CN116975932A - Method for generating electronic seal based on multiparty application - Google Patents

Method for generating electronic seal based on multiparty application Download PDF

Info

Publication number
CN116975932A
CN116975932A CN202310997426.8A CN202310997426A CN116975932A CN 116975932 A CN116975932 A CN 116975932A CN 202310997426 A CN202310997426 A CN 202310997426A CN 116975932 A CN116975932 A CN 116975932A
Authority
CN
China
Prior art keywords
user
seal
electronic seal
management center
electronic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310997426.8A
Other languages
Chinese (zh)
Inventor
朱梦雅
储令平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Matrix Time Digital Technology Co Ltd
Original Assignee
Matrix Time Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matrix Time Digital Technology Co Ltd filed Critical Matrix Time Digital Technology Co Ltd
Priority to CN202310997426.8A priority Critical patent/CN116975932A/en
Publication of CN116975932A publication Critical patent/CN116975932A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/608Watermarking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The invention discloses a method for generating an electronic seal based on multiparty application, which comprises the following steps: a user A and a user B respectively send a request for applying to disclose the electronic seal and the privacy seal to an electronic seal management center; the user A and the user B synchronously seal files, and the user B verifies the consistency of the seal files of the two parties; the electronic seal management center generates a public electronic seal and a private seal and sends the public electronic seal and the private seal to a user A and a user B respectively; the electronic seal management center generates a disposable seal; and the user A packages the file seal, calculates the hash value of the file seal, sends the hash value to the user B for verification, and after the verification is passed, the user A and the user B respectively generate an electronic seal and execute seal printing on the seal file. The invention can realize the association of the electronic seal with the seal file and the user, and each seal application is a new electronic seal, thereby solving the security problem of the electronic seal and the corresponding relation problem of the electronic seal, the electronic file and the user in the current quantum technology environment.

Description

Method for generating electronic seal based on multiparty application
Technical Field
The invention relates to the technical field of quantum security, in particular to a method for generating an electronic seal based on multiparty application.
Background
Electronic seals, also called electronic signatures, digital seals, etc., are a visual representation of digital signatures, which can also be understood as the electronization of traditional seals and handwritten signatures, whose function is similar to that of traditional seals or handwritten signatures used on paper documents. The objects to be electronic stamps are electronic documents that are also transported in a network environment, which makes electronic stamp application systems relatively complex. Therefore, the electronic seal is not equivalent to a simple electronic seal picture, and has three basic characteristics of usability, safety, expansibility and the like.
At present, a common electronic seal uses a digital signature technology of an RSA public key system to ensure the effectiveness of the seal, but the RSA public key system is based on two mathematical problems of factorization of large integers or discrete logarithm calculation on a finite field. With the development of quantum technology, the huge computation power of a quantum computer can be subjected to integer factorization or discrete logarithm calculation within polynomial time (namely, the cracking time increases with the increase of the length of a public key at the speed of the power of k, wherein k is a constant irrelevant to the length of the public key), so that the possibility is provided for cracking of RSA and discrete logarithm encryption algorithms. Therefore, the electronic seal can be broken by utilizing the quantum computer, and the existing electronic seal is not safe under the environment of quantum technology.
In addition, due to the characteristic that the electronic seal converts a real object into electrons, when a user obtains an electronic document with the electronic seal, the user can use some P-chart tools to scratch out the electronic seal and then add the electronic seal into other electronic documents. Therefore, the correspondence between the electronic seal and the electronic document is also susceptible to be questioned.
In view of this, how to obtain an electronic seal with higher security in the environment of quantum technology, so as to ensure the validity of the electronic seal and the corresponding relationship between the electronic seal and the electronic document are technical problems with practical significance.
Disclosure of Invention
The invention aims to: the invention aims to provide a method for generating an electronic seal based on multiparty application, which solves the security problem of the electronic seal and the multiparty corresponding relation problem of the electronic seal, an electronic document and seal in the current quantum technology environment. The method provided by the invention can realize the association of the electronic seal with the seal file and the users corresponding to the seal file, and each seal application corresponds to a new electronic seal.
The technical scheme is as follows: a method of generating an electronic seal based on a multiparty application, the multiparty application comprising a user a and a user B applying for an electronic seal, the method comprising the steps of:
Step one, the user A and the user B respectively send a request for applying to disclose an electronic seal and a privacy seal to an electronic seal management center;
step two, the user A and the user B synchronize and safely store the printed files, and the user B verifies the consistency of the printed files of the two parties;
step three, the electronic seal management center responds to the request for applying for disclosing the electronic seal and the privacy seal received in the step one, generates the disclosing electronic seal and the privacy seal for the user A and the user B and stores the disclosing electronic seal and the privacy seal safely, and sends the generated disclosing electronic seal and the generated privacy seal to the user A and the user B for safe storage respectively;
step four, the user A and the user B send a request for applying the disposable seal to the electronic seal management center, and the electronic seal management center responds to the request for applying the disposable seal and generates the disposable seal based on the privacy seal in the step three;
and fifthly, the user A encapsulates the file seal, calculates the hash value of the encapsulated file seal, sends the hash value to the user B for verification, and after the verification is passed, the user A and the user B respectively generate an electronic seal and execute seal printing on the seal file.
Further, the second step further includes:
the user A and the user B carry out key negotiation to respectively obtain a shared key a, and the user A uses the shared key a to encrypt a local printed document doc to obtain a ciphertextThe user A sends the ciphertext T to the user B;
the user B decrypts the received ciphertext T by using the shared secret key a to obtain a seal document doc';
the user A obtains the random number from the local and generates an irreducible polynomial p based on the random number obtained from the local 1 (x) The user A will not be about the polynomial p 1 (x) The character string formed by each coefficient except the highest term is recorded as str1, the user A and the user B carry out key negotiation to obtain a shared key (s 1, t1, k 1), and the user A is based on an irreducible polynomial p 1 (x) Generating a hash function from a shared key s1Said user A uses a hash function +.>Carrying out hash calculation on the local printed file doc to obtain a hash value +.>The user a encrypts a hash value encrypted with a shared key t1And a file composed of a string str1 encrypted with a shared key k1Sending to the user B;
the user B decrypts the ciphertext using the shared key t1Get hash value +. >Said user B decrypts the ciphertext +_ using the shared key k1>Obtaining a character string str1', and generating an irreducible polynomial p by the user B based on the character string str1 1 ' (x) use of the irreducible itemPolynomial p 1 ' generating a hash function with the shared key s1And use the hash function +.>Calculating the hash value of the stamp doc' to obtain a hash value +.>Hash value calculated +.>Hash value obtained by decryption +.>Comparing, if the printed files are consistent, the printed files doc in the user A are consistent with the printed files doc' in the user B; otherwise, the fact that the seal doc in the user A is inconsistent with the seal doc' in the user B is indicated;
and the user B feeds back the consistency verification result of the printed file to the user A.
Further, in the first step, the request for applying for disclosure of the electronic seal and the privacy seal sent by the user a to the electronic seal management center includes own identity information IDa1, the request for applying for disclosure of the electronic seal and the privacy seal sent by the user B to the electronic seal management center includes own identity information IDb1, the names and websites of the electronic seal management center are stored in the user a and the user B, and the third step further includes:
The process of generating the public electronic seal SEALA1 for the user A by the electronic seal management center is as follows:
the electronic seal management center acquires identity information IDa1 of a user A from a request for applying for disclosing the electronic seal and the privacy seal, which is sent by the user A, and generates a disclosing electronic seal SEALA1 based on the identity information IDa 1;
the process of generating the public electronic seal SEALB1 for the user B by the electronic seal management center is as follows:
the electronic seal management center acquires identity information IDb1 of a user B from a request for applying for disclosing the electronic seal and the privacy seal, which is sent by the user B, and generates a disclosing electronic seal SEALB1 based on the identity information IDb 1;
the process of generating the privacy seal NA1 for the user A by the electronic seal management center is as follows:
the electronic seal management center obtains a group of random numbers Qa1 from the local, generates a service serial number Noab1 based on a request for disclosing an electronic seal and a privacy seal sent by a user A in the step one, and generates a privacy seal NA 1= (IDa 1, qa1, noab 1) based on identity information IDa1 of the user A, the random numbers Qa1 obtained from the local and the service serial number Noab 1;
the process of generating the privacy seal NB1 for the user B by the electronic seal management center is as follows:
The electronic seal management center obtains a group of random numbers Qb1 from the local, and generates a privacy seal NB 1= (IDb 1, qb1, noab 1) based on the identity information IDb1 of the user B, the random numbers Qb1 obtained from the local and the service flow number Noab 1.
Further, the fourth step further includes:
the electronic seal management center performs three-party key negotiation with the user A and the user B to respectively obtain shared keys (s 2, t2 and k 2), and locally obtains a group of quantum random numbers and generates an irreducible polynomial p based on the obtained quantum random numbers 2 (x) Will not be about polynomial p 2 (x) The string of coefficients of each term except the highest term is denoted str2, based on an irreducible polynomial p 2 (x) Generating a hash function from a shared key s2
The electronic seal management center reads the privacy seal NA1 from the localAnd NB1, splicing the privacy seal NA1 and NB1 to form a file NAB1= (NA 1, NB 1) = (IDa 1, qa1, IDb1, qb1, noab 1), wherein the electronic seal management center uses the generated hash functionHash calculation is carried out on the file NAB1 to obtain a hash value +.>Encrypting the hash value +.>Obtaining the disposable seal
The electronic seal management center encrypts a file formed by a disposable seal M1 and a character string str2 encrypted by a shared key k2Respectively sending to the user A and the user B;
the user A and the user B verify the disposable seal M1;
and in response to the authentication of the disposable seal M1 by the user A and the user B, registering the disposable seal M1 and the service serial number Noab1 by the electronic seal management center.
Further, the specific process of verifying the disposable stamp M1 by the user a includes:
the user a decrypts the ciphertext using the shared key t2Obtaining a hash valueDecrypting ciphertext using shared key k2>Obtaining a character string str2', and generating an irreducible polynomial p based on the character string str2 2 ' (x) using an irreducible polynomial p 2 'A hash function is generated by' (x) and the shared key s2 +.>The user A reads the privacy seal NA1 locally, acquires a service serial number Noab1 from the read privacy seal NA1, uses the service serial number Noab1 to request the privacy seal NB1 of the user B from the electronic seal management center, and the electronic seal management center reads the privacy seal NB1 of the user B locally according to the service serial number Noab1 sent by the user A and sends the privacy seal NB1 to the user A, and the privacy seal NB1' of the user B received by the user A;
The user a concatenates the own privacy seal NA1 and the received privacy seal NB1' to obtain a file NAB1' = (NA 1, NB1 ') = (IDa 1, qa1, IDb1, qb1, noab 1), and uses the generated hash functionCalculating file NAB1' to obtain hash value +.>
The user A calculates the hash valueHash value obtained by decryption +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable seal needs to be regenerated;
the user A feeds the verification result back to the electronic seal management center;
the specific process of verifying the disposable seal M1 by the user B comprises the following steps:
the user B decrypts the ciphertext using the shared key t2Obtaining a hash value
The user B decrypts the ciphertext using the shared key k2Obtaining a character string str2 'and generating an irreducible polynomial p based on the character string str 2' 2 "(x) using an irreducible polynomial p 2 Hash function generation by "(x) and shared key s2The user B reads the privacy seal NB1 locally, acquires a service serial number Noab1 from the read privacy seal NB1, and requests the privacy seal NA1 of the user A from the electronic seal management center by using the service serial number Noab1, wherein the electronic seal management center reads the privacy seal NA1 of the user A locally according to the service serial number Noab1 sent by the user B and sends the privacy seal NA1 to the user B, and the privacy seal NA1' of the user A received by the user B;
The user B concatenates the private seal NB1 and the received private seal NA1 'to obtain a file nab1″= (NA 1', NB 1) = (IDa 1, qa1, IDb1, qb1, noab 1), and uses the generated hash functionCalculating file NAB 1' to obtain hash value +.>
The user B calculates the hash valueHash value obtained by decryptionComparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable seal needs to be regenerated;
and the user B feeds the verification result back to the electronic seal management center.
Further, the fifth step further includes:
the user A firstly sends a request for acquiring the public electronic seal SEALB1 of the user B to the electronic seal management center by using a service serial number Noab1, the electronic seal management center responds to the request for acquiring the public electronic seal SEALB1 of the user B sent by the user A and sends the public electronic seal SEALB1 of the user B to the user A, and the public electronic seal of the user B received by the user A is SEALB1';
the user A at least discloses an electronic seal SEALA1, a received public electronic seal SEALB1', a disposable seal M1, a business serial number Noab1, the name and the website of an electronic seal management center and the hash value of a seal doc Packaging into a file seal;
the user A and the user B carry out key negotiation to respectively obtain shared keys (s 3, t3 and k 3), the user A locally obtains a group of quantum random numbers, and generates an irreducible polynomial p based on the obtained quantum random numbers 3 (x) Based on irreducible polynomials p 3 (x) Generating a hash function using the shared key s3And using the generated hash function +.>Hash calculation is carried out on the file seal to obtain a hash value +.>The user A will not be about the polynomial p 3 (x) The character string formed by each term of coefficients except the highest term is recorded as str3;
the user a encrypts a hash value encrypted with a shared key t3And a string str3 encrypted with the shared key k3 ++>Sending to the user B;
the user B hashes the value according to the received file D3Verifying and feeding back the verified information to the user A;
after the verification is passed, the user A and the user B respectively generate an electronic seal and execute seal printing on the seal document.
Further, the user B hashes the value according to the received file D3The specific process for verification comprises the following steps:
the user B sends a request for acquiring the public electronic seal SEALA1 of the user A to the electronic seal management center by using a service serial number Noab1, the electronic seal management center responds to the request for acquiring the public electronic seal SEALA1 of the user A sent by the user B and sends the public electronic seal SEALA1 of the user A to the user B, and the public electronic seal of the user A received by the user B is SEALA1';
The user B uses the self public electronic seal SEALB1, the received public electronic seal SEALA1', the disposable seal M1, the business serial number Noab1, the name and the website of the electronic seal management center and the hash value of the seal docPackaging into a file seal';
the user B decrypts the ciphertext using the shared key t3Get hash value +.>Decrypting ciphertext using shared key k3>Obtaining a character string str3', and generating an irreducible polynomial p based on the character string str3 3 ' (x) using an irreducible polynomial p 3 'A hash function is generated by' (x) and the shared key s3 +.>And using the generated hash function +.>Calculating the file seal' to obtain a hash value
The user B calculates the hash valueAnd decrypting to obtain the hash value +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the flow of generating the electronic seal is terminated.
Further, in response to the user B hashing the valueThe verification result of (a) is that the user A and the user B respectively generate an electronic seal and execute seal printing on the seal document, and the method further comprises the following steps:
the user A presents the seal document doc in a text format and is based on the public electronic seal SEALA1 and the ciphertext Generating the electronic seal of the user A, and based on the received public electronic seal SEALB1' and ciphertextGenerating an electronic seal of the user B, and displaying the two electronic seals at the printing position of the text;
the user B presents the seal document doc 'in a text format and is based on the received public electronic seal SEALA1' and ciphertextGenerating the electronic seal of the user A based on the public electronic seal SEALB1 and the ciphertext +.>And generating the electronic seal of the user B, and displaying the two electronic seals at the printing position of the text.
Further, the ciphertextIs displayed on the public electronic seals SEALA1 and SEALB1' in the form of one of two-dimensional code, bar code, watermark or 16-system numerical value, wherein the ciphertext +_>To be in charge of ciphertext->The same forms are respectively displayedOn the public electronic seals sea 1' and sea b 1.
Further, the electronic seal management center comprises a sub electronic seal management center A and a sub electronic seal management center B, wherein the user A is under the jurisdiction of the sub electronic seal management center A, and the user B is under the jurisdiction of the sub electronic seal management center B;
the first step further comprises: the user A sends a request for applying for disclosing an electronic seal SEALA2 and a privacy seal NA2 to the sub electronic seal management center A, and the user B sends a request for applying for disclosing an electronic seal SEALB2 and a privacy seal NB2 to the sub electronic seal management center B;
The second step further comprises: the user A sends the stored name and website information of the sub electronic seal management center A to the user B, and the user B feeds back the consistency verification result of the seal file to the user A and sends the stored name and website information of the sub electronic seal management center B to the user A;
the third step further comprises: the sub electronic seal management center A generates a public electronic seal SEALA2 and a private seal NA2 for the user A, wherein the private seal NA2 at least comprises identity information IDa2 of the user A, a random number Qa2 acquired from the local by the sub electronic seal management center A, a generated business serial number Noab2, and names and website information of the sub electronic seal management center A; the sub electronic seal management center A sends a service serial number Noab2 to the sub electronic seal management center B; the sub-electronic seal management center B generates a public electronic seal SEALB2 and a private seal NB2 for the user B, wherein the private seal NB2 at least comprises identity information IDb2 of the user B, a random number Qb2 acquired from the local by the sub-electronic seal management center B, a business serial number Noab2 received from the sub-electronic seal management center A, and name and website information of the sub-electronic seal management center B;
The fourth step further comprises: the sub electronic seal management center A generates a disposable seal M2, and the user A, the user B and the sub electronic seal management center B verify the disposable seal M2;
the fifth step further comprises: the user A accesses the sub-electronic seal management center B through the sub-electronic seal management center A, and the user B accesses the sub-electronic seal management center A through the sub-electronic seal management center B.
The invention has the beneficial effects that:
1. in the invention, the electronic seal management center generates the disposable seal corresponding to the printing process, and then the printing operation is carried out by the printing parties based on the disposable seal to locally generate the electronic seal, and the printing parties directly store the locally printed file, thereby improving the safety of the electronic seal in the use process;
2. the electronic seal generated by the method of the invention is corresponding to the printed document and simultaneously corresponds to multiple parties of the printing, thereby ensuring the uniqueness and the safety of the electronic seal used by the parties of the printing.
Drawings
FIG. 1 is a schematic diagram of a user applying an electronic seal according to the present invention;
FIG. 2 is a block diagram of steps of a method of generating an electronic seal based on a multiparty application of the present invention;
FIG. 3 is a schematic diagram of a process for generating an electronic seal according to embodiment 1 of the present invention;
FIG. 4 is a schematic diagram of a process for generating an electronic seal according to embodiment 2 of the present invention;
FIG. 5 is a schematic diagram of a public electronic seal produced in accordance with the present invention;
fig. 6 is a schematic diagram of an electronic seal produced by the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings and examples:
some documents require two or more parties to seal, for example: contract type documents, and the like. At this time, all parties involved in the seal are the required parties of the electronic seal, and are also the receiving parties of the printed file. The invention provides a method for generating an electronic seal based on a multiparty application, wherein the multiparty application comprises a corresponding user A and a corresponding user B, and the user A and the user B are printing parties needing to print the same printed document, namely the multiparty application for the electronic seal. The invention takes the use of the printing of the documents by both parties as an example to describe the technical scheme of the invention.
To create the electronic seal of the present invention, a user may use a quantum security device with a dense region as the applicant of the present invention, in this invention user a and user B. As shown in FIG. 1, the quantum security device comprises a dense region, a non-dense region and an isolation region, wherein the dense region is used for processing data in the device so as to ensure the security in the data processing process, and a printed file can be stored in the dense region. The non-dense area is provided with a communication interface for interacting with the outside and receiving or transmitting data. The isolation area is used for connecting the dense area and the non-dense area, encrypting the data sent by the dense area, decrypting the data received from the non-dense area, and filtering the data according to a certain rule to realize the data interaction between the dense area and the non-dense area. All data sent out from the secret area are encrypted by the isolation area, and then the encrypted ciphertext is transmitted to the outside through the non-secret area. Similarly, all data received from the outside needs to be decrypted through the isolation area, and then the decrypted plaintext is sent to the secret area for processing.
Similarly, to ensure the security of the electronic seal management center, the electronic seal management center may also store data in a dense area using, for example, the device structure shown in fig. 1.
The invention provides a method for generating an electronic seal based on a multiparty application. For different administrative areas, a provider (e.g., a government agency) of the electronic seal management center may set a corresponding electronic seal management center according to the administrative areas, each electronic seal management center has its own name and a corresponding website address, and the electronic seal management center performing the electronic seal generation process may be addressed according to the name and the website address of the electronic seal management center. Each electronic seal management center has jurisdiction rights to the printing applicant in the administrative area where the electronic seal management center is located.
Example 1:
as shown in fig. 2 and 3, in this embodiment, the user a and the user B may be under the jurisdiction of the same electronic seal management center. User a and user B may register with the electronic seal management center in advance, and thus, both user a and user B store information of the electronic seal management center, for example, a name and a web address of the electronic seal management center.
The invention provides a method for generating an electronic seal based on a multiparty application, which comprises the following steps:
step one, a user A and a user B respectively send requests for applying to disclose the electronic seal and the privacy seal to an electronic seal management center.
The request of the user A for applying for disclosing the electronic seal SEALA1 and the privacy seal NA1 sent to the electronic seal management center comprises the identity information IDa1 of the user A, and the request of the user B for applying for disclosing the electronic seal SEALB1 and the privacy seal NB1 sent to the electronic seal management center comprises the identity information IDb1 of the user B. The identity information may be, for example, identification information such as company name, tax number, etc.
Step two, the user A and the user B synchronize and safely store the printed files, and the user B verifies the consistency of the printed files of the two parties.
The user A and the user B perform key negotiation to obtain the shared key a respectively, that is, the user A obtains the shared key a, and the user B also obtains the shared key a. User A encrypts local seal document doc by using shared key a to obtain ciphertextWherein the seal doc is securely stored in the user a, for example, the user a may store the seal doc in its own secret area to achieve secure storage. The user a sends the ciphertext T to the user B. And the user B uses the shared secret key a to decrypt the received ciphertext T to obtain a seal document doc ', and the seal document doc' is safely stored. For example, user B may store the stamp doc' in its own secret area to enable secure storage.
At this time, the user a safely stores the stamp doc, the user B safely stores the stamp doc ', the process of synchronizing the stamp doc with the user B is completed, and then the user B verifies the consistency of the stamp doc and the stamp doc'.
User a obtains a quantum random number locally and generates an irreducible polynomial p based on the locally obtained random number 1 (x) User a will not be about polynomial p 1 (x) The string of each term of coefficients except the highest term is denoted str1. Key agreement is performed between the user a and the user B to obtain a shared key (s 1, t1, k 1). User a is based on an irreducible polynomial p 1 (x) Generating a hash function from a shared key s1User a uses a hash function +.>Carrying out hash calculation on the local printed file doc to obtain a hash value +.>User a will hash value +.>Encryption using shared key t1, encryption of string str1 using shared key k1, and encryption of hash value encrypted with shared key t1 ∈1>And the string str1 encrypted with the shared key k1 is transmitted to the user B. That is, user A will file +.>To user B.
User B decrypts ciphertext using shared key t1Obtaining hashValue->Decrypting ciphertext using shared key k1>The string str1' is obtained. User B generates an irreducible polynomial p based on string str1 1 ' (x) using the irreducible polynomial p 1 'A hash function is generated by' (x) and the shared key s1 +.>And uses the hash functionCalculating hash value +.>Hash value calculated +.>Hash value obtained by decryption +.>Comparing, if the printed files are consistent, the printed files doc in the user A are consistent with the printed files doc' in the user B; otherwise, it is indicated that the stamp doc in the user a does not coincide with the stamp doc' in the user B.
And the user B feeds back the consistency verification result of the printed files of the two parties to the user A. After receiving the feedback of the results of the verification of the consistency of the printed files of the two parties, the user A continues to execute the electronic seal generating process.
And thirdly, the electronic seal management center responds to the request for applying for disclosing the electronic seal and the privacy seal received in the first step, generates the disclosing electronic seal and the privacy seal for the user A and the user B and stores the disclosing electronic seal and the privacy seal safely, and sends the generated disclosing electronic seal and the generated privacy seal to the user A and the user B for safe storage respectively.
The process of the electronic seal management center for generating the public electronic seal SEALA1 for the user A is as follows: the electronic seal management center obtains the identity information IDa1 of the user A from the request sent by the user A in the step one, and generates the public electronic seal SEALA1 based on the company name and tax number in the identity information IDa 1.
The process of generating the public electronic seal SEALB1 for the user B by the electronic seal management center is consistent with the process, and the public electronic seal SEALB1 is generated based on the company name and tax number in the identity information IDb1 of the user B.
The display modes of the electronic seals SEALA1 and SEALB1 can be shown in fig. 5, and are consistent with the content of the current entity seal.
The process of generating the privacy seal NA1 for the user A by the electronic seal management center is as follows:
the electronic seal management center obtains a group of random numbers Qa1 from the local place besides the identity information IDa1 of the user A, wherein the random numbers Qa1 can be 128-bit quantum random numbers or 256-bit quantum random numbers. In addition, the electronic seal management center also generates a service serial number Noab1 based on the request in the step one, and the generated service serial number Noab1 corresponds to the request in the step one.
The electronic seal management center generates a privacy seal NA1 based on the identity information IDa1 of the user A, the locally acquired random number Qa1 and the service serial number Noab1, namely:
NA1=(IDa1,Qa1,Noab1)。
similarly, the electronic seal management center generates the privacy seal NB1 for the user B in the same manner as described above. The electronic seal management center obtains a group of random numbers Qb1 from the local place besides the identity information IDb1 of the user B, wherein the random numbers Qb1 can be 128-bit quantum random numbers or 256-bit quantum random numbers. The service serial number in the privacy seal NB1 does not need to be regenerated, but the service serial number Noab1 in the privacy seal NA1 is directly multiplexed. That is to say,
NB1=(IDb1,Qb1,Noab1)。
Thus, the service serial number Noab1 can be used as an index of the request in the step one in the process of generating the electronic seal, and the corresponding request in the step one can be found through the service serial number Noab1, so that the public electronic seals SEALA1 and SEALB1 and the private seals NA1 and NB1 generated by the electronic seal management center in response to the request in the step one are obtained. The security of the privacy seal NA1 and the privacy seal NB1 are respectively ensured by the random numbers Qa1 and Qb1, and are the identity of the user A and the user B in the printing process.
The electronic seal management center safely stores generated public electronic seals SEALA1 and SEALB1 and privacy seals NA1 and NB1. For example, these are stored in their own secret. The electronic seal management center sends the public electronic seal SEALA1 and the private seal NA1 to the user A, and the user A stores the received public electronic seal SEALA1 and the received private seal NA1 in a self-secret area so as to realize safe storage. The electronic seal management center sends the public electronic seal SEALB1 and the private seal NB1 to the user B, and the user B stores the received public electronic seal SEALB1 and the received private seal NB1 in a private area of the user B so as to realize safe storage.
And step four, the user A and the user B send a request for applying the disposable seal to the electronic seal management center, and the electronic seal management center responds to the request for applying the disposable seal and generates the disposable seal based on the privacy seal in the step three.
The user A and the user B are in the same position in the process of generating the electronic seal at the time, and the printing is performed on the same printed document, so that the disposable seal obtained from the electronic seal management center is the same.
The electronic seal management center performs key negotiation with the user A and the user B to obtain shared keys (s 2, t2 and k 2) respectively. The electronic seal management center obtains a group of quantum random numbers locally and generates an irreducible polynomial p based on the quantum random numbers 2 (x) The irreducible polynomial p 2 (x) The string of coefficients of each term except the highest term is denoted str2, based on the irreducible polynomial p 2 (x) Generating a hash function from a shared key s2Electronic seal management center reads privacy seal NA1 from localAnd NB1, namely, the privacy stamps NA1 and NB1 are read from the own secret area, and the read privacy stamps NA1 and NB1 are spliced to form a file nab1= (NA 1, NB 1) = (IDa 1, qa1, IDb1, qb1, noab 1). Here, since the privacy stamps NA1 and NB1 have the same service serial number Noab1, only one may be reserved in the spliced file NAB 1. The electronic seal management center uses the generated hash function +.>Hash calculation is carried out on the file NAB1 to obtain a hash value Encrypting the hash value +.>Obtaining a disposable stamp generated in response to the present application->
The electronic seal management center transmits the disposable seal M1 and the character string str2 encrypted with the shared key k2 to the user a and the user B, respectively. I.e. to documentTo user a and user B, respectively.
User A and user B verify the disposable stamp M1 essentially as a hash value in the received file D2And (5) performing verification.
User a versus hash valueThe specific process of verification is as follows:
user a decrypts ciphertext using shared key t2Get hash value +.>Decrypting ciphertext using shared key k2>The string str2' is obtained. User A generates an irreducible polynomial p based on string str2 2 ' (x) using the irreducible polynomial p 2 'A hash function is generated by' (x) and the shared key s2 +.>The user A reads the privacy seal NA1 from the private area of the user A, acquires the business serial number Noab1 from the read privacy seal NA1, and uses the business serial number Noab1 to request the privacy seal NB1 of the user B from the electronic seal management center. The electronic seal management center reads the privacy seal NB1 of the user B from the secret area of the electronic seal management center according to the service serial number Noab1 sent by the user A, and sends the privacy seal NB1' of the user B received by the user A to the user A.
The user a concatenates the own privacy stamp NA1 and the received privacy stamp NB1' to obtain a file NAB1' = (NA 1, NB1 ')= (IDa 1, qa1, IDb1, qb1, noab 1). User a uses the generated hash functionCalculating file NAB1' to obtain hash value +.>User a will calculate the hash value +.>Hash value obtained by decryption +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable regeneration is neededAnd (5) seal. And the user A feeds the verification result back to the electronic seal management center.
Similarly, user B hashes the valueThe specific process of verification is as follows:
user B decrypts ciphertext using shared key t2Get hash value +.>User B decrypts ciphertext ++using shared key k2>Obtaining a character string str2 'and generating an irreducible polynomial p based on the character string str 2' 2 "(x) using the irreducible polynomial p 2 "(x) and shared key s2 generate a hash function +.>The user B reads the privacy seal NB1 from the private area of the user B, obtains the business serial number Noab1 from the read privacy seal NB1, and uses the business serial number Noab1 to request the privacy seal NA1 of the user A from the electronic seal management center. The electronic seal management center reads the privacy seal NA1 of the user A from the secret area according to the service serial number Noab1 sent by the user B, and sends the privacy seal NA1' of the user A received by the user B to the user B.
The user B concatenates the own privacy seal NB1 and the received privacy seal NA1 'to obtain a file NAB1 "(NA 1', NB 1) = (IDa 1, qa1, IDb1, qb1, noab 1). User B uses the generated hash functionCalculating file NAB 1' to obtain hash value +.>User B will calculate the hash value +.>Hash value obtained by decryption +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable seal needs to be regenerated. And the user B feeds the verification result back to the electronic seal management center.
The electronic seal management center only receives the hash value of the user A and the user BOnly when the verification results of the verification are passed, registering the disposable seal generated in response to the request of the disposable sealAnd the service serial number Noab1 which is common with the privacy seal NA1 and NB 1.
It can be understood that the service serial number corresponds to the request of the disposable stamp in the step one, and the request of the disposable stamp can be searched in the electronic stamp management center through the service serial number Noab1, so as to obtain the disposable stamp M1 corresponding to the request of the disposable stamp.
And fifthly, the user A encapsulates the file seal, calculates the hash value of the encapsulated file seal, sends the hash value to the user B for verification, and after the verification is passed, the user A and the user B respectively generate an electronic seal and execute seal printing on the seal document doc.
The user A firstly uses the service serial number Noab1 to send a request for obtaining the public electronic seal SEALB1 of the user B to the electronic seal management center, and the electronic seal management center responds to the request to send the public electronic seal SEALB1 of the user B to the user A, and the public electronic seal of the user B received by the user A is SEALB1'.
User A at least discloses himselfElectronic seal SEALA1, received public electronic seal SEALB1', disposable seal M1, service serial number Noab1, name and website of electronic seal management center, hash value of seal docThe encapsulation becomes a file seal, i.e.,
seal=
[ SEALA1, SEALB1', M1, noab1, name and website of electronic seal management center,
other fields can be encapsulated in the file seal according to the actual use requirement, for example, the time for generating the electronic seal at this time is executed.
Key agreement is performed between the user a and the user B to obtain shared keys (s 3, t3, k 3), respectively. User a obtains locally a set of quantum random numbers, based on which irreducible polynomials p are generated 3 (x) Based on the irreducible polynomial p 3 (x) Generating a hash function using the shared key s3And using the generated hash function +.>Hash calculation is carried out on the file seal to obtain a hash value +.>User a will not be about polynomial p 3 (x) The string of each term of coefficients except the highest term is denoted str3.
User a will hash the valueEncryption using shared key t3, encryption of string str3 using shared key k3, and encryption of hash value encrypted by shared key t3 ∈3>And the string str3 encrypted with the shared key k3 is sent to the user B. I.e. the file->To user B.
User B hashes the value according to the received file D3The verification is carried out, and the specific verification process is as follows:
the user B uses the service serial number Noab1 to send a request for obtaining the public electronic seal SEALA1 of the user A to the electronic seal management center, and the electronic seal management center responds to the request to send the public electronic seal SEALA1 of the user A to the user B, and the public electronic seal of the user A received by the user B is SEALA1'.
The user B uses the self-public electronic seal SEALB1, the received public electronic seal SEALA1' of the user A, the disposable seal M1, the business serial number Noab1, the name and the website of the electronic seal management center and the hash value of the seal doc Encapsulation into a file seal', i.e.,
seal′=
[ SEALA1', SEALB1, M1, noab1, name and website of electronic seal management center,
user B decrypts ciphertext using shared key t3Get hash value +.>Decrypting ciphertext using shared key k3>The string str3' is obtained. User B generates an irreducible polynomial p based on string str3 3 ' (x) using the irreducible polynomial p 3 'A hash function is generated by' (x) and the shared key s3 +.>And using the generated hash function +.>Calculating file seal' to obtain hash value +.>User B will calculate the hash valueAnd decrypting to obtain the hash value +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the flow of generating the electronic seal is terminated.
User B will hash the valueAnd the information passing the verification is fed back to the user A.
After the verification is passed, the user a presents the stamp doc in a text format, which may be PDF format, for example. User A based on public electronic seal SEALA1 and ciphertext Generating an electronic seal of the user A, based on the received public electronic seal SEALB1' and the ciphertext +.>And generating an electronic seal of the user B, and displaying the two electronic seals at the printing position of the text. Specifically, the public electronic seals SEALA1 and SEALB1' are displayed at the seal location of the text (e.g., at the end company name deposit of the document at the conventional seal location), and the ciphertext encrypted with the shared key t3 is added >The two-dimensional code, the bar code, the watermark, the 16-system numerical value and other identification information are respectively displayed on the SEALA1 and the SEALB1' of the public electronic seal. As shown in FIG. 6, FIG. 6 shows a two-dimensional code of ciphertext ++>A schematic diagram is shown on a public electronic stamp as shown in fig. 5. At this time, the public electronic seal SEALA1 and the two-dimensional code jointly form an electronic seal required by the user A in the printing process, and the electronic seal SEALA1 and the two-dimensional code are inseparable; the public electronic seal SEALB1 and the two-dimensional code together form an electronic seal required by the user B in the current printing process, and the two electronic seals are indistinct. Ciphertext displayed in a two-dimensional code mode>Can be used as the security assurance of this printing.
Similarly, user B is based on public electronic seal SEALB1 and ciphertextGenerating an electronic seal of the user B based on the received public electronic seal SEALA1' and the ciphertext +.>And generating an electronic seal of the user A, and displaying the two electronic seals at the seal position of the seal document doc' text presented in the PDF format. Wherein, ciphertext->Display forms and ciphertext on public electronic seals SEALA1' and SEALB1For example, the two-dimensional codes shown in fig. 6 are displayed in the same form.
User B differs from user a in that the display content (e.g., company name and tax number) of the public electronic seals sea B1 and sea 1 are different.
For the fifth step, the user A can also calculate the hash value of the file sealAnd then, firstly generating electronic seals of the user A and the user B to execute seal for the seal file doc, obtaining a seal file doc_sealed after seal, and transmitting the seal file doc_sealed to the user B for verification.
Based on the method in the fifth step, the electronic seal in the seal file doc_sealed comprises the ciphertext for ensuring the security of the sealUser a sends the post-use document doc_sealed, and the string str3 encrypted with the shared key k3 to user B for authentication. I.e. the file->To user B. User B obtains the printed file doc_seed from the received file D4, and further obtains the hash value from the file doc_seed>And (5) performing verification by adopting the same method in the fifth step. And the user B feeds the verification result back to the user A. Responding to the verification result to be passed, and both the user A and the user B confirm the file doc_sealed after the printing; in response to the verification result being failed, user a needs to regenerate a new electronic seal, The seal is performed and the user B also refuses the printed file doc_seal and waits for the user a to resend the printed file for verification.
Example 2:
as shown in fig. 2 and 4, in this embodiment, the user a and the user B may be under the jurisdiction of different electronic seal management centers. At this time, the electronic seal management center includes two sub electronic seal management centers, which are a sub electronic seal management center a and a sub electronic seal management center B. For example, user A is under the jurisdiction of sub-electronic seal management center A; the user B is under the jurisdiction of the sub electronic seal management center B. At this time, the user a registers in advance with the sub-electronic stamp management center a, and stores information of the sub-electronic stamp management center a, for example, a name and a web address of the sub-electronic stamp management center a. Similarly, the user B stores the name and web address of the sub electronic seal management center B. In correspondence to embodiment 1, that is, the electronic seal management center includes sub electronic seal management centers a and B.
The invention provides a method for generating an electronic seal based on a multiparty application, which comprises the following steps:
step one is identical to step one in embodiment 1, except that the user a sends a request for applying for disclosure of the electronic seal sea 2 and the privacy seal NA2 to the sub-electronic seal management center a, and the request includes the identity information IDa2 of the user a; the user B sends a request for applying the public electronic seal SEALB2 and the private seal NB2 to the sub electronic seal management center B, wherein the request comprises the identity information IDb2 of the user B.
In the second step, the step of synchronizing the user a with the user B and securely storing the printed document, and the step of verifying the consistency of the printed documents of both sides by the user B are consistent with the step two in embodiment 1, so that the details are not repeated here. The user A sends the name and the website information of the sub electronic seal management center A stored by the user A to the user B while synchronizing the stamp doc to the user B. And the user B feeds back the consistency verification result of the printed file to the user A, and simultaneously, the user B also sends the name and the website information of the sub electronic seal management center B stored by the user B to the user A.
And thirdly, the sub electronic seal management centers A and B respectively generate a public electronic seal and a private seal based on the identity information of the user A and the user B which are respectively administered and store the public electronic seal and the private seal safely, and respectively send the generated public electronic seal and private seal to the user A and the user B for safe storage.
In accordance with step three of embodiment 1, the sub-electronic stamp management center a generates the public electronic stamp sea 2 for the user a, and the privacy stamp NA2. In addition to the identity information IDa2 of the user a, the random number Qa2 obtained from the local by the sub-electronic seal management center a, and the generated service serial number Noab2, the privacy seal NA2 further needs to include the name and website information of the sub-electronic seal management center a that generates the privacy seal for the user a, that is,
NA2 = (IDa 2, qa2, noab2, name and web address of sub electronic seal management center a).
In order for the subsequent user to retrieve the parameters related to the current generation of the electronic seal from the sub-electronic seal management centers a and B, the sub-electronic seal management center a needs to interact with the sub-electronic seal management center B to send the service serial number Noab2 corresponding to the current generation of the electronic seal to the sub-electronic seal management center B. In this way, when the subsequent user verifies the electronic seal, the corresponding parameters can be obtained from the sub electronic seal management center A or B through the service serial number Noab2 without generating other indexes.
In this way, the sub-electronic seal management center B multiplexes the service serial number Noab2, and can generate a public electronic seal SEALB2 for the user B, and a private seal NB2, that is,
NB 2= (IDb 2, qb2, noab2, name and web address of sub electronic seal management center B).
Wherein IDb2 is the identity information of user B, qb2 is the random number obtained from the local by sub electronic seal management center B.
And step four, the user A and the user B respectively send a request for applying the disposable seal to the sub electronic seal management centers A and B, the sub electronic seal management centers A and B cooperatively respond to the request, and the disposable seal M2 is generated based on the privacy seal of the user A and the user B.
The request of applying for the disposable seal sent by the user A to the sub-electronic seal management center A comprises the name and the website information of the sub-electronic seal management center B received from the second step, and the sub-electronic seal management center A addresses the sub-electronic seal management center B according to the received name and website of the sub-electronic seal management center B and cooperates with the sub-electronic seal management center B to generate the disposable seal M2.
The sub electronic seal management center A, B and the user A, B perform tetragonal key negotiation to respectively obtain shared keys (s 4, t4 and k 4), the sub electronic seal management center A obtains a group of quantum random numbers from the local and generates an irreducible polynomial p based on the quantum random numbers 4 (x) The irreducible polynomial p 4 (x) The string of coefficients of each term except the highest term is denoted str4, based on the irreducible polynomial p 4 (x) Generating a hash function using the shared key s4The sub electronic seal management center A reads the privacy seal NA2 from the private area of the sub electronic seal management center A, and requests the privacy seal NB2 of the user B from the sub electronic seal management center B through the business serial number Noab2, and the privacy seal NA2 and the acquired privacy seal NB2 are spliced to form a file NAB2, namely,
nab2= (NA 2, NB 2) = (IDa 2, qa2, IDb2, qb2, noab2, name and web address of sub electronic seal management center a,
The name and web address of the sub electronic stamp management center B).
The sub electronic seal management center A uses the generated hash functionHash calculation is carried out on the file NAB2 to obtain a hash value +.>UsingThe shared key t4 encrypts the hash value +.>Obtaining a disposable stamp generated in response to the present application->
The sub-electronic seal management center A transmits the generated disposable seal M2 and the character string str4 encrypted by the shared key k4 to the user A and the sub-electronic seal management center B, namely, the sub-electronic seal management center A transmits the fileAnd the information is sent to the user A and the sub electronic seal management center B. And the sub electronic seal management center B sends the received file D4 to the user B.
Next, user A and user B verify the received disposable stamp, essentially for a hash valueAnd (5) performing verification.
User a versus hash valueThe specific process of verification is as follows:
user a decrypts the ciphertext using shared key t4Get hash value +.>Decrypting ciphertext using shared key k4>The string str4' is obtained. User A generates an irreducible polynomial p based on string str4 4 ' (x) using the irreducible polynomial p 4 ' and shared key s4 generation hashHighway function->The user A reads the privacy seal NA2 from the private area of the user A, acquires the business serial number Noab2 from the read privacy seal NA2, and uses the business serial number Noab2 to request the privacy seal NB2 of the user B from the sub-electronic seal management center B through the sub-electronic seal management center A. The sub-electronic seal management center B reads the privacy seal NB2 of the user B from the secret area of the sub-electronic seal management center B according to the service serial number Noab2 sent by the user A, and sends the privacy seal NB2' of the user B received by the user A to the user A through the sub-electronic seal management center A.
The user a concatenates the own privacy stamp NA and the received privacy stamp NB2 'to obtain the file NAB2', that is,
NAB2 '= (NA 2, NB 2') = (IDa 2, qa2, IDb2, qb2, noab2, name and web address of sub electronic seal management center a,
the name and web address of the sub electronic stamp management center B).
User a uses the generated hash functionCalculating the file NAB2' to obtain a hash valueUser a will calculate the hash value +.>Hash value obtained by decryptionComparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable seal needs to be regenerated. And the user A feeds the verification result back to the sub electronic seal management center A.
Similarly, user B also applies the same method to the hash valueAnd (5) performing verification. After the user B reads the private seal NB2 from the private area thereof, the user B obtains the service serial number Noab2 from the read private seal NB2, and uses the service serial number Noab2 to request the private seal NA2 of the user a from the sub-electronic seal management center a through the sub-electronic seal management center B. The sub-electronic seal management center A reads the privacy seal NA2 of the user A from the secret area according to the service serial number Noab2 sent by the user B, and sends the privacy seal NA2' of the user A received by the user B to the user B through the sub-electronic seal management center B. In this way, the user B can splice with the own privacy stamp NB2 and the received privacy stamp NA2'. The user B also feeds the verification result back to the sub-electronic seal management center B.
Interaction is carried out between the sub electronic seal management center A and the sub electronic seal management center B, and only when the sub electronic seal management center A receives the hash value of the user AThe feedback information passing the verification is verified, and the sub electronic seal management center B also receives the hash value of the user B>When the feedback information passing through the verification is verified, the sub electronic seal management centers A and B register the disposable seal generated in response to the application request of the disposable seal respectively>And service flow number Noab2. The business serial number corresponds to the disposable seal, and the corresponding disposable seal can be obtained from the sub electronic seal management center A or B through the business serial number Noab2>
To further confirm the validity of the disposable stamp, the sub-electronic stamp management center B can also perform the same on the hash valueVerification is performed, so that the user A, the user B and the sub electronic seal management center B are required to perform verification on the hash value +.>When verification passes, the sub electronic seal management centers A and B register the disposable seal generated in response to the application request of the disposable seal>And service flow number Noab2.
Step five is different from step five in embodiment 1 in that the user a needs to request the public electronic stamp SEALB2 of the user B from the sub-electronic stamp management center B via the sub-electronic stamp management center a, and the sub-electronic stamp management center B sends the public electronic stamp SEALB2 of the user B to the user a via the sub-electronic stamp management center a. That is, the user a needs to access the sub-electronic seal management center B via the sub-electronic seal management center a. Likewise, user B also needs to access sub-electronic seal management center a via sub-electronic seal management center B.
User a encapsulates the file seal, i.e.,
seal= [ sea 2, sea B2', M2, noab2, name and web address of sub electronic seal management center a, name and web address of sub electronic seal management center B,the same procedure as in step five of example 1 is subsequently performed to complete the verification of the seal of the document by user B and the printing of the printed document by users a and B.
Embodiment 2, since the user can only interact with the electronic seal management center of the jurisdiction itself, the user a cannot directly access other electronic seal management centers across domains, for example, the user a cannot directly interact with the sub electronic seal management center B. Thus, interactions between sub-electronic stamp management centers, for example, interactions between sub-electronic stamp management center a and sub-electronic stamp management center B, are required between the cross-domains. In comparison with embodiment 1, the related information of the user B, which can be obtained from the electronic seal management center directly, needs to be obtained by requesting from the electronic seal management center B via the electronic seal management center a.
The above two embodiments take the use of both parties (user a and user B) as examples to illustrate the method of the present invention, and the method described in the embodiments of the present invention can be extended to the use of multiple parties of the file as three or more parties, and only the parties need to verify the hash value including the use of the file, the one-time stamp, and the hash value of the file seal in the process of generating the electronic seal.

Claims (10)

1. A method for generating an electronic seal based on a multiparty application, wherein the multiparty application comprises a user a and a user B applying for the electronic seal, the method comprising the steps of:
step one, the user A and the user B respectively send a request for applying to disclose an electronic seal and a privacy seal to an electronic seal management center;
step two, the user A and the user B synchronize and safely store the printed files, and the user B verifies the consistency of the printed files of the two parties;
step three, the electronic seal management center responds to the request for applying for disclosing the electronic seal and the privacy seal received in the step one, generates the disclosing electronic seal and the privacy seal for the user A and the user B and stores the disclosing electronic seal and the privacy seal safely, and sends the generated disclosing electronic seal and the generated privacy seal to the user A and the user B for safe storage respectively;
step four, the user A and the user B send a request for applying the disposable seal to the electronic seal management center, and the electronic seal management center responds to the request for applying the disposable seal and generates the disposable seal based on the privacy seal in the step three;
and fifthly, the user A encapsulates the file seal, calculates the hash value of the encapsulated file seal, sends the hash value to the user B for verification, and after the verification is passed, the user A and the user B respectively generate an electronic seal and execute seal printing on the seal file.
2. The method for generating an electronic seal based on a multi-party application of claim 1, wherein step two further comprises:
the user A and the user B carry out key negotiation to respectively obtain a shared key a, and the user A uses the shared key a to encrypt a local printed document doc to obtain a ciphertextThe user A sends the ciphertext T to the user B;
the user B decrypts the received ciphertext T by using the shared secret key a to obtain a seal document doc';
the user A obtains the random number from the local and generates an irreducible polynomial p based on the random number obtained from the local 1 (x) The user A will not be about the polynomial p 1 (x) The character string formed by each coefficient except the highest term is recorded as str1, the user A and the user B carry out key negotiation to obtain a shared key (s 1, t1, k 1), and the user A is based on an irreducible polynomial p 1 (x) Generating a hash function from a shared key s1Said user A uses a hash function +.>Carrying out hash calculation on the local printed file doc to obtain a hash value +.>The user a encrypts a hash value encrypted with a shared key t1And a file composed of a string str1 encrypted with a shared key k1 Sending to the user B;
the user B decrypts the ciphertext using the shared key t1Get hash value +.>Said user B decrypts the ciphertext +_ using the shared key k1>Obtaining a character string str1', and generating an irreducible polynomial p by the user B based on the character string str1 1 ' (x) using the irreducible polynomial p 1 'A hash function is generated by' (x) and the shared key s1 +.>And use the hash function +.>Calculating the hash value of the stamp doc' to obtain a hash value +.>Hash value calculated +.>Hash value obtained by decryption +.>Comparing, if the printed files are consistent, the printed files doc in the user A are consistent with the printed files doc' in the user B; otherwise, the fact that the seal doc in the user A is inconsistent with the seal doc' in the user B is indicated;
and the user B feeds back the consistency verification result of the printed file to the user A.
3. The method according to claim 2, wherein in the first step, the request for applying for disclosing an electronic seal and a private seal sent by the user a to the electronic seal management center includes own identity information IDa1, the request for applying for disclosing an electronic seal and a private seal sent by the user B to the electronic seal management center includes own identity information IDb1, and the names and websites of the electronic seal management center are stored in the user a and the user B, and the third step further includes:
The process of generating the public electronic seal SEALA1 for the user A by the electronic seal management center is as follows:
the electronic seal management center acquires identity information IDa1 of a user A from a request for applying for disclosing the electronic seal and the privacy seal, which is sent by the user A, and generates a disclosing electronic seal SEALA1 based on the identity information IDa 1;
the process of generating the public electronic seal SEALB1 for the user B by the electronic seal management center is as follows:
the electronic seal management center acquires identity information IDb1 of a user B from a request for applying for disclosing the electronic seal and the privacy seal, which is sent by the user B, and generates a disclosing electronic seal SEALB1 based on the identity information IDb 1;
the process of generating the privacy seal NA1 for the user A by the electronic seal management center is as follows:
the electronic seal management center obtains a group of random numbers Qa1 from the local, generates a service serial number Noab1 based on a request for disclosing an electronic seal and a privacy seal sent by a user A in the step one, and generates a privacy seal NA 1= (IDa 1, qa1, noab 1) based on identity information IDa1 of the user A, the random numbers Qa1 obtained from the local and the service serial number Noab 1;
the process of generating the privacy seal NB1 for the user B by the electronic seal management center is as follows:
The electronic seal management center obtains a group of random numbers Qb1 from the local, and generates a privacy seal NB 1= (IDb 1, qb1, noab 1) based on the identity information IDb1 of the user B, the random numbers Qb1 obtained from the local and the service flow number Noab 1.
4. A method of generating an electronic seal based on a multi-party application as recited in claim 3 wherein said step four further comprises:
the electronic seal management center performs three-party key negotiation with the user A and the user B to respectively obtain shared keys (s 2, t2 and k 2), and locally obtains a group of quantum random numbers and generates an irreducible polynomial p based on the obtained quantum random numbers 2 (x) Will not be about polynomial p 2 (x) The string of coefficients of each term except the highest term is denoted str2, based on an irreducible polynomial p 2 (x) Generating a hash function from a shared key s2
The electronic seal management center reads the privacy seals NA1 and NB1 from the local, and splices the privacy seals NA1 and NB1 to form a file NAB1= (NA 1, NB 1) = (IDa 1, qa1, IDb1, qb1, noab 1), and uses the generated hash functionHash calculation is carried out on the file NAB1 to obtain a hash value +. >Encrypting the hash value +.>Obtaining the disposable seal->
The electronic sealThe management center encrypts a file composed of a disposable seal M1 and a character string str2 encrypted by using a shared key k2Respectively sending to the user A and the user B;
the user A and the user B verify the disposable seal M1;
and in response to the authentication of the disposable seal M1 by the user A and the user B, registering the disposable seal M1 and the service serial number Noab1 by the electronic seal management center.
5. The method for generating an electronic seal based on a multi-party application as defined in claim 4, wherein the specific process of authenticating the disposable seal M1 by the user a includes:
the user a decrypts the ciphertext using the shared key t2Get hash value +.>Decrypting ciphertext using shared key k2>Obtaining a character string str2', and generating an irreducible polynomial p based on the character string str2 2 ' (x) using an irreducible polynomial p 2 'A hash function is generated by' (x) and the shared key s2 +.>The user A reads the privacy seal NA1 locally, acquires the business serial number Noab1 from the read privacy seal NA1, uses the business serial number Noab1 to request the privacy seal NB1 of the user B from the electronic seal management center, the electronic seal management center reads the privacy seal NB1 of the user B locally according to the business serial number Noab1 sent by the user A, And sending the privacy seal to the user A, wherein the privacy seal of the user B received by the user A is NB1';
the user a concatenates the own privacy seal NA1 and the received privacy seal NB1' to obtain a file NAB1' = (NA 1, NB1 ') = (IDa 1, qa1, IDb1, qb1, noab 1), and uses the generated hash functionCalculating file NAB1' to obtain hash value +.>
The user A calculates the hash valueHash value obtained by decryption +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable seal needs to be regenerated;
the user A feeds the verification result back to the electronic seal management center;
the specific process of verifying the disposable seal M1 by the user B comprises the following steps:
the user B decrypts the ciphertext using the shared key t2Get hash value +.>
The user B decrypts the ciphertext using the shared key k2Obtaining the character string str2 ', and generating irreducible multiple items based on the character string str 2'P is as follows 2 "(x) using an irreducible polynomial p 2 "(x) and shared key s2 generate a hash function +.>The user B reads the privacy seal NB1 locally, acquires a service serial number Noab1 from the read privacy seal NB1, and requests the privacy seal NA1 of the user A from the electronic seal management center by using the service serial number Noab1, wherein the electronic seal management center reads the privacy seal NA1 of the user A locally according to the service serial number Noab1 sent by the user B and sends the privacy seal NA1 to the user B, and the privacy seal NA1' of the user A received by the user B;
The user B concatenates the private seal NB1 and the received private seal NA1 'to obtain a file nab1″= (NA 1', NB 1) = (IDa 1, qa1, IDb1, qb1, noab 1), and uses the generated hash functionCalculating file NAB 1' to obtain hash value +.>
The user B calculates the hash valueHash value obtained by decryption +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the disposable seal needs to be regenerated;
and the user B feeds the verification result back to the electronic seal management center.
6. The method for generating an electronic seal based on a multi-party application of claim 5, wherein said step five further comprises:
the user A firstly sends a request for acquiring the public electronic seal SEALB1 of the user B to the electronic seal management center by using a service serial number Noab1, the electronic seal management center responds to the request for acquiring the public electronic seal SEALB1 of the user B sent by the user A and sends the public electronic seal SEALB1 of the user B to the user A, and the public electronic seal of the user B received by the user A is SEALB1';
the user A at least discloses an electronic seal SEALA1, a received public electronic seal SEALB1', a disposable seal M1, a business serial number Noab1, the name and the website of an electronic seal management center and the hash value of a seal doc Packaging into a file seal;
the user A and the user B carry out key negotiation to respectively obtain shared keys (s 3, t3 and k 3), the user A locally obtains a group of quantum random numbers, and generates an irreducible polynomial p based on the obtained quantum random numbers 3 (x) Based on irreducible polynomials p 3 (x) Generating a hash function using the shared key s3And using the generated hash function +.>Hash calculation is carried out on the file seal to obtain a hash value +.>The user A will not be about the polynomial p 3 (x) The character string formed by each term of coefficients except the highest term is recorded as str3;
the user a encrypts a hash value encrypted with a shared key t3And a string str3 encrypted with the shared key k3 ++>Sending to the user B;
the user B hashes the value according to the received file D3Verifying and feeding back the verified information to the user A;
after the verification is passed, the user A and the user B respectively generate an electronic seal and execute seal printing on the seal document.
7. The method for generating an electronic seal based on a multi-party application as recited in claim 6, wherein said user B hashes the value according to the received file D3 pairThe specific process for verification comprises the following steps:
The user B sends a request for acquiring the public electronic seal SEALA1 of the user A to the electronic seal management center by using a service serial number Noab1, the electronic seal management center responds to the request for acquiring the public electronic seal SEALA1 of the user A sent by the user B and sends the public electronic seal SEALA1 of the user A to the user B, and the public electronic seal of the user A received by the user B is SEALA1';
the user B uses the self public electronic seal SEALB1, the received public electronic seal SEALA1', the disposable seal M1, the business serial number Noab1, the name and the website of the electronic seal management center and the hash value of the seal docPackaging into a file seal';
the user B decrypts the ciphertext using the shared key t3Get hash value +.>Decrypting ciphertext using shared key k3>Obtaining a character string str3', and generating an irreducible polynomial p based on the character string str3 3 ' (x) using an irreducible polynomial p 3 'A hash function is generated by' (x) and the shared key s3 +.>And uses the generated hash functionCalculating file seal' to obtain hash value +.>
The user B calculates the hash valueAnd decrypting to obtain the hash value +.>Comparing, if the comparison result is consistent, indicating that the verification is passed; if the verification is inconsistent, the verification is not passed, and the flow of generating the electronic seal is terminated.
8. The method for generating an electronic seal based on a multi-party application as recited in claim 7, wherein the hash value is generated in response to said user BThe verification result of (a) is that the user A and the user B respectively generate an electronic seal and execute seal printing on the seal document, and the method further comprises the following steps:
the user A presents the seal document doc in a text format and is based on the public electronic seal SEALA1 and the ciphertextGenerating the electronic seal of the user A, and based on the received public electronic seal SEALB1' and ciphertextGenerating an electronic seal of the user B, and displaying the two electronic seals at the printing position of the text;
the user B presents the seal document doc 'in a text format and is based on the received public electronic seal SEALA1' and ciphertextGenerating the electronic seal of the user A based on the public electronic seal SEALB1 and the ciphertext +.>And generating the electronic seal of the user B, and displaying the two electronic seals at the printing position of the text.
9. The method for generating an electronic seal based on a multi-party application as recited in claim 8, wherein said ciphertextIs displayed on the public electronic seals SEALA1 and SEALB1' in the form of one of two-dimensional code, bar code, watermark or 16-system numerical value, wherein the ciphertext +_ >To be in charge of ciphertext->The same format is shown on public electronic seals SEALA1' and SEALB1, respectively.
10. The method for generating an electronic seal based on a multiparty application according to any of claims 1-9, wherein the electronic seal management center comprises a sub electronic seal management center a and a sub electronic seal management center B, wherein the user a is under the jurisdiction of the sub electronic seal management center a and the user B is under the jurisdiction of the sub electronic seal management center B;
the first step further comprises: the user A sends a request for applying for disclosing an electronic seal SEALA2 and a privacy seal NA2 to the sub electronic seal management center A, and the user B sends a request for applying for disclosing an electronic seal SEALB2 and a privacy seal NB2 to the sub electronic seal management center B;
the second step further comprises: the user A sends the stored name and website information of the sub electronic seal management center A to the user B, and the user B feeds back the consistency verification result of the seal file to the user A and sends the stored name and website information of the sub electronic seal management center B to the user A;
The third step further comprises: the sub electronic seal management center A generates a public electronic seal SEALA2 and a private seal NA2 for the user A, wherein the private seal NA2 at least comprises identity information IDa2 of the user A, a random number Qa2 acquired from the local by the sub electronic seal management center A, a generated business serial number Noab2, and names and website information of the sub electronic seal management center A;
the sub electronic seal management center A sends a service serial number Noab2 to the sub electronic seal management center B;
the sub-electronic seal management center B generates a public electronic seal SEALB2 and a private seal NB2 for the user B, wherein the private seal NB2 at least comprises identity information IDb2 of the user B, a random number Qb2 acquired from the local by the sub-electronic seal management center B, a business serial number Noab2 received from the sub-electronic seal management center A, and name and website information of the sub-electronic seal management center B;
the fourth step further comprises: the sub electronic seal management center A generates a disposable seal M2, and the user A, the user B and the sub electronic seal management center B verify the disposable seal M2;
The fifth step further comprises: the user A accesses the sub-electronic seal management center B through the sub-electronic seal management center A, and the user B accesses the sub-electronic seal management center A through the sub-electronic seal management center B.
CN202310997426.8A 2023-08-09 2023-08-09 Method for generating electronic seal based on multiparty application Pending CN116975932A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310997426.8A CN116975932A (en) 2023-08-09 2023-08-09 Method for generating electronic seal based on multiparty application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310997426.8A CN116975932A (en) 2023-08-09 2023-08-09 Method for generating electronic seal based on multiparty application

Publications (1)

Publication Number Publication Date
CN116975932A true CN116975932A (en) 2023-10-31

Family

ID=88481288

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310997426.8A Pending CN116975932A (en) 2023-08-09 2023-08-09 Method for generating electronic seal based on multiparty application

Country Status (1)

Country Link
CN (1) CN116975932A (en)

Similar Documents

Publication Publication Date Title
KR102051288B1 (en) Methods and systems for verifying the integrity of digital assets using distributed hash tables and peer-to-peer distributed ledgers
Barsoum et al. Enabling dynamic data and indirect mutual trust for cloud computing storage systems
US6834112B1 (en) Secure distribution of private keys to multiple clients
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
WO2017024934A1 (en) Electronic signing method, device and signing server
US20130042112A1 (en) Use of non-interactive identity based key agreement derived secret keys with authenticated encryption
Yasin et al. Cryptography based e-commerce security: a review
US20100046749A1 (en) Content protection apparatus, and content utilization apparatus
CN109067814B (en) Media data encryption method, system, device and storage medium
CN102176709A (en) Method and device with privacy protection function for data sharing and publishing
Kim et al. Privacy-preserving public auditing for educational multimedia data in cloud computing
KR20230141845A (en) Threshold key exchange
CN114528331A (en) Data query method, device, medium and equipment based on block chain
US11356427B1 (en) Signcrypted envelope message
Yoosuf et al. LDuAP: lightweight dual auditing protocol to verify data integrity in cloud storage servers
CN103916237A (en) Method and system for managing user encrypted-key retrieval
CN116975932A (en) Method for generating electronic seal based on multiparty application
Murthy Cryptographic secure cloud storage model with anonymous authentication and automatic file recovery
Sowmiya et al. Secure cloud storage model with hidden policy attribute based access control
CN112950356A (en) Personal loan processing method, system, device and medium based on digital identity
Chen et al. A hill cipher‐based remote data possession checking in cloud storage
CN116975931A (en) Method for generating electronic seal based on unilateral application
Gonthireddy et al. Secure Big Data Deduplication with Dynamic Ownership Management in Cloud Computing
US10892892B1 (en) Method and apparatus for end-to-end secure sharing of information with multiple recipients without maintaining a key directory
Dabhade et al. Data security in cloud using aggregate key and Diffie-Hellman algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination