CN112487778A - Multi-user online signing system and method - Google Patents

Multi-user online signing system and method Download PDF

Info

Publication number
CN112487778A
CN112487778A CN202011280123.7A CN202011280123A CN112487778A CN 112487778 A CN112487778 A CN 112487778A CN 202011280123 A CN202011280123 A CN 202011280123A CN 112487778 A CN112487778 A CN 112487778A
Authority
CN
China
Prior art keywords
contract
user
subsystem
signing
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011280123.7A
Other languages
Chinese (zh)
Other versions
CN112487778B (en
Inventor
丁彤
田堃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Citic Bank Corp Ltd
Original Assignee
China Citic Bank Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Citic Bank Corp Ltd filed Critical China Citic Bank Corp Ltd
Priority to CN202011280123.7A priority Critical patent/CN112487778B/en
Publication of CN112487778A publication Critical patent/CN112487778A/en
Application granted granted Critical
Publication of CN112487778B publication Critical patent/CN112487778B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/186Templates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Artificial Intelligence (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computational Linguistics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a multi-user online signing system and a method, wherein a business processing subsystem generates a contract file according to contract parameters and a contract template when receiving a signing instruction, a first client subsystem displays the contract file, a user completes digital signing after confirming to obtain an electronic contract, the business processing subsystem randomly generates a secret key and obtains an encrypted ciphertext according to the secret key to further generate a file to be processed, encrypts the file to be processed according to a public key of a second client subsystem to obtain an encrypted data packet, decrypts the encrypted data packet by the second client subsystem, completes signing after data verification is performed on the decrypted data, the business processing subsystem stores information in a signing process into block chain nodes after detecting that all contract signing parties complete the signing process, and can conveniently inquire information of each link in the signing process in the block chain, thereby improving the traceability of the signing process and further improving the safety of online signing.

Description

Multi-user online signing system and method
Technical Field
The invention relates to the technical field of online signing, in particular to a multi-user online signing system and a multi-user online signing method.
Background
At present, it is generally assumed that all CA organizations are trusted and digital certificates issued by the CA organizations are reliable and effective, but in practice, the digital certificates may come from fake CA organizations or be cracked and tampered in the issuing process of the digital certificates, and are extremely vulnerable to attacks from third parties. In addition, in the existing signing technology, traceability of the whole signing process is difficult to achieve, and all links in the signing process are not traceable, so that the electronic contract cannot be completely trusted and lacks security.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a multi-user online signing system and a multi-user online signing method, and aims to solve the technical problems that all links in a signing process are not traceable and lack of safety in the prior art.
In order to achieve the above object, the present invention provides a multi-user online subscription system, including: the system comprises a business processing subsystem and a client subsystem, wherein the client subsystem comprises: a first client subsystem and a second client subsystem;
the service processing subsystem is used for determining user identity information and service scene information according to a signing instruction when the signing instruction is received, determining contract parameters and a contract template according to the user identity information and the service scene information, configuring the contract template according to the contract parameters to obtain a contract file, and sending the contract file to the first client subsystem;
the first client subsystem is further configured to display the contract file, acquire an electronic contract obtained after the user completes digital signature based on the contract file, and send the electronic contract to the service processing subsystem;
the business processing subsystem is further used for randomly generating a secret key, obtaining an encrypted ciphertext through a symmetric encryption algorithm according to the secret key, generating a file to be processed according to the electronic contract, the encrypted ciphertext and the secret key, obtaining a public key corresponding to the second client subsystem, encrypting the file to be processed through an asymmetric encryption algorithm according to the public key, obtaining an encrypted data packet, and sending the encrypted data packet to the second client subsystem;
the second client subsystem is used for decrypting the encrypted data packet to obtain decrypted data, performing data verification on the decrypted data, extracting a contract plaintext from the decrypted data when the data passes the verification, calling a digital certificate based on the contract plaintext to complete signature, adding a timestamp, and uploading the signature to a distributed account book;
and the service processing subsystem is also used for storing the information in the signing flow into the block chain node after detecting that all contract signing parties complete the signing flow.
Optionally, the multi-user online subscription system further comprises a PKI subsystem;
the client subsystem is used for registering the user according to the registration request when receiving the registration request input by the user, performing real-name authentication after the registration is completed, and displaying authentication passing information when the real-name authentication passes;
the client subsystem is further used for sending the certificate application request and the biological characteristic information to the service processing subsystem when receiving the certificate application request and the biological characteristic information input by a user;
the business processing subsystem is used for determining the personal information of the user according to the certificate application request, verifying the validity of the personal information of the user and the biological characteristic information, generating a certificate issuing instruction when the validity verification passes, and sending the certificate issuing instruction to the PKI subsystem;
the PKI subsystem is also used for searching a CA mechanism based on the certificate issuing instruction, issuing digital certificates for the user and the server by the CA mechanism, and storing user identity information and a public key of user real-name authentication in a blockchain;
and the service processing subsystem is also used for acquiring user identity information from the block chain according to the signing instruction and determining service scene information according to the signing instruction when receiving the signing instruction.
Optionally, the first client-side subsystem is further configured to display the contract document, so that a user browses the contract document, and perform a digital signature operation after confirming that the contract information in the contract document is correct;
the first client subsystem is further configured to perform digital signature on the contract file based on a digital signature operation of a user to obtain an electronic contract, store the signature process, the electronic contract and the context in a distributed account book, and send the electronic contract to the business processing subsystem for verification.
Optionally, the service processing subsystem is further configured to verify the electronic contract, acquire a server digital certificate from a blockchain when the electronic contract passes the verification, complete signature according to the server digital certificate, obtain a hash value through a hash encryption algorithm, use the hash value as a digital fingerprint of the electronic contract, and encrypt the electronic contract according to the digital fingerprint to obtain an encrypted electronic contract;
the business processing subsystem is also used for randomly generating a 128-bit key, obtaining an encrypted ciphertext through a symmetric encryption algorithm according to the key, and generating a file to be processed according to the encrypted electronic contract, the hash value, the encrypted ciphertext and the key;
and the service processing subsystem is further configured to obtain a public key corresponding to the second client subsystem from the block chain, and encrypt the file to be processed by an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet.
Optionally, the second client-side subsystem is further configured to obtain a private key corresponding to the public key, decrypt the encrypted data packet according to the private key, obtain decrypted data, extract an electronic contract, a hash value, an encrypted ciphertext, and a key from the decrypted data, perform data verification on the hash value, the encrypted ciphertext, and the key, and extract a contract plaintext from the electronic contract when the verification passes;
and the second client subsystem is also used for displaying the contract plaintext so that a user can browse the contract plaintext, performing digital signature operation after confirming that the contract information in the contract plaintext is correct, and calling a digital certificate to complete signature based on the digital signature operation of the user.
In addition, to achieve the above object, the present invention further provides a multi-user online subscription method, where the multi-user online subscription method is based on a multi-user online subscription system, and the multi-user online subscription system includes: the system comprises a business processing subsystem and a client subsystem, wherein the client subsystem comprises: the multi-user online signing method comprises the following steps:
when the service processing subsystem receives a signing instruction, determining user identity information and service scene information according to the signing instruction, determining contract parameters and a contract template according to the user identity information and the service scene information, configuring the contract template according to the contract parameters to obtain a contract file, and sending the contract file to the first client subsystem;
the first client subsystem displays the contract file, acquires an electronic contract obtained after the user completes digital signature based on the contract file, and sends the electronic contract to the service processing subsystem;
the service processing subsystem randomly generates a secret key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the secret key, generates a file to be processed according to the electronic contract, the encrypted ciphertext and the secret key, obtains a public key corresponding to the second client subsystem, encrypts the file to be processed through an asymmetric encryption algorithm according to the public key, obtains an encrypted data packet, and sends the encrypted data packet to the second client subsystem;
the second client subsystem decrypts the encrypted data packet to obtain decrypted data, performs data verification on the decrypted data, extracts a contract plaintext from the decrypted data when the decrypted data passes the verification, calls a digital certificate based on the contract plaintext to complete signature, adds a timestamp, and uploads the signature to a distributed account book;
and after detecting that all contract signatory parties complete the signing process, the service processing subsystem stores the information in the signing process into the block chain node.
Optionally, the multi-user online subscription system further comprises a PKI subsystem;
when the service processing subsystem receives a signing instruction, determining user identity information and service scene information according to the signing instruction, determining contract parameters and a contract template according to the user identity information and the service scene information, configuring the contract template according to the contract parameters to obtain a contract file, and before sending the contract file to the first client subsystem, the method further comprises the following steps:
the client subsystem carries out user registration according to a registration request when receiving the registration request input by a user, carries out real-name authentication after the registration is finished, and displays authentication passing information when the real-name authentication passes;
the client subsystem sends a certificate application request and biological characteristic information to the service processing subsystem when receiving the certificate application request and the biological characteristic information input by a user;
the service processing subsystem determines personal information of a user according to the certificate application request, performs validity check on the personal information of the user and the biological characteristic information, generates a certificate issuing instruction when the validity check is passed, and sends the certificate issuing instruction to the PKI subsystem;
the PKI subsystem searches a CA mechanism based on the certificate issuing instruction, the CA mechanism issues digital certificates for the user and the server, and user identity information and a public key of user real-name authentication are stored in a blockchain;
correspondingly, when the service processing subsystem receives a signing instruction, determining user identity information and service scene information according to the signing instruction, including:
and when the service processing subsystem receives a signing instruction, acquiring user identity information from the block chain according to the signing instruction, and determining service scene information according to the signing instruction.
Optionally, the displaying, by the first client-side subsystem, the contract file, acquiring an electronic contract obtained after the user completes digital signature based on the contract file, and sending the electronic contract to the service processing subsystem, where the displaying, by the first client-side subsystem, includes:
the first client subsystem displays the contract file so that a user can browse the contract file and performs digital signature operation after confirming that contract information in the contract file is correct;
and the first client subsystem carries out digital signature on the contract file based on the digital signature operation of the user to obtain an electronic contract, stores the signature process, the electronic contract and the context in a distributed account book, and sends the electronic contract to a business processing subsystem for verification.
Optionally, before the randomly generating a key by the service processing subsystem, obtaining an encrypted ciphertext through a symmetric encryption algorithm according to the key, generating a to-be-processed file according to the electronic contract, the encrypted ciphertext, and the key, obtaining a public key corresponding to the second client subsystem, encrypting the to-be-processed file through an asymmetric encryption algorithm according to the public key, obtaining an encrypted data packet, and sending the encrypted data packet to the second client subsystem, the method further includes:
the business processing subsystem verifies the electronic contract, acquires a server digital certificate from a block chain when the electronic contract passes the verification, completes signature according to the server digital certificate, obtains a hash value through a hash encryption algorithm, takes the hash value as a digital fingerprint of the electronic contract, and encrypts the electronic contract according to the digital fingerprint to obtain an encrypted electronic contract;
correspondingly, the service processing subsystem randomly generates a key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, generates a file to be processed according to the electronic contract, the encrypted ciphertext and the key, obtains a public key corresponding to the second client subsystem, and encrypts the file to be processed through an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet, including:
the business processing subsystem randomly generates a 128-bit key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, and generates a file to be processed according to the encrypted electronic contract, the hash value, the encrypted ciphertext and the key;
and the service processing subsystem acquires a public key corresponding to the second client subsystem from the block chain, and encrypts the file to be processed through an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet.
Optionally, the decrypting the encrypted data packet by the second client-side subsystem to obtain decrypted data, performing data verification on the decrypted data, extracting a contract plaintext from the decrypted data when the data is verified, and calling a digital certificate based on the contract plaintext to complete the signature includes:
the second client subsystem acquires a private key corresponding to the public key, decrypts the encrypted data packet according to the private key to acquire decrypted data, extracts an electronic contract, a hash value, an encrypted ciphertext and a key from the decrypted data, performs data verification on the hash value, the encrypted ciphertext and the key, and extracts a contract plaintext from the electronic contract when the verification is passed;
and the second client subsystem displays the contract plaintext so that a user can browse the contract plaintext, performs digital signature operation after confirming that the contract information in the contract plaintext is correct, and calls a digital certificate to complete signature based on the digital signature operation of the user.
The multi-user online signing system provided by the invention comprises: the system comprises a service processing subsystem and a client subsystem, wherein the client subsystem comprises: a first client subsystem and a second client subsystem, wherein when the service processing subsystem receives a signing instruction, the service processing subsystem determines contract parameters and a contract template according to the signing instruction and generates a contract document, the first client subsystem displays the contract document, a user completes digital signature after confirming to obtain an electronic contract, the service processing subsystem randomly generates a secret key and obtains an encrypted ciphertext according to the secret key, generates a document to be processed according to the electronic contract, the encrypted ciphertext and the secret key, encrypts the document to be processed according to a public key of the second client subsystem to obtain an encrypted data packet, the second client subsystem decrypts the encrypted data packet and completes signature after data verification is carried out on decrypted data, and the service processing subsystem stores information in a signing flow into a block chain node after detecting that all contract signatories complete the signing flow, the information of each link in the signing process can be conveniently inquired in the block chain, so that the traceability of the signing process is improved, and the safety of online signing is further improved.
Drawings
Fig. 1 is a functional block diagram of a first embodiment of a multi-user online subscription system according to the present invention;
fig. 2 is a flowchart illustrating a first embodiment of a multi-user online subscription method according to the present invention;
fig. 3 is a flowchart illustrating a multi-user online subscription method according to a second embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a functional module schematic diagram of a multi-user online subscription system according to a first embodiment of the present invention. The multi-user online signing system comprises: a service processing subsystem 10 and a client subsystem 20, wherein the client subsystem 20 comprises: a first client subsystem and a second client subsystem;
the service processing subsystem 10 is configured to, when receiving a signing instruction, determine user identity information and service scenario information according to the signing instruction, determine contract parameters and a contract template according to the user identity information and the service scenario information, configure the contract template according to the contract parameters to obtain a contract file, and send the contract file to the first client subsystem.
It should be noted that PKI (public key infrastructure) is a foundation and a core for network-based application (e.g., internet banking and electronic commerce) security implementation, and adopts a digital certificate authentication technology to ensure the secure transmission of information and implement the validity and integrity of data through an x.509 standard digital certificate provided by a CA (certificate authority). Traditional PKI assumes that the CA authority is fully trusted, however, in practice, security and privacy incidents caused by forged or broken CA emerge endlessly, and in order to solve these problems, researchers have proposed various technical solutions such as independent key encryption techniques, increased certificate transparency, and so on.
The block chain (Blockchain) is a shared and non-tampered distributed book, and consists of a growing block list, wherein a block is a data structure used for recording transaction information of each block node within a certain time, and each block is linked to the previous block through a hash algorithm, so that data stored in the block is safe in nature and cannot be tampered. The block chain realizes cooperative trust and consistent action among a plurality of main bodies based on key technologies such as distributed data storage, consensus mechanism, encryption algorithm and the like, solves the problem of information asymmetry, and has the characteristics of whole-course trace retention, traceability, openness and transparency and the like.
The embodiment provides a novel PKI framework with certificate transparency based on the blockchain technology, and a unique and effective certificate verification process is provided, so that a forged certificate issued by a counterfeit CA (certificate authority) is avoided, and malicious attacks from a third party are eliminated. The multi-user online signing system and the multi-user online signing method based on the framework store digital certificates, user identity information, secret keys, electronic contract information and the like related in the signing process in a distributed account book, all data are shared by all participants, network space information is more transparent, and a complete and compliant contract signing process, data authentication, and data integrity, confidentiality and non-repudiation are realized. By providing an efficient, trusted certificate verification process, the traditional inadequacies and incompatibilities that result from different software vendor implementations are eliminated.
In this embodiment, a distributed ledger technology is used to implement x.509 certificate management, a distributed ledger of a block chain is used to manage an x.509 digital certificate issued by a CA organization, and any inappropriate behavior of a PKI participant is accurately detected while maintaining an existing PKI infrastructure, and the specific solution is as follows: all users in the blockchain, including individual users, group organizations and CA organizations, need to check the validity of the digital certificate; the structure of the checking stage is required to be stored in a distributed account book for sharing after the consensus of all users; the content stored in the ledger must remain unchanged and tamper-resistant.
The blockchain manages the x.509 certificates of user authentication membership and roles by executing smart contracts, accessing ledger data, only users having a digital certificate issued by one of the CA authorities configured in the blockchain can initiate the smart contract, each user having a private key and a public certificate issued by the blockchain. The block chain used comprises 3 classes of peer entities:
(1) a client: establishing security connection based on TLS (transport layer Security protocol) with a server, and receiving a server certificate;
(2) a server: synchronously issuing or revoking the certificate for the client when the server issues a new certificate or revokes the certificate;
(3) CA certification authority: and the system is responsible for issuing and revoking the X.509 digital certificate and carrying out validity check on the public key in the PKI system.
This embodiment also proposes a new consensus algorithm, considering that the goal is to prove to the user/client that an X.509 public key certificate is received (i.e. the protocol from the server is valid (correctly issued, not stolen, not cracked) and therefore unacceptable even with a small delay (20 seconds). according to this requirement, the new consensus algorithm has the following characteristics: the nodes participating in the consensus are a random subset of all nodes connected to the blockchain.
Assuming that the server is S, the x.509 digital certificate issued by the CA authority for the server is CA, and the ith client Ci is associated with the ith peer node of the blockchain. When the certificate validity is checked by the intelligent contract and returned to TRUE or FALSE, Ci accepts/rejects the CA certificate issued by S, that is, other nodes in the random node set selected by the consensus algorithm participate in consensus and give a result TRUE or FALSE, and writes the positive/negative attributes of the (S, CA) pair into the distributed book. When Ci connects to a bogus server S, its certificate is validated by the smart contract, judging the positive/negative attributes of (S, CA'):
(1) when the (S, CA') pair exists in the ledger and has a negative attribute, returning FALSE, namely the negative attribute;
(2) if the (S, CA) pair exists in the book and has a positive attribute, judging that the (S, CA') pair is a negative attribute, and returning FALSE, namely the negative attribute;
(3) and when no relevant record exists in the account book, entering a consensus stage.
It should be understood that, for the intelligent contract for verifying the validity of the certificate in the intelligent contract verification process in the present embodiment, the required parameters are the public key certificate, the server domain name, and the server IP. The status of the certificates within the blockchain may be determined by other intelligent contracts (i.e., when the CA revokes a certificate, the information will be stored in the blockchain using a particular intelligent contract). The detailed steps are as follows:
(1) the smart contract locally checks the tuples, in particular (certificate, domain name) tuples, to see if the certificate is in error in format, if the issued digital certificate is authentic, and if other static and structural checks are done. If the execution return status of the smart contract is FALSE, EXPIRED or MALFORM, the check result is FALSE and a simple log is added to the blockchain.
(2) The smart contract checks whether the tuple (certificate, domain name, IP address) is already present in the blockchain. Several cases indicate that tuples are already in the block chain:
(a) the certificate and the server exist in a block chain, and a tuple is written in a certificate issuing event;
(b) the tuple is marked as revoked or expired;
(c) in the past, the tuple is checked, and the result is TRUE/FALSE;
(d) tuples (certificate, domain name, IP) are in blockchain, IP addresses are different and have TRUE/FALSE verification results.
It should be understood that the client subsystem 20 in this embodiment includes a first client subsystem and a second client subsystem, and the first client subsystem and the second client subsystem respectively correspond to contract signing parties in a signing process, for example, a user a and a user b want to perform online signing, so that a terminal device used by the user a may be used as the first client subsystem, and a terminal device used by the user b may be used as the second client subsystem. Meanwhile, there may be more than two users during signing, but there are multiple users, for example, user a should sign on online with user b and user d, and then the terminal device used by user a may be used as the first client subsystem, and the terminal device used by user b and user d may be used as the second client subsystem. Further, in addition to the above two cases, there may be other cases where the users make online contracts, that is, the number of the first client subsystem and the second client subsystem is not fixed, which is not limited in this embodiment.
It can be understood that, after receiving the signing instruction, the service processing subsystem 10 determines the user identity information and the service scenario information according to the signing instruction, determines the contract parameters and the contract template according to the user identity information and the service scenario information, and configures the contract template according to the contract parameters to obtain the contract document. In a specific implementation, different contract templates may be preset according to different service scenarios, for example, a mortgage loan scenario corresponds to the mortgage loan contract template, a banking financing service scenario corresponds to the banking financing contract template, and the like, which is not limited in this embodiment.
The first client-side subsystem is further configured to display the contract document, obtain an electronic contract obtained after the user completes digital signature based on the contract document, and send the electronic contract to the service processing subsystem 10.
It should be understood that the first client subsystem may present the contract document to the user for browsing, and the user completes the digital signature to obtain the electronic contract after confirming that the contract information in the contract document is correct, and sends the electronic contract to the service processing subsystem 10.
Further, the first client-side subsystem is further configured to display the contract document, so that a user can browse the contract document and perform a digital signature operation after confirming that the contract information in the contract document is correct; the first client-side subsystem is further configured to perform digital signature on the contract file based on a digital signature operation of a user, obtain an electronic contract, store the signature process, the electronic contract and the context in a distributed ledger, and send the electronic contract to the business processing subsystem 10 for verification.
It can be understood that the first client subsystem may display the contract document, the user may browse the displayed contract document, and determine whether there is a problem in the contract information in the contract document, after determining that there is no error, perform a digital signature operation, and the first client subsystem performs a digital signature on the contract document in response to the digital signature operation of the user to obtain an electronic contract, where the electronic contract may be the contract document after the digital signature is completed. Meanwhile, the signature process, the electronic contract and the context can be stored in the distributed ledger, and the electronic contract is sent to the business processing subsystem 10 for verification.
The service processing subsystem 10 is further configured to randomly generate a key, obtain an encrypted ciphertext according to the key through a symmetric encryption algorithm, generate a to-be-processed file according to the electronic contract, the encrypted ciphertext and the key, obtain a public key corresponding to the second client subsystem, encrypt the to-be-processed file according to the public key through an asymmetric encryption algorithm, obtain an encrypted data packet, and send the encrypted data packet to the second client subsystem.
It should be understood that the service processing subsystem 10 may randomly generate a secret key, obtain an encrypted ciphertext through a symmetric encryption algorithm according to the secret key, generate a to-be-processed file according to the electronic contract, the encrypted ciphertext and the secret key, then obtain a public key corresponding to the second client subsystem, perform encryption to obtain an encrypted data packet, and improve the security of data verification through a multiple encryption manner.
Further, in order to further improve the security of data, an electronic contract may be encrypted by combining a hash value on the basis of the multiple encryption, the service processing subsystem 10 is further configured to verify the electronic contract, obtain a server digital certificate from a blockchain when the electronic contract passes the verification, complete a signature according to the server digital certificate, obtain a hash value through a hash encryption algorithm, use the hash value as a digital fingerprint of the electronic contract, and encrypt the electronic contract according to the digital fingerprint to obtain an encrypted electronic contract;
the business processing subsystem 10 is further configured to randomly generate a 128-bit key, obtain an encrypted ciphertext according to the key through a symmetric encryption algorithm, and generate a to-be-processed file according to the encrypted electronic contract, the hash value, the encrypted ciphertext, and the key;
the service processing subsystem 10 is further configured to obtain a public key corresponding to the second client subsystem from the block chain, and encrypt the to-be-processed file according to the public key through an asymmetric encryption algorithm to obtain an encrypted data packet.
It should be understood that, after receiving the electronic contract signed by the initiator and completing verification, the service processing subsystem 10 obtains the server digital certificate from the blockchain, completes signing according to the server digital certificate, obtains a hash value through a hash encryption algorithm, and encrypts the electronic contract as a data fingerprint of the electronic contract to obtain a confidential electronic contract.
It should be understood that the service processing subsystem 10 may randomly generate a 128-bit key, obtain an encrypted ciphertext through a symmetric encryption algorithm, integrate the encrypted electronic contract, the hash value, the encrypted ciphertext, and the key to form a file to be processed, obtain a public key of a receiver for encryption, complete encryption through an asymmetric encryption algorithm, and obtain a final encrypted data packet.
And the second client subsystem is used for decrypting the encrypted data packet to obtain decrypted data, performing data verification on the decrypted data, extracting a contract plaintext from the decrypted data when the data passes the verification, calling a digital certificate based on the contract plaintext to complete signature, adding a timestamp, and uploading the timestamp to a distributed account book.
It should be understood that the second client subsystem may decrypt the encrypted data packet to obtain encrypted data, and when the data verification passes, extract the contract plaintext from the decrypted data to display the user, call the digital certificate to complete signing, stamp the digital certificate, and upload the digital certificate to the distributed account book.
Further, the second client-side subsystem is further configured to obtain a private key corresponding to the public key, decrypt the encrypted data packet according to the private key, obtain decrypted data, extract an electronic contract, a hash value, an encrypted ciphertext, and a key from the decrypted data, perform data verification on the hash value, the encrypted ciphertext, and the key, and extract a contract plaintext from the electronic contract when the verification passes;
and the second client subsystem is also used for displaying the contract plaintext so that a user can browse the contract plaintext, performing digital signature operation after confirming that the contract information in the contract plaintext is correct, and calling a digital certificate to complete signature based on the digital signature operation of the user.
It should be understood that the second client subsystem may search for a private key corresponding to the public key, decrypt the encrypted data packet according to the private key, obtain decrypted data, and check validity of information in the packet, specifically, validity of a signature, whether a contract hash value is consistent, and the like. And when the verification is passed, extracting a contract plaintext from the electronic contract, displaying the same plaintext for a user to browse, calling a digital certificate to complete signature after the user browses the contract plaintext and determines that the contract information in the contract plaintext is correct, adding a timestamp, and uploading to a distributed account book.
The service processing subsystem 10 is further configured to store information in the signing flow into the block chain node after detecting that all contract signing parties complete the signing flow.
It should be understood that after all contract signatories are detected to complete the signing process, all information in the signing process, such as the document abstract, the fine system of the timestamp, the signer information and the like, is packaged and stored in the block link points, and when the signing information in the signing process needs to be searched, the signing information can be directly searched from the block link points. By the technical scheme in the embodiment, all links of the whole signing process can be traced, third party attack is eliminated, fake certificates issued by fake CA organizations are prevented from being received, the transparency of trusted digital certificate management is realized, the electronic contract is ensured not to be falsified, and the evidence obtaining and business exchange of interest relevant parties are facilitated.
In specific implementation, the technical scheme of the embodiment can be applied to a mortgage loan scene, so that a plurality of associated users such as a main borrower and a common borrower can complete on-line confirmation and signing of contracts, and the personalized display of contract information is realized through a custom contract template, identity-based contract parameters and a user signing sequence in a contract parameterization configuration module of a service system. Paper contracts without handwritten signatures may be questioned by the classification authorities, affecting the registration and acquisition of the mortgage right. By the block chain technology introduced by the embodiment, the contract information is stored in the distributed account book of the block chain, and the safety and the integrity of the contract information are ensured.
In this embodiment, when the service processing subsystem 10 receives a signing instruction, determining contract parameters and a contract template according to the signing instruction and generating a contract document, the first client subsystem displays the contract document, the user completes digital signature after confirming to obtain an electronic contract, the service processing subsystem 10 randomly generates a key and obtains an encrypted ciphertext according to the key, generates a document to be processed according to the electronic contract, the encrypted ciphertext and the key, encrypts the document to be processed according to a public key of the second client subsystem to obtain an encrypted data packet, the second client subsystem decrypts the encrypted data packet and completes signature after data verification of decrypted data, the service processing subsystem 10 stores information in a signing flow into block link points after detecting that all contract signing parties complete the signing flow, and information of each link in the signing process can be conveniently inquired in a block chain, thereby improving the traceability of the signing process and further improving the safety of online signing.
Further, the multi-user online signing system also comprises a PKI subsystem;
the client subsystem 20 is configured to, when receiving a registration request input by a user, perform user registration according to the registration request, perform real-name authentication after the registration is completed, and display authentication passing information when the real-name authentication passes;
the client subsystem 20 is further configured to send a certificate application request and biometric information to the service processing subsystem 10 when receiving a certificate application request and biometric information input by a user;
the service processing subsystem 10 is configured to determine personal information of a user according to the certificate application request, perform validity check on the personal information of the user and the biometric information, generate a certificate issuance instruction when the validity check is passed, and send the certificate issuance instruction to the PKI subsystem;
the PKI subsystem is also used for searching a CA mechanism based on the certificate issuing instruction, issuing digital certificates for the user and the server by the CA mechanism, and storing user identity information and a public key of user real-name authentication in a blockchain;
the service processing subsystem 10 is further configured to, when receiving a subscription instruction, obtain user identity information from the block chain according to the subscription instruction, and determine service scenario information according to the subscription instruction.
It should be noted that the multi-user online subscription system in this embodiment includes a PKI subsystem in addition to the client subsystem 20 and the service processing subsystem 10. Client subsystem 20 includes user registration, user login, contract browsing, contract signing/returning, and the like. And collecting the user identity information and sending the user identity information to a service system for identity verification, and displaying the contract details to be signed for the user after the verification is passed. Identity information comprises identity card photos, confidential problems, mobile phone numbers, account information and the like, and user information collection is carried out by adopting multiple means, multiple angles and multiple channels, so that the identity counterfeiting difficulty and the resistance to denial are improved. The contract browsing, signing and returning functions are provided for the user, and when the contract is browsed and the related information is in question, the contract can be returned and the reason for returning can be filled.
The service processing subsystem 10 includes functions of identity information verification, data consistency verification, contract parameterization configuration and the like, and can support the realization of parallel signing by a plurality of associated parties of the same service. The method comprises the steps of checking user identity information by means of OCR (optical character recognition) and networking check, checking answers to confidential questions, checking dynamic verification codes of mobile phones, checking a Unionpay system and the like, matching relevant data according to user identities and service scenes and completing contract parameterization configuration if the user identities and the service scenes pass the check, generating a final contract file and sending the final contract file to a client, signing and encrypting the contract after the user signs, and sending the contract file to a PKI (public key infrastructure) subsystem based on a block chain for storage.
The PKI subsystem provides functions of digital certificate management, consensus mechanism, intelligent contracts, distributed accounts and the like, and is used for digital certificate issuance/revocation and electronic contract storage/forensics. The distributed ledger is used for storing various information such as user certificates, keys, CRLs (certificate revocation lists), logs, and the like. And meanwhile, an API interface is provided for the application system, and comprises a distributed account book API and an intelligent contract API, and the API is used for realizing interaction between the business application and the block chain platform.
The user can register in the client subsystem 20, then perform real-name authentication and pass, and the user submits a certificate application through the client system and provides the biological characteristics of the user.
It should be understood that the client subsystem 20, upon receiving the certificate request and biometric information input by the user, may send such information to the business process subsystem 10 for subsequent processing.
It is understood that the service processing subsystem 10 can determine the personal information of the user according to the request for the certificate application, perform validity check on the personal information of the user and the biometric information, generate a certificate issuing instruction when the validity check is passed, and issue the digital certificate according to the certificate issuing instruction by the PKI subsystem.
It can be understood that, after the business processing subsystem 10 checks the validity of the personal information and the biological characteristics of the user, the PKI subsystem is invoked, a trusted CA organization issues digital certificates for the user and the server, and the identity information and the public key of the real-name authentication of the user are stored in the blockchain.
It should be understood that, since the user identity information is stored in the blockchain, the service processing subsystem 10 can obtain the user identity information from the blockchain according to the subscription instruction, thereby improving the security of information acquisition.
In this embodiment, when the user registers, after the business processing subsystem 10 verifies the validity of the personal information and the biometric feature of the user, the PKI subsystem is invoked, a trusted CA organization issues digital certificates for the user and the server, and the identity information and the public key of the user real-name authentication are stored in the blockchain, which further improves the security of information acquisition.
Referring to fig. 2, the present invention provides a multi-user online subscription method, where the multi-user online subscription method is based on a multi-user online subscription system, and the multi-user online subscription system includes: the system comprises a business processing subsystem and a client subsystem, wherein the client subsystem comprises: the multi-user online signing method comprises the following steps:
step S10, when the service processing subsystem receives the signing instruction, determining user identity information and service scenario information according to the signing instruction, determining contract parameters and a contract template according to the user identity information and the service scenario information, configuring the contract template according to the contract parameters to obtain a contract file, and sending the contract file to the first client subsystem.
It should be noted that PKI (public key infrastructure) is a foundation and a core for network-based application (e.g., internet banking and electronic commerce) security implementation, and adopts a digital certificate authentication technology to ensure the secure transmission of information and implement the validity and integrity of data through an x.509 standard digital certificate provided by a CA (certificate authority). Traditional PKI assumes that the CA authority is fully trusted, however, in practice, security and privacy incidents caused by forged or broken CA emerge endlessly, and in order to solve these problems, researchers have proposed various technical solutions such as independent key encryption techniques, increased certificate transparency, and so on.
The block chain (Blockchain) is a shared and non-tampered distributed book, and consists of a growing block list, wherein a block is a data structure used for recording transaction information of each block node within a certain time, and each block is linked to the previous block through a hash algorithm, so that data stored in the block is safe in nature and cannot be tampered. The block chain realizes cooperative trust and consistent action among a plurality of main bodies based on key technologies such as distributed data storage, consensus mechanism, encryption algorithm and the like, solves the problem of information asymmetry, and has the characteristics of whole-course trace retention, traceability, openness and transparency and the like.
The embodiment provides a novel PKI framework with certificate transparency based on the blockchain technology, and a unique and effective certificate verification process is provided, so that a forged certificate issued by a counterfeit CA (certificate authority) is avoided, and malicious attacks from a third party are eliminated. The multi-user online signing system and the multi-user online signing method based on the framework store digital certificates, user identity information, secret keys, electronic contract information and the like related in the signing process in a distributed account book, all data are shared by all participants, network space information is more transparent, and a complete and compliant contract signing process, data authentication, and data integrity, confidentiality and non-repudiation are realized. By providing an efficient, trusted certificate verification process, the traditional inadequacies and incompatibilities that result from different software vendor implementations are eliminated.
In this embodiment, a distributed ledger technology is used to implement x.509 certificate management, a distributed ledger of a block chain is used to manage an x.509 digital certificate issued by a CA organization, and any inappropriate behavior of a PKI participant is accurately detected while maintaining an existing PKI infrastructure, and the specific solution is as follows: all users in the blockchain, including individual users, group organizations and CA organizations, need to check the validity of the digital certificate; the structure of the checking stage is required to be stored in a distributed account book for sharing after the consensus of all users; the content stored in the ledger must remain unchanged and tamper-resistant.
The blockchain manages the x.509 certificates of user authentication membership and roles by executing smart contracts, accessing ledger data, only users having a digital certificate issued by one of the CA authorities configured in the blockchain can initiate the smart contract, each user having a private key and a public certificate issued by the blockchain. The block chain used comprises 3 classes of peer entities:
(1) a client: establishing security connection based on TLS (transport layer Security protocol) with a server, and receiving a server certificate;
(2) a server: synchronously issuing or revoking the certificate for the client when the server issues a new certificate or revokes the certificate;
(3) CA certification authority: and the system is responsible for issuing and revoking the X.509 digital certificate and carrying out validity check on the public key in the PKI system.
This embodiment also proposes a new consensus algorithm, considering that the goal is to prove to the user/client that an X.509 public key certificate is received (i.e. the protocol from the server is valid (correctly issued, not stolen, not cracked) and therefore unacceptable even with a small delay (20 seconds). according to this requirement, the new consensus algorithm has the following characteristics: the nodes participating in the consensus are a random subset of all nodes connected to the blockchain.
Assuming that the server is S, the x.509 digital certificate issued by the CA authority for the server is CA, and the ith client Ci is associated with the ith peer node of the blockchain. When the certificate validity is checked by the intelligent contract and returned to TRUE or FALSE, Ci accepts/rejects the CA certificate issued by S, that is, other nodes in the random node set selected by the consensus algorithm participate in consensus and give a result TRUE or FALSE, and writes the positive/negative attributes of the (S, CA) pair into the distributed book. When Ci connects to a bogus server S, its certificate is validated by the smart contract, judging the positive/negative attributes of (S, CA'):
(1) when the (S, CA') pair exists in the ledger and has a negative attribute, returning FALSE, namely the negative attribute;
(2) if the (S, CA) pair exists in the book and has a positive attribute, judging that the (S, CA') pair is a negative attribute, and returning FALSE, namely the negative attribute;
(3) and when no relevant record exists in the account book, entering a consensus stage.
It should be understood that, for the intelligent contract for verifying the validity of the certificate in the intelligent contract verification process in the present embodiment, the required parameters are the public key certificate, the server domain name, and the server IP. The status of the certificates within the blockchain may be determined by other intelligent contracts (i.e., when the CA revokes a certificate, the information will be stored in the blockchain using a particular intelligent contract). The detailed steps are as follows:
(1) the smart contract locally checks the tuples, in particular (certificate, domain name) tuples, to see if the certificate is in error in format, if the issued digital certificate is authentic, and if other static and structural checks are done. If the execution return status of the smart contract is FALSE, EXPIRED or MALFORM, the check result is FALSE and a simple log is added to the blockchain.
(2) The smart contract checks whether the tuple (certificate, domain name, IP address) is already present in the blockchain. Several cases indicate that tuples are already in the block chain:
(a) the certificate and the server exist in a block chain, and a tuple is written in a certificate issuing event;
(b) the tuple is marked as revoked or expired;
(c) in the past, the tuple is checked, and the result is TRUE/FALSE;
(d) tuples (certificate, domain name, IP) are in blockchain, IP addresses are different and have TRUE/FALSE verification results.
It should be understood that the client subsystems in this embodiment include a first client subsystem and a second client subsystem, and the first client subsystem and the second client subsystem respectively correspond to contract signatures in a signing process, for example, a user a and a user b want to sign online, so that a terminal device used by the user a may be used as the first client subsystem, and a terminal device used by the user b may be used as the second client subsystem. Meanwhile, there may be more than two users during signing, but there are multiple users, for example, user a should sign on online with user b and user d, and then the terminal device used by user a may be used as the first client subsystem, and the terminal device used by user b and user d may be used as the second client subsystem. Further, in addition to the above two cases, there may be other cases where the users make online contracts, that is, the number of the first client subsystem and the second client subsystem is not fixed, which is not limited in this embodiment.
It can be understood that, when the service processing subsystem receives the signing instruction, the user identity information and the service scenario information are determined according to the signing instruction, the contract parameters and the contract template are determined according to the user identity information and the service scenario information, and the contract template is configured according to the contract parameters to obtain the contract document. In a specific implementation, different contract templates may be preset according to different service scenarios, for example, a mortgage loan scenario corresponds to the mortgage loan contract template, a banking financing service scenario corresponds to the banking financing contract template, and the like, which is not limited in this embodiment.
Step S20, the first client-side subsystem displays the contract document, obtains an electronic contract obtained after the user completes digital signature based on the contract document, and sends the electronic contract to the service processing subsystem.
It should be understood that the first client-side subsystem may display the contract document to the user for browsing, and the user completes the digital signature to obtain the electronic contract after confirming that the contract information in the contract document is correct, and sends the electronic contract to the service processing subsystem.
Further, the step S20 includes:
the first client subsystem displays the contract file so that a user can browse the contract file and performs digital signature operation after confirming that contract information in the contract file is correct; and the first client subsystem carries out digital signature on the contract file based on the digital signature operation of the user to obtain an electronic contract, stores the signature process, the electronic contract and the context in a distributed account book, and sends the electronic contract to a business processing subsystem for verification.
It can be understood that the first client subsystem may display the contract document, the user may browse the displayed contract document, and determine whether there is a problem in the contract information in the contract document, after determining that there is no error, perform a digital signature operation, and the first client subsystem performs a digital signature on the contract document in response to the digital signature operation of the user to obtain an electronic contract, where the electronic contract may be the contract document after the digital signature is completed. Meanwhile, the signature process, the electronic contract and the context can be stored in the distributed account book, and the electronic contract is sent to the business processing subsystem for verification.
Step S30, the service processing subsystem randomly generates a key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, generates a to-be-processed file according to the electronic contract, the encrypted ciphertext, and the key, obtains a public key corresponding to the second client subsystem, encrypts the to-be-processed file through an asymmetric encryption algorithm according to the public key, obtains an encrypted data packet, and sends the encrypted data packet to the second client subsystem.
It should be understood that the service processing subsystem may randomly generate a key, obtain an encrypted ciphertext according to the key through a symmetric encryption algorithm, generate a to-be-processed file according to the electronic contract, the encrypted ciphertext, and the key, then obtain a public key corresponding to the second client subsystem, perform encryption to obtain an encrypted data packet, and improve security of data verification through a multiple encryption manner.
Further, in order to further improve the data security, the electronic contract may be encrypted by combining a hash value with the multiple encryption, and before the step S30, the method further includes:
and the business processing subsystem verifies the electronic contract, acquires a server digital certificate from a block chain when the electronic contract passes the verification, completes signature according to the server digital certificate, obtains a hash value through a hash encryption algorithm, takes the hash value as a digital fingerprint of the electronic contract, and encrypts the electronic contract according to the digital fingerprint to obtain the encrypted electronic contract.
It should be understood that, after receiving the electronic contract signed by the initiator and completing verification, the service processing subsystem acquires the server digital certificate from the blockchain, completes signing according to the server digital certificate, obtains a hash value through a hash encryption algorithm, and encrypts the electronic contract as a data fingerprint of the electronic contract to obtain a confidential electronic contract.
Correspondingly, the service processing subsystem randomly generates a key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, generates a file to be processed according to the electronic contract, the encrypted ciphertext and the key, obtains a public key corresponding to the second client subsystem, and encrypts the file to be processed through an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet, including:
the business processing subsystem randomly generates a 128-bit key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, generates a to-be-processed file according to the encrypted electronic contract, the hash value, the encrypted ciphertext and the key, obtains a public key corresponding to the second client subsystem from the block chain, and encrypts the to-be-processed file through an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet.
It should be understood that the service processing subsystem may randomly generate a 128-bit key, obtain an encrypted ciphertext through a symmetric encryption algorithm, integrate the encrypted electronic contract, the hash value, the encrypted ciphertext, and the key to form a file to be processed, obtain a public key of a receiver to encrypt, complete encryption through an asymmetric encryption algorithm, and obtain a final encrypted data packet.
And step S40, the second client subsystem decrypts the encrypted data packet to obtain decrypted data, performs data verification on the decrypted data, extracts a contract plaintext from the decrypted data when the decrypted data passes the verification, calls a digital certificate based on the contract plaintext to complete signature, adds a timestamp, and uploads the timestamp to the distributed account book.
It should be understood that the second client subsystem may decrypt the encrypted data packet to obtain encrypted data, and when the data verification passes, extract the contract plaintext from the decrypted data to display the user, call the digital certificate to complete signing, stamp the digital certificate, and upload the digital certificate to the distributed account book.
Further, the second client-side subsystem decrypts the encrypted data packet to obtain decrypted data, performs data verification on the decrypted data, extracts a contract plaintext from the decrypted data when the data is verified, and calls a digital certificate to complete signature based on the contract plaintext, including:
the second client subsystem acquires a private key corresponding to the public key, decrypts the encrypted data packet according to the private key to acquire decrypted data, extracts an electronic contract, a hash value, an encrypted ciphertext and a key from the decrypted data, performs data verification on the hash value, the encrypted ciphertext and the key, and extracts a contract plaintext from the electronic contract when the verification is passed; and the second client subsystem displays the contract plaintext so that a user can browse the contract plaintext, performs digital signature operation after confirming that the contract information in the contract plaintext is correct, and calls a digital certificate to complete signature based on the digital signature operation of the user.
It should be understood that the second client subsystem may search for a private key corresponding to the public key, decrypt the encrypted data packet according to the private key, obtain decrypted data, and check validity of information in the packet, specifically, validity of a signature, whether a contract hash value is consistent, and the like. And when the verification is passed, extracting a contract plaintext from the electronic contract, displaying the same plaintext for a user to browse, calling a digital certificate to complete signature after the user browses the contract plaintext and determines that the contract information in the contract plaintext is correct, adding a timestamp, and uploading to a distributed account book.
And step S50, the service processing subsystem stores the information in the signing flow into the block chain node after detecting that all contract signing parties complete the signing flow.
It should be understood that after all contract signatories are detected to complete the signing process, all information in the signing process, such as the document abstract, the fine system of the timestamp, the signer information and the like, is packaged and stored in the block link points, and when the signing information in the signing process needs to be searched, the signing information can be directly searched from the block link points. By the technical scheme in the embodiment, all links of the whole signing process can be traced, third party attack is eliminated, fake certificates issued by fake CA organizations are prevented from being received, the transparency of trusted digital certificate management is realized, the electronic contract is ensured not to be falsified, and the evidence obtaining and business exchange of interest relevant parties are facilitated.
In specific implementation, the technical scheme of the embodiment can be applied to a mortgage loan scene, so that a plurality of associated users such as a main borrower and a common borrower can complete on-line confirmation and signing of contracts, and the personalized display of contract information is realized through a custom contract template, identity-based contract parameters and a user signing sequence in a contract parameterization configuration module of a service system. Paper contracts without handwritten signatures may be questioned by the classification authorities, affecting the registration and acquisition of the mortgage right. By the block chain technology introduced by the embodiment, the contract information is stored in the distributed account book of the block chain, and the safety and the integrity of the contract information are ensured.
In this embodiment, when the business processing subsystem receives the signing instruction, the business processing subsystem determines contract parameters and a contract template according to the signing instruction and generates a contract file, the first client subsystem displays the contract file, the user completes digital signature after confirming to obtain an electronic contract, the business processing subsystem randomly generates a secret key and obtains an encrypted ciphertext according to the secret key, generates a file to be processed according to the electronic contract, the encrypted ciphertext and the secret key, encrypts the file to be processed according to a public key of the second client subsystem to obtain an encrypted data packet, the second client subsystem decrypts the encrypted data packet and completes signature after data verification of the decrypted data, the business processing subsystem stores information in a signing process into block chain nodes after detecting that all contract signing parties complete the signing process, and information of each link in the signing process can be conveniently inquired in the block chain, thereby improving the traceability of the signing process and further improving the safety of online signing.
Further, as shown in fig. 3, a second embodiment of the multi-user online subscription method according to the present invention is proposed based on the first embodiment, in this embodiment, the multi-user online subscription system further includes a PKI subsystem, and before the step S10, the method further includes:
and step S01, when receiving a registration request input by a user, the client subsystem registers the user according to the registration request, performs real-name authentication after the registration is completed, and displays authentication passing information when the real-name authentication passes.
It should be noted that the multi-user online subscription system in this embodiment includes a PKI subsystem in addition to the client subsystem and the service processing subsystem. The client subsystem includes functions of user registration, user login, contract browsing, contract signing/returning, and the like. And collecting the user identity information and sending the user identity information to a service system for identity verification, and displaying the contract details to be signed for the user after the verification is passed. Identity information comprises identity card photos, confidential problems, mobile phone numbers, account information and the like, and user information collection is carried out by adopting multiple means, multiple angles and multiple channels, so that the identity counterfeiting difficulty and the resistance to denial are improved. The contract browsing, signing and returning functions are provided for the user, and when the contract is browsed and the related information is in question, the contract can be returned and the reason for returning can be filled.
The service processing subsystem comprises functions of identity information verification, data consistency verification, contract parameterization configuration and the like, and can support the realization of parallel signing by a plurality of related parties of the same service. The method comprises the steps of checking user identity information by means of OCR (optical character recognition) and networking check, checking answers to confidential questions, checking dynamic verification codes of mobile phones, checking a Unionpay system and the like, matching relevant data according to user identities and service scenes and completing contract parameterization configuration if the user identities and the service scenes pass the check, generating a final contract file and sending the final contract file to a client, signing and encrypting the contract after the user signs, and sending the contract file to a PKI (public key infrastructure) subsystem based on a block chain for storage.
The PKI subsystem provides functions of digital certificate management, consensus mechanism, intelligent contracts, distributed accounts and the like, and is used for digital certificate issuance/revocation and electronic contract storage/forensics. The distributed ledger is used for storing various information such as user certificates, keys, CRLs (certificate revocation lists), logs, and the like. And meanwhile, an API interface is provided for the application system, and comprises a distributed account book API and an intelligent contract API, and the API is used for realizing interaction between the business application and the block chain platform.
The user can register in the client subsystem, then carry out real-name authentication and pass, and the user submits a certificate application through the client system and provides the biological characteristics of the user.
Step S02, when receiving the certificate request and the biometric information input by the user, the client-side subsystem sends the certificate request and the biometric information to the service processing subsystem.
It should be appreciated that the client subsystem, upon receiving the user-entered certificate request and biometric information, may send such information to the business process subsystem for subsequent processing.
Step S03, the service processing subsystem determines the user personal information according to the certificate application request, checks the validity of the user personal information and the biological characteristic information, generates a certificate issuing instruction when the validity check is passed, and sends the certificate issuing instruction to the PKI subsystem.
It can be understood that the service processing subsystem can determine the personal information of the user according to the certificate application request, perform validity check on the personal information of the user and the biological characteristic information, generate a certificate issuing instruction when the validity check is passed, and issue the digital certificate according to the certificate issuing instruction by the PKI subsystem.
Step S04, the PKI subsystem searches a CA mechanism based on the certificate issuing instruction, the CA mechanism issues digital certificates for the user and the server, and the user identity information and the public key of the user real-name authentication are stored in the blockchain.
It can be understood that after the business processing subsystem checks the validity of the personal information and the biological characteristics of the user, the PKI subsystem is called, a trusted CA (certificate authority) organization issues digital certificates for the user and the server, and the identity information and the public key of the real-name authentication of the user are stored in the block chain.
Accordingly, the step S10 includes:
step S101, when the service processing subsystem receives a signing instruction, user identity information is obtained from the block chain according to the signing instruction, service scene information is determined according to the signing instruction, contract parameters and a contract template are determined according to the user identity information and the service scene information, the contract template is configured according to the contract parameters, a contract file is obtained, and the contract file is sent to the first client subsystem.
It should be understood that, since the user identity information is stored in the blockchain, the service processing subsystem can acquire the user identity information from the blockchain according to the subscription instruction, thereby improving the security of information acquisition.
In this embodiment, when the user registers, the service processing subsystem performs validity verification on the personal information and the biological features of the user, and then invokes the PKI subsystem, the trusted CA organization issues digital certificates for the user and the server, and stores the identity information and the public key of the user real-name authentication in the blockchain, thereby further improving the security of information acquisition.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a computer-readable storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above, and includes several instructions for enabling an intelligent terminal (which may be a mobile phone, a computer, a terminal, an air conditioner, or a network terminal) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A multi-user online subscription system, comprising: the system comprises a business processing subsystem and a client subsystem, wherein the client subsystem comprises: a first client subsystem and a second client subsystem;
the service processing subsystem is used for determining user identity information and service scene information according to a signing instruction when the signing instruction is received, determining contract parameters and a contract template according to the user identity information and the service scene information, configuring the contract template according to the contract parameters to obtain a contract file, and sending the contract file to the first client subsystem;
the first client subsystem is further configured to display the contract file, acquire an electronic contract obtained after the user completes digital signature based on the contract file, and send the electronic contract to the service processing subsystem;
the business processing subsystem is further used for randomly generating a secret key, obtaining an encrypted ciphertext through a symmetric encryption algorithm according to the secret key, generating a file to be processed according to the electronic contract, the encrypted ciphertext and the secret key, obtaining a public key corresponding to the second client subsystem, encrypting the file to be processed through an asymmetric encryption algorithm according to the public key, obtaining an encrypted data packet, and sending the encrypted data packet to the second client subsystem;
the second client subsystem is used for decrypting the encrypted data packet to obtain decrypted data, performing data verification on the decrypted data, extracting a contract plaintext from the decrypted data when the data passes the verification, calling a digital certificate based on the contract plaintext to complete signature, adding a timestamp, and uploading the signature to a distributed account book;
and the service processing subsystem is also used for storing the information in the signing flow into the block chain node after detecting that all contract signing parties complete the signing flow.
2. The multi-user online subscription system of claim 1, wherein the multi-user online subscription system further comprises a PKI subsystem;
the client subsystem is used for registering the user according to the registration request when receiving the registration request input by the user, performing real-name authentication after the registration is completed, and displaying authentication passing information when the real-name authentication passes;
the client subsystem is further used for sending the certificate application request and the biological characteristic information to the service processing subsystem when receiving the certificate application request and the biological characteristic information input by a user;
the business processing subsystem is used for determining the personal information of the user according to the certificate application request, verifying the validity of the personal information of the user and the biological characteristic information, generating a certificate issuing instruction when the validity verification passes, and sending the certificate issuing instruction to the PKI subsystem;
the PKI subsystem is also used for searching a CA mechanism based on the certificate issuing instruction, issuing digital certificates for the user and the server by the CA mechanism, and storing user identity information and a public key of user real-name authentication in a blockchain;
and the service processing subsystem is also used for acquiring user identity information from the block chain according to the signing instruction and determining service scene information according to the signing instruction when receiving the signing instruction.
3. The multi-user online signing system of claim 2, wherein the first client subsystem is further configured to display the contract document, so that a user can browse the contract document and perform a digital signature operation after confirming that the contract information in the contract document is error-free;
the first client subsystem is further configured to perform digital signature on the contract file based on a digital signature operation of a user to obtain an electronic contract, store the signature process, the electronic contract and the context in a distributed account book, and send the electronic contract to the business processing subsystem for verification.
4. The multi-user online signing system of claim 3, wherein the business processing subsystem is further configured to verify the electronic contract, and when the electronic contract passes the verification, obtain a server digital certificate from a blockchain, complete signing according to the server digital certificate, obtain a hash value through a hash encryption algorithm, use the hash value as a digital fingerprint of the electronic contract, and encrypt the electronic contract according to the digital fingerprint to obtain an encrypted electronic contract;
the business processing subsystem is also used for randomly generating a 128-bit key, obtaining an encrypted ciphertext through a symmetric encryption algorithm according to the key, and generating a file to be processed according to the encrypted electronic contract, the hash value, the encrypted ciphertext and the key;
and the service processing subsystem is further configured to obtain a public key corresponding to the second client subsystem from the block chain, and encrypt the file to be processed by an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet.
5. The multi-user online signing system of claim 4, wherein the second client subsystem is further configured to obtain a private key corresponding to the public key, decrypt the encrypted data packet according to the private key to obtain decrypted data, extract an electronic contract, a hash value, an encrypted ciphertext, and a key from the decrypted data, perform data verification on the hash value, the encrypted ciphertext, and the key, and extract a contract plaintext from the electronic contract when the verification is passed;
and the second client subsystem is also used for displaying the contract plaintext so that a user can browse the contract plaintext, performing digital signature operation after confirming that the contract information in the contract plaintext is correct, and calling a digital certificate to complete signature based on the digital signature operation of the user.
6. A multi-user online signing method is characterized in that the multi-user online signing method is based on a multi-user online signing system, and the multi-user online signing system comprises: the system comprises a business processing subsystem and a client subsystem, wherein the client subsystem comprises: the multi-user online signing method comprises the following steps:
when the service processing subsystem receives a signing instruction, determining user identity information and service scene information according to the signing instruction, determining contract parameters and a contract template according to the user identity information and the service scene information, configuring the contract template according to the contract parameters to obtain a contract file, and sending the contract file to the first client subsystem;
the first client subsystem displays the contract file, acquires an electronic contract obtained after the user completes digital signature based on the contract file, and sends the electronic contract to the service processing subsystem;
the service processing subsystem randomly generates a secret key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the secret key, generates a file to be processed according to the electronic contract, the encrypted ciphertext and the secret key, obtains a public key corresponding to the second client subsystem, encrypts the file to be processed through an asymmetric encryption algorithm according to the public key, obtains an encrypted data packet, and sends the encrypted data packet to the second client subsystem;
the second client subsystem decrypts the encrypted data packet to obtain decrypted data, performs data verification on the decrypted data, extracts a contract plaintext from the decrypted data when the decrypted data passes the verification, calls a digital certificate based on the contract plaintext to complete signature, adds a timestamp, and uploads the signature to a distributed account book;
and after detecting that all contract signatory parties complete the signing process, the service processing subsystem stores the information in the signing process into the block chain node.
7. The multi-user online subscription method of claim 6, wherein said multi-user online subscription system further comprises a PKI subsystem;
when the service processing subsystem receives a signing instruction, determining user identity information and service scene information according to the signing instruction, determining contract parameters and a contract template according to the user identity information and the service scene information, configuring the contract template according to the contract parameters to obtain a contract file, and before sending the contract file to the first client subsystem, the method further comprises the following steps:
the client subsystem carries out user registration according to a registration request when receiving the registration request input by a user, carries out real-name authentication after the registration is finished, and displays authentication passing information when the real-name authentication passes;
the client subsystem sends a certificate application request and biological characteristic information to the service processing subsystem when receiving the certificate application request and the biological characteristic information input by a user;
the service processing subsystem determines personal information of a user according to the certificate application request, performs validity check on the personal information of the user and the biological characteristic information, generates a certificate issuing instruction when the validity check is passed, and sends the certificate issuing instruction to the PKI subsystem;
the PKI subsystem searches a CA mechanism based on the certificate issuing instruction, the CA mechanism issues digital certificates for the user and the server, and user identity information and a public key of user real-name authentication are stored in a blockchain;
correspondingly, when the service processing subsystem receives a signing instruction, determining user identity information and service scene information according to the signing instruction, including:
and when the service processing subsystem receives a signing instruction, acquiring user identity information from the block chain according to the signing instruction, and determining service scene information according to the signing instruction.
8. The multi-user online signing method of claim 7, wherein the first client subsystem displays the contract document, obtains an electronic contract obtained by the user after completing digital signature based on the contract document, and sends the electronic contract to the business processing subsystem, and the method comprises:
the first client subsystem displays the contract file so that a user can browse the contract file and performs digital signature operation after confirming that contract information in the contract file is correct;
and the first client subsystem carries out digital signature on the contract file based on the digital signature operation of the user to obtain an electronic contract, stores the signature process, the electronic contract and the context in a distributed account book, and sends the electronic contract to a business processing subsystem for verification.
9. The multi-user online signing method of claim 8, wherein before the service processing subsystem randomly generates a key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, generates a to-be-processed file according to the electronic contract, the encrypted ciphertext and the key, obtains a public key corresponding to the second client subsystem, encrypts the to-be-processed file through an asymmetric encryption algorithm according to the public key, obtains an encrypted data packet, and sends the encrypted data packet to the second client subsystem, the method further comprises:
the business processing subsystem verifies the electronic contract, acquires a server digital certificate from a block chain when the electronic contract passes the verification, completes signature according to the server digital certificate, obtains a hash value through a hash encryption algorithm, takes the hash value as a digital fingerprint of the electronic contract, and encrypts the electronic contract according to the digital fingerprint to obtain an encrypted electronic contract;
correspondingly, the service processing subsystem randomly generates a key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, generates a file to be processed according to the electronic contract, the encrypted ciphertext and the key, obtains a public key corresponding to the second client subsystem, and encrypts the file to be processed through an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet, including:
the business processing subsystem randomly generates a 128-bit key, obtains an encrypted ciphertext through a symmetric encryption algorithm according to the key, and generates a file to be processed according to the encrypted electronic contract, the hash value, the encrypted ciphertext and the key;
and the service processing subsystem acquires a public key corresponding to the second client subsystem from the block chain, and encrypts the file to be processed through an asymmetric encryption algorithm according to the public key to obtain an encrypted data packet.
10. The multi-user online signing method of claim 9, wherein the second client subsystem decrypts the encrypted data packet to obtain decrypted data, performs data verification on the decrypted data, extracts contract plaintext from the decrypted data when the data verification is passed, and invokes a digital certificate based on the contract plaintext to complete signing, comprising:
the second client subsystem acquires a private key corresponding to the public key, decrypts the encrypted data packet according to the private key to acquire decrypted data, extracts an electronic contract, a hash value, an encrypted ciphertext and a key from the decrypted data, performs data verification on the hash value, the encrypted ciphertext and the key, and extracts a contract plaintext from the electronic contract when the verification is passed;
and the second client subsystem displays the contract plaintext so that a user can browse the contract plaintext, performs digital signature operation after confirming that the contract information in the contract plaintext is correct, and calls a digital certificate to complete signature based on the digital signature operation of the user.
CN202011280123.7A 2020-11-16 2020-11-16 Multi-user online signing system and method Active CN112487778B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011280123.7A CN112487778B (en) 2020-11-16 2020-11-16 Multi-user online signing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011280123.7A CN112487778B (en) 2020-11-16 2020-11-16 Multi-user online signing system and method

Publications (2)

Publication Number Publication Date
CN112487778A true CN112487778A (en) 2021-03-12
CN112487778B CN112487778B (en) 2024-06-25

Family

ID=74931092

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011280123.7A Active CN112487778B (en) 2020-11-16 2020-11-16 Multi-user online signing system and method

Country Status (1)

Country Link
CN (1) CN112487778B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113129007A (en) * 2021-05-19 2021-07-16 中国银行股份有限公司 Data protection method, service declaration system and service processing system
CN113742671A (en) * 2021-09-06 2021-12-03 杭州安恒信息技术股份有限公司 Online collaborative information processing method, system, electronic device and storage medium
CN113779640A (en) * 2021-09-01 2021-12-10 北京橙色云科技有限公司 Contract signing method, contract signing device and storage medium
CN113824564A (en) * 2021-09-17 2021-12-21 江苏通付盾科技有限公司 Online signing method and system based on block chain
CN113839934A (en) * 2021-09-14 2021-12-24 中腾微网(北京)科技有限公司 Micro-grid remote data management method
CN114065253A (en) * 2021-11-22 2022-02-18 上海旺链信息科技有限公司 Method for anonymous sharing and verification of certificate and result
CN114492355A (en) * 2021-12-30 2022-05-13 博思数采科技发展有限公司 Method and system for generating electronic bidding invitation letter and response receipt letter in OFD format
CN114553441A (en) * 2022-04-22 2022-05-27 杭州天谷信息科技有限公司 Electronic contract signing method and system
CN114567443A (en) * 2022-02-21 2022-05-31 京东科技控股股份有限公司 Block chain-based electronic contract signing method and device
CN116405300A (en) * 2023-04-18 2023-07-07 无锡锡商银行股份有限公司 Scene-based online protocol signing security analysis system and method
CN116644479A (en) * 2023-04-25 2023-08-25 重庆万友人才服务有限公司 Tamper-resistant electronic contract signing method based on blockchain technology
CN117113384A (en) * 2023-10-25 2023-11-24 杭州易靓云科技有限公司 Contract signing management method and system
CN117372050A (en) * 2023-12-07 2024-01-09 成都天府通数字科技有限公司 Method and system for verifying order verification of multiple platforms
CN117692259A (en) * 2024-02-02 2024-03-12 杭州天谷信息科技有限公司 Registration method and verification method based on verification network

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109377198A (en) * 2018-12-24 2019-02-22 上海金融期货信息技术有限公司 A kind of signing system known together in many ways based on alliance's chain
CN110661790A (en) * 2019-09-10 2020-01-07 连连银通电子支付有限公司 Block chain private data protection method, device, equipment and medium
CN111369248A (en) * 2020-03-03 2020-07-03 南京大学 Digital product safe transaction method and system based on block chain technology
CN111626731A (en) * 2020-04-10 2020-09-04 南京优物链科技有限公司 Contract signing identity authentication and signature system based on block chain technology
CN111651521A (en) * 2020-05-27 2020-09-11 山大地纬软件股份有限公司 Electronic contract block chain structure, electronic contract signing device and method
US20200293515A1 (en) * 2019-06-03 2020-09-17 Alibaba Group Holding Limited Service processing system and method based on blockchain
CN111835511A (en) * 2020-06-30 2020-10-27 平安国际智慧城市科技股份有限公司 Data security transmission method and device, computer equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109377198A (en) * 2018-12-24 2019-02-22 上海金融期货信息技术有限公司 A kind of signing system known together in many ways based on alliance's chain
US20200293515A1 (en) * 2019-06-03 2020-09-17 Alibaba Group Holding Limited Service processing system and method based on blockchain
CN110661790A (en) * 2019-09-10 2020-01-07 连连银通电子支付有限公司 Block chain private data protection method, device, equipment and medium
CN111369248A (en) * 2020-03-03 2020-07-03 南京大学 Digital product safe transaction method and system based on block chain technology
CN111626731A (en) * 2020-04-10 2020-09-04 南京优物链科技有限公司 Contract signing identity authentication and signature system based on block chain technology
CN111651521A (en) * 2020-05-27 2020-09-11 山大地纬软件股份有限公司 Electronic contract block chain structure, electronic contract signing device and method
CN111835511A (en) * 2020-06-30 2020-10-27 平安国际智慧城市科技股份有限公司 Data security transmission method and device, computer equipment and storage medium

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113129007A (en) * 2021-05-19 2021-07-16 中国银行股份有限公司 Data protection method, service declaration system and service processing system
CN113779640A (en) * 2021-09-01 2021-12-10 北京橙色云科技有限公司 Contract signing method, contract signing device and storage medium
CN113742671A (en) * 2021-09-06 2021-12-03 杭州安恒信息技术股份有限公司 Online collaborative information processing method, system, electronic device and storage medium
CN113839934A (en) * 2021-09-14 2021-12-24 中腾微网(北京)科技有限公司 Micro-grid remote data management method
CN113839934B (en) * 2021-09-14 2023-05-19 中腾微网(北京)科技有限公司 Micro-grid remote data management method
CN113824564A (en) * 2021-09-17 2021-12-21 江苏通付盾科技有限公司 Online signing method and system based on block chain
CN114065253B (en) * 2021-11-22 2023-03-24 上海旺链信息科技有限公司 Method for anonymous sharing and verification of certificate and result
CN114065253A (en) * 2021-11-22 2022-02-18 上海旺链信息科技有限公司 Method for anonymous sharing and verification of certificate and result
CN114492355A (en) * 2021-12-30 2022-05-13 博思数采科技发展有限公司 Method and system for generating electronic bidding invitation letter and response receipt letter in OFD format
CN114567443A (en) * 2022-02-21 2022-05-31 京东科技控股股份有限公司 Block chain-based electronic contract signing method and device
CN114553441B (en) * 2022-04-22 2022-08-26 杭州天谷信息科技有限公司 Electronic contract signing method and system
CN114553441A (en) * 2022-04-22 2022-05-27 杭州天谷信息科技有限公司 Electronic contract signing method and system
CN116405300B (en) * 2023-04-18 2024-01-23 无锡锡商银行股份有限公司 Scene-based online protocol signing security analysis system and method
CN116405300A (en) * 2023-04-18 2023-07-07 无锡锡商银行股份有限公司 Scene-based online protocol signing security analysis system and method
CN116644479A (en) * 2023-04-25 2023-08-25 重庆万友人才服务有限公司 Tamper-resistant electronic contract signing method based on blockchain technology
CN117113384B (en) * 2023-10-25 2024-01-09 杭州易靓云科技有限公司 Contract signing management method and system
CN117113384A (en) * 2023-10-25 2023-11-24 杭州易靓云科技有限公司 Contract signing management method and system
CN117372050A (en) * 2023-12-07 2024-01-09 成都天府通数字科技有限公司 Method and system for verifying order verification of multiple platforms
CN117372050B (en) * 2023-12-07 2024-02-20 成都天府通数字科技有限公司 Method and system for verifying order verification of multiple platforms
CN117692259A (en) * 2024-02-02 2024-03-12 杭州天谷信息科技有限公司 Registration method and verification method based on verification network
CN117692259B (en) * 2024-02-02 2024-05-31 杭州天谷信息科技有限公司 Registration method and verification method based on verification network

Also Published As

Publication number Publication date
CN112487778B (en) 2024-06-25

Similar Documents

Publication Publication Date Title
CN112487778B (en) Multi-user online signing system and method
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11743038B2 (en) Methods and systems of providing verification of information using a centralized or distributed ledger
CN108777684B (en) Identity authentication method, system and computer readable storage medium
CN109067539B (en) Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium
CN106878318A (en) A kind of block chain real time polling cloud system
CN115174091B (en) Homomorphic encryption privacy protection method for distributed digital identity
CN113364597A (en) Privacy information proving method and system based on block chain
CN114389810B (en) Method and device for generating certification, electronic equipment and storage medium
CN113328854A (en) Service processing method and system based on block chain
WO2023004491A2 (en) Methods and systems for generating and validating uses of digital credentials and other documents
Payeras-Capellà et al. Design and performance evaluation of two approaches to obtain anonymity in transferable electronic ticketing schemes
CN115208642A (en) Identity authentication method, device and system based on block chain
CN109344590A (en) User identity online verification method and user identity online verification system
CN110955917B (en) Method and system for verifying electronic certificates related to multiple participants
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US12126715B2 (en) Methods and systems of providing verification of information using a centralized or distributed ledger
CN117544312A (en) Cross-domain digital signature method based on attribute encryption and related equipment thereof
EP4416893A2 (en) Methods and systems for generating and validating uses of digital credentials and other documents
CN116112150A (en) Service access method and device
CN115987525A (en) Method and device for adding authorized signature data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant