TW201942783A - Confidential signature method and notarization method for one-origin-multiple-copies document to use a private key corresponding to any one of the public keys to decrypt the corresponding variable document key ciphertext to acquire the variable document key - Google Patents

Confidential signature method and notarization method for one-origin-multiple-copies document to use a private key corresponding to any one of the public keys to decrypt the corresponding variable document key ciphertext to acquire the variable document key Download PDF

Info

Publication number
TW201942783A
TW201942783A TW107110455A TW107110455A TW201942783A TW 201942783 A TW201942783 A TW 201942783A TW 107110455 A TW107110455 A TW 107110455A TW 107110455 A TW107110455 A TW 107110455A TW 201942783 A TW201942783 A TW 201942783A
Authority
TW
Taiwan
Prior art keywords
key
electronic device
encrypted
data packet
notarized
Prior art date
Application number
TW107110455A
Other languages
Chinese (zh)
Other versions
TWI675312B (en
Inventor
吳右任
Original Assignee
雲想科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 雲想科技股份有限公司 filed Critical 雲想科技股份有限公司
Priority to TW107110455A priority Critical patent/TWI675312B/en
Application granted granted Critical
Publication of TWI675312B publication Critical patent/TWI675312B/en
Publication of TW201942783A publication Critical patent/TW201942783A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A confidential signature method for a one-origin-multiple-copies document is applicable to transmission of an encrypted document among n electronic devices, and mainly comprises loading the data packets transmitted from a previous electronic device, wherein the data packets include the encrypted document and n variable document key ciphertexts. The encrypted document includes the digital information that is decryptable by a variable document key. The variable document key ciphertexts are generated by encrypting the variable document key with n public keys, one of the public key is from a first electronic device. Then, a private key corresponding to any one of the public keys is used to decrypt the corresponding variable document key ciphertext to acquire the variable document key. Then the variable document key is used to decrypt the encrypted document to obtain the digital information of the encrypted document. As a result, only a user who makes the setting could use the private key to acquire the variable document key for decrypting the encrypted document, this enables the protection of privacy and security, and also allows the encrypted document to be a completely identical document transmitted or duplicated among multiple persons, while a user who does not make the setting, even acquiring one copy, cannot proceed with encryption, thereby easing the document keeping and circulation.

Description

一式多份之文件的保密簽署方法及公證方法Confidential signature method and notarization method for multiple documents

本發明是有關於一種文件的保密簽署方法,特別是指一種一式多份之文件的保密簽署方法及公證方法。The present invention relates to a method for confidentially signing a document, and more particularly to a method for confidentially signing and notarizing multiple documents.

隨著科技的進步,及網路的普及,數位資訊不但容易被複製、傳播,且資料安全受到嚴重的威脅。因此,數位資訊的加密技術,在資訊界佔有相當重要的位置,受到各國的重視。With the advancement of technology and the popularization of the Internet, digital information is not only easily copied and transmitted, but also the security of data is seriously threatened. Therefore, the encryption technology of digital information occupies a very important position in the information industry, and has been valued by various countries.

「加密演算法」主要分為對稱加密演算法、非對稱加密演算法二種,其中:"Encryption algorithms" are mainly divided into symmetric encryption algorithms and asymmetric encryption algorithms, of which:

對稱加密演算法:加密金鑰與解密金鑰相同,只有掌握了和傳送方相同金鑰的人才能解密加密的密文資料。惟,對稱加密演算法之金鑰的傳輸過程必須絕對的安全,因此金鑰的傳輸管道勢必不能在未加密的情況下與密文的傳輸管道(如網路) 相同,否則攻擊者只須在傳輸過程中竊取金鑰及密文,加上本身就是公開的演算法,加密就變成毫無意義的工作了。Symmetric encryption algorithm: The encryption key is the same as the decryption key. Only those who have the same key as the sender can decrypt the encrypted ciphertext data. However, the transmission process of the key of the symmetric encryption algorithm must be absolutely secure, so the transmission channel of the key must not be the same as the transmission channel of the ciphertext (such as the network) without encryption. Otherwise, the attacker only needs to Stealing keys and ciphertext during transmission, plus public algorithms in itself, makes encryption a meaningless task.

非對稱加密演算法:加密變動金鑰密文與解密變動金鑰密文不同,其中一把可以向他人公開的稱為『公鑰』,另一把必須自己保存且不可公開的稱為『私鑰』,由於免除了傳遞金鑰的困擾,因此,即使中途被截取,也無法揭露密文的內容,可說是解決了對稱式加密法長久以來的問題。然而,每一個密文或該密文的複制文件只有一個特定人可以解密,密文無法在多人間傳遞,而形成使用上的障礙。Asymmetric encryption algorithm: Encrypting the changed key ciphertext is different from decrypting the changed key ciphertext, one of which can be disclosed to others is called a "public key", and the other one that must be kept by itself and not public is called "private." "Key", because it avoids the trouble of transferring the key, so even if intercepted midway, the content of the ciphertext cannot be revealed, which can be said to solve the long-standing problem of symmetric encryption. However, each ciphertext or a copy of the ciphertext can only be decrypted by a specific person, and the ciphertext cannot be transmitted between multiple persons, thus forming an obstacle in use.

因此,本發明的主要目的,即在提供一種能夠確保隱私與安全性,且加密文件可以在多人間傳遞的一式多份之文件的保密簽署方法。Therefore, the main object of the present invention is to provide a method for confidentially signing multiple documents in one or more types, which can ensure privacy and security, and that encrypted documents can be transmitted between multiple persons.

本發明的另一目的,即在提供一種能夠作不可否認性及不可修改性之內容公證的一式多份之文件的公證方法。Another object of the present invention is to provide a notarization method for multiple documents that can be used for notarization of non-repudiation and unmodifiable content.

於是,本發明一式多份之文件的保密簽署方法,適用於在一傳送端與至少一接收端間傳送加密文件,該接收端通過一應用程式實現以下步驟: 步驟a:載入一數據封包,該數據封包包括該加密文件,及n個變動金鑰密文,該加密文件具有能夠被一變動金鑰解密的數位資訊,該等變動金鑰密文由n個公鑰分別加密該變動金鑰所產生,n≥2,且其中一公鑰來自於第1個電子裝置。 步驟b:以對應步驟a之其中一公鑰的一私鑰解密由該公鑰加密的變動金鑰密文,而獲得該變動金鑰。 步驟c:以步驟b所獲得的變動金鑰解密該加密文件,獲得該加密文件之數位資訊。Therefore, the method for confidentially signing multiple documents of the present invention is suitable for transmitting an encrypted document between a transmitting end and at least one receiving end, and the receiving end implements the following steps through an application program: Step a: Loading a data packet, The data packet includes the encrypted file and n changed key ciphertexts, the encrypted file has digital information that can be decrypted by a changed key, and the changed key ciphertexts are encrypted by the n public keys respectively. The result is n≥2, and one of the public keys comes from the first electronic device. Step b: Decrypt the modified key ciphertext encrypted by the public key with a private key corresponding to one of the public keys in step a to obtain the changed key. Step c: Decrypt the encrypted file with the changed key obtained in step b to obtain digital information of the encrypted file.

一種一式多份之文件的公證方法,由一公證裝置通過一應用程式實現以下步驟: 步驟y1:接收數據封包; 步驟y2:以一公證公鑰加密步驟y1的數據封包,並產生一公證密文; 步驟y3:產生包括步驟y1之數據封包,及步驟y2之公證密文的一公證封包;及 步驟y4:以對應該公證公鑰的一公證私鑰解密該公證封包,獲得前述數據封包。A notarization method for multiple documents is performed by a notarization device through an application program: Step y1: Receive a data packet; Step y2: Encrypt the data packet of step y1 with a notarized public key and generate a notarized cipher text Step y3: generating a notarized packet including the data packet of step y1 and the notarized cipher text of step y2; and step y4: decrypting the notarized packet with a notarized private key corresponding to the notarized public key to obtain the aforementioned data packet.

本發明之主要功效在於:只有設定的用戶,才能以個人的私鑰獲得解密該加密文件的變動金鑰,不但同樣能夠確保隱私與安全性,且加密文件可以是完全相同的一份文件在多人間傳遞或複製,且該加密文件即使由非設定用戶取得副本亦難以解密,而易於保存與流通,進而提升使用方便性、實用性並大褔降低管理的成本。The main effect of the present invention is that only the set user can obtain the changed key for decrypting the encrypted file with the personal private key. Not only can it ensure privacy and security, but the encrypted file can be exactly the same. It is transmitted or copied between people, and the encrypted file is difficult to decrypt even if it is obtained by a non-set user, and it is easy to save and circulate, thereby improving the convenience, practicality and greatly reducing the cost of management.

本發明之另一功效在於:在不知道數據封包之內容的情況下,對數據封包作不可否認性及不可修改性的內容公證。Another effect of the present invention is that the content of the data packet is notarized and cannot be modified without knowing the content of the data packet.

參閱圖1,本發明一式多份之文件的保密簽署方法的一第一實施例,適用於在n個電子裝置間傳送及接數加密文件21(如圖2),其中,第m個電子裝置為目前正被操作的電子裝置。該等電子裝置可以是電腦、個人數位助理、平板、智慧型手機…等等。該加密文件21可以是合約、聲明書、證明書、遺遺囑…等。以下為了方便說明,該等電子裝置1a、1b、1c的數量為3,即n=3,也可以是2,或4、5、6、7、8、9、10,或10以上,當不以此為限。Referring to FIG. 1, a first embodiment of a method for securely signing multiple documents in accordance with the present invention is suitable for transmitting and receiving encrypted files 21 (see FIG. 2) among n electronic devices, of which the mth electronic device Is an electronic device currently being operated. Such electronic devices may be computers, personal digital assistants, tablets, smartphones, etc. The encrypted file 21 may be a contract, a declaration, a certificate, a will, etc. For the convenience of description below, the number of these electronic devices 1a, 1b, and 1c is 3, that is, n = 3, and can also be 2, or 4, 5, 6, 7, 8, 9, 10, or more than 10, when not This is the limit.

參閱圖2、圖3與圖4,該等電子裝置1a、1b、1c分別屬於第一用戶、第二用戶、第三用戶,並分別擁用公開且用於加密之公鑰PublicKey1、PublicKey2、PublicKey3,及對應前述公鑰PublicKey1、PublicKey2、PublicKey3且用於解密之私鑰PrivateKey1、PrivateKey1、PrivateKey3。Referring to FIG. 2, FIG. 3, and FIG. 4, the electronic devices 1a, 1b, and 1c belong to the first user, the second user, and the third user, respectively, and each holds a public key PublicKey1, PublicKey2, and PublicKey3 for encryption And private keys PrivateKey1, PrivateKey1, PrivateKey3 corresponding to the aforementioned public keys PublicKey1, PublicKey2, PublicKey3 and used for decryption.

在該第一實施例中,第1個電子裝置1a是為加密文件21發起簽章的發送端,第2個電子裝置1b為接收端,同時,也是將加密文件21傳送給第3個電子裝置1c的發送端,第3個電子裝置1c為接收端,同時,也是將加密文件21回傳給第1個電子裝置1a與第2個電子裝置1b的發送端。該等電子裝置1a、1b、1c分別通過一應用程式實現以下步驟:In this first embodiment, the first electronic device 1a is the sending end that initiates the signature for the encrypted file 21, the second electronic device 1b is the receiving end, and at the same time, the encrypted file 21 is also transmitted to the third electronic device The sending end of 1c is the receiving end of the third electronic device 1c, and it is also the sending end of the encrypted file 21 returned to the first electronic device 1a and the second electronic device 1b. The electronic devices 1a, 1b, and 1c respectively implement the following steps through an application program:

[傳送端] :第1個電子裝置1a,以下參閱圖5,及圖2、圖3。[Transmitting end]: The first electronic device 1a, please refer to FIG. 5 and FIGS. 2 and 3 below.

步驟31:結合第一用戶之簽章訊息Sig1於該加密文件21的數位資訊中。Step 31: Combine the signature message Sig1 of the first user in the digital information of the encrypted file 21.

該加密文件21的數位資訊還具有一簽名流程訊息SigFlow。該簽名流程訊息SigFlow用於設定輸入簽章訊息之一簽名欄於該加密文件21中的位置、簽名者的帳號、簽名者的身分類型、簽名者身分驗證相關資訊、允許簽名者進行簽名的時間區間(例如2018年2月1日0分0秒~2018年2月3日0分0秒)、允許簽名者進行簽名的地理區間(例如以GPS之座標位置,設定地理區間)、允許簽名者簽名的裝置代碼(例如電子裝置的IMEI碼)、簽名者之簽名順序⋯⋯等等,使參與簽名的用戶能依上述簽名流程訊息SigFlow管控能進行簽名的人、事、時、地、物及順序過程,以提高安全性。The digital information of the encrypted file 21 also has a signature flow message SigFlow. The signature flow message SigFlow is used to set the position of one of the input signature messages in the encrypted file 21, the signer ’s account number, the signer ’s identity type, the signer ’s identity verification related information, and the time allowed for the signer to sign Intervals (for example, 0 minutes and 0 seconds on February 1, 2018 to 0 minutes and 0 seconds on February 3, 2018), geographic intervals that allow signers to sign (e.g., set geographic intervals with GPS coordinates), and allow signers The signed device code (such as the IMEI code of the electronic device), the signing sequence of the signer, etc., enables the user participating in the signature to control the person, event, time, place, property and signature that can perform the signature according to the above-mentioned signature flow message SigFlow Sequential process to improve security.

步驟32:以對稱加密演算法,產生一變動金鑰DocKey1。Step 32: Using a symmetric encryption algorithm, generate a variable key DocKey1.

步驟33:以第1個電子裝置1a的公鑰PublicKey1、第2個電子裝置1b的公鑰PublicKey2加密該變動金鑰DocKey1,並產生2個變動金鑰密文eDocKey1、eDocKey2。Step 33: Encrypt the modified key DocKey1 with the public key PublicKey1 of the first electronic device 1a and the public key PublicKey2 of the second electronic device 1b, and generate two modified key ciphertexts eDocKey1 and eDocKey2.

步驟34:以該變動金鑰DocKey1加密步驟31的加密文件21。Step 34: The encrypted file 21 in step 31 is encrypted with the changed key DocKey1.

步驟35:將步驟34的加密文件21與二個變動金鑰密文eDocKey1、eDocKey2結合成一數據封包2。Step 35: Combine the encrypted file 21 in step 34 with the two changed key ciphertexts eDocKey1 and eDocKey2 into a data packet 2.

步驟36:輸出該數據封包2。Step 36: Output the data packet 2.

[接收端]:第2個電子裝置1b,以下參閱圖6,及圖2~圖4。[Receiving end]: The second electronic device 1b, please refer to FIG. 6 and FIGS. 2 to 4 below.

步驟41:載入前一個電子裝置1a所傳送的數據封包2。由於前一個電子裝置是電子裝置1a,因此,該數據封包2包括該加密文件21,及2個變動金鑰密文eDocKey1、eDocKey2。Step 41: Load the data packet 2 transmitted by the previous electronic device 1a. Since the previous electronic device is the electronic device 1a, the data packet 2 includes the encrypted file 21, and two changed key ciphertexts eDocKey1 and eDocKey2.

步驟42:以該私鑰PrivateKey2解密由該公鑰PublicKey2加密的變動金鑰密文eDocKey2,而獲得該變動金鑰DocKey1。Step 42: The private key PrivateKey2 is used to decrypt the changed key ciphertext eDocKey2 encrypted by the public key PublicKey2 to obtain the changed key DocKey1.

步驟43:以步驟42所獲得的變動金鑰DocKey1解密該加密文件21,獲得該加密文件21之數位資訊。Step 43: Decrypt the encrypted file 21 with the modified key DocKey1 obtained in step 42 to obtain digital information of the encrypted file 21.

步驟44:結合第二用戶之簽章訊息Sig2於該加密文件21的數位資訊中。Step 44: Combine the signature information Sig2 of the second user in the digital information of the encrypted file 21.

步驟45:以對稱加密演算法,產生另一變動金鑰DocKey2。Step 45: Using a symmetric encryption algorithm, generate another variable key DocKey2.

步驟46:以步驟45的變動金鑰DocKey2加密步驟44的加密文件21。Step 46: The encrypted file 21 in step 44 is encrypted with the modified key DocKey2 in step 45.

步驟47:根據一選定訊號M判斷是否有下一個電子裝置1c需要簽署,如果是,進行步驟48,如果否,進行步驟50。Step 47: It is determined whether a next electronic device 1c needs to be signed according to a selected signal M. If yes, go to step 48. If no, go to step 50.

值得說明的是,前述選定訊號M來自於用戶使用該第2個電子裝置1b且通過該應用程式選定下一簽署用戶時所觸發的訊號,或是第一用戶(第一個簽署者)建立文件時,根據設定的簽名流程訊息SigFlow即己預先設定好對應不同用戶(不同文件簽署人)的每個簽署項,皆由各用戶(各簽署人)完成簽署時所觸發。It is worth noting that the aforementioned selected signal M comes from a signal triggered when the user uses the second electronic device 1b and selects the next signing user through the application, or the first user (the first signer) creates a document At the time, according to the set signature flow message SigFlow, each signing item corresponding to a different user (different document signer) has been set in advance, which is triggered when each user (each signer) completes signing.

步驟48:以第1個電子裝置1a的公鑰PublicKey1~第m個已接收該數據封包2之電子裝置的公鑰與下一個電子裝置的公鑰加密步驟45的變動金鑰DocKey2,產生m+1個變動金鑰密文。其中,m為目前做為接收端之電子裝置,且n≥2,m≦n。Step 48: The public key PublicKey1 of the first electronic device 1a ~ the public key of the m electronic device that has received the data packet 2 and the public key of the next electronic device are used to encrypt the changed key DocKey2 of step 45 to generate m + 1 change key ciphertext. Among them, m is an electronic device currently used as a receiving end, and n ≧ 2, and m ≦ n.

由於目前做為接收端之電子裝置為第2個電子裝置1b,因此,m=2,則已接收該收據封包之電子裝置有第1個電子裝置1a與第2個電子裝置1b,在本實施例中,n=3,所以,下一個電子裝置的公鑰為第3個電子裝置1c的公鑰PublicKey3,會與前述第1個電子裝置1a的公鑰PublicKey1、第2個電子裝置1b的公鑰PublicKey2加密步驟45的變動金鑰DocKey2後,產生3個變動金鑰密文eDocKey1、eDocKey2、eDocKey3。Because the current electronic device as the receiving end is the second electronic device 1b, so m = 2, the electronic device that has received the receipt packet includes the first electronic device 1a and the second electronic device 1b. In this implementation, In the example, n = 3, so the public key of the next electronic device is the public key PublicKey3 of the third electronic device 1c, which will be the same as the public key of the first electronic device 1a, PublicKey1, and the public key of the second electronic device 1b. After the public key 2 encrypts the modified key DocKey2 in step 45, three modified key ciphertexts eDocKey1, eDocKey2, and eDocKey3 are generated.

步驟49:輸出包括步驟46之加密文件21及步驟48之變動金鑰密文eDocKey1、eDocKey2、eDocKey3的數據封包2給下一個電子裝置1c。Step 49: Output the data packet 2 including the encrypted file 21 of step 46 and the changed key cipher text eDocKey1, eDocKey2, and eDocKey3 of step 48 to the next electronic device 1c.

步驟50:以n個電子裝置的公鑰加密步驟45的變動金鑰DocKey2,產生n個變動金鑰密文。Step 50: Encrypt the modified keys DocKey2 in step 45 with the public keys of the n electronic devices to generate n modified key ciphertexts.

步驟51:輸出包括步驟46之加密文件21及步驟50之變動金鑰密文eDocKey1、eDocKey2的數據封包2給前述第1個電子裝置1a~第m-1個電子裝置。Step 51: Output the data packet 2 including the encrypted file 21 of step 46 and the changed key cipher text eDocKey1 and eDocKey2 of step 50 to the aforementioned first electronic device 1a to the m-1 electronic device.

在本實施例中,n=3,對於第2個電子裝置1b而言,還有下一個電子裝置1c,因此,步驟50、步驟51並不成立,於此不再贅述。In this embodiment, n = 3. For the second electronic device 1b, there is also the next electronic device 1c. Therefore, steps 50 and 51 are not established, and details are not described herein again.

[接收端]:第3個電子裝置1c,以下參閱圖6,及圖2~圖4。[Receiving end]: The third electronic device 1c, please refer to FIG. 6 and FIGS. 2 to 4 below.

該第3個電子裝置1c會重複步驟41~51,當然,若m=4、5、6、7、8、9、10,或10以上,也都會重複步驟41~51。為了更清楚的說明本實施例,以下針對第3個電子裝置1c之步驟進一步說明如下:The third electronic device 1c will repeat steps 41 to 51. Of course, if m = 4, 5, 6, 7, 8, 9, 10, or more, steps 41 to 51 will also be repeated. In order to explain this embodiment more clearly, the following steps for the third electronic device 1c are further described as follows:

步驟41:載入前一個電子裝置1b的數據封包2。由於前一個電子裝置是電子裝置1b,因此,該數據封包2包括該加密文件21,及3個變動金鑰密文eDocKey1、eDocKey2、eDocKey3。Step 41: Load the data packet 2 of the previous electronic device 1b. Since the previous electronic device is the electronic device 1b, the data packet 2 includes the encrypted file 21 and the three key ciphertexts eDocKey1, eDocKey2, and eDocKey3.

步驟42:以該私鑰PrivateKey3解密由該公鑰PublicKey3加密的變動金鑰密文eDocKey3,而獲得該變動金鑰DocKey2。Step 42: Use the private key PrivateKey3 to decrypt the changed key ciphertext eDocKey3 encrypted by the public key PublicKey3, and obtain the changed key DocKey2.

步驟43:以步驟42所獲得的變動金鑰DocKey2解密該加密文件21,獲得該加密文件21之數位資訊。Step 43: Decrypt the encrypted file 21 with the modified key DocKey2 obtained in step 42 to obtain digital information of the encrypted file 21.

步驟44:結合第三用戶之簽章訊息Sig3於該加密文件21的數位資訊中。Step 44: Combine the signature information Sig3 of the third user in the digital information of the encrypted file 21.

步驟45:以對稱加密演算法,產生另一變動金鑰DocKey3。Step 45: Using a symmetric encryption algorithm, generate another variable key DocKey3.

步驟46:以步驟45的變動金鑰DocKey3加密步驟44的加密文件21。Step 46: The encrypted file 21 in step 44 is encrypted with the modified key DocKey3 in step 45.

步驟47:根據選定訊號M判斷是否傳送下一個電子裝置,如果是,進行步驟47,如果否,進行步驟50。Step 47: Determine whether to transmit the next electronic device according to the selected signal M. If yes, go to step 47. If no, go to step 50.

步驟48:以第1個電子裝置1a的公鑰PublicKey1~第m個已接收該數據封包2之電子裝置的公鑰與下一個電子裝置的公鑰加密步驟45的變動金鑰DocKey2,產生m+1個變動金鑰密文。Step 48: The public key PublicKey1 of the first electronic device 1a ~ the public key of the m electronic device that has received the data packet 2 and the public key of the next electronic device are used to encrypt the changed key DocKey2 of step 45 to generate m + 1 change key ciphertext.

步驟49:輸出包括步驟46之加密文件21及步驟48之變動金鑰密文eDocKey1、eDocKey2、eDocKey3的數據封包2給下一個電子裝置。Step 49: Output the data packet 2 including the encrypted file 21 of step 46 and the changed key cipher text eDocKey1, eDocKey2, and eDocKey3 of step 48 to the next electronic device.

在本實施例中,n=3,對於第3個電子裝置1c而言,並沒有下一個電子裝置1,因此,步驟48、步驟49並不成立,於此不再贅述。In this embodiment, n = 3. For the third electronic device 1c, there is no next electronic device 1. Therefore, steps 48 and 49 are not established, and details are not described herein again.

步驟50:以n個電子裝置的公鑰加密步驟45的變動金鑰DocKey2,產生n個變動金鑰密文。Step 50: Encrypt the modified keys DocKey2 in step 45 with the public keys of the n electronic devices to generate n modified key ciphertexts.

由於n=3,且目前是第3個電子裝置1c載入該數據封包2,因此,m=n=3,所以,在步驟50中,會以第3個電子裝置1c的公鑰PublicKey3,與第1個電子裝置1a的公鑰PublicKey1、第2個電子裝置1b的公鑰PublicKey2加密步驟45的變動金鑰Dockey3後,產生3個變動金鑰密文eDocKey1、eDocKey2、eDocKey3。Since n = 3 and the third electronic device 1c is currently loaded with the data packet 2, m = n = 3, so in step 50, the public key 3 of the third electronic device 1c will be used, and The public key PublicKey1 of the first electronic device 1a and the public key PublicKey2 of the second electronic device 1b encrypt the changed key Dockey3 in step 45, and then generate three changed key ciphertexts eDocKey1, eDocKey2, and eDocKey3.

步驟51:輸出包括步驟46之加密文件21及步驟50之變動金鑰密文eDocKey1、eDocKey2、eDocKey3的數據封包2給前述第1個電子裝置1a~第m-1個電子裝置。Step 51: Output the data packet 2 including the encrypted file 21 of step 46 and the changed key cipher text eDocKey1, eDocKey2, and eDocKey3 of step 50 to the aforementioned first electronic device 1a to the m-1th electronic device.

由於n=3,且目前是第3個電子裝置1c載入該數據封包2,因此,m=n=3,所以,在步驟51中,會輸出變動金鑰密文eDocKey1、eDocKey2、eDocKey3的數據封包2給前述第1個電子裝置1a~第2個電子裝置1b。Since n = 3 and the third electronic device 1c is currently loading the data packet 2, m = n = 3, so in step 51, the data of the changed key ciphertext eDocKey1, eDocKey2, and eDocKey3 will be output. The packet 2 is for the first electronic device 1a to the second electronic device 1b.

藉此,只有第1個電子裝置1a、第2個電子裝置1b與第3個電子裝置1c,能夠各自以私鑰PrivateKey1、PrivateKey2、 PrivateKey3解密變動金鑰密文eDocKey1、eDocKey2、eDocKey3取得變動金鑰DocKey3,同時各自解密加密文件21中的數位資訊。As a result, only the first electronic device 1a, the second electronic device 1b, and the third electronic device 1c can decrypt the changed key ciphertext eDocKey1, eDocKey2, and eDocKey3 with the private keys PrivateKey1, PrivateKey2, and PrivateKey3, respectively. DocKey3, while decrypting the digital information in the encrypted file 21 at the same time.

根據前述,該等數據封包2在第1個電子裝置1a、第2個電子裝置1b、第3個電子裝置1c間依順序傳送,而達到連續且順序簽署的目的。According to the foregoing, the data packets 2 are sequentially transmitted between the first electronic device 1a, the second electronic device 1b, and the third electronic device 1c, so as to achieve the purpose of continuous and sequential signature.

另外,值得說明的是,當預定用戶完成連續且順序簽署的流程後,第1個電子裝置1a、第2個電子裝置1b與第3個電子裝置1c只需重複步驟41~步驟43,就可以獲得加密文件21之數位資訊。In addition, it is worth noting that after the scheduled user completes the continuous and sequential signing process, the first electronic device 1a, the second electronic device 1b, and the third electronic device 1c only need to repeat steps 41 to 43, and then Obtain digital information of encrypted file 21.

參閱圖圖7與圖8~圖11,是本發明一式多份之文件的保密簽署方法的一第二實施例。Referring to FIG. 7 and FIG. 8 to FIG. 11, a second embodiment of a method for confidentially signing multiple documents in accordance with the present invention is shown.

在該第二實施例中,同樣適用於在n個電子裝置間傳送及接數加密文件21,其中,第m個電子裝置為目前正被操作的電子裝置。以下以同樣以n=3為例,該等電子裝置1a、1b、1c分別屬於第一用戶、第二用戶、第三用戶,並分別擁用公開且用於加密之公鑰PublicKey1、PublicKey2、PublicKey3,及對應前述公鑰PublicKey1、PublicKey2、PublicKey3且用於解密之私鑰PrivateKey1、PrivateKey2、PrivateKey3。In this second embodiment, it is also suitable for transmitting and receiving encrypted files 21 among n electronic devices, where the m-th electronic device is an electronic device currently being operated. The following also takes n = 3 as an example. The electronic devices 1a, 1b, and 1c belong to the first user, the second user, and the third user, respectively, and each holds a public key used for encryption, PublicKey1, PublicKey2, and PublicKey3. , And private keys PrivateKey1, PrivateKey2, PrivateKey3 corresponding to the aforementioned public keys PublicKey1, PublicKey2, PublicKey3 and used for decryption.

第1個電子裝置1a是為加密文件21發起簽章的發送端,第2個電子裝置1b、第3個電子裝置1c為接收端,同時,也是將加密文件21回傳送給第1個電子裝置1a的發送端。該等電子裝置1a、1b、1c分別通過一應用程式實現以下步驟:The first electronic device 1a is the sender that initiates the signature for the encrypted file 21. The second electronic device 1b and the third electronic device 1c are the receivers. At the same time, the encrypted file 21 is also transmitted to the first electronic device. The sending end of 1a. The electronic devices 1a, 1b, and 1c respectively implement the following steps through an application program:

[接收端]:第2個電子裝置1b~第m個電子裝置,由於m=n=3, 因此,分別是以第2個電子裝置1b、第3個電子裝置1c為接收端 ,以下參閱圖12,及圖9、圖10。[Receiving end]: Since the second electronic device 1b to the mth electronic device have m = n = 3, the second electronic device 1b and the third electronic device 1c are the receiving ends, respectively. 12, and Figures 9 and 10.

步驟61:載入該數據封包2。該數據封包2包括該加密文件21,及3個變動金鑰密文eDocKey1.1、eDocKey1.2、eDocKey1.3。該加密文件21具有能夠被一變動金鑰DocKey1解密的數位資訊,該等變動金鑰密文eDocKey1.1、eDocKey1.2、eDocKey1.3由3個公鑰PublicKey1、PublicKey2、PublicKey3分別加密該變動金鑰DocKey1(如圖8)所產生。Step 61: Load the data packet 2. The data packet 2 includes the encrypted file 21, and three changed key cipher texts eDocKey1.1, eDocKey1.2, and eDocKey1.3. The encrypted file 21 has digital information that can be decrypted by a variable key DocKey1. The variable key cipher texts eDocKey1.1, eDocKey1.2, and eDocKey1.3 are respectively encrypted by three public keys PublicKey1, PublicKey2, and PublicKey3. The key DocKey1 (see Figure 8) is generated.

步驟62:以該私鑰PrivateKey2(私鑰PrivateKey3)解密由該公鑰PublicKey2(PublicKey3)加密的變動金鑰密文eDocKey1.2 (eDocKey1.3),而獲得該變動金鑰DocKey1(如圖8)。Step 62: Use the private key PrivateKey2 (PrivateKey3) to decrypt the ciphertext eDocKey1.2 (eDocKey1.3) encrypted by the public key PublicKey2 (PublicKey3), and obtain the DocKey1 (Figure 8) .

步驟63:以步驟62所獲得的變動金鑰DocKey1(如圖8)解密該加密文件21,獲得該加密文件21之數位資訊。Step 63: Decrypt the encrypted file 21 with the modified key DocKey1 (see FIG. 8) obtained in step 62, and obtain the digital information of the encrypted file 21.

步驟64:結合第二用戶(第三用戶)之簽章訊息Sig2(Sig3)於該加密文件21的數位資訊中。Step 64: Combine the signature information Sig2 (Sig3) of the second user (third user) in the digital information of the encrypted file 21.

步驟65:以對稱加密演算法,產生另一變動金鑰DocKey2.1(DocKey2.2)。Step 65: Using a symmetric encryption algorithm, generate another change key DocKey2.1 (DocKey2.2).

步驟66:以第1個電子裝置1a的公鑰PublicKey1與目前做為接收端之第m個電子裝置的公鑰加密步驟65的變動金鑰DocKey2.1(DocKey2.2),產生2個變動金鑰密文。Step 66: Use the public key PublicKey1 of the first electronic device 1a and the public key of the mth electronic device currently serving as the receiving end to encrypt the changed key DocKey2.1 (DocKey2.2) in step 65, and generate 2 changed funds Key ciphertext.

以第2個電子裝置1b為例,步驟66會以第1個電子裝置1a的公鑰PublicKey1(如圖8)與對應第2個電子裝置1b的公鑰PublicKey2加密步驟65的變動金鑰DocKey2.1,產生2個變動金鑰密文eDocKey2.1.1、eDocKey2.1.2。Taking the second electronic device 1b as an example, step 66 will use the public key PublicKey1 (see Figure 8) of the first electronic device 1a and the public key PublicKey2 corresponding to the second electronic device 1b to encrypt the changed key DocKey2 of step 65. 1. Generates two changed key ciphertexts eDocKey2.1.1 and eDocKey2.1.2.

以第3個電子裝置1c為例,步驟66會以第1個電子裝置1a的公鑰PublicKey1(如圖8)與對應第3個電子裝置1c的公鑰PublicKey3加密步驟65的變動金鑰DocKey2.2,產生2個變動金鑰密文eDocKey2.2.1、eDocKey2.2.3。Taking the third electronic device 1c as an example, step 66 will use the public key PublicKey1 (see Figure 8) of the first electronic device 1a and the public key PublicKey3 corresponding to the third electronic device 1c to encrypt the changed key DocKey2 of step 65. 2. Generate two changed key ciphertexts eDocKey2.2.1 and eDocKey2.2.3.

步驟67:以步驟65的變動金鑰DocKey2.1(DocKey2.2)加密步驟64的加密文件21。Step 67: Encrypt the encrypted file 21 in step 64 with the modified key DocKey2.1 (DocKey2.2) in step 65.

步驟68:輸出包括步驟67之加密文件21及步驟66之變動金鑰密文eDocKey2.1.1、eDocKey2.1.2(eDocKey2.2.1、eDocKey2.2.3)的數據封包2.1(數據封包2.2)。Step 68: Output the data packet 2.1 (data packet 2.2) including the encrypted file 21 of step 67 and the changed key cipher text eDocKey2.1.1, eDocKey2.1.2 (eDocKey2.2.1, eDocKey2.2.3) of step 66.

[傳送端] :第1個電子裝置1a,以下參閱圖13,及圖8、圖11。[Transmitting end]: The first electronic device 1a, please refer to FIG. 13 and FIGS. 8 and 11 below.

步驟71:結合第一用戶之簽章訊息Sig1於該加密文件21的數位資訊中。Step 71: Combine the signature information Sig1 of the first user in the digital information of the encrypted file 21.

步驟72:以對稱加密演算法,產生能夠在步驟62中被解密的變動金鑰DocKey1。Step 72: Using a symmetric encryption algorithm, generate a variable key DocKey1 that can be decrypted in step 62.

步驟73:以n個電子裝置的公鑰加密步驟72的變動金鑰DocKey1,並產生n個變動金鑰密文。Step 73: Encrypt the modified keys DocKey1 of step 72 with the public keys of the n electronic devices, and generate n modified key ciphertexts.

由於n=3,所以,步驟73會以第1個電子裝置1a的公鑰PublicKey1、第2個電子裝置1b(如圖9)的公鑰PublicKey2(如圖9)、第3個電子裝置1c(如圖10)的公鑰PublicKey3(如圖10)加密該變動金鑰DocKey1,並產生3個變動金鑰密文eDocKey1.1、eDocKey1.2、eDocKey1.3。Since n = 3, step 73 will use the public key PublicKey1 of the first electronic device 1a, PublicKey2 (see Figure 9) of the second electronic device 1b (see Figure 9), and the third electronic device 1c ( The public key PublicKey3 (see Figure 10) (see Figure 10) encrypts the changed key DocKey1 and generates three changed key ciphertexts eDocKey1.1, eDocKey1.2, and eDocKey1.3.

步驟74:以步驟72的變動金鑰DocKey1加密步驟71的加密文件21。Step 74: The encrypted file 21 in step 71 is encrypted with the modified key DocKey1 in step 72.

步驟75:將步驟74的加密文件21與n個變動金鑰密文結合成n-1個數據封包2。Step 75: Combine the encrypted file 21 of step 74 and the n changed key ciphertexts into n-1 data packets 2.

由於n=3,且有3個變動金鑰密文eDocKey1.1、eDocKey1.2、eDocKey1.3,因此,步驟74的加密文件21會與3個變動金鑰密文eDocKey1.1、eDocKey1.2、eDocKey1.3結合成2個數據封包2。Since n = 3, and there are 3 changed key ciphertexts eDocKey1.1, eDocKey1.2, and eDocKey1.3, the encrypted file 21 in step 74 will be compared with 3 changed key ciphertexts eDocKey1.1 and eDocKey1.2. , EDocKey1.3 combined into 2 data packets 2.

步驟76:如圖7,輸出該等數據封包2給第2個電子裝置1b~第m個電子裝置。Step 76: As shown in FIG. 7, the data packets 2 are output to the second electronic device 1b to the m-th electronic device.

由於m=n=3,所以,步驟76是輸出該等數據封包2給第2個電子裝置1b、第3個電子裝置1c。Since m = n = 3, step 76 is to output the data packets 2 to the second electronic device 1b and the third electronic device 1c.

步驟77:參閱圖13,及圖11,載入第2個電子裝置1b~第m個電子1c在步驟68所輸出的該等數據封包2.1、數據封包2.2。Step 77: Referring to FIG. 13 and FIG. 11, load the data packets 2.1 and data packets 2.2 output by the second electronic device 1b to the m-th electronic 1c in step 68.

步驟78:以第1個電子裝置1a的私鑰PrivateKey1解密步驟77中該等數據封包2.1、數據封包2.2中對應之變動金鑰密文eDocKey2.1.1、eDocKey2.2.1(eDocKey2.2.1、eDocKey2.2.3,如圖9與圖10),而獲得步驟65的變動金鑰DocKey2.1、DocKey2.2(如圖9與圖10)。Step 78: The private key PrivateKey1 of the first electronic device 1a is used to decrypt the data packet 2.1 and data packet 2.2 corresponding to the changed key cipher text eDocKey2.1.1, eDocKey2.2.1 (eDocKey2.2.1, eDocKey2.2.3) in step 77. (See FIG. 9 and FIG. 10), and obtain the modified keys DocKey2.1 and DocKey2.2 in step 65 (see FIG. 9 and FIG. 10).

步驟79:以步驟78獲得的變動金鑰DocKey2.1、DocKey2.2(如圖9與圖10)解密該等加密文件21,獲得該等加密文件21之數位資訊。Step 79: Decrypt the encrypted files 21 with the modified keys DocKey2.1 and DocKey2.2 (see Figs. 9 and 10) obtained in step 78, and obtain the digital information of the encrypted files 21.

步驟80:將所有簽章訊息Sig1、Sig3結合於其中一數據封包(本實施例中以收據封包2.1為例)之加密文件21的數位資訊中,及將第2個電子裝置1b~第m個電子裝置在步驟64中的加密文件21以附件方式嵌入前述結合所有簽章訊息Sig1、Sig3的加密文件21中。Step 80: Combine all the signature information Sig1 and Sig3 in the digital information of the encrypted file 21 in one of the data packets (take the receipt packet 2.1 as an example in this embodiment), and combine the second electronic device 1b ~ m The encrypted file 21 of the electronic device in step 64 is embedded as an attachment in the aforementioned encrypted file 21 combining all the signature messages Sig1 and Sig3.

由於m=n=3,所以,步驟80是將第2個電子裝置1b~第3個電子裝置1c在步驟64中的加密文件21以附件方式嵌入前述結合所有簽章訊息Sig1、Sig3的加密文件21中。Since m = n = 3, step 80 is to embed the encrypted file 21 of the second electronic device 1b to the third electronic device 1c in step 64 as an attachment in the aforementioned encrypted file combining all the signature messages Sig1 and Sig3. 21 in.

步驟81:產生最終的一變動金鑰DocKey3。Step 81: Generate a final change key DocKey3.

步驟82:以n個公鑰加密步驟81的變動金鑰DocKey3產生n個變動金鑰密文。在本實施例中是以3個公鑰PublicKey1、PublicKey2、PublicKey3加密步驟81的變動金鑰DocKey3,產生3個變動金鑰密文eDocKey3.1、eDocKey3.2、eDocKey3.3。Step 82: Encrypt the modified keys DocKey3 in step 81 with n public keys to generate n modified key ciphertexts. In this embodiment, three public keys PublicKey1, PublicKey2, and PublicKey3 are used to encrypt the modified key DocKey3 in step 81 to generate three modified key ciphertexts eDocKey3.1, eDocKey3.2, and eDocKey3.3.

步驟83:以步驟81之最終變動金鑰DocKey3加密步驟80的加密文件21。Step 83: The encrypted file 21 in step 80 is encrypted with the final changed key DocKey3 in step 81.

步驟84:刪除步驟81產生的最終變動金鑰DocKey3。Step 84: Delete the final change key DocKey3 generated in step 81.

步驟85:輸出包括步驟83之加密文件21及步驟82之變動金鑰密文的最終的一數據封包2’給前述第2個電子裝置1b~第m個電子裝置。Step 85: Output a final data packet 2 'including the encrypted file 21 of step 83 and the changed key cipher text of step 82 to the aforementioned second electronic device 1b to the m-th electronic device.

由於m=n=3,所以,步驟85輸出最終的數據封包2’給第2個電子裝置1b~第3個電子裝置1c。Since m = n = 3, step 85 outputs the final data packet 2 'to the second electronic device 1b to the third electronic device 1c.

藉此,只有第1個電子裝置1a、第2個電子裝置1b與第3個電子裝置1c,能各自以私鑰PrivateKey1、PrivateKey2、 PrivateKey3解密eDocKey3.1、eDocKey3.2、eDocKey3.3取得變動金鑰DocKey3,同時各自解密加密文件21中的數位資訊。As a result, only the first electronic device 1a, the second electronic device 1b, and the third electronic device 1c can decrypt the eDocKey3.1, eDocKey3.2, and eDocKey3.3 with the private keys PrivateKey1, PrivateKey2, and PrivateKey3, respectively, to obtain the change money. The key DocKey3 simultaneously decrypts the digital information in the encrypted file 21 at the same time.

根據前述,該數據封包2是由該第1個電子裝置1a同時傳送給該第2個電子裝置1b、第3個電子裝置1c,而達到多人同步簽署的目的。According to the foregoing, the data packet 2 is simultaneously transmitted by the first electronic device 1a to the second electronic device 1b and the third electronic device 1c, thereby achieving the purpose of simultaneous signature by multiple persons.

另外,值得說明的是,當預定用戶完成同步簽署的流程後,第1個電子裝置1a、第2個電子裝置1b與第3個電子裝置1c只需重複步驟61~步驟63,就可以獲得加密文件21之數位資訊。In addition, it is worth noting that after the scheduled user completes the synchronous signing process, the first electronic device 1a, the second electronic device 1b, and the third electronic device 1c need only repeat steps 61 to 63 to obtain encryption. Digital Information for Document 21.

參閱圖1、圖7與圖14與圖15,本發明一式多份之文件的公證方法,以一公證裝置10為工具,該公證裝置10屬於一公證人,並擁用公開且用於加密之公證公鑰PublicKey4,及對應前述公證公鑰PublicKey4且用於解密之公證私鑰PrivateKey4。Referring to FIG. 1, FIG. 7, and FIG. 14 and FIG. 15, the notarization method for multiple documents of the present invention uses a notarization device 10 as a tool, and the notarization device 10 belongs to a notary public, and uses public and encrypted Notarized public key PublicKey4, and notarized private key PrivateKey4 corresponding to the aforementioned notarized public key PublicKey4 and used for decryption.

該公證裝置10通過一應用程式實現以下步驟:。The notary device 10 implements the following steps through an application:.

步驟91:接收數據封包2(2’)。該數據封包2(2’)可以是第二實施例中步驟85之最終的數據封包2’,或第一實施例中步驟58的數據封包2。Step 91: Receive a data packet 2 (2 '). The data packet 2 (2 ') may be the final data packet 2' in step 85 in the second embodiment, or the data packet 2 in step 58 in the first embodiment.

步驟92:根據一封印條件,及該公證公鑰PublicKey4加密該數據封包2(2’),並產生一公證密文eNotary。Step 92: The data packet 2 (2 ') is encrypted according to a seal condition and the notarized public key PublicKey4, and a notarized cipher text eNotary is generated.

步驟93:產生包括步驟91之數據封包2(2’),及步驟92之公證密文eNotary的一公證封包2”。Step 93: Generate a notarized packet 2 "including the data packet 2 (2 ') of step 91 and the notarized cipher text eNotary of step 92".

此時,對於該公證裝置10的公證人而言,會因為無法解密己經加密過的數據封包2(2’),而能在不知道加密文件21之內容的情況下,對加密文件21作不可否認性及不可修改性的內容公證。At this time, for the notary of the notary device 10, because the encrypted data packet 2 (2 ') cannot be decrypted, the encrypted file 21 can be processed without knowing the content of the encrypted file 21 Notarization and non-modifiable content notarization.

值得說明的是,在步驟93中,也可以將前述公證封包2”傳送給電子裝置1a、第2電子裝置1b,及第3電子裝置1c留存,對於第1電子裝置1a、第2電子裝置1b,及第3電子裝置1c之第一用戶、第二用戶、第三用戶而言,會因為沒有對應該公證公鑰PublicKey4的公證私鑰PrivateKey4,而無法解密該公證封包2”中的公證密文eNotary,同樣達到不可否認性及不可修改性。It is worth noting that in step 93, the aforementioned notarized packet 2 "may be transmitted to the electronic device 1a, the second electronic device 1b, and the third electronic device 1c, and the first electronic device 1a and the second electronic device 1b may be retained. , And the first user, the second user, and the third user of the third electronic device 1c will not be able to decrypt the notarized cipher text in the notarized packet 2 because the notarized private key PrivateKey4 corresponding to the notarized public key PublicKey4. eNotary, also achieves non-repudiation and unmodifiability.

步驟94:在該封印條件被解除時,以對應該公證公鑰PublicKey4的公證私鑰PrivateKey4解密該公證封包2”中的公證密文eNotary,獲得該數據封包2(2’)。Step 94: When the seal condition is released, the notarized cipher text eNotary in the notarized packet 2 "is decrypted with the notarized private key PrivateKey4 corresponding to the notarized public key PublicKey4, and the data packet 2 (2 ') is obtained.

前述封印條件可以是電子式或手動式,以加密文件21是合約為例,電子式封印條件可以是日期條件,例如:合約在2016年1月1日簽署完成,並設定2017年1月1日自動解除封印條件。以加密文件21是遺囑為例,手動式封印條件可以是人為條件,例如:立遺囑人在無法預期的某一日期死亡,則立遺囑人的死亡日來臨時,即解除封印條件。The aforementioned seal conditions can be electronic or manual. The encrypted file 21 is a contract as an example. The electronic seal conditions can be date conditions. For example, the contract was signed on January 1, 2016, and set January 1, 2017. Automatically release the seal condition. Taking the encrypted file 21 as a testament as an example, the manual seal condition may be a human condition. For example, if the testator dies on a date that cannot be expected, the death of the testator will come to an end and the seal condition will be lifted.

步驟95:將該數據封包2(2’)傳送給前述n個電子裝置,在本實施例中是傳送給第1電子裝置1a、第2電子裝置1b,及第3電子裝置1c。Step 95: The data packet 2 (2 ') is transmitted to the aforementioned n electronic devices, in this embodiment, it is transmitted to the first electronic device 1a, the second electronic device 1b, and the third electronic device 1c.

藉此,載入該數據封包23的第1電子裝置1a、或第2電子裝置1b、或第3電子裝置1c,都能各自以私鑰PrivateKey1(如圖2、圖8)、PrivateKey2(如圖3、圖9)、PrivateKey3(如圖4、圖10)解密eDocKey1(eDocKey3.1)、eDocKey2(eDocKey3.2)、eDocKey3(eDocKey3.3)取得變動金鑰DocKey3(DocKey3),同時各自解密加密文件21中的數位資訊。As a result, the first electronic device 1a, the second electronic device 1b, or the third electronic device 1c loaded in the data packet 23 can each use the private key PrivateKey1 (as shown in Figs. 2 and 8) and PrivateKey2 (as shown in the figures). (3, Figure 9), PrivateKey3 (Figure 4, Figure 10) decrypt eDocKey1 (eDocKey3.1), eDocKey2 (eDocKey3.2), eDocKey3 (eDocKey3.3) to obtain the change key DocKey3 (DocKey3), and at the same time decrypt the encrypted file Digital information in 21.

經由以上的說明,可將前述實施例的優點歸納如下:Through the above description, the advantages of the foregoing embodiments can be summarized as follows:

1、本發明以前述特殊的加密方式,同樣只有設定的用戶,才能以個人的私鑰獲得解密該加密文件21的變動金鑰,因此,即使加密文件21在中途被截取,或由非設定用戶取得副本,也無法解密該加密文件21的內容,而易於保存與流通,重要的是,結合以變動金鑰加密、解密該加密文件21的方式,可以使該加密文件21通過數據封包依序或同時向多人傳送或複製,達到連續且順序簽署的目的,或多人同步簽署的目的,大褔降低管理的成本。1. The present invention uses the aforementioned special encryption method. Similarly, only the set user can obtain the changed key for decrypting the encrypted file 21 with the personal private key. Therefore, even if the encrypted file 21 is intercepted in the middle, or by a non-set user After obtaining a copy, the content of the encrypted file 21 cannot be decrypted, and it is easy to save and circulate. It is important to combine the method of encrypting and decrypting the encrypted file 21 with a change key to make the encrypted file 21 sequentially or through data packets. Simultaneous transmission or copying to multiple people, to achieve the purpose of continuous and sequential signing, or the purpose of simultaneous signing by multiple people, greatly reducing the cost of management.

2、再者,本發明可以配合前述公證方法,使公證人在不知道加密文件21之內容的情況下,對加密文件21作不可否認性及不可修改性的內容公證,同時也可以使第一用戶、第二用戶、第三用戶無法解密該公證封包2”,同樣達到不可否認性及不可修改性,而確保隱私與安全性。2. Furthermore, the present invention can cooperate with the aforementioned notarization method, so that the notary public can notarize and deny the content of the encrypted file 21 without knowing the content of the encrypted file 21, and can also make the first The user, the second user, and the third user cannot decrypt the notarized packet 2 ", which also achieves non-repudiation and non-modifiability, ensuring privacy and security.

3、另外,由於本發明可以限定解密的用戶,因此,設定的用戶不一定為簽署人,也可以只是獲得授權而能夠依特定權限(如僅能閱讀或匯出)操作文件之特定人,因此,本發明也可以應用在電子書的販售與發佈,藉此,只有付費或滿足條件的用戶,才能以個人的私鑰獲得解密該加密文件21的變動金鑰,其它非法用戶即使取得數據封包23,也無法開啟加密文件21,當然,該加密文件21可以通過權限設定,防止資訊內容被提取,或禁止用戶更改變動金鑰及變動金鑰密文,而提升加密文件21的安全性。3. In addition, since the present invention can limit the users to be decrypted, the set user may not be the signatory, but it can also be a specific person who is authorized to operate the file with specific permissions (such as only being able to read or export). The present invention can also be applied to the sale and distribution of e-books, whereby only users who pay or meet the conditions can obtain the changed key for decrypting the encrypted file 21 with their personal private keys, and other illegal users can obtain data packets 23. It is also impossible to open the encrypted file 21. Of course, the encrypted file 21 can be protected from information content extraction through the permission setting, or the user is prohibited from changing the changed key and the changed key ciphertext, thereby improving the security of the encrypted file 21.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, any simple equivalent changes and modifications made according to the scope of the patent application and the contents of the patent specification of the present invention are still Within the scope of the invention patent.

1a~1c‧‧‧電子裝置 1a ~ 1c‧‧‧Electronic device

10‧‧‧公證裝置10‧‧‧Notary device

2、2`‧‧‧數據封包2, 2`‧‧‧ Data Packet

2.1‧‧‧數據封包2.1‧‧‧Data Packet

2.2‧‧‧數據封包2.2‧‧‧Data Packet

21‧‧‧加密文件21‧‧‧ encrypted file

2``‧‧‧公證封包2``‧‧‧Notarized packet

31~36‧‧‧步驟流程31 ~ 36‧‧‧step flow

41~52‧‧‧步驟流程41 ~ 52‧‧‧step flow

61~68‧‧‧步驟流程61 ~ 68‧‧‧step flow

71~85‧‧‧步驟流程71 ~ 85‧‧‧step flow

91~95‧‧‧步驟流程 91 ~ 95‧‧‧step flow

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一示意圖,說明本發明一式多份之文件的保密簽署方法的一第一實施例; 圖2是一示意圖,說明該第一實施例中第1個電子裝置對加密文件進行加密,及其輸出的數據封包; 圖3是一示意圖,說明該第一實施例中第2個電子裝置對加密文件進行加密,及其輸出的數據封包; 圖4是一示意圖,說明該第一實施例中第3個電子裝置對加密文件進行加密,及其輸出的數據封包; 圖5是該第一實施例中一傳送端的一流程圖; 圖6是該第一實施例中一接收端的一流程圖; 圖7是一示意圖,說明本發明一式多份之文件的保密簽署方法的一第二實施例; 圖8是一示意圖,說明該第二實施例中第1個電子裝置對加密文件進行加密,及其輸出的數據封包; 圖9是一示意圖,說明該第二實施例中第2個電子裝置對加密文件進行加密,及其輸出的數據封包; 圖10是一示意圖,說明該第二實施例中第3個電子裝置對加密文件進行加密,及其輸出的數據封包; 圖11是一示意圖,說明該第二實施例中第1個電子裝置再一次對加密文件進行加密; 圖12是該第二實施例中一接收端的一流程圖; 圖13是該第二實施例中一傳送端的一流程圖; 圖14是前述實施例之公證方法的一示意圖,說明一公證裝置加密前述數據封包,及其產生的一公證封包;及 圖15是前述實施例之公證方法的一流程圖。Other features and effects of the present invention will be clearly presented in the embodiment with reference to the drawings, in which: FIG. 1 is a schematic diagram illustrating a first embodiment of a method for confidentially signing multiple documents of the present invention; FIG. 2 is a schematic diagram illustrating the encryption of the encrypted file by the first electronic device in the first embodiment and the data packet output therefrom; FIG. 3 is a schematic diagram illustrating the encryption of the second electronic device in the first embodiment The file is encrypted, and the data packet it outputs; Figure 4 is a schematic diagram illustrating the encryption of the encrypted file by the third electronic device in the first embodiment, and the data packet that it outputs; Figure 5 is the first embodiment FIG. 6 is a flowchart of a receiving end in the first embodiment; FIG. 7 is a schematic diagram illustrating a second embodiment of a method for confidentially signing multiple documents in accordance with the present invention; FIG. 8 is a schematic diagram illustrating the first electronic device in the second embodiment to encrypt the encrypted file and the data packet output therefrom; FIG. 9 is a schematic diagram illustrating the second embodiment in the second embodiment The electronic device encrypts the encrypted file and its output data packet; FIG. 10 is a schematic diagram illustrating the third electronic device encrypts the encrypted file and its output data packet in the second embodiment; FIG. 11 is a A schematic diagram illustrating that the first electronic device in the second embodiment encrypts the encrypted file again; FIG. 12 is a flowchart of a receiving end in the second embodiment; FIG. 13 is a flowchart of a transmitting end in the second embodiment A flowchart; FIG. 14 is a schematic diagram of the notary method of the foregoing embodiment, illustrating a notary device encrypting the aforementioned data packet and a notary packet generated by it; and FIG. 15 is a flowchart of the notary method of the foregoing embodiment.

Claims (13)

一種一式多份之文件的保密簽署方法,適用於在n個電子裝置間傳送及接收加密文件,每一電子裝置通過一應用程式實現以下步驟: 步驟a:載入前一個電子裝置所傳送的數據封包,該數據封包包括該加密文件,及二個以上的變動金鑰密文,該加密文件具有能夠被一變動金鑰解密的數位資訊,該等變動金鑰密文由二個以上的公鑰分別加密該變動金鑰所產生,且其中一公鑰來自於第1個電子裝置; 步驟b:以對應步驟a之其中一公鑰的一私鑰解密由該公鑰加密的變動金鑰密文,而獲得該變動金鑰; 步驟c:以步驟b所獲得的變動金鑰解密該加密文件,獲得該加密文件之數位資訊。A method for confidentially signing multiple documents is suitable for transmitting and receiving encrypted documents between n electronic devices. Each electronic device implements the following steps through an application program: Step a: Load the data transmitted by the previous electronic device. Packet, the data packet includes the encrypted file and two or more changed key ciphertexts, the encrypted file has digital information that can be decrypted by a changed key, and the changed key ciphertexts are composed of two or more public keys Generate the encrypted encryption key separately, and one of the public keys comes from the first electronic device; Step b: Decrypt the encrypted ciphertext of the modified key encrypted by the public key with a private key corresponding to one of the public keys in step a To obtain the changed key; step c: decrypt the encrypted file with the changed key obtained in step b to obtain digital information of the encrypted file. 如請求項1所述的一式多份之文件的保密簽署方法,每一個做為接收端之電子裝置通過該應用程式還包含在步驟c後的 步驟d:結合簽章訊息於該加密文件的數位資訊中; 步驟e:產生另一變動金鑰; 步驟f:以步驟e的變動金鑰加密步驟d的加密文件; 步驟g:判斷是否傳送下一個電子裝置,如果是,進行步驟h-1,如果否,進行步驟h-3; 步驟h-1:以第1個電子裝置的公鑰至第m個已接收該數據封包之電子裝置的公鑰與下一個電子裝置的公鑰加密步驟e的變動金鑰,產生m+1個變動金鑰密文,其中,m為目前做為接收端之電子裝置,且n≥2,m≦n; 步驟h-2:輸出包括步驟f之加密文件及步驟h-1之變動金鑰密文的數據封包給下一個電子裝置; 步驟h-3:以n個已接收該數據封包之電子裝置的公鑰加密步驟e的變動金鑰,產生n個變動金鑰密文;及 步驟h-4:輸出包括步驟f之加密文件21及步驟h-3之變動金鑰密文的數據封包給前述第1個電子裝置1a~第m-1個電子裝置。As described in claim 1, each electronic device serving as a receiving end, through the application, further includes step c after step c: combining the signature information with the digits of the encrypted file In the information; Step e: Generate another changed key; Step f: Encrypt the encrypted file of step d with the changed key of step e; Step g: Determine whether to transmit the next electronic device, and if so, go to step h-1, If not, go to step h-3; Step h-1: Encrypt the public key of the first electronic device to the public key of the mth electronic device that has received the data packet and the public key of the next electronic device. Change the key to generate m + 1 ciphertext of the changed key, where m is the electronic device currently used as the receiving end, and n≥2, m ≦ n; Step h-2: Output the encrypted file including step f and The data packet of the changed key ciphertext in step h-1 is sent to the next electronic device; step h-3: the public key of the n electronic devices that have received the data packet is used to encrypt the changed keys in step e to generate n changes Key ciphertext; and step h-4: the output includes step f Secret file 21 and h-3 step changes the key ciphertext data packets to said first electronic device 1a ~ 1 m-1 of the electronic device. 如請求項2所述的一式多份之文件的保密簽署方法,其中,執行步驟a之第2個電子裝置~第m個電子裝置所接收的數據封包,為第m-1個電子裝置在步驟h-2所輸出。The method for confidentially signing multiple documents as described in claim 2, wherein the data packet received by the second electronic device to the mth electronic device in step a is the m-1th electronic device in step h-2 output. 如請求項1所述的一式多份之文件的保密簽署方法,其中,該加密文件的數位資訊還具有一簽名流程訊息, 該簽名流程訊息用於設定輸入簽章訊息之一簽名欄於該加密文件中的位置、簽名者的帳號、簽名者的身分類型、簽名者身分驗證相關資訊、允許簽名者進行簽名的時間區間、允許簽名者進行簽名的地理區間、允許簽名者簽名的裝置代碼、簽名者之簽名順序至少其中之一。The method for confidentially signing multiple copies of a document as described in claim 1, wherein the digital information of the encrypted document also has a signature flow message, and the signature flow message is used to set a signature field of one of the signature information input to the encryption. Location in the file, signer's account number, signer's identity type, signer's identity verification related information, time interval allowed for signer to sign, geographic interval allowed for signer to sign, device code that allowed signer to sign, signature At least one of them must be in order. 如請求項2所述的一式多份之文件的保密簽署方法,其中,執行步驟a之第2個電子裝置~第m個電子裝置所接收的數據封包,皆來自於第1個電子裝置,且m=n。The method for confidentially signing multiple documents as described in claim 2, wherein the data packets received by the second electronic device to the m-th electronic device in step a are all from the first electronic device, and m = n. 如請求項5所述的一式多份之文件的保密簽署方法,第2個電子裝置~第m個電子裝置分別通過該應用程式還包含在步驟c後的 步驟i:結合簽章訊息於該加密文件的數位資訊中; 步驟j:產生另一變動金鑰; 步驟k:以對應第1個電子裝置之私鑰的公鑰與第m個電子裝置之私鑰的公鑰加密步驟j的變動金鑰,並產生2個變動金鑰密文; 步驟l:以步驟j的變動金鑰加密步驟h的加密文件; 步驟o:輸出包括步驟l之加密文件及步驟k之變動金鑰密文的數據封包。According to the method for confidentially signing multiple copies of a document as described in claim 5, the second electronic device to the m-th electronic device respectively through the application also include step i after step c: combining the signature message with the encryption In the digital information of the file; Step j: Generate another change key; Step k: Encrypt the change key of step j with the public key corresponding to the private key of the first electronic device and the private key of the m electronic device Key and generate 2 modified key ciphertexts; Step l: Encrypt the encrypted file of Step h with the changed key of Step j; Step o: Output the data including the encrypted file of Step l and the changed key ciphertext of Step k Packet. 如請求項6所述的一式多份之文件的保密簽署方法,第1個電子裝置還包括在步驟o後的 步驟p:載入第2個電子裝置~第m個電子在步驟o所輸出的該等數據封包; 步驟q:以第1個電子裝置的私鑰解密步驟o中該等數據封包中對應之變動金鑰密文,而獲得步驟j的變動金鑰; 步驟r:以步驟q獲得的變動金鑰解密該等加密文件,獲得該等加密文件之數位資訊。As described in claim 6, the first electronic device further includes step p after step o: loading the second electronic device to the m-th electronic output in step o The data packets; Step q: Decrypt the corresponding changed key ciphertext in step o with the private key of the first electronic device to obtain the changed key in Step j; Step r: Obtain in Step q The encrypted key is used to decrypt the encrypted files and obtain the digital information of the encrypted files. 如請求項7所述的一式多份之文件的保密簽署方法,第1個電子裝置還包括在步驟r後的 步驟s:將所有簽章訊息結合於其中一加密文件的數位資訊中; 步驟t:產生最終的一變動金鑰; 步驟u:以n個公鑰加密步驟t的變動金鑰,產生n個變動金鑰密文; 步驟v:以步驟t最終之變動金鑰加密步驟s的加密文件;及 步驟w:輸出最終且包括步驟v之加密文件及步驟u之變動金鑰密文的數據封包給前述第2個電子裝置~第m個電子裝置。As described in claim 7, the first electronic device further includes a step s after step r: combining all the signature information into the digital information of one of the encrypted files; step t : Generate a final modified key; Step u: Encrypt the modified key of Step t with n public keys to generate n Variable key ciphertexts; Step v: Encrypt the encryption of Step s with the final Changed key of Step t File; and step w: output the final data packet including the encrypted file of step v and the changed key ciphertext of step u to the aforementioned second electronic device to the m-th electronic device. 如請求項8所述的一式多份之文件的保密簽署方法,其中,步驟s的加密文件還進一步結合有來自於步驟r且以附件方式嵌入的其它加密文件。The method for confidentially signing multiple documents as described in claim 8, wherein the encrypted file of step s is further combined with other encrypted files from step r and embedded as an attachment. 如請求項8所述的一式多份之文件的保密簽署方法,還包含在步驟v後、步驟w前的 步驟x:刪除步驟t產生之最終的變動金鑰。The method for confidentially signing a plurality of documents as described in claim 8, further comprising step x after step v and before step w: deleting the final change key generated in step t. 一種如請求項8所述的一式多份之文件的公證方法,由一公證裝置通過一應用程式實現以下步驟: 步驟y1:接收步驟w之最終的數據封包; 步驟y2:以一公證公鑰加密步驟y1之最終的數據封包,並產生一公證密文; 步驟y3:產生包括步驟y1之最終的數據封包,及步驟y2之公證密文的一公證封包;及 步驟y4:以對應該公證公鑰的一公證私鑰解密該公證封包,獲得步驟w之最終的數據封包。A notarization method for multiple documents as described in claim 8, which implements the following steps by an notary device through an application: Step y1: Receive the final data packet of step w; Step y2: Encrypt with a notarized public key The final data packet of step y1 and generates a notarized ciphertext; step y3: generating a final data packet including step y1 and the notarized cipher text of step y2; and step y4: to correspond to the notarized public key A notarized private key is used to decrypt the notarized packet to obtain the final data packet of step w. 一種如請求項2所述的一式多份之文件的公證方法,由一公證裝置通過一應用程式實現以下步驟: 步驟y1:接收步驟h的數據封包; 步驟y2:以一公證公鑰加密步驟y1的數據封包,並產生一公證密文; 步驟y3:產生包括步驟y1之數據封包,及步驟y2之公證密文的一公證封包;及 步驟y4:以對應該公證公鑰的一公證私鑰解密該公證封包,獲得包括步驟h-1之變動金鑰密文的數據封包。A notarization method for multiple documents as described in claim 2, by a notary device through an application program to achieve the following steps: step y1: receiving the data packet of step h; step y2: encrypting step y1 with a notarized public key Step y3: generate a data packet including step y1 and step y2 of a notarized cipher text; and step y4: decrypt a notarized private key corresponding to the notarized public key This notarized packet obtains a data packet including the changed key ciphertext of step h-1. 如請求項11或12所述的一式多份之文件的公證方法,其中,步驟y2進一步根據一封印條件加密該數據封包,且在步驟y4中,進一步於該封印條件被解除時,以對應該公證公鑰的公證私鑰解密該公證封包,獲得包括步驟h-1之變動金鑰密文的數據封包。The notarization method of multiple documents as described in claim 11 or 12, wherein step y2 further encrypts the data packet according to a seal condition, and in step y4, when the seal condition is removed, the response The notarized private key of the notarized public key decrypts the notarized packet to obtain a data packet including the changed key ciphertext of step h-1.
TW107110455A 2018-03-27 2018-03-27 Secrecy signing method and notarization method for multiple copies of documents TWI675312B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107110455A TWI675312B (en) 2018-03-27 2018-03-27 Secrecy signing method and notarization method for multiple copies of documents

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107110455A TWI675312B (en) 2018-03-27 2018-03-27 Secrecy signing method and notarization method for multiple copies of documents

Publications (2)

Publication Number Publication Date
TWI675312B TWI675312B (en) 2019-10-21
TW201942783A true TW201942783A (en) 2019-11-01

Family

ID=69023533

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107110455A TWI675312B (en) 2018-03-27 2018-03-27 Secrecy signing method and notarization method for multiple copies of documents

Country Status (1)

Country Link
TW (1) TWI675312B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112929433A (en) * 2021-02-03 2021-06-08 北京深安未来科技有限公司 Security data exchange method based on notarization video signing

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10225230B4 (en) * 2002-06-06 2004-10-21 Infineon Technologies Ag Processor and method for simultaneously performing a calculation and a copying process
TW201502851A (en) * 2013-07-05 2015-01-16 Think Cloud Digital Technology Co Ltd Digital signature method
TWI517075B (en) * 2013-11-01 2016-01-11 Thinkcloud Digital Technology Co Ltd The tree tree establishment method and its device

Also Published As

Publication number Publication date
TWI675312B (en) 2019-10-21

Similar Documents

Publication Publication Date Title
EP1714459B1 (en) Accessing protected data on network storage from multiple devices
CA2197915C (en) Cryptographic key recovery system
EP0755598A1 (en) Computer network cryptographic key distribution system
JPH11239124A (en) Method and device for restoring secret key
CN108768613A (en) A kind of ciphertext password method of calibration based on multiple encryption algorithms
Poduval et al. Secure file storage on cloud using hybrid cryptography
Saikumar DES-Data Encryption Standard
Zaru et al. General summary of cryptography
US10666627B1 (en) Encrypting content and facilitating legal access to the encrypted content
TWI675312B (en) Secrecy signing method and notarization method for multiple copies of documents
CN100518060C (en) Method for protection of encipherment of digital document as well as client terminal equipment
Curry An introduction to cryptography and digital signatures
Pasaribu et al. Combination of advanced encryption standard 256 bits with md5 to secure documents on android smartphone
CN106973061B (en) AES outgoing file encryption method based on reversible logic circuit
CN108173880A (en) A kind of file encryption system based on third party's key management
Kaur A Review: Network Security Based On Cryptography & Steganography Techniques.
Hashizume et al. Symmetric encryption and xml encryption patterns
US20240214187A1 (en) System and Method of Creating Symmetric Keys Using Elliptic Curve Cryptography
Pawar et al. Survey of cryptography techniques for data security
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
Masadeh et al. A novel paradigm in authentication system using swifi encryption/decryption approach
Shukla et al. Absolute Data Security Scheme: An Advanced Approach towards Data Security
Kumar et al. Web Application Security on Top of Public Cloud
Tripathi et al. Survey on performance comparison of various symmetric encryption algorithms
Singh et al. CHAT SIMULATOR USING AES ENCRYPTION