CN111753276A - Traceable multi-party electronic signing method, computer equipment and storage medium - Google Patents
Traceable multi-party electronic signing method, computer equipment and storage medium Download PDFInfo
- Publication number
- CN111753276A CN111753276A CN202010512358.8A CN202010512358A CN111753276A CN 111753276 A CN111753276 A CN 111753276A CN 202010512358 A CN202010512358 A CN 202010512358A CN 111753276 A CN111753276 A CN 111753276A
- Authority
- CN
- China
- Prior art keywords
- message
- client
- party
- source
- signing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012795 verification Methods 0.000 claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a traceable multi-party electronic signing method, computer equipment and a storage medium which are used for an intermediate terminal; generating a source message, sending the source message to a client, receiving a first message which is sent by the client and comprises the source message and first verification information, and verifying the identity of the client according to the first message; if the identity authentication is passed, generating a second message comprising the first message and the source message, acquiring a serial number from the second message, and sending the serial number to the client; and receiving a third message which is sent by the client and comprises the serial number, the second verification information and the electronic signature, checking the serial number and the second verification information which are contained in the third message, if the check is consistent, storing the electronic signature for signing, if the check is inconsistent, refusing to sign, and quickly positioning the message party with the problem by comparing message values.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a traceable multi-party electronic signing method, computer equipment and a storage medium.
Background
The common electronic signing scene is mostly off-line, for example, in banks, personal direct bank service personnel sign through an electronic board, and paperless signing is realized. When the scene needs to be completed online, usually an individual or a business realizes signature through CA authentication, and data transmission in the scene completely depends on security and confidentiality protection provided by SSL/TLS, and other more reliable auxiliary mechanisms and traceable functions are lacked.
Because the online signing mode excessively depends on CA certificate and SSL/TLS transmission and is easy to be attacked by a man-in-the-middle, the online protocol of the two parties is completed by using the mode, and the trust relationship between the two parties needs to be established offline. Both parties can only ensure the reliability of the electronic signature of the parties, but the reliability of the electronic signature of the other party needs to be judged by the CA authentication of the third party, and if the attack of the third party occurs, or the replacement of the CA authentication and the tampering of the protocol occur, the tracing is difficult to realize.
Disclosure of Invention
The present invention is directed to a traceable multi-party electronic signing method, a computer device and a storage medium for solving the above problems.
In order to achieve the above object, the present disclosure provides a traceable multi-party electronic signing method, which implements strong robustness and non-tamper property through identity authentication and multi-party online exchange information;
for the intermediate end:
generating a source message, sending the source message to a client, receiving a first message which is sent by the client and comprises the source message and first verification information, and verifying the identity of the client according to the first message; it is not clear that the description of this block, not known whether all patents are written or not, is the expression first authentication message or the like, and is so named as not to obscure the scope of protection for the examiner.
If the identity authentication is passed, generating a second message comprising the first message and the source message, acquiring a serial number from the second message, and sending the serial number to the client;
and receiving a third message which is sent by the client and comprises the number, the second verification information and the electronic signature, checking the number and the second verification information which are contained in the third message, if the number and the second verification information are consistent, storing the electronic signature for signing, and if the number and the second verification information are inconsistent, rejecting the signing.
Optionally, the intermediate end generates a fourth message according to the electronic signature of the multi-party client and the electronic signature of the intermediate end, and the fourth message is used as a source message of a next subscription process.
Optionally, the intermediate end forms a sixth message from the electronic contract with the multi-party client electronic signature and the intermediate-end electronic signature, and sends the sixth message and the fourth message to the client.
Optionally, when the intermediate end obtains the number from the second message, a fifth message is generated according to the number and sent to the client, and the client verifies the authenticity of the number through the fifth message.
Optionally, before the signing process is performed, the intermediate end generates a password pair, a private key of the key pair is sent to the client, and a public key of the key pair is reserved at the intermediate end and used for encryption and decryption in the message transmission and receiving processes of the client and the intermediate end.
Optionally, the first message, the fourth message and the sixth message are all transmitted in the form of a hash value.
Optionally, the first message and the fifth message are both transmitted in the form of a hash value.
Optionally, the middle end embeds client authentication information, and when the middle end performs identity authentication on the client, combines the authentication information and the source message to form a seventh message, and compares the first message and the seventh message to authenticate the identity of the client.
Computer equipment comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of the above method when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
The invention has the beneficial effects that:
the invention realizes that the source message is generated by the first signing based on the multi-party signing scene of the intermediate terminal, and the key information of the first signing is used as the source message of the next signing, so that the source can be traced quickly when problems occur.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
FIG. 1 is a flow chart of identity verification according to the present invention;
FIG. 2 is a flow chart of acquiring contract numbers according to the present invention;
FIG. 3 is a flow chart of a client sending a signature according to the present invention;
fig. 4 is a flow chart of the source message and the sixth message according to the present invention.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
The invention relates to a traceable multi-party electronic signing method, which realizes a scene that a multi-party client performs electronic signing through an intermediate terminal, and message transmission related to the method is performed through SSL/TLS.
Before the online electronic signing is started, the multi-party client side carries out primary identity verification through face recognition of the middle side. After the verification is passed, the intermediate terminal issues identity matching password pairs according to the related information of each client terminal through PKI, the private key of the key pair is sent to the client terminal, the public key of the key pair is reserved at the intermediate terminal, and the setting of the key pair is used for encryption and decryption in the process of transmitting and receiving messages between the client terminal and the intermediate terminal.
As shown in fig. 1, the intermediate end generates a source message to send to the client, the source message is a key that can be traced, the client combines the source message and the first verification information to generate a first hash value, i.e. a first message, the first authentication information includes information of multiple dimensions of the client, such as a registered enterprise name, an enterprise organization number, a telephone, an address, a tax number, a legal person, a login password at the intermediate end, etc., the client encrypts the first hash value by its own private key and then transmits it to the intermediate end by means of a secure transport by TLS, because the intermediate end is internally provided with the client authentication information and the source message, the intermediate end combines the source message and the enterprise authentication information to generate a second hash value, the intermediate terminal decrypts the received encrypted first hash value by using the public key to obtain the first hash value, and compares the first hash value with the second hash value to verify the identity of the client terminal.
As shown in fig. 2, if the identity authentication is passed, the middle end combines the first hash value, the source message and the current time point as a second message, the second message passes through a one-way hash algorithm and obtains a number of a contract with the last 12 bits, then encrypts the contract number through a public key, and regenerates a third hash value according to the encrypted contract number, namely a fifth message, the encrypted contract number and the third hash value are used, the client verifies the integrity of the received contract number in the transmission process through the third hash value, and the client decrypts the encrypted contract number through the private key to obtain the contract number.
As shown in fig. 3, the client forms the acquired contract number, the second authentication information, and the electronic signature into a third message. The electronic signature can be transmitted after being encrypted by steganography, the electronic signature is encrypted by steganography to form a stego text, an extraction password can be set for extracting the content in the stego text, the electronic signature can be extracted from the stego text by extracting the password, the stego is a skill and science related to information hiding, and the information hiding refers to that anyone except an expected receiver does not know the transmission event or the content of the information.
The second verification information comprises information of multiple dimensions of the client, such as a registered enterprise name, an enterprise organization number, a telephone, an address, a tax number, a legal person, a login password at the middle end and the like, the third message is encrypted through a private key and is sent to the middle end through TLS, the third message is obtained in the middle and then is decrypted through a public key, meanwhile, electronic signature information in the third message is cancelled, the contract number included in the third message is checked with the previous contract number and the built-in verification information, the enterprise information and the contract number are compared with the second verification information, the identity of the client is verified again, if the check is consistent, the electronic signature is stored to sign, if the check is inconsistent, the signing is rejected, the link is reconstructed, and the previous operation is repeated.
And the intermediate end performs hash calculation according to the electronic signature of the multi-party client and the electronic signature combination of the intermediate end and the multi-party client to obtain a fourth hash value, namely a fourth message, wherein the fourth message is used as a source message of the next signing process. And by analogy, each time of source messages comes from the last signing, so that when contracts are inconsistent, problems can be caused by locating the hash where the contracts are generated, the problem contracts can be found, and the source tracing is realized.
As shown in fig. 4, the intermediate side forms the electronic contract with the multi-party client electronic signature and the intermediate-side electronic signature into a fifth hash value, i.e. a sixth message, and encrypts the fifth hash value together with the fourth hash value and sends the sixth message to the client side through TLS. The client can see and store the decrypted data. And the fourth hash value of the intermediate end is sent to each client end to verify the integrity of the signature on the contract.
The invention also relates to a computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of the above method when executing the computer program.
The invention also relates to a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
The client information is kept secret in the transmission process, and the identities of multiple parties can be judged under the online condition; the message interaction of the invention does not completely depend on the transmission of TLS, and the transmission of information such as contract numbers and the like can be realized even under the condition of unreliable transmission; the method is not afraid of man-in-the-middle attack, and each party can continuously check the information of the other party in the transmission process to judge the authenticity; the platform related to the intermediate end ensures that all the subscriptions can not be tampered, and the uniqueness is ensured; before or after each subscription, the information of the previous subscription is relied on, so that a traceable fault point is ensured, and the fastest traceable is realized.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (10)
1. The traceable multi-party electronic signing method is characterized by being used for an intermediate terminal;
generating a source message, sending the source message to a client, receiving a first message which is sent by the client and comprises the source message and first verification information, and verifying the identity of the client according to the first message;
if the identity authentication is passed, generating a second message comprising the first message and the source message, acquiring a serial number from the second message, and sending the serial number to the client;
and receiving a third message which is sent by the client and comprises the number, the second verification information and the electronic signature, checking the number and the second verification information which are contained in the third message, if the number and the second verification information are consistent, storing the electronic signature for signing, and if the number and the second verification information are inconsistent, rejecting the signing.
2. The traceable multi-party electronic sign-on method of claim 1, wherein: and the intermediate end generates a fourth message according to the electronic signature of the multi-party client and the electronic signature of the intermediate end, and the fourth message is used as a source message of the next signing process.
3. The traceable multi-party electronic sign-on method of claim 2, wherein: and the intermediate end forms a sixth message by the electronic contract which is attached with the multi-party client electronic signature and the intermediate end electronic signature, and sends the sixth message and the fourth message to the client.
4. The traceable multi-party electronic sign-on method of claim 1, wherein: and when the intermediate terminal obtains the serial number from the second message, the intermediate terminal regenerates a fifth message according to the serial number and sends the same message to the client terminal, and the client terminal verifies the authenticity of the serial number through the fifth message.
5. The traceable multi-party electronic sign-on method according to any of claims 3 or 4, wherein: before the signing process is carried out, the intermediate terminal generates a password pair, a private key of the key pair is sent to the client terminal, and a public key of the key pair is reserved at the intermediate terminal and is used for encryption and decryption in the message transmission and receiving processes of the client terminal and the intermediate terminal.
6. The traceable multi-party electronic sign-on method of claim 3, wherein: the first message, the fourth message and the sixth message are all transmitted in the form of a hash value.
7. The traceable multi-party electronic sign-on method of claim 4, wherein: and the first message and the fifth message are transmitted in a hash value form.
8. The traceable multi-party electronic sign-on method of claim 1, wherein: and the middle end is internally provided with client authentication information, and when the middle end authenticates the identity of the client, the middle end combines the authentication information and the source message to form a seventh message and compares the first message with the seventh message to authenticate the identity of the client.
9. Computer arrangement comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method according to any of claims 1 to 8 when executing the computer program.
10. Computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010512358.8A CN111753276A (en) | 2020-06-08 | 2020-06-08 | Traceable multi-party electronic signing method, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010512358.8A CN111753276A (en) | 2020-06-08 | 2020-06-08 | Traceable multi-party electronic signing method, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111753276A true CN111753276A (en) | 2020-10-09 |
Family
ID=72676479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010512358.8A Pending CN111753276A (en) | 2020-06-08 | 2020-06-08 | Traceable multi-party electronic signing method, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111753276A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114282273A (en) * | 2021-12-29 | 2022-04-05 | 迅鳐成都科技有限公司 | Block chain-based user identity data verification method, device, system and storage medium |
| CN116938604A (en) * | 2023-09-18 | 2023-10-24 | 深圳市上融科技有限公司 | Multi-party-based electronic signature system, method and process |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107968709A (en) * | 2017-11-15 | 2018-04-27 | 财付通支付科技有限公司 | Business data processing method, identity management method and operating audit method |
| CN109586919A (en) * | 2018-12-03 | 2019-04-05 | 杭州仟金顶信息科技有限公司 | A kind of online contract signs method automatically |
| CN109741063A (en) * | 2019-01-10 | 2019-05-10 | 众安信息技术服务有限公司 | Digital signature method and device based on block chain |
-
2020
- 2020-06-08 CN CN202010512358.8A patent/CN111753276A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107968709A (en) * | 2017-11-15 | 2018-04-27 | 财付通支付科技有限公司 | Business data processing method, identity management method and operating audit method |
| CN109586919A (en) * | 2018-12-03 | 2019-04-05 | 杭州仟金顶信息科技有限公司 | A kind of online contract signs method automatically |
| CN109741063A (en) * | 2019-01-10 | 2019-05-10 | 众安信息技术服务有限公司 | Digital signature method and device based on block chain |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114282273A (en) * | 2021-12-29 | 2022-04-05 | 迅鳐成都科技有限公司 | Block chain-based user identity data verification method, device, system and storage medium |
| CN116938604A (en) * | 2023-09-18 | 2023-10-24 | 深圳市上融科技有限公司 | Multi-party-based electronic signature system, method and process |
| CN116938604B (en) * | 2023-09-18 | 2023-11-28 | 深圳市上融科技有限公司 | Multi-party-based electronic signature system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108876374B (en) | Block chain network identity document authentication method and system | |
| CN109359691A (en) | Auth method and system based on block chain | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| US10742426B2 (en) | Public key infrastructure and method of distribution | |
| CN108243166A (en) | A kind of identity identifying method and system based on USBKey | |
| CN105024819A (en) | Multifactor authentication method and system based on mobile terminal | |
| CN113472793B (en) | Personal data protection system based on hardware password equipment | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN103684766A (en) | Private key protection method and system for terminal user | |
| CN104980437B (en) | A kind of authorization third party's data integrity method of proof of identity-based | |
| CN109272314B (en) | Secure communication method and system based on two-party collaborative signature calculation | |
| CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
| CN105553654A (en) | Key information query processing method and device and key information management system | |
| CN111355591A (en) | Block chain account safety management method based on real-name authentication technology | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| CN109040060A (en) | Terminal-Matching and system, computer equipment | |
| CN114553441B (en) | Electronic contract signing method and system | |
| CN111753276A (en) | Traceable multi-party electronic signing method, computer equipment and storage medium | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN113761578A (en) | Document true checking method based on block chain | |
| CN115955320B (en) | Video conference identity authentication method | |
| CN109412799B (en) | System and method for generating local key | |
| CN103986724A (en) | Real-name authentication method and system for e-mail | |
| CN110572257B (en) | Identity-based data source identification method and system | |
| Zhang et al. | Mobile payment protocol based on dynamic mobile phone token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |