CN115834071A - Automatic electronic seal updating method and system - Google Patents
Automatic electronic seal updating method and system Download PDFInfo
- Publication number
- CN115834071A CN115834071A CN202211200842.2A CN202211200842A CN115834071A CN 115834071 A CN115834071 A CN 115834071A CN 202211200842 A CN202211200842 A CN 202211200842A CN 115834071 A CN115834071 A CN 115834071A
- Authority
- CN
- China
- Prior art keywords
- electronic
- electronic seal
- original
- signer
- signature certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to an automatic updating method and system of an electronic seal, comprising the following steps: when the remaining time of the original signer signing certificate is less than the threshold value, the electronic signer updates the original signer signing certificate through the CA center to obtain a target signer signing certificate; the electronic seal management terminal acquires an original signer signature certificate of each electronic seal from original electronic seal data corresponding to the original signer signature certificate; when the remaining time of the original signer signature certificate is less than the threshold, the electronic signer management end updates the original signer signature certificate through the CA center until a target signer signature certificate corresponding to each electronic signer is obtained; and the electronic seal management terminal generates at least one target electronic seal data according to the target signer signature certificate and each target signer signature certificate. The invention improves the updating efficiency of the electronic seal and also reduces the economic cost and the error rate of the electronic seal without influencing the normal use of the electronic seal.
Description
Technical Field
The invention relates to the technical field of digital encryption, in particular to an automatic electronic seal updating method and system.
Background
Due to the popularization of electronic seal application, a large number of electronic seals are used in electronic government affairs and application systems of various enterprises, but because a digital certificate is required to be arranged in each electronic seal to ensure the legal validity of the electronic seal, and the validity period of the digital certificate is generally 1-5 years, in order to ensure that the electronic seal always keeps the legal validity, the electronic seal must be continuously updated according to the validity period of the digital certificate. At present, the updating is manual maintenance, the cost is high, the error is easy to occur, and the electronic seal needs to be frozen during the maintenance period, so that the electronic seal cannot be normally used.
Therefore, it is desirable to provide a technical solution to solve the above technical problems.
Disclosure of Invention
In order to solve the technical problem, the invention provides an automatic electronic seal updating method and system.
The technical scheme of the automatic electronic seal updating method of the invention is as follows:
s1, when the remaining effective time of an original signer signature certificate of a user is smaller than a first preset threshold, an electronic signer updates the original signer signature certificate through a CA center to obtain a target signer signature certificate;
s2, the electronic seal management terminal acquires an original signer signature certificate of each electronic seal from at least one piece of original electronic seal data corresponding to the original signer signature certificate; wherein, each original electronic seal data corresponds to an electronic seal;
s3, when the remaining effective time of any original signer signature certificate is smaller than a second preset threshold, the electronic signer management end updates the any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to the any original signer signature certificate until a target signer signature certificate corresponding to each electronic signer is obtained;
s4, the electronic seal management terminal generates at least one target electronic seal data according to the target signer signature certificate and each target signer signature certificate; wherein, each target electronic seal data corresponds to an original electronic seal data.
The automatic updating method of the electronic seal has the following beneficial effects:
the method of the invention improves the updating efficiency of the electronic seal and reduces the economic cost and the error rate of the electronic seal without influencing the normal use of the electronic seal.
On the basis of the scheme, the automatic electronic seal updating method can be further improved as follows.
Further, before S1, the method further includes:
s01, the electronic signer obtains the original signer signature certificate from a first scrambler and sends the original signer signature certificate and the number of the first electronic seals corresponding to the original signer signature certificate to the electronic seal management end;
s02, the electronic seal management terminal obtains the number of second electronic seals corresponding to the original signer signature certificate from a seal database, and judges whether the sum of the number of the first electronic seals and the number of the second electronic seals is greater than 1 to obtain a first judgment result;
s03, when the first judgment result is yes, the electronic seal management terminal verifies the validity of the original signer signature certificate through the CA center to obtain a first validity result and sends the first validity result to the electronic signature terminal;
the S1 comprises:
and when the first validity result is yes and the remaining valid time of the original signer signature certificate is less than a first preset threshold, the electronic signature end updates the original signer signature certificate through a CA center to obtain a target signer signature certificate.
Further, the S2 includes:
the electronic seal management end analyzes each original electronic seal data to obtain electronic seal metadata corresponding to each original electronic seal data, and obtains an original signer signature certificate of each electronic seal from each electronic seal metadata.
Further, the original electronic seal data includes: first original electronic seal data and second original electronic seal data; before S2, further comprising:
when the first scrambler comprises at least one piece of first original electronic seal data corresponding to the original signer signature certificate, the electronic signature end acquires all the first original electronic seal data from the first scrambler and sends the target signer signature certificate and all the first original electronic seal data to the electronic seal management end;
and when the seal database contains at least one second original electronic seal data corresponding to the original signer signature certificate, the electronic seal management terminal extracts all the second original electronic seal data from the seal database.
Further, before S3, the method further includes:
the electronic seal management terminal verifies the validity of any original signer signature certificate through the CA center to obtain a second validity result;
the S3 comprises the following steps:
when the second validity result of any original signer signature certificate is yes and the remaining valid time of any original signer signature certificate is smaller than a second preset threshold, the electronic signer management end updates any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to any original signer signature certificate until the target signer signature certificate corresponding to each electronic signer is obtained.
Furthermore, the electronic seal management end corresponds to a second scrambler; the S3 comprises the following steps:
and the electronic seal management terminal updates any original signer signature certificate stored in the second cipher device to a corresponding target signer signature certificate until the original signer signature certificate of each electronic seal stored in the second cipher device is updated to the corresponding target signer signature certificate.
Further, the target electronic seal data includes: first target electronic seal data and second target electronic seal data, the method further comprising:
the electronic seal management end sends each first target electronic seal data to the electronic signature end so that the electronic signature end updates each first original electronic seal data in the first cipher device into corresponding first target electronic seal data;
and the electronic seal management terminal updates each second original electronic seal data in the seal database into corresponding second target electronic seal data.
The technical scheme of the automatic electronic seal updating system is as follows:
the method comprises the following steps: the electronic seal management terminal is connected with the electronic seal terminal;
the electronic signature terminal is used for: when the remaining effective time of the original signer signature certificate of the user is less than a first preset threshold, updating the original signer signature certificate through a CA center to obtain a target signer signature certificate;
the electronic seal management end is used for: acquiring an original signer signature certificate of each electronic signet from at least one original electronic signer data corresponding to the original signer signature certificate; wherein, each original electronic seal data corresponds to an electronic seal;
the electronic seal management terminal is also used for: when the remaining effective time of any original signer signature certificate is smaller than a second preset threshold, updating any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to any original signer signature certificate until a target signer signature certificate corresponding to each electronic seal is obtained;
the electronic seal management terminal is also used for: generating at least one target electronic seal data according to the target signer signature certificate and each target signer signature certificate; wherein, each target electronic seal data corresponds to an original electronic seal data.
The electronic seal automatic updating system has the following beneficial effects:
the system of the invention improves the updating efficiency of the electronic seal and also reduces the economic cost and the error rate of the electronic seal while not influencing the normal use of the electronic seal.
On the basis of the scheme, the automatic electronic seal updating system can be further improved as follows.
Further, the electronic signature terminal is further configured to: acquiring and sending the original signer signature certificate and the number of the first electronic seals corresponding to the original signer signature certificate from a first scrambler to the electronic seal management terminal;
the electronic seal management terminal is also used for: acquiring the number of second electronic seals corresponding to the original signer signature certificate from a seal database, and judging whether the sum of the number of the first electronic seals and the data of the second electronic seals is greater than or equal to 1 or not to obtain a first judgment result;
the electronic seal management terminal is also used for: when the first judgment result is yes, verifying the validity of the original signer signing certificate through the CA center to obtain and send a first validity result to the electronic signature end;
the electronic signature terminal is specifically configured to:
and when the first validity result is yes and the residual valid time of the original signer signing certificate is smaller than a first preset threshold, updating the original signer signing certificate through a CA center to obtain a target signer signing certificate.
Further, the electronic signature terminal is specifically configured to:
and analyzing each original electronic seal data to obtain electronic seal metadata corresponding to each original electronic seal data, and acquiring an original signer signature certificate of each electronic seal from each electronic seal metadata.
Drawings
FIG. 1 is a schematic flow chart of an automatic electronic seal updating method according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of electronic seal data in an electronic seal automatic updating method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic seal automatic updating system according to an embodiment of the present invention.
Detailed Description
As shown in fig. 1, a first embodiment of an automatic electronic seal updating method according to the present invention includes the following steps:
s1, when the remaining effective time of an original signer signature certificate of a user is smaller than a first preset threshold, an electronic signer updates the original signer signature certificate through a CA center to obtain a target signer signature certificate.
The original signer signature certificate is a signature certificate which needs to be updated by the user, and the target signer signature certificate is an updated signature certificate. The original signer signing certificate is stored in a first scrambler corresponding to the electronic signing terminal.
The electronic signature end is an initiating end for initiating the updating of the electronic seal, and a user can initiate an updating request through the electronic signature end. The electronic signature end may be a client, such as a desktop computer or a mobile phone terminal, or a server of an electronic signature service center, and the like, without limitation.
The first preset threshold is a time threshold set by the system, and may be 24 hours, 3 days, 7 days, and the like, which is not limited herein.
The CA center is an authority organization for issuing, maintaining and updating the digital certificate, and the CA center is a digital certificate authentication center for short.
S2, the electronic seal management terminal obtains the original signer signature certificate of each electronic seal from at least one piece of original electronic seal data corresponding to the original signer signature certificate.
Each original electronic seal data corresponds to an electronic seal, and each electronic seal corresponds to an original signer signature certificate.
The electronic seal management terminal is an electronic seal management terminal, and in this embodiment, the validity of the electronic signature certificate and whether the signature certificate is about to expire or not can be verified.
The original signer signature certificate corresponds to a plurality of original electronic seal data, and the original electronic seal data is stored in a seal database of a first scrambler or an electronic seal management terminal. Specifically, the electronic seal used by the electronic signing terminal may be stored in the first scrambler of the electronic signing terminal, or may be stored in the seal database of the electronic seal management terminal (in this case, when the seal is used, the electronic seal management terminal obtains the signature certificate of the original signer in the first scrambler of the electronic signing terminal from the seal database and returns the signature certificate to the electronic signing terminal).
The original signer signature certificate is obtained by analyzing electronic stamp data through an electronic stamp management end.
It should be noted that, both the electronic signature end and the electronic seal management end are provided with a scrambler, where a first scrambler of the electronic signature end is used to store a signer signature certificate in the electronic seal data, and a second scrambler of the electronic seal management end is used to store a signer signature book in the electronic seal data. Correspondingly, when signing, the first scrambler of the electronic signature end is used for carrying out digital signature, and when making the signature, the second scrambler of the electronic seal management end is used for carrying out digital signature.
And S3, when the remaining effective time of any original signer signature certificate is less than a second preset threshold, the electronic signer management end updates any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to any original signer signature certificate until a target signer signature certificate corresponding to each electronic signer is obtained.
The second preset threshold is a time threshold set by the system, and may be 24 hours, 3 days, 7 days, and the like, which is not limited herein. The target signer signature certificate is an updated signer signature certificate.
And S4, the electronic seal management terminal generates at least one piece of target electronic seal data according to the target signer signature certificate and each target signer signature certificate.
Wherein, each target electronic seal data corresponds to an original electronic seal data.
Wherein, each target electronic seal data is generated according to a target signer signature certificate and a target signer signature certificate.
Preferably, before S1, the method further comprises:
and S01, the electronic signer obtains the original signer signature certificate from the first scrambler and sends the original signer signature certificate and the number of the first electronic seals corresponding to the original signer signature certificate to the electronic seal management terminal.
Wherein, the first scrambler is: any one of the smart key, the combination card or the combination machine is not limited herein.
It should be noted that the operating principle of the first scrambler is as follows: the first cipher device is a device for executing digital signature (which can comprise signature verification) and digital encryption and decryption, and supports RSA algorithm, DSA algorithm, ECC algorithm, D-H algorithm, SM2 algorithm and the like; the electronic seal updating process of the embodiment needs to automatically check the PIN code by using the user PIN code of the first scrambler before all digital signatures and decryptions, and before updating the signature certificate of a signer, the encrypted public and private key pair and the encrypted certificate; and the electronic seal can also have a storage space which can be used for storing electronic seal data of the electronic signature end.
Wherein, the number of the first electronic seal is as follows: the number of electronic seals stored in the first scrambler that contain the original signer signature certificate.
Specifically, (1) after a user initiates a signature at an electronic signature end, the electronic signature end acquires an original signer signature certificate of the user from a first scrambler; (2) acquiring the number of first electronic seals containing original signer signature certificates from a signer certificate list of a first scrambler; (3) and carrying out data packaging on the original signer signature certificate and the number of the first electronic seals, and sending the data to an electronic seal management terminal after sequentially carrying out data signature, encryption and encapsulation.
S02, the electronic seal management terminal obtains the number of second electronic seals corresponding to the original signer signature certificate from a seal database, and judges whether the sum of the number of the first electronic seals and the number of the second electronic seals is greater than or equal to 1 to obtain a first judgment result.
Wherein, the second electronic seal quantity is: the number of electronic seals stored in the seal database that contain the original signer signature certificates.
If the sum of the number of the first electronic seals and the data of the second electronic seals is equal to 0, the electronic seals which do not use the original signer signature certificate as the signer certificate are indicated; and when the sum of the number of the first electronic seals and the data of the second electronic seals is greater than or equal to 1, continuing to execute the subsequent steps.
Specifically, (1) the electronic seal management terminal obtains an original signer signature certificate and the number of first electronic seals from data sent by the received electronic signature terminal; (2) the electronic seal management terminal acquires the number of second electronic seals containing the original signer signature certificate from a signer signature certificate list in the seal database; (3) and the electronic seal management end calculates whether the sum of the number of the first electronic seals and the number of the second electronic seals is greater than or equal to 1.
And S03, when the first judgment result is yes, the electronic seal management terminal verifies the validity of the original signer signature certificate through the CA center to obtain a first validity result and sends the first validity result to the electronic signature terminal.
Wherein the first validity result is: the original signer signature certificate is valid or the original signer signature certificate is invalid.
Specifically, when the sum of the number of the first electronic seals and the number of the second electronic seals is more than or equal to 1, the electronic seal management terminal accesses a CA center, and the validity of the original signer signature certificate is verified through the CA center; and when the original signer signature certificate is valid, sending a first validity result (the original signer signature certificate is valid) to the electronic signature end.
The S1 comprises:
and when the first validity result is yes and the remaining valid time of the original signer signature certificate is less than a first preset threshold, the electronic signature end updates the original signer signature certificate through a CA center to obtain a target signer signature certificate.
Specifically, (1) when the original signer signature certificate is valid and the remaining valid time of the original signer signature certificate is less than a first preset threshold (default 24 hours), the electronic seal management terminal marks the original signer signature certificate as needing to be updated; (2) the electronic signature end reads a list of first original electronic seal data containing an original signer signature certificate from a signer signature certificate list in the first scrambler; (3) the electronic signature end sends a request for automatically updating the original signer signature certificate to the CA center, updates the encrypted public and private keys and the encrypted certificate of the first cipher device where the original signer signature certificate and the original signer signature certificate are located, and the updated signature certificate is the target signer signature certificate.
Preferably, the S2 includes:
the electronic seal management end analyzes each original electronic seal data to obtain electronic seal metadata corresponding to each original electronic seal data, and obtains an original signer signature certificate of each electronic seal from each electronic seal metadata.
It should be noted that the electronic seal data is formed by encapsulating a series of data, and the analysis of the electronic seal data is to analyze the data according to the encapsulation rule. For the encapsulation of the electronic seal data, the technical specification of GMT 0031-2014 secure electronic signature password application or the technical specification of GB/T38540-2020 information security technology secure electronic signature password may be adopted, or a proprietary encapsulation manner of each system may be adopted, without limitation.
FIG. 2 is a schematic diagram of the structure of electronic seal data; each electronic seal data includes a plurality of electronic seal metadata, such as: electronic seal information (seal name, seal ID, seal validity period, seal type, stamp data, seal making time, etc.), signer signature certificate list, signer signature certificate, signature algorithm identification and signature value.
Specifically, (1) the electronic seal management end analyzes each original electronic seal data respectively to obtain at least one electronic seal metadata corresponding to each original electronic seal data; (2) and the electronic seal management terminal acquires the original signer signature certificate of each electronic seal from all the corresponding electronic seal metadata in each original electronic seal data.
Preferably, the original electronic seal data includes: first original electronic seal data and second original electronic seal data.
The first original electronic seal data is electronic seal data stored in a first cipher device corresponding to the electronic signature end; the second original electronic seal data is the electronic seal data stored in the seal database corresponding to the electronic seal management end.
Before S2, further comprising:
when the first scrambler comprises at least one piece of first original electronic seal data corresponding to the original signer signature certificate, the electronic signature end acquires all the first original electronic seal data from the first scrambler and sends the target signer signature certificate and all the first original electronic seal data to the electronic seal management end;
and when the seal database contains at least one second original electronic seal data corresponding to the original signer signature certificate, the electronic seal management terminal receives all the second original electronic seal data from the seal database.
Preferably, before S3, the method further includes:
and the electronic seal management terminal verifies the validity of any original signer signature certificate through the CA center to obtain a second validity result.
Wherein the second validity result is: the original signer signature certificate is valid or the original signer signature certificate is invalid.
Specifically, the electronic seal management terminal accesses the CA center to verify the validity of any original signer signature certificate to obtain a second validity result of the original signer signature certificate.
The S3 comprises the following steps:
when the second validity result of any original signer signature certificate is yes and the residual valid time of any original signer signature certificate is smaller than a second preset threshold, the electronic signer management end updates any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to any original signer signature certificate until the target signer signature certificate corresponding to each electronic signer is obtained.
Specifically, when any original signer signature certificate is valid and the remaining valid time of the certificate is less than 24 hours (24 hours is a default value and is adjustable), the electronic seal management end initiates a request for automatically updating the signature certificate to the CA center, and updates the original signer signature certificate through the CA center to obtain a corresponding target signer signature certificate until a target signer signature certificate corresponding to each electronic seal is obtained.
Preferably, the electronic seal management end corresponds to a second scrambler; the method further comprises the following steps:
and the electronic seal management terminal updates any original signer signature certificate stored in the second scrambler into the corresponding target signer signature certificate until the original signer signature certificate of each electronic seal stored in the second scrambler is updated into the corresponding target signer signature certificate.
Specifically, the electronic seal management terminal updates each original signer signature certificate stored in the second scrambler to a corresponding target signer signature certificate.
Furthermore, in this embodiment, the method further includes: (1) updating the seal making time in each electronic seal metadata to the current time by the electronic seal management end; (2) the electronic seal management terminal regenerates new electronic seal information according to the updated electronic seal metadata; (3) the electronic seal management terminal calls a second scrambler interface and signs new electronic seal information by using a private key corresponding to the signature certificate of the target signer; (4) and the electronic seal management terminal generates the target electronic seal data by the new electronic seal information, the target signer signature certificate, the signature algorithm identification and the signature value.
Preferably, the target electronic seal data includes: first target electronic seal data and second target electronic seal data, the method further comprising:
and the electronic seal management end sends each first target electronic seal data to the electronic signature end so that the electronic signature end updates each first original electronic seal data in the first cipher device into corresponding first target electronic seal data.
Specifically, the electronic seal management terminal sends each first target electronic seal data to the electronic signature terminal; the electronic signature end verifies the validity of the first target electronic seal data by using the signature certificate of the target signer; when the first target electronic seal data is valid, the electronic signature end calls the first cipher device interface, and the corresponding first original electronic seal data stored in the first cipher device corresponding to the electronic signature end is updated by using all the first target electronic seal data, so that the electronic seal of the electronic signature end is updated.
And the electronic seal management terminal updates each second original electronic seal data in the seal database into corresponding second target electronic seal data.
Specifically, the electronic seal management terminal updates each second original electronic seal data in the seal database by using all second target electronic seal data, so that the electronic seal update of the electronic seal management terminal is completed.
The technical scheme of the embodiment improves the updating efficiency of the electronic seal and reduces the economic cost and the error rate of the electronic seal while not influencing the normal use of the electronic seal.
The second embodiment of the automatic electronic seal updating method of the invention comprises the following steps:
step 1: when a user initiates a signature at an electronic signature end, acquiring an original signer signature certificate from a first scrambler;
step 2: the electronic signature end acquires the number of first electronic seals containing the original signer signature certificate in the signer certificate list from the first scrambler;
and step 3: generating a random digital character string by the electronic signature end, assembling the random character string and the number of the first electronic seals into request data, and assembling the data by using languages such as JSON, XML, asn.1 and the like;
and 4, step 4: the electronic signature end calls a first scrambler interface to sign the request data by using a private key corresponding to the original signer signature certificate;
and 5: the electronic signer end assembles the request data, the original signer signature certificate, the signature algorithm identification and the signature value into signature data and sends a request for verifying the validity of the original signer signature certificate and the signature data to the electronic signer management end;
step 6: the electronic seal management end verifies the signature data, the following steps are continued after the verification is passed, otherwise, the electronic signature end returns that the signature verification of the electronic signature end fails, the electronic signature end stops updating the electronic seal and signature operation, and error information is presented on a UI;
and 7: the electronic seal management terminal acquires the number of second electronic seals containing the original signer signature certificate in the signer signature certificate list from the seal database;
and 8: the electronic seal management end calculates the sum of the number of the first electronic seals and the number of the second electronic seals, if the sum is more than or equal to 1, the following steps are continued, otherwise, the information that the electronic signature end has no renewable electronic seal is returned;
and step 9: the electronic seal management terminal accesses the CA center and verifies the validity of the original signer signature certificate, and the verification of the validity of the original signer signature certificate at least comprises the following steps: verifying the certificate trust chain, verifying the validity period of the certificate, whether the certificate is revoked or not, and whether the key usage is correct or not, and verifying the validity content of the signature certificate later. If the detection is valid, continuing the next step, otherwise, jumping to the step 11;
step 10: the electronic seal management end detects whether the difference between the ending time and the current time of the original signer signing certificate is smaller than a preset threshold value of the system, such as 24 hours, and marks the detection result of the original signer signing certificate as needing to be updated;
step 11: the electronic seal management terminal acquires an encryption certificate from the second scrambler;
step 12: the electronic seal management terminal assembles the detection result of the original signer signature certificate and the encryption certificate into validity result data of the original signer signature certificate;
step 13: the electronic seal management terminal acquires an original signer signature certificate from an intelligent password key connected with the electronic seal management terminal;
step 14: the electronic seal management terminal calls a second scrambler interface, and signs the validity result data of the original signer signature certificate by using a private key corresponding to the original signer signature certificate;
step 15: the electronic seal management terminal assembles the validity result data of the original signer signature certificate, the signature algorithm identification and the signature value into signature data and returns the signature data to the electronic signer terminal;
step 16: the electronic signature end verifies the signature data; if the verification is passed, continuing the following steps, otherwise, stopping the automatic updating of the electronic seal and the signature operation, and displaying error information on the UI;
and step 17: the electronic signature end continues the following steps according to the validity result of the original signer signature certificate returned by the electronic seal management end, if the original signer signature certificate needs to be updated, otherwise, directly jumping to the last step to continue executing the signing operation;
step 18: the electronic signature end reads all first original electronic seal data containing the original signer signature certificate in the signer signature certificate list from the first scrambler;
step 19: the electronic signature end initiates an automatic signature certificate updating flow to a CA center, an encrypted public and private key pair and an encrypted certificate of a container in which the original signer signature certificate and the original signer signature certificate are located are updated, and the new signature certificate is marked as a target signer signature certificate;
step 20: the electronic signature end acquires an encryption certificate from the first scrambler;
step 21: the electronic signature end assembles first original electronic seal data, an original signer signature certificate and an encryption certificate into updated electronic seal request data;
step 22: the electronic signature end calls a first scrambler interface, and signs the updated electronic seal request data by using a private key corresponding to the target signer signature certificate;
step 23: the electronic signature end assembles the updated electronic seal request data, the target signer signature certificate, the signature algorithm identification and the signature value into signature data;
step 24: the electronic signature end calls a first scrambler interface, and the signature data are encrypted into a first digital envelope by using an encryption certificate;
step 25: the electronic signature end requests the electronic seal management end to update the electronic seal and sends a first digital envelope;
step 26: the electronic seal management end calls a second scrambler interface of the electronic seal management end, and decrypts the first digital envelope into signature data by using a private key corresponding to the encrypted certificate;
step 27: the electronic seal management end verifies the signature data, if the verification is successful, the following steps are continued, otherwise, the electronic signature end returns the failure result of the verification of the signature by the electronic signature end, the electronic signature end stops updating the electronic seal and signature operation and shows error information on a UI;
step 28: the electronic seal management end reads second original electronic seal data of which the signer signature certificate list contains the original signer signature certificate from the seal database;
step 29: traversing each original electronic seal data in the first original electronic seal data and the second original electronic seal data by the electronic seal management terminal;
step 30: the electronic seal management terminal analyzes the original electronic seal data and acquires all electronic seal metadata of each electronic seal, including an original signer signature certificate, electronic seal data and the like;
step 31: the signature certificate of the electronic seal management end connected with the electronic seal management end is an intelligent password key of a signer signature certificate;
step 32: the electronic seal management terminal accesses the CA center to verify the validity of the original signer signature certificate, if the signature certificate is valid, the next step is continued, otherwise, the step 34 is skipped;
step 33: the electronic seal management end detects whether the difference between the end time of the original signer signature certificate and the current time is less than a threshold (such as 24 hours);
step 34: the electronic seal management terminal judges whether the original signer signature certificate is invalid or the validity period is about to expire, if so, the next step is executed, otherwise, the step 36 is skipped;
step 35: the electronic seal management end initiates a process of automatically updating the signature certificate to the CA center, and updates the original signer signature certificate of a second cipher device corresponding to the electronic seal management end;
step 36: the electronic seal management terminal updates the original signer signature certificate in the signer signature certificate list in the electronic seal metadata as the target signer signature certificate;
step 37: the electronic seal management end updates the seal making time in the electronic seal metadata to be the current time;
step 38: the electronic seal management end regenerates electronic seal information data from the new electronic seal metadata;
step 39: the electronic seal management terminal calls a second scrambler interface of the electronic seal management terminal, and signature is carried out on new electronic seal information by using a private key corresponding to the target signer certificate;
step 40: the electronic seal management end generates second target electronic seal data by using new electronic seal information, a target signer signature certificate, a signature algorithm identifier and a signature value;
step 41: the electronic seal management end completes each original electronic seal data in a traversing manner, and updates the original signer signature certificate in the seal database to be the target signer signature certificate;
step 42: the electronic seal management terminal updates corresponding second original electronic seal data in the seal database by using all second target electronic seal data;
step 43: the electronic seal management end calls an intelligent password key interface of the electronic seal management end, and all first target electronic seal data are encrypted to be a second digital envelope by using an encryption certificate;
step 44: the electronic seal management terminal returns successful updating information and a second digital envelope to the signature terminal;
step 45: the electronic signature end calls a first scrambler interface of the electronic signature end, and a private key corresponding to the encrypted certificate is used for decrypting the second digital envelope;
step 46: the electronic signature end traverses each first target electronic seal data in all the first target electronic seal data;
step 47: the electronic signature end verifies the validity of the first target electronic seal data by using a target signer signature certificate, if the first target electronic seal data is valid, the following steps are continued, otherwise, the electronic seal updating and signature operation of the signature end are stopped, and error information is presented on a UI;
and 48: the electronic signature end completes each piece of first electronic seal data in a traversing manner, calls a first scrambler interface, and updates corresponding first original electronic seal data stored in a first scrambler by each piece of first electronic seal data;
step 49: if the signature certificate C1 needs to be updated, continuing the signature operation until the updating is finished; and if the updating is not needed, directly jumping to the point to continue the signature operation. The automatic updating of the electronic seal is realized by the steps, and the signature certificate of the signer in the electronic seal data used for signing is ensured to be always effective.
As shown in fig. 3, an electronic seal automatic updating system 200 according to an embodiment of the present invention includes: an electronic signature end 210 and the electronic seal management end 220;
the electronic signature end 210 is configured to: when the remaining effective time of the original signer signature certificate of the user is less than a first preset threshold, updating the original signer signature certificate through the CA center 230 to obtain a target signer signature certificate;
the electronic seal management terminal 220 is configured to: acquiring an original signer signature certificate of each electronic signet from at least one original electronic signer data corresponding to the original signer signature certificate; wherein, each original electronic seal data corresponds to an electronic seal;
the electronic seal management terminal 220 is further configured to: when the remaining effective time of any original signer signature certificate is less than a second preset threshold, updating any original signer signature certificate through the CA center 230 to generate a target signer signature certificate corresponding to any original signer signature certificate until a target signer signature certificate corresponding to each electronic seal is obtained;
the electronic seal management terminal 220 is further configured to: generating at least one target electronic seal data according to the target signer signature certificate and each target signer signature certificate; wherein, each target electronic seal data corresponds to an original electronic seal data.
Preferably, the electronic signature end 210 is further configured to: acquiring and sending the original signer signature certificate and the number of the first electronic seals corresponding to the original signer signature certificate from the first scrambler 211 to the electronic seal management end 220;
the electronic seal management terminal 220 is further configured to: acquiring the number of second electronic seals corresponding to the original signer signature certificate from a seal database, and judging whether the sum of the number of the first electronic seals and the second electronic seal data is greater than or equal to a third preset threshold value to obtain a first judgment result;
the electronic seal management terminal 220 is further configured to: when the first judgment result is yes, verifying the validity of the original signer signing certificate through the CA center to obtain and send a first validity result to the electronic signature end 210;
the electronic signature end 210 is specifically configured to:
when the first validity result is yes and the remaining validity time of the original signer signature certificate is less than a first preset threshold, the original signer signature certificate is updated through the CA center 230 to obtain a target signer signature certificate.
Preferably, the electronic signature end 210 is specifically configured to:
and analyzing each original electronic seal data to obtain electronic seal metadata corresponding to each original electronic seal data, and acquiring an original signer signature certificate of each electronic seal from each electronic seal metadata.
The technical scheme of the embodiment improves the updating efficiency of the electronic seal and reduces the economic cost and the error rate of the electronic seal while not influencing the normal use of the electronic seal.
The above steps for implementing the corresponding functions of each parameter and each module in the automatic electronic seal updating system 200 according to this embodiment may refer to the above parameters and steps in the embodiment of an automatic electronic seal updating method, which are not described herein again.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. Similarly, in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the invention and aiding in the understanding of one or more of the various inventive aspects. Where the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names. The steps in the above embodiments should not be construed as limiting the order of execution unless specified otherwise.
Claims (10)
1. An automatic electronic seal updating method is characterized by comprising the following steps:
s1, when the remaining effective time of an original signer signature certificate of a user is smaller than a first preset threshold, an electronic signer updates the original signer signature certificate through a CA center to obtain a target signer signature certificate;
s2, the electronic seal management terminal acquires an original signer signature certificate of each electronic seal from at least one piece of original electronic seal data corresponding to the original signer signature certificate; wherein, each original electronic seal data corresponds to an electronic seal;
s3, when the remaining effective time of any original signer signature certificate is smaller than a second preset threshold, the electronic signer management end updates the any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to the any original signer signature certificate until a target signer signature certificate corresponding to each electronic signer is obtained;
s4, the electronic seal management terminal generates at least one target electronic seal data according to the target signer signature certificate and each target signer signature certificate; wherein, each target electronic seal data corresponds to an original electronic seal data.
2. The method for automatically updating an electronic seal according to claim 1, further comprising, before said S1:
s01, the electronic signer obtains the original signer signature certificate from a first scrambler and sends the original signer signature certificate and the number of the first electronic seals corresponding to the original signer signature certificate to the electronic seal management end;
s02, the electronic seal management terminal obtains the number of second electronic seals corresponding to the original signer signature certificate from a seal database, and judges whether the sum of the number of the first electronic seals and the number of the second electronic seals is greater than or equal to 1 to obtain a first judgment result;
s03, when the first judgment result is yes, the electronic seal management terminal verifies the validity of the original signer signature certificate through the CA center to obtain a first validity result and sends the first validity result to the electronic signature terminal;
the S1 comprises:
and when the first validity result is yes and the remaining valid time of the original signer signature certificate is less than a first preset threshold, the electronic signature end updates the original signer signature certificate through a CA center to obtain a target signer signature certificate.
3. The method for automatically updating an electronic seal according to claim 2, wherein said S2 comprises:
and the electronic seal management end analyzes each original electronic seal data to obtain electronic seal metadata corresponding to each original electronic seal data, and acquires an original signer signature certificate of each electronic seal from each electronic seal metadata.
4. The method for automatically updating an electronic seal according to claim 2, wherein said original electronic seal data includes: first original electronic seal data and second original electronic seal data; before S2, further comprising:
when the first scrambler comprises at least one piece of first original electronic seal data corresponding to the original signer signature certificate, the electronic signature end acquires all the first original electronic seal data from the first scrambler and sends the target signer signature certificate and all the first original electronic seal data to the electronic seal management end;
and when the seal database contains at least one second original electronic seal data corresponding to the original signer signature certificate, the electronic seal management terminal extracts all the second original electronic seal data from the seal database.
5. The method for automatically updating an electronic seal according to claim 1, further comprising, before said S3:
the electronic seal management terminal verifies the validity of any original signer signature certificate through the CA center to obtain a second validity result;
the S3 comprises the following steps:
when the second validity result of any original signer signature certificate is yes and the remaining valid time of any original signer signature certificate is smaller than a second preset threshold, the electronic signer management end updates any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to any original signer signature certificate until the target signer signature certificate corresponding to each electronic signer is obtained.
6. The method for automatically updating an electronic seal according to claim 3, wherein the electronic seal management terminal corresponds to a second scrambler; the method further comprises the following steps:
and the electronic seal management terminal updates any original signer signature certificate stored in the second cipher device to a corresponding target signer signature certificate until the original signer signature certificate of each electronic seal stored in the second cipher device is updated to the corresponding target signer signature certificate.
7. The method according to claim 4, characterized in that said target electronic seal data includes: first target electronic seal data and second target electronic seal data, the method further comprising:
the electronic seal management end sends each first target electronic seal data to the electronic signature end so that the electronic signature end updates each first original electronic seal data in the first cipher device into corresponding first target electronic seal data;
and the electronic seal management terminal updates each second original electronic seal data in the seal database into corresponding second target electronic seal data.
8. An automatic updating system for electronic seals, comprising: the electronic seal management terminal is connected with the electronic seal terminal;
the electronic signature terminal is used for: when the remaining effective time of the original signer signature certificate of the user is less than a first preset threshold, updating the original signer signature certificate through a CA center to obtain a target signer signature certificate;
the electronic seal management terminal is used for: acquiring an original signer signature certificate of each electronic signet from at least one original electronic signer data corresponding to the original signer signature certificate; wherein, each original electronic seal data corresponds to an electronic seal;
the electronic seal management terminal is also used for: when the remaining effective time of any original signer signature certificate is smaller than a second preset threshold, updating any original signer signature certificate through the CA center to generate a target signer signature certificate corresponding to any original signer signature certificate until a target signer signature certificate corresponding to each electronic seal is obtained;
the electronic seal management terminal is also used for: generating at least one target electronic seal data according to the target signer signature certificate and each target signer signature certificate; wherein, each target electronic seal data corresponds to an original electronic seal data.
9. The automatic electronic seal updating system according to claim 8, wherein said electronic signature end is further configured to: acquiring and sending the original signer signature certificate and the number of the first electronic seals corresponding to the original signer signature certificate from a first scrambler to the electronic seal management terminal;
the electronic seal management terminal is also used for: acquiring the number of second electronic seals corresponding to the original signer signature certificate from a seal database, and judging whether the sum of the number of the first electronic seals and the number of the second electronic seals is greater than or equal to 1 to obtain a first judgment result;
the electronic seal management terminal is also used for: when the first judgment result is yes, verifying the validity of the original signer signature certificate through the CA center to obtain and send a first validity result to the electronic signature end;
the electronic signature terminal is specifically configured to:
and when the first validity result is yes and the residual valid time of the original signer signing certificate is less than a first preset threshold, updating the original signer signing certificate through a CA center to obtain a target signer signing certificate.
10. The electronic seal automatic updating system according to claim 9, wherein the electronic signature end is specifically configured to:
and analyzing each original electronic seal data to obtain electronic seal metadata corresponding to each original electronic seal data, and acquiring an original signer signature certificate of each electronic seal from each electronic seal metadata.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211200842.2A CN115834071A (en) | 2022-09-29 | 2022-09-29 | Automatic electronic seal updating method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211200842.2A CN115834071A (en) | 2022-09-29 | 2022-09-29 | Automatic electronic seal updating method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115834071A true CN115834071A (en) | 2023-03-21 |
Family
ID=85524192
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211200842.2A Pending CN115834071A (en) | 2022-09-29 | 2022-09-29 | Automatic electronic seal updating method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834071A (en) |
-
2022
- 2022-09-29 CN CN202211200842.2A patent/CN115834071A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11070542B2 (en) | Systems and methods for certificate chain validation of secure elements | |
| CN104519066B (en) | A kind of method for activating mobile terminal token | |
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| CN109756343A (en) | Authentication method, device, computer equipment and the storage medium of digital signature | |
| CN109560931B (en) | Equipment remote upgrading method based on certificate-free system | |
| US20230353390A1 (en) | Method for upgrading certificate of pos terminal, server, and pos terminal | |
| CN102171652A (en) | Method for provisioning trusted software to an electronic device | |
| CN110401615A (en) | A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing | |
| CN108696356B (en) | Block chain-based digital certificate deleting method, device and system | |
| US20160219045A1 (en) | Method and System for Authenticating a User of a Device | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN110740038B (en) | Blockchain and communication method, gateway, communication system and storage medium thereof | |
| CN113609213B (en) | Method, system, device and storage medium for synchronizing device keys | |
| WO2020035009A1 (en) | Authentication system and working method therefor | |
| CN112560017B (en) | Method for realizing APK unified signature by using three-level certificate authentication | |
| CN109246055B (en) | Medical information safety interaction system and method | |
| CN103825724A (en) | Identification type password system and method for updating and recovering private key automatically | |
| CN111884811A (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN115396121A (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN111130798A (en) | Request authentication method and related equipment | |
| WO2023093500A1 (en) | Access verification method and apparatus | |
| US20140223528A1 (en) | Certificate installation and delivery process, four factor authentication, and applications utilizing same | |
| CN111970122B (en) | Official APP identification method, mobile terminal and application server | |
| CN112954039A (en) | Block chain evidence storage method | |
| CN104883260B (en) | Certificate information processing and verification method, processing terminal and authentication server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |