TW201828642A - Method and device for realizing electronic signature, and signature server to solve the problem that the implementation cost of the U-shield signature scheme in the prior art is high - Google Patents

Method and device for realizing electronic signature, and signature server to solve the problem that the implementation cost of the U-shield signature scheme in the prior art is high Download PDF

Info

Publication number
TW201828642A
TW201828642A TW106101918A TW106101918A TW201828642A TW 201828642 A TW201828642 A TW 201828642A TW 106101918 A TW106101918 A TW 106101918A TW 106101918 A TW106101918 A TW 106101918A TW 201828642 A TW201828642 A TW 201828642A
Authority
TW
Taiwan
Prior art keywords
hash value
key
encrypted
digital certificate
signature
Prior art date
Application number
TW106101918A
Other languages
Chinese (zh)
Other versions
TWI734729B (en
Inventor
高翔
胡運平
劉凱
貢鵬
汪衛國
Original Assignee
阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集團服務有限公司 filed Critical 阿里巴巴集團服務有限公司
Priority to TW106101918A priority Critical patent/TWI734729B/en
Publication of TW201828642A publication Critical patent/TW201828642A/en
Application granted granted Critical
Publication of TWI734729B publication Critical patent/TWI734729B/en

Links

Abstract

The present invention provides a method and a device for realizing an electronic signature. The method incudes: determining a hash value of an electronic document to be signed; encrypting the hash value with a private key corresponding to a public key in the digital certificate; and merging the encrypted hash value, the digital certificate, and the picture of the electronic signature into the electronic document. With the technical scheme of the present invention, it is able to solve the problem that the implementation cost of the U-shield signature scheme in the prior art is high, so as to realize the mode of Internet signature and reduce the user cost.

Description

實現電子簽章的方法、裝置及簽章伺服器  Method, device and signature server for realizing electronic signature  

本發明涉及網際網路技術領域,尤其涉及一種實現電子簽章的方法、裝置及簽章伺服器。 The present invention relates to the field of Internet technologies, and in particular, to a method, an apparatus, and a signature server for implementing an electronic signature.

當需要對大型網際網路金融企業為使用者提供的電子檔進行電子簽章時,現有技術藉由電子簽章所用的私密金鑰是放置在U盾中,當使用者使用電子簽章時,將U盾插入電腦,電子簽章系統藉由獲取U盾內的與數位憑證中的公開金鑰相對應的私密金鑰對電子文檔進行簽章,由於使用該方案的前提是必須使用戶購買U盾,因此當大量使用者需要電子簽章時,實施成本高,推廣難度大。 When it is necessary to electronically sign a electronic file provided by a large Internet financial enterprise for a user, the private key used in the prior art by the electronic signature is placed in the U shield, when the user uses the electronic signature, Inserting the U shield into the computer, the electronic signature system signs the electronic document by obtaining the private key corresponding to the public key in the digital certificate in the U shield. The prerequisite for using the solution is that the user must purchase the U. Shield, so when a large number of users need an electronic signature, the implementation cost is high and the promotion is difficult.

有鑑於此,本發明提供一種新的技術方案,可以解決在用戶量大時以網際網路方式即時發明電子文檔的電子簽章,降低電子簽章過程的硬體成本的技術問題。 In view of this, the present invention provides a new technical solution, which can solve the technical problem of instantly inventing an electronic signature of an electronic document in an Internet manner when the amount of users is large, and reducing the hardware cost of the electronic signature process.

為實現上述目的,本發明提供技術方案如下:根據本發明的第一方面,提出了一種實現電子簽章的 方法,包括:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 In order to achieve the above object, the present invention provides a technical solution as follows: According to a first aspect of the present invention, a method for implementing an electronic signature is provided, comprising: determining a hash value of an electronic document to be signed; and using the hash value Encrypting the private key corresponding to the public key in the digital certificate; synthesizing the encrypted hash value, the digital certificate, and the picture of the electronic signature into the electronic document.

根據本發明的第二方面,提出了一種實現電子簽章的方法,包括:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述協力廠商業務平台,所述第二秘鑰由所述簽章伺服器和所述協力廠商業務平台之間預設的秘鑰;在所述協力廠商業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 According to a second aspect of the present invention, a method for implementing an electronic signature is provided, comprising: determining a hash value of an electronic document to be signed; and transmitting the hash value and the second key of the electronic document to a second private network The second key is a preset key between the signature server and the third-party service platform; the second key pair is used in the third-party service platform. After the hash value is encrypted, the encrypted hash value is received via the second private network; the encrypted hash value, the digital certificate, and the electronic signature picture are synthesized into the electronic document in.

根據本發明的協力廠商面,提出了一種實現電子簽章的裝置,包括:確定模組,用於確定待簽章的電子文檔的雜湊值;第一加密模組,用於對所述確定模組確定的所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組,用於將所述第一加密模組加密後的所 述雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 According to the collaborative manufacturer of the present invention, an apparatus for implementing an electronic signature is provided, comprising: a determining module for determining a hash value of an electronic document to be signed; and a first encryption module for determining the modulus The hash value determined by the group is encrypted by using a private key corresponding to the public key in the digital certificate; the signature synthesizing module is configured to encrypt the hash value and the identifier of the first encryption module. A digital certificate and a picture of the electronic signature are combined into the electronic document.

根據本發明的第四方面,提出了一種簽章伺服器,包括:處理器;用於儲存所述處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 According to a fourth aspect of the present invention, a signature server is provided, comprising: a processor; a memory for storing the processor executable instructions; wherein the processor is configured to: determine a signature to be signed a hash value of the electronic document; encrypting the hash value with a private key corresponding to the public key in the digital certificate; and the encrypted hash value, the digital certificate, and the picture of the electronic signature Synthesized into the electronic document.

根據本發明的第五方面,提出了一種簽章伺服器,包括:處理器;用於儲存所述處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述協力廠商業務平台,所述第二秘鑰由所述簽章伺服器和所述協力廠商業務平台之間預設的秘鑰;在所述協力廠商業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 According to a fifth aspect of the present invention, a signature server is provided, comprising: a processor; a memory for storing the processor executable instructions; wherein the processor is configured to: determine a signature to be signed a hash value of the electronic document; sending the hash value and the second key of the electronic document to the third-party private network via the second private network, the second key being used by the signature server and the a preset key between the vendors' service platforms; after the third vendor's service platform encrypts the hash value by using the second key, receiving the encrypted hash by the second private network a value; the encrypted hash value, the digital certificate, and the electronic signature are synthesized into the electronic document.

由以上技術方案可見,本發明藉由對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,從而解決了現有技術中的U盾簽章方案實施成本高的問題,實現了網際網路簽章的模式,降低了使用者成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔上,提升了電子簽章的安全性和公信力。 It can be seen from the above technical solution that the present invention encrypts the hash value by using the private key corresponding to the public key in the digital certificate, and synthesizes the encrypted hash value, the digital certificate and the electronic signature image into the electronic document. Therefore, the problem of high implementation cost of the U-Shield signature scheme in the prior art is solved, the mode of the Internet signature is implemented, the user cost is reduced, the hash value is encrypted, and the encrypted hash value is The digital voucher is synthesized into an electronic document, which enhances the security and credibility of the electronic signature.

21‧‧‧第三方認證中心 21‧‧‧ Third Party Certification Center

22‧‧‧簽章伺服器 22‧‧‧Signature Server

23‧‧‧雲端資料庫 23‧‧‧Cloud database

24‧‧‧第一業務平台 24‧‧‧First Business Platform

31‧‧‧簽章伺服器 31‧‧‧Signature Server

32‧‧‧第三方認證中心 32‧‧‧ Third Party Certification Center

41‧‧‧簽章伺服器 41‧‧‧Signature Server

42‧‧‧第三方業務平台 42‧‧‧ Third Party Service Platform

61‧‧‧確定模組 61‧‧‧Determining modules

62‧‧‧第一加密模組 62‧‧‧First encryption module

63‧‧‧簽章合成模組 63‧‧‧Signature Synthesis Module

64‧‧‧第二加密模組 64‧‧‧Second encryption module

65‧‧‧儲存模組 65‧‧‧Storage module

66‧‧‧簽章合成模組 66‧‧‧Signature Synthetic Module

67‧‧‧接收模組 67‧‧‧ receiving module

621‧‧‧獲取單元 621‧‧‧Acquisition unit

622‧‧‧解密單元 622‧‧‧Decryption unit

623‧‧‧加密單元 623‧‧‧Encryption unit

624‧‧‧第一發送單元 624‧‧‧First sending unit

625‧‧‧第一接收單元 625‧‧‧First receiving unit

圖1A示出了根據本發明的一示例性實施例的實現電子簽章的方法的流程示意圖;圖1B示出了根據本發明的一示例性實施例的電子簽章的圖片的示意圖;圖1C示出了根據本發明的一示例性實施例的數位憑證的示意圖;圖2A示出了根據本發明的另一示例性實施例的實現電子簽章的方法的流程示意圖;圖2B示出了根據本發明的另一示例性實施例的場景圖;圖3A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖;圖3B示出了根據本發明的又一示例性實施例的場景圖;圖4A示出了根據本發明的又一示例性實施例的實現 電子簽章的方法的流程示意圖;圖4B示出了根據本發明的又一示例性實施例的場景圖;圖5示出了根據本發明的一示例性實施例的簽章伺服器的結構示意圖;圖6示出了根據本發明的一示例性實施例的實現電子簽章裝置的結構示意圖;圖7示出了根據本發明的另一示例性實施例的實現電子簽章裝置的結構示意圖。 1A is a flow chart showing a method of implementing an electronic signature according to an exemplary embodiment of the present invention; FIG. 1B is a schematic diagram showing a picture of an electronic signature according to an exemplary embodiment of the present invention; A schematic diagram of a digital certificate in accordance with an exemplary embodiment of the present invention is shown; FIG. 2A shows a flow diagram of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention; FIG. 2B illustrates A scene view of another exemplary embodiment of the present invention; FIG. 3A shows a schematic flowchart of a method of implementing an electronic signature according to still another exemplary embodiment of the present invention; FIG. 3B illustrates yet another A scenario diagram of an exemplary embodiment; FIG. 4A illustrates a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention; FIG. 4B illustrates a further exemplary embodiment in accordance with the present invention. FIG. 5 is a schematic structural diagram of a signature server according to an exemplary embodiment of the present invention; FIG. 6 is a schematic diagram showing the structure of an electronic signature device according to an exemplary embodiment of the present invention. ; FIG. 7 shows a schematic structural diagram of another exemplary embodiment of the present invention is implemented in accordance with an electronic signature device.

這裡將詳細地對示例性實施例進行說明,其示例表示在附圖中。下面的描述涉及附圖時,除非另有表示,不同附圖中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本發明相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本發明的一些方面相一致的裝置和方法的例子。 Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. The following description refers to the same or similar elements in the different figures unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Instead, they are merely examples of devices and methods consistent with aspects of the invention as detailed in the appended claims.

在本發明使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本發明。在本發明和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“和/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。 The terminology used in the present invention is for the purpose of describing particular embodiments, and is not intended to limit the invention. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

應當理解,儘管在本發明可能採用術語第一、第二、 第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本發明範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“回應於確定”。 It should be understood that although the terms first, second, third, etc. may be used in the present invention to describe various information, such information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, the first information may also be referred to as second information without departing from the scope of the invention. Similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when" or "when" or "in response to a determination."

為對本發明進行進一步說明,提供下列實施例:根據本發明一個實施例,藉由對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,從而解決了現有技術中的U盾簽章方案實施成本高的問題,實現了網際網路簽章的模式,降低了使用者成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔上,提升了電子簽章的安全性和公信力。 In order to further illustrate the present invention, the following embodiments are provided: According to one embodiment of the present invention, an encrypted hash value, a digit, is encrypted by using a private key corresponding to the public key in the digital certificate for the hash value. The images of the voucher and the electronic signature are synthesized into an electronic document, thereby solving the problem of high implementation cost of the U-Shield signature scheme in the prior art, realizing the mode of the Internet signature, reducing the user cost, by The hash value encryption and the integration of the encrypted hash value and digital certificate into the electronic document enhance the security and credibility of the electronic signature.

圖1A示出了根據本發明的一示例性實施例的實現電子簽章的方法的流程示意圖,圖1B示出了根據本發明的一示例性實施例的電子簽章的示意圖,圖1C示出了根據本發明的一示例性實施例的數位憑證的示意圖;可以應用在簽章伺服器上。如圖1A所示,實現電子簽章的方法包括如下步驟:步驟101,確定待簽章的電子文檔的雜湊值;步驟102,對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;步驟103,將加密後的雜湊值、數位憑證和電子簽章 的圖片合成到電子文檔中。 1A is a flow chart showing a method of implementing an electronic signature according to an exemplary embodiment of the present invention, and FIG. 1B is a schematic diagram showing an electronic signature according to an exemplary embodiment of the present invention, and FIG. 1C shows A schematic diagram of a digital certificate in accordance with an exemplary embodiment of the present invention; applicable to a signature server. As shown in FIG. 1A, the method for implementing an electronic signature includes the following steps: Step 101, determining a hash value of an electronic document to be signed; and Step 102, using a private key corresponding to the public key in the digital certificate for the hash value. The key is encrypted; in step 103, the encrypted hash value, the digital certificate, and the electronic signature image are synthesized into an electronic document.

在步驟101中,在一實施例中,電子文檔可以是本地檔(例如,證明檔、電子回單等);在另一實施例中,電子文檔可以來自第一業務平台,第一業務平台可以為支付類金融業務平台(例如,支付寶),相應的,電子文檔可以為資產證明、帳單、電子回單;在另一實施例中,電子文檔可以來自第二業務平台,第二業務平台可以為存款類金融業務平台(例如,招財寶),相應的,電子文檔可以為借款和利息證明;在再一實施例中,電子文檔可以來自第三業務平台,第三業務平台可以為網際網路金融業務平台(例如,網商銀行),相應的,電子文檔可以為終端使用者發明的電子憑證等等,由此可知,本發明對電子文檔的來源不做限制。 In step 101, in an embodiment, the electronic document may be a local file (eg, a certification file, an electronic receipt, etc.); in another embodiment, the electronic document may be from a first service platform, and the first service platform may For a payment-type financial service platform (for example, Alipay), correspondingly, the electronic document may be an asset certificate, a bill, or an electronic receipt; in another embodiment, the electronic document may be from a second service platform, and the second service platform may be For a deposit-type financial business platform (for example, Treasures), correspondingly, the electronic document can be proof of loan and interest; in another embodiment, the electronic document can be from the third service platform, and the third service platform can be the Internet. The financial service platform (for example, the network merchant bank), correspondingly, the electronic document can be an electronic certificate invented by the terminal user, etc., and thus, the present invention does not limit the source of the electronic document.

在一實施例中,電子簽章可以為第一業務平台對應的企業的電子簽章、第二業務平台對應的企業的電子簽章、第三業務平台對應的企業的電子簽章。在一實施例中,可以藉由雜湊(Hash)演算法提取電子文檔的雜湊值。 In an embodiment, the electronic signature may be an electronic signature of the enterprise corresponding to the first service platform, an electronic signature of the enterprise corresponding to the second service platform, and an electronic signature of the enterprise corresponding to the third service platform. In an embodiment, the hash value of the electronic document can be extracted by a hash algorithm.

在步驟102中,在一實施例中,可以根據電子文檔的來源確定對雜湊值的加密方式,例如,如果電子文檔來自第一業務平台,可以在簽章伺服器中設置加密機,藉由加密機的第一秘鑰(也可稱為主秘鑰,MainKey)來加密數位憑證中的私密金鑰;再例如,如果電子文檔來自第二業務平台,可以經由第一私人網路將雜湊值發送給協力廠商認證中心(例如,CA中心),由協力廠商認證中心藉由 使用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密,之後經由第一私人網路將加密後的雜湊值返還給簽章伺服器;再例如,如果電子文檔來自第三業務平台,可以將雜湊值、簽章伺服器和協力廠商金融平台之間設定的第二秘鑰經由第二私人網路發送給第三業務平台的加密機,由第三業務平台藉由加密機採用雙方設定的第二秘鑰對雜湊值進行加密,之後,第三業務平台再將加密後的雜湊值返回給簽章伺服器。藉由對不同來源的電子文檔採用不同的加密方式對雜湊值進行加密,還可以滿足個性化的業務需求。 In step 102, in an embodiment, the encryption method for the hash value may be determined according to the source of the electronic document. For example, if the electronic document is from the first service platform, the encryption machine may be set in the signature server by encrypting. The first key of the machine (also known as the primary key, MainKey) to encrypt the private key in the digital certificate; for example, if the electronic document is from the second service platform, the hash value can be sent to the third private network. The vendor certification authority (for example, the CA center) encrypts the hash value by the third-party network by using the private key corresponding to the public key in the digital certificate, and then encrypts the hash by the first private network. The value is returned to the signature server; for example, if the electronic document is from the third service platform, the second key set between the hash value, the signature server, and the third party financial platform can be sent to the second private network. The encryption machine of the three service platforms, the third service platform encrypts the hash value by using the second key set by both parties by the encryption machine, and then the third industry Hash value is returned to the signature server platform then encrypted. The hash value can be encrypted by using different encryption methods for electronic documents from different sources to meet personalized business needs.

在步驟103中,在一實施例中,可以從相應的業務平台(第一業務平台、第二業務平台、第三業務平台)獲取相應的電子簽章的圖片,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中的合成方式可以參見現有技術的相關描述,在此不再詳述。 In step 103, in an embodiment, the corresponding electronic signature image can be obtained from the corresponding service platform (the first service platform, the second service platform, and the third service platform), and the encrypted hash value and digit are obtained. For the synthesis of the picture of the voucher and the electronic signature into the electronic document, refer to the related description of the prior art, which will not be described in detail herein.

如圖1B所示,合成在電子文檔上的電子簽章為“AB公司”,當監聽到“AB公司”的電子簽章上的點擊事件時,顯示圖1C所示的數位憑證的相關資訊,由於數位憑證是經由協力廠商認證中心獲取到的,因此可以使使用者藉由數位憑證驗證電子簽章的真偽性。 As shown in FIG. 1B, the electronic signature synthesized on the electronic document is “AB Company”, and when the click event on the electronic signature of “AB Company” is monitored, the related information of the digital certificate shown in FIG. 1C is displayed. Since the digital certificate is obtained through the third-party certification center, the user can verify the authenticity of the electronic signature by using a digital certificate.

由上述描述可知,本發明實施例藉由步驟S101-S103實現了網際網路簽章的模式,解決了現有技術中的U盾簽章方案實施成本高的問題,降低了用戶成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔 上,提升了電子簽章的安全性和公信力。 It can be seen from the above description that the embodiment of the present invention implements the mode of the Internet signature by the steps S101-S103, and solves the problem of high implementation cost of the U shield signature scheme in the prior art, and reduces the user cost by using The hash value encryption and the integration of the encrypted hash value and digital certificate into the electronic document enhance the security and credibility of the electronic signature.

圖2A示出了根據本發明的另一示例性實施例的實現電子簽章的方法的流程示意圖,圖2B示出了根據本發明的另一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔來自第一業務平台提供為例進行示例性說明。如圖2A所,實現電子簽章的方法包括如下步驟:步驟201,確定待簽章的電子文檔的雜湊值;步驟202,獲取數位憑證以及數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰經過加密的;步驟203,對經過加密的私密金鑰進行解密;步驟204,採用解密後的私密金鑰對雜湊值進行加密;步驟205,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 2A shows a flow diagram of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention, and FIG. 2B illustrates a scenario of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention. The embodiment is exemplified by taking an electronic document from the first service platform as an example. As shown in FIG. 2A, the method for implementing an electronic signature includes the following steps: Step 201, determining a hash value of an electronic document to be signed; Step 202, acquiring a digital certificate and a private key corresponding to the public key in the digital certificate, The private key is encrypted; in step 203, the encrypted private key is decrypted; in step 204, the decrypted private key is used to encrypt the hash value; in step 205, the encrypted hash value and the digital certificate are encrypted. The images of the electronic signature are combined into an electronic document.

上述步驟201的描述可以參見上述步驟101的相關描述,在此不再詳述。 For the description of the foregoing step 201, refer to the related description of the foregoing step 101, which will not be described in detail herein.

在步驟202至步驟204中,在一實施例中,可以從雲端資料庫獲取數位憑證和經過加密的私密金鑰,其中,可以藉由簽章伺服器上的加密機的第一秘鑰(也可稱為主秘鑰)對與數位憑證中的公開金鑰相對應的私密金鑰進行加密,之後儲存在雲端資料庫中,在需要時在對儲存在雲端資料庫的經過加密的私密金鑰進行解密。在另一實施例中,雲端資料庫可以儲存有海量的數位憑證和與數位憑證中的公開金鑰相對應的私密金鑰,從而實現對大量數位憑 證和與數位憑證中的公開金鑰相對應的私密金鑰的安全存諸。 In step 202 to step 204, in an embodiment, the digital certificate and the encrypted private key may be obtained from the cloud database, wherein the first key of the encryption machine on the signature server may be used (also The primary key is encrypted by encrypting the private key corresponding to the public key in the digital certificate, and then stored in the cloud database, and decrypting the encrypted private key stored in the cloud database when needed. . In another embodiment, the cloud database can store a large number of digital certificates and a private key corresponding to the public key in the digital certificate, thereby implementing a large number of digital certificates and corresponding to the public key in the digital certificate. The security of the private key is stored.

上述步驟205的描述可以參見上述步驟103的相關描述,在此不再詳述。 For the description of the foregoing step 205, refer to the related description of the foregoing step 103, and details are not described herein.

作為一個示例性場景,如圖2B所示,簽章伺服器22從協力廠商認證中心21發明了數位憑證,藉由簽章伺服器22本地的加密機(圖中未示)的第一秘鑰來加密與數位憑證中的公開金鑰相對應的私密金鑰,將加密後的私密金鑰和數位憑證儲存至雲端資料庫23中。簽章伺服器22從第一業務平台24獲取到需要進行電子簽章的電子文檔,採用雜湊演算法提取電子文檔的雜湊值,從雲端資料庫23獲取數位憑證和經過加密的私密金鑰,連同雜湊值一起傳送到簽章伺服器22本地的加密機中,在簽章伺服器22本地的加密機中對與數位憑證中的公開金鑰相對應的私密金鑰進行解密,得到與數位憑證中的公開金鑰相對應的私密金鑰,加密機再對雜湊值採用該私密金鑰進行加密,最後,簽章伺服器22將加密後的雜湊值、數位憑證和電子簽章合成到電子文檔上,進而可以將電子文檔提供給使用者。由於藉由第一秘鑰對與數位憑證中的公開金鑰相對應的私密金鑰進行解密,以及藉由與數位憑證公開金鑰相對應的私密金鑰對雜湊值加密的過程都在簽章伺服器的加密機的內部處理,因此確保了與數位憑證中的公開金鑰相對應的私密金鑰在使用過程的安全。 As an exemplary scenario, as shown in FIG. 2B, the signature server 22 invents a digital certificate from the third vendor certification center 21, by means of the first key of the local encryption machine (not shown) of the signature server 22. The private key corresponding to the public key in the digital certificate is encrypted, and the encrypted private key and digital certificate are stored in the cloud database 23. The signature server 22 obtains the electronic document that needs to be electronically signed from the first service platform 24, extracts the hash value of the electronic document by using the hash algorithm, and acquires the digital certificate and the encrypted private key from the cloud database 23, The hash value is transmitted to the encryption machine local to the signature server 22, and the private key corresponding to the public key in the digital certificate is decrypted in the encryption machine local to the signature server 22, and obtained in the digital certificate. The public key corresponding to the public key, the encryption machine encrypts the hash value by using the private key. Finally, the signature server 22 synthesizes the encrypted hash value, digital certificate and electronic signature onto the electronic document. In turn, an electronic document can be provided to the user. Since the private key corresponding to the public key in the digital certificate is decrypted by the first key, and the hash key is encrypted by the private key corresponding to the digital certificate public key, the signature servo is used in the signature servo. The internal processing of the encryptor of the device ensures that the private key corresponding to the public key in the digital certificate is secure during use.

本實施例中,由於在雲端資料庫儲存了數位憑證和加 密後的私密金鑰,在需要對電子文檔進行電子簽章時,從雲端資料庫獲取數位憑證和數位憑證的加密後的私密金鑰,可以避免現有技術中在協力廠商認證中心的加密機只能保存有限數量的與數位憑證中的公開金鑰相對應的私密金鑰,從而可以支援網際網路簽章的大資料量和高併發的特性,並確保了與數位憑證中的公開金鑰相對應的私密金鑰的安全性。 In this embodiment, since the digital certificate and the encrypted private key are stored in the cloud database, when the electronic document needs to be electronically signed, the encrypted private key of the digital certificate and the digital certificate is obtained from the cloud database. In the prior art, the encryption machine in the third-party certification center can only save a limited number of private keys corresponding to the public key in the digital certificate, thereby supporting the large amount of data and high concurrency of the Internet signature. The characteristics and ensure the security of the private key corresponding to the public key in the digital certificate.

圖3A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖,圖3B示出了根據本發明的又一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔由第二業務平台提供進行示例性說明。如圖3A所示,實現電子簽章的方法包括如下步驟:步驟301,確定待簽章的電子文檔的雜湊值;步驟302,將電子文檔的雜湊值經由第一私人網路發送給協力廠商認證中心,其中,協力廠商認證中心用於產生數位憑證並採用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密;步驟303,經由第一私人網路接收來自協力廠商認證中心加密後的雜湊值;步驟304,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 FIG. 3A illustrates a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention, and FIG. 3B illustrates a scenario of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention. FIG. 1 is an exemplary illustration of an electronic document provided by a second service platform. As shown in FIG. 3A, the method for implementing an electronic signature includes the following steps: Step 301: determining a hash value of an electronic document to be signed; and step 302, transmitting a hash value of the electronic document to a third party through a first private network. a center, wherein the third-party certification center is configured to generate the digital certificate and encrypt the hash value by using a private key corresponding to the public key in the digital certificate; and step 303, receiving the encryption from the third-party private network through the first private network After the hash value; step 304, the encrypted hash value, the digital certificate and the electronic signature picture are synthesized into the electronic document.

上述步驟301的描述可以參見上述步驟101的相關描述,在此不再詳述。 For the description of the foregoing step 301, refer to the related description of step 101 above, and details are not described herein.

在步驟302和步驟303中,在一實施例中,第一私人 網路可以為連接在簽章伺服器和認證中心的專用通信網路,在該專用通信網路中未接入其他設備,經由第一私人網路傳輸雜湊值和加密後的雜湊值,可以確保雜湊值的安全性。 In step 302 and step 303, in an embodiment, the first private network may be a dedicated communication network connected to the signature server and the authentication center, and no other devices are connected in the dedicated communication network. The first private network transmits the hash value and the encrypted hash value to ensure the security of the hash value.

上述步驟304的描述可以參見上述步驟103的相關描述,在此不再詳。 For the description of the foregoing step 304, refer to the related description of the foregoing step 103, which is not detailed here.

作為一個示例性場景,如圖3B所示,簽章伺服器31與協力廠商認證中心32聯合簽章。在聯合簽章過程中,簽章伺服器31藉由雜湊演算法提取電子文檔的雜湊值,簽章伺服器31經由第一私人網路將雜湊值發送給協力廠商認證中心32,由協力廠商認證中心32使用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密,之後,經由第一私人網路將加密後的雜湊值返回給簽章伺服器31,簽章伺服器31將加密後的雜湊值、數位憑證、電子簽章合成到電子文檔中,進而可以將電子文檔提供給使用者。 As an exemplary scenario, as shown in FIG. 3B, the signature server 31 is co-signed with the third-party certification authority 32. In the joint signature process, the signature server 31 extracts the hash value of the electronic document by the hash algorithm, and the signature server 31 sends the hash value to the third party certification center 32 via the first private network, which is authenticated by the third party. The center 32 encrypts the hash value using the private key corresponding to the public key in the digital certificate, and then returns the encrypted hash value to the signature server 31 via the first private network, and the signature server 31 The encrypted hash value, digital certificate, and electronic signature are combined into an electronic document, and the electronic document can be provided to the user.

本實施例中,將電子文檔的雜湊值經由第一私人網路發送給協力廠商認證中心,在協力廠商認證中心藉由與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密後,經由第一私人網路接收加密後的雜湊值,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,解決了現有技術中的U盾簽章方案實施成本高的問題,降低了使用者成本,藉由利用儲存在協力廠商認證中心的與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密, 再將數位憑證、加密後的雜湊值合成到電子文檔上,提升了電子簽章的公信力,同時,可以使電子文檔不出被洩漏至其它無關的企業,確保電子文檔的商業安全。 In this embodiment, the hash value of the electronic document is sent to the third-party private network to the third-party private network, and the hash value is encrypted in the third-party authentication center by the private key corresponding to the public key in the digital certificate. After receiving the encrypted hash value through the first private network, the encrypted hash value, the digital certificate and the electronic signature image are synthesized into the electronic document, which solves the high implementation cost of the U shield signature scheme in the prior art. The problem is that the user cost is reduced, and the hash value is encrypted by using the private key corresponding to the public key stored in the digital certificate of the third-party certificate authority, and then the digital certificate and the encrypted hash value are synthesized into On the electronic document, the credibility of the electronic signature is enhanced, and at the same time, the electronic document can be leaked to other unrelated businesses to ensure the commercial security of the electronic document.

圖4A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖,圖4B示出了根據本發明的又一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔來自第三業務平台提供為例進行示例性說明。如圖4A所示,實現電子簽章的方法包括如下步驟:步驟401,確定待簽章的電子文檔的雜湊值;步驟402,將電子文檔的雜湊值、第二秘鑰經由第二私人網路發送給協力廠商業務平台,其中,第二秘鑰為簽章伺服器和協力廠商業務平台之間預設的秘鑰或者共同協商的金鑰;步驟403,經由第二私人網路接收加密後的雜湊值;步驟404,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 4A shows a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention, and FIG. 4B illustrates a scenario of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention. FIG. 1 is an exemplary embodiment of an electronic document provided from a third service platform. As shown in FIG. 4A, the method for implementing an electronic signature includes the following steps: Step 401: determining a hash value of an electronic document to be signed; and step 402, sending a hash value of the electronic document and a second key through a second private network. To the third-party service platform, where the second key is a preset key or a mutually negotiated key between the signature server and the third-party service platform; and step 403, receiving the encrypted hash value via the second private network; Step 404, synthesizing the encrypted hash value, the digital certificate and the electronic signature into an electronic document.

上述步驟401的描述可以參見上述步驟101的相關描述,在此不再詳述。 For the description of the above step 401, refer to the related description of the above step 101, which will not be described in detail herein.

在步驟402和步驟403中,在一實施例中,第二私人網路可以為連接在簽章伺服器和協力廠商業務平台的專用通信網路,在該專用通信網路中未接入其他設備,經由第二私人網路傳輸雜湊值和加密後的雜湊值,可以確保雜湊值的安全性。在一實施例中,協力廠商業務平台可以為上 述實施例中的第一業務平台、第二業務平台、第三業務平台等能夠提供電子文檔的平台。 In step 402 and step 403, in an embodiment, the second private network may be a dedicated communication network connected to the signature server and the third-party service platform, and no other device is connected to the dedicated communication network. The hash value and the encrypted hash value are transmitted via the second private network to ensure the security of the hash value. In an embodiment, the third-party service platform may be a platform that can provide electronic documents, such as the first service platform, the second service platform, and the third service platform, in the foregoing embodiments.

上述步驟404的描述可以參見上述步驟103的相關描述,在此不再詳。 For the description of the above step 404, refer to the related description of the above step 103, which will not be described in detail herein.

作為一個示例性場景,如圖4B所示,簽章伺服器41從協力廠商業務平台42獲取電子文檔,採用雜湊演算法提取電子文檔的雜湊值,將雜湊值傳輸給協力廠商業務平台42的加密機,由協力廠商業務平台42的加密機藉由第二秘鑰對雜湊值進行加密,然後第三業務平台42將加密後的雜湊值返還給的簽章伺服器41,簽章伺服器41將加密後的雜湊值、數位憑證、電子簽章合成到電子文檔中,進而可以將電子文檔提供給使用者。 As an exemplary scenario, as shown in FIG. 4B, the signature server 41 acquires an electronic document from the third-party service platform 42, extracts the hash value of the electronic document using a hash algorithm, and transmits the hash value to the encryption of the third-party service platform 42. The encryption machine of the third party service platform 42 encrypts the hash value by the second key, and then the third service platform 42 returns the encrypted hash value to the signature server 41, and the signature server 41 encrypts. The subsequent hash value, digital certificate, and electronic signature are combined into an electronic document, and the electronic document can be provided to the user.

本實施例可以滿足協力廠商業務平台42要求保管與數位憑證中的公開金鑰相對應的私密金鑰的需求,提高了電子簽章方式的靈活性。 This embodiment can meet the requirement that the third-party service platform 42 requires the private key corresponding to the public key in the digital certificate to be stored, and the flexibility of the electronic signature mode is improved.

藉由上述實施例,可以在不同的業務場景中有著不同的電子簽章的適用方案,因此在發揮各種電子簽章的使用方案的優勢時,滿足了個性化的業務需求。 With the above embodiments, different electronic signature signature schemes can be used in different service scenarios, so that the personalized service requirements are satisfied when the advantages of various electronic signature usage schemes are exerted.

對應於上述的實現電子簽章的方法,本發明還提出了圖5所示的根據本發明的一示例性實施例的簽章伺服器的示意結構圖。請參考圖5,在硬體層面,該網路服務器包括處理器、內部匯流排、網路介面、記憶體以及非易失性記憶體,當然還可能包括其他業務所需要的硬體。處理器從非易失性記憶體中讀取對應的電腦程式到記憶體中然後 運行,在邏輯層面上形成實現電子簽章的裝置。當然,除了軟體實現方式之外,本發明並不排除其他實現方式,比如邏輯器件抑或軟硬體結合的方式等等,也就是說以下處理流程的執行主體並不限定於各個邏輯單元,也可以是硬體或邏輯器件。 Corresponding to the above-described method of implementing an electronic signature, the present invention also proposes a schematic configuration diagram of the signature server according to an exemplary embodiment of the present invention shown in FIG. 5. Referring to FIG. 5, on the hardware side, the network server includes a processor, an internal bus, a network interface, a memory, and non-volatile memory, and may of course include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then operates to form a device for implementing the electronic signature on the logical level. Of course, the present invention does not exclude other implementations, such as a logic device or a combination of software and hardware, etc., that is, the execution body of the following processing flow is not limited to each logical unit, and may also be used. It is a hardware or logic device.

圖6為根據本發明的一示例性實施例的實現電子簽章的裝置的結構示意圖;如圖6所示,該實現電子簽章的裝置可以包括:確定模組61、第一加密模組62、簽章合成模組63。其中:確定模組61,用於確定待簽章的電子文檔的雜湊值;第一加密模組62,用於對確定模組61確定的雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組63,用於將第一加密模組62加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 FIG. 6 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention; as shown in FIG. 6, the apparatus for implementing an electronic signature may include: a determining module 61 and a first encryption module 62. , signature synthesis module 63. The determining module 61 is configured to determine a hash value of the electronic document to be signed; the first encryption module 62 is configured to use the public key corresponding to the digital certificate in the hash value determined by the determining module 61. The private key is encrypted; the signature synthesizing module 63 is configured to synthesize the hash value, the digital certificate and the electronic signature image encrypted by the first encryption module 62 into the electronic document.

圖7為根據本發明的一示例性實施例的實現電子簽章的裝置的結構示意圖;如圖7所示,在上述圖6所示實施例的基礎上,第一加密模組62可包括:獲取單元621,用於獲取數位憑證以及與數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;解密單元622,用於對獲取單元獲621取到的經過加密的私密金鑰進行解密; 加密單元623,用於採用解密單元622解密後的私密金鑰對雜湊值進行加密。 FIG. 7 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention; as shown in FIG. 7, the first encryption module 62 may include: The obtaining unit 621 is configured to obtain a digital certificate and a private key corresponding to the public key in the digital certificate, the private key is encrypted; and the decrypting unit 622 is configured to encrypt the obtained unit 621. The private key is decrypted; the encryption unit 623 is configured to encrypt the hash value by using the secret key decrypted by the decryption unit 622.

在一實施例中,裝置還可包括:第二加密模組64,用於藉由第一秘鑰對與數位憑證中的公開金鑰相對應的私密金鑰進行加密;儲存模組65,用於儲存第二加密模組64加密後的私密金鑰和數位憑證。 In an embodiment, the apparatus may further include: a second encryption module 64, configured to encrypt the private key corresponding to the public key in the digital certificate by using the first key; the storage module 65, configured to: The private key and the digital certificate encrypted by the second encryption module 64 are stored.

在一實施例中,數位憑證和加密後的私密金鑰從雲端資料庫獲取。 In one embodiment, the digital credentials and the encrypted private key are obtained from the cloud repository.

在一實施例中,第一加密模組62可包括:第一發送單元624,用於將電子文檔的雜湊值經由第一私人網路發送給協力廠商認證中心,其中,協力廠商認證中心用於產生數位憑證並採用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密;第一接收單元625,用於經由第一私人網路接收來自協力廠商認證中心加密後的雜湊值。 In an embodiment, the first encryption module 62 may include: a first sending unit 624, configured to send the hash value of the electronic document to the third-party private network via the first private network, where the third-party authentication center is used by the third-party authentication center. The digital certificate is generated and the hash value is encrypted by using a private key corresponding to the public key in the digital certificate; the first receiving unit 625 is configured to receive the encrypted hash value from the third-party private network via the first private network.

在一實施例中,第一私人網路為連接在簽章伺服器和協力廠商認證中心的專用通信網路。 In one embodiment, the first private network is a dedicated communication network that is connected to the Signature Server and the third-party certification authority.

在一實施例中,裝置還可包括:發送模組66,用於將電子文檔的雜湊值、第二秘鑰經由第二私人網路發送給協力廠商業務平台,其中,第二秘鑰為簽章伺服器和協力廠商業務平台之間預設的秘鑰;接收模組67,用於經由第二私人網路接收來自協力廠商認證中心加密後的雜湊值。 In an embodiment, the device may further include: a sending module 66, configured to send the hash value and the second key of the electronic document to the third-party private network to the third-party private network, where the second key is the signature server. The preset key between the device and the third-party service platform; the receiving module 67 is configured to receive the encrypted hash value from the third-party private network through the second private network.

上述實施例可見,可以在不同的業務場景中有著不同的電子簽章的適用方案,因此在發揮各種電子簽章的使用方案的優勢時,滿足了個性化業務需求。 The above embodiments can be seen that different electronic signatures can be applied in different service scenarios. Therefore, when the advantages of various electronic signatures are utilized, the personalized service requirements are met.

本領域技術人員在考慮說明書及實踐這裡公開的發明後,將容易想到本發明的其它實施方案。本發明旨在涵蓋本發明的任何變型、用途或者適應性變化,這些變型、用途或者適應性變化遵循本發明的一般性原理並包括本發明未公開的本技術領域中的公知常識或慣用技術手段。說明書和實施例僅被視為示例性的,本發明的真正範圍和精神由下面的申請專利範圍指出。 Other embodiments of the invention will be apparent to those skilled in the <RTIgt; The present invention is intended to cover any variations, uses, or adaptations of the present invention, which are in accordance with the general principles of the invention and include common general knowledge or common technical means in the art that are not disclosed in the present invention. . The specification and examples are to be regarded as illustrative only, and the true scope and spirit of the invention

還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個......”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。 It is also to be understood that the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, Other elements not explicitly listed, or elements that are inherent to such a process, method, commodity, or equipment. An element defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device including the element.

以上所述僅為本發明的較佳實施例而已,並不用以限制本發明,凡在本發明的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本發明保護的範圍之內。 The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalents, improvements, etc., which are made within the spirit and principles of the present invention, should be included in the present invention. Within the scope of protection.

Claims (18)

一種實現電子簽章的方法,其特徵在於,應用於簽章伺服器上,所述方法包括:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。  A method for implementing an electronic signature, characterized in that it is applied to a signature server, the method comprising: determining a hash value of an electronic document to be signed; and using the public key in the digital certificate for the hash value The corresponding private key is encrypted; the encrypted hash value, the digital certificate and the electronic signature picture are synthesized into the electronic document.   根據申請專利範圍第1項所述的方法,其中,所述對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,包括:獲取數位憑證以及與所述數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;對所述經過加密的私密金鑰進行解密;採用所述解密後的私密金鑰對所述雜湊值進行加密。  The method of claim 1, wherein the encrypting the hash value with a private key corresponding to a public key in the digital certificate comprises: acquiring a digital certificate and the digital certificate The private key corresponding to the public key, the private key is encrypted; the encrypted private key is decrypted; and the hash value is encrypted by using the decrypted private key.   根據申請專利範圍第2項所述的方法,其中,所述方法還包括:藉由第一秘鑰對所述私密金鑰進行加密;儲存所述數位憑證和加密後的私密金鑰。  The method of claim 2, wherein the method further comprises: encrypting the private key by a first key; storing the digital certificate and the encrypted private key.   根據申請專利範圍第2項所述的方法,其中,所述數位憑證和所述經過加密的私密金鑰從雲端資料庫獲取。  The method of claim 2, wherein the digital voucher and the encrypted private key are obtained from a cloud repository.   根據申請專利範圍第1項所述的方法,其中,所述對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,包括: 將所述電子文檔的所述雜湊值經由第一私人網路發送給協力廠商認證中心,其中,所述協力廠商認證中心用於產生所述數位憑證並採用與所述數位憑證中的公開金鑰相對應的私密金鑰對所述雜湊值加密;經由所述第一私人網路接收來自所述協力廠商認證中心加密後的所述雜湊值。  The method of claim 1, wherein the encrypting the hash value with a private key corresponding to a public key in the digital certificate comprises: placing the hash of the electronic document The value is sent to the third-party private network via the first private network, wherein the third-party certificate authority is configured to generate the digital certificate and adopt a private key pair corresponding to the public key in the digital certificate The hash value is encrypted; the hash value encrypted from the third vendor authentication center is received via the first private network.   根據申請專利範圍第5項所述的方法,其中,所述第一私人網路為連接在所述簽章伺服器和所述協力廠商認證中心的專用通信網路。  The method of claim 5, wherein the first private network is a dedicated communication network connected to the signature server and the third-party certification authority.   一種實現電子簽章的方法,其特徵在於,應用於簽章伺服器上,所述方法包括:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述協力廠商業務平台,所述第二秘鑰為所述簽章伺服器和所述協力廠商業務平台之間預設的秘鑰;在所述協力廠商業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收加密後的雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。  A method for implementing an electronic signature, characterized in that it is applied to a signature server, the method comprising: determining a hash value of an electronic document to be signed; and using the hash value and the second key of the electronic document Transmitting to the third-party private network to the third-party service platform, where the second key is a preset key between the signature server and the third-party service platform; After the second key encrypts the hash value, receiving the encrypted hash value via the second private network; synthesizing the encrypted hash value, the digital certificate, and the electronic signature picture into the electronic In the documentation.   根據申請專利範圍第9項所述的方法,其中,所述第二私人網路為連接在簽章伺服器和所述第三業務平台的專用通信網路。  The method of claim 9, wherein the second private network is a dedicated communication network connected to the signature server and the third service platform.   一種實現電子簽章的裝置,其特徵在於,所述裝置 包括:確定模組,用於確定待簽章的電子文檔的雜湊值;第一加密模組,用於對所述確定模組確定的所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組,用於將所述第一加密模組加密後的所述雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。  An apparatus for implementing an electronic signature, the apparatus comprising: a determining module, configured to determine a hash value of an electronic document to be signed; and a first encryption module, configured to determine the determining module The hash value is encrypted by using a private key corresponding to the public key in the digital certificate; the signature synthesis module is configured to encrypt the hash value and the digital certificate after the first encryption module is encrypted. And a picture of the electronic signature is synthesized into the electronic document.   根據申請專利範圍第9項所述的裝置,其中,所述第一加密模組包括:獲取單元,用於獲取數位憑證以及與所述數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;解密單元,用於對所述獲取單元獲取到的所述經過加密的私密金鑰進行解密;加密單元,用於採用所述解密單元解密後的所述私密金鑰對所述雜湊值進行加密。  The device of claim 9, wherein the first encryption module comprises: an obtaining unit, configured to acquire a digital certificate and a private key corresponding to the public key in the digital certificate, The private key is encrypted; a decryption unit is configured to decrypt the encrypted private key acquired by the obtaining unit; and an encryption unit is configured to use the private key decrypted by the decryption unit The hash value is encrypted.   根據申請專利範圍第10項所述的裝置,其中,所述裝置還包括:第二加密模組,用於藉由第一秘鑰對與所述數位憑證中的公開金鑰相對應的私密金鑰進行加密;儲存模組,用於儲存所述數位憑證和與所述數位憑證中的公開金鑰相對應的私密金鑰。  The device of claim 10, wherein the device further comprises: a second encryption module, configured to, by the first key pair, a private key corresponding to the public key in the digital certificate Encrypting; storing a module for storing the digital certificate and a private key corresponding to the public key in the digital certificate.   根據申請專利範圍第10項所述的裝置,其中,所 述數位憑證和所述加密後的私密金鑰從雲端資料庫獲取。  The device of claim 10, wherein the digital voucher and the encrypted private key are obtained from a cloud repository.   根據申請專利範圍第9項所述的裝置,其中,所述第一加密模組包括:第一發送單元,用於將所述電子文檔的所述雜湊值經由第一私人網路發送給所述協力廠商認證中心,其中,所述協力廠商認證中心用於產生所述數位憑證並採用與所述數位憑證中的公開金鑰相對應的私密金鑰對所述雜湊值加密;第一接收單元,用於經由所述第一私人網路接收來自所述協力廠商認證中心加密後的所述雜湊值。  The device of claim 9, wherein the first encryption module comprises: a first sending unit, configured to send the hash value of the electronic document to the a third-party authentication center, wherein the third-party certificate authority is configured to generate the digital certificate and encrypt the hash value by using a private key corresponding to the public key in the digital certificate; the first receiving unit, And the receiving, by the first private network, the hash value after being encrypted from the third-party authentication center.   根據申請專利範圍第13項所述的裝置,其中,所述第一私人網路為連接在所述簽章伺服器和所述協力廠商認證中心的專用通信網路。  The device of claim 13, wherein the first private network is a dedicated communication network connected to the signature server and the third-party certification authority.   根據申請專利範圍第9項所述的裝置,其中,所述裝置還包括:發送模組,用於將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述第三業務平台,所述第二秘鑰為所述簽章伺服器和所述協力廠商業務平台之間預設的秘鑰;接收模組,用於經由所述第二私人網路接收來自所述協力廠商認證中心加密後的所述雜湊值。  The device of claim 9, wherein the device further comprises: a transmitting module, configured to send the hash value and the second key of the electronic document to the a third service platform, where the second key is a preset key between the signature server and the third-party service platform; and the receiving module is configured to receive the cooperation from the second private network. The hash value after the vendor certificate authority encrypts.   根據申請專利範圍第15項所述的裝置,其中,所述第二私人網路為連接在簽章伺服器和所述第三業務平台的專用通信網路。  The device of claim 15, wherein the second private network is a dedicated communication network connected to the signature server and the third service platform.   一種簽章伺服器,其特徵在於,所述簽章伺服器包括:處理器;用於儲存處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將加密後的所述雜湊值、所述數位憑證和電子簽章的圖片合成到所述電子文檔中。  A signature server, wherein the signature server comprises: a processor; a memory for storing processor executable instructions; wherein the processor is configured to: determine an electronic document to be signed a hash value; encrypting the hash value with a private key corresponding to the public key in the digital certificate; synthesizing the encrypted hash value, the digital certificate, and the electronic signature picture into the In the electronic document.   一種簽章伺服器,其特徵在於,所述簽章伺服器包括:處理器;用於儲存處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述協力廠商業務平台,所述第二秘鑰由所述簽章伺服器和所述協力廠商業務平台之間預設的秘鑰;在所述協力廠商業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。  A signature server, wherein the signature server comprises: a processor; a memory for storing processor executable instructions; wherein the processor is configured to: determine an electronic document to be signed a hash value, the hash value of the electronic document, and the second key are sent to the third-party private network via the second private network, where the second key is used by the signature server and the third-party manufacturer a preset key between the service platforms; after the third vendor key encrypts the hash value by using the second secret key, the encrypted hash value is received by the second private network; The encrypted hash value, digital voucher, and electronic signature picture are synthesized into the electronic document.  
TW106101918A 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server TWI734729B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106101918A TWI734729B (en) 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106101918A TWI734729B (en) 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server

Publications (2)

Publication Number Publication Date
TW201828642A true TW201828642A (en) 2018-08-01
TWI734729B TWI734729B (en) 2021-08-01

Family

ID=63960512

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106101918A TWI734729B (en) 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server

Country Status (1)

Country Link
TW (1) TWI734729B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11075763B2 (en) 2019-02-15 2021-07-27 International Business Machines Corporation Compute digital signature authentication sign with encrypted key instruction
US11108567B2 (en) 2019-02-15 2021-08-31 International Business Machines Corporation Compute digital signature authentication verify instruction
CN113688360A (en) * 2020-05-18 2021-11-23 天逸财金科技服务股份有限公司 Distributed digital signature processing method and system thereof
US11303456B2 (en) 2019-02-15 2022-04-12 International Business Machines Corporation Compute digital signature authentication sign instruction

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200937929A (en) * 2008-02-20 2009-09-01 Jie Chen Method of using digital signature code for verifying the authenticity of physical object
TWI593267B (en) * 2015-12-17 2017-07-21 國立清華大學 Certificateless public key management method with timestamp verification
KR102523416B1 (en) * 2017-09-28 2023-04-19 삼성전자주식회사 Security Device providing Security function for image, Camera Device having the same and System on Chip controlling Camera Device
TWM575150U (en) * 2018-11-19 2019-03-01 歐生全科技股份有限公司 Multi-function authentication device
TWI695293B (en) * 2019-03-29 2020-06-01 天逸財金科技服務股份有限公司 Method, system and server for protection mechanism of digital signature certificate

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11075763B2 (en) 2019-02-15 2021-07-27 International Business Machines Corporation Compute digital signature authentication sign with encrypted key instruction
US11108567B2 (en) 2019-02-15 2021-08-31 International Business Machines Corporation Compute digital signature authentication verify instruction
TWI743654B (en) * 2019-02-15 2021-10-21 美商萬國商業機器公司 Computer program product, computer system and computer implement method for compute digital signature authentication verify instruction
US11303456B2 (en) 2019-02-15 2022-04-12 International Business Machines Corporation Compute digital signature authentication sign instruction
CN113688360A (en) * 2020-05-18 2021-11-23 天逸财金科技服务股份有限公司 Distributed digital signature processing method and system thereof
TWI778361B (en) * 2020-05-18 2022-09-21 天逸財金科技服務股份有限公司 Distributed digital signature processing method and system
CN113688360B (en) * 2020-05-18 2024-02-09 天逸财金科技服务股份有限公司 Distributed digital signature processing method and system thereof

Also Published As

Publication number Publication date
TWI734729B (en) 2021-08-01

Similar Documents

Publication Publication Date Title
WO2017024934A1 (en) Electronic signing method, device and signing server
EP3847565B1 (en) Methods and devices for managing user identity authentication data
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US20210367795A1 (en) Identity-Linked Authentication Through A User Certificate System
US10826701B2 (en) Providing low risk exceptional access
US11363454B2 (en) Providing low risk exceptional access with verification of device possession
TW201801000A (en) Offline payment method and device
KR101985179B1 (en) Blockchain based id as a service
WO2019098895A1 (en) Method and arrangement for detecting digital content tampering
CN109509099B (en) Data transaction method and device, computing equipment and storage medium
TWI734729B (en) Method and device for realizing electronic signature and signature server
CN112995144A (en) File processing method and system, readable storage medium and electronic device
US11356427B1 (en) Signcrypted envelope message
JP2013157777A (en) Information processing system and information processing method
WO2017107642A1 (en) Text processing method, apparatus and system for secure input method
JP2009212747A (en) Electronic signature system
KR20140127491A (en) Method for managing fax data received through network and apparatus using the same
TWM508733U (en) Authentication system of electronic insurance policy
SG193666A1 (en) Method and appratus for protecting digital documents and images with pki and document rendering
WO2016074124A1 (en) A system and method for facilitating a financial transaction between a payer and a payee
JP2020046977A (en) Distribution management system, distribution management program and distribution management method