CN110276588B - Electronic signature authentication method and device and computer readable storage medium - Google Patents

Electronic signature authentication method and device and computer readable storage medium Download PDF

Info

Publication number
CN110276588B
CN110276588B CN201910421930.7A CN201910421930A CN110276588B CN 110276588 B CN110276588 B CN 110276588B CN 201910421930 A CN201910421930 A CN 201910421930A CN 110276588 B CN110276588 B CN 110276588B
Authority
CN
China
Prior art keywords
signature
user
information
identity
signing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910421930.7A
Other languages
Chinese (zh)
Other versions
CN110276588A (en
Inventor
高军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Ping An Smart Healthcare Technology Co ltd
Original Assignee
Shenzhen Ping An Smart Healthcare Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Ping An Smart Healthcare Technology Co ltd filed Critical Shenzhen Ping An Smart Healthcare Technology Co ltd
Priority to CN201910421930.7A priority Critical patent/CN110276588B/en
Publication of CN110276588A publication Critical patent/CN110276588A/en
Application granted granted Critical
Publication of CN110276588B publication Critical patent/CN110276588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/93Document management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Abstract

The invention relates to the technical field of security mechanisms, and discloses an electronic signature authentication method, which comprises the following steps: the identity of the user is confirmed, and after the identity is confirmed, the electronic signing and checking system is started, and a document signing flow is initiated; when needing to sign on the electronic signing and checking system, further carrying out identity verification on the signing personnel and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signing personnel; receiving the handwritten signature of the signer, generating a checking result signed document, summarizing the abstract of the signature information, and performing CA synthesis by a third-party signature platform; receiving a handwritten signature of a user, generating a check result and signing a document, summarizing the summary of signature information, and performing CA synthesis by a third-party signature platform; the signed document is archived. The invention also provides an electronic signature authentication device and a computer readable storage medium. The invention can realize high efficiency and transparentization of signature confirmation in the law enforcement process.

Description

Electronic signature authentication method and device and computer readable storage medium
Technical Field
The present invention relates to the field of security mechanisms, and in particular, to a method and an apparatus for authenticating an electronic signature, and a computer-readable storage medium.
Background
In recent years, the food quality safety tracking and tracing has greater and greater significance for preventing food pollution and food poisoning and terminal law enforcement, and how to establish a complete, rapid and efficient food quality safety tracking and tracing system is crucial to terminal law enforcement. At present, in the process of terminal law enforcement, food safety signs and confirms inspection results through on-site paper files, subsequent law enforcement personnel need to input results into the system again, on-site signing information cannot be inquired in the system, and the paper files need to be searched for to store root links, so that the following defects exist: firstly, in the terminal law enforcement process, law enforcement personnel are required to input the inspection result again, so that the defects of huge and redundant data volume, low manual operation efficiency, environmental pollution and the like exist, and great challenges are caused to the law enforcement efficiency; secondly, the food safety related data is not transparent, which is not beneficial to information confirmation, search and follow-up, and brings great inconvenience to the local law enforcement agency for food quality safety management. Thirdly, in the law enforcement process, the artificial subjective factors are too many, and no relevant measures are provided for preventing the personnel from cheating the inspection work (others sign instead), so that the food safety has more relevant troubles in the terminal law enforcement process.
Disclosure of Invention
The invention provides an electronic signature authentication method, an electronic signature authentication device and a computer readable storage medium, and mainly aims to provide the effects of high efficiency and transparentization of signature confirmation in a law enforcement process.
In order to achieve the above object, the present invention provides an electronic signature authentication method, which is applied in a mobile terminal, and includes:
when electronic signature is needed, the mobile terminal confirms the identity of a user, and after the identity is confirmed, the electronic signing system is started, and a document signing flow is initiated to receive signature authentication of a signing personnel and/or the user;
when needing to sign on the electronic signing and checking system, further carrying out identity verification on the signing personnel and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signing personnel;
receiving the handwritten signature of the signer, generating a checking result signed document, summarizing the abstract of the signature information, and performing CA (certificate Authority) synthesis by a third-party signature platform;
receiving the handwritten signature of the user, generating a signature document of a confirmation check result, summarizing the signature information, and performing CA (certificate Authority) synthesis by a third-party signature platform;
the validated result signing document is archived.
Optionally, the identity confirmation mode includes one or a combination of a face recognition mode and a short message verification mode.
Optionally, the face recognition method includes:
acquiring a face video image of a user or a signer;
extracting the face information and the posture action information of the user or the signer in the face video image;
comparing the acquired face information of the user with face identification information prestored in a database, and executing primary identity authentication;
if the first authentication is successful, comparing the acquired gesture action information with gesture identification information prestored in a database, and executing second authentication;
and if the second authentication is successful, confirming that the authentication is passed.
Optionally, the short message verification method includes:
prompting a user or a signer to input a mobile phone number and acquire a verification code in the mobile terminal according to requirements;
generating a short message verification code according to rules, and sending the mobile phone number and the verification code content of a user or a signing person to a verification code short message platform through a short message verification interface;
the verification code short message platform submits the mobile phone number and the verification code content to a server of a corresponding operator after judging;
the server of the operator sends the short message content to the mobile terminal of the user or the signer, so that the received verification code is input into the mobile terminal, and if the verification code is input correctly, the identity verification is displayed to be successful.
Optionally, when the third party signature platform performs CA synthesis, the method further includes:
and carrying out transparentization processing on the acquired handwritten signature by utilizing an image processing technology.
Further, in order to achieve the above object, the present invention provides an electronic signature authentication apparatus including a memory and a processor, the memory storing therein an electronic signature authentication program executable on the processor, the electronic signature authentication program implementing the steps of:
when electronic signature is needed, identity confirmation is carried out on a user, after the identity confirmation, an electronic signing and checking system is started, and a document signing flow is initiated to receive signature authentication of a signing person and/or the user;
when needing to sign on the electronic signing and checking system, further carrying out identity verification on the signing personnel and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signing personnel;
receiving the handwritten signature of the signer, generating a checking result signed document, summarizing the abstract of the signature information, and performing CA (certificate Authority) synthesis by a third-party signature platform;
receiving the handwritten signature of the user, generating a signature document of a confirmation check result, summarizing the signature information, and performing CA (certificate Authority) synthesis by a third-party signature platform;
and archiving the confirmation checking result signed document.
Optionally, the identity confirmation mode includes one or a combination of a face recognition mode and a short message verification mode.
Optionally, the face recognition method includes:
acquiring a face video image of a user or a signer;
extracting the face information and the posture action information of the user or the signer in the face video image;
comparing the acquired face information of the user with face identification information prestored in a database, and executing first authentication;
if the first authentication is successful, comparing the obtained gesture action information with gesture recognition information pre-stored in a database, and executing second authentication;
and if the second authentication is successful, confirming that the authentication is passed.
Optionally, the short message verification method includes:
prompting a user or a signer to input a mobile phone number and acquire a verification code in the electronic signature authentication device according to requirements;
generating a short message verification code according to rules, and sending the mobile phone number and the verification code content of a user or a signer to a verification code short message platform through a short message verification interface;
the short message platform of the identifying code submits the mobile phone number and the content of the identifying code to a server of a corresponding operator after judging;
the server of the operator issues the short message content to the mobile terminal of the user or the signer so as to input the received verification code into the electronic signature authentication device, and if the verification code is input correctly, the identity verification is displayed to be successful.
Furthermore, to achieve the above object, the present invention also provides a computer readable storage medium having stored thereon an electronic signature authentication program executable by one or more processors to implement the steps of the electronic signature authentication method as described above.
The electronic signature authentication method, the electronic signature authentication device and the computer readable storage medium provided by the invention are used for confirming the identity of a user, and after the identity is confirmed, an electronic signing and checking system is started to initiate a document signing flow; when needing to sign on the electronic signing and checking system, further carrying out identity verification on the signing personnel and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signing personnel; receiving the handwritten signature of the signer, generating a checking result signed document, summarizing the abstract of the signature information, and performing CA synthesis by a third-party signature platform; receiving a handwritten signature of a user, generating a check result and signing a document, summarizing the summary of signature information, and performing CA synthesis by a third-party signature platform; the signed document is archived. Therefore, the invention can realize the high efficiency and the transparence of signature confirmation in the law enforcement process.
Drawings
Fig. 1 is a schematic flowchart of an electronic signature authentication method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an internal structure of an electronic signature authentication apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram illustrating an electronic signature authentication procedure in an electronic signature authentication apparatus according to an embodiment of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides an electronic signature authentication method. Fig. 1 is a schematic flow chart of an electronic signature authentication method according to an embodiment of the present invention. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the electronic signature authentication method includes:
s1, when electronic signature is needed, the mobile terminal confirms the identity of a user, and after the identity is confirmed, the electronic signing and checking system is started, and a document signing flow is initiated to receive signature authentication of a signing person and/or the user.
The preferred embodiment of the invention can confirm the identity of the user by face recognition, short message verification and other modes.
When the identity is confirmed by adopting a face recognition mode, the preferred embodiment of the invention mainly comprises the following steps: firstly, a mobile terminal acquires a face video image of a user, such as a law enforcement officer; secondly, the mobile terminal extracts information, and extracts face information, gesture action information, head action information, limb action information, eye action and other posture action information of the user in the face video image; thirdly, comparing the obtained face information of the user with face identification information of the user stored in a database in advance, and if the identity verification is successful, further executing a gesture action comparison step; fourthly, the acquired gesture action information is compared with gesture identification information stored in a database in advance, if the comparison is successful, an identity verification passing step is executed, and the accuracy of the system is effectively improved through double verification of the face and the gesture.
When the identity is confirmed by short message verification, the preferred embodiment of the invention mainly comprises the following steps: firstly, a mobile terminal prompts a user, such as a law enforcement officer, inputs a mobile phone number according to requirements, and clicks a button for acquiring a verification code; secondly, the mobile terminal background system generates a short message verification code according to rules and sends the mobile phone number and the verification code content of the user to a verification code short message platform through a short message verification interface; thirdly, after the short message platform of the verification code is subjected to a series of judgments and passes (whether the content is in compliance, whether the mobile phone number is in compliance, and the operator to which the mobile phone number belongs), the short message platform of the verification code submits information to a server of a corresponding operator; fourthly, the server of the operator sends the short message content to the mobile terminal of the user; fifthly, the law enforcement officer inputs the received verification code into the mobile terminal, and if the input is correct, the authentication is displayed to be successful.
And S2, when the signer signs in the electronic signing and checking system, further performing identity verification on the signer, and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signer.
The preferred embodiment of the invention can also carry out identity verification on the signer through single or multi-factor verification modes such as short message verification, face recognition and the like.
After the interface of the document signing process is initiated in the step S1, the document signer needs to perform identity verification again in single or multi-factor verification modes such as short message verification, face recognition and the like, that is, identity verification is performed in single or multi-factor verification modes such as short message verification, face recognition and the like in both the login and document signing links of the electronic signing and checking system in the mobile terminal, and the document signing of the inspection result can be performed only after double verification is passed, so that the safety of the related document is effectively ensured by the double verification mode.
After the identity of the signer is verified, the preferred embodiment of the invention uses the identity information of the signer to make a CA certificate through a third party signature platform. The CA certificate is mainly responsible for processing signer information, handwritten signature information, signature document information and signature video information, packaging the information into a special extension item of the digital certificate, and completing packaging of PKCS10 certificate application according to the extension item. And the mobile terminal sends the package to a digital certificate issuing organization for issuing, and analyzes the digital certificate issuing organization to return the issued digital certificate chain.
And S3, receiving the handwritten signature of the signer, generating a checking result signature document, summarizing the summary of the signature information, and performing CA synthesis by a third-party signature platform.
After the CA certificate is manufactured, when the mobile terminal needs to sign the inspection document result, whether the mobile terminal is allowed to load the signature of the inspection document result or not is judged according to the preset CA certificate. If the verification is successful, the signer can confirm the document of the inspection result in the mobile terminal, and if the verification is correct, the signer needs to perform hand-written signature to generate the signed document of the inspection result, summarize the signature information, and perform CA synthesis by a third-party signature platform.
When the third party signature platform carries out CA synthesis, the acquired handwritten signature image can be subjected to transparentization processing by utilizing an image processing technology. In an electronic signature system, in order to make the addition of the handwritten data of a signer to a layout document more realistic, a transparency process is generally performed on a handwritten image. In common image formats, the GIF and PNG formats can better support the transparentization processing operation, and the PNG format picture is used as a handwriting signature handwriting image in the design.
In the invention, in the process of generating the certificate, the fingerprint and the identity card information of the user do not need to be acquired, and the part of private information is not transmitted to a third party, so the private information of the user is not leaked. The handwritten signature of the user is stored in the digital certificate in an encryption mode, and verification is also performed in a ciphertext comparison mode, so that the safety of private signature information of the user is effectively guaranteed.
And S4, receiving the handwritten signature of the user, generating a signature document of a confirmation check result, summarizing the summary of the signature information, and performing CA (certificate Authority) synthesis by a third-party signature platform.
And performing handwritten signature by a signer, generating an inspection result signature document, performing handwritten signature by a user, such as a law enforcement officer, generating a check result signature document, further performing summary of signature information, and performing CA synthesis by a third party signature platform.
Because the signer has the possibility of being intercepted by an attacker when applying for the certificate to the CA, the preferred embodiment of the invention can use the hash value of the handwritten handwriting image of the signer to replace the plaintext of the handwritten signature picture for applying for the certificate. Since an attacker cannot recover the handwritten signature picture of the signer from the application data, the attacker cannot be directly used for forging the signature.
Furthermore, considering that an attacker can only need the signature value of the handwriting image to apply for a certificate, and after normal document signing is finished, the handwriting image of the user is acquired from the signed document, so that illegal signature documents are packaged and forged. In this case, the public key of the signer is used to encrypt the hash value of the handwriting image to obtain the secret value of the handwriting image, and the encrypted value is used to apply for the certificate. The design can lead the authentication of the CA to be obtained after the handwriting image information is bound with the key pair used by the signature. Before the signature activity is completed, an attacker cannot acquire the handwriting image information of the user, related handwriting information cannot be forged for certificate application, and the attacker cannot implement similar attack in the signature process. And because the handwriting image is uniquely bound with the public key used by the signature, the uniqueness of the handwriting image is further confirmed.
And S5, archiving the signed document of the confirmation and inspection result, and facilitating later-stage query and management.
After the checking result document is signed to generate a signature document according to the steps, corresponding archiving operation can be carried out so as to facilitate inquiry and related management work in the later law enforcement process.
The invention also provides an electronic signature authentication device. Fig. 2 is a schematic diagram of an internal structure of an electronic signature authentication apparatus according to an embodiment of the present invention.
In the present embodiment, the electronic signature authentication apparatus 1 may be a PC (Personal Computer), or may be a terminal device such as a smartphone, a tablet Computer, or a mobile Computer. The electronic signature authentication apparatus 1 includes at least a memory 11, a processor 12, a communication bus 13, and a network interface 14.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 11 may be an internal storage unit of the electronic signature authentication apparatus 1 in some embodiments, such as a hard disk of the electronic signature authentication apparatus 1. The memory 11 may also be an external storage device of the electronic signature authentication apparatus 1 in other embodiments, such as a plug-in hard disk provided on the electronic signature authentication apparatus 1, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic signature authentication apparatus 1. The memory 11 may be used not only to store application software installed in the electronic signature authentication apparatus 1 and various types of data, such as a code of the electronic signature authentication program 01, but also to temporarily store data that has been output or is to be output.
Processor 12, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, is configured to execute program codes or process data stored in memory 11, such as executing electronic signature authentication program 01.
The communication bus 13 is used to realize connection communication between these components.
The network interface 14 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), typically used to establish a communication link between the apparatus 1 and other electronic devices.
Optionally, the apparatus 1 may further comprise a user interface, which may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and an optional user interface which may also comprise a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display may also be referred to as a display screen or a display unit as appropriate, among others, for displaying information processed in the electronic signature authentication apparatus 1 and for displaying a visualized user interface.
Fig. 2 shows only the electronic signature authentication apparatus 1 having the components 11 to 14 and the electronic signature authentication program 01, and those skilled in the art will appreciate that the structure shown in fig. 1 does not constitute a limitation of the electronic signature authentication apparatus 1, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
In the embodiment of the apparatus 1 shown in fig. 2, an electronic signature authentication program 01 is stored in the memory 11; the processor 12 implements the following steps when executing the electronic signature authentication program 01 stored in the memory 11:
step one, when electronic signature is needed, the electronic signature authentication device confirms the identity of a user, and after the identity is confirmed, the electronic signature and check system is started, and a document signing flow is initiated to receive signature authentication of a signer and/or the user.
The preferred embodiment of the invention can confirm the identity of the user by face recognition, short message verification and other modes.
When the identity is confirmed by adopting a face recognition mode, the preferred embodiment of the invention mainly comprises the following steps: firstly, an electronic signature authentication device acquires a face video image of a user, such as a law enforcement officer; secondly, the electronic signature authentication device extracts information, and extracts face information, gesture action information, head action information, limb action information, eye action and other posture action information of a user in the face video image; thirdly, a face comparison step, in which the obtained face information of the user is compared with face identification information of the user stored in a database in advance, and if the identity verification is successful, a gesture action comparison step is further executed; fourthly, the acquired gesture action information is compared with gesture identification information stored in a database in advance, if the comparison is successful, an identity verification passing step is executed, and the accuracy of the system is effectively improved through double verification of the face and the gesture.
When the short message verification mode is adopted for identity confirmation, the preferred embodiment of the invention mainly comprises the following steps: firstly, the electronic signature authentication device prompts a user, such as law enforcement personnel, to input a mobile phone number in the electronic signature authentication device according to requirements, and clicks a button for acquiring a verification code; secondly, the background system of the electronic signature authentication device generates a short message verification code according to rules and sends the mobile phone number and the verification code content of the user to a verification code short message platform through a short message verification interface; thirdly, after a series of judgment and passing of the verification code short message platform (whether the content is in compliance, whether the mobile phone number is in compliance, and the operator to which the mobile phone number belongs), the verification code short message platform submits the information to a server of a corresponding operator; fourthly, the server of the operator sends the short message content to the mobile terminal of the user; fifthly, the law enforcement officer inputs the received verification code into the electronic signature authentication device, and if the verification code is correctly input, the identity verification is successful.
And step two, when the signer needs to sign in the electronic signing and checking system, further performing identity verification on the signer, and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signer.
The preferred embodiment of the invention can also carry out identity verification on the signer through single or multi-factor verification modes such as short message verification, face recognition and the like.
After the interface of the document signing flow is initiated in the first step, the document signing personnel needs to perform identity verification again through single or multi-factor verification modes such as short message verification, face recognition and the like, namely, the single or multi-factor verification modes such as short message verification, face recognition and the like are needed to perform identity verification in both the login and document signing links of the electronic signature verification system in the electronic signature authentication device, the signature of the check result document can be performed after the double verification is passed, and the safety of the related document is effectively ensured through the double verification mode.
After the identity of the signer is verified, the preferred embodiment of the invention uses the identity information of the signer to make a CA certificate through a third party signature platform. The CA certificate is mainly responsible for processing signer information, handwritten signature information, signature document information and signature video information, packaging the information into a special extension item of the digital certificate, and completing packaging of PKCS10 certificate application according to the extension item. And the electronic signature authentication device sends the package to a digital certificate issuing organization for issuing, and analyzes the digital certificate issuing organization to return the issued digital certificate chain.
And step three, receiving the handwritten signature of the signer, generating a checking result signature document, summarizing the signature information, and performing CA synthesis by a third-party signature platform.
After the CA certificate is manufactured, when the electronic signature authentication device needs to sign the inspection document result, whether the electronic signature authentication device is allowed to load the signature of the inspection document result or not is judged according to a preset CA certificate. If the verification is successful, the signer can confirm the checking result document in the electronic signature authentication device, and if the verification is correct, the signer needs to perform hand-written signature to generate the checking result signed document, summarize the signature information, and perform CA synthesis by a third-party signature platform.
When the third party signature platform carries out CA synthesis, the acquired handwritten signature image can be subjected to transparentization processing by utilizing an image processing technology. In an electronic signature system, in order to make the addition of the handwritten data of a signer to a layout document more realistic, a transparency process is generally performed on a handwritten image. In common image formats, the GIF and PNG formats can better support the transparentization processing operation, and in the design, the picture in the PNG format is used as a handwriting image of the handwritten signature.
In the invention, in the process of generating the certificate, the fingerprint and the identity card information of the user do not need to be acquired, and the part of private information is not transmitted to a third party, so the private information of the user is not leaked. The handwritten signature of the user is stored in the digital certificate in an encryption mode, and verification is also performed in a ciphertext comparison mode, so that the safety of private signature information of the user is effectively guaranteed.
And step four, receiving the handwritten signature of the user, generating a signature document of the checking result, summarizing the abstract of the signature information, and carrying out CA synthesis by a third-party signature platform.
And after the signer performs handwritten signature, generates a check result signature document, the user, such as a law enforcement officer performs handwritten signature, generates a check result signature document, further performs summary collection on the signature information, and performs CA synthesis on a third-party signature platform.
Because the signer has the possibility of being intercepted by an attacker when applying for the certificate to the CA, the preferred embodiment of the invention can use the hash value of the handwritten handwriting image of the signer to replace the plaintext of the handwritten signature image for applying for the certificate. Since an attacker cannot recover the handwritten signature picture of the signer from the application data, the attacker cannot be directly used for forging the signature.
Furthermore, considering that an attacker can only need the signature value of the handwriting image to apply for a certificate, and after normal document signing is finished, the handwriting image of the user is acquired from the signed document, so that illegal signature documents are packaged and forged. In this case, the public key of the signer is used to encrypt the hash value of the handwriting image to obtain the secret value of the handwriting image, and the encrypted value is used to apply for the certificate. The design can ensure that the authentication of the CA is obtained after the handwriting image information and the key pair used by the signature are bound. Before the signing activity is finished, an attacker cannot acquire handwriting image information of a user, related handwriting information cannot be forged for certificate application, and the attacker cannot implement similar attack in the signing process. And because the handwriting image is uniquely bound with the public key used by the signature, the uniqueness of the handwriting image is further confirmed.
And fifthly, archiving the signed document of the confirmation and inspection result, and facilitating later-stage query and management.
After the checking result document is signed to generate a signature document according to the steps, corresponding archiving operation can be carried out so as to facilitate inquiry and related management work in the later law enforcement process.
Alternatively, in other embodiments, the electronic signature authentication program may be further divided into one or more modules, and the one or more modules are stored in the memory 11 and executed by one or more processors (in this embodiment, the processor 12) to implement the present invention.
For example, referring to fig. 3, a schematic diagram of program modules of an electronic signature authentication program in an embodiment of the electronic signature authentication apparatus of the present invention is shown, in which the electronic signature authentication program may be divided into a first identity verification module 10, a second identity verification module 20, an inspection result generation module 30, a verification inspection result generation module 40, and an archive module 50, and exemplarily:
the first identity confirmation module 10 is configured to: when electronic signature is needed, the electronic signature authentication device confirms the identity of the user, and after the identity is confirmed, the electronic signing and checking system is started, and a document signing flow is initiated.
The second identity confirmation module 20 is configured to: when needing the signer to sign in the electronic signing and checking system, further carrying out identity verification on the signer and receiving a CA certificate which is made by a third party signature platform by using the identity information of the signer.
Optionally, the identity confirmation mode includes a face recognition mode and a short message verification mode.
Optionally, the face recognition method includes:
acquiring a face video image of a user or a signer;
extracting the face information and the posture action information of the user or the signer in the face video image;
comparing the acquired face information of the user with face identification information prestored in a database, and executing primary identity authentication;
if the first authentication is successful, comparing the acquired gesture action information with gesture identification information prestored in a database, and executing second authentication;
and if the second authentication is successful, confirming that the authentication is passed.
Optionally, the short message verification method includes:
prompting a user or a signer to input a mobile phone number and acquire a verification code in the electronic signature authentication device according to requirements;
generating a short message verification code according to rules, and sending the mobile phone number and the verification code content of a user or a signing person to a verification code short message platform through a short message verification interface;
the short message platform of the identifying code submits the mobile phone number and the content of the identifying code to a server of a corresponding operator after judging;
the server of the operator issues the short message content to the mobile terminal of the user or the signer so as to input the received verification code into the electronic signature authentication device, and if the verification code is input correctly, the identity verification is displayed to be successful.
Optionally, the gesture motion information comprises gesture motion information, head motion information, limb motion information and eye motion.
The inspection result generation module 30 is configured to: receiving the handwritten signature of the signer, generating a checking result signed document, summarizing the summary of the signature information, and carrying out CA synthesis by a third party signature platform.
The confirmation check result generation module 40 is configured to: receiving the handwritten signature of the user, generating a signature document of a confirmation check result, summarizing the summary of the signature information, and carrying out CA synthesis by a third-party signature platform.
Optionally, when the third party signature platform performs CA synthesis, the method further includes: and carrying out transparentization processing on the acquired handwritten signature by utilizing an image processing technology.
The archive module 50 is configured to: and the signed document is archived, so that later inquiry and management are facilitated.
The functions or operation steps of the first identity confirmation module 10, the second identity confirmation module 20, the inspection result generation module 30, the confirmation inspection result generation module 40, and the archive module 50 when executed are substantially the same as those of the above embodiments, and are not described herein again.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, where an electronic signature authentication program is stored on the computer-readable storage medium, where the electronic signature authentication program is executable by one or more processors to implement the following operations:
when electronic signature is needed, the mobile terminal confirms the identity of a user, and after the identity is confirmed, the electronic signing system is started, and a document signing flow is initiated to receive signature authentication of a signing personnel and/or the user;
when needing to sign a signature in the electronic signing and checking system, further carrying out identity verification on a signer, and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signer;
receiving the handwritten signature of the signer, generating a checking result signed document, summarizing the abstract of the signature information, and performing CA (certificate Authority) synthesis by a third-party signature platform;
receiving the handwritten signature of the user, generating a check result and signature document, summarizing the summary of the signature information, and performing CA synthesis by a third-party signature platform;
and archiving the confirmation checking result signed document.
The embodiment of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the electronic signature authentication apparatus and method, and will not be described in detail herein.
It should be noted that, the above numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one of 8230, and" comprising 8230does not exclude the presence of additional like elements in a process, apparatus, article, or method comprising the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (9)

1. An electronic signature authentication method, applied to a mobile terminal, includes:
when electronic signature is needed, the mobile terminal confirms the identity of a user, and after the identity is confirmed, the electronic signing system is started, and a document signing flow is initiated to receive signature authentication of a signing personnel and/or the user;
when needing to sign on the electronic signing and checking system, further carrying out identity verification on the signing personnel and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signing personnel;
when a document result is signed, judging whether to load and check the signature of the document result according to the CA certificate, if the loading and checking are successful, receiving the handwritten signature of a signer, generating a signed document of the check result, summarizing the signature information, carrying out CA synthesis by a third-party signature platform, carrying out transparentization processing on the acquired handwritten signature by using an image processing technology, and adding handwriting data of the handwritten signature to the signed document;
receiving the handwritten signature of the user, generating a signed document of a confirmation check result, summarizing signature information, performing CA (certification authority) synthesis by a third-party signature platform, performing transparentization processing on the acquired handwritten signature by using an image processing technology, and adding handwriting data of the handwritten signature to the signed document;
and archiving the confirmation checking result signed document.
2. The electronic signature authentication method as claimed in claim 1, wherein the identity confirmation mode comprises one or a combination of a face recognition mode and a short message verification mode.
3. The electronic signature authentication method of claim 2, wherein the face recognition mode comprises:
acquiring a face video image of a user or a signer;
extracting the face information and the posture action information of the user or the signer in the face video image;
comparing the acquired face information of the user with face identification information prestored in a database, and executing primary identity authentication;
if the first authentication is successful, comparing the acquired gesture action information with gesture identification information prestored in a database, and executing second authentication;
and if the second authentication is successful, confirming that the authentication is passed.
4. The electronic signature authentication method of claim 2, wherein the short message verification means comprises:
prompting a user or a signer to input a mobile phone number and acquire a verification code in the mobile terminal according to requirements;
generating a short message verification code according to rules, and sending the mobile phone number and the verification code content of a user or a signing person to a verification code short message platform through a short message verification interface;
the verification code short message platform submits the mobile phone number and the verification code content to a server of a corresponding operator after judging;
the server of the operator sends the short message content to the mobile terminal of the user or the signer, so that the received verification code is input into the mobile terminal, and if the verification code is input correctly, the identity verification is displayed to be successful.
5. An electronic signature authentication apparatus, comprising a memory and a processor, the memory having stored thereon an electronic signature authentication program operable on the processor, the electronic signature authentication program when executed by the processor implementing the steps of:
when electronic signature is needed, the identity of a user is confirmed, and after the identity is confirmed, an electronic signing system is started, and a document signing flow is initiated to receive signature authentication of a signing personnel and/or the user;
when needing to sign on the electronic signing and checking system, further carrying out identity verification on the signing personnel and receiving a CA certificate which is made by a third-party signature platform by using the identity information of the signing personnel;
when a document result is signed, judging whether to load and check the signature of the document result according to the CA certificate, if the loading and checking are successful, receiving the handwritten signature of a signer, generating a signed document of the check result, summarizing the signature information, carrying out CA synthesis by a third-party signature platform, carrying out transparentization processing on the acquired handwritten signature by using an image processing technology, and adding handwriting data of the handwritten signature to the signed document;
receiving the handwritten signature of the user, generating a signed document of a confirmation check result, summarizing signature information, performing CA (certification authority) synthesis by a third-party signature platform, performing transparentization processing on the acquired handwritten signature by using an image processing technology, and adding handwriting data of the handwritten signature to the signed document;
and archiving the confirmation checking result signed document.
6. The electronic signature authentication device as claimed in claim 5, wherein the identity confirmation mode comprises one or a combination of a face recognition mode and a short message verification mode.
7. The electronic signature authentication device as claimed in claim 6, wherein said face recognition means comprises:
acquiring a face video image of a user or a signer;
extracting the face information and the posture action information of the user or the signer in the face video image;
comparing the acquired face information of the user with face identification information prestored in a database, and executing primary identity authentication;
if the first authentication is successful, comparing the obtained gesture action information with gesture recognition information pre-stored in a database, and executing second authentication;
and if the second authentication is successful, confirming that the authentication is passed.
8. The electronic signature authentication device as claimed in claim 6, wherein the short message verification means comprises:
prompting a user or a signer to fill in a mobile phone number in the electronic signature authentication device according to requirements and obtain a verification code;
generating a short message verification code according to rules, and sending the mobile phone number and the verification code content of a user or a signing person to a verification code short message platform through a short message verification interface;
the short message platform of the identifying code submits the mobile phone number and the content of the identifying code to a server of a corresponding operator after judging;
the server of the operator issues the short message content to the mobile terminal of the user or the signer so as to input the received verification code into the electronic signature authentication device, and if the verification code is input correctly, the identity verification is displayed to be successful.
9. A computer-readable storage medium having stored thereon an electronic signature authentication program executable by one or more processors to perform the steps of the electronic signature authentication method as claimed in any one of claims 1 to 4.
CN201910421930.7A 2019-05-21 2019-05-21 Electronic signature authentication method and device and computer readable storage medium Active CN110276588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910421930.7A CN110276588B (en) 2019-05-21 2019-05-21 Electronic signature authentication method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910421930.7A CN110276588B (en) 2019-05-21 2019-05-21 Electronic signature authentication method and device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110276588A CN110276588A (en) 2019-09-24
CN110276588B true CN110276588B (en) 2023-02-07

Family

ID=67959437

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910421930.7A Active CN110276588B (en) 2019-05-21 2019-05-21 Electronic signature authentication method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110276588B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464307B (en) * 2019-10-14 2023-03-07 高新兴科技集团股份有限公司 Method for acquiring electronic signature, computer storage medium and electronic device
CN113450199A (en) * 2020-03-25 2021-09-28 上海欧冶金融信息服务股份有限公司 System and method for quickly generating electronic guarantee letter
CN113890738A (en) * 2020-07-03 2022-01-04 中移互联网有限公司 Electronic signature method and device
CN112069257A (en) * 2020-09-03 2020-12-11 平安信托有限责任公司 Contract signing method, device, system and storage medium
CN112395579A (en) * 2020-11-13 2021-02-23 中国工商银行股份有限公司 Electronic signature generation method and device based on face recognition and cloud certificate
CN112597327A (en) * 2020-12-24 2021-04-02 交控科技股份有限公司 Work order system electronic signature checking method and system
CN112883351A (en) * 2021-02-04 2021-06-01 鹏元征信有限公司 Data authorization method, device, authorization platform and storage medium
CN113486316A (en) * 2021-06-30 2021-10-08 平安信托有限责任公司 User identity authentication method and device, electronic equipment and readable storage medium
CN114969690A (en) * 2022-04-22 2022-08-30 北京建科研软件技术有限公司 AI identification-based handwritten signature generation method for engineering materials
CN114900317A (en) * 2022-05-16 2022-08-12 西安云犀信息科技有限公司 Implementation mode of electronic signature

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591744A (en) * 2014-10-24 2016-05-18 金联汇通信息技术有限公司 Network real-name authentication method and system
CN106326946A (en) * 2016-08-12 2017-01-11 甘肃集优品网络科技有限公司 Administrative law enforcement electronic equipment for typing-in and confirmation of identity information of supervision object
CN108092779A (en) * 2018-01-05 2018-05-29 北京汇通金财信息科技有限公司 A kind of method and device for realizing electronic signature
CN109190347A (en) * 2018-08-17 2019-01-11 江苏诺安科技有限公司 A kind of electric endorsement method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127107A (en) * 2006-08-16 2008-02-20 鸿富锦精密工业(深圳)有限公司 Electronic document automatic signing system and method
AU2013251304B2 (en) * 2012-04-27 2018-12-20 Intralinks, Inc. Computerized method and system for managing networked secure collaborative exchange
US9596236B2 (en) * 2014-04-09 2017-03-14 Citrix Systems, Inc. Method for veryifying authorized signer for mobile device based document escrow service
CN108022194A (en) * 2017-11-28 2018-05-11 深圳市华德安科技有限公司 Law-enforcing recorder and its data safety processing method, server and system
CN109560934B (en) * 2018-10-25 2022-03-11 金蝶软件(中国)有限公司 Data tamper-proof method and device, computer equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105591744A (en) * 2014-10-24 2016-05-18 金联汇通信息技术有限公司 Network real-name authentication method and system
CN106326946A (en) * 2016-08-12 2017-01-11 甘肃集优品网络科技有限公司 Administrative law enforcement electronic equipment for typing-in and confirmation of identity information of supervision object
CN108092779A (en) * 2018-01-05 2018-05-29 北京汇通金财信息科技有限公司 A kind of method and device for realizing electronic signature
CN109190347A (en) * 2018-08-17 2019-01-11 江苏诺安科技有限公司 A kind of electric endorsement method

Also Published As

Publication number Publication date
CN110276588A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
CN110276588B (en) Electronic signature authentication method and device and computer readable storage medium
US10218506B1 (en) Cross-device authentication
US9992026B2 (en) Electronic biometric (dynamic) signature references enrollment method
US10692167B2 (en) System and method for digitally watermarking digital facial portraits
US10979421B2 (en) Identity authentication using a barcode
US9600690B2 (en) Secure access for sensitive digital information
CN107992759B (en) Apparatus, method and computer readable storage medium for implementing electronic seal
CN111581653A (en) Contract document signing method, device, equipment and computer readable storage medium
US10277402B2 (en) Digitally signing a document
WO2015188424A1 (en) Key storage device and method for using same
US20150063659A1 (en) System and Method for Digital Watermarking
CN110598433A (en) Anti-counterfeiting information processing method and device based on block chain
CN105812424A (en) Method and device used for checking electronic invoices
CN113486316A (en) User identity authentication method and device, electronic equipment and readable storage medium
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
CN111064578B (en) Data security reporting method and device and computer readable storage medium
US20120317639A1 (en) Biometric data system
CN102571341A (en) Authentication system and method based on dynamic image
CN113255505A (en) Certificate photo generation method, device, equipment and storage medium
CN111712831A (en) Signature method, system and/or device
CN113515767B (en) Interface request management method and device based on mixed mode mobile application
US11764970B2 (en) Method of verifying partial data based on collective certificate
CN103685148A (en) Security information interaction system, security information interaction device and security information interaction method
CN112446677B (en) Electronic signature method, device, equipment and storage medium
RU2787577C2 (en) Signing device and signing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220921

Address after: Room 2601 (Unit 07), Qianhai Free Trade Building, No. 3048, Xinghai Avenue, Nanshan Street, Qianhai Shenzhen-Hong Kong Cooperation Zone, Shenzhen, Guangdong 518000

Applicant after: Shenzhen Ping An Smart Healthcare Technology Co.,Ltd.

Address before: 1-34 / F, Qianhai free trade building, 3048 Xinghai Avenue, Mawan, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong 518000

Applicant before: Ping An International Smart City Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant