The implementation method of E-seal
Technical field
The present invention relates in ecommerce or electronic identification, realize that electronic signature or Electronic Signature carry out false proof method, particularly a kind of implementation method that adopts the E-seal of ActiveX technology and PKI technology.
Background technology
Along with the issuing and implementation of Electronic Signature Law, a lot of companies have all put in the research and development of E-seal, and E-seal product in the market all is based on picture and realizes in conjunction with certain cryptographic technique, its make and use roughly as follows:
(1) at first generates E-seal master pattern file by scanner or dedicated graphics process software;
(2) the E-seal picture file that generates is edited correction (as cutting edge etc.);
(3) corrected seal picture file is encrypted, and exported in the exterior storage medium (as flash disk etc.);
When (4) using, insert the exterior storage medium that the encrypted electronic seal is housed, input corresponding protection password (also have adopt biological identification technology), program is deciphered the seal picture again and is added a cover on the corresponding e-file;
(5) adopt cryptographic technique that the file of having added a cover E-seal is carried out digital signature (also can carry out encryption and package);
(6) take over party or verifier can confirm the stamped signature side of file by the digital signature of authenticating documents, and can guarantee the integrality of file.
The implementation of above-mentioned E-seal, can be referred to as " static E-seal ", because E-seal is in passive state all the time in the process of whole Electronic Signature, as the generation of seal, the checking of seal etc., trace it to its cause mainly is because these E-seal products have all only been noticed the external expressive form of traditional seal, and ignored its abundant intension, such E-seal is one in fact and has added close picture file.This often can not satisfy in our real life needs for seal, because seal is except external graphical representation, a lot of abundant implications have also been comprised, as making date of the title of seal, seal, production unit, effective date, Expiration Date, end user, anti-counterfeiting information or the like.
" static E-seal " can not generate and write down various useful informations dynamically owing to the defective on designing in the process of making, store, using, as seal effective date, the date of affixing one's seal, printing people, printing umber etc.Thereby can not be fully and true embodiment go out the facility that Electronic Signature brings, also for afterwards trace and audit has brought inconvenience.
There is potential safety hazard in " static E-seal " in the use of seal, it can not prevent that the user is by copying the possibility that technological means such as screen illegally obtain seal graphics, because " static E-seal " be a graphic file just, affix one's seal or when browsing, seal must be to be present on the file with the plaintext pattern form after the deciphering, and this just provides the approach of illegal acquisition seal designs for those people that have different agendas.
" static E-seal " can not dynamically show the state of its existence, and the e-file of for example affixing one's seal and finishing if illegally altered, has only by corresponding proving program and just can confirm, can not accomplish initiatively to report to the police, and in time reminds.
Summary of the invention
The objective of the invention is under the electric network environment, both to have met traditional stamped signature custom in order to solve, can overcome above-mentioned " static E-seal " again and have not enough problem, a kind of traditional stamped signature custom that meets is provided, dynamically generate and record seal and stamped signature information the implementation method of the E-seal that security is higher.
The objective of the invention is to realize by following technical proposals:
The implementation method of E-seal, the making, granting, the use step that comprise E-seal, the making step of E-seal comprises the scanning of original seal picture, it is characterized in that: the making of E-seal also comprises the ActiveX encapsulation of E-seal, promptly the electronic pictures of the good original seal of scanning is imported in the E-seal that is encapsulated as ActiveX control; And the setting of the attribute of E-seal, i.e. the appointment end user's of setting E-seal attribute in being encapsulated as the E-seal of ActiveX control; And the function setting of E-seal, promptly set the function in E-seal generation and the use; And the PKI of E-seal encapsulation, promptly use the PKI technology that E-seal is encapsulated as the digital envelope form.
The attribute of above-mentioned E-seal is set and is also comprised and be set as follows attribute:
A. seal title
B. seal unique identifier
C. making stamp unit
D. make the date
E. seal effective date
F. seal Expiration Date
G. seal height
H. seal width
I. seal resolution
J. seal image data
K. seal digital signature value
L. printing control information
The above-mentioned E-seal that is encapsulated as ActiveX control also has following function:
A. calculate automatically and affix one's seal the date
B. fill in sealer's information automatically
C. judge whether seal comes into force
D. judge whether seal lost efficacy
E. judge the seal data integrity
F. carry out the digital signature operation
G. judge the authenticity and integrity of stamped signature file before opening file
H. print the stamped signature file
I. record printing information
In the use step of above-mentioned E-seal, the end user of appointment deciphers before the E-seal, the original seal picture that is encapsulated as the E-seal of ActiveX control is set to not reproducible and fuzzy the demonstration, fundamentally stopped illegally to obtain seal image by means such as screen copy or photograph, the true seal image can only be exported by printer.
In the use step of above-mentioned E-seal, the electronic document that stamped signature finishes, ActiveX control to its encrypt with digital signature after send; When the take over party opened this stamped signature electronic document, the ActiveX control of E-seal called the certifying signature operation automatically, and the integrality and the authenticity of stamped signature file are carried out verification.
In the use step of above-mentioned E-seal, when the electronic document of stamped signature was printed, E-seal write down its type information, and control it and print umber, or the restriction printing function.
The ActiveX technology is powerful program design and the development technique that Microsoft company provides, and ActiveX is an Automation object, also is COM (Component ObjectModel, the The Component Object Model) object of a standard simultaneously.ActiveX is a comprehensive technology, it relates to COM and OLE (Object Linking and Embedding, object linking and embedding) many technology elite, can combine closely with Windows operating system simultaneously, a kind of expansion as the control of Windows standard, and, ActiveX control not only can be used for desktop environment, it can also be used on the Internet network, as the data cell of self-contained code in transmission over networks, ActiveX makes Internet become more active, Web server not only can provide the client interested data, it also can directly send to Internet client to run time version in company with data together, and the client also can handle these data by variety of way when obtaining data.Have the function of such excellence just because of ActiveX, we can encapsulate some dynamic codes in company with the seal data together, make static real " moving " of E-seal, satisfy the requirement of client for Electronic Signature.
PKI is the abbreviation of " Public Key Infrastructure ", means " Public Key Infrastructure ".Briefly, the PKI technology is exactly the infrastructure that the information security service is provided of utilizing the PKI theory and technology to set up.Public key system is present most widely used a kind of encryption system, and in this system, encryption key and decruption key have nothing in common with each other, and the people who sends information utilizes recipient's PKI to send enciphered message, and the recipient utilizes own proprietary private key to be decrypted again.This mode had both guaranteed the confidentiality of information, can guarantee information have non repudiation again.At present, public key system is widely used for fields such as ca authentication, digital signature and key change.
The most basic service that integrality and the undeniable PKI of being provide.In general, integrality also can be consulted a secret by both sides and be solved, but a side is when having a mind to deny, and this integrality just can't be accepted third-party arbitration.And the integrality that PKI provides can be arbitrated by the third party, and this integrality that can be arbitrated by the third party is that communicating pair is all undeniable.For example, Xiao Zhang sends a contract to Lao Li, and Lao Li can require Xiao Zhang to carry out digital signature, and the contract behind the signature not only Lao Li can be verified its integrality, and other people can verify that also this contract is that Xiao Zhang signs and issues really.And the somebody of institute comprises Lao Li, does not all imitate the ability that Xiao Zhang signs this contract." undeniable " is exactly to provide service by such PKI data signature mechanism.When legal permission, should " non-repudiation " can be used as legal basis (law of electronic signature of China is formally issuing and implementation).During correct the use, the security of PKI should be higher than the paper seal system of present use.
As seen, adopt the present invention of technique scheme, compared with prior art, having available original seal picture carries out stamped signature and meets traditional habit, realize dynamically generating and the information that writes down relevant seal or sign a bill by ActiveX, send and the advantage of the security of stamped signature by PKI technique guarantee E-seal, can be widely used in to provide in the mode of stamped signature in electronics, the network environments such as ecommerce, electronic identification the field of anti-counterfeiting information.
Description of drawings
Fig. 1 is a performing step of the present invention.
Embodiment
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
As shown in Figure 1, the implementation method of E-seal comprises the making of E-seal, the granting of E-seal, three major parts of the use of E-seal, also can be described as three big steps, the picture scanning that in the making step of E-seal, can be divided into original seal again, the ActiveX control encapsulation of E-seal, the attribute of E-seal is set, the function setting of E-seal, the PKI encapsulation several steps of E-seal, the picture of original seal is an electronic pictures through the high precision scanner scanning, electronic pictures that then will this original seal imports in the E-seal that is encapsulated as ActiveX control, this ActiveX control has designed the property value of various seal information and can set, the E-seal ActiveX control that has imported electronic pictures is carried out attribute set, these attributes comprise the end user of appointment, the seal title, the seal unique identifier, making stamp unit, make the date, the seal effective date, the seal Expiration Date, seal height (unit: cm), seal width (unit: cm), seal resolution (unit: dpi), the seal image data, the seal digital signature value, the attribute that printing control information and other have use value; Also include software code in the ActiveX control of this E-seal with executive capability, can carry out following function: calculate automatically and affix one's seal the date, automatically fill in sealer's information, judge whether seal comes into force, judge whether seal lost efficacy, judge the seal data integrity, carry out the digital signature operation, judge the authenticity and integrity of stamped signature file before opening file, print the stamped signature file, record printing information and other function codes that needs, then the PKI in the ActiveX control utilization PKI technology of this E-seal being carried out encryption and package is the digital envelope form, has only the designated seal end user can decipher and use this piece E-seal so that guarantee.
The ActiveX control of this E-seal (after PKI encapsulation) is used as general control software and provides people to the stamped signature of having the right, owing to include end user's attribute information of appointment in this control, end user if not appointment obtains this control, and the ActiveX control of this E-seal can not be used to stamped signature and use.
The use step of E-seal comprise E-seal stamped signature, stamped signature electronic document transmission, stamped signature electronic document reception, the private key deciphering among the utilization PKI, stamped signature electronic document printing each step by step.
In the stamped signature step of E-seal, people for the stamped signature of having the right, because E-seal has been encapsulated as the form of ActiveX control, therefore can be as inserting the application program that picture inserts various support ActiveX controls, as webpage, Word, Excel, WPS, Lotus Notes, Email etc., before the end user of appointment deciphers the ActiveX control of this E-seal, utilize graph processing technique, original seal picture is blured and the virtualization processing, make it to show as and to copy, the false proof state of pasting, fundamentally stopped illegally to obtain seal image by means such as screen copy or photograph, the true seal image can only be exported by printer.
The method that the ActiveX control of the electronic document of stamped signature by this E-seal provides, encrypt with digital signature after send, guarantee to have only legal take over party could decipher and read the stamped signature file.
The take over party receives the electronic document of stamped signature, private key in the utilization PKI technology is decrypted this electronic document, receive when the reception of stamped signature file this or when having the user of authority to open the stamped signature file, the ActiveX control of E-seal will call the certifying signature operation automatically, integrality and authenticity to the stamped signature file are carried out verification, if verification is not passed through, the seal picture will be shown as " file is distorted ", so that remind this part of user file untrue, even by printer output, seal graphics also can't print.
In the printing of stamped signature electronic document, in E-seal, can write down the printing control information of stamped signature electronic document, can only print the umber of regulation as the recipient of specified file, or do not allow recipient's print file, this has the industry of specific (special) requirements or user to be necessary for those, just because of having adopted PKI and ActiveX technology, make above-mentioned functions become possibility.