CN108833105A - Electric endorsement method and device - Google Patents

Electric endorsement method and device Download PDF

Info

Publication number
CN108833105A
CN108833105A CN201810317166.4A CN201810317166A CN108833105A CN 108833105 A CN108833105 A CN 108833105A CN 201810317166 A CN201810317166 A CN 201810317166A CN 108833105 A CN108833105 A CN 108833105A
Authority
CN
China
Prior art keywords
client
signature
user
core body
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810317166.4A
Other languages
Chinese (zh)
Other versions
CN108833105B (en
Inventor
魏亚文
章建军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201810317166.4A priority Critical patent/CN108833105B/en
Publication of CN108833105A publication Critical patent/CN108833105A/en
Application granted granted Critical
Publication of CN108833105B publication Critical patent/CN108833105B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

This specification embodiment provides a kind of electric endorsement method and device, in electric endorsement method, server-side is after receiving the electronic signature application request of signature service system transmission, according to the user information of each user of the participation electronic signature in electronic signature application request, the environmental information of corresponding client is obtained.Later, according to the environmental information of client, signature instruction is sent to the client of each user.Each client obtains data to be signed after receiving signature instruction, generates the summary info for corresponding to data to be signed, and the certificate by claiming in advance signs to summary info.Finally, the summary info after signature is uploaded to server-side by each client.

Description

Electric endorsement method and device
Technical field
This specification one or more embodiment be related to field of computer technology more particularly to a kind of electric endorsement method and Device.
Background technique
In traditional technology, when multiple users sign for the data of a identical content, it usually needs will sign Original text uploads to electronic signature platform, and (one kind can assist in user management private key, guarantee that electronic signature process is credible, provides identity The third-party platform of the abilities such as card is deposited in verification, process).However, being usually not intended to lead to when the data of user's signature are more sensitive Network is crossed to transmit the data.Accordingly, it is desirable to provide a kind of scheme of safer electronic signature.
Summary of the invention
This specification one or more embodiment describes a kind of electric endorsement method and device, can promote user's body It tests.
In a first aspect, a kind of electric endorsement method is provided, including:
Server-side receives the electronic signature application request that signature service system is sent;The electronic signature application is requested Participate in the user information of each user of electronic signature;
According to the user information of each user, the environmental information of corresponding client is obtained;
According to the environmental information, signature instruction is sent to the client;The signature instruction is used to indicate the visitor Family end obtains data to be signed, and generates the summary info for corresponding to the data to be signed;It is also used to indicate the visitor Family end passes through the certificate claimed in advance and signs to the summary info;
Summary info after receiving signature.
Second aspect provides a kind of electric endorsement method, including:
Receive the signature instruction that server-side is sent;
It is indicated according to the signature, obtains data to be signed;
Generate the first summary info for corresponding to the data to be signed;
It is signed by the certificate claimed in advance to first summary info;
The first summary info after returning to signature to the server-side.
The third aspect provides a kind of electronic signature device, including:
Receiving unit, for receiving the electronic signature application request of signature service system transmission;The electronic signature application Request includes participating in the user information of each user of electronic signature;
Acquiring unit obtains the environmental information of corresponding client for the user information according to each user;
Transmission unit, the environmental information for being obtained according to the acquiring unit send to the client and sign Instruction;The signature instruction is used to indicate the client and obtains data to be signed, and generates corresponding to described to be signed The summary info of data;It is also used to indicate that the client passes through the certificate claimed in advance and signs to the summary info;
The receiving unit, the summary info after being also used to receive signature.
Fourth aspect provides a kind of electronic signature device, including:
Receiving unit, for receiving the signature instruction of server-side transmission;
Acquiring unit obtains data to be signed for indicating according to the received signature of the receiving unit;
Generation unit, for generating the first abstract letter for corresponding to the data to be signed that the acquiring unit obtains Breath;
Signature unit, employee and first summary info that the generation unit is generated by the certificate claimed in advance It signs;
Transmission unit, for the first summary info after returning to the signature unit signature to the server-side.
The electric endorsement method and device that this specification one or more embodiment provides, server-side are receiving signature industry After the electronic signature application request that business system is sent, according to each user of the participation electronic signature in electronic signature application request User information, obtain the environmental information of corresponding client.Later, according to the environmental information of client, to each user's Client sends signature instruction.Each client obtains data to be signed after receiving signature instruction, generate correspond to The summary info of the data of signature, and the certificate by claiming in advance signs to summary info.Finally, each client will Summary info after signature uploads to server-side.It can thus be seen that this illustrates in the scheme provided, each client can be It is local to sign for data to be signed, data to be signed can not be also uploaded to server-side, this can guarantee to The safety of the data of signature, so as to greatly promote the experience of user.
Detailed description of the invention
In order to illustrate more clearly of the technical solution of this specification embodiment, will make below to required in embodiment description Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some embodiments of this specification, right For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings Its attached drawing.
Fig. 1 is the application scenarios schematic diagram for the electric endorsement method that this specification provides;
Fig. 2 is that the certificate that this specification provides claims method information exchange figure;
Fig. 3 is the electric endorsement method information exchange figure that specification one embodiment provides;
Fig. 4 is the electric endorsement method flow chart that another embodiment of this specification provides;
Fig. 5 is the electronic signature device schematic diagram that this specification one embodiment provides;
Fig. 6 is the electronic signature device schematic diagram that another embodiment of this specification provides.
Specific embodiment
With reference to the accompanying drawing, the scheme provided this specification is described.
The electric endorsement method that this specification provides can be applied in scene as shown in Figure 1, and in Fig. 1, customer end A can To refer to that client corresponding with user A, customer end B can refer to client corresponding with user B.User A and user B can be with Refer to two users for participating in electronic signature.In the present specification, customer end A can be identical with the definition of customer end B.With client It holds for for A, following two functions may be implemented:Local electronic signature and identity verification.To local electronic signature, client End A is after the signature instruction for receiving server-side, available data (also referred to as signature original text) to be signed, and generates correspondence Summary info.Later, separate hardware shield or the soft certificate of local side is called to carry out local electronic signature to the summary info.It is right Identity verification, customer end A can pass through following any one or a variety of core bodies after the core body instruction for receiving server-side Mode:Short message, fingerprint, password, recognition of face and identification card number etc. verify the identity of user A.
In Fig. 1, customer end A or customer end B can externally send the request of two classes:The request of client normal heartbeat and card Book claims request (subsequent to be illustrated), remaining can be the request (e.g., core body request etc.) for passively listening server-side transmission.It needs It is noted that the request that customer end A or customer end B are received or sent can through the security gateway of access network.
Server-side in Fig. 1 can send signature instruction to customer end A or customer end B and core body indicates (also referred to as core body Request), wherein signature instruction, which is used to indicate customer end A or customer end B, carries out local electronic signature to data to be signed.This Place, data to be signed may include:The information such as picture, contract and the audio file of electronic form.Core body is indicated for referring to Show that customer end A (either customer end B) verifies the identity of user A (or user B).In addition, server-side can also be from Tripartite certification authority (e.g., certification authority (Certificate Authority, CA)) applies for certificate, and request third party deposits Card mechanism wants permanent reservation to user or the higher data of risk store and request third party's Time Stamping Authority pair Signed data marks timestamp etc..
The electronic signature of this specification description can refer to that user passes through the certificate claimed in advance to data to be signed The process that summary info is signed.Therefore, before the electric endorsement method for executing this specification description, electronic signature is participated in The client of each user first can claim corresponding certificate from Third Party Authentication mechanism (e.g., CA).
Since the process that the client of each user claims certificate is similar, this specification is claimed with the client of a user For for certificate, certificate claims (also referred to as local credential initialization) method can be as shown in Figure 2.In Fig. 2, this method can be with Include the following steps:
Step 210, client sends certificate to server-side and claims request.
Specifically, client is installed on terminal device (PC and/or mobile phone) in user and inputs corresponding account After number, which can send above-mentioned certificate to server-side and claim request.It may include the client that the certificate, which claims request, Hold current environmental information.Environmental information herein may include:Mark (also referred to as device-fingerprint), the account of user of terminal device Number and/or the accessed network of title, client gateway address and certificate type etc..To certificate type, when user uses Be separate hardware shield, then certificate type can be:ukey;And use the soft certificate of local side as user, then certificate type Can be:cert.
Server-side can be worked as after receiving above-mentioned certificate and claiming request according to the environmental information of the client, judgement Whether the preceding certificate type user is available, and (e.g., whether which belongs to the user and whether the certificate type can Enough downloadable authentications etc.).Further, it is also possible to which combining environmental information determines the available core body mode of user.Such as, according to terminal device Mark, determine user terminal device be mobile phone when, can core body mode include:Short message, fingerprint, password, face are known Other and identification card number etc..And the terminal device for determining user be PC when, can core body mode include:Password And identification card number etc..It should be noted that when determining there are many available core body modes of user, it can be based on default rule Then, any several be combined in a variety of core body modes is set into the final core body mode of user.
In addition, server-side can also record the account and/or title of above-mentioned user, the mark of terminal device and gateway The corresponding relationship of address.In one example, which can be as shown in table 1.
Table 1
Account/title of user The address of gateway The mark of terminal device ...
Certainly, in practical applications, corresponding relationship shown in table 1 can also include other information, e.g., user type etc., This specification is not construed as limiting this.
Step 220, server-side is claimed according to certificate and is requested, to the client or the other online and available visitor of user Family end sends the instruction of core body.
Such as, in server-side combining environmental information, it is available to judge the current certificate type user, and sets final core After body mode, it can search that the user is all online and available client, if found more than two online and available Client (client logged in including user by mobile phone and the client etc. logged in by PC), then preferentially to end End equipment is that the client of mobile phone sends the instruction of core body.It is understood that if looking only for a client (i.e. above-mentioned hair The client for sending certificate to claim request), then the instruction of core body is sent to the client.
It is understood that above-mentioned core body instruction sends failure or does not find online and available client (currently Client goes offline), then certificate claims process and terminates.
Step 230, the client or other clients verify the identity of user.
In one example, the client or other clients, can be aobvious to user after receiving the instruction of core body Show the information for indicating that user is needed to carry out identity verification, and the identity of user is verified.It specifically, can be by upper Final core body mode is stated to verify the identity of user.
Step 240, the client or other clients return to core body result to server-side.
Step 250, when core body result is that core body passes through, server-side obtains certificate from Third Party Authentication mechanism.
It in one implementation, can be first to the client before server-side obtains certificate from third party's certificate agency End sends the notification message for indicating to start to install certificate.It should be noted that the notification message can be server-side According to the gateway address (gateway address herein can be obtained according to above-mentioned corresponding relationship) of the accessed network of the client, search To corresponding gateway, sent later by the gateway to the client.The client is after receiving the notification message, such as Fruit determines that the notification message is legal, then is locally generated public, private key secret key pair.In one example, if the card of the client Book type is:Ukey can then call the driving of ukey to generate public, private key secret key pair, and the driving of ukey can be called to adopt It is signed with the private key of generation to public key.Later client can by after signature public key and business information be sent to service End.Business information herein is determined according to different electronic signature services.Server-side is according to the business information, from third party Certification authority obtains certificate.
Step 260, certificate is returned to the client.
Herein, when server-side also receive client transmission signature after public key when, after server-side can be to signature Public key carries out sign test.And after sign test passes through, above-mentioned certificate is encrypted by the public key.Later, it is returned to the client Return encrypted certificate.
The client can first confirm that the certificate received is effective after the certificate for receiving server-side transmission.Later, It can be decrypted according to the certificate of private key pair encryption, and separate hardware shield or the soft card of local side is written into the certificate after decryption Book.After local is written in certificate, client can also send certificate to server-side and successful message is written.Server-side is receiving To after the successful message of the write-in, the corresponding relationship between user and above-mentioned certificate can store.In one example, the correspondence Relationship can be as shown in table 2.
Table 2
Certainly, in practical applications, corresponding relationship shown in table 2 can also include other information, e.g., modification time etc., This specification is not construed as limiting this.
After the process that the client completion certificate of each user claims, so that it may execute following electric endorsement method ?.
Fig. 3 is the electric endorsement method information exchange figure that this specification one embodiment provides.As shown in figure 3, the side Method can specifically include:
Step 310, server-side receives the electronic signature application request that signature service system is sent.
Specifically, user can be in the description information of each user of signature service system setting participation electronic signature.This The description information at place may include user information, signature position and signature sequence of each user etc..Wherein, user information It may include title and/or the account etc. of user.After completing above-mentioned setting, user can initiate the industry that signs electronically accordingly Business.After user initiates electronic signature service, electronic signature service system can send above-mentioned electronic signature Shen to server-side It please request.Electronic signature application request may include foregoing description information.In addition, it can include signature rule (e.g., configures Digest algorithm etc.) etc..
Step 320, according to the user information of each user, the environmental information of corresponding client is obtained.
Environmental information herein may include the address of the gateway of the accessed network of above-mentioned client.Further, it is also possible to wrap The mark etc. of equipment where including above-mentioned client.In one implementation, server-side can be from corresponding relationship shown in table 1 In, obtain the environmental information of client.
Step 330, according to environmental information, signature instruction is sent to client.
In one implementation, according to environmental information, the process for sending signature instruction to client can be:Server-side The gateway of the accessed network of client can be found according to the address of gateway.Above-mentioned signature instruction is sent to the gateway.Gateway It is receiving signature instruction and then according to the mark of equipment, is finding the terminal device where client.Finally to the end End equipment sends above-mentioned signature instruction.Thus, it is possible to realize the life cycle locally to sign electronically is managed by force, signature process pipe Control.
It, may during the client of server side searches some users it should be noted that in practical applications More than two online and available clients are found (client that logs in including user by mobile phone and to step on by PC The client etc. of record).If finding more than two clients, signature is sent to more than two clients simultaneously and is referred to Show.
In step 330, server-side can be successively each to participating in signing electronically according to the signature sequence in description information The client of user sends above-mentioned signature instruction.Signature instruction may include signature position and signature rule etc..It can manage Solution, when the user for participating in electronic signature is multiple, then the step of above-mentioned server-side transmission signature instruction is that circulation executes 's.Client can inform that user inputs data to be signed after receiving above-mentioned signature instruction in the form of playing frame.When User inputs after data to be signed, and client can be according to the digest algorithm configured in signature rule, to be signed Data carry out operation, to generate corresponding summary info.Separate hardware shield or the soft certificate of local side are called later, in correspondence Signature position sign to summary info.
Step 340, the summary info after signature is received.
Summary info after the signature that client is returned to server-side can be using a kind of pkcs#7 (grammer for encrypting message Standard) format, thereby it is ensured that the safety of information.
It should be noted that in server-side according to signature sequence successively to the client for each user for participating in electronic signature During sending signature instruction, in order to guarantee the safety of signature, completing signature in some user, (user herein completes label Name can refer to the summary info after the signature that the client for receiving the user returns) after, refer to sending signature next time It, can (environmental informations such as a kind of facility information by user, network information be divided according to risk evaluation model before showing Analyse to judge that the current behavior of user whether there is the machine learning model of risk) judge that the signature behavior of user whether there is Risk.If there is risk, it is determined that meet the condition for carrying out identity verification to the user, and carry out identity core to the user It is real.Signature instruction is sent after the identity verification to the user passes through, then to the client of the user.It is understood that such as Risk is not present in fruit, then directly sends signature instruction to the client of the user.
The process of above-mentioned identity verification can be:Server-side can search that the user is all online and available client, If finding the more than two online and available clients (client that logs in including user by mobile phone and by personal electric The client etc. that brain logs in), then the instruction of core body preferentially is sent to the client that terminal device is mobile phone.It is understood that such as Fruit looks only for a client, then sends the instruction of core body to the client.Client, can be with after receiving the instruction of core body The information for indicating that user is needed to carry out identity verification is shown to user, and the identity of user is verified.Later, client End can return to core body result to server-side.
During executing above-mentioned identity verification, it is also possible to there is the case where lookup is less than client.When search less than When, it can inform that the user of the client needs to carry out identity by other channels (e.g., connection or telephony product etc. under line) The information of verification.After user views the information, logs in corresponding client and carry out identity verification.
In addition, when data of multiple users to a identical content sign electronically, in order to guarantee electronic signature Validity, also in order to guarantee to be signed seen in user, in the electric endorsement method of this specification offer, in server-side to client When end sends signature instruction, if there is signature is completed in user, i.e. server-side has received the label that the client of certain user returns Summary info after name, then server-side can send the summary info having received while sending signature instruction.In client End is when also receiving summary info, then the client, can be with after generating corresponding summary info for data to be signed The summary info of generation is compared with received summary info, when the alignment is identical, the summary info of generation is signed Name.It is above-mentioned to be by the principle that is compared of abstract:By the equal judgement of summary info, counter can push away data to be signed (or Person sign original text) consistency.
It should also be noted that, server-side receive client return signature after summary info after, can be right The validity of summary info and used certificate of signing after signature is verified.Further, it is also possible to judge signature task Whether (summary info whether have received the signature that participates in all users of electronic signature after) is completed.If the task of signature It does not complete, then continues to send signature instruction to the client of the user of unfinished signature.It, can be to if signature task is completed Signature service system returns to the message that electronic signature is completed.Data can additionally be filed.In one example, file Data afterwards can be as shown in table 3.
Table 3
Core body result Signature contents Environmental information Step log ...
Certainly, in practical applications, data shown in table 3 can also include other information, e.g., signature rule etc., this theory Bright book is not construed as limiting this.
Server-side in this specification above-described embodiment can provide following function:1) shape of the client of user is safeguarded State.2) corresponding relationship between user and certificate is safeguarded.3) the identity verification process of assembling verifying user identity.4) docking is realized Multiple third-party institutions (e.g., CA and third party Cun Zheng mechanism etc.) relevant to electronic signature.
To sum up, the electric endorsement method provided by this specification embodiment can be not necessarily to upload service in signature original text Under the premise of end, realize that multiple users carry out local electronic signature to the data of a identical content.It ensure that as a result, wait sign Under the premise of the data safety of name, while can be with electronic signature service seamless connection.In addition, being mentioned by this specification embodiment The electric endorsement method of confession is, it can be achieved that signed data (summary info after signing) user's local client and server-side are double standby Part.Finally, the electric endorsement method provided by this specification embodiment, will can participate in the signature of the user of electronic signature in real time Synchronizing information is to client local, so that each client has institute in this electronic signature during signing electronically each time There is the signing messages of user, increases the sense of security and trust of user.
Fig. 4 is the electric endorsement method flow chart that another embodiment of this specification provides.The executing subject of the method It can be the client in Fig. 1.As shown in figure 4, the method can specifically include:
Step 410, the signature instruction that server-side is sent is received.
Signature instruction may include signature position and signature rule etc..
Step 420, it is indicated according to signature, obtains data to be signed.
Client can inform that user inputs number to be signed after receiving above-mentioned signature instruction in the form of playing frame According to.
Step 430, the first summary info for corresponding to data to be signed is generated.
After user inputs data to be signed, client can according to the digest algorithm configured in signature rule, Operation is carried out to data to be signed, to generate corresponding first summary info.
Step 440, it is signed by the certificate claimed in advance to the first summary info.
When the certificate claimed in advance is pre-written at relatively low cost separate hardware shield or the soft certificate of local side, the process of above-mentioned signature Can be:Client call separate hardware shield or the soft certificate of local side carry out the first summary info in corresponding signature position Signature.
Optionally, the instruction of above-mentioned signature may include the second summary info of user of having signed.Second summary info is Sign what user was generated by corresponding client for data to be signed.It further include having signed user's in signature instruction When the second summary info, can be to the process that the first summary info is signed above by the certificate claimed in advance:By One summary info is compared with the second summary info.When the alignment is identical, the first abstract is believed by the certificate claimed in advance Breath is signed.
Step 450, the first summary info after returning to signature to server-side.
The first summary info after the signature that client is returned to server-side can using pkcs#7 (a kind of encryption message Grammer standard) format, thereby it is ensured that the safety of information.
Accordingly with above-mentioned electric endorsement method, a kind of electronic signature device that this specification one embodiment also provides, As shown in figure 5, the device includes:
Receiving unit 501, for receiving the electronic signature application request of signature service system transmission.The electronic signature application Request includes participating in the user information of each user of electronic signature.
Acquiring unit 502 obtains the environmental information of corresponding client for the user information according to each user.
Transmission unit 503, the environmental information for being obtained according to acquiring unit 502 send signature instruction to client.It should Signature instruction is used to indicate client and obtains data to be signed, and generates the summary info for corresponding to data to be signed.Also Client is used to indicate to sign to summary info by the certificate claimed in advance.
Optionally, above-mentioned environmental information may include the address of the gateway of the accessed network of client.
Transmission unit 503 specifically can be used for:
According to the address of gateway, corresponding gateway is determined.
Signature instruction is sent to client by corresponding gateway.
Receiving unit 501, the summary info after being also used to receive signature.
Optionally, receiving unit 501, the certificate for being also used to receive client transmission claim request.
Transmission unit 503 is also used to be claimed according to the received certificate of receiving unit 501 and request, to the client or use The other online and available client at family sends the instruction of core body.Core body instruction is used to indicate the client or other clients End carries out identity verification to user.
Receiving unit 501 is also used to receive the core body result that client or other clients return.
Acquiring unit 502 is also used to recognize when the received core body result of receiving unit 501 is that core body passes through from third party It demonstrate,proves mechanism and obtains certificate.
Transmission unit 503 is also used to return to certificate to client.
Optionally, which can also include:Judging unit 504.
Judging unit 504 meets the condition to user's progress identity verification for judging whether according to environmental information.
Transmission unit 503 is also used to if it is determined that the judgement of unit 504 meets the condition for carrying out identity verification to user, then The instruction of core body is sent to client or the other online and available client of user.Core body instruction is used to indicate client Or other clients carry out identity verification to user.
Receiving unit 501 is also used to receive the core body result that client or other clients return.
Transmission unit 503 specifically can be used for:
When core body result is that core body passes through, signature instruction is sent to client.
The function of each functional module of this specification above-described embodiment device can pass through each step of above method embodiment Rapid to realize, therefore, the specific work process for the device that this specification one embodiment provides does not repeat again herein.
The electronic signature device that this specification one embodiment provides, receiving unit 501 receive signature service system and send Electronic signature application request.Acquiring unit 502 obtains the environment letter of corresponding client according to the user information of each user Breath.Transmission unit 503 sends signature instruction according to environmental information, to client.Signature instruction is used to indicate client acquisition Data to be signed, and generate the summary info for corresponding to data to be signed.It is also used to indicate client by claiming in advance Certificate sign to summary info.Receiving unit 501 receives the summary info after signature.Thus, it is possible to guarantee to be signed Data safety, so as to greatly promote the experience of user.
It should be noted that the electronic signature device that this specification embodiment provides can be one of server-side in Fig. 1 Module or unit.
Accordingly with above-mentioned electric endorsement method, a kind of electronic signature device that this specification one embodiment also provides, As shown in fig. 6, the device includes:
Receiving unit 601, for receiving the signature instruction of server-side transmission.
Acquiring unit 602 obtains data to be signed for indicating according to the received signature of receiving unit 601.
Generation unit 603, for generating the first abstract letter for corresponding to the data to be signed that acquiring unit 602 obtains Breath.
Signature unit 604 carries out the first summary info that generation unit 603 generates for the certificate by claiming in advance Signature.
Optionally, the instruction of above-mentioned signature may include the second summary info of user of having signed.Second summary info is Sign what user was generated by corresponding client for data to be signed.
Signature unit 604 specifically can be used for:
First summary info is compared with the second summary info.
When the alignment is identical, it is signed by the certificate claimed in advance to the first summary info.
Transmission unit 605, for returning to the first summary info after signature unit 604 is signed to server-side.
Optionally, which can also include:Core body unit 606.
Transmission unit 605 is also used to send certificate to server-side to claim and request.
Receiving unit 601 is also used to receive the core body instruction of server-side return.
Core body unit 606 carries out identity core to corresponding user for indicating according to the received core body of receiving unit 601 It is real.
Transmission unit 605 is also used to return to core body result to server-side.
Receiving unit 601 is also used to receive the certificate of server-side return.The certificate be by server-side core body result be core When body passes through, obtained from third party's certificate agency.
The function of each functional module of this specification above-described embodiment device can pass through each step of above method embodiment Rapid to realize, therefore, the specific work process for the device that this specification one embodiment provides does not repeat again herein.
The electronic signature device that this specification one embodiment provides, receiving unit 601 receive the signature that server-side is sent Instruction.Acquiring unit 602 is indicated according to signature, obtains data to be signed.Generation unit 603 is generated corresponding to acquisition wait sign First summary info of the data of name.Signature unit 604 passes through the certificate claimed in advance and signs to the first summary info.Hair The first summary info after sending unit 605 to return to signature to server-side.Thus, it is possible to guarantee the safety of data to be signed, So as to greatly promote the experience of user.
It should be noted that the electronic signature device that this specification embodiment provides can be customer end A or visitor in Fig. 1 A module or unit of family end B.
Those skilled in the art are it will be appreciated that in said one or multiple examples, described in this specification Function can be realized with hardware, software, firmware or their any combination.It when implemented in software, can be by these function Can storage in computer-readable medium or as on computer-readable medium one or more instructions or code passed It is defeated.
Above-described specific embodiment has carried out into one the purpose of this specification, technical scheme and beneficial effects Step is described in detail, it should be understood that being not used to limit this foregoing is merely the specific embodiment of this specification The protection scope of specification, all any modifications on the basis of the technical solution of this specification, made, change equivalent replacement Into etc., it should all include within the protection scope of this specification.

Claims (14)

1. a kind of electric endorsement method, which is characterized in that including:
Server-side receives the electronic signature application request that signature service system is sent;The electronic signature application request includes participating in The user information of each user of electronic signature;
According to the user information of each user, the environmental information of corresponding client is obtained;
According to the environmental information, signature instruction is sent to the client;The signature instruction is used to indicate the client Data to be signed are obtained, and generate the summary info for corresponding to the data to be signed;It is also used to indicate the client It is signed by the certificate claimed in advance to the summary info;
Summary info after receiving signature.
2. the method according to claim 1, wherein the environmental information includes the accessed network of the client Gateway address;
It is described that signature instruction is sent to the client according to the environmental information, including:
According to the address of the gateway, the gateway is determined;
The signature instruction is sent to the client by the gateway.
3. method according to claim 1 or 2, which is characterized in that receive signature service system in the server-side and send Electronic signature application request before, further include:
It receives the certificate that the client is sent and claims request;
It is claimed and is requested according to the certificate, sent to the client or the other online and available client of the user The instruction of core body;The core body instruction is used to indicate the client or other clients and carries out identity verification to the user;
Receive the core body result that the client or other clients return;
When the core body result is that core body passes through, the certificate is obtained from Third Party Authentication mechanism;
The certificate is returned to the client.
4. method according to claim 1 or 2, which is characterized in that described according to the environmental information, to the client Before end sends signature instruction, further include:
According to the environmental information, judge whether to meet the condition that identity verification is carried out to the user;
If it is satisfied, then sending the instruction of core body to the client or the other online and available client of the user; The core body instruction is used to indicate the client or other clients and carries out identity verification to the user;
Receive the core body result that the client or other clients return;
It is described that signature instruction is sent to the client according to the environmental information, including:
When the core body result is that core body passes through, signature instruction is sent to the client.
5. a kind of electric endorsement method, which is characterized in that including:
Receive the signature instruction that server-side is sent;
It is indicated according to the signature, obtains data to be signed;
Generate the first summary info for corresponding to the data to be signed;
It is signed by the certificate claimed in advance to first summary info;
The first summary info after returning to signature to the server-side.
6. according to the method described in claim 5, it is characterized in that, second abstract of the signature instruction including the user that signed Information;Second summary info is that the user that signed is generated by corresponding client for the data to be signed 's;
The certificate by claiming in advance signs to first summary info, including:
First summary info is compared with second summary info;
When the alignment is identical, it is signed by the certificate claimed in advance to first summary info.
7. method according to claim 5 or 6, which is characterized in that indicate it in the signature that the reception server-side is sent Before, further include:
Certificate, which is sent, to the server-side claims request;
Receive the core body instruction that the server-side returns;
It is indicated according to the core body, identity verification is carried out to corresponding user;
Core body result is returned to the server-side;
Receive the certificate that the server-side returns;The certificate is to be led to by the server-side in the core body result for core body It is out-of-date, it is obtained from third party's certificate agency.
8. a kind of electronic signature device, which is characterized in that including:
Receiving unit, for receiving the electronic signature application request of signature service system transmission;The electronic signature application request User information including participating in each user of electronic signature;
Acquiring unit obtains the environmental information of corresponding client for the user information according to each user;
Transmission unit, the environmental information for being obtained according to the acquiring unit send signature instruction to the client; The signature instruction is used to indicate the client and obtains data to be signed, and generates and correspond to the data to be signed Summary info;It is also used to indicate that the client passes through the certificate claimed in advance and signs to the summary info;
The receiving unit, the summary info after being also used to receive signature.
9. device according to claim 8, which is characterized in that the environmental information includes the accessed network of the client Gateway address;
The transmission unit is specifically used for:
According to the address of the gateway, the gateway is determined;
The signature instruction is sent to the client by the gateway.
10. device according to claim 8 or claim 9, which is characterized in that
The receiving unit is also used to receive the certificate that the client is sent and claims request;
The transmission unit is also used to claim request according to the received certificate of the receiving unit, to the client or The other online and available client of user described in person sends the instruction of core body;The core body instruction is used to indicate the client Or other clients carry out identity verification to the user;
The receiving unit is also used to receive the core body result that the client or other clients return;
The acquiring unit is also used to when the received core body result of the receiving unit is that core body passes through, from third party Certification authority obtains the certificate;
The transmission unit is also used to return to the certificate to the client.
11. device according to claim 8 or claim 9, which is characterized in that further include:
Judging unit meets the condition to user progress identity verification for judging whether according to the environmental information;
The transmission unit, if being also used to the judging unit judgement meets the condition for carrying out identity verification to the user, Then the instruction of core body is sent to the client or the other online and available client of the user;The core body instruction is used Identity verification is carried out to the user in the instruction client or other clients;
The receiving unit is also used to receive the core body result that the client or other clients return;
The transmission unit is specifically used for:
When the core body result is that core body passes through, signature instruction is sent to the client.
12. a kind of electronic signature device, which is characterized in that including:
Receiving unit, for receiving the signature instruction of server-side transmission;
Acquiring unit obtains data to be signed for indicating according to the received signature of the receiving unit;
Generation unit, for generating the first summary info for corresponding to the data to be signed that the acquiring unit obtains;
Signature unit signs first summary info that the generation unit generates for the certificate by claiming in advance Name;
Transmission unit, for the first summary info after returning to the signature unit signature to the server-side.
13. device according to claim 12, which is characterized in that signature instruction includes having signed the second of user to pluck Want information;Second summary info is that the user that signed is raw for the data to be signed by corresponding client At;
The signature unit is specifically used for:
First summary info is compared with second summary info;
When the alignment is identical, it is signed by the certificate claimed in advance to first summary info.
14. device according to claim 12 or 13, which is characterized in that further include:Core body unit;
The transmission unit is also used to send certificate to the server-side to claim and request;
The receiving unit is also used to receive the core body instruction that the server-side returns;
The core body unit carries out identity to corresponding user for indicating according to the received core body of the receiving unit It verifies;
The transmission unit is also used to return to core body result to the server-side;
The receiving unit is also used to receive the certificate that the server-side returns;The certificate is existed by the server-side When the core body result is that core body passes through, obtained from third party's certificate agency.
CN201810317166.4A 2018-04-10 2018-04-10 Electronic signature method and device Active CN108833105B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810317166.4A CN108833105B (en) 2018-04-10 2018-04-10 Electronic signature method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810317166.4A CN108833105B (en) 2018-04-10 2018-04-10 Electronic signature method and device

Publications (2)

Publication Number Publication Date
CN108833105A true CN108833105A (en) 2018-11-16
CN108833105B CN108833105B (en) 2020-12-29

Family

ID=64155264

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810317166.4A Active CN108833105B (en) 2018-04-10 2018-04-10 Electronic signature method and device

Country Status (1)

Country Link
CN (1) CN108833105B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021004054A1 (en) * 2019-07-05 2021-01-14 创新先进技术有限公司 Certificate application method and apparatus, terminal device, gateway device and server
CN113190834A (en) * 2021-01-29 2021-07-30 统信软件技术有限公司 File signature method, computing device and storage medium
US11095460B2 (en) 2019-07-05 2021-08-17 Advanced New Technologies Co., Ltd. Certificate application operations

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101419686A (en) * 2008-10-28 2009-04-29 吕金洪 A kind of on-line contract signing system based on the internet
CN101610150A (en) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 Third party's digital signature method and data transmission system
CN102867261A (en) * 2012-08-24 2013-01-09 深圳市亚略特生物识别科技有限公司 Fingerprint digital certificate-based electronic contract signing method
US20130080770A1 (en) * 2002-04-02 2013-03-28 Collaborative Agreements, LLC System and Apparatus for Facilitating Transactions Between Two or More Parties
CN103365538A (en) * 2013-04-08 2013-10-23 广州华多网络科技有限公司 Instant communication control method and instant communication control device
CN103873255A (en) * 2014-03-03 2014-06-18 杭州电子科技大学 Electronic contract off-line signing method based on trusted third party
WO2016131099A1 (en) * 2015-02-18 2016-08-25 Fuji Xerox Australia Pty Limited Generating a signed electronic document
CN106067849A (en) * 2016-05-24 2016-11-02 飞天诚信科技股份有限公司 A kind of digital signature method being applicable to PDF document and device
CN107657553A (en) * 2017-09-21 2018-02-02 浙江惠码科技有限公司 A kind of electronic contract generation method based on alliance's chain, information anti-fake method of tracing to the source

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130080770A1 (en) * 2002-04-02 2013-03-28 Collaborative Agreements, LLC System and Apparatus for Facilitating Transactions Between Two or More Parties
CN101419686A (en) * 2008-10-28 2009-04-29 吕金洪 A kind of on-line contract signing system based on the internet
CN101610150A (en) * 2009-07-22 2009-12-23 中兴通讯股份有限公司 Third party's digital signature method and data transmission system
CN102867261A (en) * 2012-08-24 2013-01-09 深圳市亚略特生物识别科技有限公司 Fingerprint digital certificate-based electronic contract signing method
CN103365538A (en) * 2013-04-08 2013-10-23 广州华多网络科技有限公司 Instant communication control method and instant communication control device
CN103873255A (en) * 2014-03-03 2014-06-18 杭州电子科技大学 Electronic contract off-line signing method based on trusted third party
WO2016131099A1 (en) * 2015-02-18 2016-08-25 Fuji Xerox Australia Pty Limited Generating a signed electronic document
CN106067849A (en) * 2016-05-24 2016-11-02 飞天诚信科技股份有限公司 A kind of digital signature method being applicable to PDF document and device
CN107657553A (en) * 2017-09-21 2018-02-02 浙江惠码科技有限公司 A kind of electronic contract generation method based on alliance's chain, information anti-fake method of tracing to the source

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021004054A1 (en) * 2019-07-05 2021-01-14 创新先进技术有限公司 Certificate application method and apparatus, terminal device, gateway device and server
US11095460B2 (en) 2019-07-05 2021-08-17 Advanced New Technologies Co., Ltd. Certificate application operations
CN113190834A (en) * 2021-01-29 2021-07-30 统信软件技术有限公司 File signature method, computing device and storage medium

Also Published As

Publication number Publication date
CN108833105B (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN109756485B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
CN107579827B (en) Electronic document signing method based on trusted third party and face recognition technology
CN108881253B (en) Block chain real name participation method and system
CN103107996B (en) Digital certificate download online method and system, digital certificate are provided platform
CN101521569B (en) Method, equipment and system for realizing service access
CN107070667A (en) Identity identifying method, user equipment and server
CN109413096B (en) A kind of login method and device more applied
CN112487778A (en) Multi-user online signing system and method
US20050287985A1 (en) Using a portable security token to facilitate public key certification for devices in a network
CN102984127A (en) User-centered mobile internet identity managing and identifying method
CN103051453A (en) Digital certificate-based mobile terminal network security trading system and digital certificate-based mobile terminal network security trading method
CN110189184B (en) Electronic invoice storage method and device
CN105591745A (en) Method and system for performing identity authentication on user using third-party application
CN113515756B (en) High-credibility digital identity management method and system based on block chain
CN104796408B (en) Single-point live login method and single-point live login device
CN105681340A (en) Digital certificate use method and apparatus
CN108833105A (en) Electric endorsement method and device
CN108876375B (en) Block chain real name participation method and system
CN110113334A (en) Contract processing method, equipment and storage medium based on block chain
CN115150072A (en) Cloud network issuing authentication method, equipment, device and storage medium
CN106656507A (en) Method and device for electronic authentication based on mobile terminal
CN102694818B (en) The online distribution method of online private key and system
CN113328854A (en) Service processing method and system based on block chain
CN108512832A (en) A kind of safe Enhancement Method for OpenStack authentications
CN110535649B (en) Data circulation method and system, service platform and first terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201022

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20201022

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant