CN111444482A - Safe electronic seal management method based on electronic notarization - Google Patents
Safe electronic seal management method based on electronic notarization Download PDFInfo
- Publication number
- CN111444482A CN111444482A CN202010219343.2A CN202010219343A CN111444482A CN 111444482 A CN111444482 A CN 111444482A CN 202010219343 A CN202010219343 A CN 202010219343A CN 111444482 A CN111444482 A CN 111444482A
- Authority
- CN
- China
- Prior art keywords
- electronic
- seal
- key
- server
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Abstract
A safe electronic seal management method based on electronic notarization comprises the following steps: the invention provides a safe solution for the embezzlement risk of the electronic seal of the server, and arranges a collaborative support server of the electronic notarization and a mobile client of a seal administrator outside the electronic seal server to set a preposed flow for the electronic seal server, and the electronic seal server can be called only after the seal administrator completes the electronic signature together by using the mobile client and the electronic notarization support server, thereby leaving the signature record of the electronic seal using process on the file of each electronic signature, ensuring that the electronic signature can not be completed without the approval of the seal administrator, and avoiding the embezzlement possibility of the electronic seal.
Description
Technical Field
The invention relates to the business field of stamping an electronic seal on an electronic document, in particular to a method for realizing safe use of the electronic seal under the condition of not needing a Ukey medium.
Background
The electronic signature is an important scene of electronic signature service, and the traditional seal pattern is combined with the electronic signature, so that the electronic seal pattern can be vividly embodied when the electronic signature is finished on an electronic document, and the habit continuation of the traditional paper seal is realized;
the method is characterized in that the prior electronic signature is usually implemented through a Ukey hardware medium, a certificate public key, a certificate private key and a pattern of a seal are canned in the Ukey, when the electronic signature is required to be carried out on a target file, the Ukey is inserted into a computer, and a signature control program is locally run; the electronic seal based on Ukey is highly safe, but the Ukey has a lot of inconvenience in use and can not meet the requirements in many scenes, so that the electronic signature service based on the server appears, in the electronic seal of the server, a certificate public key, a certificate private key and a pattern of the seal are packaged in the server, and when the electronic seal needs to be used, the server automatically calls the certificate public key, the certificate private key and the pattern of the seal to complete the electronic signature operation after finishing authentication on a user; the electronic signature service in the server mode is very convenient to use, but the core security mechanism is completely established on the authentication of a user by the server, and any behavior of bypassing or deceiving the authentication mechanism can cause the embezzlement of the electronic seal, thereby bringing about a serious security problem.
Disclosure of Invention
The invention aims to provide a safe electronic seal management method based on an electronic notarization, aiming at the embezzlement risk of an electronic seal of a server, a preposed flow is set for the electronic seal server by configuring a cooperative server of the electronic notarization and a mobile client of a seal administrator outside the electronic seal server, and the electronic seal server can be called only after the seal administrator personally uses the mobile client and the electronic notarization cooperative server to jointly complete electronic signature each time of seal application, so that signature records of the use process of the electronic seal are left on a file of each electronic signature, the electronic signature cannot be completed without the approval of the seal administrator, and the possibility of embezzlement of the electronic seal is avoided.
The technical scheme of the invention is as follows:
the invention provides a safe electronic seal management method based on an electronic notarization, which comprises the following steps:
s1, user registration step:
1.1, the User sends a registration request to an electronic notarization supporting server Ns through an electronic seal server Ss, and the User submits the principal identity information Id of the UseruDesign Seal of User SealuAnd identity information Id of printing manager Mgmg(ii) a The electronic seal server Ss generates a public and private key pair by using a public key cryptographic algorithm, wherein the private key isThe public key isAnd sends the access address Ad of the Ss to the electronic notarization supporting server NssSimultaneously, registration is requested;
1.2, after receiving the registration request, the electronic notarization supporting server Ns generates a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
1.3, electronic seal server Ss uses keysTo the private key ofCarry out encryption Use keysFor Idu、Idmg、Performing cryptographic calculations And will beSending to the electronic notarization supporting server Ns; at the same time willSealuLogging in an Ss database, and discarding keyss;
1.4 electronic notarization support server Ns uses keysTo pairPerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg、Electronic notarization support server Ns with IduThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a self-configured root certificate private keyFor IduAndsigning and generating digital certificate for UserThe electronic notarization supporting server Ns willAnd self-configured root certificate public keySend the Id to the Ssu、Idmg、Logging in Ns database and connecting with keys、AdsAssociating;
1.5, the electronic seal server Ss informs a seal manager Mg to download and use a seal management mobile client App;
1.6, using a print manager Mg to download and use a print management mobile client App, and inputting the identity information Id of Mgmg' and subject identity information Id of Useru', and setting PIN code
1.7 managing Mobile client App Using Key Generation Algorithm Pair with stampPerforming a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter GManaging mobile client App with stampmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
1.8, after receiving the request of the mobile client App, the electronic notarization supporting server Ns sends the Idu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing real-name identity authentication on Mg, terminating tasks if the authentication fails, and continuing if the authentication passes;
electronic notarization supporting server Ns uses key generation algorithm to randomly generate a cipher conforming to public key for MgSecond component d of regular private key2And using d2And an elliptic curve parameter G, calculating a cooperative public keyComplete public key with P as Mg
Electronic notarization support server Ns with IdmgThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a root certificate private keyFor IdmgAndsigning, generating digital certificate Cer for printing manager Mgmg;
The electronic notarization supporting server Ns connects CermgAnd access addresses Ad of SssSending to App, P1, d2、CermgLogging into Ns database and correlating with Idu、Idmg、keys、AdsAssociating; 1.9, using seal manager Mg to access address Ad of electronic seal server Ss by AppsEstablishing communication with Ss and sending CermgTo Ss;
1.10, the electronic seal server Ss receives the certificate CermgThereafter, the root certificate public key of the electronic notarization supporting server Ns is usedTo CermgIs testedSigning, checking not passing, terminating task, checking passing, Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgEnter the database of Ss and compare with Idmg、Sealu、Associating; meanwhile, informing the App system of the completion of the registration process;
s2, electronic seal using step
2.1, leading a file M needing to be stamped into an electronic stamp server Ss by a user, and specifying a stamping position;
2.2, the electronic seal server Ss generates a Task1 for the file M, and sends the Task1 to a seal management mobile client App under a Mg real-name account of a seal manager;
2.3 Using the real identity information Id with print Administrator MgmgLogging in App, checking Task1, downloading file M to App, not agreeing to seal, terminating Task, agreeing to seal, inputting PIN code to App by print manager MgCarrying out the next step;
app uses the same key generation algorithm pair in step 1.7Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file MSign the valueTogether with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
2.4 electronic notarization support server Ns passes through IdmgQuery the database to get P1 andkeyssignature value pair using P1Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pairPerforming a collaborative signature operationSign the valuekeysReturning to App;
2.5 App use d1For signature valuePerforming a collaborative signature operation Obtaining the final signature value of the file MSign the valueSynthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss;
2.6, the electronic seal server Ss uses the Mg digital certificate CermgCertificate public key contained inFor file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysLogarithm ofIn a databasePerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Electronic seal server Ss uses private keyInvoking digital certificatesAnd Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificatesComposition to File M1To generate a file M2(ii) a And informing the seal management mobile client App that the electronic seal signing of the file M is completed.
Further, in step 1.1, the principal identity information IduIncluding name, organization code; identity information Id of print administratormgIncluding the name and identification number.
Further, in step 1.8, the real-name identity authentication is performed on Mg by using a face recognition and citizen identity database comparison method.
Further, in the step 2.1, the user introduces the file M to be stamped through the requirement service side Bs, sends the file M to be stamped to the electronic stamp server Ss, and specifies the stamping position; in a corresponding step 2.6, the electronic seal server Ss documents M2Returning to the requirement service end Bs; and then notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
A stamp management mobile client App adopted by a safe electronic stamp management method based on an electronic notarization comprises the following steps:
a registration information entry module: receiving identity information Id input by print manager Mgmg', subject identity information Id of Useru', and a set PIN code
A registration key generation module: using a key generation algorithm pairPerforming a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter GWill Idmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
a registered digital certificate module: receiving Cer sent by electronic notarization support server NsmgAnd access addresses Ad of SssThrough AdsEstablishing communication with Ss and sending CermgTo Ss; after the electronic seal server Ss checks the signature, receiving registration flow completion information;
a print job receipt confirmation module: receiving a stamp using Task1 sent by the electronic stamp server Ss and receiving real identity information Id used by a stamp manager MgmgThe user logs in, looks up a Task1, downloads the file M to the App, and receives the stamp consumption confirmation information of the stamp consumption manager Mg; terminating the task for the seal not approved, receiving the PIN code input by the print manager Mg for the seal approvedUsing the same key generation algorithm pair in the registration key generation modulePerforming key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M Sign the valueTogether with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
a printing task signature module: receiving the signature value sent by the electronic notarization supporting server NsAnd keysUsing d1For signature valuePerforming a collaborative signature operationObtaining the final signature value of the file MSign the valueSynthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss; seal pattern Seal is transmitted to electronic Seal server SsuAnd digital certificatesAnd after the electronic seal signing completion notification is synthesized on the file, receiving the electronic seal signing completion notification.
An electronic seal server Ss adopted by a safe electronic seal management method based on an electronic notarization, the server comprises:
a registered user request sending module: receiving User main body identity information Id submitted by a UseruDesign Seal of User SealuAnd identity information Id of printing manager MgmgGenerating a public-private key pair using a public-key cryptographic algorithm, wherein the private key isThe public key isAnd sends the access address Ad of the Ss to the electronic notarization supporting server NssAnd a registration request of the user;
a registration encryption module: receiving a symmetric key sent by the electronic notarization supporting server NssAfter that, use the keysTo the private key ofCarry out encryptionUse keysFor Idu、Idmg、Performing cryptographic calculationsAnd will beSending to the electronic notarization supporting server Ns; at the same time willSealuLogging in an Ss database, and discarding keyss;
A registration certificate public key receiving module: receiving a digital certificate which is sent by an electronic notarization supporting server Ns and is generated for a UserAnd self-configured root certificate public keyThen, informing a printing manager to download Mg and manage the mobile client App by using the printing;
the public key signature checking module of the registration certificate: receiving a certificate Cer sent by the electronic notarization supporting server Ns and generated for the printing administrator MgmgThereafter, the root certificate public key of the electronic notarization supporting server Ns is usedTo CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgIs logged into the database and associated with Idmg、Sealu、 Associating; meanwhile, informing the App system of the completion of the registration process;
the printing task generation module: receiving a file M needing to be stamped and a designated stamping position imported by a user; generating a Task1 for the file M, and sending the Task1 to a stamp-using management mobile client App under a Mg real-name account of a stamp-using manager;
the signature checking and signing module for the printing task: receiving a file M containing Mg personal signature information sent by App1And keysUsing Mg digital certificate CermgCertificate public key contained inFor file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysLogarithm ofIn a databasePerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtainedUsing a private keyInvoking digital certificatesAnd Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificatesComposition to File M1To generate a file M2(ii) a File M2And returning the information to the electronic seal server Ss, and synchronously notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
An electronic notarization supporting server Ns adopted by a safe electronic seal management method based on an electronic notarization, the server comprises:
a registered symmetric key generation module: after receiving the registration request, generating a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
a registered user digital certificate generation module: after receiving the user information encrypted by the electronic seal server SsUse keysTo pairPerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg、By IduThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a self-configured root certificate private keyFor IduAndsigning and generating digital certificate for UserWill be provided withAnd self-configured root certificate public keySend the Id to the Ssu、Idmg、Logging in Ns database and connecting with keys、AdsAssociating;
a registration print administrator digital certificate generation module: after receiving the request of the mobile client App, the Id is transmittedu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, terminating tasks with inconsistent ones, comparing with consistent ones, performing real-name identity authentication on Mg, terminating tasks with failed authentication, and terminating tasks with passed authenticationCarrying out the next step;
randomly generating a private key second component d for Mg using a key generation algorithm that conforms to the public key cryptographic rules2And using d2And an elliptic curve parameter G, calculating a cooperative public keyComplete public key with P as Mg
By IdmgThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a root certificate private keyFor IdmgAndsigning, generating digital certificate Cer for printing manager Mgmg;
Cer is to bemgAnd access addresses Ad of SssSending to App, P1, d2、CermgLogging into Ns database and correlating with Idu、Idmg、keys、AdsAssociating;
and a signature verification module for the printing task: receiving the identity information Id of Mg sent by AppmgAnd a signature value after signing the file MBy IdmgQuerying the database for P1 and keysSignature value pair using P1Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pairPerforming a collaborative signature operationSign the valuekeysAnd returning to App.
The invention has the beneficial effects that:
the invention provides a safe solution for the embezzlement risk of the electronic seal of the server, by configuring a cooperative support server of an electronic notarization and a mobile client of a seal administrator outside an electronic seal server, and setting a preposed flow for the electronic seal server, the electronic seal server can be called only after the seal administrator personally uses the mobile client and the electronic notarization support server to jointly complete electronic signature each time of seal application, so that signature records of the use process of the electronic seal are left on the file of each electronic signature, and the electronic signature can not be completed without the approval of the seal administrator, thereby avoiding the possibility of embezzlement of the electronic seal, and the specific advantages are as follows:
1. the high safety of the electronic seal can be ensured without Ukey media;
2. each electronic signature file contains a personal certificate signature of a user, so that the use process of the electronic seal is easy to track;
3. the electronic seal is difficult to steal by attaching the front flow of the personal signature.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 shows a schematic structural diagram of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
As shown in fig. 1, the present invention provides a secure electronic seal management method based on an electronic notarization, which includes the following steps:
s1, user registration step:
1.1, the User sends a registration request to an electronic notarization supporting server Ns through an electronic seal server Ss, and the User submits the principal identity information Id of the Useru(principal identity information Id)uMay include name, mechanism code, etc.), design Seal of User SealuAnd identity information Id of printing manager Mgmg(identity information Id of print managermgIncluding name and identification number, etc.); the electronic seal server Ss generates a public and private key pair by using a public key cryptographic algorithm, wherein the private key isThe public key isAnd sends the access address Ad of the Ss to the electronic notarization supporting server NssSimultaneously, registration is requested;
1.2, after receiving the registration request, the electronic notarization supporting server Ns generates a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
1.3 electronic sealThe server Ss uses the keysTo the private key ofCarry out encryption Use keysFor Idu、Idmg、Performing cryptographic calculations And will beSending to the electronic notarization supporting server Ns; at the same time willSealuLogging in an Ss database, and discarding keyss;
1.4 electronic notarization support server Ns uses keysTo pairPerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg、Electronic notarization support server Ns with IduThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a self-configured root certificate private keyFor IduAndsigning and generating digital certificate for UserThe electronic notarization supporting server Ns willAnd self-configured root certificate public keySend the Id to the Ssu、Idmg、Logging in Ns database and connecting with keys、AdsAssociating;
1.5, the electronic seal server Ss informs a seal manager Mg to download and use a seal management mobile client App;
1.6, using a print manager Mg to download and use a print management mobile client App, and inputting the identity information Id of Mgmg' and subject identity information Id of Useru', and setting PIN code
1.7 managing Mobile client App Using Key Generation Algorithm Pair with stampPerforming a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first public key by combining the elliptic curve parameter GComponent(s) ofManaging mobile client App with stampmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
1.8, after receiving the request of the mobile client App, the electronic notarization supporting server Ns sends the Idu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing on Mg, not passing authentication, terminating the tasks, passing authentication, and continuing; the real-name identity authentication can be carried out on Mg by using a face recognition and citizen identity database comparison method;
the electronic notarization supporting server Ns uses the key generation algorithm to randomly generate a private key second component d conforming to the public key cryptography rule for Mg2And using d2And an elliptic curve parameter G, calculating a cooperative public keyComplete public key with P as Mg
Electronic notarization support server Ns with IdmgThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a root certificate private keyFor IdmgAndsigning, generating digital certificate Cer for printing manager Mgmg;
The electronic notarization supporting server Ns connects CermgAnd access addresses Ad of SssSending to App, P1, d2、CermgLogging into Ns database and correlating with Idu、Idmg、keys、AdsAssociating;
1.9, using seal manager Mg to access address Ad of electronic seal server Ss by AppsEstablishing communication with Ss and sending CermgTo Ss;
1.10, the electronic seal server Ss receives the certificate CermgThereafter, the root certificate public key of the electronic notarization supporting server Ns is usedTo CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgEnter the database of Ss and compare with Idmg、Sealu、Associating; meanwhile, informing the App system of the completion of the registration process;
s2, electronic seal using step
2.1, leading a file M needing to be stamped into an electronic stamp server Ss by a user, and specifying a stamping position;
2.2, the electronic seal server Ss generates a Task1 for the file M, and sends the Task1 to a seal management mobile client App under a Mg real-name account of a seal manager;
2.3 Using the real identity information Id with print Administrator MgmgLogging in App, checking Task1, downloading file M to App, not agreeing to seal, terminating Task, agreeing to seal, inputting PIN code to App by print manager MgCarrying out the next step;
app uses the same key generation algorithm pair in step 1.7Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file MSign the valueTogether with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
2.4 electronic notarization support server Ns passes through IdmgQuerying the database for P1 and keysSignature value pair using P1Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pairPerforming a collaborative signature operationSign the valuekeysReturning to App;
2.5 App use d1For signature valuePerforming a collaborative signature operation Obtaining the final signature value of the file MSign the valueSynthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss;
2.6, the electronic seal server Ss uses the Mg digital certificate CermgCertificate public key contained inFor file M1Performing a checkmark, terminating the task of failing to pass the checkmark, passing the checkmark, using kdysFor in databasePerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Electronic seal server Ss uses private keyInvoking digital certificatesAnd Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificatesComposition to File M1Go up and growFile formed M2(ii) a And informing the seal management mobile client App that the electronic seal signing of the file M is completed.
As an embodiment of the present invention, in step 2.1, a user may import a file M to be stamped through a demand service end Bs, send the file M to an electronic stamp server Ss, and specify a stamping position; in a corresponding step 2.6, the electronic seal server Ss documents M2Returning to the requirement service end Bs; and then notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
The main identity of the User can be a company, the required service end Bs can be service ends used by users needing printing service in the company, and a printing request is sent by accessing an electronic seal server Ss; the aforementioned electronic seal server Ss may be disposed in a company of the User; the management mobile client App with the stamp is held and maintained by a specially-assigned person.
A stamp management mobile client App adopted by a safe electronic stamp management method based on an electronic notarization comprises the following steps:
a registration information entry module: receiving identity information Id input by print manager Mgmg', subject identity information Id of Useru', and a set PIN code
A registration key generation module: using a key generation algorithm pairPerforming a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter GWill Idmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
a registered digital certificate module: receiving electronic notarization supporting server Ns transmitted CermgAnd access addresses Ad of SssThrough AdsEstablishing communication with Ss and sending CermgTo Ss; after the electronic seal server Ss checks the signature, receiving registration flow completion information;
a print job receipt confirmation module: receiving a stamp using Task1 sent by the electronic stamp server Ss and receiving real identity information Id used by a stamp manager MgmgThe user logs in, looks up a Task1, downloads the file M to the App, and receives the stamp consumption confirmation information of the stamp consumption manager Mg; terminating the task for the seal not approved, receiving the PIN code input by the print manager Mg for the seal approvedUsing the same key generation algorithm pair in the registration key generation modulePerforming key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M Sign the valueTogether with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
a printing task signature module: receiving the signature value sent by the electronic notarization supporting server NsAnd keysUsing d1For signature valuePerforming a collaborative signature operationObtaining the final signature value of the file MSign the valueSynthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss; seal pattern Seal is transmitted to electronic Seal server SsuAnd digital certificatesAnd after the electronic seal signing completion notification is synthesized on the file, receiving the electronic seal signing completion notification.
An electronic seal server Ss adopted by a safe electronic seal management method based on an electronic notarization, the server comprises:
a registered user request sending module: receiving User main body identity information Id submitted by a UseruDesign Seal of User SealuAnd identity information Id of printing manager MgmgGenerating a public-private key pair using a public-key cryptographic algorithm, wherein the private key isThe public key isAnd sends the access address Ad of the Ss to the electronic notarization supporting server NssAnd a registration request of the user;
a registration encryption module: receiving a symmetric key sent by the electronic notarization supporting server NssAfter that, use the keysTo the private key ofCarry out encryptionUse keysFor Idu、Idmg、Performing cryptographic calculationsAnd will beSending to the electronic notarization supporting server Ns; at the same time willSealx is recorded into the Ss database, and key is discardeds;
A registration certificate public key receiving module: receiving a digital certificate which is sent by an electronic notarization supporting server Ns and is generated for a UserAnd self-configured root certificate public keyThen, informing a printing manager to download Mg and manage the mobile client App by using the printing;
the public key signature checking module of the registration certificate: receiving a certificate Cer sent by the electronic notarization supporting server Ns and generated for the printing administrator MgmgThereafter, the root certificate public key of the electronic notarization supporting server Ns is usedTo CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgIs logged into the database and associated with Idmg、Sealu、 Associating; meanwhile, informing the App system of the completion of the registration process;
the printing task generation module: receiving a file M needing to be stamped and a designated stamping position imported by a user; generating a Task1 for the file M, and sending the Task1 to a stamp-using management mobile client App under a Mg real-name account of a stamp-using manager;
the signature checking and signing module for the printing task: receiving a file M containing Mg personal signature information sent by App1And keysUsing Mg digital certificate CermgCertificate public key contained inFor file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysFor in databasePerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtainedUsing a private keyInvoking digital certificatesAnd Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificatesComposition to File M1To generate a file M2(ii) a File M2Return to electronic seal serviceAnd the device Ss synchronously informs the seal management mobile client App that the electronic seal signing of the file M is completed.
An electronic notarization supporting server NS adopted by a safe electronic seal management method based on electronic notarization comprises:
a registered symmetric key generation module: after receiving the registration request, generating a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
a registered user digital certificate generation module: after receiving the user information encrypted by the electronic seal server SsUse keysTo pairPerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg、By IduThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a self-configured root certificate private keyFor IduAndsigning and generating digital certificate for UserWill be provided withAnd self-configured root certificate public keySend the Id to the Ssu、Idmg、Logging in Ns database and connecting with keys、AdsAssociating;
a registration print administrator digital certificate generation module: after receiving the request of the mobile client App, the Id is transmittedu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing real-name identity authentication on Mg, terminating tasks if the authentication fails, and performing the next step if the authentication passes;
randomly generating a private key second component d for Mg using a key generation algorithm that conforms to the public key cryptographic rules2And using d2And an elliptic curve parameter G, calculating a cooperative public keyComplete public key with P as Mg
By IdmgThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a root certificate private keyFor IdmgAndsigning, generating digital certificate Cer for printing manager Mgmg;
Cer is to bemgAnd access addresses Ad of SssSending to App, P1, d2、CermgLogging into Ns database and correlating with Idu、Idmg、keys、AdsAssociating;
and a signature verification module for the printing task: receiving the identity information Id of Mg sent by AppmgAnd a signature value after signing the file MBy IdmgQuerying the database for P1 and keysSignature value pair using P1Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pairPerforming a collaborative signature operationSign the valuekeysAnd returning to App.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.
Claims (7)
1. A safe electronic seal management method based on electronic notarization is characterized by comprising the following steps:
s1, user registration step:
1.1, the User sends a registration request to an electronic notarization supporting server Ns through an electronic seal server Ss, and the User submits the principal identity information Id of the UseruDesign Seal of User SealuAnd identity information Id of printing manager Mgmg(ii) a The electronic seal server Ss generates a public and private key pair by using a public key cryptographic algorithm, wherein the private key isThe public key isAnd sends the access address Ad of the Ss to the electronic notarization supporting server NssSimultaneously, registration is requested;
1.2, after receiving the registration request, the electronic notarization supporting server Ns generates a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
1.3, electronic seal server Ss uses keysTo the private key ofCarry out encryption Use keysFor Idu、Idmg、Performing cryptographic calculations And will beSending to the electronic notarization supporting server Ns; at the same time willSealuLogging in an Ss database, and discarding keyss;
1.4 electronic notarization support server Ns uses keysTo pairPerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg、Electronic notarization support server Ns with IduThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a self-configured root certificate private keyFor IduAndsigning and generating digital certificate for UserThe electronic notarization supporting server Ns willAnd self-configured root certificate public keySend the Id to the Ssu、Idmg、Logging in Ns database and connecting with keys、AdsAssociating;
1.5, the electronic seal server Ss informs a seal manager Mg to download and use a seal management mobile client App;
1.6, using a print manager Mg to download and use a print management mobile client App, and inputting the identity information Id of Mgmg' and subject identity information Id of Useru', and setting PIN code
1.7 managing Mobile client App Using Key Generation Algorithm Pair with stampPerforming a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter GManaging mobile client App with stampmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
1.8, after receiving the request of the mobile client App, the electronic notarization supporting server Ns sends the Idu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, terminating tasks with inconsistent ones, authenticating Mg with real name, and terminating tasksContinuing the transaction after the authentication is passed;
the electronic notarization supporting server Ns uses the key generation algorithm to randomly generate a private key second component d conforming to the public key cryptography rule for Mg2And using d2And an elliptic curve parameter G, calculating a cooperative public keyComplete public key with P as Mg
Electronic notarization support server Ns with IdmgThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a root certificate private keyFor IdmgAndsigning, generating digital certificate Cer for printing manager Mgmg;
The electronic notarization supporting server Ns connects CermgAnd access addresses Ad of SssSending to App, P1, d2、CermgLogging into Ns database and correlating with Idu、Idmg、keys、AdsAssociating;
1.9, using seal manager Mg to access address Ad of electronic seal server Ss by AppsEstablishing communication with Ss and sending CermgTo Ss;
1.10, the electronic seal server Ss receives the certificate CermgThereafter, the root certificate public key of the electronic notarization supporting server Ns is usedTo CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgEnter the database of Ss and compare with Idmg、Sealu、Associating; meanwhile, informing the App system of the completion of the registration process;
s2, electronic seal using step
2.1, leading a file M needing to be stamped into an electronic stamp server Ss by a user, and specifying a stamping position;
2.2, the electronic seal server Ss generates a Task1 for the file M, and sends the Task1 to a seal management mobile client App under a Mg real-name account of a seal manager;
2.3 Using the real identity information Id with print Administrator MgmgLogging in App, checking Task1, downloading file M to App, not agreeing to seal, terminating Task, agreeing to seal, inputting PIN code to App by print manager MgCarrying out the next step;
app uses the same key generation algorithm pair in step 1.7Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file MSign the valueTogether with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
2.4 electronic notarization support server Ns passes through IdmgQuerying the database for P1 and keysSignature value pair using P1Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pairPerforming a collaborative signature operationSign the valuekeysReturning to App;
2.5 App use d1For signature valuePerforming a collaborative signature operation Obtaining the final signature value of the file MSign the valueSynthesized into a document M to generate personal signature information containing MgFile M1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss;
2.6, the electronic seal server Ss uses the Mg digital certificate CermgCertificate public key contained inFor file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysFor in databasePerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Electronic seal server Ss uses private keyInvoking digital certificatesAnd Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificatesComposition to File M1To generate a file M2(ii) a And informing the seal management mobile client App that the electronic seal signing of the file M is completed.
2. The electronic notarization-based secure electronic seal management method of claim 1, wherein in step 1.1, the principal identity information IduComprises thatName, organization code; identity information Id of print administratormgIncluding the name and identification number.
3. The electronic notary based secure electronic seal management method according to claim 1, wherein in step 1.8, real-name identity authentication is performed on Mg by using a face recognition and citizen identity database comparison method.
4. The electronic notarization-based secure electronic seal management method according to claim 1, wherein in step 2.1, a user imports a file M to be stamped through a demand service side Bs, sends the file M to be stamped to an electronic seal server Ss, and specifies the stamping position; in a corresponding step 2.6, the electronic seal server Ss documents M2Returning to the requirement service end Bs; and then notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
5. A stamp management mobile client App for use in a secure electronic seal management method based on an electronic notarization according to one of claims 1 to 4, characterized in that the client comprises:
a registration information entry module: receiving identity information Id input by print manager Mgmg', subject identity information Id of Useru', and a set PIN code
A registration key generation module: using a key generation algorithm pairPerforming a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter GWill Idmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
a registered digital certificate module: receiving Cer sent by electronic notarization support server NsmgAnd access addresses Ad of SssThrough AdsEstablishing communication with Ss and sending CermgTo Ss; after the electronic seal server Ss checks the signature, receiving registration flow completion information;
a print job receipt confirmation module: receiving a stamp using Task1 sent by the electronic stamp server Ss and receiving real identity information Id used by a stamp manager MgmgThe user logs in, looks up a Task1, downloads the file M to the App, and receives the stamp consumption confirmation information of the stamp consumption manager Mg; terminating the task for the seal not approved, receiving the PIN code input by the print manager Mg for the seal approvedUsing the same key generation algorithm pair in the registration key generation modulePerforming key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M Sign the valueTogether with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
a printing task signature module: receiving the signature value sent by the electronic notarization supporting server NsAnd keysUsing d1For signature valuePerforming a collaborative signature operationObtaining the final signature value of the file MSign the valueSynthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss; seal pattern Seal is transmitted to electronic Seal server SsuAnd digital certificatesAnd after the electronic seal signing completion notification is synthesized on the file, receiving the electronic seal signing completion notification.
6. An electronic seal server Ss for use in the electronic notarization-based secure electronic seal management method according to one of claims 1 to 4, characterized in that the server comprises:
a registered user request sending module: receiving User main body identity information Id submitted by a UseruDesign Seal of User SealuAnd identity information Id of printing manager MgmgGenerating a public-private key pair using a public-key cryptographic algorithm, wherein the private key isThe public key isAnd sends the access address Ad of the Ss to the electronic notarization supporting server NssAnd use ofA registration request of a user;
a registration encryption module: receiving a symmetric key sent by the electronic notarization supporting server NssAfter that, use the keysTo the private key ofCarry out encryptionUse keysFor Idu、Idmg、Performing cryptographic calculationsAnd will beSending to the electronic notarization supporting server Ns; at the same time willSealuLogging in an Ss database, and discarding keyss;
A registration certificate public key receiving module: receiving a digital certificate which is sent by an electronic notarization supporting server Ns and is generated for a UserAnd self-configured root certificate public keyThen, informing a printing manager to download Mg and manage the mobile client App by using the printing;
the public key signature checking module of the registration certificate: receiving a certificate Cer sent by the electronic notarization supporting server Ns and generated for the printing administrator MgmgThereafter, the root certificate public key of the electronic notarization supporting server Ns is usedTo CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgIs logged into the database and associated with Idmg、Sealu、 Associating; meanwhile, informing the App system of the completion of the registration process;
the printing task generation module: receiving a file M needing to be stamped and a designated stamping position imported by a user; generating a Task1 for the file M, and sending the Task1 to a stamp-using management mobile client App under a Mg real-name account of a stamp-using manager;
the signature checking and signing module for the printing task: receiving a file M containing Mg personal signature information sent by App1And keysUsing Mg digital certificate CermgCertificate public key contained inFor file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysFor in databasePerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtainedUsing a private keyInvoking digital certificatesAnd Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificatesComposition to File M1To generate a file M2(ii) a File M2And returning the information to the electronic seal server Ss, and synchronously notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
7. An electronic notarization support server Ns for use in the method of electronic notarization based secure electronic seal management of one of claims 1 to 4, characterized in that it comprises:
a registered symmetric key generation module: after receiving the registration request, generating a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
a registered user digital certificate generation module: after receiving the user information encrypted by the electronic seal server SsUse keysTo pairPerform decryption operationIf the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg、By IduThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a self-configured root certificate private keyFor IduAndsigning and generating digital certificate for UserWill be provided withAnd self-configured root certificate public keySend the Id to the Ssu、Idmg、Logging in Ns database and connecting with keys、AdsAssociating;
a registration print administrator digital certificate generation module: after receiving the request of the mobile client App, the Id is transmittedu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing real-name identity authentication on Mg, terminating tasks if the authentication fails, and performing the next step if the authentication passes;
randomly generating a private key second component d for Mg using a key generation algorithm that conforms to the public key cryptographic rules2And using d2And elliptic curve parameter G, calculating cooperationPublic keyComplete public key with P as Mg
By IdmgThe recorded content is main body information and is combined with a public keyGenerating a standard certificate format using a root certificate private keyFor IdmgAndsigning, generating digital certificate Cer for printing manager Mgmg;
Cer is to bemgAnd access addresses Ad of SssSending to App, P1, d2、CermgLogging into Ns database and correlating with Idu、Idmg、keys、AdsAssociating;
and a signature verification module for the printing task: receiving the identity information Id of Mg sent by AppmgAnd a signature value after signing the file MBy IdmgQuerying the database for P1 and keysSignature value pair using P1Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pairPerforming a collaborative signature operationSign the valuekeysAnd returning to App.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010219343.2A CN111444482B (en) | 2020-03-25 | 2020-03-25 | Safe electronic seal management method based on electronic notarization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010219343.2A CN111444482B (en) | 2020-03-25 | 2020-03-25 | Safe electronic seal management method based on electronic notarization |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111444482A true CN111444482A (en) | 2020-07-24 |
CN111444482B CN111444482B (en) | 2022-08-12 |
Family
ID=71650743
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010219343.2A Active CN111444482B (en) | 2020-03-25 | 2020-03-25 | Safe electronic seal management method based on electronic notarization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111444482B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800646A (en) * | 2010-03-03 | 2010-08-11 | 南京优泰科技发展有限公司 | Implementation method and system of electronic signature |
CN104734851A (en) * | 2013-12-24 | 2015-06-24 | 卓望数码技术(深圳)有限公司 | Electronic seal method and system |
CN108206831A (en) * | 2017-12-29 | 2018-06-26 | 北京书生电子技术有限公司 | Implementation method and server, the client and readable storage medium storing program for executing of E-seal |
-
2020
- 2020-03-25 CN CN202010219343.2A patent/CN111444482B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800646A (en) * | 2010-03-03 | 2010-08-11 | 南京优泰科技发展有限公司 | Implementation method and system of electronic signature |
CN104734851A (en) * | 2013-12-24 | 2015-06-24 | 卓望数码技术(深圳)有限公司 | Electronic seal method and system |
CN108206831A (en) * | 2017-12-29 | 2018-06-26 | 北京书生电子技术有限公司 | Implementation method and server, the client and readable storage medium storing program for executing of E-seal |
Also Published As
Publication number | Publication date |
---|---|
CN111444482B (en) | 2022-08-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10142324B2 (en) | Method for reading attributes from an ID token | |
CN102473212B (en) | Generate the method for soft token | |
JP2020145733A (en) | Method for managing a trusted identity | |
US6892300B2 (en) | Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller | |
CN101222333B (en) | Data transaction processing method and apparatus | |
JP4508331B2 (en) | Authentication agent device, authentication agent method, authentication agent service system, and computer-readable recording medium | |
US20110289318A1 (en) | System and Method for Online Digital Signature and Verification | |
US20070179903A1 (en) | Identity theft mitigation | |
CN106953732B (en) | Key management system and method for chip card | |
KR102280061B1 (en) | Corporation related certificate issue system and method using did based on blockchain | |
US11343074B2 (en) | Block-chain based identity system | |
CN114666168B (en) | Decentralized identity certificate verification method and device, and electronic equipment | |
TWI578253B (en) | System and method for applying financial certificate using a mobile telecommunication device | |
US20120089495A1 (en) | Secure and mediated access for e-services | |
JP2000059353A (en) | Data storage system, data storage method and its program recording medium | |
EP1574978A1 (en) | Personal information control system, mediation system, and terminal unit | |
CN112073967B (en) | Method and device for downloading identity certificate of mobile phone shield equipment and electronic equipment | |
JP2000215280A (en) | Identity certification system | |
TWM606867U (en) | System for enabling digital certificate with certificate mechanism of online fast authentication | |
CN111444482B (en) | Safe electronic seal management method based on electronic notarization | |
JP2000078128A (en) | Communication system, ic card and recording medium | |
TWM607988U (en) | Hardware carrier authentication and signature system using rapid online authentication | |
CN111555887A (en) | Block chain certificate compatibility processing method and device and computer storage medium | |
CN111489211A (en) | Billing processing method, billing processing device and billing processing medium | |
TWI772908B (en) | System and method for using a device of fast identity online to certified and signed |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |