware corresponding to the user information; acquiring a file to be signed, and sending a signing request aiming at the file to be signed to the client middleware so as to instruct the client middleware to acquire target seal information according to the signing request; receiving the target seal information returned by the client middleware; and signing the file to be signed by adopting the target seal information. By the method, the remote signature can be realized without the limitation of the geographical position.
Description
Technical Field
The present application belongs to the field of information security technologies, and in particular, to a signature method, apparatus, server, and medium.
Background
With the development of computer technology, information security is receiving more and more attention. The electronic signature technology can protect the file security through a technical means, and is more and more widely applied to an information system.
The UKey is a small storage device which is directly connected with a computer through a Universal Serial Bus (USB) interface, has a password verification function, and is reliable and high-speed. The UKey can be applied to electronic signature service, in the using process of the traditional UKey, strict identity verification must be carried out in the issuing process according to the requirements of related departments of the state, and the user identity verification is carried out in the using process by combining the PIN code, so that the UKey is a true holder of the signature, and the UKey is one of the most rigorous signature schemes at present. But electronic signature using the UKey requires that the UKey holder can carry the UKey with him to realize timely signature. In actual work, it is difficult to carry the UKey with the user based on the management requirement, so that some people must wait for completing the operation in a specific time period and a specific place during the flow of the signature process.
Disclosure of Invention
The embodiment of the application provides a signature method, a signature device, a server and a medium, which can realize remote signature, so that the adoption of UKey for electronic signature is not limited by geographical positions.
In a first aspect, an embodiment of the present application provides a signature method, which is applied to a server, and the method includes:
when user information is received, determining client middleware corresponding to the user information;
acquiring a file to be signed, and sending a signing request aiming at the file to be signed to the client middleware so as to indicate the client middleware to acquire target seal information according to the signing request;
receiving the target seal information returned by the client middleware;
and signing the file to be signed by adopting the target seal information.
In a second aspect, an embodiment of the present application provides a signature apparatus, which is applied to a server, and the apparatus includes:
the system comprises a determining module, a judging module and a judging module, wherein the determining module is used for determining client middleware corresponding to user information when the user information is received;
the request sending module is used for obtaining a file to be signed and sending a signing request aiming at the file to be signed to the client-side middleware so as to indicate the client-side middleware to obtain target seal information according to the signing request;
the seal information receiving module is used for receiving the target seal information returned by the client middleware;
and the signature module is used for adopting the target seal information to sign the file to be signed.
In a third aspect, an embodiment of the present application provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor, when executing the computer program, implements the method according to the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the method according to the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a server, causes the server to perform the method of any one of the first aspect.
Compared with the prior art, the embodiment of the application has the advantages that: in the application, after the server receives the user information, the user is matched with the stored registration information, so that the client middleware corresponding to the user information is determined; when the server receives the file to be signed from the user, the server sends a signing request to the client middleware corresponding to the user information, receives the seal information sent by the client middleware, and then adopts the seal information to sign the file to be signed. By the method, the UKey is inserted and resided on the terminal in the local area network, and the server is connected with the client middleware of the terminal, so that the UKey can be driven by calling a driving program through the client middleware, a UKey holder can realize electronic signature without carrying the UKey, and the UKey is not limited by the geographical position; other people may also use the UKey to complete the signature with the owner's authorization.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of a signature method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a signature method according to a second embodiment of the present application;
fig. 3 is a schematic flowchart of a signature method provided in the third embodiment of the present application;
FIG. 4 is a block diagram of a signature system according to a fourth embodiment of the present disclosure;
fig. 5 is a schematic flowchart of a signature method according to a fourth embodiment of the present application;
fig. 6 is a schematic structural diagram of a signature apparatus according to a fifth embodiment of the present application;
fig. 7 is a schematic structural diagram of a server according to a sixth embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
Fig. 1 is a schematic flowchart of a signature method provided in an embodiment of the present application, and as shown in fig. 1, the method includes:
s101, when user information is received, determining client middleware corresponding to the user information;
the execution subject of the embodiment is a server or a server cluster. The server may communicate with clients, including a cloud server. The server includes a Software-as-a-service (saas) signing platform.
Specifically, the user may insert the Ukey in advance into a device in the Ukey holder lan, the device may be a server in the lan or a terminal device in the lan, and the device into which the Ukey is inserted may be placed in a dedicated machine room, and the security management is enhanced for the dedicated machine room. The equipment inserted with the UKey can comprise a UKey driver and a client middleware, and the driver can be called to drive the UKey to execute actions through the client middleware. After the user inserts the UKey into the equipment in the local area network, the UKey can initiate registration to the server through the client middleware and establish long connection with the server, the server can store user information, the UKey number and the client middleware information in an associated mode, and the client middleware information can comprise a port number and an IP (Internet protocol).
A user can randomly use one piece of networking equipment to log in a server, user information is sent to the server during logging in, and after the server receives the user information, corresponding client middleware information can be searched from a database according to the user information to determine corresponding client middleware. The device used by the user during login can be a device in the local area network or a device not in the local area network, and the login place can not be limited by the geographical position. The user information may include a user name and a password used in registration, and the server may determine whether the login is successful according to the user name and the password.
S102, acquiring a file to be signed, and sending a signing request aiming at the file to be signed to the client middleware to indicate the client middleware to acquire target seal information according to the signing request;
the target seal information comprises a digital certificate and electronic seal information, and the digital certificate and the electronic seal information can be stored in the UKey.
Specifically, after the user logs in, a signing task can be initiated, the user can upload a file to be signed to the server, and after the server acquires the file to be signed, the server needs to acquire signing information from the UKey. Therefore, the server can send a signature request to the client middleware, and the client can call the driver to acquire the seal information from the UKey after receiving the request sent by the server.
S103, receiving the target seal information returned by the client middleware;
the UKey comprises a digital certificate, electronic seal information and a secret key, wherein the digital certificate is a digital certificate which marks identity information of each communication party in internet communication, people can use the digital certificate to identify the identity of the other party on the internet, and the electronic seal information can be an image which is set by a user and indicates the identity.
Specifically, the server receives target seal information returned by the client middleware.
And S104, signing the file to be signed by adopting the target seal information.
Specifically, after receiving the target seal information, the server may calculate a hash value by using a hash algorithm for the target seal information and the file to be signed, and then send the hash value to the client middleware; the client middleware can call a driver to drive a UKey to encrypt the hash value to obtain a signature value, and then returns the signature value to the server; and after receiving the signature value, the server synthesizes the signature value and the image of the electronic seal into a file waiting for signature, and finishes the electronic signature.
In the embodiment, by remotely calling the UKey, the user can complete the signature in the local area network or the Internet without being limited by the geographic position, so that the timeliness of the signature service is improved.
Fig. 2 is a schematic flowchart of a signature method provided in the second embodiment of the present application, and as shown in fig. 2, the method includes:
s201, receiving a registration request sent by a client middleware;
the execution subject of this embodiment may be a server live server cluster, and the server includes a cloud server.
Specifically, before signing, the UKey may be inserted into one device in the lan, and a UKey driver and a client middleware are installed on the device, where the UKey driver is used to drive the UKey to perform an action, the client middleware is used to connect to the server, and the client middleware can call the UKey driver to drive the UKey to perform an action. The equipment interface can provide a configuration interface, configure the IP and the port of the server, configure the UKey number, send information to the server through the IP and the port of the server, and establish long connection with the server.
After receiving the registration request from the client middleware, the server can store the IP and the port of the client middleware, the UKey number and the user information in an associated manner.
After the UKey holder logs in, the use authority of the UKey can be authorized to other users, and the authorized users can use the UKey to sign in an authorized range.
S202, according to the registration request, establishing long connection between the server and the client middleware;
specifically, the server may establish a network connection with the client middleware according to the IP and port of the client middleware. The connection between the server and the client middleware can be maintained for a long time, and can be automatically reconnected when the network is interrupted.
S203, when user information is received, determining client middleware corresponding to the user information;
specifically, the user may log in to the server within the internet or a local area network. The user can send a user name and a password to the server, and after receiving the information, the server can search whether the user is a registered user or not and verify the password. After the user information is confirmed, the server may search the stored information for the client middleware information corresponding to the user.
S204, acquiring a file to be signed, and extracting a UKey number matched with the user information;
generally, one UKey corresponds to one number, and the UKey can be uniquely determined through the number.
Specifically, after a user logs in, a file to be signed can be uploaded to a server, the server receives the file to be signed sent by the user, when the file to be signed is signed, the UKey needs to be driven to act through client middleware, and when the file is communicated with the client middleware, the UKey needs to be used for showing identity, so that the UKey number corresponding to the user can be searched from information stored in the server according to user information.
A plurality of UKey may reside on a device in the LAN, each UKey may correspond to a driving program, and the client middleware may determine the driving program to be called according to the UKey number, so as to drive the UKey corresponding to the UKey number to execute actions.
S205, sending the UKey number to the client middleware to instruct the client middleware to call a driving program according to the UKey number to acquire the target seal information;
specifically, the server may send a seal information request to the client middleware through a connection with the client middleware, where the seal information request includes a UKey number; after receiving the information sent by the server, the client middleware can call a corresponding driver according to the UKey number, acquire the digital certificate and the electronic seal information from the corresponding UKey, and return the digital certificate and the electronic seal information to the server.
The client middleware can call the UKey driver through DLL (Dynamic Link Library).
S206, receiving the target seal information returned by the client middleware;
specifically, the server receives target seal information returned by the client middleware, wherein the target seal information comprises a digital certificate and electronic seal information. The digital certificate is used for identifying the identity of a user in network communication, and the electronic seal can be an image through which the identity of a signer can be intuitively known.
S207, calculating the hash values of the digital certificate information, the electronic seal information and the file to be signed;
specifically, after receiving the data certificate and the electronic seal information, the server may calculate the hash value of the digital certificate, the electronic seal information, and the file to be signed. Generally, files to be signed are large, and digital certificates, electronic seal information and the files to be signed can be converted into character strings with fixed lengths from mass data by calculating hash values, so that subsequent signature is facilitated.
S208, sending the hash value to the client middleware to instruct the client middleware to call the driving program to encrypt the hash value to obtain a signature value for the file to be signed;
specifically, after the server calculates the hash value, the hash value and the UKey number are sent to the client middleware to request for signature, and after the client middleware receives the information of requesting for signature sent by the server, the client middleware can call a corresponding driver to drive the UKey to encrypt the hash value to obtain a signature value and return the signature value to the server.
Illustratively, the encryption of the hash value may employ an RSA algorithm, the encryption may employ a private key, and the public key may verify the signature.
S209, when the signature value returned by the client middleware is received, signing the file to be signed according to the signature value.
Specifically, after the server receives the signature value returned by the client middleware, the signature value and the electronic seal can be synthesized into the document to be signed to complete the signature of the signed document.
In the embodiment, the user inserts the UKey into the local area network in advance, the client-side middleware is adopted to establish connection with the server, and when the signature needs to be entered, the server can call the driver program through the client-side middleware to drive the UKey to execute the action, so that the remote signature is completed. In the embodiment, the user can also sign without carrying the UKey, so that the timeliness of the signing service is improved; under the authorization of the holder, other personnel can also use the UKey to complete the signature.
Fig. 3 is a schematic flowchart of a signature method provided in a third embodiment of the present application, and as shown in fig. 3, the method includes:
s301, receiving a registration request sent by the client middleware;
the execution subject of this embodiment is a server or a server cluster, and the server includes a cloud server. Illustratively, the saas signing platform can be deployed in the cloud.
Specifically, the UKey may be inserted into a terminal device of the lan in advance, the UKey driver and the client middleware may be installed on the terminal device, the client middleware may include an executable program on the operating system, and the client middleware may occupy a port after installation and operation, and then may input a PIN (Personal Identification Number) code of the UKey through the client middleware, and activate the UKey. Then, IP and port of the server are set on a configuration page provided by the client middleware, UKey number is configured, and a registration request is sent to the server through the client middleware.
After receiving a registration request sent by the client middleware, the server can receive user information and UKey number, and then determines the IP and port of the client according to the request information sent by the client. The user information may include a user name and a password.
S302, storing the client middleware information, the user information and the UKey number in an associated manner;
specifically, the server may store the client middleware information, the user information, and the UKey number in a database in an associated manner, and when the user information is searched in the database, the corresponding client middleware information and the corresponding UKey number may be determined.
S303, establishing long connection between the server and the client middleware based on the stored client middleware information, the stored user information and the stored UKey number;
specifically, the server may establish a long connection with the client middleware through an IP and a port of the client middleware, and the client middleware corresponds to the UKey number and the user information, which is equivalent to establishing a connection between the server and the UKey held by the user.
In addition, a dedicated cloud front-end processor can be erected on the server to deploy the front-end service, the front-end service can be an executable program or web service deployed by the Saas cloud, the front-end service occupies a port after being started, the front-end service is listened, and the cloud front-end processor can perform Socket or Http interaction with the client middleware.
S304, when user information is received, determining client middleware corresponding to the user information;
specifically, when the user information is received, the information of the client middleware corresponding to the user can be searched in the database through the user information, and the IP and the port of the client middleware are obtained, so that the long connection established between the server and the client middleware can be determined.
S305, acquiring a file to be signed, and extracting a UKey number matched with the user information;
specifically, after the user successfully logs in, the file to be signed may be uploaded or the file to be signed may be selected from files stored in the system, and after the file to be signed is obtained by the server according to the selection of the user, the UKey number corresponding to the user is searched for from the database.
S306, calling a pre-configured front-end processor service, sending the UKey number to the client-side middleware to indicate the client-side middleware to call a driving program according to the UKey number, and acquiring the target seal information;
specifically, the server calls a cloud front-end processor service, sends a signature request to the client middleware through a long connection pre-established between the server and the client middleware, the signature request carries a UKey number corresponding to a user, and the client middleware calls a corresponding driving program according to the UKey number to acquire a digital certificate and an electronic seal from the UKey.
S307, receiving the target seal information returned by the client middleware;
specifically, the server receives the digital certificate and the electronic seal returned by the client middleware.
S308, calculating the hash values of the digital certificate information, the electronic seal information and the file to be signed;
specifically, the server calculates hash values of the digital certificate, the electronic seal and the file to be signed, and the hash operation can convert a large amount of data into a character string, so that the signature value can be calculated conveniently.
S309, sending the hash value to the client middleware to instruct the client middleware to call the driving program to encrypt the hash value, so as to obtain a signature value for the file to be signed;
specifically, in the electronic signature process, the hash value needs to be encrypted to obtain the signature value, and the encryption algorithm and the key are stored in the UKey, so that the server can send the UKey number and the hash value to the UKey through the client middleware, and the UKey encrypts the hash value to obtain the signature value.
Generally, the RSA algorithm can be used to encrypt the hash value, and the private key is kept by the user and can be used to encrypt the hash value and the public key is disclosed.
S310, when the signature value returned by the client middleware is received, the signature value and the electronic seal information are synthesized into the file to be signed.
After the server receives the signature value, the server can synthesize the signature value and the electronic seal image into a file to be signed to complete signature. For example, the file to be signed is a PDF document, the electronic seal image may be an image in PDF format, and the image information and the signature value are written into the PDF document to complete the signature of the PDF document.
If the user A signs a certain document, the document is sent to the receiver B, and when the B receives the signed document, the user A can know the signature of the document A from the electronic seal information on the document; meanwhile, a signature value and an electronic seal can be extracted from the document, and then the public key corresponding to the user A is adopted to decrypt the signature value to obtain a secret value x; and then, calculating a hash value y of the digital certificate of the user A, the electronic seal and the document without the signature by adopting the same hash algorithm as the hash algorithm A, wherein if y = x, the user identity verification is successful, and the document does pass the signature of the user A.
In the embodiment, a UKey holder can finish the signature of a file to be signed in a local area network or an internet without being limited by the geographical position, so that the timeliness of the signature service is improved; under the authorization of the holder, other personnel can also use the UKey to complete the signature.
Fig. 4 is an architecture diagram of a signature system according to the fourth embodiment of the present application, as shown in fig. 4, the saas signature platform is deployed on the cloud server, and the cloud server includes a cloud front-end processor, because the server needs to bear more services, a dedicated cloud front-end processor can be set up, a front-end service is deployed, and the cloud front-end processor is connected to the client middleware to complete signature. The UKey is inserted into and resides on a terminal of the local area network, the terminal also comprises a driver and a client middleware, the client middleware can call the driver through DLL, and the client middleware and the cloud front-end processor service can establish connection through the network. The system can realize the signature of the file anytime and anywhere, as shown in figure 5.
As shown in fig. 5, the signature process includes a preset stage and a signature stage. The preset link can establish the connection between the server and the UKey. In a preset link, a user inserts a UKey into a terminal of a local area network, installs a UKey driver and a client middleware, and then inputs a PIN code of the UKey in advance through the client middleware to activate the UKey; the IP and the port of the server are configured on a configuration interface provided by the client middleware, the UKey number is configured, a registration request is sent to the server, and the client middleware and the cloud front-end processor of the server are connected for a long time and can be automatically reconnected when the connection is interrupted. After receiving a registration request sent by the client middleware, the server can correspondingly store user information, UKey codes and client middleware information in a database, wherein the client middleware information comprises an IP and a port, and the server can determine the connection with the client middleware through the IP and the port.
In the signing link, a user can log in the saas signing platform on the device through the previously registered information, and the device used by the user can be in the local area network or not. After the user logs in successfully, a signing task can be initiated to the saas signing platform, the saas signing platform can determine a UKey number according to user login information, and then a preset cloud front-end processor service is called to request a certificate and an electronic seal from a client-side middleware; after receiving a request from a cloud front-end processor, the client middleware calls a corresponding driving program according to a UKey number carried in the request, acquires a digital certificate and an electronic seal image of a user from the UKey, and returns the digital certificate and the electronic seal image to the saas signing platform; after receiving the digital certificate and the electronic seal image, the saas signature platform calculates a hash value of the digital certificate, the electronic seal image and the document, and then calls a preset cloud front-end processor service to send a signature value request to the client middleware, wherein the signature value request carries a UKey number and the hash value; after receiving the signature value request, the client middleware calls a driver to drive the UKey to encrypt the carried hash value according to the carried UKey number to obtain a signature value, then returns the signature value to the server, and the server synthesizes the signature value and the electronic seal into a file to be signed to finish the signature.
In addition, the UKey holder can authorize the authority of the UKey holder to other users, and the other users can also sign by using the UKey.
Fig. 6 is a schematic structural diagram of a signature device according to a fifth embodiment of the present application, and as shown in fig. 6, the signature device includes
A determining module 61, configured to determine, when user information is received, client middleware corresponding to the user information;
a request sending module 62, configured to obtain a file to be signed, and send a signature request for the file to be signed to the client middleware, so as to instruct the client middleware to obtain target seal information according to the signature request;
a seal information receiving module 62, configured to receive the target seal information returned by the client middleware;
and the signature module 64 is used for signing the file to be signed by adopting the target seal information.
The device further comprises:
the registration request receiving module is used for receiving a registration request sent by the client middleware;
and the registration module is used for establishing long connection between the server and the client middleware according to the registration request.
The registration module includes:
the storage submodule is used for storing the client middleware information, the user information and the UKey number in an associated manner;
and the connection sub-module is used for establishing long connection between the server and the client middleware based on the stored client middleware information, the stored user information and the stored UKey number.
The request sending module 62 includes:
the number acquisition submodule is used for acquiring a file to be signed and extracting a UKey number matched with the user information;
and the number sending submodule is used for sending the UKey number to the client-side middleware so as to instruct the client-side middleware to call a driving program according to the UKey number and obtain the target seal information.
The number transmission submodule includes:
and the calling and sending unit is used for calling preconfigured front-end processor service, sending the UKey number to the client-side middleware so as to indicate the client-side middleware to call a driving program according to the UKey number and acquire the target seal information.
In the above apparatus, the target seal information includes digital certificate information and electronic seal information, and the signature module 64 includes:
the calculation submodule is used for calculating the hash value of the digital certificate information, the electronic seal information and the file to be signed;
the signature value request submodule is used for sending the hash value to the client middleware so as to instruct the client middleware to call the driving program to encrypt the hash value and obtain a signature value for the file to be signed;
and the signature submodule is used for signing the file to be signed according to the signature value when receiving the signature value returned by the client middleware.
The signature submodule comprises:
and the synthesis unit is used for synthesizing the signature value and the electronic seal information into the file to be signed when the signature value returned by the client middleware is received.
Fig. 7 is a schematic structural diagram of a server according to a sixth embodiment of the present application. As shown in fig. 7, the server 7 of this embodiment includes: at least one processor 70 (only one shown in fig. 7), a memory 71, and a computer program 72 stored in the memory 71 and executable on the at least one processor 70, the processor 70 implementing the steps in any of the various method embodiments described above when executing the computer program 72.
The server 7 may be a computing device such as a cloud server. The server may include, but is not limited to, a processor 70, a memory 71. Those skilled in the art will appreciate that fig. 7 is merely an example of the server 7, and does not constitute a limitation of the server 7, and may include more or less components than those shown, or combine certain components, or different components, such as input output devices, network access devices, etc.
The processor 70 may be a Central Processing Unit (CPU), and the processor 70 may be other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 71 may in some embodiments be an internal storage unit of the server 7, such as a hard disk or a memory of the server 7. The memory 71 may also be an external storage device of the server 7 in other embodiments, such as a plug-in hard disk provided on the server 7, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash memory card (FlashCard), and the like. Further, the memory 71 may also include both an internal storage unit and an external storage device of the server 7. The memory 71 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of the computer program. The memory 71 may also be used to temporarily store data that has been output or is to be output.
It should be noted that, for the information interaction, execution process, and other contents between the above-mentioned devices/units, the specific functions and technical effects thereof are based on the same concept as those of the embodiment of the method of the present application, and specific reference may be made to the part of the embodiment of the method, which is not described herein again.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. For the specific working processes of the units and modules in the system, reference may be made to the corresponding processes in the foregoing method embodiments, which are not described herein again.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps in the foregoing method embodiments.
The embodiments of the present application provide a computer program product, which when running on a server, enables the server to implement the steps in the above method embodiments when executed.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/server, a recording medium, computer memory, read-only memory (ROM), random-access memory (RAM), an electrical carrier signal, a telecommunications signal, and a software distribution medium. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In certain jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and patent practice.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other ways. For example, the above-described apparatus/network device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A signature method is applied to a server, and comprises the following steps:
a user inserts a UKey into one device in a UKey holder local area network in advance to register, a client middleware is installed on the device, and the client middleware is used for being connected with the server;
when user information of a network login user is received, determining client middleware corresponding to the user information based on pre-stored client middleware information;
acquiring a file to be signed, and sending a signing request aiming at the file to be signed to the client middleware so as to instruct the client middleware to acquire target seal information according to the signing request;
receiving the target seal information returned by the client middleware;
and signing the file to be signed by adopting the target seal information.
2. The method of claim 1, prior to determining client middleware corresponding to the user information, further comprising:
receiving a registration request sent by the client middleware;
and establishing long connection between the server and the client middleware according to the registration request.
3. The method of claim 2, wherein the registration request includes client middleware information, user information, and a UKey number, and wherein establishing the long connection between the server and the client middleware according to the registration request comprises:
storing the client middleware information, the user information and the UKey number in an associated manner;
and establishing long connection between the server and the client middleware based on the stored client middleware information, the stored user information and the stored UKey number.
4. The method according to any one of claims 1 to 3, wherein the obtaining a file to be signed, sending a signature request for the file to be signed to the client middleware to instruct the client middleware to obtain target seal information according to the signature request, comprises:
acquiring a file to be signed, and extracting a UKey number matched with the user information;
and sending the UKey number to the client-side middleware to instruct the client-side middleware to call a driving program according to the UKey number to acquire the target seal information.
5. The method of claim 4, wherein the sending the UKey number to the client middleware to instruct the client middleware to invoke a driver according to the UKey number to obtain the target seal information comprises:
and calling a pre-configured front-end processor service, sending the UKey number to the client-side middleware, and indicating the client-side middleware to call a driving program according to the UKey number to acquire the target seal information.
6. The method according to claim 4, wherein the target seal information includes digital certificate information and electronic seal information, and the signing the file to be signed with the target seal information includes:
calculating the hash values of the digital certificate information, the electronic seal information and the file to be signed;
sending the hash value to the client-side middleware to instruct the client-side middleware to call the driving program to encrypt the hash value to obtain a signature value for the file to be signed;
and when the signature value returned by the client middleware is received, signing the file to be signed according to the signature value.
7. The method of claim 6, wherein the signing the file to be signed according to the signature value when receiving the signature value returned by the client middleware comprises:
and when the signature value returned by the client middleware is received, synthesizing the signature value and the electronic seal information into the file to be signed.
8. A signature device applied to a server, the device comprising:
the system comprises a registration module, a server and a client middleware, wherein the registration module is used for a user to insert a UKey into one device in a UKey holder local area network in advance for registration, the device is provided with the client middleware, and the client middleware is used for being connected with the server;
the determining module is used for determining the client middleware corresponding to the user information based on the pre-stored client middleware information when the user information of the networking login user is received;
the request sending module is used for acquiring a file to be signed and sending a signing request aiming at the file to be signed to the client-side middleware so as to instruct the client-side middleware to acquire target seal information according to the signing request;
the seal information receiving module is used for receiving the target seal information returned by the client middleware;
and the signature module is used for adopting the target seal information to sign the file to be signed.
9. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010152645.2A CN113360878B (en) | 2020-03-06 | 2020-03-06 | Signature method, device, server and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010152645.2A CN113360878B (en) | 2020-03-06 | 2020-03-06 | Signature method, device, server and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113360878A CN113360878A (en) | 2021-09-07 |
| CN113360878B true CN113360878B (en) | 2023-02-24 |
Family
ID=77524088
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010152645.2A Active CN113360878B (en) | 2020-03-06 | 2020-03-06 | Signature method, device, server and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113360878B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114221759B (en) * | 2021-11-29 | 2024-04-12 | 成都卫士通信息产业股份有限公司 | Remote monitoring deployment method and device, electronic equipment and storage medium |
| CN116502281B (en) * | 2023-03-14 | 2023-12-12 | 北京安证通信息科技股份有限公司 | Method and system for batch signing of background files |
| CN116756723B (en) * | 2023-08-16 | 2024-01-09 | 鼎铉商用密码测评技术(深圳)有限公司 | Electronic signature method and device, storage medium and electronic equipment |
| CN117668805A (en) * | 2023-10-19 | 2024-03-08 | 中金金融认证中心有限公司 | Credibility guaranteeing method for documents in evaluation process of third party evaluation service |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102291808B (en) * | 2011-06-03 | 2013-12-04 | 莫雅静 | Network communication method, communication equipment and middleware of communication equipment |
| CN106982190A (en) * | 2016-01-18 | 2017-07-25 | 卓望数码技术(深圳)有限公司 | A kind of electric endorsement method and system |
| CN107204854A (en) * | 2017-06-30 | 2017-09-26 | 上海测吧信息技术有限公司 | A kind of digital signature method based on USB TOKEN |
| CN110266469B (en) * | 2019-06-18 | 2022-11-29 | 江苏慧世联网络科技有限公司 | Remote online electronic signature method based on WEB script data stream operation |
-
2020
- 2020-03-06 CN CN202010152645.2A patent/CN113360878B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113360878A (en) | 2021-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113360878B (en) | Signature method, device, server and medium | |
| CN110086608B (en) | User authentication method, device, computer equipment and computer readable storage medium | |
| CN106888089B (en) | method and system for electronic signature and mobile communication terminal for electronic signature | |
| US11882509B2 (en) | Virtual key binding method and system | |
| EP3457344A1 (en) | Payment authentication method, apparatus and system for onboard terminal | |
| CN112104665B (en) | Block chain-based identity authentication method and device, computer and storage medium | |
| CN106330442B (en) | Identity authentication method, device and system | |
| KR101974062B1 (en) | Electronic Signature Method Based on Cloud HSM | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| CN113572728B (en) | Method, device, equipment and medium for authenticating Internet of things equipment | |
| US20170041150A1 (en) | Device certificate providing apparatus, device certificate providing system, and non-transitory computer readable recording medium which stores device certificate providing program | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| US20160147981A1 (en) | Anti-piracy Protection for Software | |
| CN112910660B (en) | Certificate issuing method, adding method and transaction processing method of blockchain system | |
| WO2017206524A1 (en) | Electronic device control method, terminal and control system | |
| CN111565182B (en) | Vehicle diagnosis method and device and storage medium | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN209882108U (en) | Device for mobile phone terminal to safely access information network | |
| US20090210719A1 (en) | Communication control method of determining whether communication is permitted/not permitted, and computer-readable recording medium recording communication control program | |
| CN109743283B (en) | Information transmission method and equipment | |
| CN115801287A (en) | Signature authentication method and device | |
| CN115378609A (en) | Electronic certificate display method, verification method, terminal and server | |
| JP2003298574A (en) | Electronic apparatus, authentication station, electronic apparatus authentication system, and electronic apparatus authentication method | |
| KR20200089562A (en) | Method and apparatus for managing a shared digital key | |
| US11218329B2 (en) | Certificate generation with fallback certificates |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |