CN115913563B - Electronic signature generation method, verification method and device - Google Patents
Electronic signature generation method, verification method and device Download PDFInfo
- Publication number
- CN115913563B CN115913563B CN202211227405.XA CN202211227405A CN115913563B CN 115913563 B CN115913563 B CN 115913563B CN 202211227405 A CN202211227405 A CN 202211227405A CN 115913563 B CN115913563 B CN 115913563B
- Authority
- CN
- China
- Prior art keywords
- signature
- data
- electronic signature
- trusted
- time information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method for generating an electronic signature, a method for verifying the electronic signature, equipment for generating the electronic signature and equipment for verifying the electronic signature, belonging to the technical field of information, wherein the method comprises the following steps: acquiring signature original data; generating first electronic signature data according to the signature original data signature, wherein the first electronic signature data comprises first signature time information; the first electronic signature data is sent to a trusted organization, so that the trusted organization verifies first signature time information according to the trusted data and returns second electronic signature data when the first signature time information is verified, wherein the second electronic signature data comprises the first electronic signature data, the trusted data and a trusted signature value generated by the trusted organization for signing the trusted data and the first electronic signature data; and receiving and outputting the second electronic signature data. The application aims to verify the timeliness of the electronic signature, avoid the problem that the signature can still be performed when the timeliness fails, and improve the safety of the electronic signature.
Description
Technical Field
The present application relates to the field of information technologies, and in particular, to a method for generating an electronic signature, a method for verifying an electronic signature, a device for generating an electronic signature, and a device for verifying an electronic signature.
Background
With the development of information technology, various e-commerce activities and e-government activities are rapidly developing, and electronic signature is widely applied to various fields, such as sending secure e-mail, signing on the internet, secure online document delivery, online customs clearance, and the like.
The electronic signature is used as a technology of utilizing an asymmetric public key confidentiality system, so that the reliability of an encryption technology can be ensured, but besides an encrypted signature, the electronic signature data is also formed based on a digital certificate of a signer and the electronic seal, and has limited timeliness.
Nowadays, because the format of the electronic signature data is public and the signer holds the private key of the digital certificate, the signature can be completed by skipping the verification step for timeliness during the signature, so that the problem that the signature can be performed even when the timeliness fails occurs, the counterfeit electronic signature data occurs, and the security of the electronic signature is reduced.
Disclosure of Invention
The application mainly aims to provide a method for generating an electronic signature, a method for verifying the electronic signature, equipment for generating the electronic signature and equipment for verifying the electronic signature, aims to verify the timeliness of the electronic signature, and solves the problem that the signature can still be performed when the timeliness fails, and improves the safety of the electronic signature.
In order to achieve the above object, the present application provides a method for generating an electronic signature, the method for generating an electronic signature comprising the steps of:
acquiring signature original data;
generating first electronic signature data according to the signature original data signature, wherein the first electronic signature data comprises first signature time information;
transmitting the first electronic signature data to a trusted authority, so that the trusted authority verifies the first signature time information according to the trusted data and returns second electronic signature data when the first signature time information is verified, wherein the second electronic signature data comprises the first electronic signature data, the trusted data and a trusted signature value generated by the trusted authority for signing the trusted data and the first electronic signature data;
and receiving and outputting the second electronic signature data.
Optionally, the trusted data includes current time information, and after the step of sending the first electronic signature data to the trusted authority, the method further includes:
when receiving first error information fed back by the trusted mechanism, outputting corresponding first error prompt information;
the first error information is information fed back by the trusted authority when the interval time between the first signature time information and the current time information is determined to be longer than the preset time.
Optionally, the trusted data includes current time information, the first electronic signature data includes certificate information and a corresponding certificate validity period, and after the step of sending the first electronic signature data to the trusted authority, the method further includes:
outputting corresponding second error prompt information when receiving the second error information fed back by the trusted mechanism;
wherein the second error information is information that the trusted authority determines that the current time information is fed back when the current time information is out of the range of the certificate validity period.
Optionally, the step of generating the first electronic signature data according to the signature original data signature includes:
determining first signature time information and uploading the first signature time information to a preset server;
determining a first signature address, wherein the first signature address is a storage address of the first signature time information in the preset server;
generating the first electronic signature data according to the signature original data, the first signature time information and the first signature address signature;
and the second electronic signature data comprises a second signature address, wherein the second signature address is a storage address of second signature time information in the preset server, and the second signature time information is time information when the second electronic signature data uploaded to the preset server by the trusted authority is generated.
Optionally, the trusted data includes current time information when the trusted authority receives the first electronic signature data, authorization certificate information of the trusted authority, and a signature algorithm identifier, wherein the signature algorithm identifier is a signature algorithm used by the trusted authority to determine to sign the trusted data and the first electronic signature data.
In addition, in order to achieve the above object, the present application also provides a verification method of an electronic signature, the verification method of the electronic signature comprising the steps of:
acquiring second electronic signature data, wherein the second electronic signature data comprises first electronic signature data, trusted data of a trusted mechanism and a trusted signature value of the trusted mechanism, and the second electronic signature data is generated when the trusted mechanism verifies and passes first signature time information in the first electronic signature data;
verifying the first electronic signature data to obtain a first verification result;
verifying the second electronic signature data according to the first electronic signature data, the trusted data and the trusted signature value to obtain a second verification result;
and determining a target verification result of signature original data corresponding to the first electronic signature data according to the first verification result and the second verification result.
Optionally, the step of verifying the second electronic signature data according to the first electronic signature data, the trusted data and the trusted signature value, and obtaining a second verification result includes:
extracting first signature time information in the first electronic signature data, and extracting second signature time information in the second electronic signature data, wherein the second signature time information is recorded time information when a trusted authority signs and generates the second electronic signature data;
when the interval time between the first signature time information and the second signature time information is longer than the preset time, determining that the second verification result is verification failure;
and when the interval duration between the first signature time information and the second signature time information is smaller than or equal to the preset time, verifying the second electronic signature data according to the trusted data and the trusted signature value, and obtaining the second verification result.
Optionally, the step of verifying the second electronic signature data according to the trusted data and the trusted signature value, and obtaining the second verification result includes:
determining authorization certificate information of the trusted authority according to the trusted data;
when the validity of the authorization certificate information is verified, determining a corresponding public key to verify the trusted signature value according to the authorization certificate information, and when the trusted signature value is verified, determining that the second verification result is verified;
and when the validity verification of the authorization certificate information is not passed or the verification of the trusted signature value is not passed, determining that the second verification result is verification failure.
In addition, in order to achieve the above object, the present application also proposes an electronic signature generating apparatus, including: memory, a processor and a generation program of an electronic signature stored on the memory and executable on the processor, the generation program of the electronic signature being configured to implement the steps of the generation method of an electronic signature as described in any one of the above.
In addition, in order to achieve the above object, the present application also proposes an electronic signature verification apparatus including: memory, a processor and a verification program of an electronic signature stored on the memory and executable on the processor, the verification program of an electronic signature being configured to implement the steps of the verification method of an electronic signature as described in any one of the preceding claims.
The application provides a method for generating an electronic signature, which comprises the steps of generating first electronic signature data according to signature original data by acquiring the signature original data, and completing a normal electronic signature process, wherein the first electronic signature data comprises first signature time information; then the first electronic signature data is sent to a trusted organization, so that the trusted organization verifies the first signature time information according to the trusted data and returns the second electronic signature data when the first signature time information is verified, and the signature time of the first electronic signature data is verified; the returned second electronic signature data comprises the first electronic signature data, trusted data and a trusted signature value generated by signing the trusted data and the first electronic signature data by a trusted authority; and receiving and outputting the second electronic signature data. Compared with a common electronic signature process, the method and the device have the advantages that the third party trusted authority is utilized to verify the signature time in the first electronic signature data generated by the signature, and further signature is carried out by combining the verification result and the trusted data provided by the trusted authority, so that the second electronic signature data is generated by the signature, the timeliness of the electronic signature is verified, the problem that signature can still be carried out when the timeliness fails is avoided, and the safety of the electronic signature is improved.
Drawings
FIG. 1 is a schematic diagram of a hardware structure involved in an operation of an embodiment of an electronic signature generating apparatus according to the present application;
FIG. 2 is a schematic diagram of a hardware structure involved in the operation of an embodiment of an electronic signature verification device according to the present application;
FIG. 3 is a flowchart illustrating an embodiment of a method for generating an electronic signature according to the present application;
FIG. 4 is a flowchart illustrating a method for generating an electronic signature according to another embodiment of the present application;
fig. 5 is a flowchart illustrating an embodiment of a method for verifying an electronic signature according to the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides electronic signature generation equipment. As shown in fig. 1, the electronic signature generating apparatus may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the electronic signature generating apparatus, and may include more or fewer components than shown, or may combine certain components, or may be arranged in different components.
As shown in fig. 1, a memory 1005 as a storage medium may include a generation program of an electronic signature. In the electronic signature generating device shown in fig. 1, the network interface 1004 is mainly used for data communication with other devices; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 may be configured to call a generation program of an electronic signature stored in the memory 1005 and execute the generation method of the electronic signature provided by the embodiment of the present application.
The embodiment of the application provides verification equipment for an electronic signature. As shown in fig. 2, the verification device of the electronic signature may include: a processor 2001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 2002, a user interface 2003, a network interface 2004, a memory 2005. Wherein a communication bus 2002 is used to enable connected communications between these components. The user interface 2003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 2003 may also include a standard wired interface, a wireless interface. The network interface 2004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 2005 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 2005 may alternatively be a storage device independent of the aforementioned processor 2001.
It will be appreciated by those skilled in the art that the structure shown in fig. 2 does not constitute a limitation of the verification device of the electronic signature, and may include more or fewer components than shown, or may combine certain components, or may be arranged in different components.
As shown in fig. 2, a verification program of an electronic signature may be included in the memory 2005 as a storage medium. In the verification device of the electronic signature shown in fig. 2, the network interface 2004 is mainly used for data communication with other devices; the user interface 2003 is mainly used for data interaction with a user; the processor 2001 may be used to invoke a verification program of the electronic signature stored in the memory 2005 and to perform a verification method of the electronic signature provided by an embodiment of the present application.
The embodiment of the application also provides a method for generating the electronic signature, which is applied to the equipment for generating the electronic signature.
Referring to fig. 3, an embodiment of a method for generating an electronic signature according to the present application is provided. In this embodiment, the method for generating an electronic signature includes:
step S10, obtaining signature original data; generating first electronic signature data according to the signature original data signature, wherein the first electronic signature data comprises first signature time information;
the signature original data is basic information for electronic signature, and comprises an electronic seal, an original text hash value, original text attribute information, certificate information and algorithm identification used for signature, wherein the original text hash value and the original text attribute information related to signature original text and other information required by a signature process are included, and the combination of the information is the signature original data for electronic signature.
Optionally, the electronic signature generating device signs the signature original data by using an algorithm corresponding to the algorithm identifier to generate first electronic signature data, where the first electronic signature data includes a version number, an electronic seal, first signature time information, an original text hash value, original text attribute information, certificate information, an algorithm identifier, and a signature value, and information other than the signature value and other signature original data is information generated in a signature process, and the information is combined with the signature original data to form first electronic signature data. Wherein the first signature time information records the time information of the signature.
It should be noted that in the normal electronic signature process, the timeliness of the certificate information and the timeliness of the electronic seal need to be verified, and when the signer holds the private key of the signer, the verification steps aiming at the timeliness of the certificate information and the timeliness of the electronic seal can be skipped so as to sign and generate the electronic seal, so that the technical problem to be solved by the application is caused.
Step S20, the first electronic signature data is sent to a trusted organization, so that the trusted organization verifies the first signature time information according to the trusted data and returns second electronic signature data when the first signature time information is verified, wherein the second electronic signature data comprises the first electronic signature data, the trusted data and a trusted signature value generated by the trusted organization for signing the trusted data and the first electronic signature data;
optionally, after the signature generates the first electronic signature data, the first electronic signature data is sent to the trusted authority, so that the trusted authority verifies the first signature time information in the first electronic signature data, and therefore signature generation of the first electronic signature data under the condition that the first electronic signature data is timeliness based on certificate information and the electronic seal is timeliness is guaranteed. Further, after verification is completed, the trusted authority performs further signature by combining the trusted data and the first electronic signature data, and signs to generate second electronic signature data, wherein the second electronic signature data consists of the first electronic signature data, the trusted data and a trusted signature value generated by the further signature. Further, the trusted data is data provided by the trusted authority that may be used to verify and further sign the first electronic signature data.
Step S30, receiving and outputting the second electronic signature data.
Optionally, the second electronic signature data is received from the trusted authority, so that second electronic signature data which is subjected to timeliness verification and further signed is obtained, and the second electronic signature data is output as a signature result of the signature original data.
The method for generating the electronic signature comprises the steps of obtaining signature original data, generating first electronic signature data according to signature of the signature original data, and completing a normal electronic signature process, wherein the first electronic signature data comprises first signature time information; then the first electronic signature data is sent to a trusted organization, so that the trusted organization verifies the first signature time information according to the trusted data and returns the second electronic signature data when the first signature time information is verified, and the signature time of the first electronic signature data is verified; the returned second electronic signature data comprises the first electronic signature data, trusted data and a trusted signature value generated by signing the trusted data and the first electronic signature data by a trusted authority; and receiving and outputting the second electronic signature data. Compared with a common electronic signature process, the method and the device have the advantages that the third party trusted authority is utilized to verify the signature time in the first electronic signature data generated by the signature, and further signature is carried out by combining the verification result and the trusted data provided by the trusted authority, so that the second electronic signature data is generated by the signature, the timeliness of the electronic signature is verified, the problem that signature can still be carried out when the timeliness fails is avoided, and the safety of the electronic signature is improved.
Further, in this embodiment, the trusted data includes current time information when the trusted authority receives the first electronic signature data, authorization certificate information of the trusted authority, and a signature algorithm identifier, where the signature algorithm identifier is a signature algorithm used by the trusted authority to determine to sign the trusted data and the first electronic signature data.
The trusted data comprises current time information, authorization certificate information of the trusted mechanism and signature algorithm identification, wherein the current time information is the current time recorded by the trusted mechanism when the trusted mechanism receives the first electronic signature data, and the current time information provided by the trusted mechanism has a trusted force because the time of the trusted mechanism is strictly compared with the real trusted time and can be used for verifying the first signature time information in the first electronic signature data so as to determine that the first signature time information is not abnormal; the authorization credential information may be used to prove the authenticity of the trusted authority and trusted data and may be used as encrypted material upon further signing.
By means of the current time information, the authorization certificate information and the signature algorithm identification in the trusted data, timeliness of the first signature time information can be verified, and reliability of further signature by the trusted organization and the trusted organization is guaranteed.
Further, based on the above embodiment, another embodiment of the method for generating an electronic signature of the present application is provided. In this embodiment, the trusted data includes current time information, and referring to fig. 4, after the step of sending the first electronic signature data to the trusted authority, the method further includes:
step S21, when first error information fed back by the trusted mechanism is received, corresponding first error prompt information is output; the first error information is information fed back by the trusted authority when the interval time between the first signature time information and the current time information is determined to be longer than the preset time.
Optionally, after the trusted authority receives the first electronic signature data, determining first signature time information therein, when determining that the interval time between the first signature time information and the current time information is longer than a preset time, determining that the generated time of the first electronic signature data is too large with the current time interval, and judging that the timeliness of the first electronic signature data is abnormal, and exemplarily, the preset time may be set to be 5 minutes.
Further, when the trusted authority determines that the timeliness of the first electronic signature data is abnormal, stopping the step of generating the second electronic signature data, and feeding back first error information to the electronic signature generating device, wherein the first error information can comprise an error identifier to inform an error reason, and the electronic signature generating device outputs corresponding error prompt information according to the first error information, namely, outputs corresponding error reason according to the error identifier in the first error information. In this embodiment, the error cause corresponding to the first error information is: the first signature time information of the first electronic signature data is abnormal.
And verifying the first signature time information by utilizing a trusted mechanism to determine that the signature time of the first electronic signature data is not excessively spaced from the current time information, namely the signature time is not tampered, so that verification of timeliness of the signature time is realized in the generation flow of the electronic signature, and the security of the electronic signature is improved.
Further, in this embodiment, the first electronic signature data includes certificate information and a corresponding certificate validity period, and after the step of sending the first electronic signature data to the trusted authority, the method further includes:
step S22, when receiving second error information fed back by the trusted mechanism, outputting corresponding second error prompt information; wherein the second error information is information that the trusted authority determines that the current time information is fed back when the current time information is out of the range of the certificate validity period.
It should be noted that, the certificate information is related information of the digital certificate of the signer, and is used as digital identity of the signer, and the digital certificate has a certain timeliness, so that the corresponding certificate validity period is also recorded in the certificate information.
Optionally, after the trusted authority receives the first electronic signature data, determining the certificate information and the corresponding valid period of the certificate, when the current time information is determined to be out of the valid period of the certificate, determining that the digital certificate of the current time signer has been invalid, and since the first electronic signature data is sent to the trusted authority after being generated and the normal condition signing is performed based on the valid digital certificate, judging that the timeliness of the first electronic signature data is abnormal.
Further, when the trusted authority determines that the timeliness of the first electronic signature data is abnormal, stopping the step of generating the second electronic signature data, feeding back second error information to the electronic signature generating device, and outputting corresponding error prompt information by the electronic signature generating device according to the second error information. In this embodiment, the error cause corresponding to the second error information is: the timeliness of the first electronic signature data certificate information is abnormal.
The certificate validity period of the first electronic signature data is verified by utilizing a trusted mechanism to determine that the certificate information of the first electronic signature data is time-efficient, namely the digital certificate is still effective at the current moment, so that verification of the time-efficient signature is realized in the generation flow of the electronic signature, and the safety of the electronic signature is improved.
Further, in this embodiment, the step of generating the first electronic signature data according to the signature original data signature includes:
step S11, determining first signature time information and uploading the first signature time information to a preset server; determining a first signature address, wherein the first signature address is a storage address of the first signature time information in the preset server;
optionally, when generating the first electronic signature data, the electronic signature generating device determines corresponding first signature time information and then uploads the first signature time information to a preset server. The preset server may be a third party provided server, such as a blockchain server. The first signature time information can be stored by using a preset server, so that the backup record of the signature time is realized. Further, after the first signature time information is stored in the preset server, the electronic signature generating device obtains a corresponding storage address, namely a first signature address.
Step S12, generating the first electronic signature data according to the signature original data, the first signature time information and the first signature address signature;
and the second electronic signature data comprises a second signature address, wherein the second signature address is a storage address of second signature time information in the preset server, and the second signature time information is time information when the second electronic signature data uploaded to the preset server by the trusted authority is generated.
It should be noted that, the first signature time information is generated and determined in the signature process and is finally used as one of the basic information of the signature material, so that the first electronic signature data is generated according to the signature original data, and the generated first electronic signature data still includes information other than the signature original data. In this embodiment, the first signature address and the first signature time information are both information that is generated and determined in the signing process and recorded in the generated first electronic signature data.
Optionally, the electronic signature generating device generates the first electronic signature data according to the signature original data, the first signature time information and the first signature address signature, so that the first signature address is recorded in the first electronic signature data.
Further, when the optional mechanism generates the second electronic signature data, the second signature time information can be uploaded to the preset server as well, and the second electronic signature data can be generated according to the corresponding second signature address, so that the second signature address is recorded in the second electronic signature data.
The first signature time information and the second signature time information are uploaded to the preset server, and the corresponding first signature address and second signature address are recorded in the second electronic signature data, so that another way for comparing the signature time in the electronic signature data with the signature time recorded in the preset server can be provided during verification, and the safety of the electronic signature is improved.
Further, based on the above embodiments, an embodiment of the method for verifying an electronic signature of the present application is provided, and the method is applied to the verification device of the electronic signature.
Referring to fig. 5, the verification method of the electronic signature includes the following steps:
step S40, second electronic signature data is obtained, wherein the second electronic signature data comprises first electronic signature data, trusted data of a trusted mechanism and a trusted signature value of the trusted mechanism, and the second electronic signature data is generated when the trusted mechanism verifies and passes first signature time information in the first electronic signature data;
optionally, after the second electronic signature data is acquired, the verification device of the electronic signature may determine the first electronic signature data, the trusted data and the trusted signature value in the second electronic signature data, so as to verify the second electronic signature data according to the determined data.
Step S50, verifying the first electronic signature data to obtain a first verification result; verifying the second electronic signature data according to the first electronic signature data, the trusted data and the trusted signature value to obtain a second verification result;
optionally, the verification device of the electronic signature verifies the first electronic signature data according to a normal procedure, where the normal procedure can verify whether the signature content of the first electronic signature data is tampered or not, and obtain a corresponding first verification result, where the verification procedure includes verification format compliance, signature value, validity of the digital certificate and time (the step cannot verify that timeliness is tampered), consistency of the original hash value, and validity of the electronic seal.
Further, the second electronic signature data is verified according to the first electronic signature data, the trusted data and the trusted signature value, so that whether time-lapse tampering occurs or not is determined on the basis that signature content of the first electronic signature data is not tampered, and a corresponding second verification result is obtained.
Step S60, determining a target verification result of the signature original data corresponding to the first electronic signature data according to the first verification result and the second verification result.
Optionally, after the first verification result and the second verification result are obtained, the target verification result may be determined by combining the two verification results, that is, determining whether the signature original data is not tampered and is not subject to time-lapse counterfeit tampering.
By verifying the first electronic signature data and the second electronic signature data respectively, whether the timeliness of signature content and signature is tampered or not can be determined respectively, verification of the electronic signature from multiple dimensions is realized, the occurrence of counterfeit and tampered conditions is avoided, and the reliability of the electronic signature is improved.
Further, in this embodiment, the step of verifying the second electronic signature data according to the first electronic signature data, the trusted data and the trusted signature value, and obtaining a second verification result includes:
step S51, extracting first signature time information in the first electronic signature data, and extracting second signature time information in the second electronic signature data, wherein the second signature time information is time information recorded when a trusted authority signs and generates the second electronic signature data;
when the optional mechanism generates the second electronic signature data, the second signature time information may also be used as material information during signing, that is, the generated second electronic signature data includes the second signature time information.
Step S52, when the interval time between the first signature time information and the second signature time information is longer than the preset time, determining that the second verification result is verification failure; and when the interval duration between the first signature time information and the second signature time information is smaller than or equal to the preset time, verifying the second electronic signature data according to the trusted data and the trusted signature value, and obtaining the second verification result.
Optionally, the verification device of the electronic signature compares whether the interval duration between the first signature time information and the second signature time information is greater than a preset time, determines whether the electronic signature is sent to the trusted authority for further signature within the preset time after the generation device of the electronic signature performs the first signature, and the preset time may be, for example, 5 minutes. When the timeliness of the signature is determined to be greater than the preset time, determining that the timeliness of the signature is abnormal, and determining a second verification result; and when the time is less than or equal to the preset time, further verification is carried out according to the trusted data and the trusted signature value.
By verifying the first signature time information and the second signature time information of the signature, it can be determined that the first signature of the signature and the further signature with time reliability are performed within a preset time, so that timeliness verification of the electronic signature is realized, and the security of the electronic signature is improved.
Further, in this embodiment, the step of verifying the second electronic signature data according to the trusted data and the trusted signature value, and obtaining the second verification result includes:
step S53, determining the authorization certificate information of the trusted institution according to the trusted data; when the validity of the authorization certificate information is verified, determining a corresponding public key to verify the trusted signature value according to the authorization certificate information, and when the trusted signature value is verified, determining that the second verification result is verified; and when the validity verification of the authorization certificate information is not passed or the verification of the trusted signature value is not passed, determining that the second verification result is verification failure.
Optionally, after the second electronic signature data passes the timeliness verification, the verification device of the electronic signature can verify the authorization certificate information in the trusted data, determine whether the certificate chain of the certificate is abnormal or not, and verify the reliability of the trusted institution; when the authorization certificate information is verified, a corresponding public key is determined through the certificate, the public key is a public key matched with the trusted signature value, and the trusted signature value can be verified through the public key to determine that the second electronic signature data is generated based on the first electronic signature data and the trusted data signature. When the authorization certificate information and the trusted signature value are verified to pass, determining that timeliness of the signature is not abnormal; when the authentication certificate information or the trusted signature value is not verified, determining that the timeliness of the signature is abnormal; and determining a corresponding second verification result according to the verification result of the authorization certificate information and the trusted signature value.
By verifying the authorization certificate information and the trusted signature value of the trusted data in the second electronic signature data, on the basis of determining the timeliness of the signature, the trusted mechanism and the trusted data are further determined to be not abnormal, the reliability of the timeliness verification result of the signature is improved, and the security of the electronic signature is improved.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (9)
1. The method for generating the electronic signature is characterized by comprising the following steps of:
acquiring signature original data;
generating first electronic signature data according to the signature original data signature, wherein the first electronic signature data comprises first signature time information;
transmitting the first electronic signature data to a trusted authority, so that the trusted authority verifies the first signature time information according to the trusted data and returns second electronic signature data when the first signature time information is verified, wherein the second electronic signature data comprises the first electronic signature data, the trusted data and a trusted signature value generated by the trusted authority for signing the trusted data and the first electronic signature data; the trusted data comprises current time information when the trusted authority receives the first electronic signature data, authorization certificate information of the trusted authority and a signature algorithm identifier, wherein the signature algorithm identifier is used by the trusted authority for determining a signature algorithm used when the trusted authority signs the trusted data and the first electronic signature data;
and receiving and outputting the second electronic signature data.
2. The method of generating an electronic signature as recited in claim 1, wherein the trusted data includes current time information, and after the step of transmitting the first electronic signature data to the trusted authority, further comprising:
when receiving first error information fed back by the trusted mechanism, outputting corresponding first error prompt information;
the first error information is information fed back by the trusted authority when the interval time between the first signature time information and the current time information is determined to be longer than the preset time.
3. The method of generating an electronic signature as recited in claim 1, wherein the trusted data includes current time information, the first electronic signature data includes certificate information and a corresponding certificate expiration date, and after the step of transmitting the first electronic signature data to a trusted authority, further comprising:
outputting corresponding second error prompt information when receiving the second error information fed back by the trusted mechanism;
wherein the second error information is information that the trusted authority determines that the current time information is fed back when the current time information is out of the range of the certificate validity period.
4. The method of generating an electronic signature as recited in claim 1, wherein the step of generating first electronic signature data from the signature raw data signature comprises:
determining first signature time information and uploading the first signature time information to a preset server;
determining a first signature address, wherein the first signature address is a storage address of the first signature time information in the preset server;
generating the first electronic signature data according to the signature original data, the first signature time information and the first signature address signature;
and the second electronic signature data comprises a second signature address, wherein the second signature address is a storage address of second signature time information in the preset server, and the second signature time information is time information when the second electronic signature data uploaded to the preset server by the trusted authority is generated.
5. The verification method of the electronic signature is characterized by comprising the following steps of:
acquiring second electronic signature data, wherein the second electronic signature data comprises first electronic signature data, trusted data of a trusted mechanism and a trusted signature value of the trusted mechanism, and the second electronic signature data is generated when the trusted mechanism verifies and passes first signature time information in the first electronic signature data; the trusted data comprises current time information when the trusted authority receives the first electronic signature data, authorization certificate information of the trusted authority and a signature algorithm identifier, wherein the signature algorithm identifier is used by the trusted authority for determining a signature algorithm used when the trusted authority signs the trusted data and the first electronic signature data; the trusted signature value is generated by the trusted authority signing the trusted data and the first electronic signature data;
verifying the first electronic signature data to obtain a first verification result;
verifying the second electronic signature data according to the first electronic signature data, the trusted data and the trusted signature value to obtain a second verification result;
and determining a target verification result of signature original data corresponding to the first electronic signature data according to the first verification result and the second verification result.
6. The method of verifying an electronic signature as set forth in claim 5, wherein the step of verifying the second electronic signature data based on the first electronic signature data, the trusted data, and the trusted signature value, the step of obtaining a second verification result includes:
extracting first signature time information in the first electronic signature data, and extracting second signature time information in the second electronic signature data, wherein the second signature time information is recorded time information when a trusted authority signs and generates the second electronic signature data;
when the interval time between the first signature time information and the second signature time information is longer than the preset time, determining that the second verification result is verification failure;
and when the interval duration between the first signature time information and the second signature time information is smaller than or equal to the preset time, verifying the second electronic signature data according to the trusted data and the trusted signature value, and obtaining the second verification result.
7. The method of verifying an electronic signature as defined in claim 6, wherein verifying the second electronic signature data based on the trusted data and the trusted signature value, the step of obtaining the second verification result comprises:
determining authorization certificate information of the trusted authority according to the trusted data;
when the validity of the authorization certificate information is verified, determining a corresponding public key to verify the trusted signature value according to the authorization certificate information, and when the trusted signature value is verified, determining that the second verification result is verified;
and when the validity verification of the authorization certificate information is not passed or the verification of the trusted signature value is not passed, determining that the second verification result is verification failure.
8. An electronic signature generation apparatus, characterized in that the electronic signature generation apparatus includes: memory, a processor and a generation program of an electronic signature stored on the memory and executable on the processor, the generation program of an electronic signature being configured to implement the steps of the generation method of an electronic signature as claimed in any one of claims 1 to 4.
9. An electronic signature verification device, characterized in that the electronic signature verification device comprises: memory, a processor and a verification program of an electronic signature stored on the memory and executable on the processor, the verification program of an electronic signature being configured to implement the steps of the verification method of an electronic signature as claimed in any one of claims 5 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211227405.XA CN115913563B (en) | 2022-10-09 | 2022-10-09 | Electronic signature generation method, verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211227405.XA CN115913563B (en) | 2022-10-09 | 2022-10-09 | Electronic signature generation method, verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115913563A CN115913563A (en) | 2023-04-04 |
| CN115913563B true CN115913563B (en) | 2023-09-29 |
Family
ID=86475161
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211227405.XA Active CN115913563B (en) | 2022-10-09 | 2022-10-09 | Electronic signature generation method, verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913563B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002185449A (en) * | 2000-12-12 | 2002-06-28 | Nippon Telegr & Teleph Corp <Ntt> | Time seal issuing apparatus |
| CN1547344A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| JP2011086018A (en) * | 2009-10-14 | 2011-04-28 | Hitachi Government & Public Corporation System Engineering Ltd | Electronic stamping system using mobile phone |
| CN104539434A (en) * | 2015-01-23 | 2015-04-22 | 济南同智伟业软件股份有限公司 | Electronic seal system and electronic seal method based on time stamp and GPS location |
| CN105429754A (en) * | 2014-09-23 | 2016-03-23 | 西部安全认证中心有限责任公司 | Management method and system of national standard electronic seal |
| WO2017016318A1 (en) * | 2014-11-05 | 2017-02-02 | 祝国龙 | Credible label generation and verification method and system based on asymmetric cryptographic algorithm |
| KR20180093547A (en) * | 2017-02-14 | 2018-08-22 | (주)헤윰커뮤니케이션즈 | Electronic signature method using signer identification |
| CN111769955A (en) * | 2020-06-30 | 2020-10-13 | 成都卫士通信息产业股份有限公司 | Electronic signature generation method and device, electronic signature verification method and device and related components |
| CN111833004A (en) * | 2019-04-23 | 2020-10-27 | 天地融科技股份有限公司 | Signature method, verification method and system of electronic signature |
| CN114692218A (en) * | 2020-12-31 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Electronic signature method, equipment and system for individual user |
| CN114697040A (en) * | 2020-12-31 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Electronic signature method and system based on symmetric key |
| CN114817890A (en) * | 2022-03-24 | 2022-07-29 | 深圳市电子商务安全证书管理有限公司 | Electronic signature method and device of document, terminal equipment and storage medium |
-
2022
- 2022-10-09 CN CN202211227405.XA patent/CN115913563B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002185449A (en) * | 2000-12-12 | 2002-06-28 | Nippon Telegr & Teleph Corp <Ntt> | Time seal issuing apparatus |
| CN1547344A (en) * | 2003-12-17 | 2004-11-17 | 上海市高级人民法院 | Method of applying timestamp in remote signature system |
| JP2011086018A (en) * | 2009-10-14 | 2011-04-28 | Hitachi Government & Public Corporation System Engineering Ltd | Electronic stamping system using mobile phone |
| CN105429754A (en) * | 2014-09-23 | 2016-03-23 | 西部安全认证中心有限责任公司 | Management method and system of national standard electronic seal |
| WO2017016318A1 (en) * | 2014-11-05 | 2017-02-02 | 祝国龙 | Credible label generation and verification method and system based on asymmetric cryptographic algorithm |
| CN104539434A (en) * | 2015-01-23 | 2015-04-22 | 济南同智伟业软件股份有限公司 | Electronic seal system and electronic seal method based on time stamp and GPS location |
| KR20180093547A (en) * | 2017-02-14 | 2018-08-22 | (주)헤윰커뮤니케이션즈 | Electronic signature method using signer identification |
| CN111833004A (en) * | 2019-04-23 | 2020-10-27 | 天地融科技股份有限公司 | Signature method, verification method and system of electronic signature |
| CN111769955A (en) * | 2020-06-30 | 2020-10-13 | 成都卫士通信息产业股份有限公司 | Electronic signature generation method and device, electronic signature verification method and device and related components |
| CN114692218A (en) * | 2020-12-31 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Electronic signature method, equipment and system for individual user |
| CN114697040A (en) * | 2020-12-31 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Electronic signature method and system based on symmetric key |
| CN114817890A (en) * | 2022-03-24 | 2022-07-29 | 深圳市电子商务安全证书管理有限公司 | Electronic signature method and device of document, terminal equipment and storage medium |
Non-Patent Citations (6)
| Title |
|---|
| Graph Embedding for Offline Handwritten Signature Verification;Michael Stauffer等;《ICBEA 2019: Proceedings of the 2019 3rd International Conference on Biometric Engineering and Applications》;全文 * |
| 一种基于区块链的电子签章验证平台设计;李强;高超航;何智;谢京涛;;信息安全研究(12);全文 * |
| 基于ECC+DWT多重数字水印的电子签章应用方案研究;刘素芳;;北京信息科技大学学报(自然科学版)(02);全文 * |
| 基于PKI的电子签章系统的研究与设计;廖建平;张丽娜;;科技信息(科学教研)(第13期);全文 * |
| 基于可信计算技术的可信签章系统;梁敏;赵晋;刘俊彦;;计算机安全(第06期);全文 * |
| 安全可信的电子印章体系与关键技术研究;陈中林;《中国人民公安大学学报》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115913563A (en) | 2023-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3343831B1 (en) | Identity authentication method and apparatus | |
| CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
| CN100459488C (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| CN110391913B (en) | Vehicle binding method and device | |
| US20020038290A1 (en) | Digital notary system and method | |
| JP4818664B2 (en) | Device information transmission method, device information transmission device, device information transmission program | |
| US20110289318A1 (en) | System and Method for Online Digital Signature and Verification | |
| CN109118377B (en) | Processing method and system for claim settlement event based on block chain and electronic equipment | |
| CN108496323B (en) | Certificate importing method and terminal | |
| EP2262165A1 (en) | User generated content registering method, apparatus and system | |
| CN111753278A (en) | Comprehensive management system and method for electronic copyright authentication certificate | |
| CN109657170B (en) | Webpage loading method and device, computer equipment and storage medium | |
| CN111125665A (en) | Authentication method and device | |
| JP5278495B2 (en) | Device information transmission method, device information transmission device, device information transmission program | |
| CN113890738A (en) | Electronic signature method and device | |
| CN111953477B (en) | Terminal equipment, generation method of identification token of terminal equipment and interaction method of client | |
| CN115242471B (en) | Information transmission method, information transmission device, electronic equipment and computer readable storage medium | |
| CN115913563B (en) | Electronic signature generation method, verification method and device | |
| CN114301597B (en) | Key verification method, device and readable storage medium | |
| CN114285662A (en) | Authentication method, device, equipment and storage medium | |
| CN113868628A (en) | Signature verification method and device, computer equipment and storage medium | |
| CN112910883A (en) | Data transmission method and device and electronic equipment | |
| CN115329294B (en) | Electronic contract generating method, device, equipment and storage medium | |
| CN112737790B (en) | Data transmission method and device, server and client terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |