TWI734729B - Method and device for realizing electronic signature and signature server - Google Patents

Method and device for realizing electronic signature and signature server Download PDF

Info

Publication number
TWI734729B
TWI734729B TW106101918A TW106101918A TWI734729B TW I734729 B TWI734729 B TW I734729B TW 106101918 A TW106101918 A TW 106101918A TW 106101918 A TW106101918 A TW 106101918A TW I734729 B TWI734729 B TW I734729B
Authority
TW
Taiwan
Prior art keywords
hash value
digital certificate
encrypted
electronic document
key
Prior art date
Application number
TW106101918A
Other languages
Chinese (zh)
Other versions
TW201828642A (en
Inventor
高翔
胡運平
劉凱
貢鵬
汪衛國
Original Assignee
香港商阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 香港商阿里巴巴集團服務有限公司 filed Critical 香港商阿里巴巴集團服務有限公司
Priority to TW106101918A priority Critical patent/TWI734729B/en
Publication of TW201828642A publication Critical patent/TW201828642A/en
Application granted granted Critical
Publication of TWI734729B publication Critical patent/TWI734729B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本發明提供一種實現電子簽章的方法及裝置,該方法包括:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。在本發明的技術方案可以解決現有技術中的U盾簽章方案實施成本高的問題,實現網際網路簽章的模式,降低使用者成本。 The present invention provides a method and device for implementing electronic signature. The method includes: determining a hash value of an electronic document to be signed; and encrypting the hash value with a private key corresponding to a public key in a digital certificate ; Combine the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document. The technical solution of the present invention can solve the problem of high implementation cost of the USB-shield signature scheme in the prior art, realize the Internet signature mode, and reduce user costs.

Description

實現電子簽章的方法、裝置及簽章伺服器 Method and device for realizing electronic signature and signature server

本發明涉及網際網路技術領域,尤其涉及一種實現電子簽章的方法、裝置及簽章伺服器。 The present invention relates to the field of Internet technology, in particular to a method, a device and a signature server for implementing electronic signatures.

當需要對大型網際網路金融企業為使用者提供的電子檔進行電子簽章時,現有技術藉由電子簽章所用的私密金鑰是放置在U盾中,當使用者使用電子簽章時,將U盾插入電腦,電子簽章系統藉由獲取U盾內的與數位憑證中的公開金鑰相對應的私密金鑰對電子文檔進行簽章,由於使用該方案的前提是必須使用戶購買U盾,因此當大量使用者需要電子簽章時,實施成本高,推廣難度大。 When it is necessary to electronically sign an electronic file provided by a large Internet financial enterprise for users, the private key used by the prior art through the electronic signature is placed in the USB shield. When the user uses the electronic signature, Insert the USB-shield into the computer, and the electronic signature system signs the electronic document by obtaining the private key corresponding to the public key in the digital certificate. Therefore, when a large number of users need electronic signatures, implementation costs are high and promotion is difficult.

有鑑於此,本發明提供一種新的技術方案,可以解決在用戶量大時以網際網路方式即時申請電子文檔的電子簽章,降低電子簽章過程的硬體成本的技術問題。 In view of this, the present invention provides a new technical solution that can solve the technical problem of real-time application of electronic signatures of electronic documents through the Internet when the number of users is large, and the hardware cost of the electronic signature process is reduced.

為實現上述目的,本發明提供技術方案如下:根據本發明的第一方面,提出了一種實現電子簽章的 方法,包括:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 In order to achieve the above objectives, the present invention provides technical solutions as follows: According to the first aspect of the present invention, a method for implementing electronic signatures is proposed. The method includes: determining the hash value of the electronic document to be signed; encrypting the hash value with a private key corresponding to the public key in the digital certificate; and encrypting the encrypted hash value and the digital The voucher and the picture of the electronic signature are combined into the electronic document.

根據本發明的第二方面,提出了一種實現電子簽章的方法,包括:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述第三方業務平台,所述第二秘鑰由所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;在所述第三方業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 According to a second aspect of the present invention, a method for implementing electronic signatures is proposed, which includes: determining the hash value of an electronic document to be signed; passing the hash value and the second secret key of the electronic document through a second private network Route to the third-party service platform, the second secret key is a secret key preset between the signing server and the third-party service platform; the second secret key pair is used on the third-party service platform After the hash value is encrypted, the encrypted hash value is received via the second private network; the encrypted hash value, the digital certificate, and the image of the electronic signature are combined into the electronic document middle.

根據本發明的第三方面,提出了一種實現電子簽章的裝置,包括:確定模組,用於確定待簽章的電子文檔的雜湊值;第一加密模組,用於對所述確定模組確定的所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組,用於將所述第一加密模組加密後的所 述雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 According to a third aspect of the present invention, an apparatus for implementing electronic signatures is proposed, which includes: a determination module for determining the hash value of an electronic document to be signed; a first encryption module for determining the determination module The hash value determined by the group is encrypted with the private key corresponding to the public key in the digital certificate; the signature synthesis module is used to encrypt all the encrypted values of the first encryption module. The hash value, the digital certificate and the picture of the electronic signature are combined into the electronic document.

根據本發明的第四方面,提出了一種簽章伺服器,包括:處理器;用於儲存所述處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 According to a fourth aspect of the present invention, a signature server is provided, including: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to: determine the to-be-signed The hash value of the electronic document; the hash value is encrypted with a private key corresponding to the public key in the digital certificate; the encrypted hash value, the digital certificate and the picture of the electronic signature Synthesize into the electronic document.

根據本發明的第五方面,提出了一種簽章伺服器,包括:處理器;用於儲存所述處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述第三方業務平台,所述第二秘鑰由所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;在所述第三方業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 According to a fifth aspect of the present invention, a signing server is proposed, including: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to: determine the to-be-signed The hash value of the electronic document; the hash value and the second secret key of the electronic document are sent to the third-party service platform via a second private network, and the second secret key is used by the signing server and the A secret key preset between third-party service platforms; after the third-party service platform uses the second secret key to encrypt the hash value, the encrypted hash value is received via the second private network Value; synthesize the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.

由以上技術方案可見,本發明藉由對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,從而解決了現有技術中的U盾簽章方案實施成本高的問題,實現了網際網路簽章的模式,降低了使用者成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔上,提升了電子簽章的安全性和公信力。 It can be seen from the above technical solutions that the present invention uses the private key corresponding to the public key in the digital certificate to encrypt the hash value, and synthesizes the encrypted hash value, the image of the digital certificate and the electronic signature into the electronic document. In this way, the problem of high implementation cost of the USB-shield signature scheme in the prior art is solved, the Internet signature mode is realized, and the user cost is reduced. By encrypting the hash value and the encrypted hash value and The digital certificate is integrated into the electronic document, which improves the security and credibility of the electronic signature.

21:第三方認證中心 21: Third-party certification center

22:簽章伺服器 22: Signature Server

23:雲端資料庫 23: Cloud database

24:第一業務平台 24: The first business platform

31:簽章伺服器 31: Signature Server

32:第三方認證中心 32: Third-party certification center

41:簽章伺服器 41: Signature Server

42:第三方業務平台 42: Third-party business platform

61:確定模組 61: Confirm module

62:第一加密模組 62: The first encryption module

63:簽章合成模組 63: Signature Synthesis Module

64:第二加密模組 64: The second encryption module

65:儲存模組 65: storage module

66:簽章合成模組 66: Signature Synthesis Module

67:接收模組 67: receiving module

621:獲取單元 621: get unit

622:解密單元 622: Decryption Unit

623:加密單元 623: encryption unit

624:第一發送單元 624: first sending unit

625:第一接收單元 625: first receiving unit

圖1A示出了根據本發明的一示例性實施例的實現電子簽章的方法的流程示意圖;圖1B示出了根據本發明的一示例性實施例的電子簽章的圖片的示意圖;圖1C示出了根據本發明的一示例性實施例的數位憑證的示意圖;圖2A示出了根據本發明的另一示例性實施例的實現電子簽章的方法的流程示意圖;圖2B示出了根據本發明的另一示例性實施例的場景圖;圖3A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖;圖3B示出了根據本發明的又一示例性實施例的場景圖;圖4A示出了根據本發明的又一示例性實施例的實現 電子簽章的方法的流程示意圖;圖4B示出了根據本發明的又一示例性實施例的場景圖;圖5示出了根據本發明的一示例性實施例的簽章伺服器的結構示意圖;圖6示出了根據本發明的一示例性實施例的實現電子簽章裝置的結構示意圖;圖7示出了根據本發明的另一示例性實施例的實現電子簽章裝置的結構示意圖。 Fig. 1A shows a schematic flow chart of a method for implementing an electronic signature according to an exemplary embodiment of the present invention; Fig. 1B shows a schematic diagram of a picture of an electronic signature according to an exemplary embodiment of the present invention; Fig. 1C Shows a schematic diagram of a digital certificate according to an exemplary embodiment of the present invention; FIG. 2A shows a schematic flowchart of a method for implementing electronic signatures according to another exemplary embodiment of the present invention; A scene diagram of another exemplary embodiment of the present invention; FIG. 3A shows a schematic flowchart of a method for implementing an electronic signature according to another exemplary embodiment of the present invention; FIG. 3B shows another exemplary embodiment of the present invention. A scene diagram of an exemplary embodiment; FIG. 4A shows an implementation according to another exemplary embodiment of the present invention Figure 4B shows a scene diagram according to another exemplary embodiment of the present invention; Figure 5 shows a schematic structural diagram of a signature server according to an exemplary embodiment of the present invention Figure 6 shows a schematic structural diagram of an electronic signature device according to an exemplary embodiment of the present invention; Figure 7 shows a schematic structural diagram of an electronic signature device according to another exemplary embodiment of the present invention.

這裡將詳細地對示例性實施例進行說明,其示例表示在附圖中。下面的描述涉及附圖時,除非另有表示,不同附圖中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本發明相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本發明的一些方面相一致的裝置和方法的例子。 The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with the present invention. On the contrary, they are merely examples of devices and methods consistent with some aspects of the present invention as detailed in the scope of the appended application.

在本發明使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本發明。在本發明和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“和/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。 The terms used in the present invention are only for the purpose of describing specific embodiments, and are not intended to limit the present invention. The singular forms of "a", "said" and "the" used in the scope of the present invention and the appended applications are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.

應當理解,儘管在本發明可能採用術語第一、第二、 第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本發明範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“回應於確定”。 It should be understood that although the terms first, second, The third class describes various information, but the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of the present invention, the first information can also be referred to as second information, and similarly, the second information can also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to certainty".

為對本發明進行進一步說明,提供下列實施例:根據本發明一個實施例,藉由對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,從而解決了現有技術中的U盾簽章方案實施成本高的問題,實現了網際網路簽章的模式,降低了使用者成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔上,提升了電子簽章的安全性和公信力。 To further illustrate the present invention, the following embodiments are provided: According to an embodiment of the present invention, by encrypting the hash value with a private key corresponding to the public key in the digital certificate, the encrypted hash value, digital The image of the certificate and the electronic signature is combined into the electronic document, thereby solving the problem of high implementation cost of the USB-shield signature scheme in the prior art, realizing the Internet signature mode, reducing user costs, and reducing user costs. The hash value encryption and the combination of the encrypted hash value and the digital certificate into the electronic document improve the security and credibility of the electronic signature.

圖1A示出了根據本發明的一示例性實施例的實現電子簽章的方法的流程示意圖,圖1B示出了根據本發明的一示例性實施例的電子簽章的示意圖,圖1C示出了根據本發明的一示例性實施例的數位憑證的示意圖;可以應用在簽章伺服器上。如圖1A所示,實現電子簽章的方法包括如下步驟:步驟101,確定待簽章的電子文檔的雜湊值;步驟102,對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;步驟103,將加密後的雜湊值、數位憑證和電子簽章 的圖片合成到電子文檔中。 FIG. 1A shows a schematic flow chart of a method for implementing an electronic signature according to an exemplary embodiment of the present invention, FIG. 1B shows a schematic diagram of an electronic signature according to an exemplary embodiment of the present invention, and FIG. 1C shows A schematic diagram of a digital certificate according to an exemplary embodiment of the present invention; it can be applied to a signing server. As shown in FIG. 1A, the method for implementing electronic signature includes the following steps: Step 101, determine the hash value of the electronic document to be signed; Step 102, use the private key corresponding to the public key in the digital certificate for the hash value Key is encrypted; step 103, the encrypted hash value, digital certificate and electronic signature The pictures are combined into an electronic document.

在步驟101中,在一實施例中,電子文檔可以是本地檔(例如,證明檔、電子回單等);在另一實施例中,電子文檔可以來自第一業務平台,第一業務平台可以為支付類金融業務平台(例如,支付寶),相應的,電子文檔可以為資產證明、帳單、電子回單;在另一實施例中,電子文檔可以來自第二業務平台,第二業務平台可以為存款類金融業務平台(例如,招財寶),相應的,電子文檔可以為借款和利息證明;在再一實施例中,電子文檔可以來自第三業務平台,第三業務平台可以為網際網路金融業務平台(例如,網商銀行),相應的,電子文檔可以為終端使用者申請的電子憑證等等,由此可知,本發明對電子文檔的來源不做限制。 In step 101, in one embodiment, the electronic document may be a local file (for example, a certification file, an electronic receipt, etc.); in another embodiment, the electronic document may come from the first business platform, and the first business platform may It is a payment-type financial service platform (for example, Alipay). Correspondingly, the electronic documents may be asset certificates, bills, or electronic receipts; in another embodiment, the electronic documents may come from the second business platform, and the second business platform may It is a deposit-type financial business platform (for example, Zhao Caibao), and correspondingly, the electronic document can be a loan and interest certificate; in another embodiment, the electronic document can be from a third business platform, and the third business platform can be the Internet For financial service platforms (for example, online merchant banks), correspondingly, the electronic document can be an electronic certificate applied by the end user, etc. It can be seen that the present invention does not limit the source of the electronic document.

在一實施例中,電子簽章可以為第一業務平台對應的企業的電子簽章、第二業務平台對應的企業的電子簽章、第三業務平台對應的企業的電子簽章。在一實施例中,可以藉由雜湊(Hash)演算法提取電子文檔的雜湊值。 In an embodiment, the electronic signature may be the electronic signature of the company corresponding to the first business platform, the electronic signature of the company corresponding to the second business platform, and the electronic signature of the company corresponding to the third business platform. In one embodiment, the hash value of the electronic document can be extracted by a hash algorithm.

在步驟102中,在一實施例中,可以根據電子文檔的來源確定對雜湊值的加密方式,例如,如果電子文檔來自第一業務平台,可以在簽章伺服器中設置加密機,藉由加密機的第一秘鑰(也可稱為主秘鑰,MainKey)來加密數位憑證中的私密金鑰;再例如,如果電子文檔來自第二業務平台,可以經由第一私人網路將雜湊值發送給第三方認證中心(例如,CA中心),由第三方認證中心藉由使用 與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密,之後經由第一私人網路將加密後的雜湊值返還給簽章伺服器;再例如,如果電子文檔來自第三業務平台,可以將雜湊值、簽章伺服器和第三方金融平台之間設定的第二秘鑰經由第二私人網路發送給第三業務平台的加密機,由第三業務平台藉由加密機採用雙方設定的第二秘鑰對雜湊值進行加密,之後,第三業務平台再將加密後的雜湊值返回給簽章伺服器。藉由對不同來源的電子文檔採用不同的加密方式對雜湊值進行加密,還可以滿足個性化的業務需求。 In step 102, in one embodiment, the method of encrypting the hash value can be determined according to the source of the electronic document. For example, if the electronic document comes from the first business platform, an encryption machine can be set in the signing server. The first secret key (also known as the MainKey) of the computer is used to encrypt the private key in the digital certificate; for another example, if the electronic document comes from the second business platform, the hash value can be sent to the first private network via the first private network. Third-party certification center (for example, CA center), used by a third-party certification center The private key corresponding to the public key in the digital certificate encrypts the hash value, and then returns the encrypted hash value to the signing server via the first private network; for another example, if the electronic document comes from a third service The platform can send the hash value, the second secret key set between the signature server and the third-party financial platform to the encryption machine of the third business platform via the second private network, and the third business platform uses both parties through the encryption machine. The set second secret key encrypts the hash value, and then the third service platform returns the encrypted hash value to the signing server. By using different encryption methods to encrypt the hash value for electronic documents from different sources, individualized business needs can also be met.

在步驟103中,在一實施例中,可以從相應的業務平台(第一業務平台、第二業務平台、第三業務平台)獲取相應的電子簽章的圖片,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中的合成方式可以參見現有技術的相關描述,在此不再詳述。 In step 103, in one embodiment, the corresponding electronic signature picture can be obtained from the corresponding service platform (the first service platform, the second service platform, and the third service platform), and the encrypted hash value and digital The method for synthesizing the image of the voucher and the electronic signature into the electronic document can be referred to the related description of the prior art, which will not be described in detail here.

如圖1B所示,合成在電子文檔上的電子簽章為“AB公司”,當監聽到“AB公司”的電子簽章上的點擊事件時,顯示圖1C所示的數位憑證的相關資訊,由於數位憑證是經由第三方認證中心獲取到的,因此可以使使用者藉由數位憑證驗證電子簽章的真偽性。 As shown in Figure 1B, the electronic signature synthesized on the electronic document is "AB Company". When a click event on the electronic signature of "AB Company" is monitored, the relevant information of the digital certificate shown in Figure 1C will be displayed. Since the digital certificate is obtained through a third-party authentication center, the user can verify the authenticity of the electronic signature by using the digital certificate.

由上述描述可知,本發明實施例藉由步驟S101-S103實現了網際網路簽章的模式,解決了現有技術中的U盾簽章方案實施成本高的問題,降低了用戶成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔 上,提升了電子簽章的安全性和公信力。 It can be seen from the above description that the embodiment of the present invention implements the Internet signing mode through steps S101-S103, which solves the problem of the high implementation cost of the USB-shield signature scheme in the prior art, and reduces the user cost. Hash value encryption and synthesize the encrypted hash value and digital certificate into an electronic document The above has improved the security and credibility of electronic signatures.

圖2A示出了根據本發明的另一示例性實施例的實現電子簽章的方法的流程示意圖,圖2B示出了根據本發明的另一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔來自第一業務平台提供為例進行示例性說明。如圖2A所,實現電子簽章的方法包括如下步驟:步驟201,確定待簽章的電子文檔的雜湊值;步驟202,獲取數位憑證以及數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰經過加密的;步驟203,對經過加密的私密金鑰進行解密;步驟204,採用解密後的私密金鑰對雜湊值進行加密;步驟205,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 FIG. 2A shows a schematic flowchart of a method for implementing electronic signatures according to another exemplary embodiment of the present invention, and FIG. 2B shows a scene of a method for implementing electronic signatures according to another exemplary embodiment of the present invention Figure; In this embodiment, the electronic document is provided from the first service platform as an example for illustrative description. As shown in Fig. 2A, the method of implementing electronic signature includes the following steps: step 201, determine the hash value of the electronic document to be signed; step 202, obtain the digital certificate and the private key corresponding to the public key in the digital certificate, The private key is encrypted; step 203, decrypt the encrypted private key; step 204, use the decrypted private key to encrypt the hash value; step 205, combine the encrypted hash value, digital certificate, and The picture of the electronic signature is combined into an electronic document.

上述步驟201的描述可以參見上述步驟101的相關描述,在此不再詳述。 For the description of the foregoing step 201, reference may be made to the related description of the foregoing step 101, which will not be described in detail here.

在步驟202至步驟204中,在一實施例中,可以從雲端資料庫獲取數位憑證和經過加密的私密金鑰,其中,可以藉由簽章伺服器上的加密機的第一秘鑰(也可稱為主秘鑰)對與數位憑證中的公開金鑰相對應的私密金鑰進行加密,之後儲存在雲端資料庫中,在需要時在對儲存在雲端資料庫的經過加密的私密金鑰進行解密。在另一實施例中,雲端資料庫可以儲存有海量的數位憑證和與數位憑證中的公開金鑰相對應的私密金鑰,從而實現對大量數位憑 證和與數位憑證中的公開金鑰相對應的私密金鑰的安全存諸。 In step 202 to step 204, in one embodiment, the digital certificate and the encrypted private key can be obtained from the cloud database, where the first key of the encryption machine on the signing server (or the first key) can be obtained from the cloud database. Known as the master key) encrypts the private key corresponding to the public key in the digital certificate, then stores it in the cloud database, and decrypts the encrypted private key stored in the cloud database when needed . In another embodiment, the cloud database can store a large number of digital certificates and private keys corresponding to the public keys in the digital certificates, so as to realize a large number of digital certificates. The secure storage of the certificate and the private key corresponding to the public key in the digital certificate.

上述步驟205的描述可以參見上述步驟103的相關描述,在此不再詳述。 For the description of the foregoing step 205, reference may be made to the relevant description of the foregoing step 103, which will not be described in detail here.

作為一個示例性場景,如圖2B所示,簽章伺服器22從第三方認證中心21申請了數位憑證,藉由簽章伺服器22本地的加密機(圖中未示)的第一秘鑰來加密與數位憑證中的公開金鑰相對應的私密金鑰,將加密後的私密金鑰和數位憑證儲存至雲端資料庫23中。簽章伺服器22從第一業務平台24獲取到需要進行電子簽章的電子文檔,採用雜湊演算法提取電子文檔的雜湊值,從雲端資料庫23獲取數位憑證和經過加密的私密金鑰,連同雜湊值一起傳送到簽章伺服器22本地的加密機中,在簽章伺服器22本地的加密機中對與數位憑證中的公開金鑰相對應的私密金鑰進行解密,得到與數位憑證中的公開金鑰相對應的私密金鑰,加密機再對雜湊值採用該私密金鑰進行加密,最後,簽章伺服器22將加密後的雜湊值、數位憑證和電子簽章合成到電子文檔上,進而可以將電子文檔提供給使用者。由於藉由第一秘鑰對與數位憑證中的公開金鑰相對應的私密金鑰進行解密,以及藉由與數位憑證公開金鑰相對應的私密金鑰對雜湊值加密的過程都在簽章伺服器的加密機的內部處理,因此確保了與數位憑證中的公開金鑰相對應的私密金鑰在使用過程的安全。 As an exemplary scenario, as shown in FIG. 2B, the signing server 22 applies for a digital certificate from the third-party certification center 21, and the first key of the local encryption machine (not shown) of the signing server 22 is used to obtain the digital certificate. The private key corresponding to the public key in the digital certificate is encrypted, and the encrypted private key and digital certificate are stored in the cloud database 23. The signing server 22 obtains the electronic document that needs to be electronically signed from the first business platform 24, uses the hash algorithm to extract the hash value of the electronic document, and obtains the digital certificate and the encrypted private key from the cloud database 23, together with The hash value is sent together to the local encryption machine of the signing server 22, and the private key corresponding to the public key in the digital certificate is decrypted in the local encryption machine of the signing server 22, and the digital certificate is obtained. The private key corresponding to the public key of, the encryption machine then uses the private key to encrypt the hash value, and finally, the signing server 22 combines the encrypted hash value, digital certificate and electronic signature into the electronic document , And then can provide electronic documents to users. Since the first secret key is used to decrypt the private key corresponding to the public key in the digital certificate, and the process of encrypting the hash value with the private key corresponding to the public key of the digital certificate is in the signing server The internal processing of the encryption machine of the digital certificate ensures the safety of the private key corresponding to the public key in the digital certificate during use.

本實施例中,由於在雲端資料庫儲存了數位憑證和加 密後的私密金鑰,在需要對電子文檔進行電子簽章時,從雲端資料庫獲取數位憑證和數位憑證的加密後的私密金鑰,可以避免現有技術中在第三方認證中心的加密機只能保存有限數量的與數位憑證中的公開金鑰相對應的私密金鑰,從而可以支援網際網路簽章的大資料量和高併發的特性,並確保了與數位憑證中的公開金鑰相對應的私密金鑰的安全性。 In this embodiment, since the digital certificate and add-on are stored in the cloud database The encrypted private key, when the electronic document needs to be electronically signed, the digital certificate and the encrypted private key of the digital certificate are obtained from the cloud database, which can avoid the encryption machine in the third-party certification center in the prior art. It can save a limited number of private keys corresponding to the public key in the digital certificate, so that it can support the large amount of data and high concurrency of Internet signatures, and ensure that it is consistent with the public key in the digital certificate. The security of the corresponding private key.

圖3A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖,圖3B示出了根據本發明的又一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔由第二業務平台提供進行示例性說明。如圖3A所示,實現電子簽章的方法包括如下步驟:步驟301,確定待簽章的電子文檔的雜湊值;步驟302,將電子文檔的雜湊值經由第一私人網路發送給第三方認證中心,其中,第三方認證中心用於產生數位憑證並採用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密;步驟303,經由第一私人網路接收來自第三方認證中心加密後的雜湊值;步驟304,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 FIG. 3A shows a schematic flowchart of a method for implementing an electronic signature according to another exemplary embodiment of the present invention, and FIG. 3B shows a scene of a method for implementing an electronic signature according to another exemplary embodiment of the present invention Figure; In this embodiment, an electronic document is provided by the second service platform for exemplary description. As shown in FIG. 3A, the method for implementing electronic signature includes the following steps: step 301, determine the hash value of the electronic document to be signed; step 302, send the hash value of the electronic document to a third-party authentication via the first private network The third-party certification center is used to generate a digital certificate and encrypt the hash value with a private key corresponding to the public key in the digital certificate; step 303, receive the encryption from the third-party certification center via the first private network After the hash value; Step 304, the encrypted hash value, the digital certificate and the image of the electronic signature are combined into the electronic document.

上述步驟301的描述可以參見上述步驟101的相關描述,在此不再詳述。 For the description of the foregoing step 301, reference may be made to the relevant description of the foregoing step 101, which will not be described in detail here.

在步驟302和步驟303中,在一實施例中,第一私人 網路可以為連接在簽章伺服器和認證中心的專用通信網路,在該專用通信網路中未接入其他設備,經由第一私人網路傳輸雜湊值和加密後的雜湊值,可以確保雜湊值的安全性。 In step 302 and step 303, in one embodiment, the first private The network can be a dedicated communication network connected to the signing server and the certification center. No other equipment is connected to the dedicated communication network. The hash value and the encrypted hash value are transmitted via the first private network to ensure The security of the hash value.

上述步驟304的描述可以參見上述步驟103的相關描述,在此不再詳。 For the description of the foregoing step 304, refer to the related description of the foregoing step 103, which is not detailed here.

作為一個示例性場景,如圖3B所示,簽章伺服器31與第三方認證中心32聯合簽章。在聯合簽章過程中,簽章伺服器31藉由雜湊演算法提取電子文檔的雜湊值,簽章伺服器31經由第一私人網路將雜湊值發送給第三方認證中心32,由第三方認證中心32使用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密,之後,經由第一私人網路將加密後的雜湊值返回給簽章伺服器31,簽章伺服器31將加密後的雜湊值、數位憑證、電子簽章合成到電子文檔中,進而可以將電子文檔提供給使用者。 As an exemplary scenario, as shown in FIG. 3B, the signing server 31 and the third-party certification center 32 jointly sign. In the joint signing process, the signing server 31 extracts the hash value of the electronic document through the hash algorithm, and the signing server 31 sends the hash value to the third-party authentication center 32 via the first private network, and the third-party authentication The center 32 encrypts the hash value using the private key corresponding to the public key in the digital certificate, and then returns the encrypted hash value to the signing server 31 via the first private network. The signing server 31 The encrypted hash value, digital certificate, and electronic signature are combined into an electronic document, and then the electronic document can be provided to the user.

本實施例中,將電子文檔的雜湊值經由第一私人網路發送給第三方認證中心,在第三方認證中心藉由與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密後,經由第一私人網路接收加密後的雜湊值,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,解決了現有技術中的U盾簽章方案實施成本高的問題,降低了使用者成本,藉由利用儲存在第三方認證中心的與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密,再將數位憑證、加密後的雜湊值合成到電子文檔上,提升了電子 簽章的公信力,同時,可以使電子文檔不出被洩漏至其它無關的企業,確保電子文檔的商業安全。 In this embodiment, the hash value of the electronic document is sent to a third-party certification center via the first private network, and the third-party certification center encrypts the hash value with a private key corresponding to the public key in the digital certificate Later, the encrypted hash value is received via the first private network, and the encrypted hash value, digital certificate and electronic signature image are combined into the electronic document, which solves the high implementation cost of the USB-shield signature scheme in the prior art This reduces the user’s cost. By using the private key corresponding to the public key in the digital certificate stored in the third-party certification center to encrypt the hash value, the digital certificate and the encrypted hash value are combined into On the electronic document, the electronic The credibility of the signature, at the same time, can prevent electronic documents from being leaked to other unrelated enterprises, ensuring the commercial security of electronic documents.

圖4A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖,圖4B示出了根據本發明的又一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔為來自第三方業務平台所提供為例進行示例性說明。如圖4A所示,實現電子簽章的方法包括如下步驟:步驟401,確定待簽章的電子文檔的雜湊值;步驟402,將電子文檔的雜湊值、第二秘鑰經由第二私人網路發送給第三方業務平台,其中,第二秘鑰為簽章伺服器和第三方業務平台之間預設的秘鑰或者共同協商的金鑰;步驟403,經由第二私人網路接收加密後的雜湊值;步驟404,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 FIG. 4A shows a schematic flowchart of a method for implementing an electronic signature according to another exemplary embodiment of the present invention, and FIG. 4B shows a scene of a method for implementing an electronic signature according to another exemplary embodiment of the present invention Figure; In this embodiment, the electronic document is provided by a third-party service platform as an example for illustrative description. As shown in FIG. 4A, the method for implementing electronic signature includes the following steps: step 401, determine the hash value of the electronic document to be signed; step 402, send the hash value and the second secret key of the electronic document via a second private network To a third-party business platform, where the second secret key is a preset secret key or a jointly negotiated key between the signing server and the third-party business platform; step 403, receive the encrypted hash value via the second private network; Step 404: Synthesize the encrypted hash value, the digital certificate and the image of the electronic signature into the electronic document.

上述步驟401的描述可以參見上述步驟101的相關描述,在此不再詳述。 For the description of the foregoing step 401, reference may be made to the relevant description of the foregoing step 101, which will not be described in detail here.

在步驟402和步驟403中,在一實施例中,第二私人網路可以為連接在簽章伺服器和第三方業務平台的專用通信網路,在該專用通信網路中未接入其他設備,經由第二私人網路傳輸雜湊值和加密後的雜湊值,可以確保雜湊值的安全性。在一實施例中,第三方業務平台可以為上述實施例中的第一業務平台、第二業務平台、第三業務平台等 能夠提供電子文檔的平台。 In step 402 and step 403, in one embodiment, the second private network may be a dedicated communication network connected to the signature server and a third-party service platform, and no other equipment is connected to the dedicated communication network. , Transmit the hash value and the encrypted hash value via the second private network to ensure the security of the hash value. In an embodiment, the third-party service platform may be the first service platform, the second service platform, the third service platform, etc. in the above embodiment A platform that can provide electronic documents.

上述步驟404的描述可以參見上述步驟103的相關描述,在此不再詳。 For the description of the foregoing step 404, reference may be made to the relevant description of the foregoing step 103, which is not detailed here.

作為一個示例性場景,如圖4B所示,簽章伺服器41從第三方業務平台42獲取電子文檔,採用雜湊演算法提取電子文檔的雜湊值,將雜湊值傳輸給第三方業務平台42的加密機,由第三方業務平台42的加密機藉由第二秘鑰對雜湊值進行加密,然後第三業務平台42將加密後的雜湊值返還給的簽章伺服器41,簽章伺服器41將加密後的雜湊值、數位憑證、電子簽章合成到電子文檔中,進而可以將電子文檔提供給使用者。 As an exemplary scenario, as shown in FIG. 4B, the signature server 41 obtains an electronic document from a third-party service platform 42, uses a hash algorithm to extract the hash value of the electronic document, and transmits the hash value to the encryption of the third-party service platform 42 The encryption machine of the third-party service platform 42 encrypts the hash value with the second secret key, and then the third service platform 42 returns the encrypted hash value to the signing server 41, and the signing server 41 encrypts it. The resulting hash value, digital certificate, and electronic signature are combined into an electronic document, and the electronic document can then be provided to the user.

本實施例可以滿足第三方業務平台42要求保管與數位憑證中的公開金鑰相對應的私密金鑰的需求,提高了電子簽章方式的靈活性。 This embodiment can meet the requirement of the third-party service platform 42 to keep the private key corresponding to the public key in the digital certificate, and improve the flexibility of the electronic signature method.

藉由上述實施例,可以在不同的業務場景中有著不同的電子簽章的適用方案,因此在發揮各種電子簽章的使用方案的優勢時,滿足了個性化的業務需求。 With the above-mentioned embodiments, different application solutions for electronic signatures can be available in different business scenarios, and therefore, when the advantages of various electronic signature usage solutions are used, personalized business needs are met.

對應於上述的實現電子簽章的方法,本發明還提出了圖5所示的根據本發明的一示例性實施例的簽章伺服器的示意結構圖。請參考圖5,在硬體層面,該網路服務器包括處理器、內部匯流排、網路介面、記憶體以及非易失性記憶體,當然還可能包括其他業務所需要的硬體。處理器從非易失性記憶體中讀取對應的電腦程式到記憶體中然後運行,在邏輯層面上形成實現電子簽章的裝置。當然,除 了軟體實現方式之外,本發明並不排除其他實現方式,比如邏輯器件抑或軟硬體結合的方式等等,也就是說以下處理流程的執行主體並不限定於各個邏輯單元,也可以是硬體或邏輯器件。 Corresponding to the foregoing method for implementing electronic signatures, the present invention also proposes a schematic structural diagram of the signature server according to an exemplary embodiment of the present invention shown in FIG. 5. Please refer to Figure 5. At the hardware level, the network server includes a processor, internal bus, network interface, memory, and non-volatile memory, and of course, it may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form a device that realizes the electronic signature on the logical level. Of course, except In addition to the software implementation, the present invention does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also be hardware Body or logic device.

圖6為根據本發明的一示例性實施例的實現電子簽章的裝置的結構示意圖;如圖6所示,該實現電子簽章的裝置可以包括:確定模組61、第一加密模組62、簽章合成模組63。其中:確定模組61,用於確定待簽章的電子文檔的雜湊值;第一加密模組62,用於對確定模組61確定的雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組63,用於將第一加密模組62加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。 FIG. 6 is a schematic structural diagram of an apparatus for implementing electronic signatures according to an exemplary embodiment of the present invention; as shown in FIG. 6, the apparatus for implementing electronic signatures may include: a determination module 61 and a first encryption module 62 , Signature Synthesis Module 63. Wherein: the determination module 61 is used to determine the hash value of the electronic document to be signed; the first encryption module 62 is used to use the hash value determined by the determination module 61 corresponding to the public key in the digital certificate The private key is encrypted; the signature synthesis module 63 is used to synthesize the hash value encrypted by the first encryption module 62, the digital certificate, and the image of the electronic signature into an electronic document.

圖7為根據本發明的一示例性實施例的實現電子簽章的裝置的結構示意圖;如圖7所示,在上述圖6所示實施例的基礎上,第一加密模組62可包括:獲取單元621,用於獲取數位憑證以及與數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;解密單元622,用於對獲取單元獲621取到的經過加密的私密金鑰進行解密;加密單元623,用於採用解密單元622解密後的私密 金鑰對雜湊值進行加密。 FIG. 7 is a schematic structural diagram of an apparatus for implementing electronic signatures according to an exemplary embodiment of the present invention; as shown in FIG. 7, based on the embodiment shown in FIG. 6, the first encryption module 62 may include: The obtaining unit 621 is used to obtain the digital certificate and the private key corresponding to the public key in the digital certificate, the private key is encrypted; the decryption unit 622 is used to encrypt the obtained 621 by the obtaining unit The private key for decryption; the encryption unit 623 is used to decrypt the private key by the decryption unit 622 The key encrypts the hash value.

在一實施例中,裝置還可包括:第二加密模組64,用於藉由第一秘鑰對與數位憑證中的公開金鑰相對應的私密金鑰進行加密;儲存模組65,用於儲存第二加密模組64加密後的私密金鑰和數位憑證。 In an embodiment, the device may further include: a second encryption module 64 for encrypting the private key corresponding to the public key in the digital certificate by the first secret key; and a storage module 65 for The private key and digital certificate encrypted by the second encryption module 64 are stored.

在一實施例中,數位憑證和加密後的私密金鑰從雲端資料庫獲取。 In one embodiment, the digital certificate and the encrypted private key are obtained from the cloud database.

在一實施例中,第一加密模組62可包括:第一發送單元624,用於將電子文檔的雜湊值經由第一私人網路發送給第三方認證中心,其中,第三方認證中心用於產生數位憑證並採用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密;第一接收單元625,用於經由第一私人網路接收來自第三方認證中心加密後的雜湊值。 In an embodiment, the first encryption module 62 may include: a first sending unit 624, configured to send the hash value of the electronic document to a third-party certification center via a first private network, where the third-party certification center is used for A digital certificate is generated and a private key corresponding to the public key in the digital certificate is used to encrypt the hash value; the first receiving unit 625 is configured to receive the encrypted hash value from a third-party authentication center via the first private network.

在一實施例中,第一私人網路為連接在簽章伺服器和第三方認證中心的專用通信網路。 In one embodiment, the first private network is a dedicated communication network connected to the signing server and the third-party certification center.

在一實施例中,裝置還可包括:發送模組66,用於將電子文檔的雜湊值、第二秘鑰經由第二私人網路發送給第三方業務平台,其中,第二秘鑰為簽章伺服器和第三方業務平台之間預設的秘鑰;接收模組67,用於經由第二私人網路接收來自第三方認證中心加密後的雜湊值。 In an embodiment, the device may further include: a sending module 66 for sending the hash value and the second secret key of the electronic document to the third-party service platform via the second private network, where the second secret key is the signature server The secret key preset between the server and the third-party service platform; the receiving module 67 is used to receive the encrypted hash value from the third-party certification center via the second private network.

上述實施例可見,可以在不同的業務場景中有著不同 的電子簽章的適用方案,因此在發揮各種電子簽章的使用方案的優勢時,滿足了個性化業務需求。 It can be seen from the above embodiment that it can be different in different business scenarios. The application plan of the electronic signature, so when the advantages of the use of various electronic signatures are used, it meets the needs of personalized business.

本領域技術人員在考慮說明書及實踐這裡公開的發明後,將容易想到本發明的其它實施方案。本發明旨在涵蓋本發明的任何變型、用途或者適應性變化,這些變型、用途或者適應性變化遵循本發明的一般性原理並包括本發明未公開的本技術領域中的公知常識或慣用技術手段。說明書和實施例僅被視為示例性的,本發明的真正範圍和精神由下面的申請專利範圍指出。 Those skilled in the art will easily think of other embodiments of the present invention after considering the specification and practicing the invention disclosed herein. The present invention is intended to cover any variations, uses, or adaptive changes of the present invention. These variations, uses, or adaptive changes follow the general principles of the present invention and include common knowledge or conventional technical means in the technical field not disclosed by the present invention. . The specification and embodiments are only regarded as exemplary, and the true scope and spirit of the present invention are pointed out by the following patent application scope.

還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個......”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。 It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.

以上所述僅為本發明的較佳實施例而已,並不用以限制本發明,凡在本發明的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本發明保護的範圍之內。 The above descriptions are only the preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the present invention Within the scope of protection.

Claims (16)

一種實現電子簽章的方法,其特徵在於,應用於簽章伺服器上,所述方法包括:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值經由第一私人網路發送給第三方認證中心,其中,所述第三方認證中心用於產生所述數位憑證並採用與所述數位憑證中的公開金鑰相對應的私密金鑰對所述雜湊值加密;經由所述第一私人網路接收來自所述第三方認證中心加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 A method for implementing electronic signatures, characterized in that it is applied to a signature server, and the method includes: determining the hash value of the electronic document to be signed; and passing the hash value of the electronic document through a first private The network is sent to a third-party certification center, where the third-party certification center is used to generate the digital certificate and encrypt the hash value with a private key corresponding to the public key in the digital certificate; The first private network receives the encrypted hash value from the third-party authentication center; and synthesizes the encrypted hash value, the digital certificate and the image of the electronic signature into the electronic document. 根據申請專利範圍第1項所述的方法,其中,所述對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,包括:獲取數位憑證以及與所述數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;對所述經過加密的私密金鑰進行解密;採用所述解密後的私密金鑰對所述雜湊值進行加密。 The method according to item 1 of the scope of patent application, wherein the encrypting the hash value with a private key corresponding to the public key in the digital certificate includes: obtaining a digital certificate and communicating with the digital certificate The private key corresponding to the public key in, the private key is encrypted; the encrypted private key is decrypted; the decrypted private key is used to encrypt the hash value. 根據申請專利範圍第2項所述的方法,其中,所述方法還包括:藉由第一秘鑰對所述私密金鑰進行加密;儲存所述數位憑證和加密後的私密金鑰。 The method according to item 2 of the scope of patent application, wherein the method further comprises: encrypting the private key with a first secret key; and storing the digital certificate and the encrypted private key. 根據申請專利範圍第2項所述的方法,其中,所述 數位憑證和所述經過加密的私密金鑰從雲端資料庫獲取。 The method according to item 2 of the scope of patent application, wherein the The digital certificate and the encrypted private key are obtained from the cloud database. 根據申請專利範圍第4項所述的方法,其中,所述第一私人網路為連接在所述簽章伺服器和所述第三方認證中心的專用通信網路。 The method according to item 4 of the scope of patent application, wherein the first private network is a dedicated communication network connected to the signing server and the third-party authentication center. 一種實現電子簽章的方法,其特徵在於,應用於簽章伺服器上,所述方法包括:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給第三方業務平台,所述第二秘鑰為所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;在所述第三方業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收加密後的雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 A method for implementing electronic signatures, characterized in that it is applied to a signature server, and the method includes: determining the hash value of the electronic document to be signed; and combining the hash value and the second secret key of the electronic document It is sent to a third-party service platform via a second private network, and the second secret key is a preset secret key between the signing server and the third-party service platform; the third-party service platform uses the first After the two secret keys encrypt the hash value, receive the encrypted hash value via the second private network; synthesize the encrypted hash value, the digital certificate, and the image of the electronic signature into the electronic document . 根據申請專利範圍第6項所述的方法,其中,所述第二私人網路為連接在簽章伺服器和所述第三方業務平台的專用通信網路。 The method according to item 6 of the scope of patent application, wherein the second private network is a dedicated communication network connected to the signing server and the third-party service platform. 一種實現電子簽章的裝置,其特徵在於,所述裝置包括:確定模組,用於確定待簽章的電子文檔的雜湊值;第一加密模組,用於對所述確定模組確定的所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,其中,所述雜湊值的加密方式根據所述電子文檔的來 源確定;簽章合成模組,用於將所述第一加密模組加密後的所述雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中;其中,所述第一加密模組包括:第一發送單元,用於將所述電子文檔的所述雜湊值經由第一私人網路發送給所述第三方認證中心,其中,所述第三方認證中心用於產生所述數位憑證並採用與所述數位憑證中的公開金鑰相對應的私密金鑰對所述雜湊值加密;第一接收單元,用於經由所述第一私人網路接收來自所述第三方認證中心加密後的所述雜湊值。 A device for implementing electronic signatures, characterized in that, the device comprises: a determining module for determining the hash value of an electronic document to be signed; a first encryption module for determining the value of the determining module The hash value is encrypted with a private key corresponding to the public key in the digital certificate, wherein the encryption method of the hash value is based on the source of the electronic document. Source determination; signature synthesis module for synthesizing the hash value encrypted by the first encryption module, the digital certificate and the picture of the electronic signature into the electronic document; wherein, The first encryption module includes: a first sending unit, configured to send the hash value of the electronic document to the third-party certification center via a first private network, wherein the third-party certification center is used for Generate the digital certificate and use the private key corresponding to the public key in the digital certificate to encrypt the hash value; the first receiving unit is configured to receive from the first private network via the first private network The hash value encrypted by the third-party authentication center. 根據申請專利範圍第8項所述的裝置,其中,所述第一加密模組包括:獲取單元,用於獲取數位憑證以及與所述數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;解密單元,用於對所述獲取單元獲取到的所述經過加密的私密金鑰進行解密;加密單元,用於採用所述解密單元解密後的所述私密金鑰對所述雜湊值進行加密。 The device according to item 8 of the scope of patent application, wherein the first encryption module includes: an acquiring unit for acquiring a digital certificate and a private key corresponding to a public key in the digital certificate, the The private key is encrypted; the decryption unit is used to decrypt the encrypted private key obtained by the obtaining unit; the encryption unit is used to use the private key decrypted by the decryption unit The hash value is encrypted. 根據申請專利範圍第8項所述的裝置,其中,所述裝置還包括:第二加密模組,用於藉由第一秘鑰對與所述數位憑證中的公開金鑰相對應的私密金鑰進行加密; 儲存模組,用於儲存所述數位憑證和與所述數位憑證中的公開金鑰相對應的私密金鑰。 The device according to item 8 of the scope of patent application, wherein the device further includes: a second encryption module for using a first key pair to correspond to a private key in the digital certificate Encrypt The storage module is used to store the digital certificate and the private key corresponding to the public key in the digital certificate. 根據申請專利範圍第9項所述的裝置,其中,所述數位憑證和所述加密後的私密金鑰從雲端資料庫獲取。 The device according to item 9 of the scope of patent application, wherein the digital certificate and the encrypted private key are obtained from a cloud database. 根據申請專利範圍第11項所述的裝置,其中,所述第一私人網路為連接在所述簽章伺服器和所述第三方認證中心的專用通信網路。 The device according to item 11 of the scope of patent application, wherein the first private network is a dedicated communication network connected to the signing server and the third-party authentication center. 根據申請專利範圍第8項所述的裝置,其中,所述裝置還包括:發送模組,用於將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給第三業務平台,所述第二秘鑰為所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;接收模組,用於經由所述第二私人網路接收來自所述第三方認證中心加密後的所述雜湊值。 The device according to item 8 of the scope of patent application, wherein the device further includes a sending module for sending the hash value and the second key of the electronic document to a third party via a second private network. Business platform, the second secret key is a secret key preset between the signing server and the third-party business platform; a receiving module is used to receive the third-party certification via the second private network The hash value encrypted by the center. 根據申請專利範圍第13項所述的裝置,其中,所述第二私人網路為連接在簽章伺服器和所述第三業務平台的專用通信網路。 The device according to item 13 of the scope of patent application, wherein the second private network is a dedicated communication network connected to the signing server and the third service platform. 一種簽章伺服器,其特徵在於,所述簽章伺服器包括:處理器;用於儲存處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值; 將所述電子文檔的所述雜湊值經由第一私人網路發送給第三方認證中心,其中,所述第三方認證中心用於產生所述數位憑證並採用與所述數位憑證中的公開金鑰相對應的私密金鑰對所述雜湊值加密;經由所述第一私人網路接收來自所述第三方認證中心加密後的所述雜湊值;將加密後的所述雜湊值、所述數位憑證和電子簽章的圖片合成到所述電子文檔中。 A signature server, characterized in that, the signature server includes: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to: determine an electronic document to be signed Hash value of The hash value of the electronic document is sent to a third-party certification center via a first private network, where the third-party certification center is used to generate the digital certificate and use the public key in the digital certificate The corresponding private key encrypts the hash value; receives the encrypted hash value from the third-party authentication center via the first private network; encrypts the encrypted hash value and the digital certificate The picture with the electronic signature is combined into the electronic document. 一種簽章伺服器,其特徵在於,所述簽章伺服器包括:處理器;用於儲存處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給第三方業務平台,所述第二秘鑰由所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;在所述第三方業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 A signature server, characterized in that, the signature server includes: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to: determine an electronic document to be signed The hash value of the electronic document; the hash value and the second secret key of the electronic document are sent to a third-party service platform via a second private network, and the second secret key is used by the signature server and the third-party service platform After the third-party service platform uses the second secret key to encrypt the hash value, the encrypted hash value is received via the second private network; The encrypted hash value, the digital certificate and the picture of the electronic signature are combined into the electronic document.
TW106101918A 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server TWI734729B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106101918A TWI734729B (en) 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106101918A TWI734729B (en) 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server

Publications (2)

Publication Number Publication Date
TW201828642A TW201828642A (en) 2018-08-01
TWI734729B true TWI734729B (en) 2021-08-01

Family

ID=63960512

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106101918A TWI734729B (en) 2017-01-19 2017-01-19 Method and device for realizing electronic signature and signature server

Country Status (1)

Country Link
TW (1) TWI734729B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11075763B2 (en) 2019-02-15 2021-07-27 International Business Machines Corporation Compute digital signature authentication sign with encrypted key instruction
US11303456B2 (en) 2019-02-15 2022-04-12 International Business Machines Corporation Compute digital signature authentication sign instruction
US11108567B2 (en) 2019-02-15 2021-08-31 International Business Machines Corporation Compute digital signature authentication verify instruction
TWI778361B (en) * 2020-05-18 2022-09-21 天逸財金科技服務股份有限公司 Distributed digital signature processing method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI353765B (en) * 2008-02-20 2011-12-01
TW201724803A (en) * 2015-12-17 2017-07-01 國立清華大學 Certificateless public key management method with timestamp verification
TWM575150U (en) * 2018-11-19 2019-03-01 歐生全科技股份有限公司 Multi-function authentication device
TW201916630A (en) * 2017-09-28 2019-04-16 南韓商三星電子股份有限公司 Image transmitting device, a method of operating an image transmitting device and a system on chip
TW201926116A (en) * 2019-03-29 2019-07-01 天逸財金科技服務股份有限公司 Method, system and server for protection mechanism of digital signature certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI353765B (en) * 2008-02-20 2011-12-01
TW201724803A (en) * 2015-12-17 2017-07-01 國立清華大學 Certificateless public key management method with timestamp verification
TW201916630A (en) * 2017-09-28 2019-04-16 南韓商三星電子股份有限公司 Image transmitting device, a method of operating an image transmitting device and a system on chip
TWM575150U (en) * 2018-11-19 2019-03-01 歐生全科技股份有限公司 Multi-function authentication device
TW201926116A (en) * 2019-03-29 2019-07-01 天逸財金科技服務股份有限公司 Method, system and server for protection mechanism of digital signature certificate

Also Published As

Publication number Publication date
TW201828642A (en) 2018-08-01

Similar Documents

Publication Publication Date Title
WO2017024934A1 (en) Electronic signing method, device and signing server
US10666428B2 (en) Efficient methods for protecting identity in authenticated transmissions
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US10673632B2 (en) Method for managing a trusted identity
EP3847565B1 (en) Methods and devices for managing user identity authentication data
TW201801000A (en) Offline payment method and device
TWI734729B (en) Method and device for realizing electronic signature and signature server
KR101879758B1 (en) Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate
US11997075B1 (en) Signcrypted envelope message
WO2017107642A1 (en) Text processing method, apparatus and system for secure input method
KR102475434B1 (en) Security method and system for crypto currency
WO2019179240A1 (en) Method and terminal for establishing security infrastructure and device
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US20230124498A1 (en) Systems And Methods For Whitebox Device Binding
CN107111838B (en) System and method for facilitating financial transactions between payers and payees