CN104618107B - digital signature method and system - Google Patents
digital signature method and system Download PDFInfo
- Publication number
- CN104618107B CN104618107B CN201410849952.0A CN201410849952A CN104618107B CN 104618107 B CN104618107 B CN 104618107B CN 201410849952 A CN201410849952 A CN 201410849952A CN 104618107 B CN104618107 B CN 104618107B
- Authority
- CN
- China
- Prior art keywords
- ibe
- cryptographic hash
- signature
- pdf document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of digital signature method and system, the method includes:Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document;Receive the identity information of the user to be signed;The cryptographic Hash of the identity information and the pdf document is sent to signature end;Receive identity information cryptographic Hash, IBE signing messages and IBE public keys that the signature end is generated according to the cryptographic Hash of the identity information and the pdf document;The identity information cryptographic Hash, the IBE signing messages and the IBE public keys are written to the signature field of the pdf document, complete digital signature.Implement the present invention, digital signature can be realized without issuing digital certificate to user, simple operation, signature are efficient, generate real-time IBE keys according to the identity information of user, it is difficult to forge, can reduce security risk and digital signature cost.
Description
【Technical field】
The present invention relates to electronic signature technology fields, more particularly to a kind of digital signature method and system.
【Background technology】
With the release of law of electronic signature, many industries are digitally signed extensively using digital certificate.But in certain fields
Scape is signed by digital certificate, still remains difficulty.Such as in insurance industry, insurance person is that user signs confirmation form of insuring,
User's handwritten signature is needed, if under this scene, is signed using digital certificate, then is needed to believable CA mechanisms application number
Certificate is issued digital certificate for user, is then digitally signed again.
And the process operation of certificate authority is complicated, it is long to take.It carries out also needing input PIN code when digital certificate is signed,
After certificate expired, certificate update etc. is also carried out, operation is more complicated.In addition, being digitally signed using digital certificate, just must
So it is related to private key for user problem.Certificate is hard certificate (being stored in hardware medium) or soft certificate (being stored with document form), is made
It is safe it to be digitally signed comparison with hard certificate, but above-mentioned scene, is difficult to each user and provides a hard certificate.Existing solution
Certainly scheme is all and the private key of soft certificate by the way of soft certificate, uses common equipment (the included shifting of insurance person's selling insurance
Dynamic equipment is known as common equipment) carrying out signature, there are larger security risks.
Therefore, it is digitally signed by existing digital signature technology in public's type scene of above-mentioned similar insurance industry
When operate it is complicated, take it is more, safety is low.
【Invention content】
Based on this, it is necessary to be operated when being digitally signed by existing digital signature technology for public's type scene numerous
It is multiple, take the problem more, safety is low, a kind of digital signature method and system are provided.
A kind of digital signature method, includes the following steps:
Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document;
Receive the identity information of the user to be signed;
The cryptographic Hash of the identity information and the pdf document is sent to signature end;
Receive the identity information Hash that the signature end is generated according to the cryptographic Hash of the identity information and the pdf document
Value, IBE signing messages and IBE public keys;
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys
The signature field of the pdf document is written, completes digital signature.
A kind of digital signature system, including:
PDF preprocessing modules, the Hash for obtaining pdf document corresponding with user to be signed and the pdf document
Value;
Identity information receiving module, the identity information for receiving the user to be signed;
Sending module, for sending the cryptographic Hash of the identity information and the pdf document to signature end;
Signing messages receiving module, the Kazakhstan for receiving the signature end according to the identity information and the pdf document
Identity information cryptographic Hash, IBE signing messages and the IBE public keys that uncommon value generates;
Digital Signature module, for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE to sign
The signature field of the pdf document is written in information and the IBE public keys, completes digital signature.
Above-mentioned digital signature method and system, by obtaining pdf document corresponding with user to be signed and PDF texts
The cryptographic Hash of part receives the identity information of the user to be signed, by the cryptographic Hash of the pdf document, signature end according to
Institute is written in identity information cryptographic Hash, IBE signing messages and the IBE public keys that the cryptographic Hash of identity information and the pdf document generates
Digital signature can be realized without issuing digital certificate to user in the signature field for stating pdf document, and simple operation, signature are efficient,
IBE keys are generated according to the identity information of user, it is difficult to be forged, can be reduced the security risk of common equipment digital signature.In addition,
IBE key pairs are generated in real time, without issuing key and safeguarding the Light Directory Access Protocol and online certificate status in PKI system
Agreement etc. significantly reduces digital signature cost.
A kind of digital signature method, includes the following steps:
Receive the identity information for the user to be signed that PDF processing ends are sent and PDF corresponding with the user to be signed
The cryptographic Hash of file;
Hash calculation is carried out to the identity information, generates identity information cryptographic Hash;
Enter ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs;
Signature calculation is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs, generates IBE
Signing messages;
The identity information cryptographic Hash, the institute of the signature field for the pdf document to be written are sent to the processing ends PDF
The IBE public keys of IBE signing messages and the IBE cipher key pairs are stated, so that digital signature is completed in the processing ends PDF.
A kind of digital signature system, including:
Receiving module, for receive the processing ends PDF transmission user to be signed identity information and with it is described to be signed
The cryptographic Hash of the corresponding pdf document of user;
Hash calculation module generates identity information cryptographic Hash for carrying out Hash calculation to the identity information;
IBE key pair modules, for using the identity information cryptographic Hash as the ginseng that enters of IBE key pair generating algorithms, life
At IBE key pairs;
IBE signing messages modules, for the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document
Signature calculation is carried out, IBE signing messages is generated;
Signing messages sending module, for sending the signature field for the pdf document to be written to the processing ends PDF
The IBE public keys of the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, so that the PDF processing
Complete digital signature in end.
Above-mentioned digital signature method and system, according to the identity information for receiving the user to be signed that PDF processing ends are sent with
And the cryptographic Hash of pdf document corresponding with the user to be signed, generate identity information cryptographic Hash, IBE key pairs and IBE signatures
Information;And the identity information cryptographic Hash, the institute of the signature field for the pdf document to be written are sent to the processing ends PDF
The IBE public keys of IBE signing messages and the IBE cipher key pairs are stated, so that digital signature is completed in the processing ends PDF.Without to
User issues digital certificate and digital signature can be realized, and simple operation, signature are efficient, are generated according to the identity information of user
IBE keys, it is difficult to forge, the security risk of common equipment digital signature can be reduced.In addition, generating IBE key pairs in real time, it is not necessarily to
It issues key and safeguards Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, significantly reduce number
Word signature cost.
A kind of digital signature method, includes the following steps:
Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document;
Receive the identity information of the user to be signed;
Hash calculation is carried out to the identity information, generates identity information cryptographic Hash;
Enter ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs;
Signature calculation is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs, generates IBE
Signing messages;
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE keys
The signature field of the pdf document is written in the IBE public keys of centering, completes digital signature.
A kind of digital signature system, including:
PDF preprocessing modules, the Hash for obtaining pdf document corresponding with user to be signed and the pdf document
Value;
Identity information receiving module, the identity information for receiving the user to be signed;
Hash calculation module generates identity information cryptographic Hash for carrying out Hash calculation to the identity information;
IBE key pair modules, for using the identity information cryptographic Hash as the ginseng that enters of IBE key pair generating algorithms, life
At IBE key pairs;
IBE signing messages modules, for the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document
Signature calculation is carried out, IBE signing messages is generated;
Digital Signature module, for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE to sign
The signature field of the pdf document is written in the IBE public keys of information and the IBE cipher key pairs, completes digital signature.
Above-mentioned digital signature method and system, by obtaining pdf document corresponding with user to be signed and PDF texts
The cryptographic Hash of part receives the identity information of the user to be signed, the Kazakhstan according to the identity information and with the pdf document
Uncommon value, generates identity information cryptographic Hash, IBE key pairs and IBE signing messages;By the cryptographic Hash of the pdf document, the body of generation
The signature field of the pdf document is written in part information cryptographic Hash, IBE signing messages and IBE public keys, without issuing digital card to user
Digital signature can be realized in book, and simple operation, signature are efficient, generates IBE keys according to the identity information of user, it is difficult to pseudo-
It makes, the security risk of common equipment digital signature can be reduced.In addition, IBE key pairs are generated in real time, without issuing key and maintenance
Light Directory Access Protocol and online certificate status protocol in PKI system etc. significantly reduce digital signature cost.And it can
The interaction for saving the processing ends PDF and end of signing, convenient for deployment.
【Description of the drawings】
Fig. 1 is the structural schematic diagram of the first implementation environment of the digital signature method of the embodiment of the present invention;
Fig. 2 is the flow diagram of digital signature method first embodiment of the present invention;
Fig. 3 is the structural schematic diagram of digital signature system first embodiment of the present invention;
Fig. 4 is the flow diagram of digital signature method second embodiment of the present invention;
Fig. 5 is the structural schematic diagram of digital signature system second embodiment of the present invention;
Fig. 6 is the structural schematic diagram of the second implementation environment of the digital signature method of the embodiment of the present invention;
Fig. 7 is the flow diagram of digital signature method third embodiment of the present invention;
Fig. 8 is the structural schematic diagram of digital signature system third embodiment of the present invention.
【Specific implementation mode】
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
One step it is described in detail.
Although the step in the present invention is arranged with label, it is not used to limit the precedence of step, unless
Based on the execution of the order or certain step that specify step needs other steps, otherwise the relative rank of step is
It is adjustable.
Referring to Fig. 1, Fig. 1 is the structural schematic diagram of the first implementation environment of the digital signature method of the embodiment of the present invention.
Digital signature described in section Example or embodiment of first implementation environment shown in Fig. 1 for realizing the present invention
Method, including ustomer premises access equipment 120, the processing ends PDF 140 and signature end 160, the ustomer premises access equipment 120 and the processing ends PDF
140 are connected by wireless network or cable network, and the processing ends PDF 140 can be connected with signature end 160 by Intranet.
Wherein, ustomer premises access equipment 120 may include smart mobile phone, desktop computer, notebook, personal digital assistant, tablet computer
At least one of equal terminal devices are installed with essential information for acquiring user to be signed and identity information and PDF moulds
The application program of panel sign.The processing ends PDF 140 may include the server for being deployed with PDF support systems.Signature end 160 may include
It is deployed with Identity based encryption (Identity Based Encryption, IBE) system, further can also be deployed with other
Asymmetric arithmetic signature system, such as RSA Algorithm signature system.
The processing ends PDF 140, can by network receive ustomer premises access equipment 120 acquire user to be signed essential information and
The Kazakhstan of pdf document and the pdf document is called according to the information of reception or generated in real time to identity information and PDF template identifications
Uncommon value, and sent the cryptographic Hash of the pdf document and the identity information to signature end 160 by network.
Signature end 160 can generate identity information according to the cryptographic Hash of the pdf document of reception and the identity information and breathe out
Uncommon value, IBE signing messages and IBE public keys, and sent to the processing ends PDF 140.
Further, signature end 160 can also carry out the cryptographic Hash of the pdf document by preset RSA Algorithm private key
Signature calculation generates RSA signature information, is sent to the processing ends PDF 140.Signature end 140, by the identity information cryptographic Hash, institute
It states IBE signing messages and the signature field of the pdf document is written in the IBE public keys, complete digital signature.Further can also it incite somebody to action
With the identity information cryptographic Hash, the pdf document of the IBE signing messages, the RSA signature information and the IBE public keys
It is sent to ustomer premises access equipment 120, the pdf document after completing digital signature or further verification number label is shown to user to be signed
The information added in the signature field of pdf document after name.
Preferably, RSA signature information is also can receive, and the signature field of ODF files is written.
Wherein, the processing ends PDF 140 and signature end 160 can independently be deployed in the service system using enterprise or unit
In, it can be used for enterprise or unit with cloud mode.
This implementation environment, can make digital signing operations it is more convenient, signature it is efficient, given birth in real time according to the identity information of user
At IBE keys, it is difficult to forge, the security risk of common equipment digital signature can be reduced, and IBE private keys only use once, generate
IBE signing messages destroys the IBE private keys, can further decrease the security risk of common equipment digital signature.In addition, in real time
IBE key pairs are generated, without issuing key and safeguarding the Light Directory Access Protocol and online certificate status protocol in PKI system
Deng significantly reducing digital signature cost.
Referring to Fig. 2, the flow diagram of Fig. 2 digital signature method first embodiments of the present invention.
Digital signature method described in present embodiment runs on the processing ends PDF, it may include following steps:
Step S201 obtains the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document.
Step S202 receives the identity information of the user to be signed.
Step S203 sends the cryptographic Hash of the identity information and the pdf document to signature end.
Step S204 receives the body that the signature end is generated according to the cryptographic Hash of the identity information and the pdf document
Part information cryptographic Hash, IBE signing messages and IBE public keys.
Step S205, by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and institute
The signature field that the pdf document is written in IBE public keys is stated, digital signature is completed.
Present embodiment, by obtaining the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document,
The identity information for receiving the user to be signed, by the cryptographic Hash of the pdf document, signature end according to the identity information and institute
The label of the pdf document are written in identity information cryptographic Hash, IBE signing messages and the IBE public keys for stating the cryptographic Hash generation of pdf document
Digital signature can be realized without issuing digital certificate to user in name domain, and simple operation, signature are efficient, according to the body of user
Part information generates IBE keys and is difficult to forge, and can reduce the security risk of common equipment digital signature.In addition, it is close to generate IBE in real time
Key pair, without issuing key and safeguarding Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, greatly
Reduce digital signature cost.
Wherein, for step S201, it is preferable that the user to be signed can be insurance industry personnel to be insured, and also may be used
Can also be the client of other industry and field for the patient of hospital's state of an illness information to be confirmed.It is waited for described in the pdf document
It signs the essential information of user, the essential information may include the name of the user to be signed, address, phone or need user
The other information of Signature Confirmation, the other information may include insuring insurance information that user thrown, the case history of patient or other
Trade information.
Preferably, the Hash of pdf document and the pdf document that the corresponding user to be signed prestores can directly be transferred
Value.Can also the pdf document be generated according to PDF template identifications and the essential information of the user to be signed in real time, according to real-time
The pdf document of generation generates the cryptographic Hash of the pdf document in real time.
In one embodiment, the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document is obtained
Step is further comprising the steps of:
Receive the essential information and PDF template identifications of the user to be signed.
Search the PDF filling templates of storage corresponding with the PDF template identifications.
The corresponding position that the essential information is written to the PDF filling templates, generates the pdf document.
Hash calculation is carried out to the pdf document, generates the cryptographic Hash of the pdf document.
Wherein, the essential information and PDF template identifications of the user to be signed can be sent by ustomer premises access equipment, the user
End equipment could be an upwardly facing the mobile terminal of user to be signed.The ustomer premises access equipment receives the basic letter of the user to be signed of input
Breath and the PDF template identifications (as numbered) for needing the PDF templates called, the information of reception is sent to the processing ends PDF.Can first by
Essential information is assembled into XML data file, then by the HML data file transitions of assembling is byte arrays to the processing ends PDF
It sends.
Preferably, Hash calculation can be carried out to the pdf document by hash algorithm customary in the art.
In another embodiment, the essential information is written to the corresponding position of the PDF filling templates, described in generation
The step of pdf document, is further comprising the steps of:
The corresponding position that the essential information is written to the PDF filling templates generates editable PDF templates.
The editable PDF templates are sent to ustomer premises access equipment, so that the ustomer premises access equipment is according to preset remarks
Information, into edlin, generates pdf document to the pdf document.
Receive the pdf document that the ustomer premises access equipment is sent.
The present embodiment generates pdf document, it can be ensured that the added information of pdf document has by being interacted with ustomer premises access equipment
Effect property and accuracy.
Wherein, the preset remark information can be ustomer premises access equipment in the basic letter for receiving the user to be signed
After the step of breath and PDF template identifications, collected user information or application message.
For step S202, it is preferable that the identity information includes the picture of the handwritten signature of the user to be signed, institute
In the voice data for stating the finger print data of user to be signed, the face-image of the user to be signed and the user to be signed
It is at least one.The identity information can also be the video data of the image containing the user to be signed.
Further, it may include timestamp in the identity information, the acquisition for characterizing identity information or entry time.
For step S203, the PDF can be sent to the signature end after the cryptographic Hash for getting the pdf document
The cryptographic Hash of file sends the identity information to the signature end again receiving the identity information.
For step S204, the IBE signing messages can be IBE signature values.When the identity information includes timestamp
When, the temporal information that the signature end is extracted from the identity information is also can receive, is when signing with the temporal information of reception
Between.
For step S205, the label of the pdf document can be written into after the cryptographic Hash for getting the pdf document
Name domain.After receiving the identity information cryptographic Hash, the IBE signing messages and the IBE public keys, then the PDF is written
The signature field of file.
Preferably, the signature region of various information is preset in the signature field.
In one embodiment, it signs by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE
It is further comprising the steps of before the step of signature field of the pdf document is written in information and the IBE public keys:
It receives the signature end and signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key
The RSA signature information generated;
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys
The step of signature field of the pdf document is written is further comprising the steps of:
By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, IBE signatures
The signature field of the pdf document is written in information and the IBE public keys.
Preferably, the RSA signature information can be RSA signature value.
In other embodiments, signature end can also be by other asymmetric arithmetic private keys to the cryptographic Hash of the pdf document
Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic is such as:DSA signature algorithm, ECC signature algorithms etc..
In one embodiment, by the identity information cryptographic Hash, the IBE signing messages, the RSA signature information and
It is further comprising the steps of after the step of signature field of the pdf document is written in the IBE public keys:
It sends to ustomer premises access equipment and believes with the identity information cryptographic Hash, the IBE signing messages, the RSA signature
The pdf document of breath and the IBE public keys.
The present embodiment can be shown to user to be signed with the identity information cryptographic Hash, described by ustomer premises access equipment
The pdf document of IBE signing messages, the RSA signature information and the IBE public keys.
Further, the ustomer premises access equipment can be to the identity information cryptographic Hash, the IBE signing messages, institute
The pdf document for stating RSA signature information and the IBE public keys is further verified, it is ensured that the correctness of digital signature.
Referring to Fig. 3, the structural schematic diagram of Fig. 3 digital signature system first embodiments of the present invention.
Digital signature system described in present embodiment is deployed in the processing ends PDF, it may include PDF preprocessing modules 1010,
Identity information receiving module 1020, sending module 1030, signing messages receiving module 1040 and Digital Signature module 1050,
In:
PDF preprocessing modules 1010, for obtaining pdf document corresponding with user to be signed and the pdf document
Cryptographic Hash.
Identity information receiving module 1020, the identity information for receiving the user to be signed.
Sending module 1030, for sending the cryptographic Hash of the identity information and the pdf document to signature end.
Signing messages receiving module 1040, for receiving the signature end according to the identity information and the pdf document
Cryptographic Hash generate identity information cryptographic Hash, IBE signing messages and IBE public keys.
Digital Signature module 1050 is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE
The signature field of the pdf document is written in signing messages and the IBE public keys, completes digital signature.
Present embodiment, by obtaining the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document,
The identity information for receiving the user to be signed, by the cryptographic Hash of the pdf document, signature end according to the identity information and institute
The label of the pdf document are written in identity information cryptographic Hash, IBE signing messages and the IBE public keys for stating the cryptographic Hash generation of pdf document
Digital signature can be realized without issuing digital certificate to user in name domain, and simple operation, signature are efficient, according to the body of user
Part information generates IBE keys and is difficult to forge, and can reduce the security risk of common equipment digital signature.In addition, it is close to generate IBE in real time
Key pair, without issuing key and safeguarding Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, greatly
Reduce digital signature cost.
Wherein, for PDF preprocessing modules 1010, it is preferable that the user to be signed can be that insurance industry is to be insured
The patient of personnel or hospital state of an illness information to be confirmed can also be the client of other industry and field.The essential information can
Name, address, phone including the user to be signed or the other information for needing user's signature to confirm, the other information can
The case history or other industry information of the insurance information, patient thrown including the user that insures.
Preferably, the Hash of pdf document and the pdf document that the corresponding user to be signed prestores can directly be transferred
Value.Can also the pdf document be generated according to PDF template identifications and the essential information of the user to be signed in real time, according to real-time
The pdf document of generation generates the cryptographic Hash of the pdf document in real time.
In one embodiment, PDF preprocessing modules 1010 may also include template identification receiving module, template searches mould
Block, information add module and hash module, wherein:
The template identification receiving module is used to receive the essential information and PDF template identifications of the user to be signed.
The template searching module is used to search the PDF filling templates of storage corresponding with the PDF template identifications.
Described information add module is used to be written the essential information corresponding position of the PDF filling templates, generates
The pdf document.
The hash module is used to carry out Hash calculation to the pdf document, generates the cryptographic Hash of the pdf document.
The present embodiment, by the essential information of user to be signed described in real-time reception and PDF template identifications, described in generation
The cryptographic Hash of pdf document and the pdf document, it is ensured that the real-time effectiveness of data.
The present embodiment, by the essential information of user to be signed described in real-time reception and PDF template identifications, described in generation
The cryptographic Hash of pdf document and the pdf document, it is ensured that the real-time effectiveness of data.
Wherein, the essential information and PDF template identifications of the user to be signed can be sent by ustomer premises access equipment, the user
End equipment could be an upwardly facing the mobile terminal of user to be signed.The ustomer premises access equipment receives the basic letter of the user to be signed of input
Breath and the PDF template identifications (as numbered) for needing the PDF templates called, the information of reception is sent to the processing ends PDF.Can first by
Essential information is assembled into XML data file, then by the HML data file transitions of assembling is byte arrays to the processing ends PDF
It sends.
In another embodiment, described information add module can also be used to fill out the essential information write-in PDF
The corresponding position of mold filling plate generates editable PDF templates.The editable PDF templates are sent to ustomer premises access equipment, so that
The ustomer premises access equipment according to preset remark information to the pdf document into edlin, generate pdf document.Receive the use
The pdf document that family end equipment is sent.
The present embodiment generates pdf document, it can be ensured that the added information of pdf document has by being interacted with ustomer premises access equipment
Effect property and accuracy.
Wherein, the preset remark information can be ustomer premises access equipment in the basic letter for receiving the user to be signed
After the step of breath and PDF template identifications, collected user information or application message.
For identity information receiving module 1020, it is preferable that the identity information includes the hand-written of the user to be signed
The picture of signature, the finger print data of the user to be signed, the face-image of the user to be signed and the user to be signed
At least one of voice data.The identity information can also be the video data of the image containing the user to be signed.
Further, it may include timestamp in the identity information, the acquisition for characterizing identity information or entry time.
For sending module 1030, institute can be sent to the signature end after the cryptographic Hash for getting the pdf document
The cryptographic Hash for stating pdf document sends the identity information to the signature end again receiving the identity information.
For signing messages receiving module 1040, when the identity information includes timestamp, the label are also can receive
The temporal information that name end is extracted from the identity information is the signature time with the temporal information of reception.
For Digital Signature module 1050, the PDF can be written into after the cryptographic Hash for getting the pdf document
The signature field of file.After receiving the identity information cryptographic Hash, the IBE signing messages and the IBE public keys, then be written
The signature field of the pdf document.
Preferably, the signature region of various information is preset in the signature field.
In one embodiment, signing messages receiving module 1040 can also be used to receiving the signature end pass through it is preset
RSA Algorithm private key carries out the cryptographic Hash of the pdf document RSA signature information that signature calculation is generated;Digital Signature module
1050 are additionally operable to the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, IBE label
The signature field of the pdf document is written in name information and the IBE public keys.
Preferably, the RSA signature information can be RSA signature value
In other embodiments, signature end can also be by other asymmetric arithmetic private keys to the cryptographic Hash of the pdf document
Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic is such as:DSA signature algorithm, ECC signature algorithms etc..
In one embodiment, it may also include pdf document sending module, for being sent to ustomer premises access equipment with the body
Part information cryptographic Hash, the pdf document of the IBE signing messages, the RSA signature information and the IBE public keys.
The present embodiment can be shown to user to be signed with the identity information cryptographic Hash, described by ustomer premises access equipment
The pdf document of IBE signing messages, the RSA signature information and the IBE public keys.
Further, the ustomer premises access equipment can be to the identity information cryptographic Hash, the IBE signing messages, institute
The pdf document for stating RSA signature information and the IBE public keys is further verified, it is ensured that the correctness of digital signature.
Referring to Fig. 4, the flow diagram of Fig. 4 digital signature method second embodiments of the present invention.
Digital signature method described in present embodiment runs on signature end, it may include following steps:
Step S401, receive the user to be signed that PDF processing ends are sent identity information and with the user to be signed
The cryptographic Hash of corresponding pdf document.
Step S402 carries out Hash calculation to the identity information, generates identity information cryptographic Hash.
Step S403 enters ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE keys
It is right.
Step S404 carries out signature meter by the IBE private keys of the IBE cipher key pairs to the cryptographic Hash of the pdf document
It calculates, generates IBE signing messages.
Step S405 sends the identity information of the signature field for the pdf document to be written to the processing ends PDF
The IBE public keys of cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, so that number label are completed in the processing ends PDF
Name.
Present embodiment waits signing according to the identity information for receiving the user to be signed that the processing ends PDF are sent and with described
The cryptographic Hash of the corresponding pdf document of name user, generates identity information cryptographic Hash, IBE key pairs and IBE signing messages;And to institute
State the identity information cryptographic Hash of signature field of the processing ends the PDF transmission for the pdf document to be written, the IBE A.L.S.s
The IBE public keys of breath and the IBE cipher key pairs, so that digital signature is completed in the processing ends PDF.Without issuing number to user
Digital signature can be realized in certificate, and simple operation, signature are efficient, generates IBE keys according to the identity information of user, it is difficult to pseudo-
It makes, the security risk of common equipment digital signature can be reduced.In addition, IBE key pairs are generated in real time, without issuing key and maintenance
Light Directory Access Protocol and online certificate status protocol in PKI system etc. significantly reduce digital signature cost.
Wherein, for step S401, the user to be signed, the pdf document, the cryptographic Hash of pdf document, the identity
Information and the essential information are identical as the relevant art feature in digital signature method first embodiment shown in Fig. 2.
For step S402, Hash calculation can be carried out to the identity information by hash algorithm customary in the art.Such as
SHA1, SHA256, SHA512 scheduling algorithm.
It, can be by IBE key pair generating algorithms customary in the art, by the identity information cryptographic Hash for step S403
Enter ginseng as IBE key pair generating algorithms, generates IBE key pairs.
In one embodiment, the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document into
It is further comprising the steps of after the step of row signature calculation, generation IBE signing messages:
Destroy the IBE private keys.
The present embodiment, IBE private keys only use once, generate IBE signing messages, destroy the IBE private keys, can further drop
The security risk of low common equipment digital signature.
For step S404, IBE signature algorithms customary in the art can be used in the signature calculation.
For step S405, when the identity information includes timestamp, before sending information to the processing ends PDF,
It is signing messages that the corresponding temporal information of extraction time stamp can be crossed from the identity information.Information is being sent to the processing ends PDF
When transmit.
In one embodiment, it is sent to the processing ends PDF for being written described in the signature field of the pdf document
Further include following before the step of IBE public keys of identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs
Step:
Signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key, generates RSA signature letter
Breath.
The identity information cryptographic Hash, the institute of the signature field for the pdf document to be written are sent to the processing ends PDF
The step of stating the IBE public keys of IBE signing messages and the IBE cipher key pairs is further comprising the steps of:
The RSA signature information, described of signature field for the pdf document to be written is sent to the processing ends PDF
The IBE public keys of identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs.
Preferably, (1977, three digit scholar Rivest, Shamir and Adleman were designed the preset RSA Algorithm
A kind of algorithm) private key can be stored in encryption device.
It further, can also be by the private key of asymmetric arithmetic pair customary in the art to the cryptographic Hash of the pdf document
Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic such as DSA signature algorithm, ECC signature algorithms etc..
Further, the identity letter of the signature field for the pdf document to be written is sent to the processing ends PDF
After the IBE public keys for ceasing cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, the identity information is stored at signature end
The IBE public keys of cryptographic Hash, the IBE signing messages, the RSA signature information and the IBE cipher key pairs.
Referring to Fig. 5, the structural schematic diagram of Fig. 5 digital signature system second embodiments of the present invention.
Digital signature system described in present embodiment is deployed in signature end, it may include receiving module 2010, Hash calculation
Module 2020, IBE key pairs module 2030, IBE signing messages module 2040 and signing messages sending module 2050, wherein:
Receiving module 2010, the identity information of the user to be signed for receiving the transmission of the processing ends PDF and is waited for described
The cryptographic Hash for the corresponding pdf document of user of signing.
Hash calculation module 2020 generates identity information cryptographic Hash for carrying out Hash calculation to the identity information.
IBE key pairs module 2030, for using identity information cryptographic Hash the entering as IBE key pair generating algorithms
Ginseng generates IBE key pairs.
IBE signing messages module 2040, for the IBE private keys by the IBE cipher key pairs to the Kazakhstan of the pdf document
Uncommon value carries out signature calculation, generates IBE signing messages.
Signing messages sending module 2050, for sending the signature for the pdf document to be written to the processing ends PDF
The identity information cryptographic Hash in domain, the IBE public keys of the IBE signing messages and the IBE cipher key pairs, so that the PDF
Complete digital signature in processing end.
Present embodiment waits signing according to the identity information for receiving the user to be signed that the processing ends PDF are sent and with described
The cryptographic Hash of the corresponding pdf document of name user, generates identity information cryptographic Hash, IBE key pairs and IBE signing messages;And to institute
State the identity information cryptographic Hash of signature field of the processing ends the PDF transmission for the pdf document to be written, the IBE A.L.S.s
The IBE public keys of breath and the IBE cipher key pairs, so that digital signature is completed in the processing ends PDF.Without issuing number to user
Digital signature can be realized in certificate, and simple operation, signature are efficient, generates IBE keys according to the identity information of user, it is difficult to pseudo-
It makes, the security risk of common equipment digital signature can be reduced in addition, IBE key pairs are generated in real time, without issuing key and maintenance
Light Directory Access Protocol and online certificate status protocol in PKI system etc. significantly reduce digital signature cost.
Wherein, the user to be signed, the pdf document, the cryptographic Hash of pdf document, described for receiving module 2010
Identity information and the essential information and the relevant art feature phase in digital signature method first embodiment shown in Fig. 2
Together.
For Hash calculation module 2020, Hash can be carried out to the identity information by hash algorithm customary in the art
It calculates.It, can be by IBE key pair generating algorithms customary in the art, by the identity information for IBE key pairs module 2030
Cryptographic Hash enters ginseng as IBE key pair generating algorithms, generates IBE key pairs.
For IBE signing messages module 2040, IBE signature algorithms customary in the art can be used in the signature calculation.
In one embodiment, IBE signing messages module 2040 is additionally operable to destroy the IBE private keys.
The present embodiment, IBE private keys only use once, generate IBE signing messages, destroy the IBE private keys, can further drop
The security risk of low common equipment digital signature.
For signing messages sending module 2050, when the identity information includes timestamp, sent out to the processing ends PDF
It delivers letters before breath, it is signing messages that the corresponding temporal information of extraction time stamp can be crossed from the identity information.To PDF processing
End transmits when sending information.
In one embodiment, digital signature system of the invention may also include RSA signature information module, for by pre-
If RSA Algorithm private key signature calculation is carried out to the cryptographic Hash of the pdf document, generate RSA signature information.Signing messages is sent
Module 2050 can also be used to send the RSA signature letter of the signature field for the pdf document to be written to the processing ends PDF
The IBE public keys of breath, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs.
Preferably, (1977, three digit scholar Rivest, Shamir and Adleman were designed the preset RSA Algorithm
A kind of algorithm) private key can be stored in encryption device.
It further, can also be by the private key of asymmetric arithmetic pair customary in the art to the cryptographic Hash of the pdf document
Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic such as DSA signature algorithm, ECC signature algorithms etc..
Further, the identity letter of the signature field for the pdf document to be written is sent to the processing ends PDF
After the IBE public keys for ceasing cryptographic Hash, the IBE signing messages and the IBE cipher key pairs, the identity information is stored at signature end
The IBE public keys of cryptographic Hash, the IBE signing messages, the RSA signature information and the IBE cipher key pairs.
Referring to Fig. 6, Fig. 6 is the structural schematic diagram of the second implementation environment of the digital signature method of the embodiment of the present invention.
Digital signature described in section Example or embodiment of second implementation environment shown in Fig. 6 for realizing the present invention
Method, including ustomer premises access equipment 220 and the signature server 240 based on PDF, the ustomer premises access equipment 220 and the label based on PDF
Name server 240 is connected by wireless network or cable network.
Wherein, ustomer premises access equipment 220 may include smart mobile phone, desktop computer, notebook, personal digital assistant, tablet computer
At least one of equal terminal devices are installed with essential information for acquiring user to be signed and identity information and PDF moulds
The application program of panel sign.Signature server 240 based on PDF can be deployed with PDF support systems, Identity based encryption
(Identity Based Encryption, IBE) system, further may also include RSA Algorithm system.
Signature server 240 based on PDF can receive the user's to be signed that ustomer premises access equipment 220 acquires by network
Pdf document and described is called according to the information of reception or generated in real time to essential information and identity information and PDF template identifications
The cryptographic Hash of pdf document, cryptographic Hash and the identity information further according to the pdf document generate identity information cryptographic Hash, IBE
Signing messages and IBE public keys, and will be described in the write-in of the identity information cryptographic Hash, the IBE signing messages and the IBE public keys
The signature field of pdf document completes digital signature.
The signature server 240 for being preferably based on PDF can also be by preset RSA Algorithm private key to the pdf document
Cryptographic Hash carries out signature calculation, generates RSA signature information.And the RSA signature information is written to the signature of the pdf document
Domain.
Further, the signature server 240 based on PDF can also will be with the RSA signature information, the identity information
The pdf document of cryptographic Hash, the IBE signing messages and the IBE public keys is sent to ustomer premises access equipment 220, to user to be signed
The letter added in the signature field of the pdf document after pdf document or further verification digital signature after displaying completion digital signature
Breath.
This implementation environment, can make digital signing operations it is more convenient, signature it is efficient, given birth in real time according to the identity information of user
At IBE keys, it is difficult to forge, the security risk of common equipment digital signature can be reduced.In addition, generating IBE key pairs, nothing in real time
Key need to be issued and safeguard Light Directory Access Protocol and the online certificate status protocol etc. in PKI system, significantly reduced
Digital signature cost.And the interaction of the processing ends PDF and end of signing can be saved, convenient for deployment.
Referring to Fig. 7, the flow diagram of Fig. 7 digital signature method third embodiments of the present invention.
Digital signature method described in present embodiment runs on the signature server based on PDF, it may include following step
Suddenly:
Step S701 obtains the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document.
Step S702 receives the identity information of the user to be signed.
Step S703 carries out Hash calculation to the identity information, generates identity information cryptographic Hash.
Step S704 enters ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE keys
It is right.
Step S705 carries out signature meter by the IBE private keys of the IBE cipher key pairs to the cryptographic Hash of the pdf document
It calculates, generates IBE signing messages.
Step S706, by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and institute
The signature field of the pdf document is written in the IBE public keys for stating IBE cipher key pairs, completes digital signature.
Present embodiment, by obtaining the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document,
The identity information of the user to be signed is received, the cryptographic Hash according to the identity information and with the pdf document generates body
Part information cryptographic Hash, IBE key pairs and IBE signing messages;By the cryptographic Hash of the pdf document, the identity information Hash of generation
The signature field of the pdf document is written in value, IBE signing messages and IBE public keys, can be realized without issuing digital certificate to user
Digital signature, simple operation, signature are efficient, generate IBE keys according to the identity information of user, it is difficult to forge, can reduce public affairs
The security risk of apparatus figure signature altogether.In addition, IBE key pairs are generated in real time, without issuing key and safeguarding in PKI system
Light Directory Access Protocol and online certificate status protocol etc. significantly reduce digital signature cost.And PDF processing can be saved
The interaction at end and signature end, convenient for deployment.
Wherein, step S701 and step S702 is wrapped with digital signature method first embodiment shown in Fig. 2 respectively
The step S201 and S202 included is corresponding.Step S703 to step S705 distinguishes digital signature method second as shown in fig. 4 and implements
Included step S402 is corresponding to step S404 in mode.Step S706 is implemented with digital signature method first shown in Fig. 2
Included step S205 is corresponding in mode.
In one embodiment, it signs by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE
Further include following step before the step of signature field of the pdf document is written in the IBE public keys of information and the IBE cipher key pairs
Suddenly:
Signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key, generates RSA signature letter
Breath.
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE keys
The step of signature field of the pdf document is written in the IBE public keys of centering is further comprising the steps of:
By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, IBE signatures
The signature field of the pdf document is written in the IBE public keys of information and the IBE cipher key pairs.
Preferably, (1977, three digit scholar Rivest, Shamir and Adleman were designed the preset RSA Algorithm
A kind of algorithm) private key can be stored in encryption device.
It further, can also be by the private key of asymmetric arithmetic pair customary in the art to the cryptographic Hash of the pdf document
Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic such as DSA signature algorithm, ECC signature algorithms etc..
Further, can store the identity information cryptographic Hash, the IBE signing messages, the RSA signature information and
The IBE public keys of the IBE cipher key pairs.
In another embodiment, in the IBE private keys by the IBE cipher key pairs to the cryptographic Hash of the pdf document
It is further comprising the steps of after the step of carrying out signature calculation, generating IBE signing messages:
Destroy the IBE private keys.
The present embodiment, IBE private keys only use once, generate IBE signing messages, destroy the IBE private keys, can further drop
The security risk of low common equipment digital signature.
Referring to Fig. 8, the structural schematic diagram of Fig. 8 digital signature system third embodiments of the present invention.
Digital signature system described in present embodiment is deployed in the signature server based on PDF, it may include PDF locates in advance
Manage module 3010, identity information receiving module 3020, Hash calculation module 3030, IBE key pairs module 3040, IBE A.L.S.s
Module 3050 and Digital Signature module 3060 are ceased, wherein:
PDF preprocessing modules 3010, for obtaining pdf document corresponding with user to be signed and the pdf document
Cryptographic Hash.
Identity information receiving module 3020, the identity information for receiving the user to be signed.
Hash calculation module 3030 generates identity information cryptographic Hash for carrying out Hash calculation to the identity information.
IBE key pairs module 3040, for using identity information cryptographic Hash the entering as IBE key pair generating algorithms
Ginseng generates IBE key pairs.
IBE signing messages module 3050, for the IBE private keys by the IBE cipher key pairs to the Kazakhstan of the pdf document
Uncommon value carries out signature calculation, generates IBE signing messages.
Digital Signature module 3060 is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE
The signature field of the pdf document is written in signing messages and the IBE public keys of the IBE cipher key pairs, completes digital signature.
Present embodiment, by obtaining the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document,
The identity information of the user to be signed is received, the cryptographic Hash according to the identity information and with the pdf document generates body
Part information cryptographic Hash, IBE key pairs and IBE signing messages;By the cryptographic Hash of the pdf document, the identity information Hash of generation
The signature field of the pdf document is written in value, IBE signing messages and IBE public keys, can be realized without issuing digital certificate to user
Digital signature, simple operation, signature are efficient, generate IBE keys according to the identity information of user, it is difficult to forge, can reduce public affairs
The security risk of apparatus figure signature altogether.In addition, IBE key pairs are generated in real time, without issuing key and safeguarding in PKI system
Light Directory Access Protocol and online certificate status protocol etc. significantly reduce digital signature cost.And PDF processing can be saved
The interaction at end and signature end, convenient for deployment.
Wherein, PDF preprocessing modules 3010 and identity information receiving module 3020 respectively with PDF preprocessing modules 1010 and
Identity information receiving module 1020;Hash calculation module 3030, IBE key pairs module 3040, IBE signing messages module 3050 are divided
Not with Hash calculation module 2020, IBE key pairs module 2030, IBE signing messages module 2040;Digital Signature module 3060 with
Digital Signature module 1050 is corresponding.
In one embodiment, further include RSA signature information module, for passing through preset RSA Algorithm private key to described
The cryptographic Hash of pdf document carries out signature calculation, generates RSA signature information;Digital Signature module 3060 can be additionally used in the RSA
Signing messages, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs the write-in of IBE public keys described in
Pdf document.
Preferably, (1977, three digit scholar Rivest, Shamir and Adleman were designed the preset RSA Algorithm
A kind of algorithm) private key can be stored in encryption device.
It further, can also be by the private key of asymmetric arithmetic pair customary in the art to the cryptographic Hash of the pdf document
Signature calculation is carried out, other asymmetric signing messages are generated.Asymmetric arithmetic such as DSA signature algorithm, ECC signature algorithms etc..
In one embodiment, IBE signing messages module 3050 can also be used to destroy the IBE private keys.
The present embodiment, IBE private keys only use once, generate IBE signing messages, destroy the IBE private keys, can further drop
The security risk of low common equipment digital signature.
In summary, digital signature method of the invention can be applied to the number of the signature of insuring of the user that insures of insurance industry
The field of word is signed, the state of an illness of medical industry patient user is signed digital signature and other public's type scene characteristics.Have
Following advantage:
It can be digitally signed without issuing digital certificate, be convenient for operation management, IBE technologies to compare PKI technologies, innately
The characteristics of be exactly can be more flexible than the operation of PKI technology, it is convenient.Using IBE technologies, asymmetric arithmetic is still fallen within, it can
Meet the signature requirement of digital signature.
Reduce on common equipment use digital signature security risk, user when being signed using the program,
The subscriber identity information (such as handwritten signature, fingerprint, video, sound, random number) that user generates differs, based on this generation
IBE key pairs will also differ, and be used on common equipment in time, can not also forge the signature private key of the user, and it is private to sign
Key is only only used once, and has been used and has been destroyed immediately, and the IBE private keys of user generate end from without departing from IBE keys.
Reduce cost, the real-time generation of IBE key pairs eliminates the process of delivering key, and the process of signature is can be
What backstage executed, no OCSP, LDAP etc. safeguarded in powerful and complicated PKI systems, and be also to be finished to delete to private key, it saves
The safety of private key is stored, significantly reduces application cost.
Simple operation prepares the information such as signing certificate without user in advance, you can the identity information for inputting itself is (such as hand-written
Signature, fingerprint, video, sound etc.), IBE key pairs are generated at once, and sign to the data to sign, after signature
The PDF document of formation standard.
The dexterous easily deployment of digital signature system, PDF support systems, IBE encryption systems and RSA Algorithm system.It can independent part
Be deployed in enterprise, can also the pattern of cloud be supplied to enterprise to use.And what ustomer premises access equipment was directly interacted with digital signature system,
Eliminate the interaction on the business backstage and digital signature system of enterprise or unit.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
Cannot the limitation to the scope of the claims of the present invention therefore be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the guarantor of the present invention
Protect range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (19)
1. a kind of digital signature method, which is characterized in that include the following steps:
Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document;
Receive the identity information of the user to be signed of ustomer premises access equipment;
The cryptographic Hash of the identity information and the pdf document is sent to signature end;
Receive it is described signature end generated according to the cryptographic Hash of the identity information and the pdf document identity information cryptographic Hash,
IBE signing messages and IBE public keys, wherein the signature end carries out Hash calculation to the identity information, generates the identity letter
Cryptographic Hash is ceased, enters ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs, pass through institute
The IBE private keys for stating IBE cipher key pairs carry out signature calculation to the cryptographic Hash of the pdf document, generate the IBE signing messages,
The IBE key pairs include the IBE private keys and the IBE public keys;
The cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys are written
The signature field of the pdf document completes digital signature.
2. digital signature method according to claim 1, which is characterized in that obtain PDF texts corresponding with user to be signed
The step of cryptographic Hash of part and the pdf document, is further comprising the steps of:
Receive the essential information and PDF template identifications of the user to be signed, wherein the essential information includes described to be signed
Name, address or the phone of user;
Search the PDF filling templates of storage corresponding with the PDF template identifications;
The corresponding position that the essential information is written to the PDF filling templates, generates the pdf document;
Hash calculation is carried out to the pdf document, generates the cryptographic Hash of the pdf document.
3. digital signature method according to claim 2, which is characterized in that the PDF is written in the essential information and is filled out
The corresponding position of mold filling plate, the step of generating the pdf document, are further comprising the steps of:
The corresponding position that the essential information is written to the PDF filling templates generates editable PDF templates;
The editable PDF templates are sent to ustomer premises access equipment, so that the ustomer premises access equipment is according to preset remark information
To the pdf document into edlin, pdf document is generated;
Receive the pdf document that the ustomer premises access equipment is sent.
4. digital signature method according to claim 1, it is characterised in that:
It is write by the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys
It is further comprising the steps of before the step of entering the signature field of the pdf document:
The signature end is received to give birth to the cryptographic Hash progress signature calculation of the pdf document by preset RSA Algorithm private key
At RSA signature information;
The cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE public keys are written
The step of signature field of the pdf document, is further comprising the steps of:
By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages
The signature field of the pdf document is written with the IBE public keys.
5. digital signature method as claimed in any of claims 1 to 4, which is characterized in that the identity information packet
Include the picture of the handwritten signature of the user to be signed, the finger print data of the user to be signed, the user to be signed face
At least one of the voice data of portion's image and the user to be signed.
6. a kind of digital signature system, which is characterized in that including:
PDF preprocessing modules, the cryptographic Hash for obtaining pdf document corresponding with user to be signed and the pdf document;
Identity information receiving module, the identity information of the user to be signed for receiving ustomer premises access equipment;
Sending module, for sending the cryptographic Hash of the identity information and the pdf document to signature end;
Signing messages receiving module, the cryptographic Hash for receiving the signature end according to the identity information and the pdf document
Identity information cryptographic Hash, IBE signing messages and the IBE public keys of generation, wherein the signature end is breathed out by the identity information
It is uncommon to calculate, the identity information cryptographic Hash is generated, using identity information cryptographic Hash the entering as IBE key pair generating algorithms
Ginseng generates IBE key pairs, signature meter is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs
It calculates, generates the IBE signing messages, the IBE key pairs include the IBE private keys and the IBE public keys;
Digital Signature module is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages
The signature field of the pdf document is written with the IBE public keys, completes digital signature.
7. digital signature system according to claim 6, which is characterized in that the PDF preprocessing modules further include template
Receiving module, template searching module, information add module and hash module are identified, wherein:
The template identification receiving module is used to receive the essential information and PDF template identifications of the user to be signed, wherein institute
State name, address or the phone that essential information includes the user to be signed;
The template searching module is used to search the PDF filling templates of storage corresponding with the PDF template identifications;
Described information add module is used to be written the essential information corresponding positions of the PDF filling templates, described in generation
Pdf document;
The hash module is used to carry out Hash calculation to the pdf document, generates the cryptographic Hash of the pdf document.
8. digital signature system according to claim 7, which is characterized in that described information add module is additionally operable to will be described
The corresponding position of the PDF filling templates is written in essential information, generates editable PDF templates;Institute is sent to ustomer premises access equipment
State editable PDF templates so that the ustomer premises access equipment according to preset remark information to the pdf document into edlin,
Generate pdf document;Receive the pdf document that the ustomer premises access equipment is sent.
9. the digital signature system according to any one of claim 6 to 8, it is characterised in that:
The signing messages receiving module is additionally operable to receive the signature end by preset RSA Algorithm private key to PDF texts
The cryptographic Hash of part carries out the RSA signature information that signature calculation is generated;
The Digital Signature module is additionally operable to the RSA signature information, the cryptographic Hash of the pdf document, the identity information
The signature field of the pdf document is written in cryptographic Hash, the IBE signing messages and the IBE public keys.
10. a kind of digital signature method, which is characterized in that include the following steps:
Receive the identity information for the user to be signed that PDF processing ends are sent and pdf document corresponding with the user to be signed
Cryptographic Hash;
Hash calculation is carried out to the identity information, generates identity information cryptographic Hash;
Enter ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs;
Signature calculation is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs, generates IBE signatures
Information;
The identity information cryptographic Hash, described of signature field for the pdf document to be written is sent to the processing ends PDF
The IBE public keys of IBE signing messages and the IBE cipher key pairs, so that digital signature is completed in the processing ends PDF.
11. digital signature method according to claim 10, it is characterised in that:
In the identity information cryptographic Hash, described for sending signature field for the pdf document to be written to the processing ends PDF
It is further comprising the steps of before the step of IBE signing messages and the IBE public keys of the IBE cipher key pairs:
Signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key, generates RSA signature information;
The identity information cryptographic Hash, described of signature field for the pdf document to be written is sent to the processing ends PDF
The step of IBE signing messages and the IBE public keys of the IBE cipher key pairs, is further comprising the steps of:
The RSA signature information, the identity of the signature field for the pdf document to be written are sent to the processing ends PDF
The IBE public keys of information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs.
12. the digital signature method according to claim 10 or 11, which is characterized in that passing through the IBE cipher key pairs
IBE private keys the step of signature calculation is carried out to the cryptographic Hash of the pdf document, generates IBE signing messages after, further include with
Lower step:
Destroy the IBE private keys.
13. a kind of digital signature system, which is characterized in that including:
Receiving module, for receive the processing ends PDF transmission user to be signed identity information and with the user to be signed
The cryptographic Hash of corresponding pdf document;
Hash calculation module generates identity information cryptographic Hash for carrying out Hash calculation to the identity information;
IBE key pair modules generate IBE for entering ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms
Key pair;
IBE signing messages modules carry out the cryptographic Hash of the pdf document for the IBE private keys by the IBE cipher key pairs
Signature calculation generates IBE signing messages;
Signing messages sending module, for being sent to the processing ends PDF for being written described in the signature field of the pdf document
The IBE public keys of identity information cryptographic Hash, the IBE signing messages, RSA signature information and the IBE cipher key pairs, so that described
Complete digital signature in the processing ends PDF.
14. digital signature system according to claim 13, it is characterised in that:
Further include RSA signature information module, for being carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key
Signature calculation generates RSA signature information;
The signing messages sending module is additionally operable to send the signature field for the pdf document to be written to the processing ends PDF
The RSA signature information, the identity information cryptographic Hash, the IBE of the IBE signing messages and the IBE cipher key pairs it is public
Key.
15. a kind of digital signature method, which is characterized in that include the following steps:
Obtain the cryptographic Hash of pdf document corresponding with user to be signed and the pdf document;
Receive the identity information of the user to be signed of ustomer premises access equipment;
Hash calculation is carried out to the identity information, generates identity information cryptographic Hash;
Enter ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms, generates IBE key pairs;
Signature calculation is carried out to the cryptographic Hash of the pdf document by the IBE private keys of the IBE cipher key pairs, generates IBE signatures
Information;
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs
IBE public keys the signature field of the pdf document is written, complete digital signature.
16. digital signature method according to claim 15, it is characterised in that:
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE key pairs
In the IBE public keys the step of signature field of the pdf document is written before, it is further comprising the steps of:
Signature calculation is carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key, generates RSA signature information;
By the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages and the IBE cipher key pairs
The IBE public keys the step of signature field of the pdf document is written it is further comprising the steps of:
By the RSA signature information, the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages
The signature field of the pdf document is written with the IBE public keys of the IBE cipher key pairs.
17. digital signature method according to claim 15 or 16, which is characterized in that passing through the IBE cipher key pairs
IBE private keys the step of signature calculation is carried out to the cryptographic Hash of the pdf document, generates IBE signing messages after, further include with
Lower step:
Destroy the IBE private keys.
18. a kind of digital signature system, which is characterized in that including:
PDF preprocessing modules, the cryptographic Hash for obtaining pdf document corresponding with user to be signed and the pdf document;
Identity information receiving module, the identity information of the user to be signed for receiving ustomer premises access equipment;
Hash calculation module generates identity information cryptographic Hash for carrying out Hash calculation to the identity information;
IBE key pair modules generate IBE for entering ginseng using the identity information cryptographic Hash as IBE key pair generating algorithms
Key pair;
IBE signing messages modules carry out the cryptographic Hash of the pdf document for the IBE private keys by the IBE cipher key pairs
Signature calculation generates IBE signing messages;
Digital Signature module is used for the cryptographic Hash of the pdf document, the identity information cryptographic Hash, the IBE signing messages
The signature field of the pdf document is written with the IBE public keys of the IBE cipher key pairs, completes digital signature.
19. digital signature system according to claim 18, it is characterised in that:
Further include RSA signature information module, for being carried out to the cryptographic Hash of the pdf document by preset RSA Algorithm private key
Signature calculation generates RSA signature information;
The Digital Signature module is additionally operable to the RSA signature information, the identity information cryptographic Hash, the IBE A.L.S.s
The pdf document is written in breath and the IBE public keys of the IBE cipher key pairs.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410849952.0A CN104618107B (en) | 2014-12-29 | 2014-12-29 | digital signature method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410849952.0A CN104618107B (en) | 2014-12-29 | 2014-12-29 | digital signature method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104618107A CN104618107A (en) | 2015-05-13 |
CN104618107B true CN104618107B (en) | 2018-09-14 |
Family
ID=53152401
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410849952.0A Active CN104618107B (en) | 2014-12-29 | 2014-12-29 | digital signature method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104618107B (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106355104A (en) * | 2016-08-25 | 2017-01-25 | 杭州天谷信息科技有限公司 | Electronic signature method for realizing original privacy protection based on sandbox technology |
CN106254372B (en) * | 2016-08-31 | 2019-06-28 | 厦门天锐科技股份有限公司 | A kind of Multi Digital Signature method of ID-based cryptosystem mechanism |
CN106775224B (en) * | 2016-11-30 | 2019-11-29 | 北京小米移动软件有限公司 | Remark information setting method and device |
WO2019061185A1 (en) * | 2017-09-28 | 2019-04-04 | 深圳传音通讯有限公司 | Method and terminal for digitally signing picture |
CN108173648B (en) * | 2017-12-29 | 2021-01-26 | 数安时代科技股份有限公司 | Digital security processing method, device and storage medium based on private key escrow |
CN108596050A (en) * | 2018-04-04 | 2018-09-28 | 广东中星电子有限公司 | The endorsement method and device and sign test method and apparatus of image |
CN108833104A (en) * | 2018-04-08 | 2018-11-16 | 北京信安世纪科技股份有限公司 | A kind of signature method, verification method and the device of file |
TWI676916B (en) * | 2018-05-07 | 2019-11-11 | 台灣人壽保險股份有限公司 | Electronic signature device and electronic signature file generation method |
CN110490008B (en) | 2018-05-14 | 2021-08-10 | 英韧科技(上海)有限公司 | Security device and security chip |
CN110826092A (en) * | 2018-08-14 | 2020-02-21 | 珠海金山办公软件有限公司 | File signature processing system |
CN109785170B (en) * | 2019-01-21 | 2021-01-29 | 中国联合网络通信集团有限公司 | Block chain-based insurance application method and block chain-based insurance application system |
CN110601847B (en) * | 2019-09-05 | 2021-03-05 | 北京海益同展信息科技有限公司 | Accident processing method, device and system |
CN111539001B (en) * | 2020-04-17 | 2022-06-28 | 福建福昕软件开发股份有限公司 | Method and system for simplifying PDF document electronic signature based on enterprise user |
CN117499050B (en) * | 2023-11-09 | 2024-07-02 | 广西北投声远科技股份公司 | Cloud signature method and system based on encryption technology |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101192292A (en) * | 2006-11-28 | 2008-06-04 | 郑机 | On-line transaction signing authentication administrative system and method |
CN101702150A (en) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | Method for protecting, verifying and repealing content of PDF document page |
CN103679436A (en) * | 2013-12-17 | 2014-03-26 | 重庆邮电大学 | Electronic contract security system and method based on biological information identification |
CN103888442A (en) * | 2014-01-13 | 2014-06-25 | 黄晓芳 | System with integration of visualization biological characteristics and one-time digital signature and method thereof |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080091954A1 (en) * | 2006-10-17 | 2008-04-17 | Morris Daniel R | Method and system for facilitating printed page authentication, unique code generation and content integrity verification of documents |
-
2014
- 2014-12-29 CN CN201410849952.0A patent/CN104618107B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101192292A (en) * | 2006-11-28 | 2008-06-04 | 郑机 | On-line transaction signing authentication administrative system and method |
CN101702150A (en) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | Method for protecting, verifying and repealing content of PDF document page |
CN103679436A (en) * | 2013-12-17 | 2014-03-26 | 重庆邮电大学 | Electronic contract security system and method based on biological information identification |
CN103888442A (en) * | 2014-01-13 | 2014-06-25 | 黄晓芳 | System with integration of visualization biological characteristics and one-time digital signature and method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN104618107A (en) | 2015-05-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104618107B (en) | digital signature method and system | |
US10270600B2 (en) | Secure revisioning auditing system for electronic document files | |
CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
US20200265202A1 (en) | Large Data Transfer Using Visual Codes With Feedback Confirmation | |
US10559049B2 (en) | Digital passport country entry stamp | |
CN110276588B (en) | Electronic signature authentication method and device and computer readable storage medium | |
CN111835511A (en) | Data security transmission method and device, computer equipment and storage medium | |
KR101710032B1 (en) | Apparatus and system for preventing product falsification based on electronic documents content and method thereof | |
WO2019237570A1 (en) | Electronic contract signing method, device and server | |
CN110990407A (en) | Block chain based data storage method and device, server and storage medium | |
CN108933667A (en) | A kind of management method and management system of the public key certificate based on block chain | |
US9600690B2 (en) | Secure access for sensitive digital information | |
CN106355104A (en) | Electronic signature method for realizing original privacy protection based on sandbox technology | |
CN107171787B (en) | Data blind signing and storing method and system based on multiple Hash algorithm | |
CN104734851A (en) | Electronic seal method and system | |
CN103888442A (en) | System with integration of visualization biological characteristics and one-time digital signature and method thereof | |
CN111859431B (en) | Electronic file signing method and device, electronic equipment and storage medium | |
CN113961956B (en) | Method, device, equipment and medium for generating and applying labeled network information service | |
CN109934588A (en) | A kind of business handling method and device | |
CN110635900B (en) | Key management method and system suitable for Internet of things system | |
WO2018211475A1 (en) | Method for the creation of a document provided with a high-security digital signature | |
CN115085934A (en) | Contract management method based on block chain and combined key and related equipment | |
CN114726597A (en) | Data transmission method, device, system and storage medium | |
CN112053058B (en) | Index model generation method and device | |
CN111681141B (en) | File authentication method, file authentication device and terminal equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 510000 Guangdong city of Guangzhou province Yuexiu District ho Yin Road No. 101 building 3A room 18 Applicant after: GUANGDONG AUTHENTICATION TECHNOLOGY CO., LTD. Applicant after: Age of security Polytron Technologies Inc Address before: 510000 Guangdong city of Guangzhou province Yuexiu District ho Yin Road No. 101 building 3A room 18 Applicant before: GUANGDONG AUTHENTICATION TECHNOLOGY CO., LTD. Applicant before: Guangdong Certificate Authority Center Co., Ltd. |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant |