CN112507300A - Electronic signature system based on eID and electronic signature verification method - Google Patents

Electronic signature system based on eID and electronic signature verification method Download PDF

Info

Publication number
CN112507300A
CN112507300A CN202011401968.7A CN202011401968A CN112507300A CN 112507300 A CN112507300 A CN 112507300A CN 202011401968 A CN202011401968 A CN 202011401968A CN 112507300 A CN112507300 A CN 112507300A
Authority
CN
China
Prior art keywords
electronic signature
electronic
eid
seal
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011401968.7A
Other languages
Chinese (zh)
Inventor
蔡国明
王晋东
徐开勇
汪淼
郭松
李立新
李瑞锋
赵建成
窦睿彧
常永辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202011401968.7A priority Critical patent/CN112507300A/en
Publication of CN112507300A publication Critical patent/CN112507300A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention belongs to the technical field of network space security, and particularly relates to an electronic signature system based on eID and an electronic signature verification method, wherein the electronic signature system comprises an electronic signature management system which is used for managing an electronic seal and providing eID validity verification service for the electronic signature; and the electronic signature application system is used for signing the data telegraph text and verifying the electronic signature. Aiming at the problems of insecurity, incapability of mutual authentication and the like in the current electronic signature application, the invention provides an electronic signature system based on eID and an electronic signature verification method, which rely on a network identity recognition system of the Ministry of public Security, and ensure the safety, the normalization and the interoperability of the electronic signature by adopting a cryptosystem of the eID and an identity authentication technology based on the eID, thereby obtaining good application effect.

Description

Electronic signature system based on eID and electronic signature verification method
Technical Field
The invention belongs to the technical field of network space security, and particularly relates to an electronic signature system and an electronic signature verification method based on eID.
Background
In recent years, electronic signature technology has received attention from many research institutes and researchers. An electronic signature is data contained in electronic form in a data message that is attached to identify the identity of a signer and to indicate that the signer has recognized the content therein. The electronic signature is an identity and information authentication technology, and is a technical means for binding a data message in the network world with the identity of a signer by using a cryptology principle, so that the identity of the signer can be proved and the data content approved by the signer can be indicated. Because the anti-counterfeiting and anti-tampering electronic government has good characteristics of anti-counterfeiting, anti-tampering, anti-repudiation and the like, and has a plurality of advantages in the aspects of solving official document circulation, digital transaction and the like, the anti-counterfeiting and anti-repudiation electronic government has been widely applied to electronic commerce and electronic government, and plays an important role in ensuring the safety of the electronic commerce and the electronic government.
The electronic signature technology is divided into two categories from the technical system: biometric-based electronic signature techniques and PKI-based electronic signature techniques. The electronic signature technology based on biological characteristics is to use biological characteristic data of human bodies such as fingerprints, irises, faces and the like as the identity of an electronic signer and use a biological characteristic authentication technology to identify an electronic signature, and specifically comprises the following steps: the method adopts the biological characteristic data of human bodies such as fingerprints, irises, human faces and the like as encryption keys, encrypts a data message by using a symmetric encryption and decryption technology to generate an electronic signature, and then identifies the identity of an electronic signer by using a biological characteristic authentication technology, thereby ensuring the authenticity, integrity and non-repudiation of the electronic signature. The advantages are that: the realization is simple, and a third-party electronic signature mechanism is not needed; the disadvantages are that: the accuracy of electronic signature identification is closely related to a biological feature extraction and authentication technology, along with the development of a hacker technology, technologies such as forged fingerprints, irises, human faces and the like are developed at present, the biological feature extraction is related to the surrounding environment, and the biological features of people can change along with the influence of age, physical conditions and emotion, so that the technology cannot completely ensure the safety, stability and reliability of electronic signatures. The electronic signature technology based on the PKI is to prove the identity of a signer and ensure the authenticity and integrity of a data message based on a digital certificate by utilizing a public key cryptography technology, and specifically comprises the following steps: based on a PKI public key cryptography technology, a data message is signed by adopting cryptographic carriers such as a USBKey, an identity authentication IC card and the like, and a digital certificate issued by a CA (certificate authority) is utilized to prove the identity of a signer and ensure the authenticity and integrity of the data message. The advantages are that: the electronic signature has high reliability, safety and reliability, and is the most widely applied electronic signature technology at home and abroad; the disadvantages are that: the method needs to be supported by an authoritative third-party CA, needs to purchase a digital certificate and a password carrier from the authoritative CA in advance, is complex in approval process, is difficult to compatibly and mutually recognize the digital certificates issued by different CA, is not universal for different application systems, and is high in management cost and inconvenient to use. The electronic signature technology based on the PKI is mature, has higher safety than the electronic signature technology based on the biological characteristics, and is a reliable electronic signature technology which is universally used internationally. At present, many mature electronic signature technologies and products exist at home and abroad, such as Docusign, ESS-PDF electronic signature system, handwritten digital signature system of letters and hands, KOAL-WP-electronic signature system, e-signature and the like. With the rapid development of information technology and the increasing importance of the state on information security, more and more industries and departments have started to adopt electronic signature technology to ensure the security of their network transactions and business activities.
With the rapid development of information construction in China, the application requirements of various information systems such as online office, document circulation, business processing and the like on electronic signatures are very urgent. Related departments also actively explore and apply mature electronic signature products to improve the security in the processes of network office and business information transmission, but the following problems exist in the application:
the product has potential safety hazard
At present, except some confidential information systems, electronic signature products used by most office business systems are commercial electronic signature products, and most of the commercial electronic signature products also adopt a commercial RSA cryptographic algorithm, so that the security intensity is low, and potential safety hazards exist in application.
② signatures do not intercommunicate and mutually recognize
The technical systems and standard specifications of the electronic signature products used by each unit are different, so that different electronic signature products cannot be communicated, and the electronic signatures of electronic documents in different units cannot be communicated and mutually recognized, and are difficult to popularize and apply in a large scale.
Disclosure of Invention
Aiming at the problems of insecurity, incapability of mutual authentication and the like in the current electronic signature application, the invention provides an electronic signature system based on eID and an electronic signature verification method, which rely on a network identity recognition system of the Ministry of public Security, and ensure the safety, the normalization and the interoperability of the electronic signature by adopting a cryptosystem of the eID and an identity authentication technology based on the eID, thereby obtaining good application effect.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides an electronic signature system based on eID, which comprises:
the electronic signature management system is used for managing the electronic seal and providing eID validity verification service for the electronic signature;
and the electronic signature application system is used for signing the data telegraph text and verifying the electronic signature.
Further, the electronic signature management system comprises an electronic seal management system and an electronic signature verification server;
the electronic seal management system is used for applying, auditing, manufacturing, loading and auditing the electronic seal;
and the electronic signature verification server is used for inquiring the eID state and eID revocation list data on line and providing an eID validity verification service for the electronic signature application.
Further, the electronic signature system also comprises a citizen network identity recognition system;
the citizen network identity recognition system is used for generating an eID certificate and an eID private key for the electronic seal management system and providing inquiry and verification of an eID state and an eID revocation list for the electronic signature verification server.
Further, the electronic signature application system comprises an electronic signature carrier device and an electronic signature component;
the electronic signature carrier device is a hardware entity which is issued to a signer by an electronic seal management system and carries signer information, a certificate and a cryptographic algorithm;
the electronic signature component is deeply fused with an application system in a software form, and the application system signs and verifies the electronic document by calling an interface provided by the electronic signature component under the cooperation of the electronic signature carrier equipment and the electronic signature verification server.
Further, the electronic signature component comprises a Word electronic signature component, a PDF electronic signature component and a format file electronic signature component.
The invention also provides an electronic signature verification method realized by the electronic signature system based on the eID, which comprises the following steps:
electronic seal hair-making device
Making an electronic seal and issuing the electronic seal to an electronic seal applicant;
electronic signature verification
And carrying out validity verification on the eID by initiating a request to a citizen network identity recognition system.
Further, the electronic seal is manufactured and issued, and the electronic seal comprises:
an electronic seal applicant applies for making eID to an eID issuing mechanism, and the eID issuing mechanism conducts face signing and issues eID;
an electronic seal applicant submits an electronic seal application to a seal management department;
an auditor of the seal management department audits the application, and the electronic seal is manufactured after the audit is passed;
leading in a stamp picture by an electronic seal maker, and carrying out digital signature on the electronic seal by using an eID private key of the seal maker to finish the making of the electronic seal;
the seal management department records the electronic seal;
loading an electronic seal into an electronic signature carrier device;
and issuing the electronic signature carrier device to an electronic seal applicant.
Further, the electronic signature verification includes:
a sender:
the sender forms a data message at a service terminal;
a sender reads an electronic seal from electronic signature carrier equipment;
the sender combines the stamp image and the data text in the electronic seal;
the sender signs the data message and the impression picture by using an eID private key of the sender and adopting a digital signature technology to form electronic signature data;
the sender sends the electronic signature data to the receiver;
the receiving side:
a receiver receives the electronic signature data at a service terminal;
the receiver verifies the electronic signature data through the electronic signature carrier device by using the eID certificate of the sender;
the receiver verifies the validity of the electronic seal by using the electronic signature verification server;
the electronic signature verification server sends a request to the citizen network identity recognition system, and authenticity and validity verification are conducted on eIDs of the signer and the sender through the citizen network identity recognition system.
Compared with the prior art, the invention has the following advantages:
1. safety feature
The cryptographic technology is the core technology of the electronic signature, the electronic signature system adopts identity authentication and digital signature technology at first, eID signed and issued by the national authority is used, SM2 public key cryptographic algorithm and electronic signature equipment with high security approved by the national code administration are adopted, and the signed content, signer, signing time and other information of the data message are signed, so that the electronic signature value and any change of the signed data message can be ensured to be discovered in time, and the safety of the electronic signature and the data message can be ensured; secondly, when the signer generates the electronic signature data, the electronic signature operation can be completed only by using the electronic signature carrier equipment special for the signer and inputting the PIN code, and an attacker cannot realize the electronic signature by imitating the signer without acquiring the electronic signature carrier equipment and the PIN code of the signer; finally, after the receiver receives the electronic signature data, the receiver can verify the validity of the electronic signature data and the electronic seal at the same time, so that the unforgeability of the electronic signature and the authenticity of the identity of the signer can be ensured.
2. Interoperability
The system is constructed and deployed in the third research institute of the department of public security at present, and can provide services such as electronic making, querying, identity authentication and the like for users. Depending on a citizen network identity recognition system, the identity authentication of personnel in the whole country can be realized through an identity authentication technology based on eID. The eID cryptographic algorithm is unified, the certificate format is unified, the application interface is unified, the eID certificate can be downloaded in a public mode, and the certificate state can be verified on line. The electronic signature system is consistent with a cipher system of a citizen network identity recognition system, so that the authenticity of the electronic signature can be verified as long as the receiver has an eID certificate of a signer no matter whether the signer and the receiver are in the same unit or not by the electronic signature generated by the eID-based electronic signature system, and the eID-based electronic signature system can realize intercommunication and mutual recognition of the electronic signature between different units and between different application systems.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a block diagram of an eID-based electronic signature system according to an embodiment of the invention;
figure 2 is an architectural block diagram of an eID-based electronic signature system of an embodiment of the present invention;
FIG. 3 is a flow chart of an electronic seal issuance process according to an embodiment of the present invention;
FIG. 4 is a flow diagram of electronic signature verification according to an embodiment of the present invention;
fig. 5 is a diagram of an application deployment structure of the electronic signature system in the campus network office system according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
In 1976, Diffie and Hellman published "new direction of cryptography", and proposed the idea of asymmetric cryptosystem and digital signature, which laid the theoretical foundation for electronic signatures. With the rapid development of modern cryptography and the promotion of e-commerce and e-government affairs, electronic signatures gradually develop into the core technology of information security and are widely applied in the field of information security. At present, electronic signatures are widely applied to scenes such as electronic contracts, electronic transactions, electronic medical records, electronic archives and the like, and an electronic signature technology becomes a key technology for supporting electronic commerce and electronic government affair safety. In recent years, with the continuous scale rise of electronic commerce in China, in order to ensure the safety of online electronic transactions, enterprises and banks widely use electronic signature technology in security applications such as online shopping, mobile payment and electronic contracts, and meanwhile, government agencies also widely use electronic signature products and technology in government affairs applications such as online office, online examination and approval, document management and the like. The China government affair service platform which is in charge of the government administration in 2019 is operated online, and the integrated online handling of electronic government affairs from the center to each province and city is realized, wherein the electronic seal management system is an important subsystem and can ensure the authenticity and the validity of electronic documents in the process of examination and approval and flow; an online electronic seal public service platform is first introduced in Shanghai city of 4 months in 2019, so that online handling of electronic government affairs in the whole city is realized, and an electronic signature technology based on a digital certificate is also applied; the 'one-time running at most' reform in Zhejiang province achieves remarkable achievements in accelerating the progress of whole electronization of government registration approval through modes of 'online declaration, online acceptance, online audit, identity authentication, electronic signature, electronic filing' and the like. As digital economy is gradually becoming a new kinetic energy of global development, the application scenario of electronic signatures has been expanded from traditional electronic commerce and electronic government affairs to more and more scenarios, and electronic signatures are being accepted and used by more and more enterprises and users as a killer mace for solving network trust.
First, eID is briefly introduced as follows:
the eID is based on a cryptographic technology, takes an intelligent chip as a carrier, is uniformly signed by a national authority (a network identity recognition system of the public security ministry of public security) to a network electronic identity of a citizen, can realize online remote identity authentication on the premise of not revealing personal identity information, and has authority, safety, privacy, uniqueness and cross-domain property.
Authority: the eID is based on face-to-face identity verification, the trust source of the eID is from national population base information of the ministry of public security, and the eID is issued by a network identity recognition system of the ministry of public security uniformly and has authority similar to digital certificates issued by various CA organizations of the country.
Safety: the core technology of the electronic identity authentication system is a PKI technology, the eID comprises a pair of private keys of a user and a digital certificate signed and issued by an authority, and the safety of the eID private keys and the digital certificate is guaranteed through an intelligent safety chip.
Uniqueness: each user only has one eID corresponding to the real identity of the user, the identity card number similar to the citizen only has one eID, when the eID carrier is lost or damaged, the user can report the loss, logout and replace the corresponding eID, and the old eID cannot be used continuously.
Privacy: the eID is calculated by a cryptography technology based on factors such as the citizen identity card number, name, random number and the like, and an attacker wants to reversely deduce the real identity of a user through the eID and is almost impossible to realize, so that the eID can prevent the leakage of the real personal identity information of the citizen.
Cross-domain: the eID is different from a digital certificate, the eID is issued by a national public security ministry citizen network identity recognition system in a unified way, and only one user is provided for each user, so that cross-region, cross-industry and cross-application network identity service can be performed.
As shown in fig. 1, the electronic signature system based on the eID of the present embodiment includes an electronic signature management system and an electronic signature application system; the electronic signature management system is used for managing the electronic seal and providing eID validity verification service for the electronic signature, and the electronic signature application system is used for signing the data telegraph text and verifying the electronic signature.
The electronic signature management system comprises an electronic seal management system and an electronic signature verification server. The electronic seal management system mainly realizes the management functions of application, audit, manufacture, loading, audit and the like of the electronic seal, the electronic seal is the most common expression form of the electronic signature, and the core idea of the electronic seal management system is to hide the profound electronic signature technology in the electronic seal and visually replace the electronic signature with a seal image so as to meet the use habit of daily signature stamping of people and achieve the same public letter visual effect as a physical seal or a handwritten signature. The generation of the electronic signature is equal to the stamping of the electronic seal, and the verification of the electronic signature is equal to the verification of the authenticity of the electronic seal. The electronic signature verification server inquires eID state and eID revocation list data issued by the citizen network identity recognition system on line, provides eID validity verification service for electronic signature application, and realizes the verification function of the electronic seal.
The electronic signature application system comprises an electronic signature carrier device and an electronic signature component. The electronic signature carrier device is a hardware entity which is manufactured by an electronic seal management system to a signer (a unit or a person), carries signer information (an electronic seal, a handwritten signature and the like), a certificate, a private key and a cryptographic algorithm, is equivalent to a real-world seal in the real society, and has various interface forms such as a USB (universal serial bus), an NFC (near field communication), an intelligent card and the like according to different application scenes. The electronic signature component is deeply fused with an application system (Word, PDF, format file and the like) in a software form, the application system can realize the signature of a data telegraph text (office document, electronic contract and the like) and the verification of an electronic signature by calling an interface provided by the electronic signature component under the matching of electronic signature carrier equipment and an electronic signature verification server, and the electronic signature component is divided into a plurality of types, such as a Word electronic signature component, a PDF electronic signature component, a format file electronic signature component and the like, according to the difference of the application system.
The electronic signature system also comprises a citizen network identity recognition system; the citizen network identity recognition system is used for providing generation of an eID certificate and an eID private key for the electronic seal management system and providing query and verification of an eID state and an eID revocation list for the electronic signature verification server.
As shown in fig. 2, the electronic signature system relies on a network identification system of the citizen of the ministry of public security, and is tightly fused with the application system through an electronic signature component to provide electronic signature and signature verification services for the application system. The citizen network identity recognition system is the basis of the whole electronic signature system. The electronic seal management system finishes the approval and the manufacture of an electronic seal based on an eID certificate and an eID private key provided by a citizen network identity recognition system, and loads the electronic seal into electronic signature carrier equipment (UKey, intelligent IC card, mobile phone security chip and the like). The electronic signature component is integrated with the application system in a fusion mode and embedded into different application systems in a component mode, and the application system calls an interface provided by the electronic signature component to realize signature and verification of the electronic document under the cooperation of the electronic signature carrier equipment and the electronic signature verification server.
The embodiment also provides an electronic signature verification method based on eID, which comprises two steps of electronic seal making and issuing and electronic signature verification.
As shown in fig. 3, the electronic seal issuance method includes the following steps:
step S31, an electronic seal applicant applies to an eID issuing mechanism for making an eID, and the eID issuing mechanism conducts face signing and issues the eID;
step S32, the electronic seal applicant submits the electronic seal application to the seal management department;
step S33, the auditor of the seal management department audits the application, and the electronic seal is manufactured after the audit is passed;
and step S34, the electronic seal maker imports the stamp picture and digitally signs the electronic seal by using the eID private key of the seal maker so as to finish making the electronic seal, wherein the information structure of the electronic seal is shown in Table 1.
TABLE 1
Figure BDA0002817249190000111
Step S35, the seal management department records the electronic seal;
step S36, loading the electronic seal into the electronic signature carrier device;
and step S37, the electronic signature carrier device is issued to the electronic seal applicant.
As shown in fig. 4, the electronic signature verification includes the steps of:
a sender:
step S41, the sender forms data message at the service terminal;
step S42, the sender reads the electronic seal from the electronic signature carrier device;
step S43, the sender combines the stamp picture and the data text in the electronic seal;
and step S44, the sender signs the data message and the impression picture by using the eID private key of the sender and adopting a digital signature technology to form electronic signature data, wherein the information structure of the electronic signature data is shown in Table 2.
TABLE 2
Figure BDA0002817249190000121
Step S45, the sender sends the electronic signature data to the receiver;
the receiving side:
step S46, the receiver receives the electronic signature data at the service terminal;
step S47, the receiver verifies the electronic signature data through the electronic signature carrier device by using the eID certificate of the sender;
step S48, the receiver verifies the validity of the electronic seal by using the electronic signature verification server;
and step S49, the electronic signature verification server sends a request to the public network identity recognition system, and the authenticity and the validity of eIDs of signers and senders are verified through the public network identity recognition system.
The following is an example of an application of the electronic signature system in a campus network office system:
the campus network office system is an important business information system in schools and is mainly used for processing, approving, transferring, circulating and the like of various business documents such as teaching, scientific research, logistics and the like. In order to guarantee authenticity, integrity and non-repudiation of the business official document, the electronic signature system based on the eID is applied to the campus network office system, and the security problems of impersonation prevention, tampering prevention, denial prevention and the like of the electronic official document and electronic data in the campus network office system in the transmission and processing processes are solved. According to the network structure of the campus network, an application deployment structure of the electronic signature system in the campus network is shown in fig. 5.
The electronic seal checking and approving method comprises the steps that an electronic seal approving terminal is deployed in a seal management department of a book department, an electronic seal management server and an electronic seal management terminal are deployed in a network management center of the book department, an electronic signature verification server and a timestamp server are deployed on one side of an office system application server of the network management center of the book department, meanwhile, the electronic signature verifying server and the timestamp server are connected with a public network identity recognition system of a public security department through the Internet, electronic signature components are deployed on the book department and office terminals of various school areas and integrated with business office software, and meanwhile, an electronic signature carrier device is distributed to users and user eID is loaded.
After the electronic signature system is deployed and applied in a campus network office system, the advantages are obviously embodied, firstly, the system security is obviously improved, all electronic documents have electronic signatures, the source is traceable, the authenticity, the integrity and the non-repudiation can be ensured, and the security of the electronic documents is widely recognized in the system; and secondly, the examination and approval speed is obviously accelerated, the original document examination and approval needs to be carried out by handwriting, signing, stamping and scanning uploading, the existing examination and approval process is carried out on the internet, the examination and approval process is obviously accelerated, and the efficiency is obviously improved.
Aiming at the problems in the existing electronic signature application, the electronic signature system based on the eID analyzes the safety and the interoperability, and simultaneously provides an electronic signature application scheme based on the eID aiming at the campus on-line office application scene. Practices prove that the eID-based electronic signature technology can effectively improve the safety and efficiency of application systems, can effectively solve the problems of electronic signature intercommunication and mutual recognition among different units and different application systems, and has wide application prospects.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (8)

1. An electronic signature system based on eID, comprising:
the electronic signature management system is used for managing the electronic seal and providing eID validity verification service for the electronic signature;
and the electronic signature application system is used for signing the data telegraph text and verifying the electronic signature.
2. The eID-based electronic signature system of claim 1 wherein the electronic signature management system comprises an electronic seal management system and an electronic signature verification server;
the electronic seal management system is used for applying, auditing, manufacturing, loading and auditing the electronic seal;
and the electronic signature verification server is used for inquiring the eID state and eID revocation list data on line and providing an eID validity verification service for the electronic signature application.
3. The electronic signature system of eID-based of claim 2, wherein the electronic signature system further comprises a citizen network identity recognition system;
the citizen network identity recognition system is used for generating an eID certificate and an eID private key for the electronic seal management system and providing inquiry and verification of an eID state and an eID revocation list for the electronic signature verification server.
4. The eID-based electronic signature system of claim 2 wherein the electronic signature application system includes an electronic signature carrier device and an electronic signature component;
the electronic signature carrier device is a hardware entity which is issued to a signer by an electronic seal management system and carries signer information, a certificate and a cryptographic algorithm;
the electronic signature component is deeply fused with an application system in a software form, and the application system signs and verifies the electronic document by calling an interface provided by the electronic signature component under the cooperation of the electronic signature carrier equipment and the electronic signature verification server.
5. The eID-based electronic signature system of claim 4, wherein the electronic signature components comprise a Word electronic signature component, a PDF electronic signature component, and a layout file electronic signature component.
6. An electronic signature verification method implemented by using the electronic signature system based on eID as claimed in any claim 1 to 5, comprising the following steps:
electronic seal hair-making device
Making an electronic seal and issuing the electronic seal to an electronic seal applicant;
electronic signature verification
And carrying out validity verification on the eID by initiating a request to a citizen network identity recognition system.
7. The eID-based electronic signature verification method of claim 6, wherein the electronic seal issuing comprises:
an electronic seal applicant applies for making eID to an eID issuing mechanism, and the eID issuing mechanism conducts face signing and issues eID;
an electronic seal applicant submits an electronic seal application to a seal management department;
an auditor of the seal management department audits the application, and the electronic seal is manufactured after the audit is passed;
leading in a stamp picture by an electronic seal maker, and carrying out digital signature on the electronic seal by using an eID private key of the seal maker to finish the making of the electronic seal;
the seal management department records the electronic seal;
loading an electronic seal into an electronic signature carrier device;
and issuing the electronic signature carrier device to an electronic seal applicant.
8. The method of eID-based electronic signature verification of claim 7, wherein the electronic signature verification comprises:
a sender:
the sender forms a data message at a service terminal;
a sender reads an electronic seal from electronic signature carrier equipment;
the sender combines the stamp image and the data text in the electronic seal;
the sender signs the data message and the impression picture by using an eID private key of the sender and adopting a digital signature technology to form electronic signature data;
the sender sends the electronic signature data to the receiver;
the receiving side:
a receiver receives the electronic signature data at a service terminal;
the receiver verifies the electronic signature data through the electronic signature carrier device by using the eID certificate of the sender;
the receiver verifies the validity of the electronic seal by using the electronic signature verification server;
the electronic signature verification server sends a request to the citizen network identity recognition system, and authenticity and validity verification are conducted on eIDs of the signer and the sender through the citizen network identity recognition system.
CN202011401968.7A 2020-12-04 2020-12-04 Electronic signature system based on eID and electronic signature verification method Withdrawn CN112507300A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011401968.7A CN112507300A (en) 2020-12-04 2020-12-04 Electronic signature system based on eID and electronic signature verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011401968.7A CN112507300A (en) 2020-12-04 2020-12-04 Electronic signature system based on eID and electronic signature verification method

Publications (1)

Publication Number Publication Date
CN112507300A true CN112507300A (en) 2021-03-16

Family

ID=74968322

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011401968.7A Withdrawn CN112507300A (en) 2020-12-04 2020-12-04 Electronic signature system based on eID and electronic signature verification method

Country Status (1)

Country Link
CN (1) CN112507300A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591155A (en) * 2021-06-17 2021-11-02 傲雄在线(重庆)科技有限公司 Electronic seal authorization method, system, electronic equipment and storage medium
CN113609952A (en) * 2021-07-30 2021-11-05 中国人民解放军战略支援部队信息工程大学 Deep-forgery video frequency domain detection method based on dense convolutional neural network
CN117150532A (en) * 2023-10-30 2023-12-01 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium
CN117692259A (en) * 2024-02-02 2024-03-12 杭州天谷信息科技有限公司 Registration method and verification method based on verification network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104589816A (en) * 2014-11-25 2015-05-06 深圳市神州通付科技有限公司 Electronic seal and method and device for identity recognition through electronic seal
CN107835176A (en) * 2017-11-10 2018-03-23 中汇通联科技有限公司 A kind of network authentication method and platform based on eID
CN108259177A (en) * 2016-12-28 2018-07-06 航天信息股份有限公司 A kind of electric signing system and method
CN108881106A (en) * 2017-05-08 2018-11-23 金联汇通信息技术有限公司 The system and method for network electronic authentication
CN109309917A (en) * 2018-10-24 2019-02-05 上海逗点科技股份有限公司 EID digital identification authentication method and system based on mobile terminal software code module

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104589816A (en) * 2014-11-25 2015-05-06 深圳市神州通付科技有限公司 Electronic seal and method and device for identity recognition through electronic seal
CN108259177A (en) * 2016-12-28 2018-07-06 航天信息股份有限公司 A kind of electric signing system and method
CN108881106A (en) * 2017-05-08 2018-11-23 金联汇通信息技术有限公司 The system and method for network electronic authentication
CN107835176A (en) * 2017-11-10 2018-03-23 中汇通联科技有限公司 A kind of network authentication method and platform based on eID
CN109309917A (en) * 2018-10-24 2019-02-05 上海逗点科技股份有限公司 EID digital identification authentication method and system based on mobile terminal software code module

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
蔡国明 等: "基于 eID 的电子签名系统设计与应用", 《信息工程大学学报》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591155A (en) * 2021-06-17 2021-11-02 傲雄在线(重庆)科技有限公司 Electronic seal authorization method, system, electronic equipment and storage medium
CN113591155B (en) * 2021-06-17 2024-04-05 重庆亲笔签数字科技有限公司 Electronic seal authorization method, system, electronic device and storage medium
CN113609952A (en) * 2021-07-30 2021-11-05 中国人民解放军战略支援部队信息工程大学 Deep-forgery video frequency domain detection method based on dense convolutional neural network
CN113609952B (en) * 2021-07-30 2023-08-15 中国人民解放军战略支援部队信息工程大学 Depth fake video frequency domain detection method based on dense convolutional neural network
CN117150532A (en) * 2023-10-30 2023-12-01 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium
CN117150532B (en) * 2023-10-30 2024-01-26 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium
CN117692259A (en) * 2024-02-02 2024-03-12 杭州天谷信息科技有限公司 Registration method and verification method based on verification network
CN117692259B (en) * 2024-02-02 2024-05-31 杭州天谷信息科技有限公司 Registration method and verification method based on verification network

Similar Documents

Publication Publication Date Title
US10558974B2 (en) Methods and systems of providing verification of information using a centralized or distributed ledger
CN109005036B (en) Block chain member management method and system based on identification cipher algorithm
CN1838163B (en) Universal electronic stamping system implementation method based on PKI
CN112507300A (en) Electronic signature system based on eID and electronic signature verification method
CN110581768B (en) Registration login system based on block chain zero-knowledge proof and application
CN108092779A (en) A kind of method and device for realizing electronic signature
CN109583219A (en) A kind of data signature, encryption and preservation method, apparatus and equipment
CN108229188A (en) It is a kind of to be signed documents with tagged keys and verification method
WO2009036511A1 (en) Verifying a personal characteristic of users of online resources
CN101022339A (en) Electronic sign stamp identifying method combined with digital centifi cate and stamp
US11303433B2 (en) Method and device for generating HD wallet name card and method and device for generating HD wallet trusted address
CN109981287A (en) A kind of code signature method and its storage medium
CN105554018A (en) Network real name verification method
CN107229879A (en) Electronics confirmation request automatic generation method and system based on safe Quick Response Code
CN113934993A (en) Electronic seal based on electronic handwriting signature technology
CN109600338B (en) Trusted identity management service method and system
CN111914308B (en) Method for signing mobile data by using CA certificate in smart card
CN109120397B (en) Document authentication method and system based on identification password
CN105429986A (en) System for network real-name authentication and privacy protection
CN109635594A (en) Electronics execution of contract and the anti-counterfeit authentication method for signing process again
CN110955917B (en) Method and system for verifying electronic certificates related to multiple participants
Li et al. Digital Signature Technology of Mobile Phone Verification Code based on Biometrics
CN111222115A (en) Interaction method for network mapping certificate holder, system and verification mechanism
CN112491552A (en) Method for preventing digital signature phishing attack
CN111192183A (en) Certificate network identity management method based on electronic identity certificate network mapping

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210316