CN115865360A - Continuous electronic signature method and system of credible identity token based on security component - Google Patents
Continuous electronic signature method and system of credible identity token based on security component Download PDFInfo
- Publication number
- CN115865360A CN115865360A CN202211460818.2A CN202211460818A CN115865360A CN 115865360 A CN115865360 A CN 115865360A CN 202211460818 A CN202211460818 A CN 202211460818A CN 115865360 A CN115865360 A CN 115865360A
- Authority
- CN
- China
- Prior art keywords
- electronic signature
- security component
- security
- identity token
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of information security, in particular to a method and a system for continuous electronic signature based on a mechanism of a security component matched with a trusted identity token. The method and the system can continuously carry out electronic signature without needing to carry out repeated operation intention authentication within a certain time, simplify the operation of a user and improve the efficiency of continuous signature.
Description
Technical Field
The application relates to the technical field of information security, in particular to a continuous electronic signature method and system of a credible identity token based on a security component.
Background
With the wide application of new technologies and new modes such as cloud computing, big data, block chains, digital currency, internet of things, internet of vehicles, artificial intelligence and the like, the cryptographic technology actively protects the safety development of new infrastructure, and has wide development in the fields of finance, energy, people benefiting, broadcast television, government affair service and the like, the application degree of commercial passwords is continuously deepened, and the electronic signature technology plays an important role in data safety guarantee.
Electronic signature is data contained in electronic form in a data message and attached to identify a signer and indicate that the signer approves the contents thereof. In popular terms, electronic signatures are electronic forms of electronic documents signed by cryptographic techniques, and are not digital images of written signatures. The most common implementation manner of electronic signature is digital signature, a signer uses a private key to perform cryptographic operation on a hash value of data to be signed to obtain a result, and the result can only be verified by a public key of the signer and is used for confirming the integrity of the data to be signed, the authenticity of the identity of the signer and the resistance to the denial of signature behavior. The data to be signed can be a character, a section of characters or an electronic file, and the application of the electronic signature technology ensures the safety, the legality and the effectiveness of the contents.
Due to current legal regulations: "electronic signature creation data is controlled only by the electronic signer". Therefore, whether the electronic signature is reliable or not needs to be ensured in a manner that the signer performs willingness authentication. The intention authentication is the confirmation of whether the signer is really willing in the electronic signature process. The method has the advantages that the intention authentication is a necessary link in the electronic signature process, if the link is not available, video equipment is needed to be borrowed, the signature behavior of the signer is recorded, the signing intention of the data electronic document signer is ensured, the situation that the signer can be certified without evidence when denying the signing behavior is prevented, and the situation that the signer signs by impersonation after the account number and the password are stolen by other third parties can be avoided.
An early intention authentication mode is intelligent password key authentication, which is terminal password equipment for realizing password operation and key management functions and providing password service, and generally uses a USB interface form (hereinafter referred to as a "USBKey"), and the intention authentication mode of the USBKey is PIN code verification. With the development of internet mobile technology, intelligent equipment is continuously upgraded, and a collaborative signature cryptographic technology is continuously perfected, so that electronic signature scenes of a mobile terminal are more and more abundant in accordance with the mobile electronic signature technology. The forms of willingness authentication also exhibit diversity, including but not limited to face recognition, dynamic verification codes, biometric fingerprints, iris verification, and the like. Compared with intelligent password key authentication, the mobile terminal will authenticate only by plugging and unplugging a key and then inputting a PIN verification code, although the mobile terminal will authenticate in a rich and various manner, most operations are complicated, firstly, a service system needs to establish a secure connection with an electronic signature system of the mobile terminal, then a signer needs to log in the electronic signature system of the mobile terminal to check the identity information of the current authentication, then the signer needs to select a will authentication mode (under the condition that various authentication modes exist), and finally the will authentication is completed (for example, a series of living body detection is completed by matching with face authentication).
According to the requirement, a signer needs to complete willingness authentication once when making an electronic signature, and the security is not sufficient, however, the situation that the same signer frequently uses the electronic signature for multiple times in a short time is often encountered in an actual signature scene, and the user experience is reduced if a 'signature-authentication' mode is strictly adopted. By taking an example of the field of government procurement and bidding procurement, in order to respond to the national optimization operator environment call and promote online transaction application, the transaction platform introduces an electronic signature system to ensure the transaction safety. When a supplier makes an electronic bid document, it needs to complete the following basic actions: (1) A supplier logs in a trading platform to make an electronic bidding document; (2) The supplier applies for electronic signature/signature to the electronic bidding document; (3) the supplier applies for using the digital certificate and the electronic seal; (4) the supplier completes the willingness authentication and obtains the authorization; (5) The supplier signs/signs the electronic bidding document electronically after obtaining authorization.
The above steps are a standard process for a supplier to electronically sign an electronic bidding document, and then when the supplier makes an electronic bidding document in the middle of an actual scene, dozens of or even hundreds of electronic signatures are needed to be made in dozens of documents so as to ensure the authenticity and validity of the submitted electronic bidding document. This means that the supplier needs to complete the willingness authentication repeatedly for multiple times in a short time, while ensuring security, the operation experience of the user is ignored, and frequent willingness authentication in a short time causes little stress on the performance support of the system. Meanwhile, the verification methods such as face recognition in the willingness authentication method need cost expenditure, which is a little expense for providing a platform side of an electronic signature system. Such problems cause the conflict of the electronic signature by the user, such as the above situation, which increases the willingness threshold of the user to use the electronic signature, is not favorable for the popularization and application of the electronic signature, and contradicts the original intention of the country to popularize the electronic signature, and thus a solution is needed.
Disclosure of Invention
The invention aims to provide a method and a system for continuous electronic signature based on a mechanism of matching a security component with a trusted identity token. The invention can complete the electronic signature without actively and frequently operating intention authentication under the condition that the signer can express the real intention of the signer and the signer can control the signer by a credible identity token mechanism. The method is efficient and convenient on the premise of ensuring safety, reduces the burden of signers and saves the cost of an electronic signature platform.
In order to solve the technical problem, the invention provides a continuous electronic signature method of a credible identity token based on a security component, which comprises the following steps:
s1, a service system applies for an electronic signature to a security component;
s2, the security component acquires electronic signature parameters;
s3, the security component judges whether a valid credible identity token exists or not; if the jump to S4 is carried out continuously, if the jump to S5 is not carried out continuously;
s4, the security component compares the electronic signature application parameters with the security identity data, and continues to execute through a verification jump S9 without continuing to execute through a verification jump S5;
s5, establishing a secure transmission channel between the secure component and the electronic signature system, and sending the electronic signature application parameters to the electronic signature system;
s6, completing intention authentication in the electronic signature system, and authorizing the security component to use the user key;
s7, the electronic signature system cooperates with a timestamp server to create the credible identity token;
s8, the electronic signature system carries out electronic signature on the credible identity token; and sending to the security component;
s9, the security component encrypts the electronic signature application parameters by using the credible identity token to generate the security identity data;
s10, the security component is matched with a signature verification server to complete electronic signature, and a result is returned to the service system;
and repeating the steps from S1 to S10 to realize continuous electronic signature.
Further, the security component modalities include but are not limited to SDK, EXE, DLL library, and the like;
further, the electronic signature application parameters include a physical terminal identifier carried by the service system, the service system identifier, the service system login account, and a set of random numbers.
Further, in the electronic signature application parameter, the random number is generated by the security component.
Further, the security component in S3 determines whether there is an effective trusted identity token, which specifically includes:
s31, the security component is matched with a signature verification server to verify the validity of the digital signature of the credible identity token; the verification is passed and continues to S32, and if the verification fails, the operation is skipped to S5 and continues to be executed;
s32, the security component verifies whether the credible identity token is in the validity period by matching with a timestamp server, the verification continues through S4, and the verification failure jumps to S5 to continue execution;
further, the security component in S4 compares the electronic signature application parameter with the security identity data, which specifically includes:
s41, the security component decrypts the security identity data by using a symmetric encryption algorithm;
s42, the security component compares the decrypted security identity data with the electronic signature application parameters, and the comparison contents comprise a physical terminal identifier carried by the service system, a service system identifier and the service system login account number, and if the two are consistent, S43 is continued, and if the two are inconsistent, S5 is skipped to continue execution;
s43, the security component compares the decrypted security identity data with the electronic signature application parameters, compares the contents of the contents with the random numbers, continues to S44 under the condition that the contents of the contents are inconsistent, and skips to S5 to continue execution under the condition that the contents of the contents are consistent;
s44, the security component uses a symmetric encryption algorithm to encrypt the electronic signature application parameter by using a credible identity token to replace the security identity data;
furthermore, the secure transmission channel adopts a websocket and/or an SSL/TLS protocol;
furthermore, the electronic signature system includes but is not limited to a PC client and a mobile terminal according to different installation forms of the service system;
further, the intention authentication mode includes but is not limited to a signature password, a dynamic security code, face recognition, a biometric fingerprint, and an iris;
further, in S7, the electronic signature system cooperates with the timestamp server to create the trusted identity token, which is as follows:
s71, the electronic signature system creates the credible identity token according to the desire of a signer;
s72, the electronic signature system analyzes the electronic signature application parameters to obtain a physical terminal identifier, a service system login account and the random number which are borne by the service system;
s73, the electronic signature system calculates the hash values of the physical terminal identification, the service system login account number and the random number borne by the service system by using a digest algorithm;
s74, the electronic signature system combines the hash value and the timestamp to generate the credible identity token;
s75, the electronic signature system sets the valid time of the credible identity token according to the intention of a signer; the valid time of the trusted identity token is jointly determined by a security policy and user wishes;
further, the timestamp is generated by a trusted time source provided by a national authorization center;
further, in S9, the security component encrypts the electronic signature application parameter using the trusted identity token, which specifically includes the following steps:
s91, the security component uses a symmetric encryption algorithm and utilizes a credible identity token to encrypt an electronic signature application parameter;
s92, generating the encrypted security identity data;
s93, the security component temporarily saves the security identity data;
correspondingly, the application also provides a continuous electronic signature system of the credible identity token based on the security component, which is characterized by comprising a business system, the security component, an electronic signature system, a signature verification server and a timestamp server; wherein:
the business system is connected with the security component and is used for applying an electronic signature to the security component by the business system;
the security component is connected to the business system, the electronic signature system, the signature verification server, and the timestamp server, and is configured to transmit data to the electronic signature system by the security component, acquire data from the business system by the security component, return a result to the business system by the security component, verify a signature in the middle of security, acquire trusted time by the security component, temporarily store the secure identity data, encrypt and decrypt the electronic signature application parameter, and temporarily store the trusted identity token;
the electronic signature system is connected with the security component, the signature verification server and the timestamp server, and is used for transmitting data to the security intermediary, completing willingness authentication, creating the trusted identity token, authorizing the security component to use a user key, and making an electronic signature on the trusted identity token by a user;
the signature verification server is connected with the security component and the electronic signature system, and is used for providing digital signature service and digital signature verification service;
the timestamp server is connected with the security component and the electronic signature system and used for providing a trusted timestamp service.
By utilizing the technical scheme, the invention has the following beneficial effects:
through the credible identity token mechanism, the signer voluntary authentication is processed in the security component closed loop, and the signer can use the electronic signature without frequently operating a willingness authentication mode within a controllable credible time range, so that the user operation is simplified, the signature efficiency is improved, and the service pressure is relieved.
Drawings
Fig. 1 is a flow chart of the steps of the present invention based on continuous electronic signing of a trusted identity token by a security component.
Fig. 2 is an architecture diagram of the present invention of a continuous electronic signature method and system for a trusted identity token based on a security component.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
Fig. 1 is an architecture diagram of a continuous electronic signature system based on a trusted identity token of a security component according to an embodiment of the present invention. The continuous electronic signature system of the credible identity token based on the security component comprises: the system comprises a business system, a security component, an electronic signature system, a signature verification server and a timestamp server.
The business system is connected with the security component and is used for applying an electronic signature to the security component by the business system;
the security component is respectively connected with the business system, the electronic signature system, the signature verification server and the timestamp server; the system comprises a security component, a business system and a trusted identity token, wherein the security component is used for transmitting data to the electronic signature system, obtaining the data from the business system by the security component, returning a result to the business system by the security component, verifying a signature in the security middle, obtaining trusted time by the security component, temporarily storing the security identity data, encrypting and decrypting the electronic signature application parameter and temporarily storing the trusted identity token;
the electronic signature system is connected with the security component, the signature verification server and the timestamp server, and is used for transmitting data to the security intermediary, completing willingness authentication, creating the trusted identity token, authorizing the security component to use a user key, and making an electronic signature on the trusted identity token by a user;
the signature verification server is connected with the security component and the electronic signature system, and is used for providing digital signature service and digital signature verification service;
the timestamp server is connected with the security component and the electronic signature system and used for providing a trusted timestamp service.
Fig. 2 is a diagram illustrating steps of continuous electronic signature of a trusted identity token based on a security component according to the present invention, including the following steps: (this example will be illustrated with the supplier using a bidding client.)
S1, a service system applies for an electronic signature to a security component; in the present application, a business system refers to an information system developed by an enterprise or an organization to implement a business function developed by the enterprise or the organization, and mainly provides business functions related to the process from formation to handling for a data message, and provides data interfaces connected with other systems. Taking the government procurement industry as an example, the business system comprises a supervision system, a trading system, a bidding client, an expert review system and the like. The security component is an independent functional component for realizing the electronic signature function, is responsible for various interactive operations between each link and an external system in the whole process of the electronic signature, can be used as a general module to be integrated into different business systems, and can also be independently deployed to provide service calling for various business systems at the same time. When the business system needs to carry out electronic signature operation, an electronic signature request is initiated to the security component in a mode of calling the interface. At the same time, the security component also assumes the responsibility for temporary storage and handling of security data. In this example, the security component is integrated into the bidding client, and the security component and the bidding client form a secure closed loop.
S2, the security component acquires an electronic signature application parameter; in the application, the electronic signature application parameter is composed of a physical terminal identifier carried by a service system, a service system identifier, a service system login account, and a group of random numbers. The physical terminal carried by the service system is determined by the mode of deployment and installation of the service system, and comprises a mobile terminal, a PC terminal, a customized terminal and the like. The service system identification is used for identifying the system identity of the electronic signature applicant and preventing illegal calling of electronic signature service for an unauthorized system. The business system account is used for identifying the business identity of an electronic signature signer, and the form of the business system account is mainly the combination of the account, the password and the authority. The random number is generated by a security component to ensure uniqueness of each invocation event. In this example, the physical terminal carried by the bidding client is a PC terminal, and the login account of the business system is in the form of an enterprise account + a password + a provider permission.
S3, the security component judges whether a valid credible identity token exists or not; if the jump to S4 is carried out continuously, if the jump to S5 is not carried out continuously;
when the supplier clicks the electronic signature at the bidding client, the following judgment is made:
s31, the security component is matched with a signature verification server to verify the validity of the digital signature of the credible identity token; the verification is passed and continues to S32, and if the verification fails, the operation is skipped to S5 and continues to be executed;
s32, the security component verifies whether the credible identity token is in the validity period by matching with a timestamp server, the verification continues through S4, and the verification failure jumps to S5 to continue execution;
firstly, whether the trusted identity token is valid needs to be verified, and at the moment, the security component applies to the signature verification server to verify that the signature of the trusted identity token is valid, so as to ensure that the trusted identity token is not tampered and replaced. Secondly, the security component requests the current timestamp from the timestamp server for comparison with the validity period of the trusted identity token.
In the present application, the timestamp is data obtained by signing time and other data to be signed, and is used for indicating a time attribute of the data, and the timestamp is provided by a trusted service authority which generates and manages the timestamp.
In the application, the signature verification server is based on the digital signature of a PKI system and a digital certificate, and the servers with the operation functions of verifying the signature and the like ensure the authenticity, integrity and non-repudiation of key service information.
In the application, whether the credible identity token is in the valid period or not is judged, the judgment needs to be jointly analyzed and determined by combining the security policy, the security policy can judge the interval between the latest electronic signature time of the supplier and the electronic signature time of the supplier, if the interval exceeds 5 minutes, the supplier needs to finish willingness authentication again no matter whether the credible identity token is in the valid period or not, and illegal operation of an unauthorized person when the supplier leaves temporarily in the electronic signature operation process is prevented.
S4, the security component compares the electronic signature application parameters with the security identity data, and continues to execute through a verification jump S9 without continuing to execute through a verification jump S5;
in the present application, the electronic signature application parameter and the security identity data need to be compared, and the steps are as follows:
s41, the security component decrypts the security identity data by using a symmetric encryption algorithm;
s42, the security component compares the decrypted security identity data with the electronic signature application parameters, and the contents are compared, wherein the physical terminal identifier carried by the service system, the service system identifier and the service system login account number continue to be S43 under the condition that the two are consistent, and skip to S5 to continue to execute under the condition that the two are inconsistent;
s43, the security component compares the decrypted security identity data with the electronic signature application parameters, compares the contents of the contents with the random numbers, continues to S44 under the condition that the contents of the contents are inconsistent, and skips to S5 to continue execution under the condition that the contents of the contents are consistent;
s44, the security component uses a symmetric encryption algorithm to encrypt the electronic signature application parameter by using a credible identity token to replace the security identity data;
in the present application, the electronic application parameter is composed of a physical terminal identifier, a service system login account and a group of random numbers, which are carried by a service system in the present application. In this example, the physical terminal carried by the bidding client is a PC terminal, and the login account of the business system is in the form of an enterprise account + a password + a provider authority. The random number is generated by the security component in this example.
In the application, when the supplier completes the intention authentication in the electronic signature system for the first time, the electronic signature application parameters acquired by the security component are generated and temporarily stored in the security component. The safety identity data is dynamically updated, the uniqueness of each application event is guaranteed, and replay attack is prevented.
S5, establishing a secure transmission channel between the secure component and the electronic signature system, and sending the electronic signature application parameters to the electronic signature system;
in the application, the secure transmission channel adopts a websocket and/or SSL/TLS protocol, so that the security in the data transmission process is guaranteed.
S6, completing intention authentication in the electronic signature system, and authorizing the security component to use the user key;
in the present application, the intention authentication of the electronic signature system includes, but is not limited to, a signature password, a dynamic security code, face recognition, a biometric fingerprint, and an iris. The supplier needs to select a proper willing authentication mode according to the form of the digital certificate, for example, the supplier can use a signature password to complete the willing authentication when using the digital certificate in the form of the medium.
S7, the electronic signature system cooperates with a timestamp server to create the credible identity token;
in the application, the trusted identity token is created in the electronic signature system, and the specific steps are as follows:
s71, the electronic signature system creates the credible identity token according to the desire of a signer;
s72, the electronic signature system analyzes the electronic signature application parameters to obtain a physical terminal identifier, a service system login account and the random number which are borne by the service system;
s73, the electronic signature system calculates the hash value of the physical terminal identifier, the service system login account number and the random number loaded by the service system by using a digest algorithm;
s74, the electronic signature system combines the hash value and the timestamp to generate the credible identity token;
s75, the electronic signature system sets the valid time of the credible identity token according to the intention of a signer; the valid time of the credible identity token is jointly determined by a security policy and the user intention;
in the application, the electronic signature system provides password management and password operation capabilities, and has the main functions of intention authentication, electronic signature and data protection.
In the application, the timestamp server is connected with the trusted time source to provide trusted timestamp service for proving undeniability of the time attribute when the event occurs. The trusted identity token containing the time stamp can be tampered with at a valid time that prevents the setting.
In the application, the supplier needs to authorize to start the credible identity token, the supplier needs to set the valid time of the credible identity token, the user is guaranteed to know and control the credible identity token, and the supplier can finish identity verification once in the electronic signature system and then set to start the credible identity token.
In the application, the valid time of the trusted identity token is determined by a security policy and user wishes together, the security policy is calculated by the average electronic signature time spent when a user makes an electronic bidding document in the big data analysis industry, a set of trusted time thresholds is obtained, for example, 15 minutes, and the user can only set the valid time of the trusted identity token within the set of trusted time thresholds, for example, 10 minutes.
In the application, the trusted identity token is provided with an interrupt mechanism, and when a supplier needs to leave an operation position temporarily, the authorization of the trusted identity token can be interrupted in the electronic signature system.
S8, the electronic signature system carries out electronic signature on the credible identity token; and sending to the security component;
s9, the security component encrypts the electronic signature application parameters by using the credible identity token to generate the security identity data;
in this application, the security component needs to temporarily store the trusted identity token and the security identity data. The secure identity data is encrypted by symmetric encryption, and the symmetric key is a trusted identity token. And the credible identity token and the safety identity data are ensured to realize closed loop in the safety middle when in use.
S10, the security component is matched with a signature verification server to complete electronic signature, and a result is returned to the service system;
repeating S1 to S10 to realize continuous electronic signature;
in the present application, when the security token is tampered or replaced, the vendor is required to perform willingness authentication again. When the electronic signature application parameter is inconsistent with the security identity data or the random number is repeated, the supplier is required to carry out willingness authentication again. When the validity period of the security token expires, willingness authentication is required to be carried out again by the supplier. The security token and the security identity data are stored in the security component, the security component is integrated in the bidding client, and closed-loop management of the security token and the security identity data is achieved. The security component and the electronic signature system are transmitted through a security encryption channel, and the security of data is guaranteed. The creation and setting of security tokens requires signer authorization. The signer can realize continuous electronic signature without repeated and frequent operation intention authentication under the condition of ensuring safety and controlling knowledge.
It is to be understood that the disclosed embodiments are merely exemplary of the invention, and are not intended to be exhaustive or exhaustive. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention. The above embodiments are merely illustrative of the technical solutions of the present invention, and the present invention is not limited to the above embodiments, and any modifications or alterations according to the principles of the present invention should be within the protection scope of the present invention.
Claims (10)
1. A method for continuous electronic signature of a trusted identity token based on a security component, comprising the steps of:
s1, a service system applies for an electronic signature to a security component;
s2, the security component acquires electronic signature parameters;
s3, the security component judges whether a valid credible identity token exists or not; if the jump to S4 is carried out continuously, if the jump to S5 is not carried out continuously;
s4, the security component compares the electronic signature application parameters with the security identity data, and continues to execute through a verification jump S9 without continuing to execute through a verification jump S5;
s5, establishing a secure transmission channel between the secure component and the electronic signature system, and sending the electronic signature application parameters to the electronic signature system;
s6, completing intention authentication in the electronic signature system, and authorizing the security component to use the user key;
s7, the electronic signature system cooperates with a timestamp server to create the credible identity token;
s8, the electronic signature system carries out electronic signature on the credible identity token; and sending to the security component;
s9, the security component encrypts the electronic signature application parameters by using the credible identity token to generate the security identity data;
s10, the security component is matched with a signature verification server to complete electronic signature, and a result is returned to the service system;
and repeating the steps from S1 to S10 to realize continuous electronic signature.
2. The method for continuous electronic signature of a trusted identity token based on security components as claimed in claim 1, wherein said security component modality comprises SDK, EXE or DLL library.
3. The method according to claim 1, wherein the electronic signature application parameters include a physical terminal identifier carried by the service system, the service system identifier, the service system login account, and a set of random numbers.
4. The method for continuous electronic signature of a trusted identity token based on a security component as claimed in claim 3, wherein said nonce is generated by said security component in said electronically signed application parameter.
5. The method for continuous electronic signature of a trusted identity token based on a security component as claimed in claim 1, wherein said security component in S3 determines whether a valid trusted identity token exists, specifically as follows:
s31, the security component is matched with a signature verification server to verify the validity of the digital signature of the credible identity token; the verification is passed and continues to S32, and if the verification fails, the operation is skipped to S5 and continues to be executed;
and S32, the security component verifies whether the credible identity token is in the validity period by matching with a timestamp server, the verification continues through S4, and the verification fails and skips S5 to continue execution.
6. The method according to claim 1, wherein the secure element in S4 compares the electronic signature application parameter with the secure identity data, specifically as follows:
s41, the security component decrypts the security identity data by using a symmetric encryption algorithm;
s42, the security component compares the decrypted security identity data with the electronic signature application parameters, and the comparison contents comprise a physical terminal identifier carried by the service system, a service system identifier and the service system login account number, and if the two are consistent, S43 is continued, and if the two are inconsistent, S5 is skipped to continue execution;
s43, the security component compares the decrypted security identity data with the electronic signature application parameters, compares the contents of the contents with the random numbers, continues to S44 under the condition that the contents of the contents are inconsistent, and skips to S5 to continue execution under the condition that the contents of the contents are consistent;
s44, the security component uses a symmetric encryption algorithm to encrypt the electronic signature application parameter by using a credible identity token to replace the security identity data.
7. The continuous electronic signature method for trusted identity token based on security component as claimed in claim 1, wherein said electronic signature system in S7 cooperates with a timestamp server to create said trusted identity token, specifically as follows:
s71, the electronic signature system creates the credible identity token according to the intention of a signer;
s72, the electronic signature system analyzes the electronic signature application parameters to obtain a physical terminal identifier, a service system login account and the random number which are borne by the service system;
s73, the electronic signature system calculates the hash values of the physical terminal identification, the service system login account number and the random number borne by the service system by using a digest algorithm;
s74, the electronic signature system combines the hash value and the timestamp to generate the credible identity token;
s75, the electronic signature system sets the valid time of the credible identity token according to the intention of a signer; the valid time of the credible identity token is jointly determined by the security policy and the user intention.
8. The method for continuous electronic signature of a trusted identity token based on a security component as claimed in claim 1, wherein said security component in S9 uses said trusted identity token to encrypt said electronically signed application parameters as follows:
s91, the security component uses a symmetric encryption algorithm and utilizes a credible identity token to encrypt an electronic signature application parameter;
s92, generating the encrypted security identity data;
s93, the security component temporarily saves the security identity data.
9. The method for continuous electronic signature of a trusted identity token based on a secure element as claimed in claim 1, wherein said secure connection channel uses websocket and/or SSL/TLS protocol.
10. A continuous electronic signature system of a credible identity token based on a security component is characterized by comprising a business system, the security component, an electronic signature system, a signature verification server and a timestamp server; wherein:
the business system is connected with the security component and is used for applying an electronic signature to the security component by the business system;
the security component is respectively connected with the business system, the electronic signature system, the signature verification server and the timestamp server, and is used for transmitting data to the electronic signature system by the security component, acquiring data from the business system by the security component, returning a result to the business system by the security component, verifying a signature in the middle of security, acquiring trusted time by the security component, temporarily storing the secure identity data, encrypting and decrypting the electronic signature application parameter, and temporarily storing the trusted identity token;
the electronic signature system is connected with the security component, the signature verification server and the timestamp server, and is used for transmitting data to the security intermediate, completing willingness authentication, creating the credible identity token, authorizing the security component to use a user key, and enabling a user to electronically sign the credible identity token;
the signature verification server is connected with the security component and the electronic signature system, and is used for providing digital signature service and digital signature verification service;
the timestamp server is connected with the security component and the electronic signature system and used for providing a trusted timestamp service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211460818.2A CN115865360A (en) | 2022-11-17 | 2022-11-17 | Continuous electronic signature method and system of credible identity token based on security component |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211460818.2A CN115865360A (en) | 2022-11-17 | 2022-11-17 | Continuous electronic signature method and system of credible identity token based on security component |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115865360A true CN115865360A (en) | 2023-03-28 |
Family
ID=85664575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211460818.2A Pending CN115865360A (en) | 2022-11-17 | 2022-11-17 | Continuous electronic signature method and system of credible identity token based on security component |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115865360A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116823179A (en) * | 2023-07-12 | 2023-09-29 | 国义招标股份有限公司 | Intelligent bidding platform, electronic equipment and storage medium |
-
2022
- 2022-11-17 CN CN202211460818.2A patent/CN115865360A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116823179A (en) * | 2023-07-12 | 2023-09-29 | 国义招标股份有限公司 | Intelligent bidding platform, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102217277B (en) | Method and system for token-based authentication | |
| TWI454111B (en) | Techniques for ensuring authentication and integrity of communications | |
| CN107733636B (en) | Authentication method and authentication system | |
| WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
| CN112039918B (en) | Internet of things credible authentication method based on identification cryptographic algorithm | |
| US7606768B2 (en) | Voice signature with strong binding | |
| CN101163009A (en) | System, server, terminal and tamper resistant device for authenticating a user | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| EP1886204B1 (en) | Transaction method and verification method | |
| CN109347887B (en) | Identity authentication method and device | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| US20200169410A1 (en) | Method for digital signing with multiple devices operating multiparty computation with a split key | |
| CN111130798A (en) | Request authentication method and related equipment | |
| CN111062059B (en) | Method and device for service processing | |
| CN113872989B (en) | SSL protocol-based authentication method, SSL protocol-based authentication device, computer equipment and storage medium | |
| CN115865360A (en) | Continuous electronic signature method and system of credible identity token based on security component | |
| CN114553441A (en) | Electronic contract signing method and system | |
| CN110838919A (en) | Communication method, storage method, operation method and device | |
| CN113205342A (en) | User identity authentication method and device based on multi-terminal payment | |
| KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
| CN113285809A (en) | Continuous signature method and system based on electronic signature middleware | |
| KR102547590B1 (en) | Apparatus and method for performing non-face-to-face identification using a bio-certificate | |
| CN113672898B (en) | Service authorization method, authorization device, system, electronic device and storage medium | |
| TWI828001B (en) | System for using multiple security levels to verify customer identity and transaction services and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |