CN114692216A - Electronic contract signing method, system, storage medium and equipment based on symmetric key - Google Patents

Electronic contract signing method, system, storage medium and equipment based on symmetric key Download PDF

Info

Publication number
CN114692216A
CN114692216A CN202011638865.2A CN202011638865A CN114692216A CN 114692216 A CN114692216 A CN 114692216A CN 202011638865 A CN202011638865 A CN 202011638865A CN 114692216 A CN114692216 A CN 114692216A
Authority
CN
China
Prior art keywords
electronic contract
key
signing
party
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011638865.2A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd, Quantumctek Co Ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202011638865.2A priority Critical patent/CN114692216A/en
Publication of CN114692216A publication Critical patent/CN114692216A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an electronic contract signing method, a system, a storage medium and equipment based on a symmetric key, wherein when the key is used, the used key is marked, the repeated use of the key is prevented, and a symmetric key algorithm has the quantum attack resistance characteristic, so that the defect that the safety of the traditional electronic contract signing method based on PKI is based on computational safety is fundamentally eliminated.

Description

Electronic contract signing method, system, storage medium and equipment based on symmetric key
Technical Field
The invention belongs to the technical field of encrypted communication of quantum cryptography networks, and particularly relates to an electronic contract signing method, system, storage medium and equipment based on a symmetric key.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
The electronic contract, also called e-commerce contract, appears along with the development of computer technology and automatic office technology, and the essence of the electronic contract is to transmit information through electronic pulses, which changes the traditional practice of using paper as an original credential, wherein the credential is a group of electronic information. In general, an electronic contract may be defined as: an electronic contract is an agreement between two or more parties to establish, modify, terminate property civil rights obligations electronically over an electronic information network. In short, an electronic contract is a contract made electronically, which mainly refers to an agreement that the parties of the contract have under network conditions.
The core technology of the current electronic contract signing system is PKI technology, the core of the PKI technology is that a digital certificate is adopted for authentication, a seal is stamped in an electronic document through an electronic signature, and digital signature information of the document is embedded in the electronic document, so that the authenticity, uniqueness, source confirmation and non-repudiation of the document are ensured.
However, the inventor knows that the current electronic contract is basically implemented based on the PKI technology, the identity authentication of the signer is implemented based on the PKI technology, and meanwhile, the anti-repudiation signature of the data is implemented by using the RSA asymmetric key. It is well known that RSA asymmetric key encryption algorithms are computationally secure. In the face of foreseeable research and construction of quantum computers, the security problem exists in the classic cryptosystem based on the computational complexity. Therefore, the current electronic contract signing method based on the asymmetric key technology has potential safety hazards.
Disclosure of Invention
In order to solve the problems, the invention provides an electronic contract signing method, a system, a storage medium and equipment based on a symmetric key.
According to some embodiments, the invention adopts the following technical scheme:
an electronic contract signing method based on a symmetric key, which is executed from a trusted center or a third party, comprises the following steps:
receiving an encrypted electronic contract to be signed, a message authentication code and a signature request which are sent by different electronic contract signatories, wherein the encryption is carried out by using an unused shared secret key;
receiving a signature request, carrying out identity verification, respectively determining whether a shared secret key is used, if not, marking that the shared secret key is used, verifying the identity information of a party signed by an electronic contract, decrypting and acquiring the electronic contract to be signed, otherwise, rejecting the signature request of the corresponding party signed by the electronic contract;
determining whether the electronic contracts to be signed sent by different electronic contract signatory parties are the same contract, if so, performing symmetric key signature on the electronic contracts to be signed to generate signed electronic contracts, and if not, stopping a signing process;
encrypting the signed electronic contract, feeding back the electronic contract to each electronic contract signing party, receiving the confirmation information of each electronic contract signing party, and completing the signing process if the confirmation information is received; if no party signs the message, sending contract signing canceling signature to all electronic contract signing parties.
In an alternative embodiment, before signing the electronic contract, each electronic contract signing party performs identity registration, verifies the identity registration information, and stores the identity registration information and the shared key of the electronic contract signing party.
As an alternative implementation manner, the specific process of receiving the encrypted electronic contract to be signed, the message authentication code and the signature request sent by different electronic contract signatories includes: the method comprises the steps of receiving a ciphertext obtained by an electronic contract signing party through an unused first shared key encryption contract, receiving a message authentication code related to a calculation key of the electronic contract signing party through a second shared key, and receiving an electronic contract signing request sent by the electronic contract signing party.
As an alternative embodiment, the specific process of performing identity authentication includes: and receiving a signature request and a message authentication code sent by an electronic contract signing party, decrypting the message authentication code, reading a shared key with the serial number consistent with the second shared key, verifying and determining the correctness of the message authentication code, if the shared key is correct, passing the identity authentication, reading a shared key decryption ciphertext with the serial number consistent with the serial number of the first shared key, and obtaining the electronic contract to be signed.
As a further limitation, establishing a true random number digital signature key bank for digital signature of the electronic contract data, dividing keys of the key bank into keys according to the length used by each digital signature, and numbering the divided keys in sequence; the electronic contract signing party performs key division on the shared key according to the length of the shared key used each time and numbers the shared key with the credible center in a synchronous sequence.
As an alternative implementation, the specific process of performing symmetric key signature on the electronic contract to be signed includes: and carrying out symmetric key signature on the electronic contract to be signed by using the unused key, and obtaining signature data containing a timestamp and a key number when the electronic contract is signed, the identity identification codes of the involved electronic contract signing party and the trusted center and the electronic contract information.
As an alternative embodiment, if the confirmation message is received, the specific process of completing the signing process includes: and receiving the correctness information of the signed electronic contract verified by each electronic contract signing party, and if the information is received within a set time, storing the signed electronic contract.
As an alternative embodiment, if no one party signs the message, the specific process of sending the contract signing cancellation signature to all the electronic contract signing parties comprises the following steps: the related message authentication code is calculated by using the unused signature key, the verification information related to the message authentication code is sent to the related electronic contract signing party, and the verification information is stored, so that the electronic contract signing party stores the verification information as the cancelled certificate of the electronic contract signing.
A computer-readable storage medium having stored therein instructions adapted to be loaded by a processor of a terminal device and to execute the steps of said method for symmetric key-based electronic contract signing.
A terminal device comprising a processor and a computer readable storage medium, the processor being configured to implement instructions; the computer-readable storage medium stores instructions adapted to be loaded by the processor and to perform the steps of the method for symmetric key-based electronic contract signing.
A symmetric key based electronic contract signing system comprising:
the client equipment is used as the execution equipment of the electronic contract signing party and is configured to encrypt the electronic contract to be signed, generate a message authentication code and a signature request, perform information interaction with the credible center, send the encrypted electronic contract to be signed, the message authentication code, the signature request and the confirmation information and receive the signed electronic contract;
the trusted center is used as a third-party trusted authority and is configured to receive the encrypted electronic contract to be signed, the message authentication code and the signature request which are sent by different electronic contract signatories, and the encryption is encrypted by using an unused shared secret key;
receiving a signature request, carrying out identity verification, respectively determining whether a shared secret key is used, if not, marking that the shared secret key is used, verifying the identity information of a party signed by an electronic contract, decrypting and acquiring the electronic contract to be signed, otherwise, rejecting the signature request of the corresponding party signed by the electronic contract;
determining whether the electronic contracts to be signed sent by different electronic contract signatory parties are the same contract, if so, performing symmetric key signature on the electronic contracts to be signed to generate signed electronic contracts, and if not, stopping a signing process;
encrypting the signed electronic contract of the signature, feeding back the electronic contract to each electronic contract signing party, receiving the confirmation and acceptance information of each electronic contract signing party, and completing the signing process if the confirmation information is received; if no party signs the message, sending contract signing canceling signature to all electronic contract signing parties.
As an alternative implementation, before signing an electronic contract, each client device submits an identity registration application to a trusted center through a quantum secret channel by a quantum cryptography network terminal; after the credible center accepts the identity registration application of the electronic contract signing party, the credible center respectively examines the materials submitted by the electronic contract signing party; after the examination is qualified, the trusted center distributes the shared secret key to the electronic contract signing party through a quantum secret channel of a quantum cryptography network, the trusted center stores the identity registration information and the shared secret key of the electronic contract signing party in a database, the client equipment safely stores the shared secret key, and the client equipment and the shared secret key in the trusted center database perform secret key division and synchronous sequence numbering on the shared secret key according to the length of using the shared secret key each time.
As an alternative embodiment, the trusted center establishes a true random number digital signature key base for digital signature of the electronic contract data; the keys of the key bank are divided according to the length used by each digital signature, and the divided keys are numbered sequentially.
As an alternative implementation, when the shared key between the trust center and the client device is about to be used up, the client device performs mutual authentication with the trust center using an unused shared key, after the authentication succeeds, the trust center distributes a quantum key to the client device through a quantum secret communication link of a quantum cryptography network, the trust center and the client device encrypt the newly distributed quantum key using the unused key, use a ciphertext as a new shared key, and perform key division and serial numbering on the new shared key.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides an electronic contract signing method based on symmetric key signature, a symmetric cryptosystem has the characteristics of small mathematical operation amount, high encryption speed and easiness in processing, and a symmetric key algorithm has the quantum attack resistance characteristic, so that the defect that the safety of the traditional electronic contract signing method based on PKI is based on computational safety is fundamentally eliminated.
When the key is used, the used key is marked, and the key is prevented from being reused, so that the method is realized based on a quantum cryptography network, adopts a one-time pad encryption method and has unconditional safety; through the quantum cryptography network, the encrypting parties can conveniently obtain a shared symmetric key by means of quantum key distribution.
The invention requires the signer receiving the contract to send correct feedback information (random number) to the credible center in order to ensure that both parties receiving the contract receive the signed electronic contract (in order to prevent the party receiving the contract from repudiating the contract through hiding and the party not receiving the contract can not get the evidence that the contract is signed). In the appointed time, the credible center can not receive the correct feedback information sent by both parties or one party of the signing, then the credible center generates and stores the signature information for canceling the contract, both parties of the signing know that the credible center can not receive the correct feedback information after the appointed time, and the contract signing fails even if the contract canceling information can not be received due to network failure. The method strictly follows the fair exchange protocol, and ensures the fairness of electronic contract signing.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
FIG. 1 is a schematic diagram illustrating an electronic contract signing process according to one embodiment;
fig. 2 is a communication diagram of the electronic contract signing involved party in the second embodiment.
The specific implementation mode is as follows:
the invention is further described with reference to the following figures and examples.
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The first embodiment is as follows:
aiming at the security defect of the current electronic contract signing method, an electronic contract signing method based on a symmetric key is provided.
And establishing a trusted center, wherein the trusted center is a third-party trusted authority. And establishing a true random number digital signature key bank in the trusted center for digital signature of the electronic contract data. And carrying out key division on the keys of the key bank according to the length used by each digital signature, and numbering the divided keys in sequence. Before signing the electronic contract, the signing party of the electronic contract submits an identity registration application to a trusted center. After the credible center accepts the identity registration application of the signing party, the materials submitted by the signing party are respectively examined. After the examination is qualified, the trusted center distributes the shared secret key to the signing party, the trusted center stores the identity registration information of the signing party and the shared secret key in a database, the signing party safely stores the shared secret key, and the shared secret key in the trusted center database are subjected to secret key division according to the length of using the shared secret key each time and are numbered in a synchronous sequence.
In this embodiment, the method for distributing the shared key may adopt an existing distribution method, which is not described herein again.
The present embodiment is an electronic contract signing method based on two parties, and it is assumed that two parties participating in electronic contract signing are a and B (a and B represent the identification codes of contract signing parties, respectively, and a and B have completed identity registration in the trust center in advance), and a contract to be signed by a and B is C (a and B have agreed the content of C in advance).
As shown in fig. 1, the specific implementation process includes:
(1) the electronic contract signing party A encrypts the electronic contract C to generate a message authentication code, sends an electronic contract signing request to the trusted center, and sends the electronic contract ciphertext, the message authentication code and related information to the trusted center.
A encrypts the contract C using an unused shared key K1 with the trusted center to obtain the ciphertext EK1(C) And use with a trust centerThe unused shared key K2 of (a) calculates a key-dependent message authentication code HMAC (a | | B | | TP | | E)K1(C) | N1| | N2; K2) (TP is the identification code of the trust center, N1 and N2 respectively represent the serial numbers of the keys K1 and K2, | | represents the data connection operation), A is A, B, TP, N1, N2, EK1(C) And HMAC (A | | | B | | TP | | | E)K1(C) | N1| | N2; K2) sending to the trusted center and sending to the trusted center an electronic contract signing request, marking keys K1 and K2 as used.
(2) And the electronic contract signing party B encrypts the electronic contract C to generate a message authentication code, sends an electronic contract signing request to the trusted center and sends the electronic contract ciphertext, the message authentication code and related information to the trusted center.
B encrypts the contract C using the unused shared key K3 with the trusted center to obtain the ciphertext EK3(C) And calculates a key-dependent message authentication code HMAC (a | | B | | | TP | | E) using an unused shared key K4 of the trusted centerK4(C) | N3| | N4; K4) (TP is the identification code of the trust center, N3 and N4 respectively represent the serial numbers of the keys K3 and K4, | | represents the data connection operation), B is A, B, TP, N3, N4, EK3(C) And HMAC (A | | | B | | TP | | | E)K3(C) | N3| | N4; K4) sending to the trusted center and sending to the trusted center an electronic contract signing request, marking keys K3 and K4 as used.
(3) And the trusted center verifies the identity of the A and decrypts to obtain the contract C.
The trusted center receives the data A, B, TP, N1, N2 and E sent by the AK1(C) And HMAC (A | | | B | | TP | | | E)K1(C) | N1| | N2; K2) after the signing request is received, the database reads a shared key K2 with the serial number N2 and A, if K2 is used, the database refuses to accept the signing request and the data sent by A, and otherwise, the database verifies HMAC (A | | B | TP | | E) by using K2K1(C) | N1| | N2; K2) if the identity authentication of the A is correct, the identity authentication of the A passes, and the trusted center reads the shared secret key K1 with the serial number N1 from the database to decrypt the EK1(C) Obtaining contract C, the trust center marks the keys K1 and K2 as used.
(4) And the trusted center verifies the identity of the B and decrypts to obtain the contract C.
The trusted center receives the data A, B, TP, N1, N2 and E sent by the BK1(C) And HMAC (A | | | B | | TP | | | E)K1(C) | N1| | N2; K2) after signing the request, reading a shared key K4 with the serial number N4 and A from the database, if K4 is used, refusing to accept the signing request and data sent by B, otherwise, verifying HMAC (A | | B | | TP | | | E) by using K4K3(C) | N1| | N2; K4) if the identity authentication of the B is correct, the identity authentication of the B passes, and the trusted center reads the shared secret key K3 with the serial number N3 from the database to decrypt the EK3(C) Obtaining contract C, the trust center marks the keys K3 and K4 as used.
(5) The credible center confirms that the A and B apply for the signature request of the same contract C, and signs the electronic contract to generate the signed electronic contract. Of course, subsequent operations need to be performed on the basis of the same contract being signed.
After the trusted center receives the signature requests of A and B and confirms that the signature requests are the signature requests of the same contract C, symmetric key signature is carried out on the contract C by using the unused key K until the serial number read by the signature key library is N, and the obtained signature data is as follows: HMAC (A | | B | | TP | | | TS | | | C | | | N; K), where TS is the timestamp at the time of signing, N is the serial number of the signing key K, DS ═ DS |
A | | | B | | TP | | TS | | C | | N | | HMAC (A | | B | | TP | | | TS | | C | | N; K) is used as the signed electronic contract data of the electronic contract C, and K is marked as used.
(6) The trusted center sends the signed electronic contract to a and B, respectively.
The trusted center generates random numbers R1 and R2, and generates ciphertext E by using unused shared key K5 encrypted data DS | | R1 with serial number N5 and AK5(DS | | R1) computing a key-dependent hashed message authentication code HMAC using the unused shared key K6 for B with sequence number N6 (E)K5(DS | | R1) | | N5| | N6; K6) (ii) a Ciphertext E may be generated by encrypting data DS | | | R2 using unused shared key K7 with B, having sequence number N7K7(DS | | R2), Hash operation message authentication code HMAC (E) with serial number N8 associated with the unused shared key K8 computation key of BK7(DS | | R2) | | N7| | N8; K8) in that respect Trusted center will EK5(DS R1), N5, N6 and HMAC (E)K5(DS||R1)||N5|L N6; K6) is sent to A and EK7(DS R2), N7, N8 and HMAC (E)K7(DS | | R2) | | N7| | N8; K8) sent to B, the trust center marks the keys K5, K6, K7, and K8 as used.
(7) And judging whether the A and the B send the confirmation information of receiving the signed contract or not, and determining whether the electronic contract is signed effectively or not.
If the A and the B receive the data sent by the trusted center, the shared secret key is used for verifying the validity of the data and decrypting the data to obtain the signed electronic contract data DS and the random number, the A or the B verifies the correctness of the DS to the trusted center, if the DS is verified to be correct, the signed electronic contract is stored, the random number R1 or R2 is sent to the trusted center by using the shared secret key encryption of the trusted center, and the verification secret key and the decryption secret key are marked as used.
(8) If the credible center receives the correct random numbers sent by the A and the B, the electronic contract signing process is finished, and the credible center stores the DS; if the correct random number sent by one of a or B (assumed to be a) is not received or only received within a specified time, the trusted center uses an unused signature key K9 with a serial number N9 to calculate HMAC ("CANCELLED" | DS | | TS | | | N9; K9), sends CDS ═ CANCELLED "| DS | | | TS | | | N9| | HMAC (" CANCELLED "| DS | | | TS | | | | N9; K9) to a and B, and the trusted center stores data CDS, and marks K9 as a used key. And the A or B receives the contract cancellation signature data CDS sent by the trusted center, verifies the correctness of the CDS, and if the correctness is verified, the data CDS is stored and used as a certificate for signing the cancelled electronic contract.
Example two:
as shown in fig. 2, a symmetric key-based electronic contract signing system is provided, and the functions of the components are detailed as follows:
the credible center is a third-party credible organization and is used for digital signature of the electronic contract, identity registration of an electronic contract signing party, identity authentication of the signing party during signing of the electronic contract and a server for signing of the electronic contract. And establishing a true random number digital signature key bank in the trusted center for digital signature of the electronic contract data. And dividing the key of the key bank according to the length used by each digital signature, and numbering the divided keys in sequence.
The electronic contract signing party and the execution mechanism can be a client server or a processor or other equipment, and are both parties for signing the electronic contract through a credible center. Before signing the electronic contract, the signing party of the electronic contract submits an identity registration application to a trusted center by adopting a quantum secret channel through a quantum secret network terminal. After the credible center accepts the identity registration application of the signing party, the materials submitted by the signing party are respectively examined. After the examination is qualified, the trusted center distributes the shared secret key to the signing party through a quantum secret channel of a quantum cryptography network, the trusted center stores the identity registration information and the shared secret key of the signing party in a database, the signing party safely stores the shared secret key, and the shared secret key in the trusted center database are subjected to secret key division and synchronous sequence numbering according to the length of using the shared secret key each time.
The communication process between the electronic contract signing party and the credible center comprises the following steps:
the electronic contract signing party A encrypts the contract C by using a shared key K1 of the trusted center to obtain a ciphertext EK1(C) And calculates a key-dependent message authentication code HMAC (A | | | B | | | TP | | E) using a shared key K2 of the trusted centerK1(C) | N1| | N2; K2) (TP is the identification code of the credible center, N1 and N2 respectively represent the serial numbers of the keys K1 and K2, | | represents the data connection operation), A sends an electronic contract signing request to the credible center, and A, B, TP, N1, N2 and E are processedK1(C) And HMAC (A | | | B | | TP | | | E)K1(C) | N1| | N2; K2) and sending the information to the trusted center.
The electronic contract signing party B encrypts the contract C by using a shared key K3 of the trusted center to obtain a ciphertext EK3(C) And calculates a key-dependent message authentication code HMAC (A | | B | | | TP | | | E) using a shared key K4 of the trusted centerK4(C) | N3| | N4; K4) (TP is the identification code of the credible center, N3 and N4 respectively represent the serial numbers of the keys K3 and K4, | | represents the data connection operation), B sends an electronic contract signing request to the credible center, and A, B, TP, N3, N4 and E are sent to the credible centerK3(C) And HMAC (A | | | B | | TP | | | E)K3(C)||N3||N4;K4) And sending the data to the trusted center.
The trusted center receives the signature request and data A, B, TP, N1, N2 and E sent by AK1(C) And HMAC (A | | | B | | TP | | | E)K1(C) | N1| | N2; K2) then, the database reads the shared key K2 with A with the serial number N2 to verify the HMAC (A | | B | | | TP | | | E)K1(C) | N1| | N2; K2) if the identity authentication of the A is correct, the identity authentication of the A passes, and the trusted center reads the shared secret key K1 with the serial number N1 from the database to decrypt the EK1(C) A contract C is obtained.
The trusted center receives B sending signature request and data A, B, TP, N3, N4 and EK3(C) And HMAC (A | | | B | | TP | | | E)K3(C) | N3| | N4; K4) then, the database reads the shared key K4 with the serial number N4 and B, and the HMAC is verified (A | | B | | | TP | | | E)K3(C) | N3| | N4; K4) if the identity authentication of the B is correct, the identity authentication of the B passes, and the trusted center reads the shared secret key K3 with the serial number N3 from the database to decrypt the EK3(C) A contract C is obtained.
After the trusted center receives the signature requests of A and B and confirms that the signature requests are the signature requests of the same contract C, symmetric key signature is carried out on the contract C by using the unused key K until the serial number read by the signature key library is N, and the obtained signature data is as follows: HMAC (A | | B | | TP | | | TS | | | C | | | N; K), wherein TS is the timestamp of signing, N is the serial number of signing secret key K, DS | | A | | B | | TP | | | TS | C | | N | | HMAC (A | | B | | | TP | | TS | | C | | N; K) is regarded as the signed electronic contract of electronic contract C, and K is marked as used.
The trusted center generates random numbers R1 and R2, encrypts data DS | | | R1 by using a shared key K5 with the serial number N5 and A to generate a ciphertext EK5(DS R1) computing a key-dependent hash message authentication code HMAC using shared key K6 for B with sequence number N6 (E)K5(DS | | R1) | | N5| | N6; K6) (ii) a Ciphertext E may be generated by encrypting data DS | | | R2 using shared key K7 with B, with serial number N7K7(DS | | R2), compute a key-dependent hash message authentication code HMAC using shared key K8 with sequence number N8 and B (E)K7(DS | | R2) | | N7| | N8; K8) in that respect Trusted center will EK5(DS R1), N5, N6 and HMAC (E)K5(DS | | R1) | | N5| | N6; K6) is sent to A and EK7(DS R2), N7, N8 andHMAC(EK7(DS | | R2) | | N7| | N8; K8) and sending the data to B.
If the A and the B receive the data sent by the trusted center, the shared key is used for verifying the validity of the data and decrypting the data to obtain the signed electronic contract DS and the random number, the A or the B verifies the correctness of the DS to the trusted center, if the DS is verified to be correct, the signed electronic contract is stored, and the random number R1 or R2 is sent to the trusted center by being encrypted with the shared key of the trusted center.
If the credible center receives the correct random numbers sent by the A and the B, the signing process of the electronic contract is finished, and the credible center stores the DS; if the correct random number sent by one of A or B (assumed to be A) is not received or only received within a specified time, the trusted center uses a signature key K9 with the serial number of N9 to calculate HMAC (CANCELLED "| DS | | | N9; K9), sends CDS (CANCELLED" | DS | | N9| | | | HMAC (CANCELLED "| DS | | N9; K9) to A and B and stores CDS, and the CDS is received and verified by the A and B, and the CDS is stored if the CDS is correct and serves as a certificate for canceling the electronic signing contract.
Example three:
a computer-readable storage medium having stored therein a plurality of instructions adapted to be loaded by a processor of a terminal device and to execute the steps performed by any one of the executors of the method for electronic contract signing based on symmetric keys provided in embodiment one or embodiment two.
Example four:
a terminal device comprising a processor and a computer readable storage medium, the processor being configured to implement instructions; the computer readable storage medium is used for storing instructions adapted to be loaded by a processor and for executing the steps performed by any one of the executors of the method for electronic contract signing based on symmetric keys provided in embodiment one or embodiment two.
The terminal device may be a server, a processor, or the like, and is not limited herein.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.

Claims (14)

1. An electronic contract signing method based on a symmetric key is executed from a trusted center or a third party, and is characterized in that: the method comprises the following steps:
receiving an encrypted electronic contract to be signed, a message authentication code and a signature request which are sent by different electronic contract signatories, wherein the encryption is carried out by using an unused shared secret key;
receiving a signature request, carrying out identity verification, respectively determining whether a shared secret key is used or not, if not, marking that the shared secret key is used, verifying the identity information of a party signing the electronic contract, decrypting to obtain the electronic contract to be signed, and otherwise, rejecting the signature request of the corresponding party signing the electronic contract;
determining whether the electronic contracts to be signed sent by different electronic contract signatory parties are the same contract, if so, performing symmetric key signature on the electronic contracts to be signed to generate signed electronic contracts, and if not, stopping a signing process;
encrypting the signed electronic contract of the signature, feeding back the electronic contract to each electronic contract signing party, receiving the confirmation and acceptance information of each electronic contract signing party, and completing the signing process if the confirmation information is received; if no party signs the message, sending contract signing canceling signature to all electronic contract signing parties.
2. The electronic contract signing method based on the symmetric key as claimed in claim 1, characterized by: before signing the electronic contract, each electronic contract signing party firstly carries out identity registration, and after checking the identity registration information, the identity registration information and the shared secret key of the electronic contract signing party are stored.
3. The electronic contract signing method based on the symmetric key as claimed in claim 1, characterized by: the specific process of receiving the encrypted electronic contract to be signed, the message authentication code and the signature request sent by different electronic contract signatories comprises the following steps: the method comprises the steps of receiving a ciphertext obtained by an electronic contract signing party through an unused first shared key encryption contract, receiving a message authentication code related to a calculation key of the electronic contract signing party through a second shared key, and receiving an electronic contract signing request sent by the electronic contract signing party.
4. The electronic contract signing method based on the symmetric key as claimed in claim 1, characterized by: the specific process of identity authentication comprises the following steps: and receiving a signature request and a message authentication code sent by an electronic contract signing party, decrypting the message authentication code, reading a shared key with the serial number consistent with the second shared key, verifying and determining the correctness of the message authentication code, if the shared key is correct, passing the identity authentication, reading a shared key decryption ciphertext with the serial number consistent with the serial number of the first shared key, and obtaining the electronic contract to be signed.
5. The electronic contract signing method based on symmetric key as claimed in claim 4, characterized by: establishing a true random number digital signature key bank for digital signature of electronic contract data, dividing keys of the key bank according to the length used by each digital signature, and numbering the divided keys in sequence; and the electronic contract signing party performs key division on the shared key according to the length of using the shared key each time and numbers the shared key with the trusted center or the third party in a synchronous sequence.
6. The electronic contract signing method based on the symmetric key as claimed in claim 1, characterized by: the specific process of performing symmetric key signature on the electronic contract to be signed comprises the following steps: and carrying out symmetric key signature on the electronic contract to be signed by using the unused key, and obtaining signature data containing a timestamp and a key number when the electronic contract is signed, the identity identification codes of the involved electronic contract signing party and the trusted center and the electronic contract information.
7. The electronic contract signing method based on the symmetric key as claimed in claim 1, characterized by: if the confirmation information is received, the specific process of completing the signing flow comprises the following steps: and receiving the correctness information of the signed electronic contract verified by each electronic contract signing party, and if the information is received within a set time, storing the signed electronic contract.
8. The electronic contract signing method based on the symmetric key as claimed in claim 1, characterized by: if any party signs the message, the specific process of sending contract signing cancellation signature to all electronic contract signing parties comprises the following steps: the related message authentication code is calculated by using the unused signature key, the verification information related to the message authentication code is sent to the related electronic contract signing party, and the verification information is stored, so that the electronic contract signing party stores the verification information as the cancelled certificate of the electronic contract signing.
9. A computer-readable storage medium characterized by: in which instructions are stored, said instructions being adapted to be loaded by a processor of a terminal device and to carry out the steps of a method for symmetric key based electronic contract signing according to any one of claims 1-8.
10. A terminal device is characterized in that: the system comprises a processor and a computer readable storage medium, wherein the processor is used for realizing instructions; the computer-readable storage medium stores instructions adapted to be loaded by a processor and to perform the steps of a method for symmetric key-based electronic contract signing according to any one of claims 1-8.
11. An electronic contract signing system based on a symmetric key is characterized in that: the method comprises the following steps:
the client equipment is used as the execution equipment of the electronic contract signing party and is configured to encrypt the electronic contract to be signed, generate a message authentication code and a signature request, perform information interaction with the credible center, send the encrypted electronic contract to be signed, the message authentication code, the signature request and the confirmation information and receive the signed electronic contract;
the trusted center is used as a third-party trusted authority and is configured to receive the encrypted electronic contract to be signed, the message authentication code and the signature request which are sent by different electronic contract signatories, and the encryption is encrypted by using an unused shared secret key;
receiving a signature request, carrying out identity verification, respectively determining whether a shared secret key is used, if not, marking that the shared secret key is used, verifying the identity information of a party signed by an electronic contract, decrypting and acquiring the electronic contract to be signed, otherwise, rejecting the signature request of the corresponding party signed by the electronic contract;
determining whether the electronic contracts to be signed sent by different electronic contract signatory parties are the same contract, if so, performing symmetric key signature on the electronic contracts to be signed, and if not, stopping the signing process;
encrypting the signed electronic contract of the signature, feeding back the electronic contract to each electronic contract signing party, receiving the confirmation and acceptance information of each electronic contract signing party, and completing the signing process if the confirmation information is received; if no party signs the message, sending contract signing canceling signature to all electronic contract signing parties.
12. The electronic contract signing system based on symmetric key as claimed in claim 11, wherein: before signing the electronic contract, each client device submits an identity registration application to a trusted center by adopting a quantum secret channel through a quantum cryptography network terminal; after the credible center accepts the identity registration application of the electronic contract signing party, the credible center respectively examines the materials submitted by the electronic contract signing party; after the examination is qualified, the trusted center distributes the shared secret key to the electronic contract signing party through a quantum secret channel of a quantum cryptography network, the trusted center stores the identity registration information and the shared secret key of the electronic contract signing party in a database, the client equipment safely stores the shared secret key, and the client equipment and the shared secret key in the trusted center database perform secret key division and synchronous sequence numbering on the shared secret key according to the length of using the shared secret key each time.
13. A symmetric key based electronic contract signing system as claimed in claim 11, wherein: the trusted center establishes a true random number digital signature key bank for digital signature of the electronic contract data; the keys of the key bank are divided according to the length used by each digital signature, and the divided keys are numbered sequentially.
14. The electronic contract signing system based on symmetric key as claimed in claim 11, wherein: when the shared key between the trusted center and the client device is about to be used up, the client device performs mutual identity authentication with the trusted center by using the unused shared key, after the identity authentication is successful, the trusted center distributes the quantum key to the client device through a quantum secret communication link of a quantum cryptography network, the trusted center and the client device encrypt the newly distributed quantum key by using the unused key, the ciphertext is used as a new shared key, and the new shared key is subjected to key division and serial numbering.
CN202011638865.2A 2020-12-31 2020-12-31 Electronic contract signing method, system, storage medium and equipment based on symmetric key Pending CN114692216A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011638865.2A CN114692216A (en) 2020-12-31 2020-12-31 Electronic contract signing method, system, storage medium and equipment based on symmetric key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011638865.2A CN114692216A (en) 2020-12-31 2020-12-31 Electronic contract signing method, system, storage medium and equipment based on symmetric key

Publications (1)

Publication Number Publication Date
CN114692216A true CN114692216A (en) 2022-07-01

Family

ID=82135957

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011638865.2A Pending CN114692216A (en) 2020-12-31 2020-12-31 Electronic contract signing method, system, storage medium and equipment based on symmetric key

Country Status (1)

Country Link
CN (1) CN114692216A (en)

Similar Documents

Publication Publication Date Title
US11108565B2 (en) Secure communications providing forward secrecy
CN112887338B (en) Identity authentication method and system based on IBC identification password
CN107810617B (en) Secret authentication and provisioning
US11044082B2 (en) Authenticating secure channel establishment messages based on shared-secret
CN111698225A (en) Application service authentication encryption method suitable for power dispatching control system
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN114692218A (en) Electronic signature method, equipment and system for individual user
CN112383395B (en) Key negotiation method and device
CN109767218A (en) Block chain certificate processing method and system
CN114697040A (en) Electronic signature method and system based on symmetric key
CN114553441B (en) Electronic contract signing method and system
CN114697038A (en) Quantum attack resistant electronic signature method and system
US20240113885A1 (en) Hub-based token generation and endpoint selection for secure channel establishment
CN113890768A (en) Equipment authentication method and system, Internet of things equipment and authentication server
CN111314059B (en) Processing method, device and equipment for account authority proxy and readable storage medium
CN112600667A (en) Key negotiation method, device, equipment and storage medium
CN110278073B (en) Group digital signature and verification method, and equipment and device thereof
CN112448810A (en) Authentication method and device
CN113572612B (en) Private key distribution method for SM9 cryptographic algorithm, user terminal and key generation center
CN114692219A (en) Electronic contract signing method and system based on electronic signature
CN114692216A (en) Electronic contract signing method, system, storage medium and equipment based on symmetric key
CN110572257B (en) Identity-based data source identification method and system
JP2011250335A (en) Efficient mutual authentication method, program, and device
RU2771928C2 (en) Secure data exchange ensuring direct secrecy
CN114692215A (en) Electronic contract signing method and system based on delivery anti-repudiation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination