Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of method that realizes E-seal, document process software and seal process software are independently of one another, under the prerequisite that need not make any change, increase the E-seal function for it to document process software, thereby reduce developer's workload, economize on resources.
In order to achieve the above object, the technical scheme of the present invention's proposition is:
A kind of method that realizes E-seal, after independently between document process software and the seal process software mutual interface being set, this method also comprises:
When needs are affixed one's seal to document, the data that comprise document are signed electronically electron gain signature result by described seal process software; The seal data and the document data of described electronic signature result, document are preserved in the lump, and the realization E-seal is affixed one's seal;
When needs are printed or show through the document of affixing one's seal, print or the display document data by document process software, print in checking electronic signature back or show seal by the seal process software.
In the such scheme, when described checking signs electronically when effective, the seal of described printing or demonstration is the seal image of described seal data correspondence.
In the such scheme, when described checking signs electronically when invalid, described seal process software is printed or is shown that the method for seal is:
The seal process software is printed in the invalid mode of the expression document of prior setting or is shown.
In the such scheme, the method for described electronic signature is:
Calculate the hashed value of data to be signed, utilize private key that hashed value is encrypted again; Perhaps,
Cut apart data to be signed earlier, each partitioning portion is calculated hashed value, utilize private key that each hashed value is encrypted in the lump then; Perhaps,
Cut apart data to be signed earlier, each partitioning portion is calculated hashed value, each hashed value that calculates is calculated hashed value once more, utilize private key that the hashed value of calculating is once more encrypted then.
In the such scheme, the method for described electronic signature is:
Calculate the regularization result's of data to be signed hashed value, utilize private key that hashed value is encrypted again.
In the such scheme, the method for described regularization is: the principal character that extracts data to be signed.
In the such scheme, the interactive interface between described document process software and the seal process software is:
Object connects and nested OLE, The Component Object Model COM, OCX control, the grand or Adobe PDF SDK of UOML UOML, the Office of Microsoft.
In the such scheme, described seal process software is the plug-in unit of document process software.
In the such scheme, when needs are printed or show through the document of affixing one's seal, describedly print or the display document data, print in checking electronic signature back or show that the method for seal is specially by the seal process software by document process software:
Described document process software is opened the document through affixing one's seal, the seal process software obtains described seal data, electronic signature result and document data by described interactive interface, and according to described seal data, electronic signature result and document data electronic signature is verified; Described document process software is printed or is shown described document data, and notifies described seal process software to print or the demonstration seal by described interactive interface.
In the such scheme, described document process software is the plug-in unit of E-seal process software.
In the such scheme, when needs are printed or show through the document of affixing one's seal, describedly print or the display document data, print in checking electronic signature back or show that the method for seal is specially by the seal process software by document process software:
Described seal process software is opened through the document of affixing one's seal, and obtains described seal data, electronic signature result and document data, and described document process software obtains described document data by described interactive interface; Described seal process software verifies electronic signature according to seal data, electronic signature result and document data, prints or shows described seal, and print or show described document data by described interactive interface notification of document process software.
In sum, a kind of method that realizes E-seal that the present invention proposes, independently between document process software and the seal process software mutual interface being set, be responsible for affixing one's seal, show or print the seal part by the seal process software, be responsible for showing or the document printing part by document software.Because document process software and seal process software are independently of one another, under the prerequisite that need not make any change, increase the E-seal function for it to document process software, thereby reduce software developer's workload, economize on resources, help the popularization and the use of E-seal technology.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings and the specific embodiments.
Basic thought of the present invention is: independently between document process software and the seal process software mutual interface is being set, when needs are affixed one's seal to document, by described seal process software the data that comprise document are signed electronically, electron gain signature result, the seal data and the document data of described electronic signature result, document are preserved in the lump, and the realization E-seal is affixed one's seal; When needs are printed or show through the document of affixing one's seal, print or the display document data by document process software, print in checking electronic signature back or show seal by the seal process software.
Among the present invention, because document process software and seal process software are independent of each other, do not bind together as prior art, in actual applications, can be with the plug-in unit of seal process software as document process software, also can be with the plug-in unit of document process software as the seal process software.
Interactive interface between document process software and the seal process software can be for: object connects with nested (OLE), The Component Object Model (COM), OCX control, UOML (UOML), the Office of Microsoft is grand or Adobe PDF SDK etc.No matter the mode of the interactive interface between document process software and the seal process software is how, should be as restriction condition of the present invention, all within protection scope of the present invention.
Below respectively with the plug-in unit of seal process software as document process software, and document process software is that example describes the present invention program in detail as the plug-in unit of seal process software.
Fig. 1 is the process flow diagram that realization is affixed one's seal with E-seal among the embodiment one.In the present embodiment, the seal process software is the plug-in unit of document process software, and is undertaken alternately by interface.
As shown in Figure 1, when needs were affixed one's seal to document, this method may further comprise the steps:
Step 101: document process software will comprise that the data of document pass to the seal process software by interface;
Step 102: the seal process software signs electronically to the data that comprise document, electron gain signature result, and the result that will sign electronically returns to document process software by interface;
This step is described to sign electronically to the data that comprise document, not only can sign to document data itself, can also sign in the lump to data such as timestamps, then can determine voluntarily as for the concrete object of signing in the practical application, repeat no more herein by the user who uses the present invention program.
In the practical application, the method for electronic signature can for:
Calculate the hashed value of data to be signed earlier, utilize private key that hashed value is encrypted again; Perhaps,
Cut apart data to be signed earlier, each partitioning portion is calculated hashed value, utilize private key that each hashed value is encrypted in the lump then; Perhaps,
Cut apart data to be signed earlier, each partitioning portion is calculated hashed value, each hashed value that calculates is calculated hashed value once more, utilize private key that the hashed value of calculating is once more encrypted then.
The method of electronic signature can also for: calculate the regularization result's of data to be signed hashed value, utilize private key that hashed value is encrypted again.It is described here that data to be signed are carried out regularization can be the principal character that extracts data to be signed.Such as: Doctype is the word document, just can extract Word messages all in the word document, and the described Word message here is exactly a principal character, and other information does not then deal with.Certainly, in the practical application, also can use other regularization method of prior art, repeat no more herein.
In addition, this step can specifically adopt private key to sign.Seal data can be corresponding with a smart card, preserves a pair of PKI and private key in the described smart card.Wherein, described private key is to be formed by the chip computing in the smart card, and guarantees that private key data is not reproducible and can not read that by the ardware feature of smart card the described signature of this step can be the computing that utilizes the private key of smart card to carry out in smartcard internal.
PKI described here is used for certifying signature when being follow-up opening document, can be random duplicating and reading.That is to say,, comprise the signature result who guarantees its security in the protected document, distort, just can't utilize PKI to obtain the correct label result that tests, promptly can not also can not correctly show seal by signature verification if the document passes through through after affixing one's seal.
Certainly, in the practical application, also can adopt other mode to sign electronically and certifying signature, as long as can protect document.
Step 103: the electronic signature result that document process software will return, seal data and document data are kept in the document in the lump, and the realization E-seal is affixed one's seal.
The seal data that this step is kept in the document have only PKI, and are not used for the private key of signing in advance.
Fig. 2 is a process flow diagram of printing or show the document that process is affixed one's seal among the embodiment one.As shown in Figure 2, present embodiment can may further comprise the steps:
Step 201: document process software is opened the document through affixing one's seal;
Step 202: document process software is passed to the seal process software with electronic signature result, seal data and the document data preserved in the document by interface;
Step 203: the seal process software is verified electronic signature according to described electronic signature result, seal data and document data;
In this step, the method for the electronic signature that the seal process software will be when affixing one's seal realizes checking.If the method for electronic signature is: calculate the hashed value of data to be signed, utilize private key that hashed value is encrypted again.So, Dui Ying verification method is: calculate the hashed value of signed data, utilize PKI that hashed value is verified again.
If the method for electronic signature is: cut apart data to be signed earlier, each partitioning portion is calculated hashed value, utilize private key that each hashed value is encrypted in the lump then.So, corresponding verification method is: cut apart signed data earlier, each partitioning portion is calculated hashed value, utilize PKI that each hashed value is verified then.
If the method for electronic signature is: cut apart data to be signed earlier, each partitioning portion is calculated hashed value, each hashed value that calculates is calculated hashed value once more, utilize private key that the hashed value of calculating is once more encrypted then.So, corresponding verification method is: cut apart signed data earlier, each partitioning portion is calculated hashed value, each hashed value that calculates is calculated hashed value once more, utilize PKI that the hashed value of calculating is once more verified then.
If the method for electronic signature is: calculate the regularization result's of data to be signed hashed value, utilize private key that hashed value is encrypted again.So, Dui Ying verification method is: calculate the regularization result's of signed data hashed value, utilize PKI that hashed value is verified again.
Step 204: document process software is printed or is shown described document data, and prints or the demonstration seal by interface notice seal process software.
In this step, the seal process software is printed or shown that the situation of seal is divided into two kinds of situations usually: first kind of situation is that the checking electronic signature is effective, the seal process software is printed or the seal of demonstration is the seal image of seal data correspondence, such as the image that " XX company " printed words are arranged, identical with seal in kind; Second kind of situation is that the checking electronic signature is invalid, i.e. checking is not passed through, and the seal process software can be printed or shows in the invalid mode of the expression document of prior setting.Such as: the invalid image of certain expression document can be printed or show to the seal process software; Can print or be presented at the image of stack " fork " on the original seal image; Also can print or be presented on the original seal image image of printed words such as stack engineering noise.
In the practical application, also can print or show seal, as long as can represent accurately that document is effective or invalid with other method.Certainly, if verify invalidly, can also not print or show any image.Specifically how to implement, can determine, enumerate no longer one by one herein by the user who uses the present invention program.
In the present embodiment, document process software is main body software, and the seal process software is a plug-in unit.If adopt OLE mechanism, then document process software is the OLE client, and the seal process software is the OLE server, and interactive interface is the OLE interface.When needs were affixed one's seal, seal partly can be used as the OLE data and is embedded in the document; When needs were printed or show, document process software can start the OLE server, handles the seal part by the OLE server.
If adopt COM mechanism, then the seal process software is a com component, can provide assembly ID, attribute and method for document process software.When needs were affixed one's seal, seal partly comprised the ID of the com component that can handle self, and was embedded in the document; When needs are printed or show, create the example of com component according to the ID of com component, and wait by attribute, the method for visiting this assembly and to handle the seal part.
If adopt OCX mechanism, then the seal process software is the OCX control, and its principle is similar substantially to COM mechanism, just can also be used for affixing one's seal and function such as checking on the webpage.
If adopt UOML mechanism, the storage of seal data and parsing etc. can be finished by the UOML bottom, and document process software then directly calls the UOML plug-in unit and realizes affixing one's seal; When needs were printed or show, document process software utilized UOML to finish the parsing of seal data and presents.
Fig. 3 is the process flow diagram that realization is affixed one's seal with E-seal among the embodiment two.In the present embodiment, document process software is the plug-in unit of seal process software, and is undertaken alternately by interface.
As shown in Figure 3, when needs were affixed one's seal to document, this method may further comprise the steps:
Step 301: the seal process software directly signs electronically to the data that comprise document, electron gain signature result;
In the present embodiment, the seal process software is a main body, when opening document, can directly obtain to comprise the data of document from document, does not need to obtain by interface.
When the seal process software signed electronically, document process software also can the display document data, so that the user understands the document data that needs signature intuitively.
Identical with embodiment one, the described electronic signature of this step not only can also be signed to data such as timestamps in the lump to document data signature itself, repeats no more herein.
Identical with embodiment one, the method for the described electronic signature of this step can for: calculate earlier the hashed value of data to be signed, utilize private key that hashed value is encrypted again; Perhaps, cut apart data to be signed earlier, each partitioning portion is calculated hashed value, utilize private key that each hashed value is encrypted in the lump then; Perhaps, cut apart data to be signed earlier, each partitioning portion is calculated hashed value, each hashed value that calculates is calculated hashed value once more, utilize private key that the hashed value of calculating is once more encrypted then; Perhaps, calculate the regularization result's of data to be signed hashed value, utilize private key that hashed value is encrypted again.Order extracts as principal character.
Can specifically adopt private key to sign.Seal data can be corresponding with a smart card, preserves a pair of PKI and private key in the described smart card.Wherein, described private key is to be formed by the chip computing in the smart card, and guarantees that private key data is not reproducible and can not read that by the ardware feature of smart card the described signature of this step can be the computing that utilizes the private key of smart card to carry out in smartcard internal.
PKI described here is used for certifying signature when being follow-up opening document, can duplicate and read.That is to say,, comprise the signature result who guarantees its security in the protected document, distort, just can't utilize PKI to obtain the correct label result that tests, promptly can not also can not correctly show seal by signature verification if the document passes through through after affixing one's seal.
Certainly, in the practical application, also can adopt other mode to sign electronically and certifying signature, as long as can protect document.
Step 302: will sign electronically result, seal data and document data of seal process software preserved in the lump, realizes that E-seal affixes one's seal.
Identical with embodiment one, the seal data that this step is kept in the document also have only PKI, and are not used for the private key of signing in advance.
Fig. 4 is a process flow diagram of printing or show the document that process is affixed one's seal among the embodiment two.As shown in Figure 4, present embodiment can may further comprise the steps:
Step 401: the seal process software is opened through the document of affixing one's seal, electron gain signature result, seal data and document data;
Step 402: the seal process software is passed to document process software by interactive interface with document data;
Step 403: the seal process software is verified electronic signature according to seal data, electronic signature result and document data;
The described method that electronic signature is verified of this step is identical with the step 203 of embodiment one, repeats no more herein.
Step 404: the seal process software is printed or is shown described seal, and prints or show described document data by interactive interface notification of document process software.
Similar to embodiment one, in this step, the seal process software is printed or the situation of demonstration seal also is divided into two kinds of situations: first kind of situation is that the checking electronic signature is effective, and the seal process software is printed or the seal of demonstration is the seal image of seal data correspondence; Second kind of situation is that the checking electronic signature is invalid, i.e. checking is not passed through, and the seal process software can be printed or shows in the invalid mode of the expression document of prior setting.
No matter be embodiment one or embodiment two, because document process software and seal process software are independently, respectively documentation section and seal are partly handled, in procedure for displaying, possible document process software is presented to the user with document data earlier, behind the seal process software seal image is presented to the user; Also may earlier seal image be presented to the user by the seal process software, behind the document process software document data be presented to the user; Also may be that document process software is presented to the user with the documentation section data earlier, the seal process software be presented to the user with seal image again, and document process software will remain document data and present to the user then.In a word, document process software and seal process software are when partly handling documentation section and seal respectively, and not strict order is specifically determined by actual conditions, repeats no more herein.
In the present embodiment, the seal process software is a main body software, and document process software is plug-in unit.If adopt OLE mechanism, then the seal process software is the OLE client, and document process software is the OLE server, and interactive interface is the OLE interface.When needs were affixed one's seal, document data can be used as the OLE data and is embedded in the seal data; When needs were printed or show, the seal process software can start the OLE server, handles documentation section by the OLE server.
If adopt COM mechanism, then document process software can provide assembly ID, attribute and method for the seal process software as com component.When needs were affixed one's seal, documentation section comprised the ID of the com component that can handle self, and was embedded in the seal data; When needs are printed or show, create the example of com component according to the ID of com component, and wait by attribute, the method for visiting this assembly and to handle documentation section.
If adopt OCX mechanism, then document process software is the OCX control, and its principle is similar substantially to COM mechanism, just can also be used for functions such as demonstration on the webpage and Edit Document.
If adopt UOML mechanism, the storage of document data and parsing etc. can be finished by the UOML bottom, and the seal process software then directly calls the UOML plug-in unit and realizes affixing one's seal; When needs were printed or show, the seal process software utilized UOML to finish the parsing of document data and presents.
Use the present invention program, document process software and seal process software are independently of one another, can increase the E-seal function for it under the prerequisite that need not make any change to document process software.In addition, independently the seal process software can be transplanted in other document process software easily, need not to redesign soft, hardware interface and interaction mechanism, thereby significantly reduces developer's workload, economize on resources, help the popularization and the use of E-seal technology.
In sum, more than be preferred embodiment of the present invention only, be not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.