TWI392321B - System and method for digitally signing electronic documents - Google Patents

System and method for digitally signing electronic documents Download PDF

Info

Publication number
TWI392321B
TWI392321B TW96131397A TW96131397A TWI392321B TW I392321 B TWI392321 B TW I392321B TW 96131397 A TW96131397 A TW 96131397A TW 96131397 A TW96131397 A TW 96131397A TW I392321 B TWI392321 B TW I392321B
Authority
TW
Taiwan
Prior art keywords
sign
value
signed
file
digital
Prior art date
Application number
TW96131397A
Other languages
Chinese (zh)
Other versions
TW200910896A (en
Inventor
Chung I Lee
Chien Fa Yeh
Chiu Hua Lu
Xiao-Di Fan
Guo-Ling Ou-Yang
Original Assignee
Hon Hai Prec Ind Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hon Hai Prec Ind Co Ltd filed Critical Hon Hai Prec Ind Co Ltd
Priority to TW96131397A priority Critical patent/TWI392321B/en
Publication of TW200910896A publication Critical patent/TW200910896A/en
Application granted granted Critical
Publication of TWI392321B publication Critical patent/TWI392321B/en

Links

Description

電子文檔數位簽核系統及方法Electronic document digital signing system and method

本發明涉及一種電子文檔數位簽核系統及方法。The invention relates to an electronic document digital signing system and method.

電子文檔數位簽核主要應用摘要演算法和公鑰密碼演算法對電子文檔進行加密、解密變換實現的,摘要演算法(如MD5、SHA-1等),也叫單向散列演算法,其作用是將任何不定長的檔變換為一個定長的字串或比特串,一般為128比特、160比特、256比特或512比特等,目的是為了縮短電子簽名檔的長度,提高簽名的效率。The electronic document digital sign-off is mainly implemented by the application of the digest algorithm and the public key cryptographic algorithm to encrypt and decrypt the electronic document. The digest algorithm (such as MD5, SHA-1, etc.) is also called a one-way hash algorithm. The function is to convert any variable length file into a fixed length string or bit string, generally 128 bits, 160 bits, 256 bits or 512 bits, etc., in order to shorten the length of the electronic signature file and improve the efficiency of the signature.

公鑰密碼演算法(如RSA、ECC等),也叫非對稱密碼演算法,加密和解密使用不同的密鑰,通信雙方各有一對密鑰(公鑰和私鑰),各方將私鑰嚴格保密,將公鑰公開給對方。在電子簽名時發信人用自己的私鑰簽名,收信人用發信人的公鑰驗證。公鑰的可信性是“信任關係”的基礎,一般需要指定一個共同信任的第三方認證授權單位(CA,Certification Authority)對公鑰進行簽名和發佈,這種經過第三方認證授權單位簽名並發佈的公鑰及相關資訊的統稱就是通常所說的數位證書。Public key cryptographic algorithms (such as RSA, ECC, etc.), also known as asymmetric cryptographic algorithms, use different keys for encryption and decryption. Each pair has a pair of keys (public and private), and the parties have private keys. Strictly confidential, the public key is disclosed to the other party. When the electronic signature is signed, the sender signs with his private key, and the recipient authenticates with the sender's public key. The credibility of the public key is the basis of the "trust relationship". Generally, a third-party authentication authority (CA) is required to sign and publish the public key. This third-party authentication and authorization unit signs and The collective name of the published public key and related information is the so-called digital certificate.

電子簽核的特點是:它代表了檔的特徵。檔如發生改變,電子簽核的值也將隨之而發生改變,不同的檔得到的是不同的數位簽核值。在傳輸過程中,如有第三人對檔進行篡改,但他並不知道發送方的私鑰,因此,解密得到的電子簽核值與經過計算後的電子簽核值必然不同,這就提供了一個安全的確認發送方身份的辦法。The feature of the electronic sign-off is that it represents the characteristics of the file. If the file changes, the value of the electronic sign-off will change accordingly. Different files get different digital sign-off values. In the transmission process, if a third person tampers with the file, but he does not know the sender's private key, therefore, the decrypted electronic sign-off value is inevitably different from the calculated electronic sign-off value, which provides A secure way to confirm the identity of the sender.

電子簽核的流程為:報文的發送方從報文文本中生成一個報文摘要(或散列值),發送方用自己的私鑰對這個散列值進行加密來形成發送方的電子簽核值;然後,這個電子簽核值將作為報文的附件和報文一起發送給報文的接收方;報文的接收方首先從接收到的原始報文中計算出報文摘要(或散列值),接著再用發送方的公鑰來對報文附加的電子簽核值進行解密,如果兩個摘要相同,那麼接收方就能確認該電子簽核是發送方的。The process of the electronic sign-off is as follows: the sender of the message generates a message digest (or hash value) from the message text, and the sender encrypts the hash value with its own private key to form the sender's electronic signature. The core value; then, the electronic sign-off value will be sent to the receiver of the message as an attachment to the message and the message; the receiver of the message first calculates the message digest (or hash) from the original message received. Value), then use the sender's public key to decrypt the electronic sign-off value attached to the message. If the two digests are the same, the receiver can confirm that the e-signature is the sender.

通常情況下,一般的電子文檔數位簽核必須在個人電腦上才能完成,這種方式的缺點是簽核主管不能隨時隨地進行電子文檔的數位簽核。Under normal circumstances, the general electronic document digital signing must be completed on a personal computer. The disadvantage of this method is that the signing supervisor cannot perform digital signing of electronic documents anytime and anywhere.

鑒於以上內容,有必要提供一種電子文檔數位簽核系統及方法,其可透過移動設備隨時隨地進行電子文檔的數位簽核。In view of the above, it is necessary to provide an electronic document digital signing system and method, which can perform digital signing of electronic documents anytime and anywhere through a mobile device.

一種電子文檔數位簽核系統,包括移動設備、應用伺服器和資料庫,所述應用伺服器與所述移動設備及資料庫相連,其特徵在於,所述資料庫中存儲有待簽核的電子檔,所述移動設備中安裝有用戶進行電子文檔數位簽核的數位證書,所述數位證書中含有用於數位簽核的私鑰;所述移動設備用於當用戶選擇待簽核的電子檔後,向所述應用伺服器發送數位簽核請求;所述應用伺服器根據所述數位簽核請求從所述資料庫中獲取所述待簽核的電子檔,根據單向散列演算法生成所述待簽核的電子檔的摘要值,並將該待簽核的電子檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,並將所述第一簽核值傳送給所述應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值和所述待簽核的電子檔合成在一起獲得一個合成檔,然後,根據單向散列演算法生成所述合成檔的摘要值,將該合成檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔。An electronic document digital signing system, comprising a mobile device, an application server and a database, wherein the application server is connected to the mobile device and a database, wherein the database stores an electronic file to be signed a digital certificate for digital signing of the electronic document by the user is installed in the mobile device, where the digital certificate includes a private key for digital signing; the mobile device is used when the user selects the electronic file to be signed Sending a digital sign-off request to the application server; the application server acquiring the electronic file to be signed from the database according to the digital sign-off request, and generating a location according to a one-way hash algorithm Determining a digest value of the signed electronic file and transmitting a digest value of the electronic file to be signed to the mobile device; the mobile device encrypting with a private key of the digital certificate according to a public key cryptographic algorithm Generating a digest value of the electronic file to be signed to generate a first sign-off value, and transmitting the first sign-off value to the application server; the application server according to the encrypted message syntax standard a sign value and the electronic file to be signed are combined to obtain a composite file, and then a digest value of the synthesized file is generated according to a one-way hash algorithm, and the digest value of the synthesized file is transmitted to the a mobile device, according to a public key cryptographic algorithm, encrypting a digest value of the composite file with a private key of the digital certificate to generate a second sign-off value, and transmitting the second sign-off value to an application server; The application server synthesizes the first sign-off value, the second sign-off value, and the electronic file to be signed according to the encrypted message syntax standard to generate the signed electronic file.

一種電子文檔數位簽核方法,包括如下步驟:透過移動設備選擇待簽核的電子檔,發送數位簽核請求給與之相連的應用伺服器,所述移動設備中安裝有用於電子文檔數位簽核的數位證書,所述數位證書中含有用於數位簽核的私鑰;所述應用伺服器根據所述數位簽核請求從與之相連的資料庫中獲取所述待簽核的電子檔,根據單向散列演算法生成所述待簽核的電子檔的摘要值,並將該待簽核的電子檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,並將所述第一簽核值傳送給所述應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值和所述待簽核的電子檔合成在一起獲得一個合成檔,然後,根據單向散列演算法生成所述合成檔的摘要值,將該合成檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔。An electronic document digital signing method includes the following steps: selecting an electronic file to be signed by a mobile device, and sending a digital signing request to an application server connected thereto, where the mobile device is installed with a digital signing for electronic document a digital certificate, the digital certificate includes a private key for digital signing; the application server obtains the electronic file to be signed from the database connected thereto according to the digital signing request, according to The one-way hash algorithm generates a digest value of the electronic file to be signed, and transmits a digest value of the electronic file to be signed to the mobile device; the mobile device uses the public key cryptographic algorithm The private key of the digital certificate encrypts the digest value of the electronic file to be signed to generate a first sign-off value, and transmits the first sign-off value to the application server; the application server is based on the encrypted message The grammar standard synthesizes the first sign-off value and the electronic file to be signed to obtain a composite file, and then generates a digest value of the synthesized file according to a one-way hash algorithm, and the synthesizing The digest value is transmitted to the mobile device; the mobile device encrypts the digest value of the synthesized file with a private key of the digital certificate according to a public key cryptographic algorithm to generate a second signing value, and the second signing core The value is transmitted to the application server; the application server synthesizes the first sign-off value, the second sign-off value and the electronic file to be signed according to the encrypted message syntax standard to generate the signed electronic file.

相較於習知技術,所述的電子文檔數位簽核系統及方法,可以透過移動設備隨時隨地進行電子文檔的數位簽核,提高了電子文檔數位簽核的靈活性。Compared with the prior art, the electronic document digital signing system and method can perform digital signing of electronic documents anytime and anywhere through a mobile device, thereby improving the flexibility of digital signing of electronic documents.

參閱圖1所示,係本發明電子文檔數位簽核系統較佳實施例的系統架構圖。該系統主要包括移動設備10、應用伺服器20及資料庫30。所述應用伺服器20和所述移動設備10和資料庫30相連,其中,所述移動設備10透過藍牙技術(一種短距離無線通訊技術)和所述應用伺服器20相連。另外,所述移動設備10也可以透過物理連接方式和所述應用伺服器20相連。Referring to FIG. 1, a system architecture diagram of a preferred embodiment of the electronic document digital sign-off system of the present invention is shown. The system mainly includes a mobile device 10, an application server 20, and a database 30. The application server 20 and the mobile device 10 are connected to a database 30, wherein the mobile device 10 is connected to the application server 20 via Bluetooth technology (a short-range wireless communication technology). In addition, the mobile device 10 can also be connected to the application server 20 through a physical connection.

所述移動設備10中安裝有用戶進行電子文檔數位簽核的數位證書,所述數位證書包括用戶的資訊、私鑰和有效期等。其中,私鑰用於對電子文檔的摘要值進行加密。所述移動設備10可以是手機及掌上電腦(PDA,Personal Digital Assistant)等。The mobile device 10 is installed with a digital certificate for the electronic document digital signing by the user, and the digital certificate includes the user's information, the private key, the expiration date, and the like. The private key is used to encrypt the digest value of the electronic document. The mobile device 10 can be a mobile phone, a personal digital assistant (PDA), or the like.

所述資料庫30用於存儲待簽核的電子檔,所述移動設備10用於向所述應用伺服器20發送數位簽核請求,即請求待簽核的電子檔。所述應用伺服器20根據所述移動設備10發送的數位簽核請求,從資料庫30中獲取所述待簽核的電子檔,生成所述待簽核的電子檔的摘要值,將該待簽核的電子檔的摘要值傳送給移動設備10。移動設備10用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,將所述第一簽核值傳送給應用伺服器20。應用伺服器20將所述第一簽核值和所述待簽核的電子檔合成在一起,獲得一個合成檔,並生成所述合成檔的摘要值,將該合成檔的摘要值傳送給移動設備10。移動設備10用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器20。然後,應用伺服器20將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔,並將所述簽核完的電子檔保存到資料庫30中。The database 30 is configured to store an electronic file to be signed, and the mobile device 10 is configured to send a digital sign-off request to the application server 20, that is, request an electronic file to be signed. The application server 20 obtains the electronic file to be signed from the database 30 according to the digital sign-off request sent by the mobile device 10, and generates a digest value of the electronic file to be signed, and the The digest value of the signed electronic file is transmitted to the mobile device 10. The mobile device 10 encrypts the digest value of the electronic file to be signed with the private key of the digital certificate to generate a first sign-off value, and transmits the first sign-off value to the application server 20. The application server 20 synthesizes the first sign-off value and the electronic file to be signed together to obtain a synthesized file, and generates a digest value of the synthesized file, and transmits the digest value of the synthesized file to the mobile Device 10. The mobile device 10 encrypts the digest value of the synthesized file with the private key of the digital certificate to generate a second sign-off value, and transmits the second sign-off value to the application server 20. Then, the application server 20 synthesizes the first sign-off value, the second sign-off value and the electronic file to be signed together, generates the signed electronic file, and saves the signed electronic file. Go to the database 30.

參閱圖2所示,係本發明電子文檔數位簽核系統較佳實施例的功能模組關聯圖。所述移動設備10包括請求模組110和摘要加密模組111。所述應用伺服器20包括獲取模組210、摘要生成模組211、合成模組212和保存模組213。本發明所稱的模組是完成一特定功能的電腦程式段,比程式更適合於描述軟體在電腦中的執行過程,因此在本發明以下對軟體描述中都以模組描述。Referring to FIG. 2, it is a functional module association diagram of a preferred embodiment of the electronic document digital signcryption system of the present invention. The mobile device 10 includes a request module 110 and a digest encryption module 111. The application server 20 includes an acquisition module 210, a summary generation module 211, a synthesis module 212, and a save module 213. The module referred to in the present invention is a computer program segment for performing a specific function, and is more suitable for describing the execution process of the software in the computer than the program. Therefore, the following description of the software is described in the module.

首先,用戶開啟移動設備10,選擇待簽核的電子檔。然後,請求模組110向所述應用伺服器20發送數位簽核請求,即請求待簽核的電子檔。所述移動設備10中安裝有用戶進行電子文檔數位簽核的數位證書,所述數位證書包括用戶的資訊、私鑰和有效期等。其中,私鑰用於對電子文檔的摘要值進行加密。First, the user turns on the mobile device 10 and selects the electronic file to be signed. Then, the requesting module 110 sends a digital sign-off request to the application server 20, that is, requests an electronic file to be signed. The mobile device 10 is installed with a digital certificate for the electronic document digital signing by the user, and the digital certificate includes the user's information, the private key, the expiration date, and the like. The private key is used to encrypt the digest value of the electronic document.

應用伺服器20接收所述移動設備10發送的數位簽核請求後,獲取模組210根據所述數位簽核請求從資料庫30中獲取所述待簽核的電子檔。摘要生成模組211根據單向散列演算法(如安全散列演算法SHA1,Secure Hash Algorithm 1)生成所述待簽核的電子檔的摘要值,將該待簽核的電子檔的摘要值傳送給移動設備10。After the application server 20 receives the digital sign-off request sent by the mobile device 10, the obtaining module 210 acquires the electronic file to be signed from the database 30 according to the digital sign-off request. The summary generation module 211 generates a digest value of the electronic file to be signed according to a one-way hash algorithm (such as the secure hash algorithm SHA1, Secure Hash Algorithm 1), and the digest value of the electronic file to be signed Transfer to mobile device 10.

摘要加密模組111根據公鑰密碼演算法(如RSA演算法),用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,將所述第一簽核值傳送給應用伺服器20。The cryptographic module 111 encrypts the digest value of the electronic file to be signed with the private key of the digital certificate to generate a first signing value according to a public key cryptographic algorithm (such as an RSA algorithm), and the first signing value is generated. The core value is transmitted to the application server 20.

合成模組212根據加密消息語法標準(PKCS7)將所述第一簽核值和所述待簽核的電子檔合成在一起,獲得一個合成檔。所述PKCS7使用在PKI(Public Key Infrastructure,公開密鑰基礎設施)架構下。The synthesizing module 212 synthesizes the first sign-off value and the electronic file to be signed according to the encrypted message syntax standard (PKCS7) to obtain a synthesized file. The PKCS7 is used under a PKI (Public Key Infrastructure) architecture.

摘要生成模組211根據單向散列演算法(如安全散列演算法SHA1,Secure Hash Algorithm 1)生成所述合成檔的摘要值,將該合成檔的摘要值傳送給移動設備10。The digest generating module 211 generates a digest value of the synthesized file according to a one-way hash algorithm (such as a secure hash algorithm SHA1, Secure Hash Algorithm 1), and transmits the digest value of the synthesized file to the mobile device 10.

摘要加密模組111根據公鑰密碼演算法(如RSA演算法),用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器20。The cryptographic module 111 encrypts the digest value of the synthesized file with a private key of the digital certificate to generate a second sign-off value according to a public key cryptographic algorithm (such as an RSA algorithm), and transmits the second sign-off value to The server 20 is applied.

然後,合成模組212根據加密消息語法標準(PKCS7)將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔,並將所述簽核完的電子檔保存到資料庫30中。Then, the synthesizing module 212 synthesizes the first sign-off value, the second sign-off value and the electronic file to be signed according to the encrypted message syntax standard (PKCS7) to generate the signed electronic file, and The signed electronic file is saved in the database 30.

參閱圖3所示,係本發明電子文檔數位簽核方法較佳實施例的流程圖。首先,步驟S401,用戶開啟移動設備10,選擇待簽核的電子檔。然後,請求模組110向所述應用伺服器20發送數位簽核請求,即請求待簽核的電子檔。所述移動設備10中安裝有用戶進行電子文檔數位簽核的數位證書,所述數位證書包括用戶的資訊、私鑰和有效期等。其中,私鑰用於對電子文檔的摘要值進行加密。Referring to FIG. 3, it is a flow chart of a preferred embodiment of the electronic document digital sign-off method of the present invention. First, in step S401, the user turns on the mobile device 10 and selects an electronic file to be signed. Then, the requesting module 110 sends a digital sign-off request to the application server 20, that is, requests an electronic file to be signed. The mobile device 10 is installed with a digital certificate for the electronic document digital signing by the user, and the digital certificate includes the user's information, the private key, the expiration date, and the like. The private key is used to encrypt the digest value of the electronic document.

步驟S402,應用伺服器20接收所述移動設備10發送的數位簽核請求後,獲取模組210根據所述數位簽核請求從資料庫30中獲取所述待簽核的電子檔。摘要生成模組211根據單向散列演算法(如安全散列演算法SHA1,Secure Hash Algorithm 1)生成所述待簽核的電子檔的摘要值,將該待簽核的電子檔的摘要值傳送給移動設備10。In step S402, after the application server 20 receives the digital sign-off request sent by the mobile device 10, the obtaining module 210 acquires the electronic file to be signed from the database 30 according to the digital sign-off request. The summary generation module 211 generates a digest value of the electronic file to be signed according to a one-way hash algorithm (such as the secure hash algorithm SHA1, Secure Hash Algorithm 1), and the digest value of the electronic file to be signed Transfer to mobile device 10.

步驟S403,摘要加密模組111根據公鑰密碼演算法(如RSA演算法),用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,將所述第一簽核值傳送給應用伺服器20。Step S403, the digest encryption module 111 encrypts the digest value of the electronic file to be signed with the private key of the digital certificate to generate a first sign-off value according to a public key cryptographic algorithm (such as an RSA algorithm), and the The first signoff value is transmitted to the application server 20.

步驟S404,合成模組212根據加密消息語法標準(PKCS7)將所述第一簽核值和所述待簽核的電子檔合成在一起,獲得一個合成檔。所述PKCS7使用在PKI(Public Key Infrastructure,公開密鑰基礎設施)架構下。摘要生成模組211根據單向散列演算法(如安全散列演算法SHA1,Secure Hash Algorithm 1)生成所述合成檔的摘要值,將該合成檔的摘要值傳送給移動設備10。Step S404, the synthesizing module 212 synthesizes the first sign-off value and the electronic file to be signed according to the encrypted message syntax standard (PKCS7) to obtain a synthesized file. The PKCS7 is used under a PKI (Public Key Infrastructure) architecture. The digest generating module 211 generates a digest value of the synthesized file according to a one-way hash algorithm (such as a secure hash algorithm SHA1, Secure Hash Algorithm 1), and transmits the digest value of the synthesized file to the mobile device 10.

步驟S405,摘要加密模組111根據公鑰密碼演算法(如RSA演算法),用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器20。Step S405, the digest encryption module 111 encrypts the digest value of the composite file with a private key of the digital certificate to generate a second sign-off value according to a public key cryptographic algorithm (such as an RSA algorithm), and the second sign-off value is generated. The value is passed to the application server 20.

步驟S406,合成模組212根據加密消息語法標準(PKCS7)將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔,並將所述簽核完的電子檔保存到資料庫30中。Step S406, the synthesizing module 212 synthesizes the first signing value, the second signing value and the electronic file to be signed according to the encrypted message syntax standard (PKCS7) to generate the signed electronic file, and The signed electronic file is saved in the database 30.

本發明電子文檔數位簽核系統及方法,雖以較佳實施例揭露如上,然其並非用以限定本發明。任何熟悉此項技藝之人士,在不脫離本發明之精神及範圍內,當可做更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。The electronic document digital signing system and method of the present invention are disclosed above in the preferred embodiments, but are not intended to limit the present invention. Any person skilled in the art will be able to make changes and refinements without departing from the spirit and scope of the invention, and the scope of the invention is defined by the scope of the appended claims.

移動設備...10Mobile devices. . . 10

應用伺服器...20Application server. . . 20

資料庫...30database. . . 30

請求模組...110Request module. . . 110

摘要加密模組...111Abstract encryption module. . . 111

獲取模組...210Get the module. . . 210

摘要生成模組...211Abstract generation module. . . 211

合成模組...212Synthetic module. . . 212

保存模組...213Save the module. . . 213

圖1係本發明電子文檔數位簽核系統較佳實施例的硬體架構圖。1 is a hardware architecture diagram of a preferred embodiment of an electronic document digital signcryption system of the present invention.

圖2係本發明電子文檔數位簽核系統較佳實施例的功能模組關聯圖。2 is a functional module association diagram of a preferred embodiment of the electronic document digital signcryption system of the present invention.

圖3係本發明電子文檔數位簽核方法較佳實施例的流程圖。3 is a flow chart of a preferred embodiment of the electronic document digital sign-off method of the present invention.

移動設備...10Mobile devices. . . 10

應用伺服器...20Application server. . . 20

資料庫...30database. . . 30

Claims (8)

一種電子文檔數位簽核系統,包括移動設備、應用伺服器和資料庫,所述應用伺服器與所述移動設備及資料庫相連,其中,所述資料庫中存儲有待簽核的電子檔,所述移動設備中安裝有用戶進行電子文檔數位簽核的數位證書,所述數位證書中含有用於數位簽核的私鑰;所述移動設備用於當用戶選擇待簽核的電子檔後,向所述應用伺服器發送數位簽核請求;所述應用伺服器根據所述數位簽核請求從所述資料庫中獲取所述待簽核的電子檔,根據單向散列演算法生成所述待簽核的電子檔的摘要值,並將該待簽核的電子檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,並將所述第一簽核值傳送給所述應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值和所述待簽核的電子檔合成在一起獲得一個合成檔,然後,根據單向散列演算法生成所述合成檔的摘要值,將該合成檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔。An electronic document digital signing system, comprising a mobile device, an application server and a database, wherein the application server is connected to the mobile device and a database, wherein the database stores an electronic file to be signed. The mobile device is installed with a digital certificate for digital signing of the electronic document, and the digital certificate includes a private key for digital signing; the mobile device is configured to: when the user selects the electronic file to be signed, The application server sends a digital sign-off request; the application server obtains the electronic file to be signed from the database according to the digital sign-off request, and generates the to-be-set according to a one-way hash algorithm And a digest value of the signed electronic file, and transmitting the digest value of the electronic file to be signed to the mobile device; the mobile device encrypts the to-be-received with the private key of the digital certificate according to a public key cryptographic algorithm Generating a digest value of the signed electronic file to generate a first sign-off value, and transmitting the first sign-off value to the application server; the application server is to perform the first sign according to an encrypted message syntax standard And synthesizing the electronic file to be signed to obtain a composite file, and then generating a digest value of the synthesized file according to a one-way hash algorithm, and transmitting the digest value of the synthesized file to the mobile device; And the mobile device encrypts the digest value of the composite file by using a private key of the digital certificate to generate a second sign-off value, and transmits the second sign-off value to an application server according to a public key cryptographic algorithm; The server combines the first sign-off value, the second sign-off value and the electronic file to be signed according to the encrypted message syntax standard to generate the signed electronic file. 如申請專利範圍第1項所述的電子文檔數位簽核系統,其中,所述單向散列演算法是安全散列演算法SHA1(Secure Hash Algorithm 1)。The electronic document digital sign-off system according to claim 1, wherein the one-way hash algorithm is a Secure Hash Algorithm (SHA1). 如申請專利範圍第1項所述的電子文檔數位簽核系統,其中,所述公鑰密碼演算法是RSA演算法。The electronic document digital sign-off system according to claim 1, wherein the public key cryptographic algorithm is an RSA algorithm. 如申請專利範圍第1項所述的電子文檔數位簽核系統,其中,所述加密消息語法標準使用在公開密鑰基礎設施PKI(Public Key Infrastructure)架構下。The electronic document digital sign-off system of claim 1, wherein the encrypted message syntax standard is used under a public key infrastructure PKI (Public Key Infrastructure) architecture. 一種電子文檔數位簽核方法,該方法包括如下步驟:透過移動設備選擇待簽核的電子檔,發送數位簽核請求給與之相連的應用伺服器,所述移動設備中安裝有用於電子文檔數位簽核的數位證書,所述數位證書中含有用於數位簽核的私鑰;所述應用伺服器根據所述數位簽核請求從與之相連的資料庫中獲取所述待簽核的電子檔,根據單向散列演算法生成所述待簽核的電子檔的摘要值,並將該待簽核的電子檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該待簽核的電子檔的摘要值生成第一簽核值,並將所述第一簽核值傳送給所述應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值和所述待簽核的電子檔合成在一起獲得一個合成檔,然後,根據單向散列演算法生成所述合成檔的摘要值,將該合成檔的摘要值傳送給所述移動設備;所述移動設備根據公鑰密碼演算法,用所述數位證書的私鑰加密該合成檔的摘要值生成第二簽核值,將所述第二簽核值傳送給應用伺服器;所述應用伺服器根據加密消息語法標準將所述第一簽核值、第二簽核值和待簽核的電子檔合成在一起,生成簽核完的電子檔。An electronic document digital signing method, the method comprising the steps of: selecting an electronic file to be signed by a mobile device, and transmitting a digital signing request to an application server connected thereto, wherein the mobile device is installed with an electronic document digital device a signed digital certificate, the digital certificate includes a private key for digital signing; the application server obtains the electronic file to be signed from the database connected thereto according to the digital signing request Generating, according to a one-way hash algorithm, a digest value of the electronic file to be signed, and transmitting a digest value of the electronic file to be signed to the mobile device; the mobile device according to a public key cryptographic algorithm Encrypting the digest value of the electronic file to be signed with the private key of the digital certificate to generate a first sign-off value, and transmitting the first sign-off value to the application server; the application server is configured according to Encrypting message syntax standard synthesizing the first sign-off value and the electronic file to be signed to obtain a composite file, and then generating a digest value of the synthesized file according to a one-way hash algorithm, Generating a digest value of the synthesized file to the mobile device; the mobile device encrypts the digest value of the synthesized file with a private key of the digital certificate according to a public key cryptographic algorithm to generate a second signing value, and the second The sign-off value is transmitted to the application server; the application server synthesizes the first sign-off value, the second sign-off value and the electronic file to be signed according to the encrypted message syntax standard to generate the signed-out electronic files. 如申請專利範圍第5項所述的電子文檔數位簽核方法,其中,所述單向散列演算法是安全散列演算法SHA1(Secure Hash Algorithm 1)。The electronic document digital sign-off method according to claim 5, wherein the one-way hash algorithm is a secure hash algorithm SHA1 (Secure Hash Algorithm 1). 如申請專利範圍第5項所述的電子文檔數位簽核方法,其中,所述公鑰密碼演算法是RSA演算法。The electronic document digital sign-off method according to claim 5, wherein the public key cryptographic algorithm is an RSA algorithm. 如申請專利範圍第5項所述的電子文檔數位簽核方法,其中,所述加密消息語法標準使用在公開密鑰基礎設施PKI(Public Key Infrastructure)架構下。The electronic document digital sign-off method of claim 5, wherein the encrypted message syntax standard is used under a Public Key Infrastructure (PKI) architecture.
TW96131397A 2007-08-24 2007-08-24 System and method for digitally signing electronic documents TWI392321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW96131397A TWI392321B (en) 2007-08-24 2007-08-24 System and method for digitally signing electronic documents

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW96131397A TWI392321B (en) 2007-08-24 2007-08-24 System and method for digitally signing electronic documents

Publications (2)

Publication Number Publication Date
TW200910896A TW200910896A (en) 2009-03-01
TWI392321B true TWI392321B (en) 2013-04-01

Family

ID=44724491

Family Applications (1)

Application Number Title Priority Date Filing Date
TW96131397A TWI392321B (en) 2007-08-24 2007-08-24 System and method for digitally signing electronic documents

Country Status (1)

Country Link
TW (1) TWI392321B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102117437A (en) * 2009-12-31 2011-07-06 鸿富锦精密工业(深圳)有限公司 Distributed electronic sing-off realization system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5903882A (en) * 1996-12-13 1999-05-11 Certco, Llc Reliance server for electronic transaction system
US20040039911A1 (en) * 2001-09-11 2004-02-26 Makoto Oka Content usage authority management system and management method
US6959382B1 (en) * 1999-08-16 2005-10-25 Accela, Inc. Digital signature service

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5903882A (en) * 1996-12-13 1999-05-11 Certco, Llc Reliance server for electronic transaction system
US6959382B1 (en) * 1999-08-16 2005-10-25 Accela, Inc. Digital signature service
US20040039911A1 (en) * 2001-09-11 2004-02-26 Makoto Oka Content usage authority management system and management method

Also Published As

Publication number Publication date
TW200910896A (en) 2009-03-01

Similar Documents

Publication Publication Date Title
CN101364869B (en) Electronic document digital checking system and method
WO2019233204A1 (en) Method, apparatus and system for key management, storage medium, and computer device
US9800416B2 (en) Distributed validation of digitally signed electronic documents
US7707420B1 (en) Public key encryption with digital signature scheme
JP5419056B2 (en) Encrypting Cartier Pairing
US20020038420A1 (en) Method for efficient public key based certification for mobile and desktop environments
CN101127107A (en) Electronic document automatic signing system and method
CN108989054B (en) Cipher system and digital signature method
CN101594226A (en) The data guard method and the system that are used for file transfer
WO2013078874A1 (en) Method, device and system for processing encrypted text
JP2005534049A5 (en)
JP2010533877A (en) Method and system for generating implicit credentials and applications for ID-based encryption (IBE)
CN103516516A (en) File safe sharing method, system and terminal
JPH11505384A (en) Method for computer-assisted exchange of encryption keys between a first computer device and a second computer device
CN111130777B (en) Issuing management method and system for short-lived certificate
CN103078743B (en) E-mail IBE (Internet Booking Engine) encryption realizing method
CN103532704A (en) E-mail IBE (identity based encryption) system aiming at OWA (outlook web access)
JP2006080805A (en) Encrypter
JP5324813B2 (en) Key generation apparatus, certificate generation apparatus, service provision system, key generation method, certificate generation method, service provision method, and program
TW201724803A (en) Certificateless public key management method with timestamp verification
TWI392321B (en) System and method for digitally signing electronic documents
JP4781896B2 (en) Encrypted message transmission / reception method, sender apparatus, receiver apparatus, key server, and encrypted message transmission / reception system
JP2010028689A (en) Server, method, and program for providing open parameter, apparatus, method, and program for performing encoding process, and apparatus, method, and program for executing signature process
CN110445621B (en) Application method and system of trusted identification
US8307098B1 (en) System, method, and program for managing a user key used to sign a message for a data processing system