CN111092729A - Electronic signature and seal verification method and device - Google Patents
Electronic signature and seal verification method and device Download PDFInfo
- Publication number
- CN111092729A CN111092729A CN201811244968.3A CN201811244968A CN111092729A CN 111092729 A CN111092729 A CN 111092729A CN 201811244968 A CN201811244968 A CN 201811244968A CN 111092729 A CN111092729 A CN 111092729A
- Authority
- CN
- China
- Prior art keywords
- public key
- key certificate
- signature
- electronic
- seal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000008520 organization Effects 0.000 claims description 54
- 238000012545 processing Methods 0.000 claims description 15
- 239000000126 substance Substances 0.000 claims description 2
- 230000008569 process Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 8
- 239000000284 extract Substances 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention relates to the technical field of data security, in particular to a method and a device for electronic signature and seal verification, which are used for maintaining the authority of an electronic seal and improving the efficiency of tracing a signature operation executor. The embodiment of the invention comprises the following steps: acquiring a first data packet to be signed according to the electronic seal and the electronic file; acquiring a first signature result obtained by signing the first data packet to be signed by using a first private key; acquiring a second data packet to be signed at least according to the first signature result; acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key; and forming a signed electronic file with the electronic file by using the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method and a device for electronic signature and seal verification.
Background
In the network office process, a large number of electronic documents of official documents or certificates need to be electronically signed, and the essence of the electronic signature technology is image processing and digital signature, so that the digital signature is visualized, invisible cryptography is converted into familiar stamping operation, and the popularization and application of the digital signature in the network office are promoted.
At present, when electronic signature is carried out, only the identity certificate of the organization to which the electronic seal belongs or the personal identity certificate of the signature operation executor is used for carrying out digital signature on the electronic file, so that only one signature identity certificate information can be displayed when the digital signature (seal verification for short) is carried out on the signed electronic file.
If the identity certificate of the organization to which the electronic seal belongs is used during signature, the identity certificate information of the organization is displayed during verification of the digital signature. If the signature operator of the electronic document needs to be tracked, the current log must be searched in the original business system of the signature process of the electronic document. If the electronic file has been transferred to other business systems or electronically filed, the current actual signature operator needs to be tracked, and the cross-department and cross-system assistance is needed to complete the electronic file, which results in huge workload.
If the personal identity certificate of the operator is used in the signature, the personal identity certificate information of the signature operator is displayed when the digital signature is verified. For official documents or electronic documents such as certificates, unit or department electronic seals are stamped on the official documents or the certificates, but the official documents or the certificates are displayed as personal signature information, and the credibility of the electronic seals is greatly reduced no matter from the authority of the unit or department electronic seals or the common sense habits of people in the using process, so that the official documents or the certificates are not beneficial to popularization of network office.
Disclosure of Invention
The application provides an electronic signature and seal checking method and device, which are used for improving the efficiency of tracing signature operation executors while maintaining the authority of an electronic seal.
The electronic signature method provided by the embodiment of the invention comprises the following steps:
acquiring a first data packet to be signed according to the electronic seal and the electronic file;
acquiring a first signature result obtained by signing the first data packet to be signed by using a first private key;
acquiring a second data packet to be signed at least according to the first signature result;
acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key;
forming a signed electronic file with the electronic file by using the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
Optionally, the obtaining of the first to-be-signed data packet obtained according to the electronic seal and the electronic file includes:
the client obtains the first data packet to be signed according to the electronic seal and the electronic file, and sends the first data packet to be signed to a server;
acquiring a first signature result obtained by signing the first data packet to be signed by using a first private key, wherein the first signature result comprises the following steps:
the client receives a first signature result sent by the server, wherein the first signature result is obtained by the server signing the first data packet to be signed by using a private key of a unit organization;
acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key, wherein the second signature result comprises the following steps:
the client signs the second data packet to be signed by using a private key of a signature operator to obtain a second signature result; the second data packet to be signed is obtained at least according to the first signature result;
forming a signed electronic file with the electronic file by using the electronic seal, the first public key certificate corresponding to the first private key, the first signature result, the second public key certificate corresponding to the second private key, and the second signature result, including:
and the client forms the signature electronic file with the electronic file by using the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the signature operator and the second signature result.
Optionally, before the client receives the first signature result sent by the server, the method further includes:
the server receives the electronic seal and the signature operator public key certificate sent by the client;
the server side carries out seal authority matching according to the electronic seal and the signature operator public key certificate;
if the matching result meets the seal using requirement of the electronic seal, executing the step of signing the first data packet to be signed by using the private key of the unit organization to obtain a first signature result;
otherwise, the electronic signature is terminated.
Optionally, before the obtaining of the first to-be-signed data packet obtained according to the electronic seal and the electronic file, the method further includes:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
The embodiment of the invention also provides an electronic seal verification method, which is suitable for the electronic signature file obtained by the method, and the method comprises the following steps:
the client acquires the signature electronic file;
the client calls the first public key certificate to verify the first signature result, and calls the second public key certificate to verify the second signature result;
if the verification is successful, the client sends the first public key certificate, the second public key certificate and the electronic seal to a server so that the server matches the first public key certificate, the second public key certificate, the electronic seal and a record in the server;
the client displays the first public key certificate and the second public key certificate after receiving a matching success message sent by the server;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
An embodiment of the present invention further provides an electronic signature apparatus, including:
the processing unit is used for obtaining a first data packet to be signed according to the electronic seal and the electronic file;
the first signature unit is used for signing the first data packet to be signed by using a first private key to obtain a first signature result;
the processing unit is further used for obtaining a second data packet to be signed at least according to the first signature result;
the second signature unit is used for signing the second data packet to be signed by using a second private key to obtain a second signature result;
the signature unit is used for forming a signature electronic file with the electronic file by utilizing the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
Optionally, the apparatus further includes a verification unit, configured to:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
The embodiment of the invention also provides an electronic seal verification device, which is suitable for the electronic signature file obtained by the method, and the device comprises:
the receiving and sending unit is used for acquiring the electronic signature file;
the verification unit is used for calling the first public key certificate to verify the first signature result and calling the second public key certificate to verify the second signature result;
the receiving and sending unit is further configured to send the first public key certificate, the second public key certificate, and the electronic seal to a server, so that the server matches the first public key certificate, the second public key certificate, the electronic seal, and a record in the server;
a display unit configured to display the first public key certificate and the second public key certificate;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
An embodiment of the present invention further provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of the above embodiments.
Embodiments of the present invention also provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of any one of the above embodiments.
In the embodiment of the invention, a first data packet to be signed is determined according to an electronic seal and an electronic file, a first signature result obtained by signing the first data packet to be signed by using a first private key is obtained at least according to the first signature result, a second data packet to be signed is obtained by signing the second data packet to be signed by using a second private key, and a signature electronic file is formed by using the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result with the electronic file. The first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or the first public key certificate is a signature operator public key certificate, and the second public key certificate is a unit authority public key certificate. The embodiment of the invention simultaneously signs the electronic document by using the public key certificate of the organization and the public key certificate of the signing operator of the electronic seal. When the seal is verified, the unit mechanism to which the electronic seal belongs can be verified, and the personal identity of the signature operator can be directly tracked without inquiring the original business system to trace the personal identity of the electronic signature operator. Therefore, the efficiency of tracing signature operators is improved and the workload is reduced while the authority of electronic signature is ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a system architecture suitable for use with the present invention;
FIG. 2 is a schematic flow chart illustrating an electronic signature method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating an electronic signature method according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating an electronic signature method according to a second embodiment of the present invention;
FIG. 5 is a schematic structural diagram of an electronic signature device according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of an electronic seal verification apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A system architecture applicable to the embodiment of the present invention, as shown in fig. 1, includes a server 101, a signature client 102, and a signature verification client 103. The server 101 is a server of a unit organization to which the electronic seal belongs.
The signature client 102 is installed on the first terminal 104, and the signature verification client 103 is installed on the second terminal 105. The first terminal 104 and/or the second terminal 105 may be an electronic device with a wireless communication function, such as a mobile phone, a tablet computer, or a dedicated handheld device, or may be a device connected to the internet in a wired access manner, such as a Personal Computer (PC), a notebook computer, or a server. It should be noted that the signing client 102 and the seal verification client 103 may be the same client, that is, the same client can both sign and verify the electronic file. The signing client 102 and the verification client 103 may also be different clients, that is, one client signs the electronic file and the other client verifies the signed electronic file.
The server 101 may be a network device such as a computer. The server 101 may be an independent device or a server cluster formed by a plurality of servers. Preferably, the server 101 may perform information processing by using a cloud computing technology.
The signature client 102 and/or the signature verification client 103 may communicate with the server 101 through an INTERNET network, or may communicate with the server 101 through a Global System for Mobile Communications (GSM), a Long Term Evolution (LTE) System, and other Mobile communication systems.
The embodiment of the invention provides an electronic signature method. As shown in fig. 2, the method for classifying texts of medical records according to the embodiment of the present invention includes the following steps:
And 204, acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key.
The first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
In the embodiment of the invention, a first data packet to be signed is determined according to an electronic seal and an electronic file, a first signature result obtained by signing the first data packet to be signed by using a first private key is obtained at least according to the first signature result, a second data packet to be signed is obtained by signing the second data packet to be signed by using a second private key, and a signature electronic file is formed by using the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result and the electronic file. The first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or the first public key certificate is a signature operator public key certificate, and the second public key certificate is a unit authority public key certificate. The embodiment of the invention simultaneously signs the electronic document by using the public key certificate of the organization and the public key certificate of the signing operator of the electronic seal. When the seal is verified, the unit mechanism to which the electronic seal belongs can be verified, and the personal identity of the signature operator can be directly tracked without inquiring the original business system to trace the personal identity of the electronic signature operator. Therefore, the efficiency of tracing signature operators is improved and the workload is reduced while the authority of electronic signature is ensured.
In order to adapt to electronic files with different formats, embodiments of the present invention do not limit the storage manner of the first signature result and the second signature result in the electronic file, and the first signature result and the second signature result may be separately stored at different locations of the electronic file, or the first signature result and the second signature result may be packaged and stored at the same location of the electronic file, or the first signature result and the second signature result may be encoded to form a group of data for storage.
In the above steps 201 to 205, the first data packet to be signed may be signed by using a private key of a signature operator, and the second data packet to be signed may be signed by using a private key of a unit organization; or the private key of the organization is used for signing the first data packet to be signed, and the private key of the signature operator is used for signing the second data packet to be signed. These two embodiments are described separately below.
In the first embodiment, signing the first data packet to be signed by using the private key of the signature operator, and signing the second data packet to be signed by using the private key of the organization, as shown in fig. 3, includes:
step 301, the client obtains a first data packet to be signed according to the electronic seal and the electronic file.
Step 302, the client signs the first data packet to be signed by using the private key of the signature operator to obtain a first signature result.
And step 303, the client obtains a second data packet to be signed at least according to the first signature result.
And step 304, the client sends the second data packet to be signed to the server.
And 305, the server signs the second data packet to be signed by using the private key of the unit organization to obtain a second signature result.
And step 306, the server sends the second signature result to the client.
And 307, the client forms the signed electronic file with the electronic file by using the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the signing operator and the second signature result.
In a second embodiment, signing the first data packet to be signed by using the private key of the organization, and signing the second data packet to be signed by using the private key of the signature operator, as shown in fig. 4, includes:
step 401, the client obtains a first data packet to be signed according to the electronic seal and the electronic file.
Step 402, the client sends the first data packet to be signed to the server.
And 403, the server signs the first data packet to be signed by using the private key of the organization to obtain a first signature result.
Step 404, the server sends the first signature result to the client.
Step 405, the client obtains a second data packet to be signed at least according to the first signature result.
And step 406, the client signs the second data packet to be signed by using the private key of the signature operator to obtain a second signature result.
Step 407, the client forms the signed electronic file with the electronic file by using the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the signing operator and the second signature result.
Preferably, in order to ensure the correctness and the safety of the electronic seal, the embodiment of the invention also verifies the electronic seal. Before the step 201 obtains the first to-be-signed data packet obtained according to the electronic seal and the electronic file, the method further includes:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
Specifically, the client reads and parses the electronic seal, and extracts a seal maker public key certificate and a seal maker digital signature value. The authenticity of the electronic seal is verified by the digital signature value of the seal maker, and the digital signature value of the seal maker is verified by the public key certificate of the seal maker. If the verification is successful, the electronic seal is true, and the step of obtaining the first data packet to be signed according to the electronic seal and the electronic file is continuously executed. If the decryption fails, the electronic seal is not true, and the signature process is terminated.
In order to further ensure the safety of the electronic seal, the service end in the embodiment of the invention verifies the seal using authority of a signature operator. Before the client receives the first signature result sent by the server, the method further includes:
the server receives the electronic seal and the signature operator public key certificate sent by the client;
the server side carries out seal authority matching according to the electronic seal and the signature operator public key certificate;
if the matching result meets the seal using requirement of the electronic seal, executing the step of signing the first data packet to be signed by using the private key of the unit organization to obtain a first signature result;
otherwise, the electronic signature is terminated.
Specifically, in the embodiment of the present invention, the client analyzes the electronic seal and extracts the electronic seal to obtain the seal information such as the unique seal identification code, the seal picture data, and the seal name, and then the client sends the seal information to the server, or the client directly sends the electronic seal to the server, and the server analyzes the electronic seal to obtain the seal information such as the unique seal identification code, the seal picture data, and the seal name. And then, the server side matches the seal information such as the unique identification code of the electronic seal, the seal picture data, the seal name and the like with the public key certificate of the signature operator. If the matching result meets the seal using requirement of the electronic seal, executing the subsequent signature step, otherwise, terminating the electronic signature.
In the above steps 301 to 307 and steps 401 to 407, the private key of the organization is stored in the server, and the private key of the signature operator is stored in the client. In addition, it should be noted that, in the embodiment of the present invention, storage locations of the private key of the organization and the private key of the signature operator are not limited. For example, a private key of a unit organization and a private key of a signature operator may also be stored in the client, at this time, the client does not need to send the first data packet to be signed or the second data packet to be signed to the server, and the client signs the first data packet to be signed or the second data packet to be signed directly by using the private key of the unit organization.
The embodiment of the invention also checks the signed electronic file, and comprises the following steps:
the client acquires the signature electronic file;
the client calls the first public key certificate to verify the first signature result, and calls the second public key certificate to verify the second signature result;
if the verification is successful, the client sends the first public key certificate, the second public key certificate and the electronic seal to a server so that the server matches the first public key certificate, the second public key certificate, the electronic seal and a record in the server;
and after receiving the matching success message sent by the server, the client displays the first public key certificate and the second public key certificate.
The first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or the first public key certificate is a signature operator public key certificate, and the second public key certificate is a unit authority public key certificate.
Specifically, the client analyzes the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the signature operator and the second signature result from the signature electronic file. In the embodiment of the invention, the public key certificate of the organization and the public key certificate of the signature operator are used for respectively verifying and signing the first signature result and the second signature result. The first signature result and the second signature result may be stored in plaintext or ciphertext, and if the first signature result and the second signature result are stored in ciphertext, the first signature result and the second signature result need to be decrypted first. And if the verification is successful, the client sends the public key certificate of the single-position organization, the public key certificate of the signature operator and the electronic seal to the server. After the server signs the electronic file, the signature information of each time is recorded and stored. And after receiving the seal verification request of the client, the server responds and processes the seal verification request of the client, matches the public key certificate of the organization, the public key certificate of the signature operator and the electronic seal with the record stored in the server, and feeds back the matching result to the client. If the matching is successful, the client displays the result of correct seal verification to the user of the seal verification, and displays the public key certificate of the organization and the public key certificate of the signature operator. And if the seal checking process fails, the client displays the seal checking failure result to the user for checking the seal.
In order to more clearly understand the present invention, the following describes the flow of the electronic signature in detail by using a third specific embodiment. In the third embodiment, the electronic signature process is completed by the signature client and the server.
The signature client consists of a signature component module and a client storage module. The client storage module is responsible for providing service for using the public key certificate of the signature operator, and the service comprises services such as PIN codes, public key export, digital signature and the like, and is called by the signature component module. The signature component module is responsible for processing electronic seals and electronic files, calling the client storage module and interacting information with the electronic signature server.
The server side is composed of a seal management module and a server side storage module. The seal management module is responsible for responding and processing the operation request sent by the signature component module and returning the processing result to the signature component module. The server storage module is responsible for providing service of a public key certificate of a unit institution to which the electronic seal belongs, and the service comprises services such as PIN codes, public key export, digital signature and the like, and is called by the seal management module.
The third embodiment comprises the following specific steps:
and step 501, the signature component module calls the client storage module after the PIN code is successfully verified.
Step 502, the signature component module reads and analyzes the electronic seal, and extracts the unique seal identification code, the seal picture data, the seal name, the seal valid time, the signature operator public key certificate, the seal maker digital signature value, and the unit authority public key certificate to which the electronic seal belongs.
Step 503, the signature component module verifies the authenticity of the electronic seal, specifically, the public key certificate of the seal maker is used to verify the digital signature value of the seal maker, if true, step 504 is executed, otherwise, the signature process is terminated.
And step 504, the signature component module carries out structural data processing on the electronic seal and the electronic file to obtain a first data packet to be signed.
And 505, the signature component module sends the electronic seal information, the signature operator public key certificate, the first data packet to be signed and other information to the server. The electronic seal information can be a complete electronic seal, or can be a part of electronic seal data, such as a unique seal identification code.
Step 506, the seal management module extracts the request data sent by the signature component module to obtain information such as electronic seal information, a public key certificate of a signature operator, a first data packet to be signed and the like.
And step 507, the seal management module determines the seal state of the electronic seal according to the electronic seal information and performs seal authority matching according to the electronic seal and the public key certificate of the signature operator. If the matching result meets the seal requirement, go to step 508, otherwise terminate the signature process.
And step 508, the seal management module calls the server storage module after the PIN code is successfully verified.
Step 509, the seal management module derives the private key of the organization and the public key certificate of the organization of the server storage module, matches the public key certificate of the organization stored in the server storage module with the public key certificate of the organization of the electronic seal sent by the signature client, if the matching is successful, step.
Step 510, the seal management module performs digital signature on the first data packet to be signed by using the private key of the organization, so as to obtain a first signature result.
Step 511, the seal management module returns the signature result (success or failure) and the first signature result to the signature component module of the signature client.
And step 512, the signature component module extracts the signature result and the first signature result, if the signature result is successful, the client storage module is called to obtain the private key of the signature operator, and the private key of the signature operator is used for digitally signing data consisting of the public key certificate of the organization and the first signature result to obtain a second signature result.
Step 513, the signature component module packages the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the signature operator, the second signature result, the signature time, and the like to form the electronic signature data. And storing the electronic signature data to an electronic file to form a signed electronic file, namely the electronic file containing the electronic signature.
The following describes the flow of electronic seal verification in detail with a specific embodiment four. In the fourth embodiment, the electronic seal verification process is completed by the seal verification client and the service end. The signature client in the third embodiment may be the same client or different clients.
The fourth embodiment comprises the following specific steps:
step 601, the seal checking client analyzes the electronic seal data from the seal electronic file and separates the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the seal operator and the second signature result.
Step 602, the seal verification client performs signature verification on the first signature result and the second signature result respectively.
Step 603, the seal checking client sends the electronic seal information, the public key certificate of the organization, the public key certificate of the signature operator and the like to the server.
And step 604, the server side responds to and processes the verification request of the verification client side, matches the electronic seal, the public key certificate of the institution and the public key certificate of the signature operator with the record stored in the server side, and returns a matching result.
Step 605, the seal verification client processes the verification result returned by the server. If the verification result is correct, the verification result is displayed to a signer, wherein one item of the signer of the electronic document is displayed as a public key certificate of a unit institution to which the electronic signet belongs.
And step 606, if the signature client receives the request and further traces the signature operator of the electronic signature, displaying the public key certificate of the signature operator of the electronic signature.
An embodiment of the present invention further provides an electronic signature apparatus, as shown in fig. 5, including:
the processing unit 701 is used for obtaining a first data packet to be signed according to the electronic seal and the electronic file;
a first signature unit 702, configured to sign the first to-be-signed data packet with a first private key to obtain a first signature result;
the processing unit 701 is further configured to obtain a second data packet to be signed at least according to the first signature result;
the second signature unit 703 is configured to sign the second data packet to be signed by using a second private key to obtain a second signature result;
a signature unit 704, configured to form a signature electronic file with the electronic file by using the electronic seal, the first public key certificate corresponding to the first private key, the first signature result, the second public key certificate corresponding to the second private key, and the second signature result;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
Further comprising a verification unit 705 for:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
An electronic seal verification device, as shown in fig. 6, includes:
the receiving and sending unit 801 is used for acquiring the signed electronic file;
the verifying unit 802 is configured to invoke the first public key certificate to verify the first signature result, and invoke the second public key certificate to verify the second signature result;
the transceiver 801 is further configured to send the first public key certificate, the second public key certificate, and the electronic seal to a server, so that the server matches the first public key certificate, the second public key certificate, the electronic seal, and a record in the server;
a display unit 803, configured to display the first public key certificate and the second public key certificate;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
Based on the same principle, the present invention also provides an electronic device, as shown in fig. 7, including:
the device comprises a processor 901, a memory 902, a transceiver 903 and a bus interface 904, wherein the processor 901, the memory 902 and the transceiver 903 are connected through the bus interface 904;
the processor 901 is configured to read the program in the memory 902, and execute the following methods:
acquiring a first data packet to be signed according to the electronic seal and the electronic file;
acquiring a first signature result obtained by signing the first data packet to be signed by using a first private key;
acquiring a second data packet to be signed at least according to the first signature result;
acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key;
forming a signed electronic file with the electronic file by using the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
Further, the processor 401 is specifically configured to:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
Embodiments of the present application provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform any of the above methods of text tagging.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. An electronic signature method, comprising:
acquiring a first data packet to be signed according to the electronic seal and the electronic file;
acquiring a first signature result obtained by signing the first data packet to be signed by using a first private key;
acquiring a second data packet to be signed at least according to the first signature result;
acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key;
forming a signed electronic file with the electronic file by using the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
2. The method according to claim 1, wherein the obtaining of the first data packet to be signed obtained from the electronic seal and the electronic file comprises:
the client obtains the first data packet to be signed according to the electronic seal and the electronic file, and sends the first data packet to be signed to a server;
acquiring a first signature result obtained by signing the first data packet to be signed by using a first private key, wherein the first signature result comprises the following steps:
the client receives a first signature result sent by the server, wherein the first signature result is obtained by the server signing the first data packet to be signed by using a private key of a unit organization;
acquiring a second signature result obtained by signing the second data packet to be signed by using a second private key, wherein the second signature result comprises the following steps:
the client signs the second data packet to be signed by using a private key of a signature operator to obtain a second signature result; the second data packet to be signed is obtained at least according to the first signature result;
forming a signed electronic file with the electronic file by using the electronic seal, the first public key certificate corresponding to the first private key, the first signature result, the second public key certificate corresponding to the second private key, and the second signature result, including:
and the client forms the signature electronic file with the electronic file by using the electronic seal, the public key certificate of the organization, the first signature result, the public key certificate of the signature operator and the second signature result.
3. The method of claim 2, wherein before the client receives the first signature result sent by the server, the method further comprises:
the server receives the electronic seal and the signature operator public key certificate sent by the client;
the server side carries out seal authority matching according to the electronic seal and the signature operator public key certificate;
if the matching result meets the seal using requirement of the electronic seal, executing the step of signing the first data packet to be signed by using the private key of the unit organization to obtain a first signature result;
otherwise, the electronic signature is terminated.
4. The method according to claim 1, wherein before obtaining the first data packet to be signed obtained from the electronic seal and the electronic file, the method further comprises:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
5. An electronic seal verification method, which is applied to the signed electronic document obtained by the method according to any one of claims 1 to 4, and comprises the following steps:
the client acquires the signature electronic file;
the client calls the first public key certificate to verify the first signature result, and calls the second public key certificate to verify the second signature result;
if the verification is successful, the client sends the first public key certificate, the second public key certificate and the electronic seal to a server so that the server matches the first public key certificate, the second public key certificate, the electronic seal and a record in the server;
the client displays the first public key certificate and the second public key certificate after receiving a matching success message sent by the server;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
6. An electronic signature device, comprising:
the processing unit is used for obtaining a first data packet to be signed according to the electronic seal and the electronic file;
the first signature unit is used for signing the first data packet to be signed by using a first private key to obtain a first signature result;
the processing unit is further used for obtaining a second data packet to be signed at least according to the first signature result;
the second signature unit is used for signing the second data packet to be signed by using a second private key to obtain a second signature result;
the signature unit is used for forming a signature electronic file with the electronic file by utilizing the electronic seal, a first public key certificate corresponding to the first private key, the first signature result, a second public key certificate corresponding to the second private key and the second signature result;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
7. The apparatus of claim 6, further comprising a verification unit to:
analyzing the electronic seal, and at least acquiring a digital signature value of a seal maker corresponding to the electronic seal and a public key certificate of the seal maker;
verifying the digital signature value of the seal maker by using the public key certificate of the seal maker;
if the verification is successful, the step of obtaining a first data packet to be signed according to the electronic seal and the electronic file is executed; otherwise, the electronic signature is terminated.
8. An electronic seal verification device, adapted to the signed electronic document obtained by the method according to any one of claims 1 to 4, said device comprising:
the receiving and sending unit is used for acquiring the electronic signature file;
the verification unit is used for calling the first public key certificate to verify the first signature result and calling the second public key certificate to verify the second signature result;
the receiving and sending unit is further configured to send the first public key certificate, the second public key certificate, and the electronic seal to a server, so that the server matches the first public key certificate, the second public key certificate, the electronic seal, and a record in the server;
a display unit configured to display the first public key certificate and the second public key certificate;
the first public key certificate is a public key certificate of a unit organization to which the electronic seal belongs, and the second public key certificate is a public key certificate of a signature operator; or
The first public key certificate is the signature operator public key certificate, and the second public key certificate is the unit public key certificate.
9. An electronic device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-4.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811244968.3A CN111092729A (en) | 2018-10-24 | 2018-10-24 | Electronic signature and seal verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811244968.3A CN111092729A (en) | 2018-10-24 | 2018-10-24 | Electronic signature and seal verification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111092729A true CN111092729A (en) | 2020-05-01 |
Family
ID=70392242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811244968.3A Pending CN111092729A (en) | 2018-10-24 | 2018-10-24 | Electronic signature and seal verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111092729A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111666593A (en) * | 2020-06-23 | 2020-09-15 | 中信银行股份有限公司 | Electronic signature method and device, electronic equipment and computer readable storage medium |
| CN111726226A (en) * | 2020-06-23 | 2020-09-29 | 中信银行股份有限公司 | Signature system, signature method, first server and storage medium |
| CN111865605A (en) * | 2020-06-11 | 2020-10-30 | 天地融科技股份有限公司 | Electronic signature method and terminal, and electronic signature verification method and terminal |
| CN112364385A (en) * | 2020-10-19 | 2021-02-12 | 山东省国土空间数据和遥感技术中心 | OFD format real estate electronic certificate file signature method and system |
| CN113177236A (en) * | 2021-05-31 | 2021-07-27 | 福建凯特信息安全技术有限公司 | Signature method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101241569A (en) * | 2008-03-07 | 2008-08-13 | 北京华大恒泰科技有限责任公司 | Electronic signature method and device and system |
| CN101344945A (en) * | 2008-08-22 | 2009-01-14 | 李东风 | Method for protecting integrality of electro-check by digital signature |
| CN101800646A (en) * | 2010-03-03 | 2010-08-11 | 南京优泰科技发展有限公司 | Implementation method and system of electronic signature |
| US20110126022A1 (en) * | 2005-11-09 | 2011-05-26 | Walter Sieberer | Method for generating an advanced electronic signature for an electronic document |
| US20140019766A1 (en) * | 2012-07-11 | 2014-01-16 | Hitachi, Ltd. | Signature Generation and Verification System and Signature Verification Apparatus |
| CN108038388A (en) * | 2018-01-18 | 2018-05-15 | 北京书生电子技术有限公司 | The implementation method and client of Web page seal, server |
-
2018
- 2018-10-24 CN CN201811244968.3A patent/CN111092729A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110126022A1 (en) * | 2005-11-09 | 2011-05-26 | Walter Sieberer | Method for generating an advanced electronic signature for an electronic document |
| CN101241569A (en) * | 2008-03-07 | 2008-08-13 | 北京华大恒泰科技有限责任公司 | Electronic signature method and device and system |
| CN101344945A (en) * | 2008-08-22 | 2009-01-14 | 李东风 | Method for protecting integrality of electro-check by digital signature |
| CN101800646A (en) * | 2010-03-03 | 2010-08-11 | 南京优泰科技发展有限公司 | Implementation method and system of electronic signature |
| US20140019766A1 (en) * | 2012-07-11 | 2014-01-16 | Hitachi, Ltd. | Signature Generation and Verification System and Signature Verification Apparatus |
| CN108038388A (en) * | 2018-01-18 | 2018-05-15 | 北京书生电子技术有限公司 | The implementation method and client of Web page seal, server |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865605A (en) * | 2020-06-11 | 2020-10-30 | 天地融科技股份有限公司 | Electronic signature method and terminal, and electronic signature verification method and terminal |
| CN111865605B (en) * | 2020-06-11 | 2023-07-21 | 天地融科技股份有限公司 | Electronic signature method and terminal, electronic signature verification method and terminal |
| CN111666593A (en) * | 2020-06-23 | 2020-09-15 | 中信银行股份有限公司 | Electronic signature method and device, electronic equipment and computer readable storage medium |
| CN111726226A (en) * | 2020-06-23 | 2020-09-29 | 中信银行股份有限公司 | Signature system, signature method, first server and storage medium |
| CN111666593B (en) * | 2020-06-23 | 2023-05-16 | 中信银行股份有限公司 | Electronic signature method, electronic signature device, electronic equipment and computer readable storage medium |
| CN112364385A (en) * | 2020-10-19 | 2021-02-12 | 山东省国土空间数据和遥感技术中心 | OFD format real estate electronic certificate file signature method and system |
| CN113177236A (en) * | 2021-05-31 | 2021-07-27 | 福建凯特信息安全技术有限公司 | Signature method and system |
| CN113177236B (en) * | 2021-05-31 | 2023-03-14 | 福建凯特信息安全技术有限公司 | Signature method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111092729A (en) | Electronic signature and seal verification method and device | |
| CN110276588B (en) | Electronic signature authentication method and device and computer readable storage medium | |
| CN109741056B (en) | Method and device for uploading electronic certificate | |
| CN105099692B (en) | Security verification method and device, server and terminal | |
| CN110391913B (en) | Vehicle binding method and device | |
| CN108038388B (en) | Method for realizing Web page seal, client and server | |
| CN104468531A (en) | Authorization method, device and system for sensitive data | |
| CN107493264B (en) | OTP activation method, mobile terminal, server, storage medium and system | |
| CN111314172B (en) | Block chain-based data processing method, device, equipment and storage medium | |
| CN107992759B (en) | Apparatus, method and computer readable storage medium for implementing electronic seal | |
| CN104820944A (en) | Method and system for bank self-service terminal authentication, and device | |
| CN106936790A (en) | The method that client and server end carries out two-way authentication is realized based on digital certificate | |
| CN112559993A (en) | Identity authentication method, device and system and electronic equipment | |
| CN106878324B (en) | Short message authentication method, short message authentication server and terminal | |
| CN111931835A (en) | Image identification method, device and system | |
| CN110113329A (en) | A kind of verification method and device of identifying code | |
| CN111464555A (en) | File signing confirmation method based on client screen video, service server, authentication server and client | |
| CN113961956A (en) | Method, device, equipment and medium for generating and applying tagged network information service | |
| CN106656507A (en) | Method and device for electronic authentication based on mobile terminal | |
| CN104156645A (en) | Copy verification system and application method thereof | |
| CN111865761B (en) | Social chat information evidence storing method based on block chain intelligent contracts | |
| CN111050326B (en) | Block chain-based short message verification method, device, equipment and medium | |
| CN104079527A (en) | Information processing method and electronic equipment | |
| CN106559433B (en) | Method and system for fixing electronic evidence and user identity by using digital certificate | |
| CN113162770A (en) | Online signature method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200501 |