CN103647650B - Rule definition based automatic signature/signature verification device and method - Google Patents
Rule definition based automatic signature/signature verification device and method Download PDFInfo
- Publication number
- CN103647650B CN103647650B CN201310701633.0A CN201310701633A CN103647650B CN 103647650 B CN103647650 B CN 103647650B CN 201310701633 A CN201310701633 A CN 201310701633A CN 103647650 B CN103647650 B CN 103647650B
- Authority
- CN
- China
- Prior art keywords
- signature
- sign test
- rule
- definition
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a rule definition based automatic signature/signature verification device. The device comprises a signature configuration providing module, a signature rule defining module, a signature log record and service defining module and an application-level signature/signature verification service and process defining module. The signature configuration providing module provides signature configuration adapted to different business scenarios. The signature rule defining module is in charge of defining signature characteristic string rules formed by transaction characteristic fields extracted from entity objects. The signature log record and service defining module extracts signature log information form the entity objects and signature rules and calls log services to preserve the signature information in a database. The application-level signature/signature verification service and process defining module defines signature and signature verification services of the entity objects and achieves the services. The invention further provides a rule definition based automatic signature/signature verification method. According to the device and the method, automatic signature/signature verification of multi-business objects can be completed by fully using single business objects, and a common solution for common business object automatic signature/signature verification is established.
Description
Technical field
A kind of the present invention relates to field of computer technology, in particular it relates to automatic signature of rule-based definition/sign test dress
Put and a kind of automatic signature of rule-based definition/sign test method.
Background technology
The range of application of enterprise operation system has been expanded in the development of Internet technology, and its range of application extends from enterprises
To enterprise external.Enterprise operation system is not only interacted with enterprises employee and enterprises other operation system, also with enterprise
Outside(Affiliate)Employee or operation system interaction.Internet popular, Web technology rapidly develops, hack tool
The today becoming increasingly popular, enterprise core business application system applied environment is also more complicated.Attack for service application and broken
Badly it is on the increase, safety on line faces increasingly serious challenge, and security risk has reached unprecedented height.Should in order to evade
With security risk, national financial circles standard《National financial industry standard JR/T0071 2012》Sensitive transactions are had clearly strong
System requires, for sensitive business datum and business operation it is necessary to introduce the safety approach of maturation during the foundation of application.
In operation system, when user passes through internetwork operation sensitive data(Such as fund flows out related document)Or execution
Sensitive operation(The such as related review operation of fund)When, its data is non-by other people during being possible to transmit in the Internet
Method is distorted;After data is saved in data base, there is also disabled user bypass application usurped according to storehouse by immediate operand
The risk changing.As shown in Figure 3.
The business need being related to sensitive data or sensitive operation being capable of the active protection risk distorting and deny.Real at present
Now this demand for security is substantially the public-key cryptography capital construction using industry comparative maturity(Public Key
Infrastructure)/ digital certificate authentication mechanism(Certificate authority, CA)In signature/sign test scheme,
Ensure the integrity of important service operation and the anti-repudiation of operation system.In current operation system, general employing customizes
Method carries out signature/sign test, and its scheme is as shown in Figure 4.
When client submits data to, system extracts the feature string for signature from business object to user(Not all
Information participate in signature, only focus on sensitive information, different business objects has different feature string decimation rules), then utilize
Client private key obtains signed data according to feature string, and signature completes.Then pass through network to send business object and signed data
To service end, it may first have to be obtained employment using the rule same with client after service end obtains business object and signed data
Extract signature character string in business object, and utilize public key certificate decrypted signature data.Then contrast signed data and foundation business
Whether characteristics of objects string is consistent.If consistent, sign successfully, otherwise just sign unsuccessfully.
In Current protocols, there are some problems, for example:(1) each signature service needs independent realization to extract signature character string
(Digital digest is in plain text) assembly, signature rule is embedded in source code, and code is complicated and redundancy is big;(2) same transaction
Client is identical with service end extraction signature character string rule, but realizes respectively, easily causes regular inconsistent, causes sign test to lose
Lose;(3) digital signature(Ciphertext)Storage and record there is no unified mode;(4) expansibility is poor, increases signature service or modification
Signature rule needs to change source code;(5) due to signature character string(Digital digest is in plain text) extracting rule is dispersed in source code,
Regular observability and maintainability are poor;(6) realize more complicated it is desirable to developer has certain understanding to signature/sign test knowledge.
With the raising of application safety requirements, more business datums or business operation is had to have the requirement of signature/sign test.With
Upper problem can directly increase the complexity of operation system, and then affects the quality of system.Need to set up general automatic signature/test
Sign device, the signature of system for unified management and sign test, expansibility and the maintainability of system can be greatly improved, fully reduce
The complexity of system, improves work efficiency and quality.
Accordingly, it would be desirable to a kind of automatic signature/sign test technology of new rule-based definition, can be existing rule-based
On the basis of the automatic signature/sign test mode of definition, make full use of that single business object completes multi-service object takes automatic signature/test
Sign, set up general, the unified signature/sign test thinking towards GBO automatic signature/sign test of multi-service object participation.
Content of the invention
The present invention is based on the problems referred to above it is proposed that a kind of automatic signature/sign test device of new rule-based definition
Technology, can make full use of single business object and completes on the basis of the automatic signature of existing rule-based definition/sign test mode
Multi-service object take automatic signature/sign test, set up multi-service object participation towards GBO automatic signature/sign test
General, unified signature/sign test thinking.
In view of this, the present invention proposes a kind of automatic signature of rule-based definition/sign test device, including:Signature is joined
Put offer module, for providing the signature configuration adapting to different business scene;Signature rule-definition module, for need sign
Entity object definition signature rule, to define transaction feature field and to form signature character string;Signature log record and service
Definition module, for, in actual signature process, the signature providing from described signature configuration provides module configures corresponding entity
In object, the signature rule of described signature rule-definition module definition, extract signature log relevant information, call log services simultaneously
It is saved in data base;The service of application layer signature/sign test and process definition module, for definition based on described signature configuration provides mould
The signature configuration signature of corresponding entity object and the service of sign test that block provides, and it is based on described signature log record and service
The signature log record of definition module definition and service, realize the signature of corresponding entity object and the service of sign test.In this skill
It is provided that adapting to the signature configuration of different business scene in art scheme, defining general signature rule, being conducive to simplifying and signing
Name/sign test process.
It is preferable that the automatic signature of described rule-based definition/sign test device in technique scheme, also include:Sign
Name/sign test tracking/trace back block, corresponding for realize to the service of described application layer signature/sign test and process definition module
The signature of entity object and/or sign test, are tracked/review.In this technical scheme, can be to the signature of corresponding entity object
And/or sign test is tracked/reviews, be conducive to improving signature and/or the verity of sign test and reliability.
It is preferable that the described signature/sign test tracking/trace back block behaviour that is tracked/reviews in technique scheme
Make, specifically include when signature/sign test failure, inquire about sign test daily record, review signature/sign test history;Described sign test daily record,
Specially it is saved in the signature log relevant information in described signature log record and the data base of service definition module definition;When
When document repeatedly preserves/submit to, described signature log record and service definition module can record many parts of sign test daily records, currently up-to-date
Signature is saved in an independent table in described signature log record and the data base of service definition module definition.In this technical side
In case, consider from performance, currently up-to-date signature log can be placed in an independent table, be conducive to improving search efficiency and standard
Really property.
It is preferable that the adaptation different business scene that provides of described signature configuration provides module in technique scheme
Signature configuration, including signature according to document types, type of transaction, type of action configuration, configures corresponding signature with each signature
Configuration item includes " whether signing ", " whether executing data base's sign test when sign test ", " whether recording signature log ";And,
The signature log relevant information that described signature log record and service definition module are extracted, including the mark based on entity object,
Module coding, document types, document mark, document number, function coding, action coding, signature plaintext, signature ciphertext, signature behaviour
One or more of work person, signature source type, sign test state, key producer ID and Ciphering Key Sequence Number;And, described application
The signature of entity object of level signature/sign test service and the definition of process definition module and the service of sign test, test including signature, network
Sign database sign test;Wherein:The operation of described signature, specially according to client input document and predefined signature rule
Signed;The operation of described network sign test, specially according to the Business Entity receiving, signed data, signature rule verification
Signature, and record sign test daily record;The operation of described data base's sign test, specially according to the last change data in data base and label
Name daily record carries out sign test, should record certificate serial number, with this certificate sign test in signature log.
It is preferable that the signature of described signature rule-definition module definition is regular, including signature word in technique scheme
Duan Liebiao, definition referential field, format mode and field put in order;And, described signature rule-definition module is additionally operable to:
For the entity needing signature, increase a signature rule configuration file, definition comprises list of fields, referential field, formatting
The signature rule that mode and field put in order;When signature, according to signature rule and solid generation signature character string.At this
In technical scheme, the durability that similar solid object is signed can be improved by increased signature rule configuration file
And reliability.
According to a further aspect of the invention it is also proposed that a kind of automatic signature of rule-based definition/sign test method, wrap
Include:Step 202:The signature configuration adapting to different business scene is provided;Step 204:The entity object definition needing signature is signed
Name rule, to define transaction feature field and to form signature character string;Step 206:In actual signature process, from described step
The signature of 202 offers configures in the signature rule of corresponding entity object, the definition of described step 204, extracts signature log related
Information, calls log services and is saved in data base;Step 208:Definition is corresponded to based on the signature configuration that described step 202 provides
The signature of entity object and sign test service, and based on described step 206 definition signature log record and service, realize phase
The signature of the entity object answered and the service of sign test.It is provided that adapting to the signature of different business scene in this technical scheme
Configuration, defines general signature rule, is conducive to simplifying signature/sign test process.
It is preferable that after described step 208, also including in technique scheme:Step 210:To described step
The signature of corresponding entity object of 208 realizations and/or sign test, are tracked/review.In this technical scheme, can be to phase
Answer the signature of entity object and/or sign test to be tracked/review, be conducive to improving signature and/or the verity of sign test and reliability
Property.
It is preferable that the operation that is tracked/reviews of described step 210 in technique scheme, specifically include when signing
When the failure of name/sign test, inquire about sign test daily record, review signature/sign test history;Described sign test daily record, is specially saved in institute
State the signature log relevant information in the data base of step 206 definition;When document repeatedly preserves/submit to, described step 206 meeting
Record many parts of sign test daily records, currently up-to-date signature is saved in an independent table in the data base of described step 206 definition.At this
In technical scheme, consider from performance, currently up-to-date signature log can be placed in an independent table, be conducive to improving inquiry effect
Rate and accuracy.
It is preferable that the signature adapting to different business scene that described step 202 provides configures in technique scheme,
Including signature according to document types, type of transaction, type of action configuration, include with each signature configuration corresponding signature configuration item
" whether signing ", " when sign test, whether executing data base's sign test ", " whether recording signature log ";And, described step 206
The signature log relevant information extracted, including the mark based on entity object, module coding, document types, document mark, document
Number, function coding, action coding, signature in plain text, signature ciphertext, signature operation person, signature source type, sign test state, key
One or more of producer ID and Ciphering Key Sequence Number;And, the signature of entity object of described step 208 definition and sign test
Service, including signature, network sign test database sign test;Wherein:The operation of described signature, specially single according to client input
According to and predefined signature rule signed;The operation of described network sign test, specially according to the Business Entity receiving, label
Name data, signature rule verification signature, and record sign test daily record;The operation of described data base's sign test, specially according to data base
In last change data and signature log carry out sign test, certificate serial number should be recorded in signature log, with this certificate sign test.
It is preferable that the signature rule of described step 204 definition in technique scheme, including signature field list, determine
Adopted referential field, format mode and field put in order;And, described step 204 also includes:For the reality needing signature
Body, increases a signature rule configuration file, it is suitable that definition comprises list of fields, referential field, format mode and field arrangement
The signature rule of sequence;When signature, according to signature rule and solid generation signature character string.In this technical scheme, permissible
By increased signature rule configuration file, improve the durability that similar solid object is signed and reliability.
By above technical scheme, can fill on the basis of the automatic signature of existing rule-based definition/sign test mode
Point take automatic signature/sign test using what single business object completed multi-service object, set up the participation of multi-service object towards general
General, the unified signature/sign test thinking of business object automatic signature/sign test.
Brief description
Fig. 1 shows the block diagram of the automatic signature/sign test device of rule-based according to an embodiment of the invention definition;
The flow chart that Fig. 2 shows the automatic signature/sign test method of rule-based according to an embodiment of the invention definition;
Fig. 3 shows the application scenario diagram of prior art;
The flow chart that Fig. 4 shows current system signature sign test process;
Fig. 5 shows the block diagram of field of configuration model of signing according to an embodiment of the invention;
Fig. 6 shows the block diagram of domain model of signing according to an embodiment of the invention;
The flow chart that Fig. 7 shows signature/sign test process according to an embodiment of the invention;
Fig. 8 shows the flow process of the signature/sign test passing through automatic signature/sign test device according to an embodiment of the invention
Figure.
Specific embodiment
In order to be more clearly understood that the above objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specifically real
Mode of applying is further described in detail to the present invention.It should be noted that in the case of not conflicting, the enforcement of the application
Feature in example and embodiment can be mutually combined.
Elaborate a lot of details in the following description in order to fully understand the present invention, but, the present invention also may be used
To be implemented different from other modes described here using other, therefore, protection scope of the present invention is not described below
Specific embodiment restriction.
Fig. 1 shows the block diagram of the automatic signature/sign test device of rule-based according to an embodiment of the invention definition.
As shown in figure 1, the automatic signature of rule-based according to an embodiment of the invention definition/sign test device 100, bag
Include:Signature configuration provides module 102, for providing the signature configuration adapting to different business scene;Signature rule-definition module
104, for need signature entity object definition signature rule, to define transaction feature field and to form signature character
String;Signature log record and service definition module 106, for, in actual signature process, providing from signature configuration provides module
Signature configure corresponding entity object, in the signature rule of signature rule-definition module definition, extract the related letter of signature log
Breath, calls log services and is saved in data base;The service of application layer signature/sign test and process definition module 108, are used for defining base
Configure the signature of corresponding entity object and the service of sign test in the signature that signature configuration provides module provides, and based on signature day
The signature log record of will record and service definition module definition and service, realize the signature of corresponding entity object and sign test
Service.It is provided that adapting to the signature configuration of different business scene in this technical scheme, defining general signature rule, having
Beneficial to simplification signature/sign test process.
It is preferable that the automatic signature of rule-based definition/sign test device in technique scheme, also include:Signature/
Sign test tracking/trace back block 110, for the corresponding reality that the service of application layer signature/sign test and process definition module 108 are realized
The signature of body object and/or sign test, are tracked/review.In this technical scheme, can be to the signature of corresponding entity object
And/or sign test is tracked/reviews, be conducive to improving signature and/or the verity of sign test and reliability.
It is preferable that signature/sign test tracking/trace back block 110 operation that is tracked/reviews in technique scheme,
Specifically include when signature/sign test failure, inquire about sign test daily record, review signature/sign test history;Sign test daily record, specially
It is saved in the signature log relevant information in signature log record and the data base of service definition module 106 definition;When document is many
During secondary preservation/submission, signature log record and service definition module 106 can record many parts of sign test daily records, and currently up-to-date signature is protected
Exist in an independent table in signature log record and the data base of service definition module 106 definition.In this technical scheme, from
Consider in performance, currently up-to-date signature log can be placed in an independent table, be conducive to improving search efficiency and accuracy.
In technique scheme it is preferable that signature configuration provides module 102 provide adaptation different business scene label
Name configuration, including signature according to document types, type of transaction, type of action configuration, configures corresponding signature with each signature and joins
Put item includes " whether signing ", " whether executing data base's sign test when sign test ", " whether recording signature log ";And, sign
Name log recording and the signature log relevant information of service definition module 106 extraction, including the mark based on entity object, module
Coding, document types, document mark, document number, function coding, action coding, signature in plain text, signature ciphertext, signature operation person,
One or more of signature source type, sign test state, key producer ID and Ciphering Key Sequence Number;And, application layer is signed/is tested
Sign service and the signature of entity object of process definition module 108 definition and the service of sign test, including signature, network sign test sum
According to storehouse sign test;Wherein:The operation of signature, is specially signed according to client input document and predefined signature rule;
The operation of network sign test, specially according to the Business Entity receiving, signed data, signature rule verification signature, and records and tests
Sign daily record;The operation of data base's sign test, specially carries out sign test according to the last change data in data base and signature log, signs
Certificate serial number should be recorded, with this certificate sign test in name daily record.
It is preferable that the signature of signature rule-definition module 104 definition is regular, including signature word in technique scheme
Duan Liebiao, definition referential field, format mode and field put in order;And, signature rule-definition module 104 is additionally operable to:
For the entity needing signature, increase a signature rule configuration file, definition comprises list of fields, referential field, formatting
The signature rule that mode and field put in order;When signature, according to signature rule and solid generation signature character string.At this
In technical scheme, the durability that similar solid object is signed can be improved by increased signature rule configuration file
And reliability.
The flow chart that Fig. 2 shows the automatic signature/sign test method of rule-based according to an embodiment of the invention definition.
As shown in Fig. 2 the automatic signature of rule-based according to an embodiment of the invention definition/sign test method, including:Step
Rapid 202:The signature configuration adapting to different business scene is provided;Step 204:To the entity object definition signature rule needing signature
Then, to define transaction feature field and to form signature character string;Step 206:In actual signature process, provide from step 202
Signature configure corresponding entity object, step 204 definition signature rule in, extract signature log relevant information, call day
Will services and is saved in data base;Step 208:Definition configures the label of corresponding entity object based on the signature that step 202 provides
Name and the service of sign test, and the signature log record based on step 206 definition and service, realize the signature of corresponding entity object
Service with sign test.It is provided that adapting to the signature configuration of different business scene in this technical scheme, define general signature
Rule, is conducive to simplifying signature/sign test process.
In technique scheme it is preferable that after step 208, also include:Step 210:Step 208 is realized
The signature of corresponding entity object and/or sign test, are tracked/review.In this technical scheme, can be to corresponding entity object
Signature and/or sign test be tracked/review, be conducive to improving signature and/or the verity of sign test and reliability.
It is preferable that step 210 operation that is tracked/reviews in technique scheme, specifically include when signing/test
When label unsuccessfully, inquire about sign test daily record, review signature/sign test history;Sign test daily record, is specially saved in step 206 and defines
Data base in signature log relevant information;When document repeatedly preserves/submit to, step 206 can record many parts of sign test daily records,
Currently up-to-date signature is saved in an independent table in the data base of step 206 definition.In this technical scheme, examine from performance
Consider, currently up-to-date signature log can be placed in an independent table, be conducive to improving search efficiency and accuracy.
It is preferable that the signature adapting to different business scene that step 202 provides configures in technique scheme, including
Signature according to document types, type of transaction, type of action configuration, with each signature configuration corresponding signature configuration item include " be
No signature ", " when sign test, whether executing data base's sign test ", " whether recording signature log ";And, step 206 is extracted
Signature log relevant information, including the mark based on entity object, module coding, document types, document mark, document number, work(
Can coding, action coding, signature plaintext, signature ciphertext, signature operation person, signature source type, sign test state, key producer ID
One or more of with Ciphering Key Sequence Number;And, the signature of entity object and the service of sign test that step 208 defines, including
Signature, network sign test database sign test;Wherein:The operation of signature, specially according to client input document and predefined
Signature rule is signed;The operation of network sign test, specially according to the Business Entity receiving, signed data, signature rule
Checking signature, and record sign test daily record;The operation of data base's sign test, specially according to the last change data in data base and label
Name daily record carries out sign test, should record certificate serial number, with this certificate sign test in signature log.
It is preferable that the signature rule of step 204 definition in technique scheme, join including signature field list, definition
Put in order according to field, format mode and field;And, step 204 also includes:For the entity needing signature, increase by one
Individual signature rule configuration file, definition comprises the signature rule that list of fields, referential field, format mode and field put in order
Then;When signature, according to signature rule and solid generation signature character string.In this technical scheme, can be by increase
The regular configuration file of signature, improves the durability that similar solid object is signed and reliability.
For example, the enforcement of technical solution of the present invention can be divided into following step:
(1) signature configuration
Not every document is required for signing, and signature is just for the operation of some sensitive traffic.Meanwhile, the same list of correspondence
According to operation, different users requires may be also different.System needs to provide the signature configuration adapting to different business scene.Its neck
Domain model such as Fig. 5 so.
Signature according to document types, type of transaction, type of action configuration, signature configuration item have " whether signing ", " sign test
When whether execute data base's sign test ", the configuration item such as " whether recording signature log ".Configured by this signature, unified management is signed
The personal settings of name/sign test device.
(2) define signature character string definition rule
Signature rule is based on entity object, therefrom extracts transaction feature field, and feature field is formed signature character
String.Need to define the content of four aspects:
1. signature field list;
2. define referential field.Such as in entity currency major key ID, can be according to currency when forming signature character string
Title forms feature string;
3. format mode.For numeral, date field, need specified format mode, to ensure same numeral in label
Name is identical with format mode during sign test;
4. field puts in order(The difference if feature string extracting from same entity puts in order, signing messages is different).
For the entity needing signature, increase a signature rule configuration file, definition signature rule(List of fields, ginseng
According to field, format mode, order of the field).When signature, according to signature rule and solid generation signature character string.Realize
Pattern is as shown in Figure 6.
(3) define signature log record and service
Signature sign test needs log, in case the needs of data base's sign test and security audit;From entity object, signature rule
Extract signature log relevant information in then defining, call log services to be saved in data base.Log entities can comprise following table and show
The content shown.
(4) define application layer signature/sign test(Network sign test, data base's sign test)Service and process.
The following is the process of document signature/sign test:As shown in Figure 7.
The signature based on entity object for the definition and the service of sign test, and realize this service.According to specifically used scene, this clothes
Business needs to provide following functions:
1. sign:Signed according to client input document and predefined signature rule.
2. sign test(Network sign test):According to the Business Entity receiving, signed data, signature rule verification signature, and remember
Record signature log(Option);
3. data base's sign test:Carry out sign test according to the last change data in data base and signature log, in signature log
Certificate serial number should be recorded, with this certificate sign test.
(5) signature/sign test is followed the tracks of/is reviewed:
1., when signature/sign test failure, inquire about sign test daily record, review signature/sign test history;
2. when document repeatedly preserves/submit to, many parts of sign test daily records can be recorded, consider from performance, currently up-to-date signature day
Will can be placed in an independent table.
After the technical scheme of the application, signature/sign test is very convenient it is only necessary to following some easy steps are just permissible
By complicated signature/sign test Process integration among business procession.
Defined in signature allocation list, whether the signature/sign test personalization option of this signature service, including " signing ", " test
Whether execute data base's sign test when label ", the configuration item such as " whether recording signature log ", these configuration items by control signature/
The strategy of sign test.
Requirement according to automatic signature device defines the signature/sign test rule of entity, and automatic signature/sign test device is by foundation
This rule completes signature and sign test;
Call the Digital signature service of automatic signature/sign test device in client input, call in service end automatic signature/
The sign test service of sign test device, realizes complicated signature in system, sign test, signature log by this automatic signature/sign test device
The work such as record, tracking.
By the automatic signature of technical scheme/sign test device, shield the complexity of signature/sign test process, phase
The complex work closed is automatically processed by technical scheme, and developer is not it should be understood that the complicated knowledge of signature/sign test;
By technical scheme, signature/sign test rule is easy to maintain and expands, and the integrated signature/sign test of Business Processing is also very simple
Single, see Fig. 8.
The inspection of technical solution of the present invention with experimental verification situation is then:With the raising to safety requirements for the client, increasingly
Need in many Business Processing to introduce signature/sign test function to realize the anti-tamper of important service and anti-repudiation, at these business
Reason not only comprises the Business Processing in application newly developed, also includes the Business Processing in Legacy System.Submit an expense account system in UFSOFT ERP
Development process in, using technical scheme in expense report, loaning bill list and payment order(As signature/sign test device),
Can ensure that the safety processing with cash flow business related service.Developer defines the signature rule of these three documents respectively
Then, the signature to these three documents, network are realized in the service that recalling unified signature framework in business procession provides
Sign test database sign test.Not it should be understood that too many signature/sign test knowledge, learning curve smooths developer, left-hand seat quickly,
Obtain very high work efficiency and quality.By technical scheme, complete documentation signature, sign test daily record, by this
The unified log query function that the technical scheme of invention provides is reviewed to signature/sign test.All signature/sign tests are based on same
One device, signature/sign test flow process is consistent with method, and system has maintainable well and expansion.
By technical scheme, following benefit at least can be obtained:
(1) the ease for maintenance of rule of signing;
By this device, signature rule(Signature character string is extracted from entity object)It is defined in XML file, unified dimension
The list of fields signed, referential field, format mode and field is needed to put in order in shield business object.The label of business object
Name and sign test read same rule and generate signature character string, it is to avoid the discordance that signature character is concatenated.And, rule of signing
Then visible, easily safeguard, modification signature rule can be easy to according to service needed.
(2) the good expansibility of signature/sign test;
Increase signature/sign test very simple to new business, workload very little.It is fixed according to newly-increased business object to only need to
Justice signature rule, calls the service that this signature/sign test device provides to realize signature, network sign test database sign test.
(3) reduce the complexity of system;
Signature rule is no longer disperse in source code, by unified device management, shields the complexity of signature/sign test,
Developer is not it should be understood that too many signature/sign test knowledge is it is possible to increase signature/sign test function in Business Processing.
In addition, in patent(Application)Number for 200910089904, entitled " endorsement method, device and signature verification side
The patent of method, device and system "(Application)In file, there is provided a kind of endorsement method, device and signature verification method, device
And system, this endorsement method includes:Add the algorithm identification information generating signature in safety neighbor discovering message;Send described
Safety neighbor discovering message;This signature verification method includes:From the safety neighbor discovering message receiving, extract and generate signature
Algorithm identification information;Using generating algorithm corresponding to described algorithm identification information, described signature is verified;This signature is tested
Card system includes:Signature apparatus and signature verification device.This technical scheme, can effectively ensure that accuracy and the reliability of signature verification
Property, meet the verification process to multiple algorithms of different signature.It is applied to the IP6 communications field, for finding and identifying security fields,
Add safety information in message transmitting procedure, the scene of application and implementation method are entirely different with technical scheme.
In patent(Application)Number for 201010209178, entitled " a kind of method of verifying data signature, device and be
The patent of system "(Application)In file, on the premise of solving to be guaranteed based on verifying data signature process data safety,
The longer problem of the acknowledging time of data validity, the invention discloses a kind of method of verifying data signature, apparatus and system,
The method includes:Server receives the data data signature that client sends, and confirms to submit data to operation after data is effective
Platform, verifies to data signature, if verifying data signature success, maintains the submission state of data, and otherwise, revocation is described
The submission of data, submits operation platform parallel processing to so that testing based on data signature due to when verifying data signature with by data
On the premise of card process data safety is guaranteed, shorten the time that data submits operation platform to.This device is to solve to sign
Name efficiency, entirely different with the purpose of technical solution of the present invention and implementation.
Technical scheme, the problem existing for prior art, establish a kind of general automatic signature/sign test
Technology, the signature rule that can be automatically based upon business object completes signature/sign test.During signature, signature/sign test device
Signature rule according to definition is converted into corresponding signature character string business object, and uses private key encryption;Process in sign test
In, be also according to identical signature rule business object is converted into corresponding signature character string, and with after public key decryptions
Client signature string is contrasted, and realizes sign test process, prevents data midway to be tampered and deny.By this device, can be very
Conveniently realize network sign test(Anti- network is distorted)Database sign test(Anti- data base directly distorts), and easy to maintain, improve
The efficiency of system development and quality.
Technical scheme is described in detail above in association with accompanying drawing it is contemplated that there is no simplicity, system in correlation technique
One solution for the more business object automatic signature/sign test.Existing signature/sign test cannot complete multi-service pair
As the automatic signature/sign test process participating in.Therefore, the present invention proposes a kind of automatic signature of rule-based definition/sign test dress
Put and a kind of automatic signature of rule-based definition/sign test method, can be in the automatic signature of existing rule-based definition/test
On the basis of label mode, make full use of that single business object completes multi-service object takes automatic signature/sign test, sets up multi-service object
General, the unified signature/sign test thinking towards GBO automatic signature/sign test participating in.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, made any repair
Change, equivalent, improvement etc., should be included within the scope of the present invention.
Claims (8)
1. a kind of automatic signature of rule-based definition/sign test device is it is characterised in that include:
Signature configuration provides module, for providing the signature configuration adapting to different business scene;
Signature rule-definition module, for the entity object definition signature rule needing signature, to define transaction feature field
And form signature character string;
Signature log record and service definition module, for, in actual signature process, carrying from described signature configuration provides module
For signature configure corresponding entity object and from described signature rule-definition module definition signature rule, extract signature
Daily record relevant information, calls log services and is saved in data base;
The service of application layer signature/sign test and process definition module, are provided based on described signature configuration provides module for definition
The signature configuration signature of corresponding entity object and the service of sign test, and it is based on described signature log record and service definition module
The signature log record of definition and service, realize the signature of corresponding entity object and the service of sign test, and described signature configuration carries
The signature configuration of the adaptation different business scene providing for module, including signature according to document types, type of transaction and action class
Type configures, and includes " whether signing ", " whether executes data base when sign test with each signature configuration corresponding signature configuration item
Sign test " and " whether recording signature log ";And,
Described signature log record and the signature log relevant information of service definition module extraction, including one or more of letter
Breath, the mark based on entity object, module coding, document types, document mark, document number, function coding, action coding, label
Name plaintext, signature ciphertext, signature operation person, signature source type, sign test state, key producer ID and Ciphering Key Sequence Number;And,
Described application layer signature/sign test service and the signature of entity object of process definition module definition and the service of sign test, bag
Include signature, network sign test database sign test;Wherein:
The operation of described signature, is specially signed according to client input document and predefined signature rule;
The operation of described network sign test, specially according to the Business Entity receiving, signed data and signature rule verification signature,
And record sign test daily record;
The operation of described data base's sign test, specially carries out sign test according to the last change data in data base and signature log,
Certificate serial number should be recorded, with this certificate sign test in signature log.
2. the automatic signature of rule-based definition according to claim 1/sign test device is it is characterised in that also include:
Signature/sign test tracking/trace back block, for realize to the service of described application layer signature/sign test and process definition module
The signature of corresponding entity object and/or sign test, are tracked/review.
3. the automatic signature of rule-based definition according to claim 2/sign test device it is characterised in that described signature/
The operation that sign test tracking/trace back block is tracked/reviews, specifically includes when signature/sign test failure, inquires about sign test day
Will, reviews signature/sign test history;
Described sign test daily record, is specially saved in the label in described signature log record and the data base of service definition module definition
Name daily record relevant information;When document repeatedly preserves/submit to, described signature log record and service definition module can record many parts
Sign test daily record, currently up-to-date signature be saved in described signature log record and the data base of service definition module definition one solely
In vertical table.
4. the automatic signature of rule-based definition according to any one of claim 1 to 3/sign test device, its feature exists
In, the signature rule of described signature rule-definition module definition, including signature field list, define referential field, formatting side
Formula and field put in order;And,
Described signature rule-definition module is additionally operable to:For the entity needing signature, increase a signature rule configuration file, fixed
Justice comprises the signature rule that list of fields, referential field, format mode and field put in order;When signature, according to label
Name rule and solid generation signature character string.
5. a kind of automatic signature of rule-based definition/sign test method is it is characterised in that include:
Step 202:The signature configuration adapting to different business scene, the adaptation different business scene that described step 202 provides are provided
Signature configuration, include signature according to document types, type of transaction and type of action configuration, with each signature configuration corresponding label
Name configuration item includes " whether signing ", " whether executing data base's sign test when sign test " and " whether recording signature log ";With
And,
Step 204:To the entity object definition signature rule needing signature, to define transaction feature field and to form signature character
String;
Step 206:In actual signature process, from described step 202 provide signature configure corresponding entity object and from
In the signature rule of described step 204 definition, extract signature log relevant information, call log services and be saved in data base;
Step 208:Definition configures the signature of corresponding entity object and the clothes of sign test based on the signature that described step 202 provides
Business, and the signature log record based on the definition of described step 206 and service, realize the signature of corresponding entity object and sign test
Service,
The signature log relevant information that described step 206 is extracted, including one or more of information, that is, based on entity object
Mark, module coding, document types, document mark, document number, function coding, action coding, signature plaintext, signature ciphertext, label
Name operator, signature source type, sign test state, key producer ID and key sequence;And,
The signature of entity object of described step 208 definition and the service of sign test, test including signature, network sign test database
Sign;Wherein:
The operation of described signature, is specially signed according to client input document and predefined signature rule;
The operation of described network sign test, specially according to the Business Entity receiving, signed data and signature rule verification signature,
And record sign test daily record;
The operation of described data base's sign test, specially carries out sign test according to the last change data in data base and signature log,
Certificate serial number should be recorded, with this certificate sign test in signature log.
6. the automatic signature of rule-based definition according to claim 5/sign test method is it is characterised in that in described step
After rapid 208, also include:
Step 210:Signature to the corresponding entity object that described step 208 is realized and/or sign test, are tracked/review.
7. the automatic signature of rule-based definition according to claim 6/sign test method is it is characterised in that described step
210 operations being tracked/reviewing, specifically include when signature/sign test failure, inquire about sign test daily record, review and sign/test
Sign history;
Described sign test daily record, is specially saved in the signature log relevant information in the data base of described step 206 definition;Work as list
According to during multiple preservation/submission, described step 206 can record many parts of sign test daily records, and currently up-to-date signature is saved in described step 206
In an independent table in the data base of definition.
8. the automatic signature of the rule-based definition according to any one of claim 5 to 7/sign test method, its feature exists
In, the signature rule of described step 204 definition, including signature field list, define referential field, format mode and field row
Row order;And,
Described step 204 also includes:For the entity needing signature, increase a signature rule configuration file, definition comprises word
The signature rule that Duan Liebiao, referential field, format mode and field put in order;When signature, according to signature rule and
Solid generation signature character string.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310701633.0A CN103647650B (en) | 2013-12-18 | 2013-12-18 | Rule definition based automatic signature/signature verification device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310701633.0A CN103647650B (en) | 2013-12-18 | 2013-12-18 | Rule definition based automatic signature/signature verification device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103647650A CN103647650A (en) | 2014-03-19 |
| CN103647650B true CN103647650B (en) | 2017-02-08 |
Family
ID=50252811
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310701633.0A Active CN103647650B (en) | 2013-12-18 | 2013-12-18 | Rule definition based automatic signature/signature verification device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103647650B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106777026B (en) * | 2016-12-08 | 2019-12-20 | 用友网络科技股份有限公司 | Method, device and system for supporting final consistency of micro-service architecture transaction |
| CN112597443A (en) * | 2020-12-25 | 2021-04-02 | 中国人民解放军总医院 | Method for defining original text in electronic signature |
| CN113315633A (en) * | 2021-05-07 | 2021-08-27 | 浙江保融科技股份有限公司 | Tamper-resistant data interaction method with variable signature field |
| CN116846564B (en) * | 2023-08-30 | 2024-02-02 | 北京格尔国信科技有限公司 | Signature verification method, system, terminal and storage medium supporting multiple algorithms |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616005A (en) * | 2009-07-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | Endorsement method, device and signature verification method, device and system |
| CN101860548A (en) * | 2010-06-17 | 2010-10-13 | 北京握奇数据系统有限公司 | Method, device and system for verifying data signature |
| CN101964710A (en) * | 2010-09-26 | 2011-02-02 | 用友软件股份有限公司 | Digital signature and signature authenticating method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7958360B2 (en) * | 2005-05-12 | 2011-06-07 | Microsoft Corporation | Method and system for performing an electronic signature approval process |
-
2013
- 2013-12-18 CN CN201310701633.0A patent/CN103647650B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101616005A (en) * | 2009-07-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | Endorsement method, device and signature verification method, device and system |
| CN101860548A (en) * | 2010-06-17 | 2010-10-13 | 北京握奇数据系统有限公司 | Method, device and system for verifying data signature |
| CN101964710A (en) * | 2010-09-26 | 2011-02-02 | 用友软件股份有限公司 | Digital signature and signature authenticating method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103647650A (en) | 2014-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11539685B2 (en) | Federated identity management with decentralized computing platforms | |
| US11645632B2 (en) | System and method for a decentralized portable information container supporting privacy protected digital information credentialing, remote administration, local validation, access control and remote instruction signaling utilizing blockchain distributed ledger and container wallet technologies | |
| CN109377198A (en) | A kind of signing system known together in many ways based on alliance's chain | |
| CN109522735A (en) | A kind of data permission verification method and device based on intelligent contract | |
| CN110957025A (en) | Medical health information safety management system | |
| JP2019508950A (en) | Data transfer control method and system based on integrated block chain | |
| CN106341493A (en) | Entity rights oriented digitalized electronic contract signing method | |
| CN113495920B (en) | Content auditing system, method and device based on blockchain and storage medium | |
| CN109768983A (en) | Dynamic and Multi dimensional personal identification method, apparatus and system based on block chain | |
| CN110535648A (en) | Electronic certificate is generated and verified and key controlling method, device, system and medium | |
| CN103647650B (en) | Rule definition based automatic signature/signature verification device and method | |
| CN106650495A (en) | File verification method and device | |
| CN112183765B (en) | Multi-source multi-modal data preprocessing method and system for shared learning | |
| US11949794B2 (en) | Data anonymization of blockchain-based processing pipeline | |
| CN109034987A (en) | A kind of tax administration method and system based on block chain | |
| CN112036995A (en) | Large-scale enterprise financial data management method and system based on block chain and readable storage medium | |
| CN105871923A (en) | Information processing method, information recording nodes and participation nodes | |
| Alhasan et al. | Blockchain technology for preventing counterfeit in health insurance | |
| CN115277122A (en) | Cross-border data flow and supervision system based on block chain | |
| US11924348B2 (en) | Honest behavior enforcement via blockchain | |
| CN109146452A (en) | A kind of Internet of Things cost management method and system based on block chain | |
| US11811865B2 (en) | Blockchain declarative descriptor for cross-network communication | |
| Babu et al. | Secure exchange and effectual verification of educational academic records using hyperledger fabric block chain system | |
| Narendra Kumar et al. | Analyzing protocol security through information-flow control | |
| CN109087184A (en) | A kind of bank's financial management method and system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100094 Beijing city Haidian District North Road No. 68, UFIDA Software Park Applicant after: Yonyou Network Technology Co., Ltd. Address before: 100094 Beijing city Haidian District North Road No. 68, UFIDA Software Park Applicant before: UFIDA Software Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |