CN113839785A - Electronic signature system - Google Patents

Electronic signature system Download PDF

Info

Publication number
CN113839785A
CN113839785A CN202111177490.9A CN202111177490A CN113839785A CN 113839785 A CN113839785 A CN 113839785A CN 202111177490 A CN202111177490 A CN 202111177490A CN 113839785 A CN113839785 A CN 113839785A
Authority
CN
China
Prior art keywords
module
user
electronic signature
transaction data
digital certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111177490.9A
Other languages
Chinese (zh)
Inventor
邓建锋
王依云
吴昊
赖宇阳
张丽娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Digital Platform Technology Guangdong Co ltd
Original Assignee
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical Southern Power Grid Digital Grid Research Institute Co Ltd
Priority to CN202111177490.9A priority Critical patent/CN113839785A/en
Publication of CN113839785A publication Critical patent/CN113839785A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The application relates to the technical field of network security and provides an electronic signature system. The method and the device can improve the reliability of the electronic signature and achieve the purpose of protecting the safety of the transaction information. In the electronic signature system, a key management module sends original transaction data of a user to a data transmission module to generate corresponding image information and sends the image information to an identification module for identification, the identification module displays the original transaction data and the image information through a display module to be confirmed by the user when identifying that the original transaction data and the image information are consistent, a control module generates an electronic signature based on the original transaction data and a user private key input by the user after the user is confirmed, a digital certificate module sends a digital certificate of the user to a security operation module through a verification module to carry out integrity verification and unsealing, and the control module verifies and signs the electronic signature by using the unsealed digital certificate, so that the whole electronic signature process is completed in electronic signature equipment.

Description

Electronic signature system
Technical Field
The present application relates to the field of network security technologies, and in particular, to an electronic signature system.
Background
An electronic signature is data contained in electronic form in a data message (information generated, transmitted, received, or stored electronically, optically, magnetically, or the like) that identifies the identity of a signer and indicates that the signer approves the content thereof. Electronic signatures are not the digitization of images of written signatures, which are similar to hand-written signatures or stamps, which may also be referred to as electronic stamps.
In both the internet bank system and the mobile payment system, independent electronic signature hardware equipment is adopted, and functions provided by the system, such as electronic transaction transfer, electronic transaction payment and the like, are completed by matching with a hardware driver installed on a client. However, since the client is a traditional computer or an intelligent terminal, such as a smart phone, a tablet computer, a smart television, etc., these terminals and the operating system operated by the terminals all have security holes and hidden dangers, and belong to an unsafe environment, the client driver driving the electronic signature hardware device is at risk of being attacked by trojan or a hacker program. If an attacked client driver is used for operating the electronic signature hardware, security vulnerabilities must exist in control hardware commands and calculation results, so that unreliability of an online banking system or a mobile payment system exists, and fund loss may be brought to users.
In the prior art, in the process of using a personal electronic signature tool to perform transactions in various online business systems, some passwords, such as login passwords, transaction passwords, and transaction sensitive information, such as account numbers, amounts, names, and the like, are generally required to be input. At present, most of the information is directly input through a PC or an intelligent mobile terminal, although some systems also adopt a soft keyboard mode, the problem that the reliability of the electronic signature is still influenced due to the mode of generating the soft keyboard on a client such as the PC or the intelligent mobile terminal is still existed, and the purpose of really protecting the information security is difficult to achieve.
Disclosure of Invention
In view of the above, it is necessary to provide an electronic signature system in order to solve the above-mentioned technical problems.
An electronic signature system applied to an electronic signature device, comprising: the device comprises a display module, a central processing module and an identification module; the central processing module includes: the system comprises a key management module, a digital certificate module, a verification module, a safety operation module, a control module and a data transmission module; wherein the content of the first and second substances,
the key management module is used for sending original transaction data of a user to the data transmission module;
the data transmission module is used for generating image information corresponding to the original transaction data and sending the original transaction data and the image information to the identification module;
the identification module is used for displaying the original transaction data and the image information through the display module for the user to confirm when the original transaction data and the image information are consistent;
the control module is used for generating an electronic signature by using a user private key input by the user based on the original transaction data after the user confirms;
the digital certificate module is used for issuing the digital certificate of the user to the verification module after the user confirms;
the verification module is used for sending the digital certificate to the security operation module;
the security operation module is used for checking the integrity of the digital certificate, unsealing the digital certificate and sending the unsealed digital certificate to the control module for signature checking;
and the control module is also used for verifying the electronic signature by using the unsealed digital certificate.
In one embodiment, the key management module is configured to receive raw transaction data of the user from a terminal; the communication mode of the Key management module and the terminal comprises a USBKey, an audio Key and/or a Bluetooth Key.
In one embodiment, the verification module is configured to obtain a user private key input by the user, and check whether the user private key is consistent with a pre-stored user private key.
In one embodiment, the verification module is configured to instruct the secure operation module to stop decapsulating the digital certificate when it is checked that the user private key is inconsistent with the pre-stored user private key.
In one embodiment, the authentication module is configured to obtain user information input by the user and authenticate the user based on the user information.
In one embodiment, the verification module is configured to instruct the key management module to obtain the original transaction data of the user when the authentication of the user passes.
In one embodiment, the system further comprises: and the virtual keyboard generation module is used for displaying the temporary virtual keyboard through the display module.
In one embodiment, the system further comprises: and the key position capturing module is used for acquiring input key position information when the user inputs the user private key and pre-generated disorder information on the temporary virtual keyboard, and obtaining the user private key according to the key position information and sending the user private key to the central processing module.
In one embodiment, the display module is configured to display a prompt message for prompting the user to input the user private key and the disorder message through the temporary virtual keyboard.
In an embodiment, the display module is further configured to determine whether complete input information of the user is obtained, and prompt the user to continue information input when the complete input information of the user is not obtained.
In the electronic signature system, the key management module sends original transaction data of a user to the data transmission module to generate corresponding image information and sends the image information to the identification module for identification, when the original transaction data and the image information are identified to be consistent, the original transaction data and the image information are displayed through the display module to be confirmed by the user, the control module generates an electronic signature based on the original transaction data and a user private key input by the user after the user is confirmed, the digital certificate module sends a digital certificate of the user to the security operation module through the verification module to carry out integrity verification and unsealing, and the control module verifies the electronic signature by using the unsealed digital certificate, so that the whole electronic signature process is completed in the electronic signature device. The scheme can ensure that the original transaction data to be signed is not tampered by a third party, the original transaction data can be displayed on the display module for a user to confirm after the original transaction data is confirmed to be tampered, the user can carry out electronic signature in the electronic signature equipment after confirming, the effect that the user sees what he sees is what he signs is achieved, the digital certificate is also checked in the signature process to check the signature, and the result of checking the signature can be returned to the central management module, so that the whole electronic signature process is completed, the reliability of the electronic signature is improved, and the purpose of protecting the security of transaction information is achieved.
Drawings
FIG. 1 is a schematic diagram of an electronic signature system in one embodiment;
fig. 2 is a schematic structural diagram of an electronic signature device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Unless defined otherwise, technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the description of the present application is for the purpose of describing particular embodiments and is not intended to be limiting of the application. As used herein, the term "and/or" can include any and all combinations of one or more of the associated listed items.
In an embodiment, an electronic signature system is provided, where the electronic signature system is applicable to an electronic signature device, as shown in fig. 1, fig. 1 is a schematic structural diagram of the electronic signature system in an embodiment, and the electronic signature system may include: a central processing module 101, a display module 103 and an identification module 111; the central processing module 101 may include: a key management module 105, a digital certificate module 106, an authentication module 107, a security operation module 108, a control module 109, and a data transmission module 110.
In this embodiment, the key management module 105 is configured to send the original transaction data of the user to the data transmission module 110. Specifically, the key management module 105 may receive the original transaction data of the user from the terminal, and send the original transaction data of the user to the data transmission module 110 when receiving the original transaction data of the user sent by the terminal.
And the data transmission module 110 is configured to generate image information corresponding to the original transaction data, and send the original transaction data and the image information to the identification module 111. Specifically, when the data transmission module 110 receives the original transaction data, it generates corresponding image information based on the original transaction data, and sends the original transaction data and the image information thereof to the identification module 111, and identifies in the identification module 111.
And the identification module 111 is used for displaying the original transaction data and the image information through the display module 103 for the user to confirm when the original transaction data and the image information are consistent. Specifically, after receiving the original transaction data and the image information thereof from the data transmission module 110, the identification module 111 identifies whether the original transaction data and the image information are consistent, if so, the identification module 111 may send the original transaction data and the image information to the central processing module 101, and the central processing module 101 sends the original transaction data and the image information to the display module 103 to display the original transaction data and the image information thereof through the display module 103 for the user to confirm.
And the control module 109 is used for generating an electronic signature by using a user private key input by the user based on the original transaction data after the user confirms. Specifically, after the user confirms the original transaction data and the image information thereof displayed by the display module 103, the control module 109 may generate an electronic signature based on the original transaction data and the user private key input by the user.
The digital certificate module 106 is configured to issue the digital certificate of the user to the verification module 107 after the user confirms. Specifically, after the user confirms the original transaction data and the image information thereof displayed by the display module 103, the digital certificate module 106 may obtain the digital certificate of the user and issue the digital certificate to the verification module 107 for verification of the digital certificate.
The verification module 107 is used for sending the digital certificate to the security operation module 108; the security operation module 108 is configured to check the integrity of the digital certificate, decapsulate the digital certificate, and send the decapsulated digital certificate to the control module 109 for signature verification; the control module 109 is further configured to verify the electronic signature by using the decapsulated digital certificate.
Specifically, the verification module 107 receives the digital certificate of the user issued by the digital certificate module 106, and then sends the digital certificate to the security operation module 108 for integrity check and unsealing, and sends the unsealed digital certificate to the control module 109, and the control module 109 checks the generated electronic signature by using the unsealed digital certificate, so that the authenticity of the public key certificate can be investigated in the signature process, the security operation module 108 can specifically extract the public key from the digital certificate containing the public key, and then the control module 109 checks the signature to obtain a signature check result, and the control module 109 can further return the signature check result to the identification module 111 through the data transmission module 110, so that the identification module 111 can check whether the digital certificate is tampered by a third party according to the signature check result, and complete the whole electronic signature process.
In the electronic signature system, the key management module 105 sends the original transaction data of the user to the data transmission module 110 for the data transmission module to generate corresponding image information and delivers the image information to the identification module 111 for identification, when the original transaction data is identified to be consistent with the image information, the display module 103 displays the original transaction data and the image information for the user to confirm the original transaction data and the image information, the control module 109 generates an electronic signature based on the original transaction data and a user private key input by the user after the user confirms, the digital certificate module 106 sends the digital certificate of the user to the security operation module 108 through the verification module 107 for integrity verification and unsealing, and the control module 109 verifies the electronic signature by using the unsealed digital certificate, thereby completing the whole electronic signature process in the electronic signature device. The scheme can ensure that the original transaction data to be signed is not tampered by a third party, the original transaction data can be displayed on the display module for a user to confirm after the original transaction data is confirmed by the user, the electronic signature can be carried out in the electronic signature device after the user confirms, the effect that the user sees what he sees is what he signs is achieved, the digital certificate is also checked in the signature process, the result of the check sign can be returned to the central management module, and therefore the whole electronic signature process is completed, the reliability of the electronic signature is improved, and the purpose of protecting the security of transaction information is achieved.
In some embodiments, the display module 103 may be provided with a wired interface or a wireless interface, and may establish a communication connection with the central processing module 101 through a wired or wireless connection manner, where the wireless connection manner includes but is not limited to: bluetooth, NFC near field communication, or WIFI. The display module 103 may establish a connection with an external device through a wired or wireless connection manner, receive a transaction request through the external device, and send the transaction request to the central processing module 101, wherein the external device includes but is not limited to: and electronic equipment such as a mobile phone, a PC or a tablet computer and the like capable of communicating. Therefore, the electronic signature operation of the user is carried out by receiving the transaction request, the subsequent transaction process is executed, the transaction request of the other party is not required to be obtained through networking with the background server, the subsequent transaction process is executed, and the offline transaction in the real sense can be realized.
In some embodiments, a key management module 105 for receiving raw transaction data for a user from a terminal; the communication mode of the Key management module 105 and the terminal may include usb Key, audio Key and/or bluetooth Key. Specifically, the communication mode between the Key management module 105 and the external terminal may be a USB Key, an audio Key, a bluetooth Key, and the like, and the USB Key, the audio Key, and the bluetooth Key have similar functions and can be used to protect the data interaction process between the user and the client software. The scheme of the embodiment can be used for authentication, can also be used for protecting client software for data interaction of a user in a dark mode, is good in safety and concealment, does not need to specially add a timing point in the client software to acquire a data interaction time interval, can completely acquire a corresponding data interaction time interval through an audio Key and a related data interaction process, is quite concealed, cannot bypass and tamper due to the fact that the data interaction is a necessary condition for running of PC system software, and is good in protection effect.
In some embodiments, the verification module 107 is configured to obtain a user private key input by the user and verify whether the user private key is consistent with a pre-stored user private key. Specifically, the verification module 107 may obtain a user private key input by the user after the user confirms the original transaction data and the corresponding image information, and then determine whether the user private key input by the user is consistent with a user private key (i.e., a pre-stored user private key) pre-stored in the electronic signature device. Further, the verification module 107 is further configured to instruct the security operation module 108 to stop decapsulating the digital certificate when the user private key is not consistent with the pre-stored user private key, and the verification module 107 is further configured to notify the central processing module 101 of relevant error information such as inconsistency of the identification private key when the user private key is not consistent with the pre-stored user private key, and also terminate the whole electronic signature process, thereby improving reliability and security of the electronic signature.
In some embodiments, the verification module 107 is configured to obtain user information input by a user and authenticate the user based on the user information. In this embodiment, the verification module 107 can simultaneously verify the identity of the user and check the private key of the user. Specifically, the process of checking the private key of the user may be performed as described in the above embodiment, and if the identity of the user is verified, the verification module 107 may specifically authenticate the identity of the user according to the basic user information, such as the account password and the communication number, input by the user. Further, the verification module 107 is configured to instruct the key management module 105 to obtain the original transaction data of the user when the user passes the authentication. In this embodiment, the verification module 107 is used to verify the identity of the user, and after the verification is passed, the key management module 105 is then instructed to obtain the original transaction data of the user, so as to ensure that the electronic signature can be performed in order in a safe and reliable process environment.
In some embodiments, as shown in fig. 1, the electronic signature system further includes: a virtual keyboard generating module 102, configured to display the temporary virtual keyboard through a display module 103. Specifically, the electronic signature system of this embodiment further includes a virtual keyboard generating module 102, where the virtual keyboard generating module 102 is configured to generate a temporary virtual keyboard and send the temporary virtual keyboard to the display module 103, and the display module 103 displays the temporary virtual keyboard.
In some embodiments, further, as shown in fig. 1, the electronic signature system may further include: and the key position capturing module 104 is configured to obtain input key position information when the user inputs the user private key and the pre-generated out-of-order information on the temporary virtual keyboard, obtain the user private key according to the key position information, and send the user private key to the central processing module 101.
In this embodiment, the electronic signature system further includes a key position capture module 104, and the user can input the user private key and the disorder information generated in advance by the electronic signature system on the temporary virtual keyboard displayed by the display module 103, where the disorder information may be specifically a disorder number that needs to be input by the user after the user private key is input, and the disorder number may be generated randomly. Specifically, when a user inputs a user private key and pre-generated disorder information on the temporary virtual keyboard displayed by the display module 103, the key position capture module 104 obtains input key position information of the user when the user inputs the user private key and the pre-generated disorder information on the temporary virtual keyboard, the complete input information input on the user virtual keyboard can be restored according to the input key position information, then the disorder information is removed on the basis of the complete input information to obtain the user private key, and the key position capture module 104 can send the user private key to the central processing module 101 for subsequent processing, so that the security and reliability of the electronic signature are improved in a key input stage.
Further, in some embodiments, the display module 103 may be further configured to display a prompt for prompting the user to input the user private key and the disorder information through the temporary virtual keyboard. Specifically, the display module 103 may display prompt information for prompting the user to perform information input operation through the temporary virtual keyboard in the key input stage, and may specifically prompt the user to provide a user private key.
Further, in some embodiments, the display module 103 is further configured to determine whether complete input information of the user is obtained, and prompt the user to continue information input when the complete input information of the user is not obtained. Specifically, the display module 103 may specifically determine whether the user has finished inputting the user private key and the out-of-order information, that is, determine whether the user has provided complete input information, for example, determine whether the out-of-order information following the user private key has been input, and then prompt the user to continue inputting information when the complete input information of the user is not obtained, so as to ensure that the user provides a complete user private key in a safe and reliable environment to facilitate the subsequent electronic signature process, and ensure that the user key information is not leaked through the out-of-order information, thereby solving the problem that the reliability of the electronic signature is affected by the trusted environment construction problem of the current PC system.
In one embodiment, an internal structure of an electronic signature device applied to the electronic signature system provided in the present application may be as shown in fig. 2. The electronic signature device comprises a processor, a memory, a communication interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the electronic signature device is used to provide computing and control capabilities. The memory of the electronic signature device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the electronic signature device is used for carrying out wired or wireless communication with external devices such as a terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The display screen of the electronic signature device can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic signature device can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the electronic signature device, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the structure shown in fig. 2 is a block diagram of only a part of the structure related to the present application, and does not constitute a limitation of the electronic signature device to which the present application is applied, and a specific electronic signature device may include more or less components than those shown in the figure, or combine some components, or have a different arrangement of components.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An electronic signature system applied to an electronic signature device, comprising: the device comprises a display module, a central processing module and an identification module; the central processing module includes: the system comprises a key management module, a digital certificate module, a verification module, a safety operation module, a control module and a data transmission module; wherein the content of the first and second substances,
the key management module is used for sending original transaction data of a user to the data transmission module;
the data transmission module is used for generating image information corresponding to the original transaction data and sending the original transaction data and the image information to the identification module;
the identification module is used for displaying the original transaction data and the image information through the display module for the user to confirm when the original transaction data and the image information are consistent;
the control module is used for generating an electronic signature by using a user private key input by the user based on the original transaction data after the user confirms;
the digital certificate module is used for issuing the digital certificate of the user to the verification module after the user confirms;
the verification module is used for sending the digital certificate to the security operation module;
the security operation module is used for checking the integrity of the digital certificate, unsealing the digital certificate and sending the unsealed digital certificate to the control module for signature checking;
and the control module is also used for verifying the electronic signature by using the unsealed digital certificate.
2. The system of claim 1, wherein the key management module is configured to receive raw transaction data of the user from a terminal; the communication mode of the Key management module and the terminal comprises a USBKey, an audio Key and/or a Bluetooth Key.
3. The system of claim 1, wherein the verification module is configured to obtain a user private key input by the user and verify whether the user private key is consistent with a pre-stored user private key.
4. The system according to claim 3, wherein the authentication module is configured to instruct the security calculation module to stop the unsealing of the digital certificate when it is verified that the user private key is not consistent with the pre-stored user private key.
5. The system of claim 1, wherein the authentication module is configured to obtain user information input by the user and authenticate the user based on the user information.
6. The system of claim 5, wherein the authentication module is configured to instruct the key management module to obtain the original transaction data of the user when the authentication of the user is passed.
7. The system of claim 1, further comprising: and the virtual keyboard generation module is used for displaying the temporary virtual keyboard through the display module.
8. The system of claim 7, further comprising: and the key position capturing module is used for acquiring input key position information when the user inputs the user private key and pre-generated disorder information on the temporary virtual keyboard, and obtaining the user private key according to the key position information and sending the user private key to the central processing module.
9. The system of claim 8, wherein the display module is configured to display a prompt for prompting the user to input the user private key and disorder information via the temporary virtual keyboard.
10. The system of claim 9, wherein the display module is further configured to determine whether complete input information of the user is obtained, and prompt the user to continue information input when complete input information of the user is not obtained.
CN202111177490.9A 2021-10-09 2021-10-09 Electronic signature system Pending CN113839785A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111177490.9A CN113839785A (en) 2021-10-09 2021-10-09 Electronic signature system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111177490.9A CN113839785A (en) 2021-10-09 2021-10-09 Electronic signature system

Publications (1)

Publication Number Publication Date
CN113839785A true CN113839785A (en) 2021-12-24

Family

ID=78968227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111177490.9A Pending CN113839785A (en) 2021-10-09 2021-10-09 Electronic signature system

Country Status (1)

Country Link
CN (1) CN113839785A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN203014831U (en) * 2012-12-04 2013-06-19 北京旋极信息技术股份有限公司 Electronic signature equipment, client and system
CN203014832U (en) * 2012-12-14 2013-06-19 北京旋极信息技术股份有限公司 Electronic signature device
CN103854181A (en) * 2012-12-04 2014-06-11 北京旋极信息技术股份有限公司 Electronic signature method, electronic signature device, client side and system
CN104021322A (en) * 2013-02-28 2014-09-03 北京旋极信息技术股份有限公司 Electronic signature method, electronic signature equipment and electronic signature client
JP6751545B1 (en) * 2019-12-03 2020-09-09 木戸 啓介 Electronic signature system and anti-tamper device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN203014831U (en) * 2012-12-04 2013-06-19 北京旋极信息技术股份有限公司 Electronic signature equipment, client and system
CN103854181A (en) * 2012-12-04 2014-06-11 北京旋极信息技术股份有限公司 Electronic signature method, electronic signature device, client side and system
CN203014832U (en) * 2012-12-14 2013-06-19 北京旋极信息技术股份有限公司 Electronic signature device
CN104021322A (en) * 2013-02-28 2014-09-03 北京旋极信息技术股份有限公司 Electronic signature method, electronic signature equipment and electronic signature client
JP6751545B1 (en) * 2019-12-03 2020-09-09 木戸 啓介 Electronic signature system and anti-tamper device

Similar Documents

Publication Publication Date Title
US11664997B2 (en) Authentication in ubiquitous environment
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
US11917074B2 (en) Electronic signature authentication system based on biometric information and electronic signature authentication method
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
KR101111381B1 (en) User identification system, apparatus, smart card and method for ubiquitous identity management
US9112705B2 (en) ID system and program, and ID method
CN110555706A (en) Face payment security method and platform based on security unit and trusted execution environment
JP4420201B2 (en) Authentication method using hardware token, hardware token, computer apparatus, and program
US20100180120A1 (en) Information protection device
CN103617531A (en) Safety payment method and device based on credible two-dimension code
EP2690840B1 (en) Internet based security information interaction apparatus and method
CN110826043A (en) Digital identity application system and method, identity authentication system and method
CN101334884A (en) Method and system for enhancing bank transfer safety
CN108335105B (en) Data processing method and related equipment
CN110807624A (en) Digital currency hardware cold wallet system and transaction method thereof
CN104618307B (en) Network bank business Verification System based on credible calculating platform
CN101222334B (en) Cipher token safety authentication method adopting picture interference
CN108337090A (en) A kind of dynamic password acquisition methods, device, terminal and storage medium
TWI626606B (en) Electronic card establishment system and method thereof
CN113839785A (en) Electronic signature system
KR101611099B1 (en) Method for issuing of authentication token for real name identification, method for certifying user using the authentication token and apparatus for performing the method
TWI651672B (en) Digital asset transaction method
WO2011060739A1 (en) Security system and method
US20230267463A1 (en) Authenticating a transaction

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230811

Address after: 518000 building 501, 502, 601, 602, building D, wisdom Plaza, Qiaoxiang Road, Gaofa community, Shahe street, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: China Southern Power Grid Digital Platform Technology (Guangdong) Co.,Ltd.

Address before: Room 86, room 406, No.1, Yichuang street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province

Applicant before: Southern Power Grid Digital Grid Research Institute Co.,Ltd.