CN111859431A - Electronic file signature method and device, electronic equipment and storage medium - Google Patents
Electronic file signature method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN111859431A CN111859431A CN202010725929.6A CN202010725929A CN111859431A CN 111859431 A CN111859431 A CN 111859431A CN 202010725929 A CN202010725929 A CN 202010725929A CN 111859431 A CN111859431 A CN 111859431A
- Authority
- CN
- China
- Prior art keywords
- file
- scene
- user
- client
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012795 verification Methods 0.000 claims abstract description 55
- 238000004422 calculation algorithm Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 13
- 230000005540 biological transmission Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009432 framing Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to data processing, and discloses an electronic document signature method, which comprises the following steps: determining scene information corresponding to the request based on the first file and the user identification, acquiring scene characteristics of the client user according to the scene information, verifying the identity of the client user, and generating a second file based on the scene characteristics and the first file when the identity verification is passed; encrypting the second file by using a private key in the key pair to obtain a third file, and sending the third file and a public key in the key pair to the client; and receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging the fourth file as an effective file when the authenticity verification is passed. The invention also provides an electronic file signature device, electronic equipment and a computer readable storage medium. The invention can improve the signature efficiency and the signature safety.
Description
Technical Field
The present invention relates to data processing, and in particular, to a method and an apparatus for signing an electronic document, an electronic device, and a storage medium.
Background
With the advancement of technology, electronic signatures and electronic documents signed by the electronic signatures are not limited by time and space, and are widely favored. At present, generally carry out the signature to electronic file through fixed certificate, however, the application flow of fixed certificate is comparatively loaded down with trivial details for it is inefficient to sign, and can't ensure the true and false of electronic file and the authorizer's identity of signing. Therefore, a method for signing electronic documents is needed to improve the efficiency and security of signing.
Disclosure of Invention
In view of the above, there is a need to provide an electronic document signing method, which aims to improve the signing efficiency and the signing security.
The invention provides an electronic file signature method, which comprises the following steps:
responding an electronic file signature request sent by a user based on a client, analyzing the request, and acquiring a file identifier to be signed and a user identifier carried by the request;
acquiring a first file corresponding to the file identifier to be signed from a first database, and determining scene information corresponding to the request based on the first file and the user identifier;
acquiring scene characteristics of the client user according to the scene information, performing identity verification on the client user according to the scene characteristics, and generating a second file based on the scene characteristics and the first file when the identity verification passes;
generating a key pair, encrypting the second file by using a private key of the key pair to obtain a third file, and sending the third file and a public key of the key pair to the client;
and receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging that the fourth file is a valid file when the authenticity verification passes.
Optionally, the determining, based on the first file and the user identifier, the scene information corresponding to the request includes:
determining the file type of the first file, and determining the priority level of the first file according to the file type;
acquiring user information corresponding to the user identification, and determining whether a user corresponding to the user identification has signature authority or not based on the user information and the file type;
when the user corresponding to the user identification has the signature authority, determining the user grade corresponding to the user identification according to the user information;
and determining scene information corresponding to the request based on the priority level and the user level.
Optionally, the determining the scene information corresponding to the request based on the priority level and the user level includes:
acquiring a first scene element corresponding to the priority level;
acquiring a second scene element corresponding to the user level;
and taking the set of the first scene element and the second scene element as scene information corresponding to the request.
Optionally, the authenticating the client user according to the scene features includes:
acquiring standard features corresponding to scene elements corresponding to the user identification from a second database;
calculating the feature similarity of the scene features corresponding to the scene elements and the standard features;
and when the feature similarity corresponding to each scene element is larger than a preset threshold value, judging that the identity authentication of the client user is passed.
Optionally, the generating a second file based on the scene feature and the first file includes:
storing the scene characteristics into a file with a preset format;
encrypting a file with a preset format and stored scene characteristics by adopting an AES symmetric encryption algorithm to obtain an encrypted ciphertext;
and merging the ciphertext to the first file to obtain the second file.
Optionally, the verifying the authenticity of the fourth document includes:
decrypting the fourth file by using a private key in the key pair to obtain a fifth file, and decrypting a ciphertext in the fifth file by using an AES (advanced encryption standard) symmetric encrypted key to obtain a decrypted scene characteristic;
randomly extracting characters at a plurality of preset positions from the fifth file, and performing character comparison on the extracted characters and standard characters at corresponding positions in the first file;
randomly extracting a plurality of scene features from the decrypted scene features, and performing feature comparison on the extracted scene features and standard features corresponding to the user identification;
and when the character comparison result and the characteristic comparison result pass, judging that the authenticity verification of the fourth file passes.
Optionally, after verifying the authenticity of the fourth document, the method further comprises:
and if the authenticity verification fails, judging that the fourth file is an invalid file, adding an invalid identifier on the fourth file, and sending warning information to the client.
In order to solve the above problem, the present invention further provides an electronic document signing apparatus, comprising:
the request module is used for responding to an electronic file signature request sent by a user based on a client, analyzing the request and acquiring a file identifier to be signed and a user identifier carried by the request;
the determining module is used for acquiring a first file corresponding to the file identifier to be signed from a first database, and determining scene information corresponding to the request based on the first file and the user identifier;
the generating module is used for acquiring scene characteristics of the client user according to the scene information, performing identity verification on the client user according to the scene characteristics, and generating a second file based on the scene characteristics and the first file when the identity verification passes;
the encryption module is used for generating a key pair, encrypting the second file by using a private key of the key pair to obtain a third file, and sending the third file and a public key of the key pair to the client;
and the verification module is used for receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging that the fourth file is a valid file when the authenticity verification passes.
In order to solve the above problem, the present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the electronic document signing method described above.
In order to solve the above problem, the present invention further provides a computer-readable storage medium having an electronic document signing program stored thereon, where the electronic document signing program is executable by one or more processors to implement the above electronic document signing method.
Compared with the prior art, the method and the device have the advantages that the scene information corresponding to the request is determined based on the first file and the user identification, the scene characteristics are obtained according to the scene information, and the identity of the client user is verified; then, a second file is generated based on the scene characteristics and the first file, and as the scene characteristics have the same functions as a fixed certificate (such as a digital certificate), the scene characteristics are more convenient and flexible to extract, and a complex application process is not needed, so that the signature efficiency is higher; then, a private key in the key pair is used for encrypting the second file to obtain a third file, and the third file and a public key in the key pair are sent to the client, so that the safety of the third file in the transmission process is ensured; and finally, judging the authenticity of a fourth file obtained by the signature fed back by the client, and judging the fourth file as a valid file when the authenticity verification passes, wherein the step can prevent a client user from tampering the file in the signature process. Therefore, the invention improves the signature efficiency and the signature safety.
Drawings
FIG. 1 is a schematic flow chart illustrating an electronic document signing method according to an embodiment of the present invention;
FIG. 2 is a block diagram of an electronic document signing apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device for implementing an electronic document signing method according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
The invention provides an electronic document signature method. Fig. 1 is a schematic flow chart illustrating an electronic document signing method according to an embodiment of the present invention. The method may be performed by an electronic device, which may be implemented by software and/or hardware.
In this embodiment, the electronic document signing method includes:
s1, responding to an electronic file signature request sent by a user based on a client, analyzing the request, and acquiring a file identifier to be signed and a user identifier carried by the request.
S2, acquiring a first file corresponding to the file identifier to be signed from a first database, and determining scene information corresponding to the request based on the first file and the user identifier.
In this embodiment, the first file is a file to be signed.
The determining the scene information corresponding to the request based on the first file and the user identifier comprises:
a1, determining the file type of the first file, and determining the priority level of the first file according to the file type;
the file types include various files such as financial statements, engineering plans, project reports, purchase application forms, and the like, and priority levels are set in advance for the various types of files according to business requirements in the embodiment, for example, the financial statements and the purchase application forms are of a first priority level, the project reports are of a second priority level, and the engineering plans are of a third priority level.
A2, obtaining user information corresponding to the user identification, and determining whether a user corresponding to the user identification has a signature authority or not based on the user information and the file type;
in the embodiment, a corresponding signature authorizer list is set for each type of file in advance, and whether the user corresponding to the user identifier has the signature authority or not can be determined according to the list.
A3, when the user corresponding to the user identification has the signature authority, determining the user grade corresponding to the user identification according to the user information;
in this embodiment, a user rank may be determined according to a user role in the user information, for example, if the user role is a general manager, the user is a first user rank; if the user job is manager, the user is in a second user level; and if the user job is the group leader, the user is the third user grade.
And A4, determining scene information corresponding to the request based on the priority level and the user level.
In this embodiment, after determining whether the user corresponding to the user identifier has the signing authority based on the user information and the file type, the method further includes:
and if the user corresponding to the user identification has no signature authority, rejecting the request and sending early warning information.
In this embodiment, the determining the scene information corresponding to the request based on the priority level and the user level includes:
b1, acquiring a first scene element corresponding to the priority level;
b2, acquiring a second scene element corresponding to the user level;
and B3, taking the set of the first scene element and the second scene element as the scene information corresponding to the request.
In this embodiment, corresponding scene elements are set in advance for each priority level and each user level. For example, the scene elements corresponding to the first priority level include: fingerprint identification, iris identification and short message verification code identification, wherein the scene elements corresponding to the second priority level comprise: fingerprint identification and short message verification code identification, and the scene elements corresponding to the third priority level comprise: identifying a short message verification code; the scene element corresponding to the first user level comprises: face recognition, voiceprint recognition and geographic position verification, wherein the scene elements corresponding to the second user level comprise: face recognition and geographic position verification, wherein the scene elements corresponding to the third user grade comprise: and (5) face recognition.
S3, obtaining scene characteristics of the client user according to the scene information, carrying out identity verification on the client user according to the scene characteristics, and generating a second file based on the scene characteristics and the first file when the identity verification passes.
The scene information corresponding to the request is assumed to include: and respectively acquiring the current fingerprint characteristic, short message verification code, face characteristic, voiceprint characteristic and geographic position of the client user by fingerprint identification, short message verification code identification, face identification, voiceprint identification and geographic position identification.
The process of acquiring the face features comprises the following steps: the method comprises the steps of collecting video data of a client user within a first preset time period (for example, 3 to 5 seconds), framing the video data to obtain an image sequence, and inputting the image sequence into a face recognition model (in the embodiment, the face recognition model is a deep convolution neural network) to obtain face features.
The acquisition process of the voiceprint features comprises the following steps: collecting audio data of the client user in a second preset time period (for example, 4 to 6 seconds), performing short-time fourier transform and/or short-time inverse fourier transform on the audio data to obtain time-domain signal data of the client user, and inputting the time-domain signal data into a voiceprint recognition model (in this embodiment, the voiceprint recognition model is a feed-forward DNN network) to obtain voiceprint characteristics.
The short message verification code is sent by the system through a mobile phone number in user information, and the geographic position is determined through client GPS positioning.
In this embodiment, the performing identity authentication on the client user according to the scene characteristics includes:
c1, acquiring standard features corresponding to the scene elements corresponding to the user identification from a second database;
c2, calculating the feature similarity of the scene features corresponding to the scene elements and the standard features;
the second database stores standard features of each scene element corresponding to each user identifier in advance, and whether the current client and the user corresponding to the user identifier are the same person or not can be determined by comparing the feature similarity of the scene features and the standard features, so that false signatures caused by the fact that the login name and the password of the user are leaked are prevented.
And C3, when the feature similarity corresponding to each scene element is larger than a preset threshold, judging that the client user identity authentication is passed.
In this embodiment, the generating the second file based on the scene feature and the first file includes:
d1, storing the scene features into a file with a preset format;
the files with the preset format comprise PDF files, JPEG files and txt files, and scene features are stored in the PDF files in the embodiment.
D2, encrypting the file with the stored scene characteristics and the preset format by adopting an AES symmetric encryption algorithm to obtain an encrypted ciphertext;
the AES symmetric encryption algorithm adopts an ECB mode and a PKCS #5 filling mode for encryption. The ECB mode is a codebook mode, in which the whole plaintext is divided into several small plaintext blocks (each small block has a length of 128 bits) which are the same, and then each small plaintext block is encrypted.
If the key of AES symmetric encryption is not available, the encrypted file cannot be decrypted, and the step can prevent scene characteristics from being tampered.
D3, merging the ciphertext into the first file to obtain the second file.
In this embodiment, the second file includes the scene characteristics, which can ensure the identity of the signing authority, and the role of the second file is equivalent to that of a fixed certificate (e.g., a digital certificate), but the scene characteristics are more flexible and convenient to obtain, and the signing efficiency can be higher without going through a complicated application process.
S4, generating a key pair, encrypting the second file by using a private key of the key pair to obtain a third file, and sending the third file and a public key of the key pair to the client.
The key pair generated in this embodiment is a key pair asymmetrically encrypted by RSA, and the public key of the key pair is encrypted and decrypted by the private key, or encrypted by the private key and decrypted by the public key. The third file can be ensured to be safe in the transmission process through RSA asymmetric encryption.
And only the public key in the key pair is sent to the client, so that the client user can only decrypt the third file to obtain the second file, and the ciphertext in the second file cannot be decrypted due to the key without AES symmetric encryption, so that the scene characteristics cannot be obtained, and the safety of the scene characteristics is ensured.
And S5, receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging that the fourth file is a valid file when the authenticity verification passes.
And after receiving the third file, the client user decrypts the third file by using the public key in the key pair to obtain a second file, and encrypts the second file by using the public key after signing to obtain a fourth file.
Said verifying the authenticity of said fourth document comprises:
e1, decrypting the fourth file by using a private key in the key pair to obtain a fifth file, and decrypting a ciphertext in the fifth file by using an AES symmetric encrypted key to obtain a decrypted scene characteristic;
e2, randomly extracting characters at a plurality of preset positions from the fifth file, and performing character comparison between the extracted characters and standard characters at corresponding positions in the first file;
e3, randomly extracting a plurality of scene features from the decrypted scene features, and performing feature comparison on the extracted scene features and the standard features corresponding to the user identification;
e4, when the character comparison result and the characteristic comparison result pass, judging that the authenticity verification of the fourth file passes.
The file can be ensured not to be tampered by the client user in the signature process through character comparison and characteristic comparison.
In this embodiment, after verifying the authenticity of the fourth document, the method further includes:
and if the authenticity verification fails, judging that the fourth file is an invalid file, adding an invalid identifier on the fourth file, and sending warning information to the client.
The invalid mark can be a watermark with an invalid character added on the fourth file, or can be a cross on the fourth file.
According to the embodiment, the electronic file signature method provided by the invention comprises the steps of firstly, determining scene information corresponding to a request based on a first file and a user identifier, acquiring scene characteristics according to the scene information, and carrying out identity verification on a client user, wherein the step can ensure that the client user and the user identifier in the request correspond to the same user, so that the authenticity of the user identity is ensured; then, a second file is generated based on the scene characteristics and the first file, and as the scene characteristics have the same functions as a fixed certificate (such as a digital certificate), the scene characteristics are more convenient and flexible to extract, and a complex application process is not needed, so that the signature efficiency is higher; then, a private key in the key pair is used for encrypting the second file to obtain a third file, and the third file and a public key in the key pair are sent to the client, so that the safety of the third file in the transmission process is ensured; and finally, judging the authenticity of a fourth file obtained by the signature fed back by the client, and judging the fourth file as a valid file when the authenticity verification passes, wherein the step can prevent a client user from tampering the file in the signature process. Therefore, the invention improves the signature efficiency and the signature safety.
Fig. 2 is a schematic block diagram of an electronic document signing apparatus according to an embodiment of the present invention.
The electronic document signing apparatus 100 of the present invention can be installed in an electronic device. According to the realized functions, the electronic document signing apparatus 100 may include a request module 110, a determination module 120, a generation module 130, an encryption module 140 and a verification module 150. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the request module 110 is configured to respond to an electronic file signing request sent by a user based on a client, parse the request, and obtain a file identifier to be signed and a user identifier carried in the request.
The determining module 120 is configured to obtain a first file corresponding to the file identifier to be signed from a first database, and determine scene information corresponding to the request based on the first file and the user identifier.
In this embodiment, the first file is a file to be signed.
The determining the scene information corresponding to the request based on the first file and the user identifier comprises:
a1, determining the file type of the first file, and determining the priority level of the first file according to the file type;
the file types include various files such as financial statements, engineering plans, project reports, purchase application forms, and the like, and priority levels are set in advance for the various types of files according to business requirements in the embodiment, for example, the financial statements and the purchase application forms are of a first priority level, the project reports are of a second priority level, and the engineering plans are of a third priority level.
A2, obtaining user information corresponding to the user identification, and determining whether a user corresponding to the user identification has a signature authority or not based on the user information and the file type;
in the embodiment, a corresponding signature authorizer list is set for each type of file in advance, and whether the user corresponding to the user identifier has the signature authority or not can be determined according to the list.
A3, when the user corresponding to the user identification has the signature authority, determining the user grade corresponding to the user identification according to the user information;
in this embodiment, a user rank may be determined according to a user role in the user information, for example, if the user role is a general manager, the user is a first user rank; if the user job is manager, the user is in a second user level; and if the user job is the group leader, the user is the third user grade.
And A4, determining scene information corresponding to the request based on the priority level and the user level.
In this embodiment, after determining whether the user corresponding to the user identifier has the signing authority based on the user information and the file type, the determining module 120 is further configured to:
and if the user corresponding to the user identification has no signature authority, rejecting the request and sending early warning information.
In this embodiment, the determining the scene information corresponding to the request based on the priority level and the user level includes:
b1, acquiring a first scene element corresponding to the priority level;
b2, acquiring a second scene element corresponding to the user level;
and B3, taking the set of the first scene element and the second scene element as the scene information corresponding to the request.
In this embodiment, corresponding scene elements are set in advance for each priority level and each user level. For example, the scene elements corresponding to the first priority level include: fingerprint identification, iris identification and short message verification code identification, wherein the scene elements corresponding to the second priority level comprise: fingerprint identification and short message verification code identification, and the scene elements corresponding to the third priority level comprise: identifying a short message verification code; the scene element corresponding to the first user level comprises: face recognition, voiceprint recognition and geographic position verification, wherein the scene elements corresponding to the second user level comprise: face recognition and geographic position verification, wherein the scene elements corresponding to the third user grade comprise: and (5) face recognition.
The generating module 130 is configured to obtain a scene feature of the client user according to the scene information, perform identity verification on the client user according to the scene feature, and generate a second file based on the scene feature and the first file when the identity verification passes.
The scene information corresponding to the request is assumed to include: and respectively acquiring the current fingerprint characteristic, short message verification code, face characteristic, voiceprint characteristic and geographic position of the client user by fingerprint identification, short message verification code identification, face identification, voiceprint identification and geographic position identification.
The process of acquiring the face features comprises the following steps: the method comprises the steps of collecting video data of a client user within a first preset time period (for example, 3 to 5 seconds), framing the video data to obtain an image sequence, and inputting the image sequence into a face recognition model (in the embodiment, the face recognition model is a deep convolution neural network) to obtain face features.
The acquisition process of the voiceprint features comprises the following steps: collecting audio data of the client user in a second preset time period (for example, 4 to 6 seconds), performing short-time fourier transform and/or short-time inverse fourier transform on the audio data to obtain time-domain signal data of the client user, and inputting the time-domain signal data into a voiceprint recognition model (in this embodiment, the voiceprint recognition model is a feed-forward DNN network) to obtain voiceprint characteristics.
The short message verification code is sent by the system through a mobile phone number in user information, and the geographic position is determined through client GPS positioning.
In this embodiment, the performing identity authentication on the client user according to the scene characteristics includes:
c1, acquiring standard features corresponding to the scene elements corresponding to the user identification from a second database;
c2, calculating the feature similarity of the scene features corresponding to the scene elements and the standard features;
the second database stores standard features of each scene element corresponding to each user identifier in advance, and whether the current client and the user corresponding to the user identifier are the same person or not can be determined by comparing the feature similarity of the scene features and the standard features, so that false signatures caused by the fact that the login name and the password of the user are leaked are prevented.
And C3, when the feature similarity corresponding to each scene element is larger than a preset threshold, judging that the client user identity authentication is passed.
In this embodiment, the generating the second file based on the scene feature and the first file includes:
d1, storing the scene features into a file with a preset format;
the files with the preset format comprise PDF files, JPEG files and txt files, and scene features are stored in the PDF files in the embodiment.
D2, encrypting the file with the stored scene characteristics and the preset format by adopting an AES symmetric encryption algorithm to obtain an encrypted ciphertext;
the AES symmetric encryption algorithm adopts an ECB mode and a PKCS #5 filling mode for encryption. The ECB mode is a codebook mode, in which the whole plaintext is divided into several small plaintext blocks (each small block has a length of 128 bits) which are the same, and then each small plaintext block is encrypted.
If the key of AES symmetric encryption is not available, the encrypted file cannot be decrypted, and the step can prevent scene characteristics from being tampered.
D3, merging the ciphertext into the first file to obtain the second file.
In this embodiment, the second file includes the scene characteristics, which can ensure the identity of the signing authority, and the role of the second file is equivalent to that of a fixed certificate (e.g., a digital certificate), but the scene characteristics are more flexible and convenient to obtain, and the signing efficiency can be higher without going through a complicated application process.
The encryption module 140 is configured to generate a key pair, encrypt the second file with a private key of the key pair to obtain a third file, and send the third file and a public key of the key pair to the client.
The key pair generated in this embodiment is a key pair asymmetrically encrypted by RSA, and the public key of the key pair is encrypted and decrypted by the private key, or encrypted by the private key and decrypted by the public key. The third file can be ensured to be safe in the transmission process through RSA asymmetric encryption.
And only the public key in the key pair is sent to the client, so that the client user can only decrypt the third file to obtain the second file, and the ciphertext in the second file cannot be decrypted due to the key without AES symmetric encryption, so that the scene characteristics cannot be obtained, and the safety of the scene characteristics is ensured.
The verification module 150 is configured to receive a fourth file obtained by signing the third file and fed back by the client, verify authenticity of the fourth file, and determine that the fourth file is a valid file when the authenticity verification passes.
And after receiving the third file, the client user decrypts the third file by using the public key in the key pair to obtain a second file, and encrypts the second file by using the public key after signing to obtain a fourth file.
Said verifying the authenticity of said fourth document comprises:
e1, decrypting the fourth file by using a private key in the key pair to obtain a fifth file, and decrypting a ciphertext in the fifth file by using an AES symmetric encrypted key to obtain a decrypted scene characteristic;
e2, randomly extracting characters at a plurality of preset positions from the fifth file, and performing character comparison between the extracted characters and standard characters at corresponding positions in the first file;
e3, randomly extracting a plurality of scene features from the decrypted scene features, and performing feature comparison on the extracted scene features and the standard features corresponding to the user identification;
e4, when the character comparison result and the characteristic comparison result pass, judging that the authenticity verification of the fourth file passes.
The file can be ensured not to be tampered by the client user in the signature process through character comparison and characteristic comparison.
In this embodiment, after verifying the authenticity of the fourth document, the verification module 150 is further configured to:
and if the authenticity verification fails, judging that the fourth file is an invalid file, adding an invalid identifier on the fourth file, and sending warning information to the client.
The invalid mark can be a watermark with an invalid character added on the fourth file, or can be a cross on the fourth file.
Fig. 3 is a schematic structural diagram of an electronic device for implementing an electronic document signing method according to an embodiment of the present invention.
The electronic device 1 is a device capable of automatically performing numerical calculation and/or information processing in accordance with a command set or stored in advance. The electronic device 1 may be a computer, or may be a single network server, a server group composed of a plurality of network servers, or a cloud composed of a large number of hosts or network servers based on cloud computing, where cloud computing is one of distributed computing and is a super virtual computer composed of a group of loosely coupled computers.
In the embodiment, the electronic device 1 includes, but is not limited to, a memory 11, a processor 12, and a network interface 13, which are communicatively connected to each other through a system bus, wherein the memory 11 stores an electronic file signature program 10, and the electronic file signature program 10 is executable by the processor 12. While fig. 3 shows only the electronic device 1 with components 11-13 and the electronic document signing program 10, it will be understood by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 1 and may comprise fewer or more components than shown, or some components may be combined, or a different arrangement of components.
The storage 11 includes a memory and at least one type of readable storage medium. The memory provides cache for the operation of the electronic equipment 1; the readable storage medium may be a non-volatile storage medium such as flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the readable storage medium may be an internal storage unit of the electronic device 1, such as a hard disk of the electronic device 1; in other embodiments, the non-volatile storage medium may also be an external storage device of the electronic device 1, such as a plug-in hard disk provided on the electronic device 1, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. In this embodiment, the readable storage medium of the memory 11 is generally used for storing an operating system and various application software installed in the electronic device 1, for example, codes of the electronic file signature program 10 in an embodiment of the present invention are stored. Further, the memory 11 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 12 is generally configured to control the overall operation of the electronic device 1, such as performing control and processing related to data interaction or communication with other devices. In this embodiment, the processor 12 is configured to run the program codes stored in the memory 11 or process data, for example, run the electronic file signature program 10.
The network interface 13 may comprise a wireless network interface or a wired network interface, and the network interface 13 is used for establishing a communication connection between the electronic device 1 and a client (not shown).
Optionally, the electronic device 1 may further include a user interface, the user interface may include a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface may further include a standard wired interface and a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The electronic file signature program 10 stored in the memory 11 of the electronic device 1 is a combination of instructions, and when running in the processor 12, can realize:
responding an electronic file signature request sent by a user based on a client, analyzing the request, and acquiring a file identifier to be signed and a user identifier carried by the request;
acquiring a first file corresponding to the file identifier to be signed from a first database, and determining scene information corresponding to the request based on the first file and the user identifier;
acquiring scene characteristics of the client user according to the scene information, performing identity verification on the client user according to the scene characteristics, and generating a second file based on the scene characteristics and the first file when the identity verification passes;
generating a key pair, encrypting the second file by using a private key of the key pair to obtain a third file, and sending the third file and a public key of the key pair to the client;
and receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging that the fourth file is a valid file when the authenticity verification passes.
Specifically, the specific implementation method of the instruction by the processor 12 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1, which is not described herein again. It is emphasized that, in order to further ensure the privacy and security of the first file and standard features, the first file and standard features may also be stored in a node of a blockchain.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
The computer-readable storage medium stores an electronic document signing program 10, and the electronic document signing program 10 can be executed by one or more processors, and the specific implementation manner of the computer-readable storage medium of the present invention is substantially the same as that of the above-mentioned embodiments of the electronic document signing method, and is not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A method of signing an electronic document, the method comprising:
responding an electronic file signature request sent by a user based on a client, analyzing the request, and acquiring a file identifier to be signed and a user identifier carried by the request;
acquiring a first file corresponding to the file identifier to be signed from a first database, and determining scene information corresponding to the request based on the first file and the user identifier;
acquiring scene characteristics of the client user according to the scene information, performing identity verification on the client user according to the scene characteristics, and generating a second file based on the scene characteristics and the first file when the identity verification passes;
generating a key pair, encrypting the second file by using a private key of the key pair to obtain a third file, and sending the third file and a public key of the key pair to the client;
and receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging that the fourth file is a valid file when the authenticity verification passes.
2. The method of claim 1, wherein said determining scene information corresponding to the request based on the first file and a user identification comprises:
determining the file type of the first file, and determining the priority level of the first file according to the file type;
acquiring user information corresponding to the user identification, and determining whether a user corresponding to the user identification has signature authority or not based on the user information and the file type;
when the user corresponding to the user identification has the signature authority, determining the user grade corresponding to the user identification according to the user information;
and determining scene information corresponding to the request based on the priority level and the user level.
3. The method of claim 2, wherein said determining scene information corresponding to the request based on the priority level and the user rank comprises:
acquiring a first scene element corresponding to the priority level;
acquiring a second scene element corresponding to the user level;
and taking the set of the first scene element and the second scene element as scene information corresponding to the request.
4. The method of electronic document signing according to claim 3, wherein said authenticating the client user according to the scene characteristics comprises:
acquiring standard features corresponding to scene elements corresponding to the user identification from a second database;
calculating the feature similarity of the scene features corresponding to the scene elements and the standard features;
and when the feature similarity corresponding to each scene element is larger than a preset threshold value, judging that the identity authentication of the client user is passed.
5. The method of signing an electronic document according to any one of claims 1 to 4, wherein said generating a second document based on said scene features and a first document comprises:
storing the scene characteristics into a file with a preset format;
encrypting a file with a preset format and stored scene characteristics by adopting an AES symmetric encryption algorithm to obtain an encrypted ciphertext;
and merging the ciphertext to the first file to obtain the second file.
6. The electronic document signing method of claim 5, wherein said verifying the authenticity of the fourth document comprises:
decrypting the fourth file by using a private key in the key pair to obtain a fifth file, and decrypting a ciphertext in the fifth file by using an AES (advanced encryption standard) symmetric encrypted key to obtain a decrypted scene characteristic;
randomly extracting characters at a plurality of preset positions from the fifth file, and performing character comparison on the extracted characters and standard characters at corresponding positions in the first file;
randomly extracting a plurality of scene features from the decrypted scene features, and performing feature comparison on the extracted scene features and standard features corresponding to the user identification;
and when the character comparison result and the characteristic comparison result pass, judging that the authenticity verification of the fourth file passes.
7. The electronic document signing method of claim 6, wherein after verifying the authenticity of the fourth document, the method further comprises:
and if the authenticity verification fails, judging that the fourth file is an invalid file, adding an invalid identifier on the fourth file, and sending warning information to the client.
8. An electronic document signing apparatus, said apparatus comprising:
the request module is used for responding to an electronic file signature request sent by a user based on a client, analyzing the request and acquiring a file identifier to be signed and a user identifier carried by the request;
the determining module is used for acquiring a first file corresponding to the file identifier to be signed from a first database, and determining scene information corresponding to the request based on the first file and the user identifier;
the generating module is used for acquiring scene characteristics of the client user according to the scene information, performing identity verification on the client user according to the scene characteristics, and generating a second file based on the scene characteristics and the first file when the identity verification passes;
the encryption module is used for generating a key pair, encrypting the second file by using a private key of the key pair to obtain a third file, and sending the third file and a public key of the key pair to the client;
and the verification module is used for receiving a fourth file obtained by signing the third file and fed back by the client, verifying the authenticity of the fourth file, and judging that the fourth file is a valid file when the authenticity verification passes.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the electronic document signing method of any one of claims 1 to 7.
10. A computer-readable storage medium having stored thereon an electronic document signing program, the electronic document signing program being executable by one or more processors to implement the electronic document signing method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010725929.6A CN111859431B (en) | 2020-07-24 | 2020-07-24 | Electronic file signing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010725929.6A CN111859431B (en) | 2020-07-24 | 2020-07-24 | Electronic file signing method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111859431A true CN111859431A (en) | 2020-10-30 |
| CN111859431B CN111859431B (en) | 2024-06-18 |
Family
ID=72949605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010725929.6A Active CN111859431B (en) | 2020-07-24 | 2020-07-24 | Electronic file signing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111859431B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112507391A (en) * | 2020-12-01 | 2021-03-16 | 杭州企达信息技术有限公司 | Block chain-based electronic signature method, system, device and readable storage medium |
| CN112749402A (en) * | 2021-01-07 | 2021-05-04 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
| CN117197782A (en) * | 2023-11-06 | 2023-12-08 | 北京敏行通达信息技术有限公司 | Electronic signature generation method, device, equipment and readable storage medium |
| CN118194249A (en) * | 2024-05-15 | 2024-06-14 | 北京敏行通达信息技术有限公司 | Method, system, equipment and readable storage medium for digital file mutual-sign mutual-check |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108122097A (en) * | 2017-12-29 | 2018-06-05 | 北京云京科技有限公司 | Support the electronic signature method and system of more application scenarios |
| CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
| CN109784922A (en) * | 2019-01-02 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Electronic contract signs method, apparatus, computer equipment and storage medium |
| CN110955921A (en) * | 2019-12-09 | 2020-04-03 | 中国移动通信集团江苏有限公司 | Electronic signature method, device, equipment and storage medium |
-
2020
- 2020-07-24 CN CN202010725929.6A patent/CN111859431B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108122097A (en) * | 2017-12-29 | 2018-06-05 | 北京云京科技有限公司 | Support the electronic signature method and system of more application scenarios |
| CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
| CN109784922A (en) * | 2019-01-02 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Electronic contract signs method, apparatus, computer equipment and storage medium |
| CN110955921A (en) * | 2019-12-09 | 2020-04-03 | 中国移动通信集团江苏有限公司 | Electronic signature method, device, equipment and storage medium |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112507391A (en) * | 2020-12-01 | 2021-03-16 | 杭州企达信息技术有限公司 | Block chain-based electronic signature method, system, device and readable storage medium |
| CN112507391B (en) * | 2020-12-01 | 2024-01-30 | 杭州企达信息技术有限公司 | Block chain-based electronic signature method, system, device and readable storage medium |
| CN112749402A (en) * | 2021-01-07 | 2021-05-04 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
| CN112749402B (en) * | 2021-01-07 | 2024-04-23 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
| CN117197782A (en) * | 2023-11-06 | 2023-12-08 | 北京敏行通达信息技术有限公司 | Electronic signature generation method, device, equipment and readable storage medium |
| CN117197782B (en) * | 2023-11-06 | 2024-01-12 | 北京敏行通达信息技术有限公司 | Electronic signature generation method, device, equipment and readable storage medium |
| CN118194249A (en) * | 2024-05-15 | 2024-06-14 | 北京敏行通达信息技术有限公司 | Method, system, equipment and readable storage medium for digital file mutual-sign mutual-check |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111859431B (en) | 2024-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111859431B (en) | Electronic file signing method and device, electronic equipment and storage medium | |
| CN110046996B (en) | Data processing method and device | |
| CN111932426B (en) | Identity management method, device and equipment based on trusted hardware | |
| US11063749B2 (en) | Cryptographic key management based on identity information | |
| CN111835511A (en) | Data security transmission method and device, computer equipment and storage medium | |
| CN111797430B (en) | Data verification method, device, server and storage medium | |
| US9600690B2 (en) | Secure access for sensitive digital information | |
| CN108009445B (en) | Semi-centralized trusted data management system | |
| KR20060006770A (en) | Long-term secure digital signatures | |
| CN114662132A (en) | Block chain-based electronic seal monitoring method, device, equipment and medium | |
| CN113420049B (en) | Data circulation method, device, electronic equipment and storage medium | |
| CN110598433A (en) | Anti-counterfeiting information processing method and device based on block chain | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| CN114827354A (en) | Identity authentication information display method and device, electronic equipment and readable storage medium | |
| CN114626079A (en) | File viewing method, device, equipment and storage medium based on user permission | |
| CN113783690A (en) | Tender inviting method and device based on authentication | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
| CN112434506A (en) | Electronic protocol signing processing method, device, computer equipment and medium | |
| US20240273173A1 (en) | Registration information generation apparatus, collation information generation apparatus, collation system, registration information generation method, collation information generation method, similarity calculation method, registration information generation program, and collation information generation program | |
| WO2023172190A1 (en) | Method and apparatus for accessing data in a plurality of machine readable medium | |
| CN112182598B (en) | Public sample ID identification method, public sample ID identification device, server and readable storage medium | |
| CN114401096B (en) | Block chain data uplink control method, device, equipment and storage medium | |
| CN118381660B (en) | Regional cash center behavior zero trust system construction method and system | |
| CN112487502B (en) | Device authentication method and device, electronic device and storage medium | |
| CN114022259B (en) | Bidding method and device based on public key assignment and identity verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231211 Address after: 519000, Room 114-845, Government Service Center, Building 2, Citizen Service Center, No. 868 Hengqin Gang'ao Avenue, Zhuhai City, Guangdong Province (centralized office area) Applicant after: China Merchants Zhirong Supply Chain Service Co.,Ltd. Address before: Building 2, Minghai Center, south of Chongqing Road, west of Hulunbeier Road, Tianjin Pilot Free Trade Zone (Dongjiang Bonded Port Area), 300000 Tianjin - 5,6-202 Applicant before: China Merchants Tongshang Financial Leasing Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |