CN115361233A - Block chain-based electronic document signing method, device, equipment and medium - Google Patents
Block chain-based electronic document signing method, device, equipment and medium Download PDFInfo
- Publication number
- CN115361233A CN115361233A CN202211283057.8A CN202211283057A CN115361233A CN 115361233 A CN115361233 A CN 115361233A CN 202211283057 A CN202211283057 A CN 202211283057A CN 115361233 A CN115361233 A CN 115361233A
- Authority
- CN
- China
- Prior art keywords
- certificate
- electronic authentication
- signing
- public
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the disclosure discloses an electronic document signing method, an electronic document signing device, electronic document signing equipment and an electronic document signing medium based on a block chain, wherein the method comprises the following steps: the signing terminal verifies the identity credible certificate of the authenticator, when the verification is passed, the signing terminal obtains an electronic authentication certificate to be signed according to a certificate source file and the digital identity of the authenticator, and the authenticator signs the electronic authentication certificate to be signed by using a private key of a first public-private key pair and a private key of a second public-private key pair of the authenticator to obtain an initial electronic authentication certificate; and when the signing terminal determines that the initial electronic authentication certificate meets the preset signing conditions, determining the initial electronic authentication certificate as an electronic authentication certificate, and simultaneously storing the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair in the block chain by the signing terminal. The embodiment of the disclosure effectively ensures the identity of the authentication party and the authenticity of the signing will, and greatly improves the convenience of the signing process of the electronic authentication certificate.
Description
Technical Field
The present disclosure relates to a block chain technology and an electronic signing technology, and in particular, to a block chain-based electronic document signing method, apparatus, device, and medium.
Background
With the continuous development of the blockchain technology, the electronic subscription technology based on the blockchain technology is also emerging. In the electronic subscription process, it is necessary to ensure the identity of the subscribing entity and the authenticity of the wishes of the document. In the prior art, the identity of a signing main body and the authenticity of signing willingness are usually ensured by means of a hardware medium ukey, but the signing process of the electronic signing mode is complicated.
Disclosure of Invention
The embodiment of the disclosure provides a block chain-based electronic document signing method, device, equipment and medium, so as to solve the problem of how to improve the convenience of a signing process while ensuring the identity of a signing subject and the authenticity of signing willingness.
In one aspect of the embodiments of the present disclosure, there is provided an electronic document signing method based on a block chain, including: the signing terminal receives a certificate source file and authenticator information sent by an authenticator, wherein the authenticator information comprises: the digital identity of the authenticator, an identity credibility certificate, a public key in a first public-private key pair and a public key in a second public-private key pair, wherein the public key in the first public-private key is the same as the public key in the second public-private key pair, the first public-private key pair is generated by the authenticator, the second public-private key pair is generated by a third party, and the certificate source file comprises the digital identity and the enterprise name of the enterprise party; the signed terminal verifies the identity trusted voucher of the authenticator; responding to the verification that the identity credible certificate of the authenticator passes, and generating an electronic authentication certificate to be signed by the signing terminal based on the certificate source file and the digital identity of the authenticator; the signing terminal stores the electronic authentication certificate to be signed to a block chain; the authenticator carries out signature processing on the electronic authentication certificate to be signed by respectively using the private key of the first public-private key pair and the private key of the second public-private key pair to obtain an initial electronic authentication certificate; the signing terminal determines whether the initial electronic authentication voucher meets a preset signing condition or not; in response to the initial electronic authentication certificate meeting the preset signing condition, the signing terminal determines the initial electronic authentication certificate as an electronic authentication certificate; and the signing terminal stores the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain.
Optionally, in the method according to any embodiment of the present disclosure, the determining, by the subscription terminal, whether the initial electronic authentication credential meets a preset subscription condition includes: in response to the fact that the time length between the generation of the electronic authentication certificate to be signed and the generation of the initial electronic authentication certificate is less than or equal to the preset time length and the signature of the initial electronic authentication certificate meets the preset signature integrity condition, determining that the initial electronic authentication certificate meets the preset signing condition; determining the initial electronic authentication certificate as an electronic authentication certificate; the signing terminal generates a signing document based on the authenticator information and the electronic authentication certificate; signing the signing document by using a private key of a public-private key pair of the signing terminal; and storing the signed signing document to the block chain.
Optionally, in the method according to any of the above embodiments of the present disclosure, the method further includes: the authenticator verifies the identity credible certificate of the enterprise party; in response to the trusted credential of the identity of the enterprise party being verified, the authenticator generates the certificate source file based on the digital identity of the enterprise party.
Optionally, in the method according to any of the above embodiments of the present disclosure, the method further includes: signing the certificate source file by using a private key of a public and private key pair of a signing terminal, and storing the signed certificate source file to the block chain; the signing terminal stores the electronic authentication certificate to be signed to a block chain, and the signing terminal comprises: and signing the electronic authentication certificate to be signed by using a public-private key pair and a private key of the signing terminal, and storing the signed electronic authentication certificate to be signed to the block chain.
Optionally, in the method according to any of the above embodiments of the present disclosure, the electronic authentication credential includes: a credential identification, a digital identity of the authenticator, and a name of the authenticator; the method further comprises the following steps: the signing terminal receives a certificate inquiry request sent by an inquirer, wherein the certificate inquiry request comprises: the method comprises the steps of obtaining a certificate identifier of an electronic authentication certificate to be inquired, a digital identity of an authenticator or a name of the authenticator; the signing terminal acquires an electronic authentication certificate corresponding to the certificate inquiry request based on the certificate inquiry request; and in response to the fact that the attribute of the electronic authentication certificate corresponding to the certificate inquiry request is a preset attribute, the signing terminal feeds back the electronic authentication certificate corresponding to the certificate inquiry request to the inquirer.
Optionally, in the method according to any of the above embodiments of the present disclosure, the method further includes: the signing terminal receives a certificate verification request sent by the inquiring party, wherein the certificate verification request comprises an electronic authentication certificate to be checked; determining the certificate characteristics of the electronic authentication certificate to be inspected according to the electronic authentication certificate to be inspected based on a preset algorithm; determining whether a certificate mark corresponding to the certificate feature of the electronic authentication certificate to be inspected exists or not based on the certificate feature of the electronic authentication certificate to be inspected and the certificate feature and certificate mark corresponding list; in response to the existence of the certificate identification corresponding to the certificate feature of the electronic authentication certificate to be inspected, taking the certificate identification corresponding to the certificate feature of the electronic authentication certificate to be inspected as a target certificate identification; determining whether the target credential identification is present in a query-prohibited list; in response to the target credential identification not being present in the query-prohibited list, taking a credential feature of the electronic authentication credential identified by the target credential identification as a target credential feature; and determining an examination result based on the target certificate characteristics and the certificate characteristics of the electronic authentication certificate to be examined, and feeding back the examination result to the inquiring party.
In one aspect of the embodiments of the present disclosure, an electronic document signing apparatus based on a block chain is provided, including: a first receiving module, configured to receive, by a signing terminal, a certificate source file and authenticator information sent by an authenticator, where the authenticator information includes: the digital identity of the authenticator, an identity credibility certificate, a public key in a first public-private key pair and a public key in a second public-private key pair, wherein the public key in the first public-private key is the same as the public key in the second public-private key pair, the first public-private key pair is generated by the authenticator, the second public-private key pair is generated by a third party, and the certificate source file comprises the digital identity and the enterprise name of the enterprise party; the first verification module is used for verifying the identity credible certificate of the authenticator by the signed terminal; the first generating module is used for responding to the verification that the identity credible certificate of the authenticator passes, and the signing terminal generates an electronic authentication certificate to be signed based on the certificate source file and the digital identity of the authenticator; the first storage module is used for storing the electronic authentication voucher to be signed to a block chain by the signing terminal; the first signature module is used for the authenticator to carry out signature processing on the electronic authentication certificate to be signed by respectively using the first public-private key pair private key and the second public-private key pair private key to obtain an initial electronic authentication certificate; a second verification module, configured to determine, by the subscription terminal, whether the initial electronic authentication credential meets a preset subscription condition; a first determining module, which responds to the initial electronic authentication certificate meeting the preset signing condition, and the signing terminal determines the initial electronic authentication certificate as an electronic authentication certificate; and the second storage module is used for storing the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain by the signing terminal.
Optionally, in the method according to any of the above embodiments of the present disclosure, the second verification module includes: the verification submodule is used for responding that the time length between the generation of the electronic authentication certificate to be signed and the generation of the initial electronic authentication certificate is less than or equal to the preset time length, and the signature in the initial electronic authentication certificate accords with the preset signature complete condition, and determining that the initial electronic authentication certificate accords with the preset signing condition; the confirming submodule is used for determining the initial electronic authentication certificate as an electronic authentication certificate; the generation submodule is used for generating a signing document by the signing terminal based on the authenticator information and the electronic authentication certificate; the signing sub-module is used for signing the signing document by using a private key and a public key of the signing terminal; and the storage module is used for storing the signed signing document to the block chain.
In one aspect of the disclosed embodiments, an electronic device is provided, including: a memory for storing a computer program; a processor for executing the computer program stored in the memory, and when the computer program is executed, implementing any of the methods described above.
In one aspect of the embodiments of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which, when executed by a processor, implements any of the methods described above.
The disclosed embodiment provides an electronic file signing method, device, equipment and medium based on a block chain, wherein a signing terminal verifies an identity credible certificate of an authenticator, when the verification is passed, the signing terminal obtains an electronic authentication certificate to be signed according to a certificate source file and a digital identity of the authenticator, meanwhile, the electronic authentication certificate to be signed is stored in the block chain, and the authenticator signs the electronic authentication certificate to be signed by using a private key in a first public-private key pair and a private key in a second public-private key pair of the authenticator to obtain an initial electronic authentication certificate; and when the signing terminal determines that the initial electronic authentication certificate meets the preset signing conditions, determining the initial electronic authentication certificate as the electronic authentication certificate, and simultaneously storing the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain by the signing terminal. Therefore, in the embodiment of the disclosure, the identity trusted certificate of the authenticator is verified through the signing terminal, and the authenticator signs the to-be-signed electronic authentication certificate by using the private key of the first public-private key pair and the private key of the second public-private key pair, so that the authenticity of the identity and signing will of the authenticator is effectively ensured, other hardware media (such as ukey and the like) are not needed, and the convenience of the signing process of the electronic authentication certificate is greatly improved. In addition, in the embodiment of the disclosure, the files generated at each stage in the signing process of the electronic authentication certificate are stored in the block chain, so that the full-process record of signing the electronic authentication certificate is realized, and the subsequent file management and query at each stage of the signing process of the electronic authentication certificate are facilitated. Meanwhile, in the embodiment of the disclosure, the private key of the first public-private key pair and the private key of the second public-private key pair are simultaneously used for signing, so that not only is the credibility of the electronic authentication certificate improved, but also the public key of the first public-private key pair and the public key of the second public-private key pair are the same, so that when the signature of the electronic authentication certificate is required to be verified, only the public key of the first public-private key pair or the public key of the second public-private key pair is required to be used for verification, and the use experience of a user is improved.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which:
fig. 1 is a flowchart of an embodiment of a block chain-based electronic document signing method according to the embodiment of the present disclosure;
fig. 2 is a flowchart of step S160 of the embodiment of the present disclosure;
FIG. 3 is a flowchart of an embodiment of a block chain-based electronic document signing method according to the present disclosure;
FIG. 4 is a flowchart of an embodiment of a block chain-based electronic document signing method according to the present disclosure;
FIG. 5 is a flowchart of an embodiment of a block chain-based electronic document signing method according to the present disclosure;
FIG. 6 is a block chain-based electronic document signing apparatus in accordance with one embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of parts and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those within the art that the terms "first", "second", etc. in the embodiments of the present disclosure are used only for distinguishing between different steps, devices or modules, etc., and do not denote any particular technical meaning or necessary logical order therebetween.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B, may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Embodiments of the disclosure may be implemented in electronic devices such as terminal devices, computer systems, servers, etc., which are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with electronic devices, such as terminal devices, computer systems, servers, and the like, include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, networked personal computers, minicomputer systems, mainframe computer systems, distributed cloud computing environments that include any of the above, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
Fig. 1 is a schematic flowchart illustrating an electronic document signing method based on a block chain in an embodiment of the present disclosure. The embodiment can be applied to an electronic device, and as shown in fig. 1, the block chain-based electronic document signing method of the embodiment includes the following steps:
step S110, the signing terminal receives the certificate source file and the authenticator information sent by the authenticator.
Wherein the authenticator information comprises: the certificate comprises a digital identity of an authenticator, an identity credibility certificate, a first public-private key pair public key and a second public-private key pair public key, wherein the public key in the first public-private key is the same as the second public-private key pair public key, the first public-private key pair is generated by the authenticator, the second public-private key pair is generated by a third party, and a certificate source file comprises the digital identity of an enterprise party and an enterprise name.
The signing terminal may be a server or the like, which is in communication connection with a client of the authenticator. The authenticator can be an enterprise, an organization and the like having the authority of issuing the electronic authentication certificate, and the enterprise can be an enterprise, an organization and the like needing the authenticator to authenticate and issue the electronic authentication certificate. The digital identity may be BID (block-based Identifier), DID (Decentralized Identifier), or the like, the digital identity of each authenticator uniquely identifies one authenticator, and the trusted identity credential of the authenticator may be a digital credential issued by an authority certificate authority to prove the identity of the authenticator and the authenticity of the digital identity of the authenticator. For example, the authenticator can generate the digital identity of the authenticator, send the digital identity and the authenticator audit information to the authoritative authenticator, and the authoritative authenticator audits the authenticator audit information; the authenticator audit information may include: authenticator name, business license, organization code, etc.
The third party may be a third party authority certificate authority, e.g., the third party may be a CA (certificate authority) center, etc. The certificate source file can be a template file of an electronic authentication certificate, and the authenticator can generate the certificate source file at the client side of the authenticator and fill the digital identity and the enterprise name of the enterprise into the certificate source file.
The first public-private key pair comprises: the public key in the first public-private key pair is used for verifying a signature generated by the private key in the first public-private key pair, and the private key in the first public-private key pair is used for signing information or files and the like. The second public-private key pair includes: the public key in the second public-private key pair is used for verifying the signature generated by the private key in the second public-private key pair, and the private key in the second public-private key pair is used for signing information or files. The first public and private key pair and the second public and private key pair can be generated through a symmetric encryption algorithm, an asymmetric encryption algorithm, a national secret SM2 algorithm or an RSA algorithm and the like.
In a practical manner, the authenticator may generate the first public-private key pair through a symmetric encryption algorithm, an asymmetric encryption algorithm, or a public key SM2 algorithm, and then authorize a public key of the first public-private key pair to a third party, which generates the second public-private key pair based on the public key of the first public-private key pair and the symmetric encryption algorithm, the asymmetric encryption algorithm, the public key SM2 algorithm, or the RSA algorithm, and the like.
And step S120, the signed terminal verifies the identity trusted certificate of the authenticator.
And the signed terminal verifies the identity trusted certificate of the authenticator so as to determine the authenticity of the authenticator.
In one implementation, the signing terminal checks that a trusted certificate which is the same as the identity trusted certificate of the authenticator is stored; and in response to the fact that the signed terminal stores the identity trusted voucher which is the same as the identity trusted voucher of the authenticator, determining that the identity trusted voucher of the authenticator passes verification.
It should be noted that, when there are multiple authenticators, the identity trusted certificate of each authenticator needs to be verified, and when the identity trusted certificates of all the authenticators pass the verification, step S130 may be executed.
Step S130, in response to the identity trusted certificate of the authenticator passing the verification, the signing terminal generates an electronic authentication certificate to be signed based on the certificate source file and the digital identity of the authenticator.
When the identity credible certificate of the authenticator passes verification, the signing terminal adds the digital identity of the authenticator into the certificate source file, and simultaneously can generate the signature position of the authenticator in the certificate source file to obtain the electronic authentication certificate to be signed.
It should be noted that, when there are multiple authenticators, the digital identity of each authenticator needs to be added to the certificate source file.
Step S140, the signing terminal stores the electronic authentication certificate to be signed to the block chain.
The signing terminal can store the electronic authentication certificate to be signed to the block chain, and after the electronic authentication certificate to be signed is successfully stored, the block chain feeds back a hash value (hash) and a stored hash value (ipfs hash) of the electronic authentication certificate to be signed to the signing terminal.
And S150, the authenticator carries out signature processing on the electronic authentication certificate to be signed by respectively utilizing the private key in the first public and private key and the private key in the second public and private key to obtain an initial electronic authentication certificate.
Wherein the initial electronic authentication credential has a signature generated by a private key of the first public-private key pair and a signature generated by a private key of the second public-private key pair.
In one implementation, the signing terminal sends the electronic authentication certificate to be signed to a client of the authenticator, the authenticator signs the electronic authentication certificate to be signed by using a private key in a first public-private key pair of the authenticator, the authenticator signs the electronic authentication certificate to be signed by using a private key in a second public-private key pair of the authenticator, an initial electronic authentication certificate is generated, and the authenticator sends the initial electronic authentication certificate to the signing terminal.
In one implementation mode, an authenticator refuses to sign an electronic authentication certificate to be signed, and a client of the authenticator sends a sign refusing message to a signing terminal; when the signing terminal receives the signing refusing information sent by the authenticator, the signing terminal finishes the process and simultaneously can store the signing refusing information to the block chain.
It should be noted that, when there are multiple authenticators, each authenticator needs to perform signature processing on the to-be-signed electronic authentication credential by using the private key in the first public-private key pair and the private key in the second public-private key pair.
Step S160, the subscription terminal determines whether the initial electronic authentication credential meets a preset subscription condition.
The preset signing conditions can be set according to actual conditions. For example, the signing terminal may check whether the initial electronic authentication credential has a signature generated by a private key of the first public-private key pair and a signature generated by a private key of the second public-private key pair, and when both have the signatures, may determine that the initial electronic authentication credential meets a preset signing condition; or, when a plurality of authenticators are provided, the method may check whether the initial electronic authentication credentials have signatures generated by all the authenticators using the private keys of the first public-private key pair and the second public-private key pair, and when both the signatures are provided, may determine that the initial electronic authentication credentials meet the preset subscription conditions.
Step S170, in response to the initial electronic certificate meeting the preset signing conditions, the signing terminal determines the initial electronic certificate as an electronic certificate.
Wherein, the electronic authentication credentials may include: the name of the authenticator, the digital identity of the authenticator, the name of the enterprise party, the digital identity of the enterprise party, the number of the electronic authentication voucher, the voucher identification of the electronic authentication voucher, the effective date of the electronic authentication voucher and the like.
In one implementation, the subscribing terminal feeds back the electronic authentication credentials to the authenticator.
Step S180, the signing terminal stores the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain.
The signing terminal uploads the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain, and when the block chain storage is completed, the signing terminal feeds back the hash value of the electronic authentication certificate and the stored hash value of the public key in the first public-private key pair or the public key in the second public-private key pair to the signing terminal.
In the embodiment of the disclosure, the identity trusted certificate of the authenticator is verified through the signing terminal, and the authenticator signs the to-be-signed electronic authentication certificate by using the private key of the first public-private key pair and the private key of the second public-private key pair, so that the identity of the authenticator and the authenticity of signing will are effectively ensured, other hardware media (such as ukey and the like) are not needed, and the convenience of the signing process of the electronic authentication certificate is greatly improved. In addition, in the embodiment of the disclosure, the files generated at each stage in the signing process of the electronic authentication certificate are stored in the block chain, so that the full-process record of signing the electronic authentication certificate is realized, and the subsequent file management and query at each stage of the signing process of the electronic authentication certificate are facilitated. Meanwhile, in the embodiment of the disclosure, the private key of the first public-private key pair and the private key of the second public-private key pair are simultaneously used for signing, so that not only is the credibility of the electronic authentication certificate improved, but also the public key of the first public-private key pair and the public key of the second public-private key pair are the same, so that when the signature of the electronic authentication certificate is required to be verified, only the public key of the first public-private key pair or the public key of the second public-private key pair is required to be used for verification, and the use experience of a user is improved.
In an alternative embodiment, as shown in fig. 2, step S160 in the embodiment of the present disclosure may include the following steps:
step S161, in response to that the time length between the generation of the to-be-signed electronic authentication credential and the generation of the initial electronic authentication credential is less than or equal to the preset time length and the signature of the initial electronic authentication credential meets the preset signature integrity condition, determining that the initial electronic authentication credential meets the preset signing condition.
The preset time length can be set according to actual requirements. The time duration between the generation of the to-be-signed electronic authentication credential and the generation of the initial electronic authentication credential may be determined according to the time stamp corresponding to the initial electronic authentication credential and the time stamp corresponding to the to-be-signed electronic authentication credential.
In one implementation, when the initial electronic authentication credential has a signature generated by a private key of the first public-private key pair and a signature generated by a private key of the second public-private key pair, it may be determined that the initial electronic authentication credential meets a preset signature integrity condition; or when a plurality of authenticators are provided, when the initial electronic authentication certificate has signatures generated by all the authenticators by using the private keys in the first public-private key pair and the second public-private key pair, determining that the initial electronic authentication certificate meets the preset signature integrity condition.
Step S162, determining the initial electronic authentication credential as an electronic authentication credential.
In step S163, the signing terminal generates a signing document based on the authenticator information and the electronic authentication credential.
The subscription document may be used to record all information in the generation process of the electronic authentication credential. The subscription document may include: the information of the authenticator, the certificate identification, the number, the effective date, the attribute and the like of the electronic authentication certificate. The certificate identification can be BID or DID and is used for uniquely identifying an electronic authentication certificate. The attributes of the electronic authentication credential may characterize whether the electronic authentication credential may be viewed. For example, the attribute of the electronic authentication credential may include public or private, etc., and when the attribute of the electronic authentication credential is public, it indicates that the electronic authentication credential can be viewed by anyone, and when the attribute of the electronic authentication credential is private, it indicates that the electronic authentication credential can be viewed only by the corresponding authenticator and enterprise.
And step S164, signing the signing document by using the private key of the public-private key pair of the signing terminal.
Wherein, the public and private key pair of the signing terminal comprises: the public key in the public and private key of the signing terminal is used for verifying a signature generated by the private key in the public and private key of the signing terminal, and the private key in the public and private key of the signing terminal is used for signing information or files. The public and private key pair of the signing terminal can be generated by the signing terminal based on a symmetric encryption algorithm, an asymmetric encryption algorithm, a national secret SM2 algorithm or an RSA algorithm and the like.
Step S165, storing the signed subscription document in a block chain.
In one implementation, the subscription document may be converted into uplink data in a blob format, the public-private key of the subscription terminal is used to sign the uplink data corresponding to the subscription document, and the uplink data corresponding to the signed subscription document is stored in the block chain. The blob format is a hexadecimal format after the transaction structure is serialized, and is used for performing uplink operation.
In an alternative embodiment, as shown in fig. 3, the block chain-based electronic document signing method in the embodiment of the present disclosure may further include the following steps:
and step S210, the authentication party verifies the identity credible certificate of the enterprise party.
The identity credible certificate of the enterprise side can be a digital certificate issued by an authority certification authority and used for proving the identity of the enterprise side and the authenticity of the digital identity of the enterprise side. For example, the enterprise side may generate a digital identity of the enterprise side, and send the digital identity and the audit information of the enterprise side to the authoritative certification authority, the authoritative certification authority audits the audit information of the enterprise, after the audit is passed, the authoritative certification authority generates an identity trusted certificate including the digital identity of the enterprise side, and sends the identity trusted certificate to the enterprise side, and the audit information of the enterprise side includes: business party names, business licenses, organizational codes, and the like.
In one implementation, when an enterprise side needs to apply for an electronic authentication certificate, the enterprise side sends a digital identity and an identity trusted certificate thereof and a public key corresponding to the identity trusted certificate to a client of the authentication side; and the client of the authenticator verifies the signature in the identity trusted certificate by using the public key corresponding to the identity trusted certificate of the enterprise, and after the verification is passed, the identity trusted certificate of the enterprise is determined to pass the verification.
Step S220, in response to the identity credible certificate of the enterprise side passing the verification, the authenticator generates a certificate source file based on the digital identity of the enterprise side.
The authentication method comprises the following steps that an initial certificate source file is stored in a client of an authenticator; and the authenticator adds the digital identity of the enterprise to the initial certificate source file to generate a certificate source file.
In an optional embodiment, the block chain-based electronic document signing method in the embodiment of the present disclosure may further include: and signing the certificate source file by using a private key in a public and private key pair of the signing terminal, and storing the signed certificate source file to the block chain.
In one implementation, the certificate source file may be converted into uplink data in a blob format, the public-private key of the signing terminal is used to sign the uplink data corresponding to the certificate source file, the uplink data corresponding to the signed certificate source file is stored in the blockchain, and after successful storage, the blockchain feeds back the hash value of the certificate source file and the hash value of the certificate source file.
In an alternative embodiment, step S140 in the embodiment of the present disclosure may include: and signing the electronic authentication certificate to be signed by using the public and private key of the signing terminal, and storing the signed electronic authentication certificate to be signed to the block chain.
In an implementation manner, the electronic authentication certificate to be signed may be converted into cochain data in a blob format, the cochain data corresponding to the electronic authentication certificate to be signed is signed by using a public-private key of the signing terminal, the cochain data corresponding to the signed electronic authentication certificate to be signed is stored in a block chain, and after successful storage, the block chain feeds back a hash value of the electronic authentication certificate to be signed and a stored hash value of the electronic authentication certificate to be signed.
In an optional embodiment, the electronic authentication credential in the embodiments of the present disclosure includes: a credential identification, a digital identity of an authenticator, and a name of the authenticator; as shown in fig. 4, the block chain-based electronic document signing method in the embodiment of the present disclosure may further include the following steps:
step S310, the signing terminal receives the voucher inquiry request sent by the inquiring party.
Wherein the credential query request comprises: the certificate identification of the electronic authentication certificate to be inquired, the digital identity of the authenticator or the name of the authenticator. The certificate identifier may be a BID or DID and is used to uniquely identify an electronic authentication certificate, and the certificate identifier may include a storage address of the electronic authentication certificate identified by the certificate identifier.
The inquiring party may be a business party, a certifying party, or other individual, business, or organization. The inquiring party can send a certificate inquiring request to the signing terminal through the client side of the inquiring party.
Step S320, the signing terminal obtains the electronic authentication credential corresponding to the credential query request based on the credential query request.
The signing terminal checks whether an electronic authentication certificate matched with a certificate identifier of the electronic authentication certificate to be inquired, a digital identity of an authenticator or a name of the authenticator exists in a certificate inquiry request or not on a block chain storing the electronic authentication certificate, and when the electronic authentication certificate exists, the signing terminal determines the electronic authentication certificate matched with the certificate identifier of the electronic authentication certificate to be inquired, the digital identity of the authenticator or the name of the authenticator as the electronic authentication certificate corresponding to the certificate inquiry request; when there is no electronic authentication credential matching the credential identification of the electronic authentication credential to be queried, the digital identity of the authenticator, or the name of the authenticator, a message may be sent to the querying party that the electronic authentication credential was not queried.
Step S330, in response to that the attribute of the electronic authentication credential corresponding to the credential query request is a preset attribute, the signing terminal feeds back the electronic authentication credential corresponding to the credential query request to the querier.
The preset attribute can be set according to actual requirements.
For example, if the predetermined attribute is public, when the attribute of the electronic authentication credential corresponding to the credential query request is public, the electronic authentication credential corresponding to the credential query request may be fed back to the querying party; when the attribute of the electronic authentication voucher corresponding to the voucher inquiry request is not public or private, a check prohibition message can be sent to the inquirer.
In an alternative embodiment, as shown in fig. 5, the block chain-based electronic document signing method in the embodiment of the present disclosure may further include the following steps:
step S410, the subscribing terminal receives the credential verification request sent by the inquiring party.
Wherein the credential verification request includes an electronic authentication credential to be validated. The inquiring party can send a certificate verification request to the signing terminal through the terminal of the inquiring party.
Step S420, based on a preset algorithm, determining a credential feature of the electronic authentication credential to be inspected according to the electronic authentication credential to be inspected.
The preset algorithm may be an algorithm for calculating a credential characteristic of the electronic authentication credential, for example, the preset algorithm may be a hash algorithm. The certificate feature of the electronic authentication certificate may be a hash value of the electronic authentication certificate.
For example, the electronic authentication credential to be inspected may be subjected to hash calculation based on a hash algorithm to obtain a hash value (credential characteristic) of the electronic authentication credential to be inspected.
Step S430, determining whether there is a credential identifier corresponding to the credential feature of the electronic authentication credential to be inspected, based on the credential feature of the electronic authentication credential to be inspected and the credential feature and credential identifier correspondence list.
The signing terminal may create a corresponding list of credential features and credential identifiers, where the corresponding list of credential features and credential identifiers may include: the system comprises a plurality of certificate features and a plurality of certificate identifications, wherein each certificate feature corresponds to one certificate identification in a corresponding list of the certificate features and the certificate identifications.
The certificate identifier corresponding to the certificate feature which is the same as the certificate feature of the electronic authentication certificate to be inspected in the list corresponding to the certificate feature and the certificate identifier may be determined as the certificate identifier corresponding to the certificate feature of the electronic authentication certificate to be inspected.
Step S440, in response to the existence of the credential identifier corresponding to the credential feature of the electronic authentication credential to be inspected, taking the credential identifier corresponding to the credential feature of the electronic authentication credential to be inspected as the target credential identifier.
When a certificate mark corresponding to the certificate feature of the electronic authentication certificate to be inspected exists, taking the certificate mark corresponding to the certificate feature of the electronic authentication certificate to be inspected as a target certificate mark;
when there is no credential identification corresponding to the credential feature of the electronic authentication credential to be verified, a verification failure message may be sent to the inquiring party.
Step S450, determine whether the target credential identifier exists in the query forbidden list.
Wherein the forbidden query list may include a plurality of credential identifications. The target credential identifier may be matched with a credential identifier in the query prohibition list, and when a credential identifier identical to the target credential identifier exists in the query prohibition list, it is determined that the target credential identifier exists in the query prohibition list, and when a credential identifier identical to the target credential identifier does not exist in the query prohibition list, it is determined that the target credential identifier does not exist in the query prohibition list.
And step S460, in response to that the target certificate identification does not exist in the query forbidden list, taking the certificate feature of the electronic authentication certificate identified by the target certificate identification as the target certificate feature.
The electronic authentication certificate identified by the target certificate identification can be obtained through the target certificate identification. The electronic authentication credential identified by the target credential identifier may be hashed by a predetermined algorithm, such as a hash algorithm, to obtain a credential characteristic (hash value) of the electronic authentication credential identified by the target credential identifier.
Step S470, determining a checking result based on the target credential characteristic and the credential characteristic of the electronic authentication credential to be checked, and feeding back the checking result to the inquiring party.
The inspection result may include: and matching the target certificate characteristic with the certificate characteristic of the electronic authentication certificate to be checked.
In one implementation, the target credential characteristic may be matched with a credential characteristic of the electronic authentication credential to be inspected, when the target credential characteristic is the same as the credential characteristic of the electronic authentication credential to be inspected, it is determined that the electronic authentication credential to be inspected is not modified, and when the target credential characteristic is not the same as the credential characteristic of the electronic authentication credential to be inspected, it is determined that the electronic authentication credential to be inspected is modified.
FIG. 6 shows a block diagram of an apparatus for block chain based electronic document signing in an embodiment of the present disclosure. As shown in fig. 6, the block chain-based electronic document signing apparatus of this embodiment includes:
a first receiving module 510, configured to receive, by a subscriber terminal, a certificate source file and authenticator information sent by an authenticator, where the authenticator information includes: the digital identity of the authenticator, an identity credibility certificate, a public key in a first public-private key pair and a public key in a second public-private key pair, wherein the public key in the first public-private key is the same as the public key in the second public-private key pair, the first public-private key pair is generated by the authenticator, the second public-private key pair is generated by a third party, and the certificate source file comprises the digital identity and the enterprise name of the enterprise party;
a first verification module 520, configured to verify, by the signed terminal, an identity trusted credential of the authenticator;
a first generating module 530, configured to, in response to that the trusted identity credential of the authenticator passes verification, generate, by the sign-up terminal, an electronic authentication credential to be signed based on the certificate source file and the digital identity of the authenticator;
a first storage module 540, configured to store, by the signing terminal, the to-be-signed electronic authentication credential to a block chain;
a first signature module 550, configured to sign the to-be-signed electronic authentication credential by using the private key of the first public-private key pair and the private key of the second public-private key pair respectively by the authenticator, so as to obtain an initial electronic authentication credential;
a second verification module 560, configured to determine, by the subscribing terminal, whether the initial electronic authentication credential meets a preset subscription condition;
a first determining module 570, configured to, in response to that the initial electronic authentication credential meets the preset subscription condition, determine, by the subscribing terminal, the initial electronic authentication credential as an electronic authentication credential;
a second storing module 580, configured to store, by the signing terminal, the electronic authentication credential and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain.
Preferably, in the embodiment of the present disclosure, the second verification module 560 includes:
a checking submodule 561 (not shown in the figure) for determining that the initial electronic authentication certificate conforms to a preset signing condition in response to a time length between generation of the to-be-signed electronic authentication certificate and generation of the initial electronic authentication certificate being less than or equal to a preset time length and a signature of the initial electronic authentication certificate conforming to a preset signature integrity condition;
a validation sub-module 562 (not shown) for determining the initial electronic authentication credential as an electronic authentication credential;
a generation submodule 563 (not shown in the figure) for generating a subscription document based on the authenticator information and the electronic authentication credential by the subscription terminal;
a signature submodule 564 (not shown in the figure) configured to sign the signed document with a private key of a public-private key pair of the signed terminal;
stored at block 565 (not shown) is a means for storing the signed subscription document to the blockchain.
Preferably, the block chain-based electronic document signing apparatus in the implementation of the present disclosure further includes:
a third verification module 590 (not shown in the figure) for the authenticator to verify the identity trusted credential of the enterprise;
a second generating module 600 (not shown in the figure) for generating the certificate source file based on the digital identity of the enterprise party, in response to the trusted certificate of identity of the enterprise party being verified.
Preferably, the block chain-based electronic document signing apparatus in the implementation of the present disclosure further includes:
a second signature module 610 (not shown in the figure), configured to sign the certificate source file by using a private key of a public-private key pair of a signing terminal, and store the signed certificate source file into the block chain;
the first storage module 540 is further configured to sign the to-be-signed electronic authentication credential by using a private key of the public-private key pair of the signing terminal, and store the signed to-be-signed electronic authentication credential to the block chain.
Preferably, in this disclosure, the electronic authentication certificate includes: a credential identification, a digital identity of the authenticator, and a name of the authenticator; the block chain-based electronic document signing device further comprises:
a second receiving module 620 (not shown in the figure), configured to receive, by the subscribing terminal, a credential query request sent by a querying party, where the credential query request includes: the method comprises the steps of obtaining a certificate identifier of an electronic authentication certificate to be inquired, a digital identity of an authenticator or a name of the authenticator;
a first obtaining module 630 (not shown in the figure), configured to obtain, by the subscribing terminal, an electronic authentication credential corresponding to the credential query request based on the credential query request;
a first feedback module 640 (not shown in the figure), configured to, in response to that an attribute of the electronic authentication credential corresponding to the credential query request is a preset attribute, feed back, by the signing terminal, the electronic authentication credential corresponding to the credential query request to the querying party.
Preferably, the block chain-based electronic document signing apparatus in the implementation of the present disclosure further includes:
a third receiving module 650 (not shown in the figure) configured to receive, by the subscribing terminal, a credential verification request sent by the querying party, where the credential verification request includes an electronic authentication credential to be verified;
a second determining module 660 (not shown in the figure) configured to determine, based on a preset algorithm, a credential feature of the electronic authentication credential to be inspected according to the electronic authentication credential to be inspected;
a third determining module 670 (not shown in the figure) for determining whether a credential identifier corresponding to the credential feature of the electronic authentication credential to be inspected exists based on the credential feature of the electronic authentication credential to be inspected and the credential feature and credential identifier correspondence list;
a fourth determining module 680 (not shown in the drawings), configured to, in response to existence of a credential identifier corresponding to the credential feature of the electronic authentication credential to be inspected, take the credential identifier corresponding to the credential feature of the electronic authentication credential to be inspected as a target credential identifier;
a fifth determination module 690 (not shown) for determining whether the target credential identification is present in a query-prohibited list;
a sixth determining module 700 (not shown in the figure) for, in response to the target credential identifier not being present in the query forbidden list, regarding a credential feature of the electronic authentication credential identified by the target credential identifier as a target credential feature;
a seventh determining module 710 (not shown in the figure), configured to determine a checking result based on the target credential characteristic and the credential characteristic of the electronic authentication credential to be checked, and feed the checking result back to the inquiring party.
In addition, an embodiment of the present disclosure also provides an electronic device, including:
a memory for storing a computer program;
a processor, configured to execute the computer program stored in the memory, and when the computer program is executed, the method for signing an electronic document based on a block chain according to any of the above embodiments of the present disclosure is implemented.
Fig. 7 is a schematic structural diagram of an application embodiment of the electronic device of the present disclosure. As shown in fig. 7, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions.
The memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by a processor to implement the blockchain-based electronic document signing methods of the various embodiments of the disclosure described above and/or other desired functionality.
In one example, the electronic device may further include: an input device and an output device, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
The input device may also include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, and the like to the outside. The output devices may include, for example, a display, speakers, printer, and a communication network and its connected remote output devices, among others.
Of course, for simplicity, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 7, omitting components such as buses, input/output interfaces, and so forth. In addition, the electronic device may include any other suitable components, depending on the particular application.
In addition to the above methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the block chain based electronic document signing method according to the various embodiments of the present disclosure described in the above sections of this specification.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the steps in the block chain-based electronic document signing method according to the various embodiments of the present disclosure described in the above section of this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Those of ordinary skill in the art will understand that: all or part of the steps of implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer-readable storage medium, and when executed, executes the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The basic principles of the present disclosure have been described above in connection with specific embodiments, but it should be noted that advantages, effects, and the like, mentioned in the present disclosure are only examples and not limitations, and should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure is not intended to be limited to the specific details so described.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The block diagrams of devices, apparatuses, systems referred to in this disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably herein. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the devices, apparatuses, and methods of the present disclosure, each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.
Claims (10)
1. A block chain-based electronic document signing method is characterized by comprising the following steps:
the signing terminal receives a certificate source file and authenticator information sent by an authenticator, wherein the authenticator information comprises: the digital identity of the authenticator, an identity credibility certificate, a public key in a first public-private key pair and a public key in a second public-private key pair, wherein the public key in the first public-private key is the same as the public key in the second public-private key pair, the first public-private key pair is generated by the authenticator, the second public-private key pair is generated by a third party, and the certificate source file comprises the digital identity and the enterprise name of the enterprise party;
the signing terminal verifies the identity credible certificate of the authenticator;
responding to the verification that the identity credible certificate of the authenticator passes, and generating an electronic authentication certificate to be signed by the signing terminal based on the certificate source file and the digital identity of the authenticator;
the signing terminal stores the electronic authentication certificate to be signed to a block chain;
the authenticator carries out signature processing on the electronic authentication certificate to be signed by respectively using the first public-private key pair private key and the second public-private key pair private key to obtain an initial electronic authentication certificate;
the signing terminal determines whether the initial electronic authentication voucher meets a preset signing condition;
in response to the initial electronic authentication certificate meeting the preset signing condition, the signing terminal determines the initial electronic authentication certificate as an electronic authentication certificate;
and the signing terminal stores the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain.
2. The method of claim 1, wherein the subscribing terminal determining whether the initial electronic authentication credential meets a preset subscription condition comprises:
in response to the fact that the time length between the generation of the electronic authentication certificate to be signed and the generation of the initial electronic authentication certificate is less than or equal to the preset time length and the signature of the initial electronic authentication certificate meets the preset signature integrity condition, determining that the initial electronic authentication certificate meets the preset signing condition;
determining the initial electronic authentication certificate as an electronic authentication certificate;
the signing terminal generates a signing document based on the authenticator information and the electronic authentication certificate;
signing the signing document by using a public-private key pair and a private key of the signing terminal;
and storing the signed signing document to the block chain.
3. The method of claim 2, further comprising:
the authenticator verifies the identity credible certificate of the enterprise party;
in response to the trusted certificate of identity of the enterprise party being verified, the authenticator generates the certificate source file based on the digital identity of the enterprise party.
4. The method of claim 3, further comprising:
signing the certificate source file by using a private key of a public and private key pair of a signing terminal, and storing the signed certificate source file to the block chain;
the signing terminal stores the electronic authentication certificate to be signed to a block chain, and the signing terminal comprises:
and signing the electronic authentication certificate to be signed by using a public-private key pair and a private key of the signing terminal, and storing the signed electronic authentication certificate to be signed to the block chain.
5. The method of any of claims 1-4, wherein the electronic authentication credentials comprise: a credential identification, a digital identity of the authenticator, and a name of the authenticator;
the method further comprises the following steps:
the signing terminal receives a certificate query request sent by a query party, wherein the certificate query request comprises: the certificate identification of the electronic authentication certificate to be inquired, the digital identity of the authenticator or the name of the authenticator;
the signing terminal acquires an electronic authentication certificate corresponding to the certificate query request based on the certificate query request;
and in response to the fact that the attribute of the electronic authentication certificate corresponding to the certificate inquiry request is a preset attribute, the signing terminal feeds back the electronic authentication certificate corresponding to the certificate inquiry request to the inquirer.
6. The method of claim 5, further comprising:
the signing terminal receives a certificate verification request sent by the inquiring party, wherein the certificate verification request comprises an electronic authentication certificate to be checked;
determining the certificate characteristics of the electronic authentication certificate to be inspected according to the electronic authentication certificate to be inspected based on a preset algorithm;
determining whether a certificate mark corresponding to the certificate feature of the electronic authentication certificate to be inspected exists or not based on the certificate feature of the electronic authentication certificate to be inspected and the certificate feature and certificate mark corresponding list;
in response to the existence of the certificate identification corresponding to the certificate feature of the electronic authentication certificate to be inspected, taking the certificate identification corresponding to the certificate feature of the electronic authentication certificate to be inspected as a target certificate identification;
determining whether the target credential identification is present in a query-prohibited list;
in response to the target credential identifier not being present in the query-prohibited list, taking a credential feature of the electronic authentication credential identified by the target credential identifier as a target credential feature;
and determining an inspection result based on the target certificate characteristic and the certificate characteristic of the electronic authentication certificate to be inspected, and feeding the inspection result back to the inquiring party.
7. An electronic document signing apparatus based on a blockchain, comprising:
a first receiving module, configured to receive, by a signing terminal, a certificate source file and authenticator information sent by an authenticator, where the authenticator information includes: the digital identity of the authenticator, an identity credibility certificate, a public key in a first public-private key pair and a public key in a second public-private key pair, wherein the public key in the first public-private key is the same as the public key in the second public-private key pair, the first public-private key pair is generated by the authenticator, the second public-private key pair is generated by a third party, and the certificate source file comprises the digital identity and the enterprise name of the enterprise party;
the first verification module is used for verifying the identity credible certificate of the authenticator by the signed terminal;
the first generating module is used for responding to the verification that the identity credible certificate of the authenticator passes, and the signing terminal generates an electronic authentication certificate to be signed based on the certificate source file and the digital identity of the authenticator;
the first storage module is used for storing the electronic authentication voucher to be signed to a block chain by the signing terminal;
the first signature module is used for the authenticator to carry out signature processing on the electronic authentication certificate to be signed by respectively using the first public-private key pair private key and the second public-private key pair private key to obtain an initial electronic authentication certificate;
the second verification module is used for determining whether the initial electronic authentication certificate meets the preset signing conditions or not by the signing terminal;
the first determining module is used for responding to the fact that the initial electronic authentication certificate accords with the preset signing condition, and the signing terminal determines the initial electronic authentication certificate as an electronic authentication certificate;
and the second storage module is used for storing the electronic authentication certificate and the public key in the first public-private key pair or the public key in the second public-private key pair to the block chain by the signing terminal.
8. The apparatus of claim 7, wherein the second authentication module comprises:
the verification submodule is used for responding that the time length between the generation of the electronic authentication certificate to be signed and the generation of the initial electronic authentication certificate is less than or equal to the preset time length, and the signature in the initial electronic authentication certificate accords with the preset signature complete condition, and determining that the initial electronic authentication certificate accords with the preset signing condition;
the confirming submodule is used for determining the initial electronic authentication certificate as an electronic authentication certificate;
the generation submodule is used for generating a signing document by the signing terminal based on the authenticator information and the electronic authentication certificate;
the signing sub-module is used for signing the signing document by using a private key and a public key of the signing terminal;
and the storage module is used for storing the signed signing document to the block chain.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in the memory, and when executed, implementing the method of any of the preceding claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211283057.8A CN115361233B (en) | 2022-10-20 | 2022-10-20 | Block chain-based electronic document signing method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211283057.8A CN115361233B (en) | 2022-10-20 | 2022-10-20 | Block chain-based electronic document signing method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115361233A true CN115361233A (en) | 2022-11-18 |
| CN115361233B CN115361233B (en) | 2023-02-03 |
Family
ID=84008265
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211283057.8A Active CN115361233B (en) | 2022-10-20 | 2022-10-20 | Block chain-based electronic document signing method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115361233B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115545977A (en) * | 2022-11-23 | 2022-12-30 | 中国信息通信研究院 | Block chain-based electronic contract signing method and device, equipment and medium |
| CN115664867A (en) * | 2022-12-27 | 2023-01-31 | 成都天府通数字科技有限公司 | Electronic contract signing device and method based on third party authentication |
| CN116388961A (en) * | 2023-04-12 | 2023-07-04 | 国网河北省电力有限公司 | Certificate data intelligent checking method based on homomorphic encryption and zero knowledge proof |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107579827A (en) * | 2017-06-06 | 2018-01-12 | 江苏慧世联网络科技有限公司 | It is a kind of that method is signed based on the electronic document of trusted third party and facial recognition techniques |
| CN109377198A (en) * | 2018-12-24 | 2019-02-22 | 上海金融期货信息技术有限公司 | A kind of signing system known together in many ways based on alliance's chain |
| CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
| CN111444260A (en) * | 2020-02-13 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Application platform of electronic certificate based on block chain |
| CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN112913185A (en) * | 2018-07-27 | 2021-06-04 | 朴琪业 | Node group management device and computing device for constructing double signature transaction structure based on group key on block chain network |
| US20210234675A1 (en) * | 2019-12-16 | 2021-07-29 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| CN114168915A (en) * | 2021-12-14 | 2022-03-11 | 杨宁波 | Block chain digital identity generation and verification method |
| CN115208698A (en) * | 2022-09-15 | 2022-10-18 | 中国信息通信研究院 | Block chain-based Internet of things identity authentication method and device |
-
2022
- 2022-10-20 CN CN202211283057.8A patent/CN115361233B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107579827A (en) * | 2017-06-06 | 2018-01-12 | 江苏慧世联网络科技有限公司 | It is a kind of that method is signed based on the electronic document of trusted third party and facial recognition techniques |
| CN112913185A (en) * | 2018-07-27 | 2021-06-04 | 朴琪业 | Node group management device and computing device for constructing double signature transaction structure based on group key on block chain network |
| CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
| CN109377198A (en) * | 2018-12-24 | 2019-02-22 | 上海金融期货信息技术有限公司 | A kind of signing system known together in many ways based on alliance's chain |
| US20210234675A1 (en) * | 2019-12-16 | 2021-07-29 | Bull Sas | Secure, decentralized, automated platform and multi-actors for object identity management through the use of a block chain technology |
| CN111444260A (en) * | 2020-02-13 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Application platform of electronic certificate based on block chain |
| CN111639361A (en) * | 2020-05-15 | 2020-09-08 | 中国科学院信息工程研究所 | Block chain key management method, multi-person common signature method and electronic device |
| CN114168915A (en) * | 2021-12-14 | 2022-03-11 | 杨宁波 | Block chain digital identity generation and verification method |
| CN115208698A (en) * | 2022-09-15 | 2022-10-18 | 中国信息通信研究院 | Block chain-based Internet of things identity authentication method and device |
Non-Patent Citations (2)
| Title |
|---|
| 沈智镔等: "基于区块链的电子签名和印章应用体系设计", 《水利信息化》 * |
| 郑明辉等: "车联网中基于群签名的身份认证协议研究", 《工程科学与技术》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115545977A (en) * | 2022-11-23 | 2022-12-30 | 中国信息通信研究院 | Block chain-based electronic contract signing method and device, equipment and medium |
| CN115664867A (en) * | 2022-12-27 | 2023-01-31 | 成都天府通数字科技有限公司 | Electronic contract signing device and method based on third party authentication |
| CN115664867B (en) * | 2022-12-27 | 2023-04-07 | 成都天府通数字科技有限公司 | Electronic contract signing device and method based on third party authentication |
| CN116388961A (en) * | 2023-04-12 | 2023-07-04 | 国网河北省电力有限公司 | Certificate data intelligent checking method based on homomorphic encryption and zero knowledge proof |
| CN116388961B (en) * | 2023-04-12 | 2024-04-02 | 国网河北省电力有限公司 | Certificate data intelligent checking method based on homomorphic encryption and zero knowledge proof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115361233B (en) | 2023-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115361233B (en) | Block chain-based electronic document signing method, device, equipment and medium | |
| CN108933667B (en) | Management method and management system of public key certificate based on block chain | |
| EP1622301B1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
| KR20080106532A (en) | Generation of electronic signatures | |
| CN115460019B (en) | Method, apparatus, device and medium for providing digital identity-based target application | |
| CN115208698B (en) | Block chain-based Internet of things identity authentication method and device | |
| WO2020173019A1 (en) | Access certificate verification method and device, computer equipment and storage medium | |
| CN116150234A (en) | Block chain-based data certification method, device, equipment and medium | |
| CN116132071B (en) | Identity authentication method and device for identification analysis node based on blockchain | |
| CN115964733B (en) | Block chain-based data sharing method and device, electronic equipment and storage medium | |
| CN115982247B (en) | Block chain-based account information query method and device, equipment and medium | |
| CN115550060B (en) | Trusted certificate verification method, device, equipment and medium based on block chain | |
| US11863689B1 (en) | Security settlement using group signatures | |
| CN115514578A (en) | Block chain based data authorization method and device, electronic equipment and storage medium | |
| CN115345760B (en) | Multi-party signing method and device based on block chain, electronic equipment and storage medium | |
| CN115664861B (en) | Identity information verification method and device based on block chain, equipment and medium | |
| CN114448729B (en) | Identity authentication method and device for client in industrial internet | |
| CN116975937B (en) | Anonymous attestation method and anonymous verification method | |
| CN116405319B (en) | Block chain-based carbon financial credential sharing method, device, equipment and medium | |
| CN116842587B (en) | Block chain-based credential transfer method and apparatus, electronic device and storage medium | |
| CN116975936B (en) | Finance qualification proving method and finance qualification verifying method | |
| CN115545977A (en) | Block chain-based electronic contract signing method and device, equipment and medium | |
| JP2023132934A (en) | Authentication information signature system, authentication device, authentication information signature program, and authentication information signature method | |
| WO2023148178A1 (en) | Method and system for permission management | |
| JP2024503173A (en) | Method and system for registering digital media and verifying registration of digital media |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |