CN114692219A - Electronic contract signing method and system based on electronic signature - Google Patents

Electronic contract signing method and system based on electronic signature Download PDF

Info

Publication number
CN114692219A
CN114692219A CN202011641597.XA CN202011641597A CN114692219A CN 114692219 A CN114692219 A CN 114692219A CN 202011641597 A CN202011641597 A CN 202011641597A CN 114692219 A CN114692219 A CN 114692219A
Authority
CN
China
Prior art keywords
electronic
signer
random number
key
electronic signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011641597.XA
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd, Quantumctek Co Ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202011641597.XA priority Critical patent/CN114692219A/en
Publication of CN114692219A publication Critical patent/CN114692219A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an electronic contract signing method and system based on electronic signature, which utilize a symmetric key algorithm for encryption, have the quantum attack resistance characteristic, fundamentally eliminate the defects that the safety of the traditional electronic signature algorithm and the electronic contract signing method based on PKI is based on computational security, are realized based on a quantum cryptography network, realize one-time pad encryption by adopting a labeling method for a used key, and have unconditional safety; the electronic signing information of the signing party is embedded in the electronic contract signing, so that the electronic contract has double credibility, and the reliability of electronic contract signing is improved.

Description

Electronic contract signing method and system based on electronic signature
Technical Field
The invention belongs to the technical field of encrypted communication of quantum cryptography networks, and particularly relates to an electronic contract signing method and system based on electronic signatures.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Electronic signatures are all in the form of electronic codes attached to electronic documents, and can identify the identity of the signer of the electronic documents, ensure the integrity of the documents, and indicate the content of the matters stated by the signer agreeing with the electronic documents.
The electronic signature system is a high and new technology which appears along with informatization construction. The electronic document signing and sealing method mainly solves the signing and sealing problem of the electronic document, is used for identifying the identity of an electronic document signer, ensures the integrity of the document, and ensures the authenticity, reliability and non-repudiation of the document. Electronic signatures are not digital images of written signatures, which exist as an electronic code. By using the electronic signature, the receiver can transmit the file through the network, can easily verify the identity and the signature of the sender, and can verify whether the original text of the file changes in the transmission process.
The electronic contract, also called e-commerce contract, appears along with the development of computer technology and automatic office technology, and the essence of the electronic contract is to transmit information through electronic pulses, which changes the traditional practice of using paper as an original credential, wherein the credential is a group of electronic information. Typically, an electronic contract may be defined as: an electronic contract is an agreement between two or more parties to establish, alter, terminate property civil rights obligations electronically over an electronic information network. In short, an electronic contract is a contract made electronically, which mainly refers to an agreement that the parties of the contract have under network conditions.
However, the inventor knows that the current electronic signature system and electronic contract signing system are basically realized based on the PKI technology, the identity authentication of signers is realized based on the PKI technology, and meanwhile, the anti-repudiation signature of data is realized by using the RSA asymmetric key. It is well known that asymmetric key encryption algorithms employed by PKI technology are computationally secure. In the face of foreseeable research and construction of quantum computers, cryptographic systems based on computational complexity present security risks. Therefore, the electronic signature system and the electronic contract signing system which are realized based on the PKI technology have potential safety hazards. In order to deal with the security threat of self defect, the length of the PKI key is continuously increased from 512 bits to 1024 bits and then to 2048 bits, but the self security defect cannot be changed.
Disclosure of Invention
The invention provides an electronic contract signing method and system based on electronic signature in order to solve the problems, and the invention can fundamentally eliminate the defects of the safety of the traditional electronic signature algorithm and the electronic contract signing method based on PKI based on computational safety.
According to some embodiments, the invention adopts the following technical scheme:
an electronic contract signing method based on electronic signature comprises the following steps:
the first signer sends a first signer electronic signature request and a random number encryption request of the electronic contract to be signed to the trusted center;
the trusted center verifies the identity information of the first signer, generates related electronic signature information, encrypts a random number by using a signature key and sends the random number to the first signer;
the first signer generates electronic signature hidden information belonging to the first signer according to the received information and sends the electronic signature hidden information to other signers, and the other signers verify the correctness of the electronic signature hidden information;
if the verification result is correct, other signers send own electronic signature request and random number encryption request to the trusted center;
the trusted center verifies the identity information of the corresponding signer, generates electronic signature information of the corresponding signer, encrypts a random number by using a signature key and sends the random number to the corresponding signer;
the corresponding signer generates electronic signature hidden information belonging to the corresponding signer according to the received information and sends the electronic signature hidden information to the first signer, the first signer verifies the correctness of the electronic signature hidden information of the corresponding signer, if the electronic signature hidden information is correct, the random number is sent to the corresponding signer, otherwise, the corresponding signer is regarded as a dispute, and the dispute is solved;
the other signers verify the received random number, and send the random number to the first signer after the random number is successfully verified;
the first signer verifies whether the random numbers of other signers are correct, if so, the electronic contract is signed successfully, otherwise, the first signer regards that disputes exist and resolves the disputes.
As an alternative embodiment, the trusted center stores the identity registration information and the shared key of each signer in the database, and each signer stores the shared key safely, and performs key division and synchronization sequence numbering on the shared key according to the length of each use of the shared key together with the shared key in the trusted center database.
As an alternative embodiment, each shared key is used followed by a marking of the used status.
As an optional implementation manner, the specific process of the first signer sending the electronic signature request and the random number encryption request of the first signer to be signed with the electronic contract to the trusted center includes:
the first signer selects a random number, encrypts related data by using an unused shared secret key of the trusted center to obtain a ciphertext, calculates a message authentication code related to a secret key by using another unused shared secret key of the trusted center, sends an electronic signature request of an electronic contract and an encryption request of the random number to the trusted center, and sends an identity identification code of the first signer, the identity identification code of the trusted center, a serial number of the shared secret key, the ciphertext and the message authentication code to the trusted center.
As an alternative embodiment, the electronic signature information includes an electronic contract, electronic seal information of a signer involved in signing the electronic contract, a random number, an identification code of a trusted center, a time stamp at the time of signing, a signature key serial number, and a message authentication code related to the above data.
As an alternative implementation manner, the electronic signature hidden information includes a random number ciphertext, a corresponding signer uses the random number to generate a corresponding message authentication code, and after receiving the electronic signature hidden information, the ciphertext is replaced by the random number to verify whether the electronic signature hidden information is correct.
As an alternative implementation mode, whether the random number of the corresponding signer is correct or not is verified, if the random number is incorrect or the random number is not received within a set time period, the dispute is considered to exist, and the dispute is resolved.
As an alternative embodiment, the specific process of resolving disputes includes: the dispute initiator sends the electronic signature hidden information of the two parties to the trusted center, the trusted center verifies the correctness of the electronic signature hidden information of the two parties, the consistency of the contract and the consistency of the electronic seal information of the corresponding signers, and if one is incorrect, dispute resolution is stopped;
otherwise, the trusted center decrypts the random number encrypted ciphertext and sends the random number of the opposite party to the corresponding signer;
and after the corresponding signer receives the opposite side random number, the opposite side random number is used for replacing a related ciphertext in the electronic signature hidden information to obtain the electronic signature information of other signers of the electronic contract, and the electronic contract is signed successfully.
An electronic contract signing system based on electronic signatures, comprising:
the electronic contract signing server is configured to serve as a trusted third-party execution mechanism in the electronic contract signing process, distributes a shared key to signers of all clients through a quantum cryptography network, divides keys of a true random number digital signature key bank according to the length used by each digital signature, receives an electronic signature request, a random number encryption request and electronic signature hidden information, verifies identity information and the electronic signature hidden information, carries out symmetric key signature, generates corresponding electronic signature information, encrypts the random number by using a signature key, and sends the random number to the corresponding client;
and the plurality of clients are configured to respectively provide information services in the contract signing process for each signer, generate electronic signature hidden information belonging to the clients, and carry out information communication with other clients and the electronic contract signing server.
As an alternative implementation mode, before signing the electronic contract, each client submits an identity registration application to the electronic contract signing server, the registration information comprises electronic seal information of an electronic contract signer, and after the electronic contract signing server accepts the identity registration application, the electronic contract signing server respectively verifies the submitted materials.
As an alternative embodiment, the electronic contract signing server distributes the shared key to the signers of the clients who pass the audit, stores the identity registration information and the shared key of the signers, and the clients store the shared key and perform key division and synchronization of the order numbers on the shared key along with the shared key in the database of the electronic contract signing server by the length of using the shared key each time.
As an alternative embodiment, each client and the electronic contract signing server obtain a shared key through quantum key distribution, when the shared key between the client and the electronic contract signing server is about to be used up, each client and the electronic contract signing server perform mutual identity authentication by using an unused shared key, after the identity authentication is successful, the electronic contract signing server distributes the quantum key to each client through a quantum secret channel of a quantum cryptography network, each client and the electronic contract signing server encrypt the newly distributed quantum key by using the unused key, ciphertext is used as a new shared key, and the new shared key is subjected to key division and serial numbering.
Compared with the prior art, the invention has the beneficial effects that:
the invention utilizes the symmetric key algorithm for encryption, has the quantum attack resistance characteristic, and fundamentally eliminates the defects that the traditional electronic signature algorithm and the electronic contract signing method based on PKI have the security based on computational security.
The invention is realized based on the quantum cryptography network, realizes one-time pad encryption by adopting a labeling method for the used secret key, and has unconditional safety.
The electronic contract signing method embeds the electronic signing information of the signing party in the electronic contract signing, so that the electronic contract has double credibility, and the reliability of the electronic contract signing is improved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
FIG. 1 is a schematic diagram of electronic contract signing participants;
fig. 2 is a schematic diagram of an electronic contract signing process.
The specific implementation mode is as follows:
the invention is further described with reference to the following figures and examples.
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an", and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
As shown in fig. 1, the description is given with two electronic contract signers as an example. But does not represent that the solution provided by the invention can only be applied in this scenario.
An electronic contract signing method based on electronic signature comprises the following steps:
and establishing a trusted center, and establishing a true random number digital signature key bank for digital signature of the electronic signature data in the trusted center. And dividing the key of the key bank according to the length used by each digital signature, and numbering the divided keys in sequence.
Before signing the electronic contract, a signer of the electronic contract submits an identity registration application to a trusted center, wherein the registration information comprises electronic seal information of the signer of the electronic contract. After the trusted center accepts the identity registration application of the signer, the trusted center respectively verifies the materials submitted by the signer, including the verification of the electronic seal information. After the verification is qualified, the trusted center distributes the shared secret key to the signer, the trusted center stores the identity registration information (including electronic seal information) of the signer and the shared secret key in the database, and the signer safely stores the shared secret key, and the shared secret key in the trusted center database are divided according to the length of the shared secret key used each time and are numbered in a synchronous sequence.
In this embodiment, for the convenience of technical staff to understand the technical solution, it is assumed that two parties participating in signing the electronic contract are a and B (a and B represent the identification codes of the contract signer, respectively, and a and B have completed identity registration in the trust center in advance), the electronic seal information of a is IDA, the electronic seal information of B is IDB, the contract to be signed by a and B is C (of course, the signers a and B have agreed the content of the electronic contract C in advance), and a and B know the electronic seal information IDB and IDA of the other party, respectively, before signing the contract.
As shown in fig. 2, the electronic contract signing process includes:
(1) the signer A sends an electronic signature request and a random number encryption request of the electronic contract A to the trusted center.
In the embodiment, A selects a random number RA, encrypts data C | | | | IDA | | | IDB | | | RA by using a shared key K1 of the trusted center, and obtains a ciphertext EK1(C | | IDA | | IDB | | | RA), and calculates a key-dependent message authentication code HMAC (A | | | TP | | | E) using a shared key K2 of the trusted centerK1(C | | IDA | | | IDB | | RA) | | N1| | N2; K2) (TP is the identification code of the trusted center, N1 and N2 respectively represent the serial numbers of the keys K1 and K2, | | represents the data connection operation), A sends the electronic signature request of the electronic contract and the encryption request of the random number RA to the trusted center, and A, TP, N1, N2 and E are processedK1(C | | IDA | | IDB | | | RA) and HMAC (A | | TP | | | E)K1(C | | IDA | | | IDB | | RA) | | N1| | N2; K2) sending the information to a trusted center;
(2) the trusted center verifies the identity of the A, generates the electronic signature information of the A of the electronic contract C, encrypts the random number by using the signature key, and sends the random number to the A:
the trusted center receives the electronic signature request sent by the A, the encryption request of the random number RA and the data A, TP, N1, N2 and EK1(C | | IDA | | IDB | | | RA) and HMAC (A | | TP | | | E)K1(C | | IDA | | | IDB | | RA) | | N1| | N2; K2) then, the database reads the shared key K2 with A with the serial number N2 to verify the HMAC (A | | TP | | | E)K1(C | | IDA | | | IDB | | RA) | | N1| | N2; K2) if the identity authentication of the A is correct, the identity authentication of the A passes, and the trusted center reads the shared secret key K1 with the serial number N1 from the database to decrypt the EK1(C | | IDA | | IDB | | | RA) data C | | IDA | | IDB | | RA is obtained;
the credible center verifies the correctness of the electronic seal information IDA according to the record of the database, if the correctness is achieved, the credible center reads a key SK1 with the serial number of SN1 from a signature key library to carry out symmetric key signature on the data C | | | IDA | | | IDB | | | RA | | | | | | | TS | | | | SN1 and SK1 to obtain the data HMAC (C | | | IDA | | | IDB | | | | | RA | | | | | | | | | | | | | | | | TP | | | TS | | | SN1 and SK1), wherein TS is a time stamp during signature, SN1 is the serial number of a signature key SK1, and the DS 1 is used for the signature methodAC | | | IDA | | | IDB | | | RA | | | TP | | TS | | | SN1| | HMAC (C | | IDA | | IDB | | | RA | | | TP | | | TS | | | SN 1; SK1) is used as the electronic signature information of A of the electronic contract C, SK1 is used for encrypting RA to obtain ciphertext E (RA), the credibility center uses the shared key with A to encrypt DS (Security certificate) and S (security certificate) to obtain ciphertext E (RA) of the electronic contract CAI E (RA), and calculates the message authentication code of the ciphertext, and the DS is usedASending an | | E (RA) ciphertext and a message authentication code thereof to A;
(3) the signer A receives the electronic signature information and the random number encryption information of the electronic contract A sent by the trusted center, generates the electronic signature hidden information of the electronic contract A and sends the electronic signature hidden information to the signer B, and the signer B verifies the correctness of the electronic signature hidden information of the electronic contract A.
A receives DSAAfter the I E (RA) ciphertext and the message authentication code thereof, the data DS is verified through the message authentication codeAIf the validity of the E (RA) ciphertext data is verified successfully, the DS is decrypted by using a shared secret key of the trusted centerAI E (RA) ciphertext to obtain data DSAAnd E (RA) for saving DSASending ms 1| | IDA | | IDB | | | E (RA) | TP | TS | SN1| | HMAC (C | | IDA | | TP | | | TS | | SN 1; SK1) to B, B verifying the correctness of ms1 to the trust center after receiving the data (the trust center verifies that the message authentication code related to the key SK of the key SK 4934 with the serial number of SN1 decrypts E (RA) to obtain RA, verifying that the data C | | IDA | | | IDB | | | RA | | | TP | | TS | SN2 is HMAC (C | IDA | B | | | RA | | TS) 38776 |), if the result is wrong (K925)And if so, terminating the electronic contract signing process, otherwise, performing the step (4).
(4) And if the electronic signature hidden information of the A of the electronic contract C is verified to be correct by the B, the B sends an electronic signature request and a random number encryption request of the B of the electronic contract C to the credible center.
The signer B selects a random number RB, encrypts the data C | | | IDB | | | IDA | | RB by using a shared secret key K3 of the trusted center, and obtains a ciphertext EK3(C IDB IDA RB) and use the shared key K4 of the trusted center to compute the key-dependent message authentication code HMAC (B TP E)K3(C | | IDB | | IDA | | RB) | | N3| | N4; K4) (TP is the identification code of the credible center, N3 and N4 respectively represent the serial numbers of the keys K3 and K4, | | represents the data connection operation), B sends the electronic signature request of the electronic contract and the encryption request of the random number RB to the credible center, and B, TP, N3, N4, EK3(C | | IDB | | IDA | | | RB) and HMAC (B | | TP | | E)K3(C | | IDB | | IDA | | RB) | | N3| | N4; K4) and sending the data to the trusted center.
Keys K3 and K4 are marked as used.
(5) And the trusted center verifies the identity of the B, generates the electronic signature information of the B of the electronic contract C, encrypts the random number by using the signature key and sends the random number to the B.
The trusted center receives the electronic signature request sent by the B, the encryption request of the random number RB and the data B, TP, N3, N4 and EK3(C | | IDB | | IDA | | | RB) and HMAC (B | | TP | | E)K3(C | | IDB | | IDA | | RB) | | N3| | N4; K4) then, the database reads the shared key K4 with B with the serial number N4 to verify the HMAC (B | | TP | | | E)K3(C | | IDB | | IDA | | RB) | | N3| | N4; K4) if the identity authentication of the B is correct, the identity authentication of the B passes, and the trusted center reads the shared secret key K3 with the serial number N3 from the database to decrypt the EK3(C | | IDB | | | IDA | | | RB) obtains data C | | | IDB | | | IDA | | RB;
the credible center verifies the correctness of the electronic seal information IDB according to the record of the database, if the electronic seal information IDB is correct, the credible center reads a key SK2 with the serial number of SN2 from a signature key library to carry out symmetric key signature on the data C | | | IDB | | | IDA | | | RB, the obtained data is HMAC (C | | | IDB | | IDA | | RB | | | | TP | | | | TS | | | | SN 2; SK2), wherein TS is a time stamp during signature, and SN2 is signatureSerial number of name key SK2, and DSBC | | | IDB | | IDA | | | RB | | | TP | | TS | | SN2| | HMAC (C | | | IDB | | | IDA | | | RB | | | TP | | | TS | | SN 2; SK2) is used as the electronic signature information of B of the electronic contract C, SK2 is used for encrypting RB to obtain ciphertext E (RB), the DS (DS) is encrypted by the credibility center by using a shared key of BBI E (RB), and calculates the message authentication code of the ciphertext, and the DSBAnd | E (RB) ciphertext and the message authentication code thereof are sent to B.
(6) And the signer B receives the electronic signature information and the random number encryption information of the electronic contract B of the electronic contract C sent by the trusted center, generates the electronic signature hidden information of the electronic contract B of the electronic contract C, sends the electronic signature hidden information to the signer A, and the signer A verifies the correctness of the electronic signature hidden information of the electronic contract B of the electronic contract C.
Signer B receives the DSBAfter the I E (RB) ciphertext and the message authentication code thereof, the data DS is verified through the message authentication codeBIf verification succeeds, the DS is decrypted by using the shared key of the trusted centerBI E (RB) ciphertext to obtain data DSBAnd E (RB), save DSBThe method comprises the steps of sending ms 2| | | IDB | | | IDA | | E (RB) | TP | | TS | SN2| | HMAC (C | | IDB | | TS | | SN 2; SK2) to A, and verifying correctness of ms2 by the trust center after the A receives data (the trust center verifies whether a message authentication code related to a key SK2 with the serial number of SN2 decrypts (RB) to obtain RB and data C | | | | IDB | | | | IDA | | RB | | TP | | TS 2 is HMAC (the data C | IDB | IDA | | RB | TS | 2) or not (the message authentication code related to the key SK 829 is HMAC) (if the result is signed by C | IDB | | | IDB | IDA | RB 925 | | TP | TS 387), otherwise, the electronic contract verification is carried out (the step SK 925).
(7) The signer A sends the random number to the signer B, the signer B verifies the correctness of the random number, and if the random number is incorrect or not received, a dispute resolution protocol is initiated.
The signer A sends the random number RA to the signer B, after the signer B receives the RA, the RA replaces E (RA) in ms1, and the credible center verifies whether the value of the message authentication code of the key SK1 of the data C | | | IDA | | IDB | | RA | | | TP | | | | TS | | | | SN1 is equal to HMAC (C | | IDA | | IDB | | | RA | | | | TP | | | | TS | | | | SN 1; SK1), if the verification is successful, the signer B sends the random number RB to the signer A; if the verification fails, B may initiate a dispute resolution protocol process flow.
(8) And A verifies the correctness of the random number sent by B, if the random number is correct, the electronic contract is signed successfully, and if the random number sent by B is incorrect or not received, A initiates a dispute resolution agreement processing flow.
After receiving RB, signer A replaces E (RB) in ms2 with RB to verify whether the value of the message authentication code of the key SK2 of data C | | | IDB | | IDA | | E (RB) | | | TP | | | TS | | | SN2 is equal to HMAC (C | | | IDB | | | | IDA | | RB | | | TP | | | TS | | | | SN 2; SK2), if the verification is successful, the signing process of the electronic contract C is finished, otherwise, A can initiate a dispute end solution protocol processing flow.
When B sends out ms2 and does not receive RA sent by A or receives wrong RA, B can initiate a dispute resolution protocol; when a sends a correct RA and does not receive an RB sent by B or receives an incorrect RB, a may initiate a dispute resolution protocol processing procedure, which specifically includes:
(a) if the dispute resolution protocol is initiated by A, A sends ms1 and ms2 to the trusted center, if the dispute resolution protocol is initiated by B, B sends ms1 and ms2 to the trusted center, the trusted center verifies the correctness of ms1 and ms2, verifies the consistency of contract C in ms1 and ms2, verifies the consistency of IDA and IDB in ms1 and ms2, if one is incorrect, the dispute resolution protocol is stopped, and if both are correct, the next step is carried out.
(b) The trusted center decrypts E (RA) in ms1 by using a signature key SK1 with the sequence number of SN1 to obtain RA; decrypting E (RB) in ms2 by using a signature key SK2 with the sequence number SN2 to obtain RB, encrypting and sending the RB to A by the trusted center by using a shared key with A, and simultaneously encrypting and sending RA to B by using a shared key with B.
(c) After A receives RB, RB is used for replacing E (RB) in ms2 to obtain electronic signature information DS of B of electronic contract CBAfter receiving RA, B uses RA to replace E (RA) in ms1 to obtain electronic signature information DS of A of electronic contract CAAnd the electronic contract is signed successfully.
In order to realize the steps of the method, an electronic contract signing system based on electronic signatures is constructed and comprises a trusted center and a plurality of electronic contract signers, wherein, of course, in the specific implementation, the trusted center can be executed by a server, and the electronic contract signers are executed by client equipment.
The trusted center is a trusted third-party organization, and is provided with a true random number signature key bank for digital signature of the electronic signature data. And dividing the key of the signature key bank according to the length used by each digital signature, and numbering the divided keys in sequence. The trusted center holds each key used for signing and its number until the signature validity period of the key expires. The trusted center may increase the number of signing keys of the keystore according to the signing requirements.
Before signing the electronic contract, a signer of the electronic contract submits an identity registration application to a trusted center, wherein the registration information comprises electronic seal information of the signer of the electronic contract. After the trusted center accepts the identity registration application of the signer, the trusted center respectively verifies the materials submitted by the signer, including the verification of the electronic seal information. After the verification is qualified, the trusted center distributes the shared secret key to the signer, the trusted center stores the identity registration information (including electronic seal information) of the signer and the shared secret key in the database, and the signer safely stores the shared secret key, and the shared secret key in the trusted center database are divided according to the length of the shared secret key used each time and are numbered in a synchronous sequence.
The electronic contract signing method comprises the steps that a shared secret key is obtained between a trusted center and an electronic contract signer through quantum secret key distribution, when the shared secret key between the trusted center and the electronic contract signer is about to be used up, the electronic contract signer uses an unused shared secret key to carry out mutual identity authentication with the trusted center, after the identity authentication is successful, the trusted center distributes the quantum secret key to the electronic contract signer through a quantum secret channel of a quantum cryptography network, the trusted center and the electronic contract signer use the unused secret key to encrypt the newly distributed quantum secret key, a ciphertext is used as a new shared secret key, and the new shared secret key is subjected to secret key division and serial numbering.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.

Claims (10)

1. An electronic contract signing method based on electronic signature is characterized in that: the method comprises the following steps:
the first signer sends a first signer electronic signature request and a random number encryption request of the electronic contract to be signed to the trusted center;
the trusted center verifies the identity information of the first signer, generates related electronic signature information, encrypts a random number by using a signature key and sends the random number to the first signer;
the first signer generates electronic signature hidden information belonging to the first signer according to the received information and sends the electronic signature hidden information to other signers, and the other signers verify the correctness of the electronic signature hidden information;
if the verification result is correct, other signers send own electronic signature request and random number encryption request to the trusted center;
the trusted center verifies the identity information of the corresponding signer, generates the related electronic signature information of the corresponding signer, encrypts a random number by using a signature key and sends the random number to the corresponding signer;
the corresponding signer generates electronic signature hidden information belonging to the corresponding signer according to the received information and sends the electronic signature hidden information to the first signer, the first signer verifies the correctness of the electronic signature hidden information of the corresponding signer, if the electronic signature hidden information is correct, the random number is sent to the corresponding signer, otherwise, the corresponding signer is regarded as a dispute, and the dispute is solved;
the other signers verify the received random number, and send the random number to the first signer after the random number is successfully verified;
the first signer verifies whether the random numbers of other signers are correct, if so, the electronic contract is signed successfully, otherwise, the first signer regards that disputes exist and resolves the disputes.
2. The electronic contract signing method based on electronic signature as claimed in claim 1, characterized by: the trusted center stores the identity registration information and the shared secret key of each signer in the database, each signer safely stores the shared secret key, and the shared secret key in the trusted center database are divided according to the length of the shared secret key used each time and are numbered in a synchronous sequence;
or further, marking the used state after each shared key is used.
3. The electronic contract signing method based on electronic signature as claimed in claim 1, characterized by: the specific process that the first signer sends the electronic signature request and the random number encryption request of the first signer to be signed with the electronic contract to the trusted center comprises the following steps:
the first signer selects a random number, encrypts related data by using an unused shared secret key of the trusted center to obtain a ciphertext, calculates a message authentication code related to a secret key by using another unused shared secret key of the trusted center, sends an electronic signature request of an electronic contract and an encryption request of the random number to the trusted center, and sends an identity identification code of the first signer, the identity identification code of the trusted center, a serial number of the shared secret key, the ciphertext and the message authentication code to the trusted center.
4. The electronic contract signing method based on electronic signature as claimed in claim 1, characterized by: the electronic signature information comprises an electronic contract, electronic seal information of a signer who participates in signing the electronic contract, a random number, an identification code of a trusted center, a time stamp during signing, a signature key sequence number and a message authentication code related to the data.
5. The electronic contract signing method based on electronic signature as claimed in claim 1, characterized by: the electronic signature hidden information comprises a random number ciphertext, a corresponding signer uses the random number to generate a corresponding message authentication code, and after the electronic signature hidden information is received, the ciphertext is replaced by the random number to verify whether the electronic signature hidden information is correct.
6. The electronic contract signing method based on electronic signature as claimed in claim 1, characterized by: verifying whether the random number of the corresponding signer is correct or not, and if the random number is incorrect or the random number is not received within a set time period, determining that a dispute exists and resolving the dispute;
or further, the specific process of resolving disputes includes: the dispute initiator sends the electronic signature hidden information of the two parties to the trusted center, the trusted center verifies the correctness of the electronic signature hidden information of the two parties, the consistency of the contract and the consistency of the electronic seal information of the corresponding signers, and if one is incorrect, dispute resolution is stopped;
otherwise, the trusted center decrypts the random number encrypted ciphertext and sends the random number of the opposite party to the corresponding signer;
and after the corresponding signer receives the opposite side random number, the opposite side random number is used for replacing a related ciphertext in the electronic signature hidden information to obtain the electronic signature information of other signers of the electronic contract, and the electronic contract is signed successfully.
7. An electronic contract signing system based on electronic signature is characterized in that: the method comprises the following steps:
the electronic contract signing server is configured to serve as a trusted third-party executing mechanism in the electronic contract signing process, distributes a shared key to signers of all client sides through a quantum cryptography network, divides the key of a true random number digital signature key base according to the length used by each digital signature, receives an electronic signature request, a random number encryption request and electronic signature hidden information, verifies identity information and the electronic signature hidden information, carries out symmetric key signature, generates corresponding electronic signature information, encrypts the random number by using a signature key, and sends the random number to the corresponding client sides;
and the plurality of clients are configured to respectively provide information services in the contract signing process for each signer, generate electronic signature hidden information belonging to the clients, and carry out information communication with other clients and the electronic contract signing server.
8. The electronic contract signing system based on electronic signature as claimed in claim 7, wherein: before signing the electronic contract, each client submits an identity registration application to the electronic contract signing server, the registration information comprises electronic seal information of an electronic contract signer, and the electronic contract signing server respectively verifies the submitted materials after accepting the identity registration application.
9. The electronic contract signing system based on electronic signature as claimed in claim 7, wherein: the electronic contract signing server distributes the shared key to the signers of the clients passing the examination, stores the identity registration information of the signers and the shared key, and the clients store the shared key, and together with the shared key in the database of the electronic contract signing server, perform key division and synchronous sequence numbering on the shared key according to the length of using the shared key each time.
10. The electronic contract signing system based on electronic signature as claimed in claim 7, wherein: the method comprises the steps that a shared key is obtained through quantum key distribution by each client and the electronic contract signing server, when the shared key between the clients is about to be used up, the unused shared key is used by each client and the electronic contract signing server for mutual identity authentication, after the identity authentication is successful, the electronic contract signing server distributes the quantum key to each client through a quantum secret channel of a quantum cryptography network, each client and the electronic contract signing server encrypt the newly distributed quantum key through the unused key, ciphertext is used as a new shared key, and the new shared key is subjected to key division and is sequentially numbered.
CN202011641597.XA 2020-12-31 2020-12-31 Electronic contract signing method and system based on electronic signature Pending CN114692219A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011641597.XA CN114692219A (en) 2020-12-31 2020-12-31 Electronic contract signing method and system based on electronic signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011641597.XA CN114692219A (en) 2020-12-31 2020-12-31 Electronic contract signing method and system based on electronic signature

Publications (1)

Publication Number Publication Date
CN114692219A true CN114692219A (en) 2022-07-01

Family

ID=82135659

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011641597.XA Pending CN114692219A (en) 2020-12-31 2020-12-31 Electronic contract signing method and system based on electronic signature

Country Status (1)

Country Link
CN (1) CN114692219A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844728A (en) * 2022-07-04 2022-08-02 道格特半导体科技(江苏)有限公司 Serialized data secure communication method and big data platform

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844728A (en) * 2022-07-04 2022-08-02 道格特半导体科技(江苏)有限公司 Serialized data secure communication method and big data platform

Similar Documents

Publication Publication Date Title
EP3642997B1 (en) Secure communications providing forward secrecy
US20220224551A1 (en) Mutual authentication of confidential communication
CN106713336B (en) Electronic data safeguard system and method based on double, asymmetrical encryption technology
CN110048849B (en) Multi-layer protection session key negotiation method
US10742426B2 (en) Public key infrastructure and method of distribution
CN105049434B (en) Identity identifying method and encryption communication method under a kind of peer to peer environment
CN113630248B (en) Session key negotiation method
CN113612610B (en) Session key negotiation method
CN114697040A (en) Electronic signature method and system based on symmetric key
JPWO2019093478A1 (en) Key exchange device, key exchange system, key exchange method, and key exchange program
CN112039883A (en) Data sharing method and device for block chain
CN111010399A (en) Data transmission method and device, electronic equipment and storage medium
CN114218548B (en) Identity verification certificate generation method, authentication method, device, equipment and medium
CN114697038A (en) Quantum attack resistant electronic signature method and system
CN112600667B (en) Key negotiation method, device, equipment and storage medium
KR20190129478A (en) Ssl/tls based network security apparatus and method
CN114692219A (en) Electronic contract signing method and system based on electronic signature
CN103856463A (en) Lightweight directory access protocol realizing method and device based on key exchange protocol
CN110855442A (en) PKI (public key infrastructure) technology-based inter-device certificate verification method
CN113242133A (en) Digital certificate management method and device
CN114692128A (en) Quantum attack resistant electronic contract signing method and system
CN114692216A (en) Electronic contract signing method, system, storage medium and equipment based on symmetric key
RU2771928C2 (en) Secure data exchange ensuring direct secrecy
CN114692215A (en) Electronic contract signing method and system based on delivery anti-repudiation
Liang et al. The remote attestation design based on the identity and attribute certificates

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination