TWI734729B - Method and device for realizing electronic signature and signature server - Google Patents
Method and device for realizing electronic signature and signature server Download PDFInfo
- Publication number
- TWI734729B TWI734729B TW106101918A TW106101918A TWI734729B TW I734729 B TWI734729 B TW I734729B TW 106101918 A TW106101918 A TW 106101918A TW 106101918 A TW106101918 A TW 106101918A TW I734729 B TWI734729 B TW I734729B
- Authority
- TW
- Taiwan
- Prior art keywords
- hash value
- digital certificate
- encrypted
- electronic document
- key
- Prior art date
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
本發明提供一種實現電子簽章的方法及裝置,該方法包括:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。在本發明的技術方案可以解決現有技術中的U盾簽章方案實施成本高的問題,實現網際網路簽章的模式,降低使用者成本。 The present invention provides a method and device for implementing electronic signature. The method includes: determining a hash value of an electronic document to be signed; and encrypting the hash value with a private key corresponding to a public key in a digital certificate ; Combine the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document. The technical solution of the present invention can solve the problem of high implementation cost of the USB-shield signature scheme in the prior art, realize the Internet signature mode, and reduce user costs.
Description
本發明涉及網際網路技術領域,尤其涉及一種實現電子簽章的方法、裝置及簽章伺服器。 The present invention relates to the field of Internet technology, in particular to a method, a device and a signature server for implementing electronic signatures.
當需要對大型網際網路金融企業為使用者提供的電子檔進行電子簽章時,現有技術藉由電子簽章所用的私密金鑰是放置在U盾中,當使用者使用電子簽章時,將U盾插入電腦,電子簽章系統藉由獲取U盾內的與數位憑證中的公開金鑰相對應的私密金鑰對電子文檔進行簽章,由於使用該方案的前提是必須使用戶購買U盾,因此當大量使用者需要電子簽章時,實施成本高,推廣難度大。 When it is necessary to electronically sign an electronic file provided by a large Internet financial enterprise for users, the private key used by the prior art through the electronic signature is placed in the USB shield. When the user uses the electronic signature, Insert the USB-shield into the computer, and the electronic signature system signs the electronic document by obtaining the private key corresponding to the public key in the digital certificate. Therefore, when a large number of users need electronic signatures, implementation costs are high and promotion is difficult.
有鑑於此,本發明提供一種新的技術方案,可以解決在用戶量大時以網際網路方式即時申請電子文檔的電子簽章,降低電子簽章過程的硬體成本的技術問題。 In view of this, the present invention provides a new technical solution that can solve the technical problem of real-time application of electronic signatures of electronic documents through the Internet when the number of users is large, and the hardware cost of the electronic signature process is reduced.
為實現上述目的,本發明提供技術方案如下:根據本發明的第一方面,提出了一種實現電子簽章的 方法,包括:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 In order to achieve the above objectives, the present invention provides technical solutions as follows: According to the first aspect of the present invention, a method for implementing electronic signatures is proposed. The method includes: determining the hash value of the electronic document to be signed; encrypting the hash value with a private key corresponding to the public key in the digital certificate; and encrypting the encrypted hash value and the digital The voucher and the picture of the electronic signature are combined into the electronic document.
根據本發明的第二方面,提出了一種實現電子簽章的方法,包括:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述第三方業務平台,所述第二秘鑰由所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;在所述第三方業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 According to a second aspect of the present invention, a method for implementing electronic signatures is proposed, which includes: determining the hash value of an electronic document to be signed; passing the hash value and the second secret key of the electronic document through a second private network Route to the third-party service platform, the second secret key is a secret key preset between the signing server and the third-party service platform; the second secret key pair is used on the third-party service platform After the hash value is encrypted, the encrypted hash value is received via the second private network; the encrypted hash value, the digital certificate, and the image of the electronic signature are combined into the electronic document middle.
根據本發明的第三方面,提出了一種實現電子簽章的裝置,包括:確定模組,用於確定待簽章的電子文檔的雜湊值;第一加密模組,用於對所述確定模組確定的所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組,用於將所述第一加密模組加密後的所 述雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 According to a third aspect of the present invention, an apparatus for implementing electronic signatures is proposed, which includes: a determination module for determining the hash value of an electronic document to be signed; a first encryption module for determining the determination module The hash value determined by the group is encrypted with the private key corresponding to the public key in the digital certificate; the signature synthesis module is used to encrypt all the encrypted values of the first encryption module. The hash value, the digital certificate and the picture of the electronic signature are combined into the electronic document.
根據本發明的第四方面,提出了一種簽章伺服器,包括:處理器;用於儲存所述處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;對所述雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;將所述加密後的雜湊值、所述數位憑證和所述電子簽章的圖片合成到所述電子文檔中。 According to a fourth aspect of the present invention, a signature server is provided, including: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to: determine the to-be-signed The hash value of the electronic document; the hash value is encrypted with a private key corresponding to the public key in the digital certificate; the encrypted hash value, the digital certificate and the picture of the electronic signature Synthesize into the electronic document.
根據本發明的第五方面,提出了一種簽章伺服器,包括:處理器;用於儲存所述處理器可執行指令的記憶體;其中,所述處理器被配置為:確定待簽章的電子文檔的雜湊值;將所述電子文檔的所述雜湊值、第二秘鑰經由第二私人網路發送給所述第三方業務平台,所述第二秘鑰由所述簽章伺服器和所述第三方業務平台之間預設的秘鑰;在所述第三方業務平台採用所述第二秘鑰對所述雜湊值進行加密後,經由所述第二私人網路接收所述加密後的所述雜湊值;將所述加密後的雜湊值、數位憑證和電子簽章的圖片合成到所述電子文檔中。 According to a fifth aspect of the present invention, a signing server is proposed, including: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to: determine the to-be-signed The hash value of the electronic document; the hash value and the second secret key of the electronic document are sent to the third-party service platform via a second private network, and the second secret key is used by the signing server and the A secret key preset between third-party service platforms; after the third-party service platform uses the second secret key to encrypt the hash value, the encrypted hash value is received via the second private network Value; synthesize the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
由以上技術方案可見,本發明藉由對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,從而解決了現有技術中的U盾簽章方案實施成本高的問題,實現了網際網路簽章的模式,降低了使用者成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔上,提升了電子簽章的安全性和公信力。 It can be seen from the above technical solutions that the present invention uses the private key corresponding to the public key in the digital certificate to encrypt the hash value, and synthesizes the encrypted hash value, the image of the digital certificate and the electronic signature into the electronic document. In this way, the problem of high implementation cost of the USB-shield signature scheme in the prior art is solved, the Internet signature mode is realized, and the user cost is reduced. By encrypting the hash value and the encrypted hash value and The digital certificate is integrated into the electronic document, which improves the security and credibility of the electronic signature.
21:第三方認證中心 21: Third-party certification center
22:簽章伺服器 22: Signature Server
23:雲端資料庫 23: Cloud database
24:第一業務平台 24: The first business platform
31:簽章伺服器 31: Signature Server
32:第三方認證中心 32: Third-party certification center
41:簽章伺服器 41: Signature Server
42:第三方業務平台 42: Third-party business platform
61:確定模組 61: Confirm module
62:第一加密模組 62: The first encryption module
63:簽章合成模組 63: Signature Synthesis Module
64:第二加密模組 64: The second encryption module
65:儲存模組 65: storage module
66:簽章合成模組 66: Signature Synthesis Module
67:接收模組 67: receiving module
621:獲取單元 621: get unit
622:解密單元 622: Decryption Unit
623:加密單元 623: encryption unit
624:第一發送單元 624: first sending unit
625:第一接收單元 625: first receiving unit
圖1A示出了根據本發明的一示例性實施例的實現電子簽章的方法的流程示意圖;圖1B示出了根據本發明的一示例性實施例的電子簽章的圖片的示意圖;圖1C示出了根據本發明的一示例性實施例的數位憑證的示意圖;圖2A示出了根據本發明的另一示例性實施例的實現電子簽章的方法的流程示意圖;圖2B示出了根據本發明的另一示例性實施例的場景圖;圖3A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖;圖3B示出了根據本發明的又一示例性實施例的場景圖;圖4A示出了根據本發明的又一示例性實施例的實現 電子簽章的方法的流程示意圖;圖4B示出了根據本發明的又一示例性實施例的場景圖;圖5示出了根據本發明的一示例性實施例的簽章伺服器的結構示意圖;圖6示出了根據本發明的一示例性實施例的實現電子簽章裝置的結構示意圖;圖7示出了根據本發明的另一示例性實施例的實現電子簽章裝置的結構示意圖。 Fig. 1A shows a schematic flow chart of a method for implementing an electronic signature according to an exemplary embodiment of the present invention; Fig. 1B shows a schematic diagram of a picture of an electronic signature according to an exemplary embodiment of the present invention; Fig. 1C Shows a schematic diagram of a digital certificate according to an exemplary embodiment of the present invention; FIG. 2A shows a schematic flowchart of a method for implementing electronic signatures according to another exemplary embodiment of the present invention; A scene diagram of another exemplary embodiment of the present invention; FIG. 3A shows a schematic flowchart of a method for implementing an electronic signature according to another exemplary embodiment of the present invention; FIG. 3B shows another exemplary embodiment of the present invention. A scene diagram of an exemplary embodiment; FIG. 4A shows an implementation according to another exemplary embodiment of the present invention Figure 4B shows a scene diagram according to another exemplary embodiment of the present invention; Figure 5 shows a schematic structural diagram of a signature server according to an exemplary embodiment of the present invention Figure 6 shows a schematic structural diagram of an electronic signature device according to an exemplary embodiment of the present invention; Figure 7 shows a schematic structural diagram of an electronic signature device according to another exemplary embodiment of the present invention.
這裡將詳細地對示例性實施例進行說明,其示例表示在附圖中。下面的描述涉及附圖時,除非另有表示,不同附圖中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本發明相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本發明的一些方面相一致的裝置和方法的例子。 The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with the present invention. On the contrary, they are merely examples of devices and methods consistent with some aspects of the present invention as detailed in the scope of the appended application.
在本發明使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本發明。在本發明和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“和/或”是指並包含一個或多個相關聯的列出專案的任何或所有可能組合。 The terms used in the present invention are only for the purpose of describing specific embodiments, and are not intended to limit the present invention. The singular forms of "a", "said" and "the" used in the scope of the present invention and the appended applications are also intended to include plural forms, unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items.
應當理解,儘管在本發明可能採用術語第一、第二、 第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本發明範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“回應於確定”。 It should be understood that although the terms first, second, The third class describes various information, but the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of the present invention, the first information can also be referred to as second information, and similarly, the second information can also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when" or "in response to certainty".
為對本發明進行進一步說明,提供下列實施例:根據本發明一個實施例,藉由對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,從而解決了現有技術中的U盾簽章方案實施成本高的問題,實現了網際網路簽章的模式,降低了使用者成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔上,提升了電子簽章的安全性和公信力。 To further illustrate the present invention, the following embodiments are provided: According to an embodiment of the present invention, by encrypting the hash value with a private key corresponding to the public key in the digital certificate, the encrypted hash value, digital The image of the certificate and the electronic signature is combined into the electronic document, thereby solving the problem of high implementation cost of the USB-shield signature scheme in the prior art, realizing the Internet signature mode, reducing user costs, and reducing user costs. The hash value encryption and the combination of the encrypted hash value and the digital certificate into the electronic document improve the security and credibility of the electronic signature.
圖1A示出了根據本發明的一示例性實施例的實現電子簽章的方法的流程示意圖,圖1B示出了根據本發明的一示例性實施例的電子簽章的示意圖,圖1C示出了根據本發明的一示例性實施例的數位憑證的示意圖;可以應用在簽章伺服器上。如圖1A所示,實現電子簽章的方法包括如下步驟:步驟101,確定待簽章的電子文檔的雜湊值;步驟102,對雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;步驟103,將加密後的雜湊值、數位憑證和電子簽章
的圖片合成到電子文檔中。
FIG. 1A shows a schematic flow chart of a method for implementing an electronic signature according to an exemplary embodiment of the present invention, FIG. 1B shows a schematic diagram of an electronic signature according to an exemplary embodiment of the present invention, and FIG. 1C shows A schematic diagram of a digital certificate according to an exemplary embodiment of the present invention; it can be applied to a signing server. As shown in FIG. 1A, the method for implementing electronic signature includes the following steps:
在步驟101中,在一實施例中,電子文檔可以是本地檔(例如,證明檔、電子回單等);在另一實施例中,電子文檔可以來自第一業務平台,第一業務平台可以為支付類金融業務平台(例如,支付寶),相應的,電子文檔可以為資產證明、帳單、電子回單;在另一實施例中,電子文檔可以來自第二業務平台,第二業務平台可以為存款類金融業務平台(例如,招財寶),相應的,電子文檔可以為借款和利息證明;在再一實施例中,電子文檔可以來自第三業務平台,第三業務平台可以為網際網路金融業務平台(例如,網商銀行),相應的,電子文檔可以為終端使用者申請的電子憑證等等,由此可知,本發明對電子文檔的來源不做限制。
In
在一實施例中,電子簽章可以為第一業務平台對應的企業的電子簽章、第二業務平台對應的企業的電子簽章、第三業務平台對應的企業的電子簽章。在一實施例中,可以藉由雜湊(Hash)演算法提取電子文檔的雜湊值。 In an embodiment, the electronic signature may be the electronic signature of the company corresponding to the first business platform, the electronic signature of the company corresponding to the second business platform, and the electronic signature of the company corresponding to the third business platform. In one embodiment, the hash value of the electronic document can be extracted by a hash algorithm.
在步驟102中,在一實施例中,可以根據電子文檔的來源確定對雜湊值的加密方式,例如,如果電子文檔來自第一業務平台,可以在簽章伺服器中設置加密機,藉由加密機的第一秘鑰(也可稱為主秘鑰,MainKey)來加密數位憑證中的私密金鑰;再例如,如果電子文檔來自第二業務平台,可以經由第一私人網路將雜湊值發送給第三方認證中心(例如,CA中心),由第三方認證中心藉由使用
與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密,之後經由第一私人網路將加密後的雜湊值返還給簽章伺服器;再例如,如果電子文檔來自第三業務平台,可以將雜湊值、簽章伺服器和第三方金融平台之間設定的第二秘鑰經由第二私人網路發送給第三業務平台的加密機,由第三業務平台藉由加密機採用雙方設定的第二秘鑰對雜湊值進行加密,之後,第三業務平台再將加密後的雜湊值返回給簽章伺服器。藉由對不同來源的電子文檔採用不同的加密方式對雜湊值進行加密,還可以滿足個性化的業務需求。
In
在步驟103中,在一實施例中,可以從相應的業務平台(第一業務平台、第二業務平台、第三業務平台)獲取相應的電子簽章的圖片,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中的合成方式可以參見現有技術的相關描述,在此不再詳述。
In
如圖1B所示,合成在電子文檔上的電子簽章為“AB公司”,當監聽到“AB公司”的電子簽章上的點擊事件時,顯示圖1C所示的數位憑證的相關資訊,由於數位憑證是經由第三方認證中心獲取到的,因此可以使使用者藉由數位憑證驗證電子簽章的真偽性。 As shown in Figure 1B, the electronic signature synthesized on the electronic document is "AB Company". When a click event on the electronic signature of "AB Company" is monitored, the relevant information of the digital certificate shown in Figure 1C will be displayed. Since the digital certificate is obtained through a third-party authentication center, the user can verify the authenticity of the electronic signature by using the digital certificate.
由上述描述可知,本發明實施例藉由步驟S101-S103實現了網際網路簽章的模式,解決了現有技術中的U盾簽章方案實施成本高的問題,降低了用戶成本,藉由對雜湊值加密以及將加密後的雜湊值和數位憑證合成到電子文檔 上,提升了電子簽章的安全性和公信力。 It can be seen from the above description that the embodiment of the present invention implements the Internet signing mode through steps S101-S103, which solves the problem of the high implementation cost of the USB-shield signature scheme in the prior art, and reduces the user cost. Hash value encryption and synthesize the encrypted hash value and digital certificate into an electronic document The above has improved the security and credibility of electronic signatures.
圖2A示出了根據本發明的另一示例性實施例的實現電子簽章的方法的流程示意圖,圖2B示出了根據本發明的另一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔來自第一業務平台提供為例進行示例性說明。如圖2A所,實現電子簽章的方法包括如下步驟:步驟201,確定待簽章的電子文檔的雜湊值;步驟202,獲取數位憑證以及數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰經過加密的;步驟203,對經過加密的私密金鑰進行解密;步驟204,採用解密後的私密金鑰對雜湊值進行加密;步驟205,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。
FIG. 2A shows a schematic flowchart of a method for implementing electronic signatures according to another exemplary embodiment of the present invention, and FIG. 2B shows a scene of a method for implementing electronic signatures according to another exemplary embodiment of the present invention Figure; In this embodiment, the electronic document is provided from the first service platform as an example for illustrative description. As shown in Fig. 2A, the method of implementing electronic signature includes the following steps:
上述步驟201的描述可以參見上述步驟101的相關描述,在此不再詳述。
For the description of the foregoing
在步驟202至步驟204中,在一實施例中,可以從雲端資料庫獲取數位憑證和經過加密的私密金鑰,其中,可以藉由簽章伺服器上的加密機的第一秘鑰(也可稱為主秘鑰)對與數位憑證中的公開金鑰相對應的私密金鑰進行加密,之後儲存在雲端資料庫中,在需要時在對儲存在雲端資料庫的經過加密的私密金鑰進行解密。在另一實施例中,雲端資料庫可以儲存有海量的數位憑證和與數位憑證中的公開金鑰相對應的私密金鑰,從而實現對大量數位憑
證和與數位憑證中的公開金鑰相對應的私密金鑰的安全存諸。
In
上述步驟205的描述可以參見上述步驟103的相關描述,在此不再詳述。
For the description of the foregoing
作為一個示例性場景,如圖2B所示,簽章伺服器22從第三方認證中心21申請了數位憑證,藉由簽章伺服器22本地的加密機(圖中未示)的第一秘鑰來加密與數位憑證中的公開金鑰相對應的私密金鑰,將加密後的私密金鑰和數位憑證儲存至雲端資料庫23中。簽章伺服器22從第一業務平台24獲取到需要進行電子簽章的電子文檔,採用雜湊演算法提取電子文檔的雜湊值,從雲端資料庫23獲取數位憑證和經過加密的私密金鑰,連同雜湊值一起傳送到簽章伺服器22本地的加密機中,在簽章伺服器22本地的加密機中對與數位憑證中的公開金鑰相對應的私密金鑰進行解密,得到與數位憑證中的公開金鑰相對應的私密金鑰,加密機再對雜湊值採用該私密金鑰進行加密,最後,簽章伺服器22將加密後的雜湊值、數位憑證和電子簽章合成到電子文檔上,進而可以將電子文檔提供給使用者。由於藉由第一秘鑰對與數位憑證中的公開金鑰相對應的私密金鑰進行解密,以及藉由與數位憑證公開金鑰相對應的私密金鑰對雜湊值加密的過程都在簽章伺服器的加密機的內部處理,因此確保了與數位憑證中的公開金鑰相對應的私密金鑰在使用過程的安全。
As an exemplary scenario, as shown in FIG. 2B, the signing
本實施例中,由於在雲端資料庫儲存了數位憑證和加 密後的私密金鑰,在需要對電子文檔進行電子簽章時,從雲端資料庫獲取數位憑證和數位憑證的加密後的私密金鑰,可以避免現有技術中在第三方認證中心的加密機只能保存有限數量的與數位憑證中的公開金鑰相對應的私密金鑰,從而可以支援網際網路簽章的大資料量和高併發的特性,並確保了與數位憑證中的公開金鑰相對應的私密金鑰的安全性。 In this embodiment, since the digital certificate and add-on are stored in the cloud database The encrypted private key, when the electronic document needs to be electronically signed, the digital certificate and the encrypted private key of the digital certificate are obtained from the cloud database, which can avoid the encryption machine in the third-party certification center in the prior art. It can save a limited number of private keys corresponding to the public key in the digital certificate, so that it can support the large amount of data and high concurrency of Internet signatures, and ensure that it is consistent with the public key in the digital certificate. The security of the corresponding private key.
圖3A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖,圖3B示出了根據本發明的又一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔由第二業務平台提供進行示例性說明。如圖3A所示,實現電子簽章的方法包括如下步驟:步驟301,確定待簽章的電子文檔的雜湊值;步驟302,將電子文檔的雜湊值經由第一私人網路發送給第三方認證中心,其中,第三方認證中心用於產生數位憑證並採用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密;步驟303,經由第一私人網路接收來自第三方認證中心加密後的雜湊值;步驟304,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。
FIG. 3A shows a schematic flowchart of a method for implementing an electronic signature according to another exemplary embodiment of the present invention, and FIG. 3B shows a scene of a method for implementing an electronic signature according to another exemplary embodiment of the present invention Figure; In this embodiment, an electronic document is provided by the second service platform for exemplary description. As shown in FIG. 3A, the method for implementing electronic signature includes the following steps:
上述步驟301的描述可以參見上述步驟101的相關描述,在此不再詳述。
For the description of the foregoing
在步驟302和步驟303中,在一實施例中,第一私人
網路可以為連接在簽章伺服器和認證中心的專用通信網路,在該專用通信網路中未接入其他設備,經由第一私人網路傳輸雜湊值和加密後的雜湊值,可以確保雜湊值的安全性。
In
上述步驟304的描述可以參見上述步驟103的相關描述,在此不再詳。
For the description of the foregoing
作為一個示例性場景,如圖3B所示,簽章伺服器31與第三方認證中心32聯合簽章。在聯合簽章過程中,簽章伺服器31藉由雜湊演算法提取電子文檔的雜湊值,簽章伺服器31經由第一私人網路將雜湊值發送給第三方認證中心32,由第三方認證中心32使用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密,之後,經由第一私人網路將加密後的雜湊值返回給簽章伺服器31,簽章伺服器31將加密後的雜湊值、數位憑證、電子簽章合成到電子文檔中,進而可以將電子文檔提供給使用者。
As an exemplary scenario, as shown in FIG. 3B, the signing
本實施例中,將電子文檔的雜湊值經由第一私人網路發送給第三方認證中心,在第三方認證中心藉由與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值進行加密後,經由第一私人網路接收加密後的雜湊值,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中,解決了現有技術中的U盾簽章方案實施成本高的問題,降低了使用者成本,藉由利用儲存在第三方認證中心的與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密,再將數位憑證、加密後的雜湊值合成到電子文檔上,提升了電子 簽章的公信力,同時,可以使電子文檔不出被洩漏至其它無關的企業,確保電子文檔的商業安全。 In this embodiment, the hash value of the electronic document is sent to a third-party certification center via the first private network, and the third-party certification center encrypts the hash value with a private key corresponding to the public key in the digital certificate Later, the encrypted hash value is received via the first private network, and the encrypted hash value, digital certificate and electronic signature image are combined into the electronic document, which solves the high implementation cost of the USB-shield signature scheme in the prior art This reduces the user’s cost. By using the private key corresponding to the public key in the digital certificate stored in the third-party certification center to encrypt the hash value, the digital certificate and the encrypted hash value are combined into On the electronic document, the electronic The credibility of the signature, at the same time, can prevent electronic documents from being leaked to other unrelated enterprises, ensuring the commercial security of electronic documents.
圖4A示出了根據本發明的又一示例性實施例的實現電子簽章的方法的流程示意圖,圖4B示出了根據本發明的又一示例性實施例的實現電子簽章的方法的場景圖;本實施例以電子文檔為來自第三方業務平台所提供為例進行示例性說明。如圖4A所示,實現電子簽章的方法包括如下步驟:步驟401,確定待簽章的電子文檔的雜湊值;步驟402,將電子文檔的雜湊值、第二秘鑰經由第二私人網路發送給第三方業務平台,其中,第二秘鑰為簽章伺服器和第三方業務平台之間預設的秘鑰或者共同協商的金鑰;步驟403,經由第二私人網路接收加密後的雜湊值;步驟404,將加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。
FIG. 4A shows a schematic flowchart of a method for implementing an electronic signature according to another exemplary embodiment of the present invention, and FIG. 4B shows a scene of a method for implementing an electronic signature according to another exemplary embodiment of the present invention Figure; In this embodiment, the electronic document is provided by a third-party service platform as an example for illustrative description. As shown in FIG. 4A, the method for implementing electronic signature includes the following steps:
上述步驟401的描述可以參見上述步驟101的相關描述,在此不再詳述。
For the description of the foregoing
在步驟402和步驟403中,在一實施例中,第二私人網路可以為連接在簽章伺服器和第三方業務平台的專用通信網路,在該專用通信網路中未接入其他設備,經由第二私人網路傳輸雜湊值和加密後的雜湊值,可以確保雜湊值的安全性。在一實施例中,第三方業務平台可以為上述實施例中的第一業務平台、第二業務平台、第三業務平台等
能夠提供電子文檔的平台。
In
上述步驟404的描述可以參見上述步驟103的相關描述,在此不再詳。
For the description of the foregoing
作為一個示例性場景,如圖4B所示,簽章伺服器41從第三方業務平台42獲取電子文檔,採用雜湊演算法提取電子文檔的雜湊值,將雜湊值傳輸給第三方業務平台42的加密機,由第三方業務平台42的加密機藉由第二秘鑰對雜湊值進行加密,然後第三業務平台42將加密後的雜湊值返還給的簽章伺服器41,簽章伺服器41將加密後的雜湊值、數位憑證、電子簽章合成到電子文檔中,進而可以將電子文檔提供給使用者。
As an exemplary scenario, as shown in FIG. 4B, the
本實施例可以滿足第三方業務平台42要求保管與數位憑證中的公開金鑰相對應的私密金鑰的需求,提高了電子簽章方式的靈活性。
This embodiment can meet the requirement of the third-
藉由上述實施例,可以在不同的業務場景中有著不同的電子簽章的適用方案,因此在發揮各種電子簽章的使用方案的優勢時,滿足了個性化的業務需求。 With the above-mentioned embodiments, different application solutions for electronic signatures can be available in different business scenarios, and therefore, when the advantages of various electronic signature usage solutions are used, personalized business needs are met.
對應於上述的實現電子簽章的方法,本發明還提出了圖5所示的根據本發明的一示例性實施例的簽章伺服器的示意結構圖。請參考圖5,在硬體層面,該網路服務器包括處理器、內部匯流排、網路介面、記憶體以及非易失性記憶體,當然還可能包括其他業務所需要的硬體。處理器從非易失性記憶體中讀取對應的電腦程式到記憶體中然後運行,在邏輯層面上形成實現電子簽章的裝置。當然,除 了軟體實現方式之外,本發明並不排除其他實現方式,比如邏輯器件抑或軟硬體結合的方式等等,也就是說以下處理流程的執行主體並不限定於各個邏輯單元,也可以是硬體或邏輯器件。 Corresponding to the foregoing method for implementing electronic signatures, the present invention also proposes a schematic structural diagram of the signature server according to an exemplary embodiment of the present invention shown in FIG. 5. Please refer to Figure 5. At the hardware level, the network server includes a processor, internal bus, network interface, memory, and non-volatile memory, and of course, it may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form a device that realizes the electronic signature on the logical level. Of course, except In addition to the software implementation, the present invention does not exclude other implementations, such as logic devices or a combination of software and hardware, etc. That is to say, the execution body of the following processing flow is not limited to each logic unit, and can also be hardware Body or logic device.
圖6為根據本發明的一示例性實施例的實現電子簽章的裝置的結構示意圖;如圖6所示,該實現電子簽章的裝置可以包括:確定模組61、第一加密模組62、簽章合成模組63。其中:確定模組61,用於確定待簽章的電子文檔的雜湊值;第一加密模組62,用於對確定模組61確定的雜湊值採用與數位憑證中的公開金鑰相對應的私密金鑰進行加密;簽章合成模組63,用於將第一加密模組62加密後的雜湊值、數位憑證和電子簽章的圖片合成到電子文檔中。
FIG. 6 is a schematic structural diagram of an apparatus for implementing electronic signatures according to an exemplary embodiment of the present invention; as shown in FIG. 6, the apparatus for implementing electronic signatures may include: a
圖7為根據本發明的一示例性實施例的實現電子簽章的裝置的結構示意圖;如圖7所示,在上述圖6所示實施例的基礎上,第一加密模組62可包括:獲取單元621,用於獲取數位憑證以及與數位憑證中的公開金鑰相對應的私密金鑰,該私密金鑰是經過加密的;解密單元622,用於對獲取單元獲621取到的經過加密的私密金鑰進行解密;加密單元623,用於採用解密單元622解密後的私密
金鑰對雜湊值進行加密。
FIG. 7 is a schematic structural diagram of an apparatus for implementing electronic signatures according to an exemplary embodiment of the present invention; as shown in FIG. 7, based on the embodiment shown in FIG. 6, the
在一實施例中,裝置還可包括:第二加密模組64,用於藉由第一秘鑰對與數位憑證中的公開金鑰相對應的私密金鑰進行加密;儲存模組65,用於儲存第二加密模組64加密後的私密金鑰和數位憑證。
In an embodiment, the device may further include: a
在一實施例中,數位憑證和加密後的私密金鑰從雲端資料庫獲取。 In one embodiment, the digital certificate and the encrypted private key are obtained from the cloud database.
在一實施例中,第一加密模組62可包括:第一發送單元624,用於將電子文檔的雜湊值經由第一私人網路發送給第三方認證中心,其中,第三方認證中心用於產生數位憑證並採用與數位憑證中的公開金鑰相對應的私密金鑰對雜湊值加密;第一接收單元625,用於經由第一私人網路接收來自第三方認證中心加密後的雜湊值。
In an embodiment, the
在一實施例中,第一私人網路為連接在簽章伺服器和第三方認證中心的專用通信網路。 In one embodiment, the first private network is a dedicated communication network connected to the signing server and the third-party certification center.
在一實施例中,裝置還可包括:發送模組66,用於將電子文檔的雜湊值、第二秘鑰經由第二私人網路發送給第三方業務平台,其中,第二秘鑰為簽章伺服器和第三方業務平台之間預設的秘鑰;接收模組67,用於經由第二私人網路接收來自第三方認證中心加密後的雜湊值。
In an embodiment, the device may further include: a sending
上述實施例可見,可以在不同的業務場景中有著不同 的電子簽章的適用方案,因此在發揮各種電子簽章的使用方案的優勢時,滿足了個性化業務需求。 It can be seen from the above embodiment that it can be different in different business scenarios. The application plan of the electronic signature, so when the advantages of the use of various electronic signatures are used, it meets the needs of personalized business.
本領域技術人員在考慮說明書及實踐這裡公開的發明後,將容易想到本發明的其它實施方案。本發明旨在涵蓋本發明的任何變型、用途或者適應性變化,這些變型、用途或者適應性變化遵循本發明的一般性原理並包括本發明未公開的本技術領域中的公知常識或慣用技術手段。說明書和實施例僅被視為示例性的,本發明的真正範圍和精神由下面的申請專利範圍指出。 Those skilled in the art will easily think of other embodiments of the present invention after considering the specification and practicing the invention disclosed herein. The present invention is intended to cover any variations, uses, or adaptive changes of the present invention. These variations, uses, or adaptive changes follow the general principles of the present invention and include common knowledge or conventional technical means in the technical field not disclosed by the present invention. . The specification and embodiments are only regarded as exemplary, and the true scope and spirit of the present invention are pointed out by the following patent application scope.
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個......”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。 It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
以上所述僅為本發明的較佳實施例而已,並不用以限制本發明,凡在本發明的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本發明保護的範圍之內。 The above descriptions are only the preferred embodiments of the present invention and are not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included in the present invention Within the scope of protection.
Claims (16)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW106101918A TWI734729B (en) | 2017-01-19 | 2017-01-19 | Method and device for realizing electronic signature and signature server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW106101918A TWI734729B (en) | 2017-01-19 | 2017-01-19 | Method and device for realizing electronic signature and signature server |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201828642A TW201828642A (en) | 2018-08-01 |
TWI734729B true TWI734729B (en) | 2021-08-01 |
Family
ID=63960512
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW106101918A TWI734729B (en) | 2017-01-19 | 2017-01-19 | Method and device for realizing electronic signature and signature server |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI734729B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11075763B2 (en) | 2019-02-15 | 2021-07-27 | International Business Machines Corporation | Compute digital signature authentication sign with encrypted key instruction |
US11303456B2 (en) | 2019-02-15 | 2022-04-12 | International Business Machines Corporation | Compute digital signature authentication sign instruction |
US11108567B2 (en) | 2019-02-15 | 2021-08-31 | International Business Machines Corporation | Compute digital signature authentication verify instruction |
TWI778361B (en) * | 2020-05-18 | 2022-09-21 | 天逸財金科技服務股份有限公司 | Distributed digital signature processing method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI353765B (en) * | 2008-02-20 | 2011-12-01 | ||
TW201724803A (en) * | 2015-12-17 | 2017-07-01 | 國立清華大學 | Certificateless public key management method with timestamp verification |
TWM575150U (en) * | 2018-11-19 | 2019-03-01 | 歐生全科技股份有限公司 | Multi-function authentication device |
TW201916630A (en) * | 2017-09-28 | 2019-04-16 | 南韓商三星電子股份有限公司 | Image transmitting device, a method of operating an image transmitting device and a system on chip |
TW201926116A (en) * | 2019-03-29 | 2019-07-01 | 天逸財金科技服務股份有限公司 | Method, system and server for protection mechanism of digital signature certificate |
-
2017
- 2017-01-19 TW TW106101918A patent/TWI734729B/en active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI353765B (en) * | 2008-02-20 | 2011-12-01 | ||
TW201724803A (en) * | 2015-12-17 | 2017-07-01 | 國立清華大學 | Certificateless public key management method with timestamp verification |
TW201916630A (en) * | 2017-09-28 | 2019-04-16 | 南韓商三星電子股份有限公司 | Image transmitting device, a method of operating an image transmitting device and a system on chip |
TWM575150U (en) * | 2018-11-19 | 2019-03-01 | 歐生全科技股份有限公司 | Multi-function authentication device |
TW201926116A (en) * | 2019-03-29 | 2019-07-01 | 天逸財金科技服務股份有限公司 | Method, system and server for protection mechanism of digital signature certificate |
Also Published As
Publication number | Publication date |
---|---|
TW201828642A (en) | 2018-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017024934A1 (en) | Electronic signing method, device and signing server | |
US10666428B2 (en) | Efficient methods for protecting identity in authenticated transmissions | |
US11799668B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
US10673632B2 (en) | Method for managing a trusted identity | |
EP3847565B1 (en) | Methods and devices for managing user identity authentication data | |
TW201801000A (en) | Offline payment method and device | |
TWI734729B (en) | Method and device for realizing electronic signature and signature server | |
KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
US11997075B1 (en) | Signcrypted envelope message | |
WO2017107642A1 (en) | Text processing method, apparatus and system for secure input method | |
KR102475434B1 (en) | Security method and system for crypto currency | |
WO2019179240A1 (en) | Method and terminal for establishing security infrastructure and device | |
USRE49968E1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
US20230124498A1 (en) | Systems And Methods For Whitebox Device Binding | |
CN107111838B (en) | System and method for facilitating financial transactions between payers and payees |