CN114861232A

CN114861232A - Electronic seal system, electronic seal and electronic signature method

Info

Publication number: CN114861232A
Application number: CN202210299425.1A
Authority: CN
Inventors: 周立维; 李敏; 于文亮; 郭雨; 王颖; 王炳莉
Original assignee: Huaneng Shandong Power Generation Co Ltd; Huaneng Information Technology Co Ltd; Shandong Rizhao Power Generation Co Ltd
Current assignee: Huaneng Shandong Power Generation Co Ltd; Huaneng Information Technology Co Ltd; Shandong Rizhao Power Generation Co Ltd
Priority date: 2022-03-25
Filing date: 2022-03-25
Publication date: 2022-08-05

Abstract

The invention discloses an electronic seal system, an electronic seal and an electronic signature method. Acquiring basic information of a file, and adding a watermark into the electronic seal based on the integrity requirement and the protection requirement to form an electronic seal with the watermark; and selecting the encryption mode of the electronic seal with the watermark according to the category, and selecting the signature mode for signature according to the integrity requirement. According to the method and the device, an encryption mode is adopted according to the type of the file, the signature process is optimized, and the security degree of file confidentiality is improved. And a signature mode is selected according to the integrity degree of the file, so that the integrity of the file is enhanced.

Description

Electronic seal system, electronic seal and electronic signature method

Technical Field

The present application relates to the field of electronic seal technologies, and in particular, to an electronic seal system, an electronic seal, and an electronic signature method.

Background

The electronic seal management system is similar to the electronic signature system and mainly completes management of application, approval and manufacture of the electronic seal, issuing, authorization/reauthorization, loss reporting/loss cancelling, destruction of the electronic seal and the like of the electronic seal, and maintenance and management of a stamp image library of the electronic seal. Meanwhile, an electronic seal use audit management function is provided, namely, the time and the place of which the signer stamps the electronic seal are recorded in detail. The electronic seal management subsystem comprehensively reflects the management idea of the electronic seal, establishes an electronic seal management idea corresponding to the traditional physical seal, and realizes the management of the whole life cycle of the electronic seal from application, approval, manufacture to use authorization, loss report, destruction to use audit and the like.

In the prior art, the electronic seal system can not select an encryption mode according to the diversity of files, so that the adaptability of file signature (encryption) is poor, the signature processing speed of important files is low, the confidentiality is poor, the signature speed of unimportant files is high, the confidentiality is good, and the working efficiency of the system is greatly reduced. And multiple pages of the same file cannot have complete traces during signature, so that multiple pages of the same file are lost, and the accident probability of the system is greatly increased.

Therefore, how to improve the adaptability and integrity of the document signature is a technical problem to be solved at present.

Disclosure of Invention

The invention provides an electronic seal system, which is used for solving the technical problems of low adaptability and poor integrity in document signature in the prior art. The system comprises:

the USBKEY management module is used for registering the USBKEY and a user holding the USBKEY in the electronic seal system;

the electronic seal application module is used for filling the content of an electronic seal application form based on the application type of the electronic seal;

the electronic seal application approval module is used for judging whether the electronic seal application meets the business requirements or not after the management department receives the electronic seal application;

the electronic seal impression management module is used for importing the uploaded seal impression picture into an impression library if the electronic seal application meets the service requirement, and encrypting the seal impression picture by using a symmetric key of the system;

the electronic seal making module is used for binding the seal stamp picture with the digital certificate in the electronic seal card and writing the encrypted electronic seal into the electronic seal card if the electronic seal application conforms to the service requirement and the digital certificate in the electronic seal card is legal;

the electronic seal authorization module is used for authorizing the manufactured electronic seal and granting the management use authority and the identity authentication authority of the electronic seal;

the electronic seal management module is used for updating, reporting loss, canceling loss, inquiring, changing, recovering, destroying and inquiring the electronic seal;

the electronic seal auditing module is used for acquiring auditing logs according to the recorded network address and the signed file, wherein the auditing logs comprise signing logs, system operation logs and seal application logs;

the electronic seal signing module is used for selecting a signing mode and an encryption mode based on the basic information of the file;

the sending module is used for sending the authorized electronic seal stamp image to the entity to complete the transmission of the electronic seal;

wherein the file basic information comprises a page category, a protection degree requirement and a completeness requirement.

In some embodiments of the present application, the electronic seal application approval module is further configured to:

if the electronic seal application does not meet the business requirement, marking a failure reason in the electronic seal application form, so that the applicant modifies the electronic seal application form based on the failure reason.

In some embodiments of the present application, the electronic seal signing module is specifically configured to:

judging whether the file is a file with high requirement on integrity degree;

if so, stamping the electronic seal on all pages of the file, and restoring the electronic seal into the electronic seal after the file is unfolded;

and if not, stamping an electronic seal on each page of the file.

In some embodiments of the present application, the electronic seal signing module is further specifically configured to:

judging whether the file is a confidential file or not;

if yes, encrypting the confidential file by adopting a symmetric key;

judging whether the file is a common file or not;

and if so, encrypting the common file by adopting an asymmetric key.

In some embodiments of the present application, the system further comprises:

the identification module is used for adding the vulnerable watermark into the authorized electronic seal if the file is a file with high requirement on integrity;

and if the file has a high protection degree requirement, adding the robust watermark into the authorized electronic seal.

In some embodiments of the present application, there is also provided an electronic stamp, including:

the receiving module is used for receiving the authorized electronic seal stamp image sent by the sending module and storing the authorized electronic seal stamp image into the image library;

the picture library module is used for storing various different electronic seal stamp pictures;

the adding module is used for adding the watermark corresponding to the file into the electronic seal;

and the writing module is used for printing the electronic seal added with the watermark on the file.

In some embodiments of the present application, there is also provided an electronic signature method, including:

acquiring basic information of a file, wherein the basic information of the file comprises page number, page number size, category, protection degree requirement and integrity degree requirement;

adding a watermark into the electronic seal based on the integrity requirement and the protection requirement to form an electronic seal with the watermark;

and selecting the encryption mode of the electronic seal with the watermark according to the category, and selecting the signature mode for signature according to the integrity requirement.

In some embodiments of the present application, based on the requirement of the integrity degree and the requirement of the protection degree, a watermark is added to an electronic seal to form an electronic seal with a watermark, which specifically includes:

if the file is a file with high requirement on integrity, adding the vulnerable watermark into the electronic seal;

and if the file is a file with a high protection degree requirement, adding the robust watermark into the electronic seal.

In some embodiments of the present application, the selecting an encryption method of the electronic seal with watermark according to the importance requirement specifically includes:

if the file is a confidential file, encrypting the file by adopting a symmetric encryption mode;

and if the file is a common file, encrypting the file by adopting an asymmetric encryption mode.

In some embodiments of the present application, a signature manner is selected for signature according to the completeness requirement, the number of pages, and the size of the page number, and the specific steps are as follows:

if the file is a file with high requirement on integrity, stamping a perforation seal of an electronic seal on all pages according to the page number and the page number size;

and if the file is a file with low requirement on integrity, stamping an electronic seal on all pages according to the page number and the page number.

By applying the technical scheme, the system comprises a USBKEY management module, a USBKEY management module and a module management module, wherein the USBKEY management module is used for registering the USBKEY and a user holding the USBKEY in the electronic seal system; the electronic seal application module is used for filling the content of an electronic seal application form based on the application type of the electronic seal; the electronic seal application approval module is used for judging whether the electronic seal application meets the business requirements or not after the management department receives the electronic seal application; the electronic seal impression management module is used for importing the uploaded seal impression picture into an impression library if the electronic seal application meets the service requirement, and encrypting the seal impression picture by using a symmetric key of the system; the electronic seal making module is used for binding the seal stamp picture with the digital certificate in the electronic seal card and writing the encrypted electronic seal into the electronic seal card if the electronic seal application conforms to the service requirement and the digital certificate in the electronic seal card is legal; the electronic seal authorization module is used for authorizing the manufactured electronic seal and granting the management use authority and the identity authentication authority of the electronic seal; the electronic seal management module is used for updating, reporting loss, canceling loss, inquiring, changing, recovering, destroying and inquiring the electronic seal; the electronic seal auditing module is used for acquiring auditing logs according to the recorded network address and the signed file, wherein the auditing logs comprise a signing log, a system operation log and a seal application log; the electronic seal signing module is used for selecting a signing mode and an encryption mode based on the basic information of the file; and the sending module is used for sending the authorized electronic seal stamp image to the entity to complete the transmission of the electronic seal. The application forms a complete and efficient electronic seal system, and the whole process from applying a seal to signing is realized by adopting an encryption mode according to the file category, so that the signing process is optimized, and the file confidentiality and safety degree is improved. And a signature mode is selected according to the integrity degree of the file, so that the integrity of the file is enhanced. And selecting a watermark mode according to the file protection and integrity requirements, and improving the file protection degree and the integrity degree.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

FIG. 1 is a schematic structural diagram of an electronic seal system according to an embodiment of the present invention;

FIG. 2 is a schematic structural diagram of an electronic seal according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating an electronic signature method according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The present application provides an electronic stamp system, as shown in fig. 1, the system includes the following modules:

the USBKEY management module 101 is used for registering USBKEY and a user holding the USBKEY in the electronic seal system;

the electronic seal application module 102 is used for filling the content of an electronic seal application form based on the application type of the electronic seal;

the electronic seal application approval module 103 is used for judging whether the electronic seal application meets the business requirements or not after the management department receives the electronic seal application;

the electronic seal stamp management module 104 is configured to import the uploaded seal stamp image into a stamp library if the electronic seal application meets the service requirement, and encrypt the seal stamp image with a symmetric key of the system;

an electronic seal making module 105, configured to bind the seal stamp image with the digital certificate in the electronic seal card and write the encrypted electronic seal into the electronic seal card if the electronic seal application meets the service requirement and the digital certificate in the electronic seal card is legal;

the electronic seal authorization module 106 is used for authorizing the manufactured electronic seal and granting the management use authority and the identity authentication authority of the electronic seal;

an electronic seal management module 107, configured to update, report loss, cancel report loss, query, change, restore, destroy, and query the electronic seal;

the electronic seal auditing module 108 is used for acquiring auditing logs according to the recorded network address and the signed file, wherein the auditing logs comprise a signing log, a system operation log and a seal application log;

the electronic seal signing module 109 is used for selecting a signing mode and an encryption mode based on the basic information of the file;

and the sending module 110 is configured to send the authorized electronic seal stamp image to the entity, so as to complete transmission of the electronic seal.

And the USBKEY management module 101 is used for registering the USBKEY and a user holding the USBKEY in the electronic seal system.

In this embodiment, the USBKEY and the user holding the USBKEY are registered in the electronic seal system, and only the holder of the USBKEY at the time of registration can log in the system and only the registered USBKEY can be used for making the electronic seal.

And the electronic seal application module 102 is used for filling out the content of the electronic seal application form based on the application type of the electronic seal.

In this embodiment, the content of the electronic seal application form filled according to the application type of the electronic seal is different, and the application type of the electronic seal includes an electronic official seal, a personal name seal, and a personal signature.

And the electronic seal application approval module 103 is used for judging whether the electronic seal application meets the business requirements or not after the management department receives the electronic seal application.

In this embodiment, after receiving the electronic seal application, the management department determines whether the electronic seal application meets the business requirements according to the content of the application form, and the electronic seal application meets the requirement that the back party can approve.

It can be understood that whether the electronic seal application meets the business requirements is judged, wherein the defined conditions can be adjusted and set according to the actual requirements.

And the electronic seal stamp management module 104 is used for importing the uploaded seal stamp picture into a stamp library if the electronic seal application meets the service requirement, and encrypting the seal stamp picture by using a symmetric key of the system.

In this embodiment, if the electronic seal application meets the service requirement, the uploaded seal stamp image is imported into a stamp library, and the symmetric key of the system is used to encrypt the seal stamp image. The leading-in time is the effective starting time of the stamp, the validity period of the stamp is set by self according to actual requirements, and managers can stop using, destroy, inquire and the like the stamp of each stamp. For stamps with the same stamp name but different stamps, multiple stamp stamps should be maintained, but only one stamp can be active at a time.

And the electronic seal making module 105 is used for binding the seal stamp picture with the digital certificate in the electronic seal card and writing the encrypted electronic seal into the electronic seal card if the electronic seal application conforms to the service requirement and the digital certificate in the electronic seal card is legal.

And the electronic seal authorization module 106 is used for authorizing the manufactured electronic seal and granting the management use authority and the identity authentication authority of the electronic seal.

And the electronic seal management module 107 is used for updating, reporting loss, canceling loss, inquiring, changing, recovering, destroying and inquiring the electronic seal.

And the electronic seal auditing module 108 is used for acquiring auditing logs according to the recorded network address and the signed file, wherein the auditing logs comprise a signing log, a system operation log and a seal application log.

In this embodiment, the audit log is used to record time nodes of each operation flow, and has traceability when a problem occurs, the system operation log includes a system login log, an illegal operation log, a seal management log, and a seal authorization log, and the time when the signature log records the signature.

And the electronic seal signing module 109 is used for selecting a signing mode and an encryption mode based on the file basic information.

judging whether the file is a file with a high requirement on the integrity degree;

and if not, stamping an electronic seal on each page of the file.

The above disclosure is only a few specific implementation scenarios of the present invention, however, the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.

judging whether the file is a confidential file or not;

if yes, encrypting the confidential file by adopting a symmetric key;

judging whether the file is a common file or not;

and if so, encrypting the common file by adopting an asymmetric key.

The system further comprises:

Those skilled in the art will appreciate that the modules in the system implementing the scenario may be distributed in the system implementing the scenario according to the description of the implementation scenario, or may be correspondingly changed in one or more systems different from the present implementation scenario. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.

In some embodiments of the present application, there is further provided an electronic seal, as shown in fig. 2, the signature includes:

the receiving module 201 is configured to receive the authorized electronic seal stamp image sent by the sending module, and store the authorized electronic seal stamp image in the image library;

the picture library module 202 is used for storing various different electronic seal stamp pictures;

an adding module 203, configured to add a watermark corresponding to the file to the electronic seal;

and the writing module 204 is used for printing the electronic seal added with the watermark on the file.

The electronic seal realizes that the image of the virtual electronic seal is transmitted into the entity, and the actual file paper is signed based on the electronic seal, and only one electronic signature is needed to realize the signing of a plurality of different seals, so that the cost is saved, and the working efficiency is improved. And the electronic seal stamp image is added with the watermark, so that the identification degree of the electronic seal is increased, and the identification and the tracing of the file are facilitated. And a perforation seal mode can be adopted for signature according to the file integrity requirement, so that the overall integrity of the file is enhanced.

In some embodiments of the present application, there is further provided an electronic signature method, as shown in fig. 3, the method including:

step S301, acquiring basic file information, wherein the basic file information comprises page number, page number size, category, protection degree requirement and integrity degree requirement;

step S302, adding a watermark into the electronic seal based on the integrity requirement and the protection requirement to form an electronic seal with the watermark;

and S303, selecting the encryption mode of the electronic seal with the watermark according to the category, and selecting the signature mode for signature according to the integrity requirement.

In step S301, file basic information is obtained, where the file basic information includes page number, page size, category, protection level requirement, and integrity level requirement.

In this embodiment, basic information of a file to be signed is obtained, where the basic information of the file includes, but is not limited to, the number of pages, the size of the pages, the category, a requirement on protection degree, and a requirement on integrity degree, where the requirement on protection degree and integrity degree can be adjusted according to actual requirements, and both of them belong to the scope of protection of the present application.

In step S302, a watermark is added to the electronic seal based on the integrity requirement and the protection requirement to form an electronic seal with a watermark.

Robust watermarking, commonly used for copyright protection of digitized images, video, audio or electronic documents. The method is characterized in that specific information representing the identity of a copyright owner, such as a section of characters, identification, a serial number and the like, is embedded into a digital product in a certain mode, and when copyright disputes occur, a digital watermark is extracted through a corresponding algorithm, so that the attribution of copyright is verified, the legal benefit of the copyright owner is ensured, and the threat of illegal piracy is avoided.

The watermark is easily damaged. Also known as fragile watermarks. Typically for data integrity protection. When the data content changes, the vulnerable watermark changes correspondingly, so that whether the data is complete or not can be judged.

Symmetric encryption is an encryption algorithm that requires the use of the same key for encryption and decryption. Due to its fast speed, symmetric encryption is often used when the sender of a message needs to encrypt a large amount of data. Symmetric encryption is also referred to as key encryption. Symmetry means that both parties using this encryption method use the same key for encryption and decryption. A key is an instruction that controls the encryption and decryption process. An algorithm is a set of rules that specify how encryption and decryption are to be performed. Therefore, the security of encryption depends not only on the encryption algorithm itself, but also the security of key management is more important. Since both encryption and decryption use the same key, how to securely deliver the key to the decryptor becomes a problem that must be solved.

Asymmetric encryption is different from symmetric encryption algorithms which require two keys: public key (publickey) and private key (privatekey). The public key and the private key are a pair, and if the public key is used for encrypting data, only the corresponding private key can be used for decrypting the data; if the data is encrypted with a private key, it can only be decrypted with the corresponding public key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. The asymmetric cryptosystem is also called as a public key encryption technology, and the technology is proposed aiming at the defects of a private key cryptosystem (a symmetric encryption algorithm). Different from a symmetric cryptosystem, in a public key encryption system, encryption and decryption are relatively independent, two different keys are used for encryption and decryption, an encryption key (a public key) is disclosed to the public, and can be used by anyone, a decryption key (a secret key) is only known by a decryption person, and an illegal user cannot calculate the decryption key according to the disclosed encryption key, so that the information protection strength is greatly enhanced. The public key cryptosystem not only solves the problem of key distribution, but also provides a means for signature and authentication.

Selecting a signature mode for signature according to the integrity requirement, the page number and the page number size, and specifically comprising the following steps:

The seal on the perforation is to press the side seam when stamping. The common official seal requires 'riding year and moon pressing' when stamping, but the seal requires 'riding seam', namely, the official seal is uniformly stamped on the middle seam of two pages of foldable paper, one half is reserved as a stub, the other half is used as a certificate, when verifying, the two halves are opposite, and the official seal is integrated. Because the seal is added, the seal can be restored into the original seal by the overall expansion of the contract, thereby preventing the contract content from being changed by the opposite side and preventing the contract content from being repudiated by the opposite side, and avoiding unnecessary trouble, dispute and loss caused by the change or repudiation of the contract content. Like the steel seal, the paper has the function of preventing the increase and decrease of page numbers in the document, namely, a plurality of pages or a few pages can be seen, and the patching or the adding of pages for counterfeiting can be prevented so as to keep the integrity of the document.

The degree of importance and the degree of completeness can be adjusted according to actual requirements, and the method and the device belong to the protection scope of the application.

The application forms a complete and efficient electronic seal system, and the whole process from applying a seal to signing is realized by adopting an encryption mode according to the file category, so that the signing process is optimized, and the file confidentiality and safety degree is improved. And a signature mode is selected according to the integrity degree of the file, so that the integrity of the file is enhanced. And selecting a watermark mode according to the file protection and integrity requirements, and improving the file protection degree and the integrity degree.

Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by hardware, or by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the method according to the implementation scenarios of the present invention.

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims

1. An electronic seal system, comprising:

the electronic seal auditing module is used for acquiring auditing logs according to the recorded network address and the signed file, wherein the auditing logs comprise a signing log, a system operation log and a seal application log;

the sending module is used for sending the authorized electronic seal impression picture to the entity to finish the transmission of the electronic seal;

2. The system of claim 1, wherein the electronic seal application approval module is further to:

3. The system of claim 2, wherein the electronic seal signing module is specifically configured to:

judging whether the file is a file with high requirement on integrity degree;

and if not, stamping an electronic seal on each page of the file.

4. The system of claim 3, wherein the electronic seal signing module is further specifically configured to:

judging whether the file is a confidential file or not;

if yes, encrypting the confidential file by adopting a symmetric key;

judging whether the file is a common file or not;

and if so, encrypting the common file by adopting an asymmetric key.

5. The system of claim 1, further comprising:

the identification module is used for adding the vulnerable watermark to the authorized electronic seal if the file is a file with a high requirement on the integrity degree;

6. An electronic seal, comprising:

7. An electronic signature method, comprising:

acquiring basic information of a file, wherein the basic information of the file comprises page number, page size, category, protection degree requirement and integrity degree requirement;

8. The method according to claim 7, wherein a watermark is added to the electronic seal based on the integrity requirement and the protection requirement to form a watermarked electronic seal, specifically:

9. The method according to claim 7, wherein selecting the encryption mode of the watermarked electronic seal according to the importance degree requirement specifically includes:

10. The method of claim 7, wherein the selecting a signature manner for signing according to the completeness requirement, the number of pages, and the page size comprises: