CN114817890A - Electronic signature method and device of document, terminal equipment and storage medium - Google Patents

Electronic signature method and device of document, terminal equipment and storage medium Download PDF

Info

Publication number
CN114817890A
CN114817890A CN202210294776.3A CN202210294776A CN114817890A CN 114817890 A CN114817890 A CN 114817890A CN 202210294776 A CN202210294776 A CN 202210294776A CN 114817890 A CN114817890 A CN 114817890A
Authority
CN
China
Prior art keywords
signature
electronic
graph
document
electronic seal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210294776.3A
Other languages
Chinese (zh)
Inventor
陆景家
杨振燕
王志辉
马广伟
李鹏军
张钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Digital Certificate Authority Center Co ltd
Original Assignee
Shenzhen Digital Certificate Authority Center Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Digital Certificate Authority Center Co ltd filed Critical Shenzhen Digital Certificate Authority Center Co ltd
Priority to CN202210294776.3A priority Critical patent/CN114817890A/en
Publication of CN114817890A publication Critical patent/CN114817890A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application is applicable to the technical field of electronic signature, and provides an electronic signature method, an electronic signature device, terminal equipment and a storage medium of a document, wherein the method comprises the following steps: acquiring a signer certificate and information of one or more electronic seals used for signing from a security storage device connected with a terminal device; the information of the electronic seal comprises a graph of the electronic seal; verifying the validity of the signer certificate and the electronic seal, and displaying the graph of the candidate electronic seal passing the validity verification when the validity of the signer certificate passes the verification; generating a signature graph based on the graph of the selected target electronic seal in the candidate electronic seals, and determining signature position information corresponding to the signature graph; and generating a signature description file based on the signature graph, the signature position information and the hash value of the document to be signed, and associating the signature graph, the signature description file and the document to be signed to realize the electronic signature of the document to be signed, so that the safety of the electronic signature can be improved.

Description

Electronic signature method and device of document, terminal equipment and storage medium
Technical Field
The present application belongs to the field of electronic signature technology, and in particular, to an electronic signature method and apparatus for a document, a terminal device, and a storage medium.
Background
The electronic signature technology is based on Public Key Infrastructure (PKI) technology, combines digital graphics with electronic signature technology, and digitally signs an electronic document to be stamped with a stamp graphics in an electronic form, so as to ensure authenticity of a document source and integrity of the document, prevent the document from being maliciously tampered in a streaming process, and ensure non-repudiation of a signature behavior.
With the continuous development of electronic technology, electronic signature technology is widely used in various industries. However, the existing electronic signature method cannot ensure the reliability of the information of the electronic seal used for signing, so that the security of the electronic signature is low.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for electronic signature of a document, a terminal device, and a storage medium, so as to solve the technical problem that the security of the existing electronic signature method is low.
In a first aspect, an embodiment of the present application provides an electronic signature method for a document, including:
acquiring a signer certificate and information of one or more electronic seals used for signing from a security storage device connected with a terminal device; wherein the information of the electronic seal comprises a graph of the electronic seal;
verifying the validity of the signer certificate, verifying the validity of the electronic seal, and displaying the graph of the candidate electronic seal when the signer certificate passes the validity verification; the candidate electronic seal is an electronic seal with validity verification passing;
generating a signature graph based on the graph of the selected target electronic seal in the candidate electronic seals, and determining signature position information corresponding to the signature graph;
generating a signature description file based on the signature graph, the signature position information and a hash value of the document to be signed, and associating the signature graph and the signature description file with the document to be signed; wherein the hash value is generated based on the content of the document to be signed.
In an optional manner of the first aspect, the verifying the validity of the signer certificate includes:
verifying whether the signer certificate is matched with the secure storage equipment based on the information carried by the signer certificate;
if the signer certificate is matched with the safe storage equipment, judging whether the current time is within the valid period of the signer certificate;
and if the current time is within the validity period of the signer certificate, determining that the validity of the signer certificate passes verification.
In an optional manner of the first aspect, the information carried by the signer certificate includes a unique identifier and a public key of the certificate holder; the verifying whether the signer certificate is matched with the secure storage device based on the information carried by the signer certificate comprises:
obtaining a device owner certificate from the secure storage device; the device owner certificate carries a unique identifier and a public key of the device owner;
and if the unique identifier of the certificate holder is the same as the unique identifier of the equipment owner and the public key of the certificate holder is the same as the public key of the equipment owner, determining that the signer certificate is matched with the secure storage equipment.
In an optional manner of the first aspect, the information of the electronic seal further includes an electronic signature of the electronic seal and a certificate of a person to which the seal belongs; the seal owner certificate carries the unique identification of the seal owner, the public key of the seal owner and the validity period of the electronic seal; the verifying the validity of the electronic seal includes:
determining whether the electronic seal is associated with the signer certificate based on the unique identification of the signer;
if the electronic seal is associated with the signer certificate, verifying whether the graph of the electronic seal is tampered based on the electronic signature of the electronic seal;
and if the graph of the electronic seal is not tampered and the current time is within the validity period of the electronic seal, determining that the validity of the electronic seal is verified to be passed.
In an optional manner of the first aspect, the verifying whether the image of the electronic seal is tampered based on the electronic signature of the electronic seal includes:
decrypting the electronic signature of the electronic seal based on the public key of the seal owner to obtain a first abstract;
carrying out Hash calculation on the graph of the electronic seal to obtain a second abstract;
and if the first abstract is the same as the second abstract, determining that the graph of the electronic seal is not tampered.
In an optional manner of the first aspect, after associating the signature description file with the document to be signed, the method for electronically signing the document further includes:
acquiring signature verification data; wherein, the signature verification data comprises signature time, a hash value of the document to be signed and the signer certificate;
determining a signature value of the signature verification data;
and associating the signature verification data and the signature value of the signature verification data with the document to be signed.
In an optional manner of the first aspect, the determining a signature value of the signature verification data includes:
sending the signature verification data to the secure storage device;
receiving a signature value of the signature verification data returned by the secure storage device; and the signature value of the signature verification data is obtained by the security storage device performing electronic signature on the signature verification data.
In a second aspect, an embodiment of the present application provides an electronic signature apparatus for a document, including:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a signer certificate and information of one or more electronic seals for signing from a security storage device connected with a terminal device; wherein the information of the electronic seal comprises a graph of the electronic seal;
the first display unit is used for verifying the validity of the signer certificate, verifying the validity of the electronic seal and displaying the graph of the candidate electronic seal when the signer certificate passes the validity verification; the candidate electronic seal is an electronic seal with validity verification passing;
the first determining unit is used for generating a signature graph based on the graph of the selected target electronic seal in the candidate electronic seals and determining signature position information corresponding to the signature graph;
the electronic signature unit is used for generating a signature description file based on the signature graph, the signature position information and a hash value of the document to be signed, and associating the signature graph and the signature description file with the document to be signed; wherein the hash value is generated based on the content of the document to be signed.
In a third aspect, an embodiment of the present application provides a terminal device, where the terminal device includes a processor, a memory, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the method for electronically signing a document according to the first aspect or any one of the optional manners of the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and the computer program, when executed by a processor, implements the method for electronically signing a document according to the first aspect or any one of the alternatives of the first aspect.
In a fifth aspect, an embodiment of the present application provides a computer program product, which, when run on a terminal device, causes the terminal device to execute the method for electronic signature of a document according to the first aspect or any one of the alternatives of the first aspect.
The implementation of the electronic signature method, the device, the terminal equipment, the computer readable storage medium and the computer program product of the document provided by the embodiment of the application has the following beneficial effects:
according to the electronic signature method of the document, the signer certificate and the information of the electronic seal are stored in the safety storage equipment connected with the terminal equipment, so that the reliability of the signer certificate and the information of the electronic seal can be improved; by verifying the validity of the signer certificate and the electronic seal, the graph of the candidate electronic seal passing the validity verification is displayed only when the validity of the signer certificate passes, so that the identity of the signer can be ensured to be valid and legal; in addition, a signature graph is generated based on the graph of the selected target electronic seal in the candidate electronic seals, a signature description file is generated based on the signature graph, the signature position information corresponding to the signature graph and the hash value of the document to be signed, and the signature graph and the signature description file are associated with the document to be signed so as to realize the electronic signature of the document to be signed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic flow chart of a method for electronic signature of a document according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating an implementation manner of S12 in the method for electronic signature of a document according to the embodiment of the present application;
FIG. 3 is a flowchart illustrating another specific implementation of S12 in the method for electronic signature of a document according to the embodiment of the present application;
FIG. 4 is a diagram illustrating a content interface of a document to be signed according to an embodiment of the present application;
FIG. 5 is a schematic flow chart diagram illustrating a method for electronic signing a document according to another embodiment of the present application;
FIG. 6 is a schematic structural diagram of an electronic signature device for documents according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present application.
Detailed Description
It is noted that the terminology used in the description of the embodiments of the present application is for the purpose of describing particular embodiments of the present application only and is not intended to be limiting of the present application. In the description of the embodiments of the present application, "/" means "or" unless otherwise specified, for example, a/B may mean a or B; "and/or" herein is merely an associative relationship describing an association, meaning that there may be three relationships, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, in the description of the embodiments of the present application, "a plurality" means two or more, and "at least one", "one or more" means one, two or more, unless otherwise specified.
In the following, the terms "first", "second" are used for descriptive purposes only and are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a definition of "a first" or "a second" feature may explicitly or implicitly include one or more of the features.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
The electronic signature method for the document provided by the embodiment of the application has the execution main body of the terminal equipment. The terminal device may be a computer terminal or a mobile communication terminal, such as a personal computer, a mobile phone, or a tablet computer. The target script file is configured for the terminal device, and the target script file describes the electronic signature method of the document provided by the embodiment of the application, so that the terminal device executes the target script file when needing to perform electronic signature on the document, and further executes each step in the electronic signature method of the document provided by the embodiment of the application.
Please refer to fig. 1, which is a schematic flowchart illustrating an electronic signature method for a document according to an embodiment of the present application. As shown in FIG. 1, the method for electronically signing a document may include S11-S14, which are detailed as follows:
s11: and acquiring the signer certificate and information of one or more electronic seals for signing from a secure storage device connected with the terminal device.
In the embodiment of the application, based on the consideration of the security of the signature data, the signer certificate and the information of the electronic seal can be stored in the secure storage device. The safety storage device is an external storage device of the terminal device, has a password verification function and can ensure the safety of data stored in the safety storage device.
In one embodiment of the present application, the secure storage device may be connected to the terminal device by a wired connection. Illustratively, the secure storage device may be a Ukey having a Universal Serial Bus (USB) interface, and the Ukey may be wired to the terminal device through the USB interface.
In another embodiment of the present application, the secure storage device may be connected to the terminal device by a wireless connection. For example, the wireless connection may include, but is not limited to, a connection based on bluetooth technology or wireless fidelity (WIFI) technology.
Therefore, when the user needs to electronically sign the document to be signed, the user can connect the secure storage device with the terminal device. The Document to be signed is an electronic Document, and includes an Open file-layout Document (OFD) Document or a Portable Document Format (PDF) Document, and the like.
In an embodiment of the application, when the terminal device detects that the terminal device is connected with the secure storage device, the terminal device can automatically acquire the signer certificate and the information of the electronic seal from the secure storage device, so that a user does not need to manually control the terminal device to acquire the signer certificate and the information of the electronic seal from the secure storage device, and the efficiency of electronic signature is improved.
In another embodiment of the present application, after the user connects the secure storage device with the terminal device, the terminal device may obtain the signer certificate and the information of the electronic seal used for signing from the secure storage device connected with the terminal device when receiving the signing instruction. For example, the terminal device may confirm receipt of the signing instruction when detecting that a user triggers (e.g., clicks on) a preset signing control. The terminal equipment acquires the signer certificate and the information of the electronic seal used for signing when receiving the signing instruction, namely the step of acquiring the signer certificate and the information of the electronic seal used for signing by the terminal equipment is carried out under the instruction of a user, so that the safety of the electronic signing process can be improved.
In a possible implementation manner of this embodiment, the preset signing control may be set in the first menu bar of the document to be signed. The first menu bar may be displayed when a user performs a preset operation on an icon of a document to be signed. For example, the preset operation may be a right click operation performed by the user through a mouse, or a double click operation performed by the user through a touch screen. The embodiment of the present application does not set any limit to the form of the preset operation.
In another possible implementation manner of this embodiment, the preset signing control may be disposed in a second menu bar of the document to be signed. The second menu bar may be a menu bar in a content interface of the document to be signed. The content interface is used for presenting the content of the document to be signed after the document to be signed is opened.
In another embodiment of the present application, after the user connects the secure storage device to the terminal device, when the terminal device detects that there is a new document to be signed in the preset document list, the terminal device may obtain the signer certificate and the information of the electronic seal used for signing from the secure storage device connected to the terminal device. The preset document list is used for storing documents to be signed. For example, the terminal device may scan the preset document list every first time interval to detect whether there is a new document to be signed in the preset document list. The first time period may be set according to actual requirements, and is not limited herein.
In the embodiment of the present application, the signer certificate stored in the secure storage device may be associated with one or more electronic seals. The number of the information of the electronic seal associated with the signer certificate can be set according to actual requirements, and the number of the information of the electronic seal associated with the signer certificate is not limited in any way in the embodiment of the application.
Wherein the signer certificate is used for proving the identity of the signer. The signer certificate carries information such as the unique identifier of the certificate holder, the public key of the certificate holder, the validity period of the signer certificate and the like.
By way of example and not limitation, the unique identification of the certificate holder may be the certificate holder's organization code, identification number, or telephone number, among others.
The information of the electronic seal comprises the graph of the electronic seal, the electronic signature and the certificate of the seal owner.
The format of the graph of the electronic seal can be set according to actual requirements, and the embodiment of the application does not limit the graph. For example, the graphic of the electronic stamp may be in a Portable Network Graphics (PNG) format, or may be in a joint photographic experts group (PGEG) format.
The seal owner certificate is used for proving the identity of the seal owner. The seal owner certificate carries information such as the unique identification of the seal owner, the public key of the seal owner, the validity period of the electronic seal and the like.
By way of example and not limitation, the unique identification of the seal owner may be an organization code, identification number, or telephone number, etc. of the seal owner.
The electronic signature of the electronic seal can be obtained by encrypting the graph of the electronic seal based on an asymmetric password mechanism. The specific process can be that the abstract of the graph of the electronic seal is generated by adopting a Hash function, and the abstract of the graph of the electronic seal is encrypted based on a private key of a seal maker to obtain the electronic signature of the electronic seal.
S12: and verifying the validity of the signer certificate, verifying the validity of the electronic seal, and displaying the graph of the candidate electronic seal when the verification of the validity of the signer certificate is passed.
In the embodiment of the application, the candidate electronic seal is an electronic seal with validity verification passing. And the electronic seal is declared to be currently valid by the validity verification of the electronic seal.
In an embodiment of the application, the terminal device may perform validity verification on the signer certificate based on information carried by the signer certificate; and verifying the validity of the electronic seal based on the information of the electronic seal.
In a specific embodiment, the step of verifying the validity of the signer certificate based on the information carried by the signer certificate can be implemented by S121 to S123 shown in fig. 2, which is detailed as follows:
s121: verifying whether the signer certificate is matched with the secure storage device based on the information carried by the signer certificate.
In this embodiment, the secure storage device further stores a certificate of a device owner.
The device owner certificate is used to prove the identity of the secure storage device owner. The device owner certificate carries the unique identification of the device owner and the public key of the device owner.
Based on this, in one possible implementation manner of this embodiment, S121 may specifically include the following steps:
step 1: and acquiring the certificate of the device owner from the secure storage device.
Step 2: and if the unique identifier of the certificate holder is the same as the unique identifier of the equipment owner and the public key of the certificate holder is the same as the public key of the equipment owner, determining that the signer certificate is matched with the secure storage equipment.
In this implementation, after the terminal device obtains the certificate of the device owner, the unique identifier of the certificate holder carried by the signer certificate may be compared with the unique identifier of the device owner carried by the device owner certificate, and the public key of the certificate holder carried by the signer certificate may be compared with the public key of the device owner carried by the device owner certificate.
In one case, the terminal device performs step 2 when the unique identifier of the certificate holder is the same as the unique identifier of the device owner and the public key of the certificate holder is the same as the public key of the device owner.
In another case, the terminal device determines that the signer certificate does not match the secure storage device when the unique identifier of the certificate holder is different from the unique identifier of the device owner, or the public key of the certificate holder is different from the public key of the device owner.
In this embodiment, the terminal device executes S122 when determining that the signer certificate matches the secure storage device. When the terminal equipment determines that the signer certificate is not matched with the safety storage equipment, the signer certificate is indicated to be invalid, and at the moment, the terminal equipment determines that the validity verification of the signer certificate is not passed.
S122: and if the signer certificate is matched with the safe storage equipment, judging whether the current time is within the valid period of the signer certificate.
S123: and if the current time is within the validity period of the signer certificate, determining that the validity of the signer certificate is verified to be passed.
Since the validity period of the signer certificate is generally described by the date of the validity deadline of the signer certificate, the current time here may be the date corresponding to the time when the terminal device performs the step of verifying the validity of the signer certificate. For example, the validity period of the signer certificate may be 12 months and 1 days in 2021 years, and if the time when the terminal device performs the step of verifying the validity of the signer certificate is 14 days in 2021 years and 11 months and 30 days in 2021 years, the time corresponding to the time is 20 months and 30 days in 2021 years, and the date is within the validity period of the signer certificate, which indicates that the current time is within the validity period of the signer certificate.
In this embodiment, the terminal device executes S123 when determining that the current time is within the validity period of the signer certificate. When the terminal device determines that the current time is not within the validity period of the signer certificate, the signer certificate is invalid, and at the moment, the terminal device determines that the validity verification of the signer certificate is not passed.
In a specific embodiment, the step of verifying the validity of the electronic seal based on the information of the electronic seal may be implemented by S124 to S126 as shown in fig. 3, which is detailed as follows:
s124: and determining whether the electronic seal is associated with the signer certificate or not based on the unique identifier of the signer.
In this embodiment, the signer certificate is associated with one or more electronic stamps.
In one possible implementation, the terminal device may compare the unique identifier of the seal owner of the electronic seal with the unique identifier of the certificate holder carried by the signer certificate.
In one case, when the unique identifier of the seal belonging to the electronic seal is the same as the unique identifier of the certificate holder carried by the signer certificate, the terminal device determines that the electronic seal is associated with the signer certificate, and then the terminal device performs S125.
In another case, when the unique identifier of the seal owner of the electronic seal is different from the unique identifier of the certificate holder carried by the signer certificate, the terminal device determines that the electronic seal is not associated with the signer certificate, and at this time, the terminal device determines that the validity verification of the electronic seal fails.
S125: and if the electronic seal is associated with the signer certificate, verifying whether the graph of the electronic seal is tampered based on the electronic signature of the electronic seal.
In a possible implementation manner, the terminal device may verify whether the image of the electronic seal is tampered by the following steps:
step 1: and decrypting the electronic signature of the electronic seal based on the public key of the seal owner to obtain a first abstract.
Step 2: and carrying out Hash calculation on the graph of the electronic seal to obtain a second abstract.
And step 3: and if the first abstract is the same as the second abstract, determining that the graph of the electronic seal is not tampered.
The electronic signature of the electronic seal is usually obtained by performing hash calculation on the image of the electronic seal to obtain an abstract of the image of the electronic seal and then performing hash calculation on the abstract of the image of the electronic seal by using a public key of a seal owner. Therefore, in this implementation manner, in order to verify whether the graph of the electronic seal is tampered, the terminal device may decrypt the electronic signature of the electronic seal based on the public key of the seal owner to obtain the first abstract, perform hash calculation on the graph of the electronic seal to obtain the second abstract, and determine whether the graph of the electronic seal is tampered by comparing the first abstract and the second abstract.
In one case, when the first abstract is the same as the second abstract, the terminal device determines that the image of the electronic seal is not tampered, and at this time, the terminal device may determine whether the current time is within the validity period of the electronic seal.
Since the validity period of the electronic seal is usually described by the date of the validity expiration date of the electronic seal, the current time here may be the date corresponding to the time when the terminal device performs the step of verifying the validity of the electronic seal. For example, the validity period of the electronic seal may be 2021 year 11 month 20 day, and if the time when the terminal device executes the step of verifying the validity of the electronic seal is 2021 year 11 month 11 day 15, the date corresponding to the time is 2021 year 11 month 11 day, and since the date is within the validity period of the electronic seal, it indicates that the current time is within the validity period of the electronic seal.
Specifically, if the current time is within the valid period of the electronic seal, the terminal device executes S126.
And if the current time is not in the valid period of the electronic seal, the terminal equipment determines that the validity verification of the electronic seal fails.
In another case, when the first abstract is different from the second abstract, the terminal device determines that the image of the electronic seal is tampered, and further determines that the validity verification of the electronic seal fails.
S126: and if the graph of the electronic seal is not tampered and the current time is within the validity period of the electronic seal, determining that the validity of the electronic seal is verified to be passed.
In the embodiment of the present application, S121 to S123 and S124 to S126 may be two parallel sets of steps, that is, the terminal device may execute any one of steps S124 to S126 while executing any one of steps S121 to S123.
In the embodiment of the application, after the terminal device verifies the validity of the signer certificate and the electronic seal, if the validity of the signer certificate passes, the terminal device can display the graph of the candidate electronic seal passing the validity verification, so that a user can select a target electronic seal for signing the document to be signed from the candidate electronic seal according to actual requirements.
For example, a user may select a target electronic seal for signing a document to be signed by clicking on any of the candidate electronic seals. Based on the method, when the terminal device detects that the graph of a certain candidate electronic seal is clicked, the clicked graph of the candidate electronic seal is determined as the graph of the selected target electronic seal.
S13: and generating a signature graph based on the graph of the selected target electronic seal in the candidate electronic seals, and determining signature position information corresponding to the signature graph.
In the embodiment of the application, after the terminal device determines the graph of the target electronic seal, the signature graph which is in the preset format and can be dragged can be generated based on the graph of the target electronic seal, and the signature graph is displayed.
The preset format can be set according to actual requirements, and is not limited herein. For example, the predetermined format may be a predetermined size of a translucent mask format. The preset size can be set by a user according to actual needs, and is not limited herein.
After the terminal equipment displays the signature graph, a user can drag the signature graph to a target position needing signature through dragging operation on the signature graph. When detecting that the signature graph is dragged, the terminal device can track the target position to which the signature graph is dragged, and determine the position information of the target position.
In the embodiment of the present application, the position information of the target position may be represented by coordinates of the target position in the first coordinate system. The first coordinate system may be a coordinate system established based on the document to be signed. For example, the first coordinate system may be a rectangular plane coordinate system established with any vertex of a content interface of a document to be signed as an origin and two edges of the content interface meeting at the vertex as an x axis and a y axis, respectively.
Because the position of the content interface of the document to be signed in the display screen is not fixed, that is, the content interface may be located at different positions in the display screen after the user opens the content interface of the document to be signed at different times, in an embodiment of the present application, the terminal device may first determine the coordinate of the target position in the second coordinate system, and then determine the coordinate of the target position in the first coordinate system based on the coordinate of the target position in the second coordinate system, so as to obtain the position information of the target position.
The second coordinate system may be a coordinate system established based on a display screen of the terminal device. For example, the second coordinate system may be a planar rectangular coordinate system established with an origin at any vertex of the display screen and with two edges of the display screen meeting at the vertex as an x axis and a y axis, respectively.
For example, as shown in fig. 4, the first coordinate system may be a rectangular plane coordinate system established with the vertex a of the content interface 41 of the document to be signed as the origin, the ab side of the content interface 41 as the x axis, and the ac side of the content interface 41 as the x axis. The second coordinate system may be a planar rectangular coordinate system established with the vertex a of the display screen 4 as the origin, the AB edge of the display screen as the x-axis, and the AC edge of the display screen as the x-axis. The target position may be the position where the circle 412 is located, and the coordinates of the target position may be represented by the coordinates of the center of the circle 412.
In this embodiment, after the terminal device determines the coordinates of the target position in the second coordinate system, the terminal device may determine the coordinates of the origin of the first coordinate system in the second coordinate system, and determine the coordinates of the target position in the first coordinate system based on the coordinates of the origin of the first coordinate system in the second coordinate system and the coordinates of the target position in the second coordinate system.
Specifically, the terminal device may determine a coordinate difference between the coordinates of the target position in the second coordinate system and the coordinates of the origin of the first coordinate system in the second coordinate system as the coordinates of the target position in the first coordinate system.
Illustratively, suppose the coordinates of the target position in the second coordinate system are (x) 2 ,y 2 ) The coordinate of the origin of the first coordinate system in the second coordinate system is (x) 1 ,y 1 ) Then twoThe coordinate difference of (x) 2 -x 1 ,y 2 -y 1 ) The terminal device may send (x) 2 -x 1 ,y 2 -y 1 ) The coordinates of the target position in the first coordinate system are determined.
In the embodiment of the application, after the terminal device determines the position information of the target position, the position information of the target position is determined as the signature position information corresponding to the signature graph.
S14: generating a signature description file based on the signature graph, the signature position information and a hash value of the document to be signed, and associating the signature graph and the signature description file with the document to be signed; wherein the hash value is generated based on the content of the document to be signed.
In the embodiment of the application, the terminal device may perform hash value calculation on the content of the document to be signed based on a preset hash algorithm to obtain the hash value of the document to be signed. For example, the predetermined hash algorithm may be a cryptographic algorithm, including an elliptic curve public key encryption (SM2) algorithm or a symmetric encryption (SM1) algorithm.
After the terminal device obtains the hash value of the document to be signed, the signature graph, the signature position information and the hash value of the document to be signed can be combined to obtain the signature description file.
In one embodiment of the present application, a signature description file may consist of a signature range and a signature appearance. Based on the above, the terminal device may determine a hash value of the document to be signed as a signature range of the signature description file, determine the signature graph and the signature position information as a signature appearance of the signature description file, and compose the signature description file based on the signature range and the signature appearance.
After the terminal equipment obtains the signature description file, the signature graph and the signature description file can be associated with the document to be signed, and electronic signature of the document to be signed is further achieved.
As can be seen from the above, in the electronic signature method for a document provided in this embodiment, by storing the signer certificate and the information of the electronic seal in the secure storage device connected to the terminal device, the reliability of the signer certificate and the information of the electronic seal can be improved; by carrying out validity verification on the signer certificate and the electronic seal, displaying the graph of the candidate electronic seal passing the validity verification when the validity verification of the signer certificate passes, the identity of the signer can be ensured to be valid and legal; in addition, a signature graph is generated based on the graph of the selected target electronic seal in the candidate electronic seals, a signature description file is generated based on the signature graph, the signature position information corresponding to the signature graph and the hash value of the document to be signed, and the signature graph and the signature description file are associated with the document to be signed so as to realize the electronic signature of the document to be signed.
Please refer to fig. 5, which is a schematic flow chart of another method for electronic signature of a document according to an embodiment of the present application. The difference between this embodiment and the previous embodiment is that this embodiment further includes S15 to S17 after S14, which are detailed as follows:
s15: acquiring signature verification data; wherein, the signature verification data comprises signature time, hash value of the document to be signed and the signer certificate.
S16: and determining a signature value of the signature verification data.
S17: and associating the signature verification data and the signature value of the signature verification data with the document to be signed.
In this embodiment, the terminal device may determine a date corresponding to the time when the signature verification data is acquired as the signature time. After the terminal device determines the signature time, the hash value of the document to be signed and the signer certificate can be combined to obtain a first array, and the first array is determined as signature verification data.
In a possible implementation manner, the terminal device may directly perform digital signature on the signature verification data based on an Elliptic Curve Cryptography (ECC) algorithm to obtain a signature value of the signature verification data.
In another possible implementation manner, the terminal device may send the signature verification data to the secure storage device. The secure storage device can perform digital signature on the signature verification data after receiving the signature verification data to obtain a signature value of the signature verification data, and return the signature value of the signature verification data to the terminal device. And the terminal equipment receives the signature value of the signature verification data returned by the security storage equipment.
After the terminal device determines the signature value of the signature verification data, the signature verification data and the signature value of the signature verification data can be associated with the document to be signed.
As can be seen from the above, in the electronic signature method for a document provided in this embodiment, the signature values of the signature verification data and the signature verification data are also associated with the document to be signed, so that after the electronic signature is performed on the document to be signed, whether the signature data is tampered or not can be verified through the signature values of the signature verification data and the signature verification data, and the security of the electronic signature is further improved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Based on the method for electronic signature of a document provided by the embodiment, the embodiment of the invention further provides an embodiment of an electronic signature device for a document, which realizes the method embodiment. Please refer to fig. 6, which is a schematic structural diagram of an electronic signature apparatus for a document according to an embodiment of the present application. For convenience of explanation, only the portions related to the present embodiment are shown. As shown in fig. 6, the electronic signature apparatus 60 of the document may include: a first acquisition unit 61, a first display unit 62, a first determination unit 63 and an electronic signature unit 64. Wherein:
the first acquiring unit 61 is used for acquiring the signer certificate and the information of one or more electronic seals used for signing from the secure storage device connected with the terminal device; wherein the information of the electronic seal comprises a graph of the electronic seal.
The first display unit 62 is configured to perform validity verification on the signer certificate, perform validity verification on the electronic seal, and display a candidate electronic seal image when the signer certificate passes the validity verification; and the candidate electronic seal is an electronic seal with validity verification passing.
The first determining unit 63 is configured to generate a signature graph based on a graph of a selected target electronic seal in the candidate electronic seals, and determine signature position information corresponding to the signature graph.
The electronic signature unit 64 is configured to generate a signature description file based on the signature graph, the signature position information, and a hash value of the document to be signed, and associate the signature graph and the signature description file with the document to be signed; wherein the hash value is generated based on the content of the document to be signed.
Optionally, the first display unit 62 includes a matching verification unit, a first time verification unit, and a first validity verification unit. Wherein:
the matching verification unit is used for verifying whether the signer certificate is matched with the secure storage equipment or not based on the information carried by the signer certificate.
The first time verification unit is used for judging whether the current time is within the validity period of the signer certificate or not if the signer certificate is matched with the safe storage equipment.
The first validity verification unit is used for determining that the validity of the signer certificate passes verification if the current time is within the validity period of the signer certificate.
Optionally, the information carried by the signer certificate includes a unique identifier and a public key of the certificate holder; the matching verification unit is specifically configured to:
obtaining a device owner certificate from the secure storage device; the device owner certificate carries a unique identifier and a public key of the device owner;
and if the unique identifier of the certificate holder is the same as the unique identifier of the equipment owner and the public key of the certificate holder is the same as the public key of the equipment owner, determining that the signer certificate is matched with the secure storage equipment.
Optionally, the information of the electronic seal further includes an electronic signature of the electronic seal and a certificate of a person to which the seal belongs; the seal owner certificate carries the unique identification of the seal owner, the public key of the seal owner and the validity period of the electronic seal; the first display unit 62 further includes a correlation verification unit, a graphic verification unit, and a second time verification unit. Wherein:
and the association verification unit is used for determining whether the electronic seal is associated with the signer certificate or not based on the unique identification of the signer.
The image verification unit is used for verifying whether the image of the electronic seal is tampered based on the electronic signature of the electronic seal if the electronic seal is associated with the signer certificate.
And the second time verification unit is used for determining that the validity of the electronic seal is verified to be passed if the graph of the electronic seal is not tampered and the current time is within the validity period of the electronic seal.
Optionally, the graph verification unit is specifically configured to:
decrypting the electronic signature of the electronic seal based on the public key of the seal owner to obtain a first abstract;
carrying out Hash calculation on the graph of the electronic seal to obtain a second abstract;
and if the first abstract is the same as the second abstract, determining that the graph of the electronic seal is not tampered.
Optionally, the electronic signature device 60 of the document further includes a second obtaining unit and a second determining unit. Wherein:
the second acquisition unit is used for acquiring signature verification data; the signature verification data comprises signature time, a hash value of the document to be signed and the signer certificate.
The second determining unit is used for determining the signature value of the signature verification data.
The electronic signature unit is also used for associating the signature verification data and the signature value of the signature verification data with the document to be signed.
Optionally, the second determining unit is specifically configured to:
sending the signature verification data to the secure storage device;
receiving a signature value of the signature verification data returned by the secure storage device; and the signature value of the signature verification data is obtained by the security storage device performing electronic signature on the signature verification data.
It should be noted that, for the information interaction, the execution process, and other contents between the above units, the specific functions and the technical effects brought by the method embodiments of the present application are based on the same concept, and specific reference may be made to the method embodiment part, which is not described herein again.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units is merely illustrated, and in practical applications, the foregoing function distribution may be performed by different functional units according to needs, that is, the internal structure of the electronic signature device of the document is divided into different functional units to perform all or part of the above-described functions. Each functional unit in the embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the application. The specific working process of the units in the system may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present disclosure. As shown in fig. 7, the terminal device 7 provided in this embodiment may include: a processor 70, a memory 71 and a computer program 72 stored in the memory 71 and operable on the processor 70, for example a program corresponding to an electronic signature method for a document. The steps in the above-described embodiment of the method of electronic signature of a document, such as S11-S14 shown in FIG. 1, are implemented when the computer program 72 is executed by the processor 70. Alternatively, the processor 70, when executing the computer program 72, implements the functions of the modules/units in the above-described embodiment of the electronic signature device for documents, such as the functions of the units 61-64 shown in FIG. 6.
Illustratively, the computer program 72 may be divided into one or more modules/units, which are stored in the memory 71 and executed by the processor 70 to accomplish the present application. One or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 72 in the terminal device 7. For example, the computer program 72 may be divided into a first obtaining unit, a first displaying unit, a first determining unit and an electronic signature unit, and the specific functions of each unit refer to the related descriptions in the embodiment corresponding to fig. 6, which are not described herein again.
It will be appreciated by those skilled in the art that fig. 7 is merely an example of a terminal device 7 and does not constitute a limitation of the terminal device 7 and may include more or less components than those shown, or some components may be combined, or different components.
The processor 70 may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 71 may be an internal storage unit of the terminal device 7, such as a hard disk or a memory of the terminal device 7. The memory 71 may also be an external storage device of the terminal device 7, such as a plug-in hard disk, a Smart Memory Card (SMC), a Secure Digital (SD) card, or a flash memory card (flash card) provided on the terminal device 7. Further, the memory 71 may also include both an internal storage unit of the terminal device 7 and an external storage device. The memory 71 is used for storing computer programs and other programs and data required by the terminal device. The memory 71 may also be used to temporarily store data that has been output or is to be output.
The embodiments of the present application further provide a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the steps in the above-mentioned method embodiments can be implemented.
Embodiments of the present application provide a computer program product, which, when running on a terminal device, enables the terminal device to implement the steps in the above method embodiments.
In the above embodiments, the description of each embodiment has its own emphasis, and parts that are not described or illustrated in a certain embodiment may refer to the description of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (10)

1. A method of electronic signature of a document, comprising:
acquiring a signer certificate and information of one or more electronic seals used for signing from a security storage device connected with a terminal device; wherein, the information of the electronic seal comprises the graph of the electronic seal;
verifying the validity of the signer certificate, verifying the validity of the electronic seal, and displaying the graph of the candidate electronic seal when the signer certificate passes the validity verification; the candidate electronic seal is an electronic seal with validity verification passing;
generating a signature graph based on the graph of the selected target electronic seal in the candidate electronic seals, and determining signature position information corresponding to the signature graph;
generating a signature description file based on the signature graph, the signature position information and a hash value of the document to be signed, and associating the signature graph and the signature description file with the document to be signed; wherein the hash value is generated based on the content of the document to be signed.
2. The method of electronic signing of a document according to claim 1, wherein said validating said signer certificate comprises:
verifying whether the signer certificate is matched with the secure storage equipment based on the information carried by the signer certificate;
if the signer certificate is matched with the safe storage equipment, judging whether the current time is within the valid period of the signer certificate;
and if the current time is within the validity period of the signer certificate, determining that the validity of the signer certificate is verified to be passed.
3. The method of electronic signing of a document according to claim 2, wherein the information carried by the signer certificate includes a unique identification and a public key of the certificate holder; the verifying whether the signer certificate is matched with the secure storage device based on the information carried by the signer certificate includes:
obtaining a device owner certificate from the secure storage device; the device owner certificate carries a unique identifier and a public key of the device owner;
and if the unique identifier of the certificate holder is the same as the unique identifier of the equipment owner and the public key of the certificate holder is the same as the public key of the equipment owner, determining that the signer certificate is matched with the secure storage equipment.
4. The method of electronic signature of a document according to claim 1, wherein the information of the electronic seal further comprises an electronic signature of the electronic seal and a seal owner certificate; the seal owner certificate carries the unique identification of the seal owner, the public key of the seal owner and the validity period of the electronic seal; the verifying the validity of the electronic seal includes:
determining whether the electronic seal is associated with the signer certificate based on the unique identification of the signer;
if the electronic seal is associated with the signer certificate, verifying whether the graph of the electronic seal is tampered based on the electronic signature of the electronic seal;
and if the graph of the electronic seal is not tampered and the current time is within the validity period of the electronic seal, determining that the validity of the electronic seal is verified to be passed.
5. The method of claim 4, wherein the verifying whether the image of the electronic seal is tampered based on the electronic signature of the electronic seal comprises:
decrypting the electronic signature of the electronic seal based on the public key of the seal owner to obtain a first abstract;
carrying out Hash calculation on the graph of the electronic seal to obtain a second abstract;
and if the first abstract is the same as the second abstract, determining that the graph of the electronic seal is not tampered.
6. The method for electronically signing a document according to any one of claims 1 to 5, wherein after said associating said signature description file with said document to be signed, said method for electronically signing a document further comprises:
acquiring signature verification data; wherein, the signature verification data comprises signature time, a hash value of the document to be signed and the signer certificate;
determining a signature value of the signature verification data;
and associating the signature verification data and the signature value of the signature verification data with the document to be signed.
7. The method of electronic signing of a document according to claim 6, wherein said determining a signature value of said signature verification data comprises:
sending the signature verification data to the secure storage device;
receiving a signature value of the signature verification data returned by the secure storage device; and the signature value of the signature verification data is obtained by the security storage device performing electronic signature on the signature verification data.
8. An electronic signature apparatus for a document, comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a signer certificate and information of one or more electronic seals for signing from a security storage device connected with a terminal device; wherein the information of the electronic seal comprises a graph of the electronic seal;
the first display unit is used for verifying the validity of the signer certificate, verifying the validity of the electronic seal and displaying the graph of the candidate electronic seal when the signer certificate passes the validity verification; the candidate electronic seal is an electronic seal with validity verification passing;
the first determining unit is used for generating a signature graph based on the graph of the selected target electronic seal in the candidate electronic seals and determining signature position information corresponding to the signature graph;
the electronic signature unit is used for generating a signature description file based on the signature graph, the signature position information and a hash value of the document to be signed, and associating the signature graph and the signature description file with the document to be signed; wherein the hash value is generated based on the content of the document to be signed.
9. A terminal device comprising a processor, a memory and a computer program stored in the memory and executable on the processor, the processor implementing a method of electronic signature of a document according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements a method of electronic signature of a document according to any one of claims 1 to 7.
CN202210294776.3A 2022-03-24 2022-03-24 Electronic signature method and device of document, terminal equipment and storage medium Pending CN114817890A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210294776.3A CN114817890A (en) 2022-03-24 2022-03-24 Electronic signature method and device of document, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210294776.3A CN114817890A (en) 2022-03-24 2022-03-24 Electronic signature method and device of document, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114817890A true CN114817890A (en) 2022-07-29

Family

ID=82530643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210294776.3A Pending CN114817890A (en) 2022-03-24 2022-03-24 Electronic signature method and device of document, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114817890A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115913563A (en) * 2022-10-09 2023-04-04 鼎铉商用密码测评技术(深圳)有限公司 Electronic signature generation method, electronic signature verification method and electronic signature verification equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115913563A (en) * 2022-10-09 2023-04-04 鼎铉商用密码测评技术(深圳)有限公司 Electronic signature generation method, electronic signature verification method and electronic signature verification equipment
CN115913563B (en) * 2022-10-09 2023-09-29 鼎铉商用密码测评技术(深圳)有限公司 Electronic signature generation method, verification method and device

Similar Documents

Publication Publication Date Title
US20210232974A1 (en) Federated-learning based method of acquiring model parameters, system and readable storage medium
CN110493007B (en) Block chain based information verification method, device, equipment and storage medium
US10841628B1 (en) System and techniques for digital data lineage verification
CN109978688A (en) The access control method and its contract generator and server of distributed common recognition system
CN109741063A (en) Digital signature method and device based on block chain
US9600690B2 (en) Secure access for sensitive digital information
CN108038388B (en) Method for realizing Web page seal, client and server
CN111222178B (en) Data signature method and device
WO2021218166A1 (en) Contract signing method and apparatus, device and computer-readable storage medium
CN110598433B (en) Block chain-based anti-fake information processing method and device
CN110569672A (en) efficient credible electronic signature system and method based on mobile equipment
CN110942301B (en) Data processing method and device based on block chain, computer and storage medium
CN111311259A (en) Bill processing method, device, terminal and computer readable storage medium
CN114817890A (en) Electronic signature method and device of document, terminal equipment and storage medium
CA2986828C (en) Data recording method, device and system, and computer storage medium
CN111950034B (en) Combined signature method, combined verification method and system of electronic signature
CN110414269B (en) Processing method, related device, storage medium and system of application installation package
CN111865605A (en) Electronic signature method and terminal, and electronic signature verification method and terminal
CN115378609A (en) Electronic certificate display method, verification method, terminal and server
CN114978527A (en) Electronic signature method and device, electronic equipment and storage medium
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN110046493B (en) Data processing method, device, equipment and machine-readable medium
CN112966197B (en) Method, device, equipment and storage medium for displaying page electronic signature
CN114022259B (en) Bidding method and device based on public key assignment and identity verification
CN112883360B (en) Intelligent registration method and device for application program, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination