CN114553441A - Electronic contract signing method and system - Google Patents
Electronic contract signing method and system Download PDFInfo
- Publication number
- CN114553441A CN114553441A CN202210427719.8A CN202210427719A CN114553441A CN 114553441 A CN114553441 A CN 114553441A CN 202210427719 A CN202210427719 A CN 202210427719A CN 114553441 A CN114553441 A CN 114553441A
- Authority
- CN
- China
- Prior art keywords
- certificate
- media
- session
- ciphertext
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Abstract
The application discloses an electronic contract signing method and a system, which relate to the technical field of electronic contract signing, and the electronic contract signing method comprises the following steps: and generating a second ciphertext based on the digital certificate of the signer at the receiving end and the session certificate encryption random number, and packaging the signature of the media message, the first ciphertext and the second ciphertext to generate an encrypted message. And encrypting the random number to generate a third ciphertext based on the local digital certificate and the session certificate, transmitting the third ciphertext and the encrypted message to a certificate storage server, simultaneously transmitting the encrypted message to a media server, and receiving and forwarding the encrypted message to a receiving end signer by the media server. The contract signing and storing process has the advantages that the certificate storing server or the media server can not know various sensitive information in the contract signing process, and the sensitive information can not be leaked even if the certificate storing information such as the third ciphertext, the encrypted message and the like is unreasonably shared, so that the confidentiality of the contract signing and storing process is good, and the safety is high.
Description
Technical Field
The application belongs to the technical field of electronic contract signing, and particularly relates to an electronic contract signing method and system.
Background
The existing electronic contract signing types include a video surface signing type, which can provide a signing environment of a video conference for both parties signing the same, and the contract signing method improves the legality and effectiveness of signing the electronic contract, but the existing technical scheme still has the following defects:
first, the current video conference server or signing server can know various sensitive information recorded in the conference, the sensitive information includes instant message, document transmission, audio communication, video communication, etc., and the server may share the certificate information unreasonably, so the confidentiality of the contract signing and certificate storing process is not good. Secondly, the current user terminal generally does not have a relatively safe private key storage and use environment, the private key has a relatively large risk of loss, once the private keys of the two parties are lost or illegally used, the agreement can be modified and re-signed after the video surface sign is finished, which causes a challenge to the effectiveness of the video surface sign, namely the agreement corresponding to the video surface sign is tampered.
Disclosure of Invention
The present application aims to provide an electronic contract signing method and system, so as to solve the technical problem of low security during electronic contract signing in the prior art.
In order to achieve the technical purpose, the technical scheme adopted by the application is as follows:
an electronic contract signing method comprises the following steps:
receiving the digital certificate of at least one receiving end signer and the session certificate of the media session after the verification of the certificate storing server;
acquiring a media message and a signature of the media message, encrypting the media message by taking any random number as a key, and generating a first ciphertext;
encrypting the random number to generate a second ciphertext based on the digital certificate of the receiver signer and the session certificate, and packaging the signature of the media message, the first ciphertext and the second ciphertext to generate an encrypted message;
and encrypting the random number based on a local digital certificate and the session certificate to generate a third ciphertext, transmitting the third ciphertext and the encrypted message to the certificate storing server, transmitting the encrypted message to a media server at the same time, and receiving and forwarding the encrypted message to the receiving end signer by the media server.
Preferably, the method further comprises the steps of:
at least one receiving end signer establishes a media session in a media server, and a certificate storage server generates a media session public key, a media session private key and a session certificate of the media session based on the media session;
logging in the certificate storing server, and transmitting a local digital certificate to the certificate storing server, wherein the certificate storing server receives and verifies the local digital certificate;
and the certificate storing server transmits the digital certificate of at least one receiving end signer and the session certificate of the media session to the local after the verification is passed.
Preferably, the acquiring the media message and the signature of the media message specifically includes the following steps:
signing the media message based on a local private key to generate a first signature, and transmitting the first signature to the certificate storage server;
and the certificate storing server signs the media message to generate a second signature, combines the first signature and the second signature to generate a signature of the media message, and transmits the signature to the local.
Preferably, encrypting the random number based on the digital certificate of the receiver signer and the session certificate to generate a second ciphertext specifically includes the following steps:
acquiring a public key of the receiving end signer based on the digital certificate of the receiving end signer, and acquiring a public key of the media session based on the session certificate;
and encrypting the random number based on the public key of the receiver signer and the public key of the media session to generate a second ciphertext.
Preferably, the method further comprises the steps of:
logging in the certificate storing server, requesting the certificate storing server to acquire certificate storing information of the media session, and receiving first certificate storing information obtained after the certificate storing server preprocesses the certificate storing information;
and decrypting the first certificate information to obtain the media message, and verifying whether the media message conforms to preset information in a media session.
Preferably, the method further comprises the steps of:
a third party organization requests to acquire the media message, the signature of a receiving end media message, the digital certificate of a receiving end signer, a local digital certificate and the session certificate;
authorizing a request passing through the third party authority, the third party authority obtaining the public key of the receiving end signer based on the digital certificate of the receiving end signer, obtaining a local public key based on the local digital certificate, and obtaining a media session public key based on the session certificate;
the third party authority verifies the signature of the media message and the signature of the media message of the receiving end based on the public key of the signer of the receiving end, the local public key and the media session public key;
and after the verification is passed, judging whether the media message conforms to preset information in the media session.
An electronic contract signing method comprises the following steps:
receiving the digital certificate of at least one sender signer and the session certificate of the media session after the verification of the certificate storing server;
acquiring and analyzing an encrypted message transmitted by a media server to obtain a signature, a first ciphertext and a second ciphertext of a media message at a transmitting end;
decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message;
and verifying the signature of the media message of the sending end based on the digital certificate of the signer of the sending end and the session certificate, and displaying and storing the media message after the verification is passed.
Preferably, the decrypting the second ciphertext to obtain a random number, and the decrypting the first ciphertext based on the random number to obtain the media message specifically includes the following steps:
transmitting the second ciphertext to the certificate storage server to request decryption, and obtaining a second intermediate ciphertext generated after the certificate storage server decrypts the second ciphertext;
and decrypting the second intermediate ciphertext based on a local private key to obtain the random number, and decrypting the first ciphertext based on the random number to obtain the media message.
Preferably, the media message is displayed and stored after passing the verification, and the method specifically comprises the following steps:
displaying the media message after the verification is passed, and selecting a corresponding response mode based on the media message;
signing the media message based on a local private key to generate a third signature, and transmitting the third signature to the certificate storage server;
the certificate storing server signs the media message to generate a fourth signature, combines the third signature and the fourth signature to generate a signature of the media message, and transmits the signature to the local;
and transmitting the signature of the media message to a certificate storing server to be used as a certificate.
Preferably, the method further comprises the steps of:
a third party organization requests to acquire the media message, the signature of the media message at the sending end, the digital certificate of the signer at the sending end, a local digital certificate and the session certificate;
authorizing a request passing through the third party organization, wherein the third party organization acquires the public key of the sender signer based on the digital certificate of the sender signer, acquires a local public key based on the local digital certificate, and acquires a media session public key based on the session certificate;
the third party mechanism verifies the signature of the media message and the signature of the media message of the sending end based on the public key of the signer of the sending end, the local public key and the media session public key;
and after the verification is passed, judging whether the media message conforms to preset information in the media session.
An electronic contract signing system comprising:
a sending client comprising at least one sending-end signer;
the sending client comprises an encryption module, and the encryption module is used for generating a first ciphertext, a second ciphertext, a third ciphertext and an encrypted message;
a receiving client comprising at least one receiving end signer;
the receiving client comprises an analysis module, and the analysis module is used for acquiring and analyzing the encrypted message transmitted by the media server, and analyzing to obtain a signature, a first ciphertext and a second ciphertext of the media message at the transmitting end;
the certificate storing server is respectively connected with the receiving client and the sending client and is used for storing the third ciphertext and the encrypted message between the receiving end signer and the sending end signer;
and the media server is respectively connected with the receiving client and the sending client and is used for forwarding the encrypted message between the receiving end signer and the sending end signer.
Preferably, the sending client further comprises:
the first receiving module is used for receiving the digital certificate of at least one receiving end signer and the session certificate of the media session after the verification of the certificate storing server;
the encryption module comprises a first encryption module, the first encryption module is used for acquiring the media message and the signature of the media message, encrypting the media message by taking any random number as a key and generating a first ciphertext;
the encryption module comprises a second encryption module, and the second encryption module is used for encrypting the random number to generate a second ciphertext based on the digital certificate of the receiver signer and the session certificate, and packaging the signature of the media message, the first ciphertext and the second ciphertext to generate an encrypted message;
the encryption module comprises a third encryption module, and the third encryption module is used for encrypting the random number based on a local digital certificate and the session certificate to generate a third ciphertext;
and the first transmission module is used for transmitting the third ciphertext and the encrypted message to the certificate storage server, transmitting the encrypted message to a media server at the same time, and receiving and forwarding the encrypted message to the receiving end signer by the media server.
Preferably, the receiving client further comprises:
the second receiving module is used for receiving the digital certificate of at least one sending end signer and the session certificate of the media session after the verification of the certificate storing server;
the decryption module is used for decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message;
and the second transmission module is used for verifying the signature of the media message at the sending end based on the digital certificate of the signer at the sending end and the session certificate, and displaying and storing the media message after the verification is passed.
A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method described above.
The application provides beneficial effect lies in:
1. the method includes the steps that a third ciphertext is generated by encrypting a random number based on a local digital certificate and a session certificate, the third ciphertext and an encrypted message are transmitted to a certificate storage server, the encrypted message is transmitted to a media server at the same time, and the media server receives and forwards the encrypted message to a receiving end signer. The certificate storing server or the media server can not know various sensitive information in the contract signing process, and the sensitive information can not be leaked even if the certificate storing information such as the third ciphertext, the encrypted message and the like is unreasonably shared, so that the confidentiality of the contract signing and certificate storing process is good, and the safety is high.
2. The method comprises the steps that a media session is established between a signer of at least one receiving end and a media server, a certificate storing server generates a media session public key, a media session private key and a session certificate of the media session based on the media session, and the certificate storing server transmits the digital certificate of the signer of the at least one receiving end and the session certificate of the media session to the local after verification is passed. Because the certificate storing server uses the session certificate with limited range and the corresponding private key thereof in the signing process to carry out collaborative calculation on the encryption and the signature of the electronic contract, even if the private key of the current signer terminal is lost or illegally used, the identity cannot be modified and re-signed after the video surface signing is finished, the effectiveness of the video surface signing is guaranteed, namely, the contract corresponding to the video surface signing is not easy to be distorted.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a flow chart of a sender signer electronic contract signing method;
fig. 2 is a flowchart of a receiving-end signer electronic contract signing method.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Example 1:
as shown in fig. 1, the present embodiment includes an electronic contract signing method, including the steps of: and receiving the digital certificate of the signer of the at least one receiving end and the session certificate of the media session after the verification by the certificate storing server. The media message and the signature of the media message are obtained, the media message is encrypted by taking any random number as a secret key, and a first ciphertext is generated.
And generating a second ciphertext based on the digital certificate of the signer at the receiving end and the session certificate encryption random number, and packaging the signature of the media message, the first ciphertext and the second ciphertext to generate an encrypted message. And generating a third ciphertext based on the local digital certificate and the session certificate encryption random number, transmitting the third ciphertext and the encrypted message to a certificate storage server, transmitting the encrypted message to a media server at the same time, and receiving and forwarding the encrypted message to a receiving end signer by the media server.
In the embodiment, a sending end signer and a receiving end signer are included, the sending end signer is defined as a contract signing party A, the receiving end signer is defined as a contract signing party B, and the certificate keeping server is defined as a certificate keeping server S. The public key of the contract signing party A is PKA, the private key of the contract signing party A is SKA, and the digital certificate of the contract signing party A is CERTA. The public key of the contract signing party B is PKB, the private key of the contract signing party B is SKB, and the digital certificate of the contract signing party B is CERTB. The public key of the certificate storing server S is PKS, the private key of the certificate storing server S is SKS, and the digital certificate of the certificate storing server S is CERTS. The contract signing party a and the contract signing party B perform TLS communication with the certificate server S through the digital certificate CERTS.
Further comprising the steps of: and at least one receiving end signer establishes the media session at the media server, and the certificate storage server generates a media session public key, a media session private key and a session certificate of the media session based on the media session.
And the login certificate storing server transmits the local digital certificate to the certificate storing server, and the certificate storing server receives and verifies the local digital certificate. And after the verification is passed, the certificate storing server transmits the digital certificate of at least one receiving end signer and the session certificate of the media session to the local.
In the present embodiment, the media server is defined as a media server M. The contract signing party A and the contract signing party B establish a media session at the media server M, the media session is defined as a media session MAB, and the information corresponding to the media session MAB is an INFOMAB, wherein the INFOMAB comprises various information of the media session MAB, including but not limited to the time of the session, the place of the session (session link), the session members, the session subject and the like.
The contract signing party A and the contract signing party B require the certificate storing server S to store the certificate for the media session MAB, and the certificate storing server S generates a media session public key, a media session private key and a session certificate of the media session which are special for the media session MAB. The media session public key is PKMAB, the media session private key is SKMAB, the session certificate of the media session is CERTMAB, wherein the session certificate CERTMAB is provided with infoMAB information, so that the use range is limited.
The contract signing party A and the contract signing party B both log in a certificate storage server S, and the login mode comprises a user name password, a short message authentication code, biological identification and the like, wherein the biological identification comprises face identification, fingerprint identification and iris identification. The login mode does not adopt a mode of calculating a signature by a private key, so that the account is prevented from being illegally logged in after the private key is stolen.
After logging in the certificate storing server S, the contract signing party A sends a digital certificate CERTA and a digital signature to the certificate storing server S, wherein the digital signature can be a digital signature for the current time, the certificate storing server S acquires a public key PKA of the contract signing party A based on the digital certificate CERTA, verifies the digital signature based on the public key PKA, and verifies that the certificate storing server S approves the identity of the contract signing party A after the certificate storing server S passes.
After logging in the certificate storing server S, the contract signing party B sends a digital certificate CERTB and a digital signature to the certificate storing server S, the certificate storing server S acquires a public key PKB of the contract signing party B based on the digital certificate CERTB, verifies the digital signature based on the public key PKB, and verifies that the identity of the contract signing party B is approved by the certificate storing server S.
After the certificate storing server S recognizes the identity of the contract signing party A, the certificate storing server S transmits the digital certificate CERTB and the session certificate CERTMAB to the contract signing party A, the contract signing party A receives and verifies the digital certificate CERTB and the session certificate CERTMAB, and if the verification is passed, the contract signing party A recognizes the digital certificate CERTB and the session certificate CERTMAB of the contract signing party B as session certificates used by the certificate storing server S for media sessions.
After the certificate storing server S recognizes the identity of the contract signing party B, the certificate storing server S transmits the digital certificate CERTA and the session certificate CERTMAB to the contract signing party B, the contract signing party B receives and verifies the digital certificate CERTA and the session certificate CERTMAB, and if the verification is passed, the contract signing party B recognizes the digital certificate CERTA and the session certificate CERTMAB of the contract signing party A as session certificates used by the certificate storing server S for media sessions.
The above is the case of signing by both parties, the technical scheme of the application can also be expanded to multiple parties, namely, two or more signers at the sending end and two or more signers at the receiving end.
The method for acquiring the media message and the signature of the media message specifically comprises the following steps: and signing the media message based on the local private key to generate a first signature, and transmitting the first signature to the certificate storing server. And the certificate storing server signs the media message to generate a second signature, combines the first signature and the second signature to generate a signature of the media message, and transmits the signature to the local.
In this embodiment, any media message that the contract signing party a needs to send to the contract signing party B is defined as a media message MSGAB, wherein the media message MSGAB may be text, file (including contract file), picture, audio clip, video clip, and the like.
The method comprises the steps that a contract signing party A signs a media message MSGAB through a private key SKA to generate a first signature SIGAB _ A _ A, the first signature SIGAB _ A _ A is transmitted to a certificate storage server S, the certificate storage server S signs the media message MSGAB through a media session private key SKMAB to generate a second signature SIGAB _ A _ S, the certificate storage server S combines the first signature SIGAB _ A _ A and the second signature SIGAB _ A _ S into a signature SIGAB _ A of the media message of the contract signing party A, and the signature SIGAB _ A of the media message is sent to the contract signing party A.
The signature method in this embodiment is a common signature algorithm of two parties, which may be a simple concatenation of two independent signatures, or may be a dedicated common signature algorithm of two parties, where the dedicated common signature algorithm of two parties uses a "Four-private Distributed RSA" part as in "damddr I, Mikkelsen G L, Skeltved T.
Generating a second ciphertext based on the digital certificate of the receiver signer and the session certificate encryption random number, which specifically comprises the following steps: and acquiring the public key of the signer of the receiving end based on the digital certificate of the signer of the receiving end, and acquiring the public key of the media session based on the session certificate. And encrypting the random number based on the public key of the signer at the receiving end and the public key of the media session to generate a second ciphertext.
In this embodiment, the contract signing party a generates an arbitrary random number KAB as a symmetric key of the media message MSGAB, and encrypts the media message MSGAB through the random number KAB to obtain a first ciphertext, where EMSGAB = { MSGAB } KAB is used as the first ciphertext, MSGAB is used as the media message, and KAB is used as the random number.
The contract signing party A acquires a public key PKB of a contract signing party B through a digital certificate CERTB, the contract signing party A acquires a public key PKMAB of a media session through a session certificate CERTMAB, the contract signing party A encrypts a random number KAB through the public key PKB and the public key PKMAB to obtain a second ciphertext, the second ciphertext is EKAB _ B = { { KAB } PKB } PKMAB, wherein EKAB _ B is expressed as the second ciphertext, KAB is expressed as a random number, PKB is expressed as a public key of the contract signing party B, and PKMAB is expressed as a public key of the media session.
The decryption method in this embodiment is a common decryption algorithm for both parties, and the corresponding encryption method may be a simple superposition of two independent encryption operations.
As another embodiment, the private mutual decryption algorithm may be a private mutual decryption algorithm, and the private mutual decryption algorithm uses an encryption algorithm corresponding to the "Four-private Distributed RSA" part in "Damgrd I, Mikkelsen G L, Skeltved T. On the Security of Distributed multiproprime RSA. [ C ]// International Conference On Information Security and cryptography 2014", where EKAB _ B = { KAB } PKMB represents the public key of the mutual association.
If the media message MSGAB has the certificate storing value, the contract signing party A obtains and stores a third ciphertext EKAB _ A by encrypting the random number KAB through the local public key PKA and the public key PKMAB, and the contract signing party A packs the signature SIGAB _ A, the first ciphertext MSGAB and the second ciphertext EKAB _ B of the media message to generate an encrypted message MSGA. And the contract signing party A transmits the third ciphertext EKAB _ A and the encrypted message MSGA to the certificate storing server S for certificate storing. The contract signing party A transmits the encrypted message MSGA to the media server M, and the media server M receives and forwards the encrypted message MSGA to the contract signing party B. As a result, the media server cannot acquire any media information of the contract signer.
Further comprising the steps of: the login certificate storing server requests the certificate storing server to acquire certificate storing information of the media session, and receives first certificate storing information obtained after the certificate storing server preprocesses the certificate storing information. And decrypting the first authentication information to obtain the media message, and verifying whether the media message conforms to the preset information in the media session.
Further comprising the steps of: the third party authority requests to obtain the media message, the signature of the media message at the receiving end, the digital certificate of the signer at the receiving end, the local digital certificate and the session certificate. And authorizing the request of a third party organization, wherein the third party organization acquires the public key of the receiving end signer based on the digital certificate of the receiving end signer, acquires a local public key based on the local digital certificate, and acquires the media session public key based on the session certificate. The third party authority verifies the signature of the media message and the signature of the receiver-side media message based on the receiver-side signer's public key, the local public key, and the media session public key. And after the verification is passed, judging whether the media message conforms to the preset information in the media session.
As shown in fig. 2, the present embodiment includes an electronic contract signing method, including the steps of: and receiving the digital certificate of the at least one sender signer and the session certificate of the media session after the verification of the certificate storing server.
And acquiring and analyzing the encrypted message transmitted by the media server to obtain the signature, the first ciphertext and the second ciphertext of the media message at the transmitting end. And decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message. And verifying the signature of the media message at the sending end based on the digital certificate and the session certificate of the signer at the sending end, and displaying and storing the media message after the verification is passed.
Decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message, which specifically comprises the following steps: and transmitting the second ciphertext to the certificate storage server to request decryption, so as to obtain a second intermediate ciphertext generated after the certificate storage server decrypts the second ciphertext. And decrypting the second intermediate ciphertext based on the local private key to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message.
In this embodiment, the contracting party B receives the encrypted message MSGA forwarded by the media server M, and the contracting party B analyzes the encrypted message MSGA to obtain the signature SIGAB _ a, the first ciphertext MSGAB, and the second ciphertext EKAB _ B of the media message of the contracting party a.
The contract signing party B transmits the second ciphertext EKAB _ B to the certificate storing server S for decryption, the certificate storing server S decrypts the second ciphertext EKAB _ B through a media session private key SKMAB to obtain a second intermediate ciphertext EKAB _ B _ S, the contract signing party B receives the second intermediate ciphertext, the second intermediate ciphertext is EKAB _ B _ S = { KAB } PKB, wherein EKAB _ B _ S is expressed as the second intermediate ciphertext, KAB is expressed as a random number, and PKB is expressed as a public key of the contract signing party B. The decryption method of the embodiment is a common decryption algorithm of two parties, and the corresponding encryption method is simple superposition of two independent encryption operations.
In another embodiment, when the corresponding encryption method is the encryption algorithm corresponding to the dedicated common decryption algorithm, the EKAB _ B _ S is the intermediate decryption result corresponding to the dedicated common decryption algorithm.
The contract signing party B decrypts the second intermediate ciphertext EKAB _ B _ S through the local private key SKB to obtain the random number KAB. And the contract signing party B decrypts the first ciphertext MSGAB through the random number KAB to obtain the media message MSGAB.
The contract signing party B acquires the public key PKA of the contract signing party A through the digital certificate CERTA, and the contract signing party B acquires the media session public key PKMAB through the session certificate CERTMAB. And verifying the signature SIGAB _ A of the media message of the contract signing party A through the public key PKA and the media session public key PKMAB, and indicating that the contract signing party B trusts the media message MSGAB after the verification is passed.
The signature verification method in this embodiment is a signature verification method corresponding to a common signature algorithm of both parties, and if the signature is a simple concatenation of two independent signatures, the two independent signatures are respectively verified, and if the signature is generated by a dedicated common signature algorithm of both parties, the signature is verified by a corresponding dedicated verification method.
The media message is displayed and the certificate is stored after the verification is passed, and the method specifically comprises the following steps: and displaying the media message after the verification is passed, and selecting a corresponding response mode based on the media message. And signing the media message based on the local private key to generate a third signature, and transmitting the third signature to the certificate storage server.
And the certificate storing server signs the media message to generate a fourth signature, combines the third signature and the fourth signature to generate a signature of the media message, and transmits the signature to the local. The signature of the media message is transmitted to a credentialing server as a credentialing.
In this embodiment, the contracting subscriber B presents the media message MSGAB to the subscriber, and the subscriber selects a corresponding response method based on the media message MSGAB, and the flow of the response is the same as the logic of the contracting subscriber a sending the media message MSGAB to the contracting subscriber B. Whether the media message MSGAB has the deposit evidence value or not is judged, whether the media message MSGAB has the deposit evidence value or not is determined by negotiation of signed parties or scene requirements, for example, the contract file and the audio and video recording of the corresponding signing stage have the deposit evidence value.
If the media message MSGAB has the certificate storing value, the contract signing party B signs the media message MSGAB through the private key SKB to generate a third signature SIGAB _ B _ B, the third signature SIGAB _ B _ B is transmitted to the certificate storing server S, the certificate storing server S signs the media message MSGAB through the media session private key SKMAB to generate a fourth signature SIGAB _ B _ S, and the certificate storing server S combines the third signature SIGAB _ B _ B _ B and the fourth signature SIGAB _ B _ S into the signature GAB _ B of the media message of the contract signing party B and stores the signature GAB _ B.
At this time, the certificate of the certificate storing server S for the media message MSGAB is: depsit _ MSGAB = EKAB _ a | | EKAB _ B | | | EMSGAB | | SIGAB _ a | | SIGAB _ B | | CERTA | | CERTB | | CERTMAB, where depsit _ MSGAB represents the credential information of the media message MSGAB at the credential server S, EKAB _ a represents the third ciphertext, EKAB _ B represents the second ciphertext, EMSGAB represents the first ciphertext, gasib _ a represents the signature of the media message of the contract signing party a, SIGAB _ B represents the signature of the media message of the contract signing party B, CERTA represents the digital certificate of the contract signing party a, CERTB represents the digital certificate of the contract signing party B, and certab represents the session certificate of the media session.
In the above case of signing both sides, the technical solution of the present application can also be extended to multiple parties, for example, in the media session MABC, the contract signing party a sends the media message MSGABC to the contract signing party B and the contract signing party C, respectively.
When the contract signing party B needs to verify the media message MSGAB, the contract signing party B logs in the certificate storing server S and requests the certificate storing DEPOSIT _ MSGAB from the certificate storing server S. As a result, even if the private key of the contract signing party is lost, the certificate cannot be illegally acquired unless the authentication of the certificate authority S is obtained.
The certificate storing server S analyzes the certificate storing DEPOSIT _ MSGAB to obtain a third ciphertext EKAB _ A, a second ciphertext EKAB _ B, a first ciphertext EMSGAB, a signature SIGAB _ A of a media message of a contract signing party A, a signature SIGAB _ B of a media message of a contract signing party B, a digital certificate CERTA of the contract signing party A, a digital certificate CERTB of the contract signing party B and a session certificate CERTMAB of a media session.
The evidence server S decrypts the second ciphertext EKAB _ B by using the media session private key SKMAB to obtain a second intermediate ciphertext EKAB _ B _ S, so that the evidence server S cannot obtain the true content of the evidence even if intermediate decryption is performed. The certificate storing server S packs the second intermediate ciphertext EKAB _ B _ S, the first ciphertext EMSGAB, the signature SIGAB _ A of the media message of the contract signing party A, the signature SIGAB _ B of the media message of the contract signing party B, the digital certificate CERTA of the contract signing party A, the digital certificate CERTB of the contract signing party B and the session certificate CERTMAB of the media session to generate second certificate storing information.
The certificate storing server S transmits the second certificate storing information to the contract signing party B, the contract signing party B receives the second certificate storing information and analyzes the second certificate storing information to obtain a second intermediate ciphertext EKAB _ B _ S, a first ciphertext EMSGAB, a signature SIGAB _ A of a media message of the contract signing party A, a signature SIGAB _ B of the media message of the contract signing party B, a digital certificate CERTA of the contract signing party A, a digital certificate CERTB of the contract signing party B and a session certificate CERTMAB of a media session. The contract signing party B decrypts the second intermediate ciphertext EKAB _ B _ S through the local private key SKB to obtain the random number KAB. And the contract signing party B decrypts the first ciphertext MSGAB through the random number KAB to obtain the media message MSGAB. The contracting subscriber B verifies whether the occurrence scene of the media message MSGAB conforms to the INFOMAB information in the session certificate CERTMAB, including but not limited to comparing whether the time in the media message MSGAB conforms to the session time in the INFOMAB, whether the place (place link) in the media message MSGAB conforms to the session place (place link) in the INFOMAB, whether the members in the media message MSGAB conform to the session members in the INFOMAB, and whether the content in the media message MSGAB conforms to the session subject in the INFOMAB, etc.
The contract signing party B acquires the public key PKA of the contract signing party A through the digital certificate CERTA, and the contract signing party B acquires the media session public key PKMAB through the session certificate CERTMAB. The signature SIGAB _ a of the media message of the contractual signer a is verified by the public key PKA and the media session public key PKMAB. The signature SIGAB _ B of the media message is verified by means of the public key PKB and the media session public key PKMAB.
The contract signing party B verifies that the media message MSGAB, the signature of the media message SIGAB _ A and the signature of the media message SIGAB _ B pass, and the event that both media session parties approve the MSGAB is verified.
When the contract signing party A needs to verify the media message MSGAB, the contract signing party A logs in the certificate storing server S and requests the certificate storing server S for the certificate DEPOSIT _ MSGAB.
The certificate storing server S analyzes the certificate storing DEPOSIT _ MSGAB to obtain a third ciphertext EKAB _ A, a second ciphertext EKAB _ B, a first ciphertext EMSGAB, a signature SIGAB _ A of a media message of a contract signing party A, a signature SIGAB _ B of a media message of a contract signing party B, a digital certificate CERTA of the contract signing party A, a digital certificate CERTB of the contract signing party B and a session certificate CERTMAB of a media session.
The evidence server S decrypts the third ciphertext EKAB _ a by using the media session private key SKMAB to obtain a third intermediate ciphertext EKAB _ a _ S, and thus, the evidence server S cannot obtain the true content of the evidence even if intermediate decryption is performed. The certificate storing server S packs the third intermediate cryptogram EKAB _ A _ S, the first cryptogram EMSGAB, the signature SIGAB _ A of the media message of the contract signing party A, the signature SIGAB _ B of the media message of the contract signing party B, the digital certificate CERTA of the contract signing party A, the digital certificate CERTB of the contract signing party B and the session certificate CERTMAB of the media session to generate first certificate storing information.
The certificate storing server S transmits the first certificate storing information to the contract signing party A, the contract signing party A receives the first certificate storing information and analyzes the first certificate storing information to obtain a third intermediate cryptograph EKAB _ A _ S, a first cryptograph EMSGAB, a signature SIGAB _ A of a media message of the contract signing party A, a signature SIGAB _ B of a media message of the contract signing party B, a digital certificate CERTA of the contract signing party A, a digital certificate CERTB of the contract signing party B and a session certificate CERTMAB of a media session. The contract signing party A decrypts the third intermediate ciphertext EKAB _ A _ S through the local private key SKA to obtain the random number KAB. And the contract signing party A decrypts the first ciphertext MSGAB through the random number KAB to obtain the media message MSGAB. The contracting signing party A verifies whether the occurrence scene of the media message MSGAB conforms to the INFOMAB information in the session certificate CERTMAB.
The contract signing party A acquires the public key PKB of the contract signing party B through the digital certificate CERTB, and the contract signing party A acquires the media session public key PKMAB through the session certificate CERTMAB. The signature SIGAB _ B of the media message of the contractual signer B is verified by the public key PKB and the media session public key PKMAB. The signature SIGAB _ a of the media message is verified by means of the public key PKA and the media session public key PKMAB.
The contract signing party A verifies that the media message MSGAB, the signature of the media message SIGAB _ A and the signature of the media message SIGAB _ B pass, and the event that both media session parties approve the MSGAB is verified.
Further comprising the steps of: the third party authority requests to obtain the media message, the signature of the media message at the sending end, the digital certificate of the signer at the sending end, the local digital certificate and the session certificate. Authorizing a request through a third party mechanism, wherein the third party mechanism acquires a public key of a signer of a sending end based on a digital certificate of the signer of the sending end, acquires a local public key based on the local digital certificate, and acquires a media session public key based on a session certificate;
the third party authority verifies the signature of the media message and the signature of the sender media message based on the public key of the sender signer, the local public key and the media session public key. And after the verification is passed, judging whether the media message conforms to the preset information in the media session.
In this embodiment, when the third-party organization needs to verify the media message MSGAB, the third-party organization requests to obtain the media message MSGAB, the signature SIGAB _ a of the media message, the signature SIGAB _ B of the media message, the digital certificate CERTA of the contract signing party a, the digital certificate CERTB of the contract signing party B, and the session certificate CERTMAB of the media session from the contract signing party a or the contract signing party B. The contract signing party A or the contract signing party B authorizes the request of a third party organization, and the third party organization verifies whether the occurrence scene of the media message MSGAB accords with the infoMAB information in the session certificate CERTMAB. The third party authority may be an arbitration authority or other trusted authority.
The third party organization obtains the public key PKA of the contract signing party A through the digital certificate CERTA, obtains the public key PKB of the contract signing party B through the digital certificate CERTB, and obtains the media session public key PKMAB through the session certificate CERTMAB. The signature SIGAB _ a of the media message of the contractual signer a is verified by the public key PKA and the media session public key PKMAB. The signature SIGAB _ B of the media message is verified by means of the public key PKB and the media session public key PKMAB.
The third party authority verifies that the media message MSGAB, the signature of the media message SIGAB _ A and the signature of the media message SIGAB _ B pass, which indicates that both parties of the media session approve that the event of the MSGAB is verified. Therefore, any third-party organization needs to be authorized by the contract signing party to obtain the evidence information. The above signing conditions are signed by two parties, the technical scheme of the application can be expanded to multiple parties, and each party can verify the stored certificate.
In another embodiment, the certificate server S includes the function of the media server M, and the contracting subscriber a and the contracting subscriber B establish a media session MAB in the certificate server S, and forward a media message between the contracting subscriber a and the contracting subscriber B through the certificate server S. Therefore, even if the evidence server and the media server are communicated with each other, the real content of the evidence information cannot be obtained.
Example 2:
the present embodiment includes an electronic contract signing system comprising:
and the sending client comprises at least one sending end signer. The sending client comprises an encryption module, and the encryption module is used for generating a first ciphertext, a second ciphertext, a third ciphertext and an encrypted message.
And the receiving client comprises at least one receiving end signer. The receiving client comprises an analysis module, and the analysis module is used for acquiring and analyzing the encrypted message transmitted by the media server, and analyzing to obtain the signature, the first ciphertext and the second ciphertext of the media message at the transmitting end.
And the certificate storing server is respectively connected with the receiving client and the sending client and is used for storing the third ciphertext and the encrypted message between the signer of the receiving end and the signer of the sending end.
And the media server is respectively connected with the receiving client and the sending client and is used for forwarding the encrypted message between the signer at the receiving end and the signer at the sending end.
The sending client further comprises:
and the first receiving module is used for receiving the digital certificate of the signer of the at least one receiving end and the session certificate of the media session after the verification of the certificate storing server.
The encryption module comprises a first encryption module, the first encryption module is used for acquiring the media message and the signature of the media message, encrypting the media message by taking any random number as a key and generating a first ciphertext.
The encryption module comprises a second encryption module, the second encryption module is used for generating a second ciphertext based on the digital certificate of the signer at the receiving end and the session certificate encryption random number, and generating the encrypted message by packaging the signature of the media message, the first ciphertext and the second ciphertext.
The encryption module comprises a third encryption module, and the third encryption module is used for encrypting the random number to generate a third ciphertext based on the local digital certificate and the session certificate.
And the first transmission module is used for transmitting the third ciphertext and the encrypted message to the certificate storage server, transmitting the encrypted message to the media server at the same time, and receiving and forwarding the encrypted message to the receiver signer by the media server.
The receiving client further comprises:
and the second receiving module is used for receiving the digital certificate of at least one sender signer and the session certificate of the media session after the verification of the certificate storing server.
And the decryption module is used for decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message.
And the second transmission module is used for verifying the signature of the media message at the sending end based on the digital certificate and the session certificate of the signer at the sending end, and displaying and storing the media message after the verification is passed.
The electronic contract signing system of embodiment 2 of this specification can be an execution subject of the electronic contract signing method shown in fig. 1 and 2 described above, and therefore, the electronic contract signing system can realize the functions of the method realized in fig. 1 and 2. For relevant points, see the description of example 1.
Example 3:
a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method of embodiment 1.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that:
reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the application. Thus, the appearances of the phrase "one embodiment" or "an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
In addition, it should be noted that the specific embodiments described in the present specification may differ in the shape of the components, the names of the components, and the like. All equivalent or simple changes in the structure, characteristics and principles as described in the patent idea are included in the protection scope of the patent. Various modifications, additions and substitutions for the specific embodiments described herein may occur to those skilled in the art without departing from the scope and spirit of the invention as defined by the accompanying claims.
Claims (14)
1. An electronic contract signing method, characterized by comprising the steps of:
receiving the digital certificate of at least one receiving end signer and the session certificate of the media session after the verification of the certificate storing server;
acquiring a media message and a signature of the media message, encrypting the media message by taking any random number as a key, and generating a first ciphertext;
encrypting the random number to generate a second ciphertext based on the digital certificate of the receiver signer and the session certificate, and packaging the signature of the media message, the first ciphertext and the second ciphertext to generate an encrypted message;
and encrypting the random number based on a local digital certificate and the session certificate to generate a third ciphertext, transmitting the third ciphertext and the encrypted message to the certificate storage server, transmitting the encrypted message to a media server at the same time, and receiving and forwarding the encrypted message to the receiving end signer by the media server.
2. An electronic contract signing method according to claim 1, further comprising the steps of:
at least one receiving end signer establishes a media session in a media server, and a certificate storing server generates a media session public key, a media session private key and a session certificate of the media session based on the media session;
logging in the certificate storing server, and transmitting a local digital certificate to the certificate storing server, wherein the certificate storing server receives and verifies the local digital certificate;
and the certificate storing server transmits the digital certificate of at least one receiving end signer and the session certificate of the media session to the local after the verification is passed.
3. The electronic contract signing method of claim 1, wherein the step of obtaining the media message and the signature of the media message specifically comprises the steps of:
signing the media message based on a local private key to generate a first signature, and transmitting the first signature to the certificate storage server;
and the certificate storing server signs the media message to generate a second signature, combines the first signature and the second signature to generate a signature of the media message, and transmits the signature to the local.
4. The method for electronic contract signing according to claim 1, wherein encrypting said random number based on said receiver signer's digital certificate and said session certificate generates a second ciphertext, comprising the steps of:
acquiring a public key of the receiving end signer based on the digital certificate of the receiving end signer, and acquiring a public key of the media session based on the session certificate;
and encrypting the random number based on the public key of the receiving end signer and the public key of the media session to generate a second ciphertext.
5. An electronic contract signing method according to claim 1, further comprising the steps of:
logging in the certificate storing server, requesting the certificate storing server to acquire certificate storing information of the media session, and receiving first certificate storing information obtained after the certificate storing server preprocesses the certificate storing information;
and decrypting the first authentication information to obtain the media message, and verifying whether the media message conforms to the preset information in the media session.
6. An electronic contract signing method according to claim 1, further comprising the steps of:
a third party organization requests to acquire the media message, the signature of a receiving end media message, the digital certificate of a receiving end signer, a local digital certificate and the session certificate;
authorizing a request passing through the third party authority, the third party authority obtaining the public key of the receiving end signer based on the digital certificate of the receiving end signer, obtaining a local public key based on the local digital certificate, and obtaining a media session public key based on the session certificate;
the third party authority verifies the signature of the media message and the signature of the media message of the receiving end based on the public key of the signer of the receiving end, the local public key and the media session public key;
and after the verification is passed, judging whether the media message conforms to preset information in the media session.
7. An electronic contract signing method, characterized by comprising the steps of:
receiving a digital certificate of at least one sender signer and a session certificate of a media session after the verification of a certificate storing server;
acquiring and analyzing an encrypted message transmitted by a media server to obtain a signature, a first ciphertext and a second ciphertext of a media message at a transmitting end;
decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain a media message;
and verifying the signature of the media message of the sending end based on the digital certificate of the signer of the sending end and the session certificate, and displaying and storing the media message after the verification is passed.
8. The method for signing an electronic contract as claimed in claim 7, wherein decrypting the second ciphertext to obtain a random number, decrypting the first ciphertext based on said random number to obtain the media message, comprises the steps of:
transmitting the second ciphertext to the certificate storage server to request decryption, and obtaining a second intermediate ciphertext generated after the certificate storage server decrypts the second ciphertext;
and decrypting the second intermediate ciphertext based on a local private key to obtain the random number, and decrypting the first ciphertext based on the random number to obtain the media message.
9. The method for electronic contract signing according to claim 7, wherein said media message is presented and certified after verification is passed, comprising the steps of:
displaying the media message after the verification is passed, and selecting a corresponding response mode based on the media message;
signing the media message based on a local private key to generate a third signature, and transmitting the third signature to the certificate storage server;
the certificate storing server signs the media message to generate a fourth signature, combines the third signature and the fourth signature to generate a signature of the media message, and transmits the signature to the local;
and transmitting the signature of the media message to a certificate storage server to be used as a certificate.
10. The electronic contract signing method according to claim 9, further comprising the steps of:
a third party organization requests to acquire the media message, the signature of the media message at the sending end, the digital certificate of the signer at the sending end, a local digital certificate and the session certificate;
authorizing a request passing through the third party organization, wherein the third party organization acquires the public key of the sender signer based on the digital certificate of the sender signer, acquires a local public key based on the local digital certificate, and acquires a media session public key based on the session certificate;
the third party mechanism verifies the signature of the media message and the signature of the sending end media message based on the public key of the sending end signer, the local public key and the media session public key;
and after the verification is passed, judging whether the media message conforms to preset information in the media session.
11. An electronic contract signing system, comprising:
a sending client comprising at least one sending-end signer;
the sending client comprises an encryption module, and the encryption module is used for generating a first ciphertext, a second ciphertext, a third ciphertext and an encrypted message;
a receiving client comprising at least one receiving end signer;
the receiving client comprises an analysis module, and the analysis module is used for acquiring and analyzing the encrypted message transmitted by the media server, and analyzing to obtain a signature, a first ciphertext and a second ciphertext of the media message at the transmitting end;
the certificate storing server is respectively connected with the receiving client and the sending client and is used for storing the third ciphertext and the encrypted message between the receiving end signer and the sending end signer;
and the media server is respectively connected with the receiving client and the sending client and is used for forwarding the encrypted message between the receiving end signer and the sending end signer.
12. An electronic contract signing system according to claim 11, wherein said sending client further comprises:
the first receiving module is used for receiving the digital certificate of at least one receiving end signer and the session certificate of the media session after the verification of the certificate storing server;
the encryption module comprises a first encryption module, the first encryption module is used for acquiring the media message and the signature of the media message, encrypting the media message by taking any random number as a key and generating a first ciphertext;
the encryption module comprises a second encryption module, and the second encryption module is used for encrypting the random number to generate a second ciphertext based on the digital certificate of the receiver signer and the session certificate, and packaging the signature of the media message, the first ciphertext and the second ciphertext to generate an encrypted message;
the encryption module comprises a third encryption module, and the third encryption module is used for encrypting the random number based on a local digital certificate and the session certificate to generate a third ciphertext;
and the first transmission module is used for transmitting the third ciphertext and the encrypted message to the certificate storage server, transmitting the encrypted message to a media server at the same time, and receiving and forwarding the encrypted message to the receiving end signer by the media server.
13. An electronic contract signing system according to claim 11, wherein said receiving client further comprises:
the second receiving module is used for receiving the digital certificate of at least one sender signer and the session certificate of the media session after the verification of the certificate storing server;
the decryption module is used for decrypting the second ciphertext to obtain a random number, and decrypting the first ciphertext based on the random number to obtain the media message;
and the second transmission module is used for verifying the signature of the media message at the sending end based on the digital certificate of the signer at the sending end and the session certificate, and displaying and storing the media message after the verification is passed.
14. A readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210427719.8A CN114553441B (en) | 2022-04-22 | 2022-04-22 | Electronic contract signing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210427719.8A CN114553441B (en) | 2022-04-22 | 2022-04-22 | Electronic contract signing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114553441A true CN114553441A (en) | 2022-05-27 |
| CN114553441B CN114553441B (en) | 2022-08-26 |
Family
ID=81666661
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210427719.8A Active CN114553441B (en) | 2022-04-22 | 2022-04-22 | Electronic contract signing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553441B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710298A (en) * | 2022-06-02 | 2022-07-05 | 深圳天谷信息科技有限公司 | Method, device, equipment and medium for batch signature of documents based on chameleon Hash |
| CN114785506A (en) * | 2022-06-17 | 2022-07-22 | 杭州天谷信息科技有限公司 | Electronic contract signing method |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1533724A1 (en) * | 2003-11-20 | 2005-05-25 | Sap Ag | Method and computer system for signing electronic contracts |
| US20080046743A1 (en) * | 2006-08-16 | 2008-02-21 | Hon Hai Precision Industry Co., Ltd. | System and method for automatically signing electronic documents |
| US20080052520A1 (en) * | 2006-08-28 | 2008-02-28 | Hon Hai Precision Industry Co., Ltd. | System and method for verifying electronic signature of a document |
| CN103873255A (en) * | 2014-03-03 | 2014-06-18 | 杭州电子科技大学 | Electronic contract off-line signing method based on trusted third party |
| CN105635169A (en) * | 2016-01-26 | 2016-06-01 | 葛峰 | Electronic contract signing method based on the internet |
| CN106330441A (en) * | 2015-06-16 | 2017-01-11 | 北京源创云网络科技有限公司 | Method, equipment and system for processing trusted time information |
| WO2017071581A1 (en) * | 2015-10-30 | 2017-05-04 | 中国银联股份有限公司 | Electronic signature generation method and system |
| WO2018000886A1 (en) * | 2016-07-01 | 2018-01-04 | 广州爱九游信息技术有限公司 | Application program communication processing system, apparatus, method, and client terminal, and server terminal |
| CN107844946A (en) * | 2017-06-19 | 2018-03-27 | 深圳法大大网络科技有限公司 | A kind of method, apparatus and server of electronic contract signature |
| CN109660494A (en) * | 2017-10-11 | 2019-04-19 | 金联汇通信息技术有限公司 | The signature method, apparatus and server of electronic contract |
| CN110677259A (en) * | 2019-09-29 | 2020-01-10 | 杭州尚尚签网络科技有限公司 | Full-link real-time notarization system and method for electronic contract |
| CN111737715A (en) * | 2020-06-22 | 2020-10-02 | 上海黔易数据科技有限公司 | Decentralized electronic contract online signing method and system |
| CN112487778A (en) * | 2020-11-16 | 2021-03-12 | 中信银行股份有限公司 | Multi-user online signing system and method |
| CN113452526A (en) * | 2020-03-25 | 2021-09-28 | 深圳法大大网络科技有限公司 | Electronic document storage and verification method and corresponding device |
-
2022
- 2022-04-22 CN CN202210427719.8A patent/CN114553441B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1533724A1 (en) * | 2003-11-20 | 2005-05-25 | Sap Ag | Method and computer system for signing electronic contracts |
| US20080046743A1 (en) * | 2006-08-16 | 2008-02-21 | Hon Hai Precision Industry Co., Ltd. | System and method for automatically signing electronic documents |
| US20080052520A1 (en) * | 2006-08-28 | 2008-02-28 | Hon Hai Precision Industry Co., Ltd. | System and method for verifying electronic signature of a document |
| CN103873255A (en) * | 2014-03-03 | 2014-06-18 | 杭州电子科技大学 | Electronic contract off-line signing method based on trusted third party |
| CN106330441A (en) * | 2015-06-16 | 2017-01-11 | 北京源创云网络科技有限公司 | Method, equipment and system for processing trusted time information |
| WO2017071581A1 (en) * | 2015-10-30 | 2017-05-04 | 中国银联股份有限公司 | Electronic signature generation method and system |
| CN105635169A (en) * | 2016-01-26 | 2016-06-01 | 葛峰 | Electronic contract signing method based on the internet |
| WO2018000886A1 (en) * | 2016-07-01 | 2018-01-04 | 广州爱九游信息技术有限公司 | Application program communication processing system, apparatus, method, and client terminal, and server terminal |
| CN107844946A (en) * | 2017-06-19 | 2018-03-27 | 深圳法大大网络科技有限公司 | A kind of method, apparatus and server of electronic contract signature |
| CN109660494A (en) * | 2017-10-11 | 2019-04-19 | 金联汇通信息技术有限公司 | The signature method, apparatus and server of electronic contract |
| CN110677259A (en) * | 2019-09-29 | 2020-01-10 | 杭州尚尚签网络科技有限公司 | Full-link real-time notarization system and method for electronic contract |
| CN113452526A (en) * | 2020-03-25 | 2021-09-28 | 深圳法大大网络科技有限公司 | Electronic document storage and verification method and corresponding device |
| CN111737715A (en) * | 2020-06-22 | 2020-10-02 | 上海黔易数据科技有限公司 | Decentralized electronic contract online signing method and system |
| CN112487778A (en) * | 2020-11-16 | 2021-03-12 | 中信银行股份有限公司 | Multi-user online signing system and method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710298A (en) * | 2022-06-02 | 2022-07-05 | 深圳天谷信息科技有限公司 | Method, device, equipment and medium for batch signature of documents based on chameleon Hash |
| CN114710298B (en) * | 2022-06-02 | 2022-09-06 | 深圳天谷信息科技有限公司 | Chameleon hash-based document batch signing method, device, equipment and medium |
| CN114785506A (en) * | 2022-06-17 | 2022-07-22 | 杭州天谷信息科技有限公司 | Electronic contract signing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114553441B (en) | 2022-08-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108565B2 (en) | Secure communications providing forward secrecy | |
| CN109309565B (en) | Security authentication method and device | |
| CN109962784B (en) | Data encryption, decryption and recovery method based on multiple digital envelope certificates | |
| CN112887338B (en) | Identity authentication method and system based on IBC identification password | |
| CN107947913B (en) | Anonymous authentication method and system based on identity | |
| CN103763631B (en) | Authentication method, server and television set | |
| CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
| CN109728909A (en) | Identity identifying method and system based on USBKey | |
| CN106789042B (en) | Authentication key negotiation method for user in IBC domain to access resources in PKI domain | |
| CN106506470A (en) | network data security transmission method | |
| CN105471833A (en) | Safe communication method and device | |
| CN110958209B (en) | Bidirectional authentication method, system and terminal based on shared secret key | |
| CN114553441B (en) | Electronic contract signing method and system | |
| CN107888560A (en) | A kind of mobile intelligent terminal mail security Transmission system and method | |
| CN111552270B (en) | Safety authentication and data transmission method and device for vehicle-mounted diagnosis | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| KR20150079489A (en) | Instant messaging method and system | |
| CN105049877A (en) | Encryption method and device for live and recorded broadcast interaction system | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN109151508A (en) | A kind of video encryption method | |
| CN113285803B (en) | Mail transmission system and transmission method based on quantum security key | |
| CN112383395A (en) | Key agreement method and device | |
| CN114531243B (en) | Alliance chain transaction privacy protection method based on label encryption and zero knowledge proof | |
| CN113868684A (en) | Signature method, device, server, medium and signature system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |