CN111444482A - Safe electronic seal management method based on electronic notarization - Google Patents

Safe electronic seal management method based on electronic notarization Download PDF

Info

Publication number
CN111444482A
CN111444482A CN202010219343.2A CN202010219343A CN111444482A CN 111444482 A CN111444482 A CN 111444482A CN 202010219343 A CN202010219343 A CN 202010219343A CN 111444482 A CN111444482 A CN 111444482A
Authority
CN
China
Prior art keywords
electronic
seal
key
server
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010219343.2A
Other languages
Chinese (zh)
Other versions
CN111444482B (en
Inventor
葛峰
曹容端
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Weslink Network Technology Co ltd
Original Assignee
Jiangsu Weslink Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Weslink Network Technology Co ltd filed Critical Jiangsu Weslink Network Technology Co ltd
Priority to CN202010219343.2A priority Critical patent/CN111444482B/en
Publication of CN111444482A publication Critical patent/CN111444482A/en
Application granted granted Critical
Publication of CN111444482B publication Critical patent/CN111444482B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

A safe electronic seal management method based on electronic notarization comprises the following steps: the invention provides a safe solution for the embezzlement risk of the electronic seal of the server, and arranges a collaborative support server of the electronic notarization and a mobile client of a seal administrator outside the electronic seal server to set a preposed flow for the electronic seal server, and the electronic seal server can be called only after the seal administrator completes the electronic signature together by using the mobile client and the electronic notarization support server, thereby leaving the signature record of the electronic seal using process on the file of each electronic signature, ensuring that the electronic signature can not be completed without the approval of the seal administrator, and avoiding the embezzlement possibility of the electronic seal.

Description

Safe electronic seal management method based on electronic notarization
Technical Field
The invention relates to the business field of stamping an electronic seal on an electronic document, in particular to a method for realizing safe use of the electronic seal under the condition of not needing a Ukey medium.
Background
The electronic signature is an important scene of electronic signature service, and the traditional seal pattern is combined with the electronic signature, so that the electronic seal pattern can be vividly embodied when the electronic signature is finished on an electronic document, and the habit continuation of the traditional paper seal is realized;
the method is characterized in that the prior electronic signature is usually implemented through a Ukey hardware medium, a certificate public key, a certificate private key and a pattern of a seal are canned in the Ukey, when the electronic signature is required to be carried out on a target file, the Ukey is inserted into a computer, and a signature control program is locally run; the electronic seal based on Ukey is highly safe, but the Ukey has a lot of inconvenience in use and can not meet the requirements in many scenes, so that the electronic signature service based on the server appears, in the electronic seal of the server, a certificate public key, a certificate private key and a pattern of the seal are packaged in the server, and when the electronic seal needs to be used, the server automatically calls the certificate public key, the certificate private key and the pattern of the seal to complete the electronic signature operation after finishing authentication on a user; the electronic signature service in the server mode is very convenient to use, but the core security mechanism is completely established on the authentication of a user by the server, and any behavior of bypassing or deceiving the authentication mechanism can cause the embezzlement of the electronic seal, thereby bringing about a serious security problem.
Disclosure of Invention
The invention aims to provide a safe electronic seal management method based on an electronic notarization, aiming at the embezzlement risk of an electronic seal of a server, a preposed flow is set for the electronic seal server by configuring a cooperative server of the electronic notarization and a mobile client of a seal administrator outside the electronic seal server, and the electronic seal server can be called only after the seal administrator personally uses the mobile client and the electronic notarization cooperative server to jointly complete electronic signature each time of seal application, so that signature records of the use process of the electronic seal are left on a file of each electronic signature, the electronic signature cannot be completed without the approval of the seal administrator, and the possibility of embezzlement of the electronic seal is avoided.
The technical scheme of the invention is as follows:
the invention provides a safe electronic seal management method based on an electronic notarization, which comprises the following steps:
s1, user registration step:
1.1, the User sends a registration request to an electronic notarization supporting server Ns through an electronic seal server Ss, and the User submits the principal identity information Id of the UseruDesign Seal of User SealuAnd identity information Id of printing manager Mgmg(ii) a The electronic seal server Ss generates a public and private key pair by using a public key cryptographic algorithm, wherein the private key is
Figure BDA0002425520880000021
The public key is
Figure BDA0002425520880000022
And sends the access address Ad of the Ss to the electronic notarization supporting server NssSimultaneously, registration is requested;
1.2, after receiving the registration request, the electronic notarization supporting server Ns generates a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
1.3, electronic seal server Ss uses keysTo the private key of
Figure BDA0002425520880000023
Carry out encryption
Figure BDA0002425520880000024
Figure BDA0002425520880000025
Use keysFor Idu、Idmg
Figure BDA0002425520880000026
Performing cryptographic calculations
Figure BDA0002425520880000027
Figure BDA0002425520880000028
And will be
Figure BDA0002425520880000029
Sending to the electronic notarization supporting server Ns; at the same time will
Figure BDA00024255208800000210
SealuLogging in an Ss database, and discarding keyss
1.4 electronic notarization support server Ns uses keysTo pair
Figure BDA00024255208800000211
Perform decryption operation
Figure BDA00024255208800000212
If the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg
Figure BDA00024255208800000213
Electronic notarization support server Ns with IduThe recorded content is main body information and is combined with a public key
Figure BDA00024255208800000214
Generating a standard certificate format using a self-configured root certificate private key
Figure BDA00024255208800000215
For IduAnd
Figure BDA00024255208800000216
signing and generating digital certificate for User
Figure BDA0002425520880000031
The electronic notarization supporting server Ns will
Figure BDA0002425520880000032
And self-configured root certificate public key
Figure BDA0002425520880000033
Send the Id to the Ssu、Idmg
Figure BDA0002425520880000034
Logging in Ns database and connecting with keys、AdsAssociating;
1.5, the electronic seal server Ss informs a seal manager Mg to download and use a seal management mobile client App;
1.6, using a print manager Mg to download and use a print management mobile client App, and inputting the identity information Id of Mgmg' and subject identity information Id of Useru', and setting PIN code
Figure BDA0002425520880000035
1.7 managing Mobile client App Using Key Generation Algorithm Pair with stamp
Figure BDA0002425520880000036
Performing a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter G
Figure BDA0002425520880000037
Managing mobile client App with stampmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
1.8, after receiving the request of the mobile client App, the electronic notarization supporting server Ns sends the Idu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing real-name identity authentication on Mg, terminating tasks if the authentication fails, and continuing if the authentication passes;
electronic notarization supporting server Ns uses key generation algorithm to randomly generate a cipher conforming to public key for MgSecond component d of regular private key2And using d2And an elliptic curve parameter G, calculating a cooperative public key
Figure BDA0002425520880000038
Complete public key with P as Mg
Figure BDA0002425520880000039
Electronic notarization support server Ns with IdmgThe recorded content is main body information and is combined with a public key
Figure BDA00024255208800000310
Generating a standard certificate format using a root certificate private key
Figure BDA00024255208800000311
For IdmgAnd
Figure BDA00024255208800000312
signing, generating digital certificate Cer for printing manager Mgmg
The electronic notarization supporting server Ns connects CermgAnd access addresses Ad of SssSending to App, P1, d2
Figure BDA00024255208800000313
CermgLogging into Ns database and correlating with Idu、Idmg
Figure BDA00024255208800000314
keys、AdsAssociating; 1.9, using seal manager Mg to access address Ad of electronic seal server Ss by AppsEstablishing communication with Ss and sending CermgTo Ss;
1.10, the electronic seal server Ss receives the certificate CermgThereafter, the root certificate public key of the electronic notarization supporting server Ns is used
Figure BDA0002425520880000041
To CermgIs testedSigning, checking not passing, terminating task, checking passing, Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgEnter the database of Ss and compare with Idmg、Sealu
Figure BDA0002425520880000042
Associating; meanwhile, informing the App system of the completion of the registration process;
s2, electronic seal using step
2.1, leading a file M needing to be stamped into an electronic stamp server Ss by a user, and specifying a stamping position;
2.2, the electronic seal server Ss generates a Task1 for the file M, and sends the Task1 to a seal management mobile client App under a Mg real-name account of a seal manager;
2.3 Using the real identity information Id with print Administrator MgmgLogging in App, checking Task1, downloading file M to App, not agreeing to seal, terminating Task, agreeing to seal, inputting PIN code to App by print manager Mg
Figure BDA0002425520880000043
Carrying out the next step;
app uses the same key generation algorithm pair in step 1.7
Figure BDA0002425520880000044
Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M
Figure BDA0002425520880000045
Sign the value
Figure BDA0002425520880000046
Together with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
2.4 electronic notarization support server Ns passes through IdmgQuery the database to get P1 andkeyssignature value pair using P1
Figure BDA0002425520880000047
Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pair
Figure BDA0002425520880000048
Performing a collaborative signature operation
Figure BDA0002425520880000049
Sign the value
Figure BDA00024255208800000410
keysReturning to App;
2.5 App use d1For signature value
Figure BDA00024255208800000411
Performing a collaborative signature operation
Figure BDA00024255208800000412
Figure BDA00024255208800000413
Obtaining the final signature value of the file M
Figure BDA00024255208800000414
Sign the value
Figure BDA00024255208800000415
Synthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss;
2.6, the electronic seal server Ss uses the Mg digital certificate CermgCertificate public key contained in
Figure BDA00024255208800000416
For file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysLogarithm ofIn a database
Figure BDA00024255208800000417
Perform decryption operation
Figure BDA00024255208800000418
If the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Figure BDA0002425520880000051
Electronic seal server Ss uses private key
Figure BDA0002425520880000052
Invoking digital certificates
Figure BDA0002425520880000053
And Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificates
Figure BDA0002425520880000054
Composition to File M1To generate a file M2(ii) a And informing the seal management mobile client App that the electronic seal signing of the file M is completed.
Further, in step 1.1, the principal identity information IduIncluding name, organization code; identity information Id of print administratormgIncluding the name and identification number.
Further, in step 1.8, the real-name identity authentication is performed on Mg by using a face recognition and citizen identity database comparison method.
Further, in the step 2.1, the user introduces the file M to be stamped through the requirement service side Bs, sends the file M to be stamped to the electronic stamp server Ss, and specifies the stamping position; in a corresponding step 2.6, the electronic seal server Ss documents M2Returning to the requirement service end Bs; and then notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
A stamp management mobile client App adopted by a safe electronic stamp management method based on an electronic notarization comprises the following steps:
a registration information entry module: receiving identity information Id input by print manager Mgmg', subject identity information Id of Useru', and a set PIN code
Figure BDA0002425520880000055
A registration key generation module: using a key generation algorithm pair
Figure BDA0002425520880000056
Performing a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter G
Figure BDA0002425520880000057
Will Idmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
a registered digital certificate module: receiving Cer sent by electronic notarization support server NsmgAnd access addresses Ad of SssThrough AdsEstablishing communication with Ss and sending CermgTo Ss; after the electronic seal server Ss checks the signature, receiving registration flow completion information;
a print job receipt confirmation module: receiving a stamp using Task1 sent by the electronic stamp server Ss and receiving real identity information Id used by a stamp manager MgmgThe user logs in, looks up a Task1, downloads the file M to the App, and receives the stamp consumption confirmation information of the stamp consumption manager Mg; terminating the task for the seal not approved, receiving the PIN code input by the print manager Mg for the seal approved
Figure BDA0002425520880000061
Using the same key generation algorithm pair in the registration key generation module
Figure BDA0002425520880000062
Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M
Figure BDA0002425520880000063
Figure BDA0002425520880000064
Sign the value
Figure BDA0002425520880000065
Together with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
a printing task signature module: receiving the signature value sent by the electronic notarization supporting server Ns
Figure BDA0002425520880000066
And keysUsing d1For signature value
Figure BDA0002425520880000067
Performing a collaborative signature operation
Figure BDA0002425520880000068
Obtaining the final signature value of the file M
Figure BDA0002425520880000069
Sign the value
Figure BDA00024255208800000610
Synthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss; seal pattern Seal is transmitted to electronic Seal server SsuAnd digital certificates
Figure BDA00024255208800000611
And after the electronic seal signing completion notification is synthesized on the file, receiving the electronic seal signing completion notification.
An electronic seal server Ss adopted by a safe electronic seal management method based on an electronic notarization, the server comprises:
a registered user request sending module: receiving User main body identity information Id submitted by a UseruDesign Seal of User SealuAnd identity information Id of printing manager MgmgGenerating a public-private key pair using a public-key cryptographic algorithm, wherein the private key is
Figure BDA00024255208800000612
The public key is
Figure BDA00024255208800000613
And sends the access address Ad of the Ss to the electronic notarization supporting server NssAnd a registration request of the user;
a registration encryption module: receiving a symmetric key sent by the electronic notarization supporting server NssAfter that, use the keysTo the private key of
Figure BDA00024255208800000614
Carry out encryption
Figure BDA00024255208800000615
Use keysFor Idu、Idmg
Figure BDA00024255208800000616
Performing cryptographic calculations
Figure BDA00024255208800000617
And will be
Figure BDA00024255208800000618
Sending to the electronic notarization supporting server Ns; at the same time will
Figure BDA00024255208800000619
SealuLogging in an Ss database, and discarding keyss
A registration certificate public key receiving module: receiving a digital certificate which is sent by an electronic notarization supporting server Ns and is generated for a User
Figure BDA00024255208800000620
And self-configured root certificate public key
Figure BDA00024255208800000621
Then, informing a printing manager to download Mg and manage the mobile client App by using the printing;
the public key signature checking module of the registration certificate: receiving a certificate Cer sent by the electronic notarization supporting server Ns and generated for the printing administrator MgmgThereafter, the root certificate public key of the electronic notarization supporting server Ns is used
Figure BDA0002425520880000071
To CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgIs logged into the database and associated with Idmg、Sealu
Figure BDA0002425520880000072
Figure BDA0002425520880000073
Associating; meanwhile, informing the App system of the completion of the registration process;
the printing task generation module: receiving a file M needing to be stamped and a designated stamping position imported by a user; generating a Task1 for the file M, and sending the Task1 to a stamp-using management mobile client App under a Mg real-name account of a stamp-using manager;
the signature checking and signing module for the printing task: receiving a file M containing Mg personal signature information sent by App1And keysUsing Mg digital certificate CermgCertificate public key contained in
Figure BDA0002425520880000074
For file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysLogarithm ofIn a database
Figure BDA0002425520880000075
Perform decryption operation
Figure BDA0002425520880000076
If the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Figure BDA0002425520880000077
Using a private key
Figure BDA0002425520880000078
Invoking digital certificates
Figure BDA0002425520880000079
And Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificates
Figure BDA00024255208800000710
Composition to File M1To generate a file M2(ii) a File M2And returning the information to the electronic seal server Ss, and synchronously notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
An electronic notarization supporting server Ns adopted by a safe electronic seal management method based on an electronic notarization, the server comprises:
a registered symmetric key generation module: after receiving the registration request, generating a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
a registered user digital certificate generation module: after receiving the user information encrypted by the electronic seal server Ss
Figure BDA00024255208800000711
Use keysTo pair
Figure BDA00024255208800000712
Perform decryption operation
Figure BDA00024255208800000713
If the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg
Figure BDA00024255208800000714
By IduThe recorded content is main body information and is combined with a public key
Figure BDA0002425520880000081
Generating a standard certificate format using a self-configured root certificate private key
Figure BDA0002425520880000082
For IduAnd
Figure BDA0002425520880000083
signing and generating digital certificate for User
Figure BDA0002425520880000084
Will be provided with
Figure BDA0002425520880000085
And self-configured root certificate public key
Figure BDA0002425520880000086
Send the Id to the Ssu、Idmg
Figure BDA0002425520880000087
Logging in Ns database and connecting with keys、AdsAssociating;
a registration print administrator digital certificate generation module: after receiving the request of the mobile client App, the Id is transmittedu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, terminating tasks with inconsistent ones, comparing with consistent ones, performing real-name identity authentication on Mg, terminating tasks with failed authentication, and terminating tasks with passed authenticationCarrying out the next step;
randomly generating a private key second component d for Mg using a key generation algorithm that conforms to the public key cryptographic rules2And using d2And an elliptic curve parameter G, calculating a cooperative public key
Figure BDA0002425520880000088
Complete public key with P as Mg
Figure BDA0002425520880000089
By IdmgThe recorded content is main body information and is combined with a public key
Figure BDA00024255208800000810
Generating a standard certificate format using a root certificate private key
Figure BDA00024255208800000811
For IdmgAnd
Figure BDA00024255208800000812
signing, generating digital certificate Cer for printing manager Mgmg
Cer is to bemgAnd access addresses Ad of SssSending to App, P1, d2
Figure BDA00024255208800000813
CermgLogging into Ns database and correlating with Idu、Idmg
Figure BDA00024255208800000814
keys、AdsAssociating;
and a signature verification module for the printing task: receiving the identity information Id of Mg sent by AppmgAnd a signature value after signing the file M
Figure BDA00024255208800000815
By IdmgQuerying the database for P1 and keysSignature value pair using P1
Figure BDA00024255208800000816
Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pair
Figure BDA00024255208800000817
Performing a collaborative signature operation
Figure BDA00024255208800000818
Sign the value
Figure BDA00024255208800000819
keysAnd returning to App.
The invention has the beneficial effects that:
the invention provides a safe solution for the embezzlement risk of the electronic seal of the server, by configuring a cooperative support server of an electronic notarization and a mobile client of a seal administrator outside an electronic seal server, and setting a preposed flow for the electronic seal server, the electronic seal server can be called only after the seal administrator personally uses the mobile client and the electronic notarization support server to jointly complete electronic signature each time of seal application, so that signature records of the use process of the electronic seal are left on the file of each electronic signature, and the electronic signature can not be completed without the approval of the seal administrator, thereby avoiding the possibility of embezzlement of the electronic seal, and the specific advantages are as follows:
1. the high safety of the electronic seal can be ensured without Ukey media;
2. each electronic signature file contains a personal certificate signature of a user, so that the use process of the electronic seal is easy to track;
3. the electronic seal is difficult to steal by attaching the front flow of the personal signature.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 shows a schematic structural diagram of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
As shown in fig. 1, the present invention provides a secure electronic seal management method based on an electronic notarization, which includes the following steps:
s1, user registration step:
1.1, the User sends a registration request to an electronic notarization supporting server Ns through an electronic seal server Ss, and the User submits the principal identity information Id of the Useru(principal identity information Id)uMay include name, mechanism code, etc.), design Seal of User SealuAnd identity information Id of printing manager Mgmg(identity information Id of print managermgIncluding name and identification number, etc.); the electronic seal server Ss generates a public and private key pair by using a public key cryptographic algorithm, wherein the private key is
Figure BDA0002425520880000101
The public key is
Figure BDA0002425520880000102
And sends the access address Ad of the Ss to the electronic notarization supporting server NssSimultaneously, registration is requested;
1.2, after receiving the registration request, the electronic notarization supporting server Ns generates a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
1.3 electronic sealThe server Ss uses the keysTo the private key of
Figure BDA0002425520880000103
Carry out encryption
Figure BDA0002425520880000104
Figure BDA0002425520880000105
Use keysFor Idu、Idmg
Figure BDA0002425520880000106
Performing cryptographic calculations
Figure BDA0002425520880000107
Figure BDA0002425520880000108
And will be
Figure BDA0002425520880000109
Sending to the electronic notarization supporting server Ns; at the same time will
Figure BDA00024255208800001010
SealuLogging in an Ss database, and discarding keyss
1.4 electronic notarization support server Ns uses keysTo pair
Figure BDA00024255208800001011
Perform decryption operation
Figure BDA00024255208800001012
If the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg
Figure BDA00024255208800001013
Electronic notarization support server Ns with IduThe recorded content is main body information and is combined with a public key
Figure BDA00024255208800001014
Generating a standard certificate format using a self-configured root certificate private key
Figure BDA00024255208800001015
For IduAnd
Figure BDA00024255208800001016
signing and generating digital certificate for User
Figure BDA00024255208800001017
The electronic notarization supporting server Ns will
Figure BDA00024255208800001018
And self-configured root certificate public key
Figure BDA00024255208800001019
Send the Id to the Ssu、Idmg
Figure BDA00024255208800001020
Logging in Ns database and connecting with keys、AdsAssociating;
1.5, the electronic seal server Ss informs a seal manager Mg to download and use a seal management mobile client App;
1.6, using a print manager Mg to download and use a print management mobile client App, and inputting the identity information Id of Mgmg' and subject identity information Id of Useru', and setting PIN code
Figure BDA00024255208800001021
1.7 managing Mobile client App Using Key Generation Algorithm Pair with stamp
Figure BDA00024255208800001022
Performing a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first public key by combining the elliptic curve parameter GComponent(s) of
Figure BDA00024255208800001023
Managing mobile client App with stampmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
1.8, after receiving the request of the mobile client App, the electronic notarization supporting server Ns sends the Idu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing on Mg, not passing authentication, terminating the tasks, passing authentication, and continuing; the real-name identity authentication can be carried out on Mg by using a face recognition and citizen identity database comparison method;
the electronic notarization supporting server Ns uses the key generation algorithm to randomly generate a private key second component d conforming to the public key cryptography rule for Mg2And using d2And an elliptic curve parameter G, calculating a cooperative public key
Figure BDA0002425520880000111
Complete public key with P as Mg
Figure BDA0002425520880000112
Electronic notarization support server Ns with IdmgThe recorded content is main body information and is combined with a public key
Figure BDA0002425520880000113
Generating a standard certificate format using a root certificate private key
Figure BDA0002425520880000114
For IdmgAnd
Figure BDA0002425520880000115
signing, generating digital certificate Cer for printing manager Mgmg
The electronic notarization supporting server Ns connects CermgAnd access addresses Ad of SssSending to App, P1, d2
Figure BDA0002425520880000116
CermgLogging into Ns database and correlating with Idu、Idmg
Figure BDA0002425520880000117
keys、AdsAssociating;
1.9, using seal manager Mg to access address Ad of electronic seal server Ss by AppsEstablishing communication with Ss and sending CermgTo Ss;
1.10, the electronic seal server Ss receives the certificate CermgThereafter, the root certificate public key of the electronic notarization supporting server Ns is used
Figure BDA0002425520880000118
To CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgEnter the database of Ss and compare with Idmg、Sealu
Figure BDA0002425520880000119
Associating; meanwhile, informing the App system of the completion of the registration process;
s2, electronic seal using step
2.1, leading a file M needing to be stamped into an electronic stamp server Ss by a user, and specifying a stamping position;
2.2, the electronic seal server Ss generates a Task1 for the file M, and sends the Task1 to a seal management mobile client App under a Mg real-name account of a seal manager;
2.3 Using the real identity information Id with print Administrator MgmgLogging in App, checking Task1, downloading file M to App, not agreeing to seal, terminating Task, agreeing to seal, inputting PIN code to App by print manager Mg
Figure BDA0002425520880000121
Carrying out the next step;
app uses the same key generation algorithm pair in step 1.7
Figure BDA0002425520880000122
Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M
Figure BDA0002425520880000123
Sign the value
Figure BDA0002425520880000124
Together with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
2.4 electronic notarization support server Ns passes through IdmgQuerying the database for P1 and keysSignature value pair using P1
Figure BDA0002425520880000125
Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pair
Figure BDA0002425520880000126
Performing a collaborative signature operation
Figure BDA0002425520880000127
Sign the value
Figure BDA0002425520880000128
keysReturning to App;
2.5 App use d1For signature value
Figure BDA0002425520880000129
Performing a collaborative signature operation
Figure BDA00024255208800001210
Figure BDA00024255208800001211
Obtaining the final signature value of the file M
Figure BDA00024255208800001212
Sign the value
Figure BDA00024255208800001213
Synthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss;
2.6, the electronic seal server Ss uses the Mg digital certificate CermgCertificate public key contained in
Figure BDA00024255208800001214
For file M1Performing a checkmark, terminating the task of failing to pass the checkmark, passing the checkmark, using kdysFor in database
Figure BDA00024255208800001215
Perform decryption operation
Figure BDA00024255208800001216
If the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Figure BDA00024255208800001217
Electronic seal server Ss uses private key
Figure BDA00024255208800001218
Invoking digital certificates
Figure BDA00024255208800001219
And Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificates
Figure BDA00024255208800001220
Composition to File M1Go up and growFile formed M2(ii) a And informing the seal management mobile client App that the electronic seal signing of the file M is completed.
As an embodiment of the present invention, in step 2.1, a user may import a file M to be stamped through a demand service end Bs, send the file M to an electronic stamp server Ss, and specify a stamping position; in a corresponding step 2.6, the electronic seal server Ss documents M2Returning to the requirement service end Bs; and then notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
The main identity of the User can be a company, the required service end Bs can be service ends used by users needing printing service in the company, and a printing request is sent by accessing an electronic seal server Ss; the aforementioned electronic seal server Ss may be disposed in a company of the User; the management mobile client App with the stamp is held and maintained by a specially-assigned person.
A stamp management mobile client App adopted by a safe electronic stamp management method based on an electronic notarization comprises the following steps:
a registration information entry module: receiving identity information Id input by print manager Mgmg', subject identity information Id of Useru', and a set PIN code
Figure BDA0002425520880000131
A registration key generation module: using a key generation algorithm pair
Figure BDA0002425520880000132
Performing a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter G
Figure BDA0002425520880000133
Will Idmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
a registered digital certificate module: receiving electronic notarization supporting server Ns transmitted CermgAnd access addresses Ad of SssThrough AdsEstablishing communication with Ss and sending CermgTo Ss; after the electronic seal server Ss checks the signature, receiving registration flow completion information;
a print job receipt confirmation module: receiving a stamp using Task1 sent by the electronic stamp server Ss and receiving real identity information Id used by a stamp manager MgmgThe user logs in, looks up a Task1, downloads the file M to the App, and receives the stamp consumption confirmation information of the stamp consumption manager Mg; terminating the task for the seal not approved, receiving the PIN code input by the print manager Mg for the seal approved
Figure BDA0002425520880000134
Using the same key generation algorithm pair in the registration key generation module
Figure BDA0002425520880000135
Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M
Figure BDA0002425520880000136
Figure BDA00024255208800001314
Sign the value
Figure BDA0002425520880000137
Together with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
a printing task signature module: receiving the signature value sent by the electronic notarization supporting server Ns
Figure BDA0002425520880000138
And keysUsing d1For signature value
Figure BDA0002425520880000139
Performing a collaborative signature operation
Figure BDA00024255208800001310
Obtaining the final signature value of the file M
Figure BDA00024255208800001311
Sign the value
Figure BDA00024255208800001312
Synthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss; seal pattern Seal is transmitted to electronic Seal server SsuAnd digital certificates
Figure BDA00024255208800001313
And after the electronic seal signing completion notification is synthesized on the file, receiving the electronic seal signing completion notification.
An electronic seal server Ss adopted by a safe electronic seal management method based on an electronic notarization, the server comprises:
a registered user request sending module: receiving User main body identity information Id submitted by a UseruDesign Seal of User SealuAnd identity information Id of printing manager MgmgGenerating a public-private key pair using a public-key cryptographic algorithm, wherein the private key is
Figure BDA0002425520880000141
The public key is
Figure BDA0002425520880000142
And sends the access address Ad of the Ss to the electronic notarization supporting server NssAnd a registration request of the user;
a registration encryption module: receiving a symmetric key sent by the electronic notarization supporting server NssAfter that, use the keysTo the private key of
Figure BDA0002425520880000143
Carry out encryption
Figure BDA0002425520880000144
Use keysFor Idu、Idmg
Figure BDA0002425520880000145
Performing cryptographic calculations
Figure BDA0002425520880000146
And will be
Figure BDA0002425520880000147
Sending to the electronic notarization supporting server Ns; at the same time will
Figure BDA0002425520880000148
Sealx is recorded into the Ss database, and key is discardeds
A registration certificate public key receiving module: receiving a digital certificate which is sent by an electronic notarization supporting server Ns and is generated for a User
Figure BDA0002425520880000149
And self-configured root certificate public key
Figure BDA00024255208800001410
Then, informing a printing manager to download Mg and manage the mobile client App by using the printing;
the public key signature checking module of the registration certificate: receiving a certificate Cer sent by the electronic notarization supporting server Ns and generated for the printing administrator MgmgThereafter, the root certificate public key of the electronic notarization supporting server Ns is used
Figure BDA00024255208800001411
To CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgIs logged into the database and associated with Idmg、Sealu
Figure BDA00024255208800001412
Figure BDA00024255208800001413
Associating; meanwhile, informing the App system of the completion of the registration process;
the printing task generation module: receiving a file M needing to be stamped and a designated stamping position imported by a user; generating a Task1 for the file M, and sending the Task1 to a stamp-using management mobile client App under a Mg real-name account of a stamp-using manager;
the signature checking and signing module for the printing task: receiving a file M containing Mg personal signature information sent by App1And keysUsing Mg digital certificate CermgCertificate public key contained in
Figure BDA00024255208800001414
For file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysFor in database
Figure BDA0002425520880000151
Perform decryption operation
Figure BDA0002425520880000152
If the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Figure BDA0002425520880000153
Using a private key
Figure BDA0002425520880000154
Invoking digital certificates
Figure BDA0002425520880000155
And Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificates
Figure BDA0002425520880000156
Composition to File M1To generate a file M2(ii) a File M2Return to electronic seal serviceAnd the device Ss synchronously informs the seal management mobile client App that the electronic seal signing of the file M is completed.
An electronic notarization supporting server NS adopted by a safe electronic seal management method based on electronic notarization comprises:
a registered symmetric key generation module: after receiving the registration request, generating a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
a registered user digital certificate generation module: after receiving the user information encrypted by the electronic seal server Ss
Figure BDA0002425520880000157
Use keysTo pair
Figure BDA0002425520880000158
Perform decryption operation
Figure BDA0002425520880000159
If the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg
Figure BDA00024255208800001510
By IduThe recorded content is main body information and is combined with a public key
Figure BDA00024255208800001511
Generating a standard certificate format using a self-configured root certificate private key
Figure BDA00024255208800001512
For IduAnd
Figure BDA00024255208800001513
signing and generating digital certificate for User
Figure BDA00024255208800001514
Will be provided with
Figure BDA00024255208800001515
And self-configured root certificate public key
Figure BDA00024255208800001516
Send the Id to the Ssu、Idmg
Figure BDA00024255208800001517
Logging in Ns database and connecting with keys、AdsAssociating;
a registration print administrator digital certificate generation module: after receiving the request of the mobile client App, the Id is transmittedu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing real-name identity authentication on Mg, terminating tasks if the authentication fails, and performing the next step if the authentication passes;
randomly generating a private key second component d for Mg using a key generation algorithm that conforms to the public key cryptographic rules2And using d2And an elliptic curve parameter G, calculating a cooperative public key
Figure BDA00024255208800001518
Complete public key with P as Mg
Figure BDA00024255208800001519
By IdmgThe recorded content is main body information and is combined with a public key
Figure BDA00024255208800001520
Generating a standard certificate format using a root certificate private key
Figure BDA0002425520880000161
For IdmgAnd
Figure BDA0002425520880000162
signing, generating digital certificate Cer for printing manager Mgmg
Cer is to bemgAnd access addresses Ad of SssSending to App, P1, d2
Figure BDA0002425520880000163
CermgLogging into Ns database and correlating with Idu、Idmg
Figure BDA0002425520880000164
keys、AdsAssociating;
and a signature verification module for the printing task: receiving the identity information Id of Mg sent by AppmgAnd a signature value after signing the file M
Figure BDA0002425520880000165
By IdmgQuerying the database for P1 and keysSignature value pair using P1
Figure BDA0002425520880000166
Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pair
Figure BDA0002425520880000167
Performing a collaborative signature operation
Figure BDA0002425520880000168
Sign the value
Figure BDA0002425520880000169
keysAnd returning to App.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.

Claims (7)

1. A safe electronic seal management method based on electronic notarization is characterized by comprising the following steps:
s1, user registration step:
1.1, the User sends a registration request to an electronic notarization supporting server Ns through an electronic seal server Ss, and the User submits the principal identity information Id of the UseruDesign Seal of User SealuAnd identity information Id of printing manager Mgmg(ii) a The electronic seal server Ss generates a public and private key pair by using a public key cryptographic algorithm, wherein the private key is
Figure FDA0002425520870000011
The public key is
Figure FDA0002425520870000012
And sends the access address Ad of the Ss to the electronic notarization supporting server NssSimultaneously, registration is requested;
1.2, after receiving the registration request, the electronic notarization supporting server Ns generates a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
1.3, electronic seal server Ss uses keysTo the private key of
Figure FDA0002425520870000013
Carry out encryption
Figure FDA0002425520870000014
Figure FDA0002425520870000015
Use keysFor Idu、Idmg
Figure FDA0002425520870000016
Performing cryptographic calculations
Figure FDA0002425520870000017
Figure FDA0002425520870000018
And will be
Figure FDA0002425520870000019
Sending to the electronic notarization supporting server Ns; at the same time will
Figure FDA00024255208700000110
SealuLogging in an Ss database, and discarding keyss
1.4 electronic notarization support server Ns uses keysTo pair
Figure FDA00024255208700000111
Perform decryption operation
Figure FDA00024255208700000112
If the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg
Figure FDA00024255208700000113
Electronic notarization support server Ns with IduThe recorded content is main body information and is combined with a public key
Figure FDA00024255208700000114
Generating a standard certificate format using a self-configured root certificate private key
Figure FDA00024255208700000115
For IduAnd
Figure FDA00024255208700000116
signing and generating digital certificate for User
Figure FDA00024255208700000117
The electronic notarization supporting server Ns will
Figure FDA00024255208700000118
And self-configured root certificate public key
Figure FDA00024255208700000119
Send the Id to the Ssu、Idmg
Figure FDA00024255208700000120
Logging in Ns database and connecting with keys、AdsAssociating;
1.5, the electronic seal server Ss informs a seal manager Mg to download and use a seal management mobile client App;
1.6, using a print manager Mg to download and use a print management mobile client App, and inputting the identity information Id of Mgmg' and subject identity information Id of Useru', and setting PIN code
Figure FDA0002425520870000021
1.7 managing Mobile client App Using Key Generation Algorithm Pair with stamp
Figure FDA0002425520870000022
Performing a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter G
Figure FDA0002425520870000023
Managing mobile client App with stampmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
1.8, after receiving the request of the mobile client App, the electronic notarization supporting server Ns sends the Idu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, terminating tasks with inconsistent ones, authenticating Mg with real name, and terminating tasksContinuing the transaction after the authentication is passed;
the electronic notarization supporting server Ns uses the key generation algorithm to randomly generate a private key second component d conforming to the public key cryptography rule for Mg2And using d2And an elliptic curve parameter G, calculating a cooperative public key
Figure FDA0002425520870000024
Complete public key with P as Mg
Figure FDA0002425520870000025
Electronic notarization support server Ns with IdmgThe recorded content is main body information and is combined with a public key
Figure FDA0002425520870000026
Generating a standard certificate format using a root certificate private key
Figure FDA0002425520870000027
For IdmgAnd
Figure FDA0002425520870000028
signing, generating digital certificate Cer for printing manager Mgmg
The electronic notarization supporting server Ns connects CermgAnd access addresses Ad of SssSending to App, P1, d2
Figure FDA0002425520870000029
CermgLogging into Ns database and correlating with Idu、Idmg
Figure FDA00024255208700000210
keys、AdsAssociating;
1.9, using seal manager Mg to access address Ad of electronic seal server Ss by AppsEstablishing communication with Ss and sending CermgTo Ss;
1.10, the electronic seal server Ss receives the certificate CermgThereafter, the root certificate public key of the electronic notarization supporting server Ns is used
Figure FDA00024255208700000211
To CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgEnter the database of Ss and compare with Idmg、Sealu
Figure FDA00024255208700000212
Associating; meanwhile, informing the App system of the completion of the registration process;
s2, electronic seal using step
2.1, leading a file M needing to be stamped into an electronic stamp server Ss by a user, and specifying a stamping position;
2.2, the electronic seal server Ss generates a Task1 for the file M, and sends the Task1 to a seal management mobile client App under a Mg real-name account of a seal manager;
2.3 Using the real identity information Id with print Administrator MgmgLogging in App, checking Task1, downloading file M to App, not agreeing to seal, terminating Task, agreeing to seal, inputting PIN code to App by print manager Mg
Figure FDA0002425520870000031
Carrying out the next step;
app uses the same key generation algorithm pair in step 1.7
Figure FDA0002425520870000032
Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M
Figure FDA0002425520870000033
Sign the value
Figure FDA0002425520870000034
Together with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
2.4 electronic notarization support server Ns passes through IdmgQuerying the database for P1 and keysSignature value pair using P1
Figure FDA0002425520870000035
Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pair
Figure FDA0002425520870000036
Performing a collaborative signature operation
Figure FDA0002425520870000037
Sign the value
Figure FDA0002425520870000038
keysReturning to App;
2.5 App use d1For signature value
Figure FDA0002425520870000039
Performing a collaborative signature operation
Figure FDA00024255208700000321
Figure FDA00024255208700000311
Obtaining the final signature value of the file M
Figure FDA00024255208700000312
Sign the value
Figure FDA00024255208700000313
Synthesized into a document M to generate personal signature information containing MgFile M1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss;
2.6, the electronic seal server Ss uses the Mg digital certificate CermgCertificate public key contained in
Figure FDA00024255208700000314
For file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysFor in database
Figure FDA00024255208700000315
Perform decryption operation
Figure FDA00024255208700000316
If the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Figure FDA00024255208700000317
Electronic seal server Ss uses private key
Figure FDA00024255208700000318
Invoking digital certificates
Figure FDA00024255208700000319
And Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificates
Figure FDA00024255208700000320
Composition to File M1To generate a file M2(ii) a And informing the seal management mobile client App that the electronic seal signing of the file M is completed.
2. The electronic notarization-based secure electronic seal management method of claim 1, wherein in step 1.1, the principal identity information IduComprises thatName, organization code; identity information Id of print administratormgIncluding the name and identification number.
3. The electronic notary based secure electronic seal management method according to claim 1, wherein in step 1.8, real-name identity authentication is performed on Mg by using a face recognition and citizen identity database comparison method.
4. The electronic notarization-based secure electronic seal management method according to claim 1, wherein in step 2.1, a user imports a file M to be stamped through a demand service side Bs, sends the file M to be stamped to an electronic seal server Ss, and specifies the stamping position; in a corresponding step 2.6, the electronic seal server Ss documents M2Returning to the requirement service end Bs; and then notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
5. A stamp management mobile client App for use in a secure electronic seal management method based on an electronic notarization according to one of claims 1 to 4, characterized in that the client comprises:
a registration information entry module: receiving identity information Id input by print manager Mgmg', subject identity information Id of Useru', and a set PIN code
Figure FDA0002425520870000041
A registration key generation module: using a key generation algorithm pair
Figure FDA0002425520870000042
Performing a key derivation operation to generate a first component d of the private key that conforms to the public key cryptographic rules1And calculating the first component of the public key by combining the elliptic curve parameter G
Figure FDA0002425520870000043
Will Idmg’、Idu' and the public key first component P1 to the electronic notarization support server Ns;
a registered digital certificate module: receiving Cer sent by electronic notarization support server NsmgAnd access addresses Ad of SssThrough AdsEstablishing communication with Ss and sending CermgTo Ss; after the electronic seal server Ss checks the signature, receiving registration flow completion information;
a print job receipt confirmation module: receiving a stamp using Task1 sent by the electronic stamp server Ss and receiving real identity information Id used by a stamp manager MgmgThe user logs in, looks up a Task1, downloads the file M to the App, and receives the stamp consumption confirmation information of the stamp consumption manager Mg; terminating the task for the seal not approved, receiving the PIN code input by the print manager Mg for the seal approved
Figure FDA0002425520870000051
Using the same key generation algorithm pair in the registration key generation module
Figure FDA0002425520870000052
Performing key derivation operation to obtain d1And with d1Initiating a collaborative signature operation for a key on a file M
Figure FDA0002425520870000053
Figure FDA0002425520870000054
Sign the value
Figure FDA0002425520870000055
Together with the identity information Id of MgmgSending to the electronic notarization supporting server Ns;
a printing task signature module: receiving the signature value sent by the electronic notarization supporting server Ns
Figure FDA0002425520870000056
And keysUsing d1For signature value
Figure FDA0002425520870000057
Performing a collaborative signature operation
Figure FDA0002425520870000058
Obtaining the final signature value of the file M
Figure FDA0002425520870000059
Sign the value
Figure FDA00024255208700000510
Synthesizing the file M to generate a file M containing Mg personal signature information1(ii) a Then M is added1、keysSending the data to an electronic seal server Ss; seal pattern Seal is transmitted to electronic Seal server SsuAnd digital certificates
Figure FDA00024255208700000511
And after the electronic seal signing completion notification is synthesized on the file, receiving the electronic seal signing completion notification.
6. An electronic seal server Ss for use in the electronic notarization-based secure electronic seal management method according to one of claims 1 to 4, characterized in that the server comprises:
a registered user request sending module: receiving User main body identity information Id submitted by a UseruDesign Seal of User SealuAnd identity information Id of printing manager MgmgGenerating a public-private key pair using a public-key cryptographic algorithm, wherein the private key is
Figure FDA00024255208700000512
The public key is
Figure FDA00024255208700000513
And sends the access address Ad of the Ss to the electronic notarization supporting server NssAnd use ofA registration request of a user;
a registration encryption module: receiving a symmetric key sent by the electronic notarization supporting server NssAfter that, use the keysTo the private key of
Figure FDA00024255208700000514
Carry out encryption
Figure FDA00024255208700000515
Use keysFor Idu、Idmg
Figure FDA00024255208700000516
Performing cryptographic calculations
Figure FDA00024255208700000517
And will be
Figure FDA00024255208700000518
Sending to the electronic notarization supporting server Ns; at the same time will
Figure FDA00024255208700000519
SealuLogging in an Ss database, and discarding keyss
A registration certificate public key receiving module: receiving a digital certificate which is sent by an electronic notarization supporting server Ns and is generated for a User
Figure FDA00024255208700000520
And self-configured root certificate public key
Figure FDA00024255208700000521
Then, informing a printing manager to download Mg and manage the mobile client App by using the printing;
the public key signature checking module of the registration certificate: receiving a certificate Cer sent by the electronic notarization supporting server Ns and generated for the printing administrator MgmgThereafter, the root certificate public key of the electronic notarization supporting server Ns is used
Figure FDA0002425520870000061
To CermgPerforming signature verification, stopping task, passing signature verification, and Cer in further inspectionmgWhether the associated subject information is related to Id recorded in the databasemgEnding tasks with consistent and inconsistent information, comparing the tasks with consistency, and comparing CermgIs logged into the database and associated with Idmg、Sealu
Figure FDA0002425520870000062
Figure FDA0002425520870000063
Associating; meanwhile, informing the App system of the completion of the registration process;
the printing task generation module: receiving a file M needing to be stamped and a designated stamping position imported by a user; generating a Task1 for the file M, and sending the Task1 to a stamp-using management mobile client App under a Mg real-name account of a stamp-using manager;
the signature checking and signing module for the printing task: receiving a file M containing Mg personal signature information sent by App1And keysUsing Mg digital certificate CermgCertificate public key contained in
Figure FDA0002425520870000064
For file M1Performing signature verification, terminating task of failing to pass signature verification, passing signature verification, using keysFor in database
Figure FDA0002425520870000065
Perform decryption operation
Figure FDA0002425520870000066
If the decryption fails, the task is terminated, and if the decryption succeeds, the plaintext private key is obtained
Figure FDA0002425520870000067
Using a private key
Figure FDA0002425520870000068
Invoking digital certificates
Figure FDA00024255208700000620
And Seal pattern SealuTo file M1Performing electronic signature operation to Seal the Seal pattern SealuAnd digital certificates
Figure FDA00024255208700000610
Composition to File M1To generate a file M2(ii) a File M2And returning the information to the electronic seal server Ss, and synchronously notifying the seal management mobile client App that the electronic seal signing of the file M is completed.
7. An electronic notarization support server Ns for use in the method of electronic notarization based secure electronic seal management of one of claims 1 to 4, characterized in that it comprises:
a registered symmetric key generation module: after receiving the registration request, generating a symmetric key for the electronic seal server SssWill keysSending to Ss and simultaneously sending keyss、AdsLogging in the Ns database;
a registered user digital certificate generation module: after receiving the user information encrypted by the electronic seal server Ss
Figure FDA00024255208700000611
Use keysTo pair
Figure FDA00024255208700000612
Perform decryption operation
Figure FDA00024255208700000613
If the decryption fails, the task is terminated, and if the decryption succeeds, a decryption result Id is obtainedu、Idmg
Figure FDA00024255208700000614
By IduThe recorded content is main body information and is combined with a public key
Figure FDA00024255208700000615
Generating a standard certificate format using a self-configured root certificate private key
Figure FDA00024255208700000616
For IduAnd
Figure FDA00024255208700000617
signing and generating digital certificate for User
Figure FDA00024255208700000618
Will be provided with
Figure FDA00024255208700000619
And self-configured root certificate public key
Figure FDA0002425520870000071
Send the Id to the Ssu、Idmg
Figure FDA0002425520870000072
Logging in Ns database and connecting with keys、AdsAssociating;
a registration print administrator digital certificate generation module: after receiving the request of the mobile client App, the Id is transmittedu' and Idmg' with Id recorded in databaseuAnd IdmgComparing, comparing inconsistent termination tasks, comparing consistently, performing real-name identity authentication on Mg, terminating tasks if the authentication fails, and performing the next step if the authentication passes;
randomly generating a private key second component d for Mg using a key generation algorithm that conforms to the public key cryptographic rules2And using d2And elliptic curve parameter G, calculating cooperationPublic key
Figure FDA0002425520870000073
Complete public key with P as Mg
Figure FDA0002425520870000074
By IdmgThe recorded content is main body information and is combined with a public key
Figure FDA0002425520870000075
Generating a standard certificate format using a root certificate private key
Figure FDA0002425520870000076
For IdmgAnd
Figure FDA0002425520870000077
signing, generating digital certificate Cer for printing manager Mgmg
Cer is to bemgAnd access addresses Ad of SssSending to App, P1, d2
Figure FDA0002425520870000078
CermgLogging into Ns database and correlating with Idu、Idmg
Figure FDA0002425520870000079
keys、AdsAssociating;
and a signature verification module for the printing task: receiving the identity information Id of Mg sent by AppmgAnd a signature value after signing the file M
Figure FDA00024255208700000710
By IdmgQuerying the database for P1 and keysSignature value pair using P1
Figure FDA00024255208700000711
Checking the signature, failing to pass the signature, terminating the task, passing the signature, using2As a key pair
Figure FDA00024255208700000712
Performing a collaborative signature operation
Figure FDA00024255208700000713
Sign the value
Figure FDA00024255208700000714
keysAnd returning to App.
CN202010219343.2A 2020-03-25 2020-03-25 Safe electronic seal management method based on electronic notarization Active CN111444482B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010219343.2A CN111444482B (en) 2020-03-25 2020-03-25 Safe electronic seal management method based on electronic notarization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010219343.2A CN111444482B (en) 2020-03-25 2020-03-25 Safe electronic seal management method based on electronic notarization

Publications (2)

Publication Number Publication Date
CN111444482A true CN111444482A (en) 2020-07-24
CN111444482B CN111444482B (en) 2022-08-12

Family

ID=71650743

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010219343.2A Active CN111444482B (en) 2020-03-25 2020-03-25 Safe electronic seal management method based on electronic notarization

Country Status (1)

Country Link
CN (1) CN111444482B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800646A (en) * 2010-03-03 2010-08-11 南京优泰科技发展有限公司 Implementation method and system of electronic signature
CN104734851A (en) * 2013-12-24 2015-06-24 卓望数码技术(深圳)有限公司 Electronic seal method and system
CN108206831A (en) * 2017-12-29 2018-06-26 北京书生电子技术有限公司 Implementation method and server, the client and readable storage medium storing program for executing of E-seal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800646A (en) * 2010-03-03 2010-08-11 南京优泰科技发展有限公司 Implementation method and system of electronic signature
CN104734851A (en) * 2013-12-24 2015-06-24 卓望数码技术(深圳)有限公司 Electronic seal method and system
CN108206831A (en) * 2017-12-29 2018-06-26 北京书生电子技术有限公司 Implementation method and server, the client and readable storage medium storing program for executing of E-seal

Also Published As

Publication number Publication date
CN111444482B (en) 2022-08-12

Similar Documents

Publication Publication Date Title
US10142324B2 (en) Method for reading attributes from an ID token
CN102473212B (en) Generate the method for soft token
JP2020145733A (en) Method for managing a trusted identity
US6892300B2 (en) Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller
CN101222333B (en) Data transaction processing method and apparatus
JP4508331B2 (en) Authentication agent device, authentication agent method, authentication agent service system, and computer-readable recording medium
US20110289318A1 (en) System and Method for Online Digital Signature and Verification
US20070179903A1 (en) Identity theft mitigation
CN106953732B (en) Key management system and method for chip card
KR102280061B1 (en) Corporation related certificate issue system and method using did based on blockchain
US11343074B2 (en) Block-chain based identity system
CN114666168B (en) Decentralized identity certificate verification method and device, and electronic equipment
TWI578253B (en) System and method for applying financial certificate using a mobile telecommunication device
US20120089495A1 (en) Secure and mediated access for e-services
JP2000059353A (en) Data storage system, data storage method and its program recording medium
EP1574978A1 (en) Personal information control system, mediation system, and terminal unit
CN112073967B (en) Method and device for downloading identity certificate of mobile phone shield equipment and electronic equipment
JP2000215280A (en) Identity certification system
TWM606867U (en) System for enabling digital certificate with certificate mechanism of online fast authentication
CN111444482B (en) Safe electronic seal management method based on electronic notarization
JP2000078128A (en) Communication system, ic card and recording medium
TWM607988U (en) Hardware carrier authentication and signature system using rapid online authentication
CN111555887A (en) Block chain certificate compatibility processing method and device and computer storage medium
CN111489211A (en) Billing processing method, billing processing device and billing processing medium
TWI772908B (en) System and method for using a device of fast identity online to certified and signed

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant