TWI831523B - Operation method of digital file verification system - Google Patents

Abstract

An operation method of a digital file verification system is disclosed. The operation method comprises the steps of performing a download request step, performing a signature request step, performing a signature embedding step, and performing a post-signature calculation step. The present invention saves the files digitally, and combines the digital signature and watermark technology to propose a simple, safe and reliable verification system. It not only allows the digital file to be legal and non-modifiable, to ensure the integrity and anti-counterfeiting of digital files, no longer worry about the loss or damage of files in transit, but also to avoid tampering or damage during network transmission. In this way, the security that the file will not be tampered is achieved.

Description

How the electronic document verification system operates

The present invention relates to a document operation method, and in particular to an operation method of an electronic document watermark verification system based on digital signature technology.

Today, most documents still rely on physical paper for preservation, but as time passes, the number of documents becomes increasingly larger. The preservation of paper documents not only takes up physical building space, but also worries about whether the documents will be damaged by floods, fires, insect corrosion, corrosion, etc. due to the safety of the storage environment. Therefore, a considerable amount of money must be paid to preserve documents. Maintenance costs.

Nowadays, the world is severely affected by the Wuhan pneumonia (COVID-19) epidemic, and the movement of people is subject to strict restrictions. However, applications for many important documents require verification of the identity of the applicant. If the applicant is not in the country, he or she needs to return to the country to run the application process, which will consume considerable time and cost.

Although Taiwan has been promoting citizen digital certificates for a long time, in order to own and use the natural person certificate function, you must first spend time and money to register and apply, and after the application is completed, you must also use a chip card reader. operation and use. due to majority People still have many uncertain factors and doubts about identity authentication online, so many people still choose to handle business at the counter.

In addition, under the influence of the epidemic, the government has vigorously advocated for people to reduce going out to avoid the spread of the epidemic caused by the movement of people. It has even shortened the working hours of public departments or suspended counter operations, etc., which has indirectly caused people to be unable to apply for relevant documents or handle business, resulting in Many inconveniences and business delays.

In view of this, the present invention saves files in a digital manner and combines digital signature and watermark technologies to propose a simple, safe and reliable verification system. It not only makes digital files legal and non-tamperable, but also ensures the integrity of digital files and ensures anti-counterfeiting. You no longer have to worry about files being lost or damaged during transportation, and it also avoids being tampered with or damaged during network transmission. This achieves The present invention emphasizes the characteristics of safety and inability to be tampered with and its convenient effect.

In order to achieve the aforementioned objectives, the present invention proposes an operating method of an electronic document verification system, which includes the following steps: performing a download request step, in which a user submits a download request for digital data corresponding to the user; performing a download request step; In the signature request step, the issuing unit (Si) to which the user belongs will transfer an electronic file with the digital data, the agency code (Sac) of the issuing unit and the user's personal information based on the download request. An account (UIDi) is transmitted to a notary center (CA); a signature embedding step is performed, in which the notary center uses the key (Pn) corresponding to the account of the user as a signature, thereby making The electronic file with the digital data becomes a digital signature document with the signature and the digital data, and a steganographic watermark technology is used to embed the content of the signature into the digital signature document, and then Send the digital signature document back to the issuing unit; and perform a post-signing operation step, The issuing unit performs a hash function operation on the digital data in the digital signature document to generate a hash value, stores the hash value in a database, and then adds the digital signature to the hash value. The file is sent to the user, thereby enabling the user to obtain the digital signature document with the signature and the digital data and causing the database of the issuing unit to store the hash value.

Among them, before performing the download request step, a system setting and user registration phase process is further included, which includes the following steps: the certification unit submits a setting request; the notary center receives and allocates the agent according to the setting request code to the issuing unit; the user inputs the account number and a password to submit a registration request; and the issuing unit sends the agent code and the account number corresponding to the user to the notary center based on the registration request , causing the notary center to generate the key corresponding to the agent code and the account based on the agent code and the account, and notify the issuing unit and the user that the registration request has been successful.

Before performing the download request step, the notary center allocates the proxy code to the issuing unit and generates the key corresponding to the proxy code and the account based on the proxy code and the account.

Among them, the digital data is transcripts, graduation certificates or employment certificates.

Among them, the user is a student, and the issuing unit is a school unit.

Among them, the user is a job seeker, and the certification unit is a company unit.

Based on the above, the operation method of the electronic document verification system of the present invention is mainly to extract the content of the digital signature based on the digital signature, and embed the content in the electronic document in the form of a watermark. , this not only ensures that the watermarks are different from each other, but also ensures that the digital signature cannot be tampered with. It also uses another form of two-factor authentication for the digital signature, providing higher security during verification.

In order to enable Jun Shen to have a further understanding of the technical features and technical effects of the present invention, preferred embodiments and accompanying detailed descriptions are provided below.

S10, S20, S30: steps

S110, S120, S130, S140: steps

S210, S220, S230, S240: steps

S310, S320, S330, S340: steps

CA: Notary Center

Si: Issuing unit

Ui:User

Pi: public key

Pri:private key

UIDi:Account

Sac:Agent code

PWi:Password

SDi: digital signature document

Di: digital data

H(SDi): Hash value

Figure 1 is a schematic diagram of the operation flow of the electronic document verification system of the present invention.

Figure 2 is a schematic diagram of the system setting and user registration phase process of the present invention.

FIG. 3 is a schematic diagram of the process of a user intending to generate a digital signature document according to the present invention.

Figure 4 is a schematic diagram of the digital signature file integrity verification process of the present invention.

Figure 5 is a block diagram of the system setting and user registration phase process of the present invention.

FIG. 6 is a block diagram illustrating the process of a user intending to generate a digital signature document according to the present invention.

Figure 7 is a block diagram of the digital signature file integrity verification process of the present invention.

Figure 8 is a result diagram of the digital signature file integrity verification process of the present invention.

Figure 9 is another result diagram of the digital signature file integrity verification process of the present invention.

In order to facilitate understanding of the technical features, content and advantages of this invention and the effects it can achieve, this invention is described in detail below with diagrams and in the form of expressions of embodiments. The purpose of the diagrams used is only They are for illustration and auxiliary instructions, and may not represent the true proportions and precise configurations of the creation after its implementation. Therefore, the proportions and configurations of the attached drawings should not be interpreted to limit the scope of rights in the actual implementation of this creation. In addition, to facilitate understanding, the same elements in the following embodiments are labeled with the same symbols for explanation.

In addition, unless otherwise noted, the terms used throughout the specification and patent application generally have the ordinary meanings of each term used in the field, the content disclosed herein, and the specific content. Certain terms used to describe the invention are discussed below or elsewhere in this specification to provide those skilled in the art with additional guidance in describing the invention.

The use of "first", "second", "third", etc. in this article does not specifically refer to the order or sequence, nor is it used to limit the present invention. It is only used to distinguish components described by the same technical terms. Or just an operation.

Secondly, if the words "include", "includes", "have", "contains", etc. are used in this article, they are all open terms, which means including but not limited to.

The electronic document verification system of the present invention is an electronic document watermark verification system based on digital signature technology. Its operation mainly includes three major processes, including system setting and user registration stage process (S10); the user wants to generate a digital signature The file process (S20); and the digital signature file integrity verification process (S30). This invention uses the user as a student to apply for a transcript, the issuing unit as the school unit to which the student belongs, and the queryer as any unit such as a job search company or another school unit as a demonstration to show the operating principles and results of the file, and to verify it. Safety and reliability. However, the present invention is not limited to the above examples. The present invention can also be applied to various situations where the authenticity of documents needs to be verified. For example, the user can be any person, such as a job seeker, and the issuing unit can be, for example, a job seeker. The original company unit, and the queryer is any unit, such as the job search company where the job seeker wants to apply for a job, etc.

As far as the system setting and user registration stage process (S10) is concerned, as shown in Figure 2, the setting request is made by the certification unit (Si) and the registration request is made by the user (Ui), and then the notary center (Certificate) Authority, CA) generates a proxy code (Sac) and a key (Pn) [for example, a set of asymmetric public (Pi) private (Pri) keys] to the user (Ui), where the above i only represents the number of or a certain meaning.

As shown in Figure 1, Figure 2 and Figure 5, the detailed steps of this system setting and user registration stage process (S10) are as follows: In step S110, the issuing unit (Si) submits a setting request to the notary center (CA); In step S120, the notary center (CA) receives and allocates an agent code (Sac, School agent code) to the issuing unit (Si) based on the above setting request; in step S130, the user (Ui) enters the account number (UIDi) and password (PWi) to make a registration request; in step S140, after the user (Ui) is successfully registered, the issuing unit (Si) uses the agent code (Sac) of the issuing unit (Si) based on this registration request. The account number (UIDi) of the user is sent to the notary center (CA), so that the notary center (CA) generates a key (Pn) corresponding to the agent code (Sac) and the account number (UIDi) based on the agent code (Sac) and the account number (UIDi). ) (for example, a set of asymmetric public (Pi) private (Pri) keys), and notify the issuing unit (Si) and the user (Ui) that the above-mentioned registration request has been successful. Among them, the upper half of the dotted line shown in Figure 5 is the system setting part of the notary center (CA) and the issuing unit (Si), and the lower half of the dotted line is the user (Ui) registering an account with the issuing unit (Si) ( UIDi), after the registration is completed, the issuing unit (Si) sends the user-related information to the notary center (CA), and generates a pair of public and private keys for the user (Ui) to use.

As for the process (S20) of a user, such as a student, who wants to generate a digital signature document, as shown in Figure 1, Figure 3 and Figure 6, the user (Ui) first logs in to the transaction system of the issuing unit (Si) , such as the school administration system of a school unit, and find the original digital data of this user (Ui), such as a student's transcript, and then send this transcript to the notary center (CA) for processing, and the notary center (CA) will send the original Add a signature to the scores, and extract the signature content and embed it into the transcript in the form of a watermark. After sending it to the issuing unit (Si), the issuing unit (Si) will perform a hash function operation on the signed transcript and store it in the database. , and then hand the digital signature document to the user (Ui).

Please refer to Figure 3. In the electronic document verification system of the present invention, the process (S20) for the above-mentioned user, such as a student, to generate a digital signature document includes the following steps: A download request step (S210) is performed, in which the above-mentioned user (Ui) enters its registered account (UIDi) and password (PWi) to log in to the business system, such as the school administration system of a school unit, and uses the data of the business system Find the digital data (Di) of this user (Ui) in the library, such as a student's transcript, and make a download request for this digital data, where the above-mentioned digital data is, for example, a transcript, graduation certificate, or employment certificate.

A signature request step (S220) is performed, in which the issuing unit (Si) to which the user (Ui) belongs transfers the electronic file with the digital data (Di) to the issuing unit (Si) based on the above download request. Three parameters, including the agent code (Sac) and the user's (Ui) account number (UIDi), are transmitted to the Notary Center (CA) for processing.

A signature embedding step (S230) is performed, in which the notary center (CA) finds the corresponding key (Pn) through the above-mentioned user (Ui), and corresponds to the agent code (Pn) of the issuing unit (Si). Sac) and the key (Pn) of the user's (UIDi) account (UIDi) serve as the signature of the digital data (Di), thereby making the electronic file with the digital data (Di) become a digital signature with the signature and digital data. seal file (SDi), and use steganographic watermark technology to embed the content of the signature into the above-mentioned digital signature file (SDi), and then send this digital signature file back to the issuing unit (Si).

A post-signature operation step (S240) is performed, in which the issuing unit (Si) performs a hash function operation based on the digital data (Di) in the above-mentioned digital signature file (SDi) to generate a hash value [H(SDi) )], and store this hash value [H(SDi)] in the database, and then send the above-mentioned digital signature file (SDi) to the user (Ui), so that the user (Ui) obtains the signature The digital signature document (SDi) of the stamp and digital data (Di) enables the database of the issuing unit (Si) to store a unique and unique hash value [H(SDi)].

In terms of actual operation, when the user (Ui) is applying for a job or applying for a certificate for further study, the above-mentioned digital signature document (SDi) with digital data (Di) (such as a signed graduation certificate or transcript When the document is submitted to a business unit such as the human resources department of the job search company or the school registration group, the business unit can serve as a queryer and confirm the correctness of the graduation certificate or transcript through the verification process of the present invention. In other words, the business unit can upload the above-mentioned digital signature file (SDi) to the electronic document verification system of the present invention, and confirm the digital signature obtained by the business unit by confirming the signature and comparing it with the hash value in the database. Whether the source of the Chapter Document (SDi) is correct and whether the content of the transcript has been tampered with.

Please refer to Figure 1, Figure 4 and Figure 7. In the electronic document verification system of the present invention, the verification method for a digital signature document (SDi), that is, the digital signature document integrity verification process (S30) includes the following steps: A first transmission step (S310) is performed, in which the inquirer (such as the above-mentioned business unit) uploads a digital signature document (SDi) with a signature and a digital data to the electronic document verification system, in which the above-mentioned digital signature The data corresponds to the user's (Ui) grades or student status. Among them, the above-mentioned digital signature document (SDi) has a steganographic watermark, and the content of the steganographic watermark is the content of the signature document.

A second transmission step (S320) is performed, in which after the issuing unit (Si) receives the digital signature file transmitted by the above-mentioned inquirer, the issuing unit (Si) transmits the digital signature file to the notary center (CA) ).

A signature verification step (S330) is performed, in which the notary center (CA) obtains the above-mentioned digital signature document (SDi) and compares the corresponding key (Pn) of the digital signature document (SDi) with the signature of the digital signature document (SDi). Corresponding to the key (Pn) generated when the user (Ui) previously registered, it is used to determine and notify the issuing unit (Si) whether the above signature is correct. The key (Pn) is obtained by the notary center (CA). ) is pre-generated based on the agent code (Sac) of the issuing unit (Si) and an account number (UIDi) corresponding to this user. Among them, in the present invention, during notarization The CA is more selective. For example, it further compares and determines whether the signature, watermark, and issuing unit of the signature of the digital signature document (SDi) are correct (if correct, it is legal, as shown in Figure 8).

A hash value checking step (S340) is performed. After the issuing unit (Si) receives the signature confirmation message (the signature is correct), the issuing unit (Si) performs a hash function operation on the contents of the digital signature document (SDi). Generate a check hash value, and compare whether the check hash value is the same as the hash value pre-stored by the issuing unit (Si), so as to determine and notify the above-mentioned inquirer of the content of the digital signature document (SDi) obtained. Whether it has been tampered with or destroyed (if it has been tampered with or destroyed, it is illegal, as shown in Figure 9).

It can be seen that, different from the traditional digital signature verification process, the method proposed by the present invention mainly extracts the content of the digital signature based on the digital signature, and embeds this content in the form of a watermark. In electronic documents, this not only ensures that the watermark of each signature issuer [i.e., user (Ui)] is different, but also ensures that the digital signature cannot be tampered with. It also uses another form of digital signature. Two-factor authentication provides higher security when performing verification.

Moreover, as far as current technology is concerned, digital watermarks can be roughly divided into two types, the floating type and the steganographic type. The method used in the present invention is the steganographic type, that is, the present invention extracts the text of the signature in the digital signature. Take and embed it into a document with a digital signature. In the verification part of the document, the digital signature is verified in two ways. However, because the watermark of the present invention is hidden in the document, if an interested person wants to forge the transcript , even if this person obtains the digital signature of the issuing unit, if the watermark is not detected in the electronic document verification system of the present invention, the document is still illegal.

Because, through the method proposed by the present invention, the digital transcript can be tamper-proofed through digital signatures and watermarks, thereby ensuring the unique and correct value of the digital data. Verification through digital signatures not only ensures the reduction of manpower, administrative and paper costs, but also enables the secure storage of data. In the future, electronic graduation certificates can be integrated, so that there is no longer a single method for verifying diplomas and multiple application methods. It also ensures that the data will not be lost or damaged during transportation. Not only can electronic documents be verified and managed through this system in the future, but documents with identity verification features can also be integrated in the future, such as ID cards, driver's licenses, or insurance cards, whether in various fields such as the financial industry or the medical industry. It can contribute to everything, and even provide certain conveniences in terms of food, clothing, housing and transportation.

The above is only illustrative and not restrictive. Any equivalent modifications or changes that do not depart from the spirit and scope of the present invention shall be included in the appended patent scope.

S10, S20, S30: steps

Claims (4)

An operating method of an electronic document verification system, at least including the following steps: performing a download request step, in which a user submits a download request for digital data corresponding to the user; performing a signature request step, in which An electronic file containing the digital data, an agent code (Sac) of the issuing unit and an account number (UIDi) of the user are transmitted to A notary center (CA); performs a signature embedding step, in which the notary center uses the agent code corresponding to the issuing unit and the key (Pn) of the user's account as a signature, Thereby, the electronic file with the digital data becomes a digital signature document with the signature and the digital data, and a steganographic watermark technology is used to embed the content of the signature into the digital signature document. , and then transmit the digital signature document back to the issuing unit; and perform a post-signing operation step, which is generated by the issuing unit performing a hash function operation based on the digital data in the digital signature file A hash value, and the hash value is stored in a database, and then the digital signature file is sent to the user, so that the user obtains the digital signature file with the signature and the digital data, and The database of the issuing unit is caused to store the hash value, which before performing the download request step further includes the notary center allocating the agent code to the issuing unit and generating a correspondence with the account based on the agent code. The proxy code and the key for the account. The operation method of the electronic document verification system as described in request item 1, wherein the digital data is a transcript, graduation certificate or employment certificate. The operation method of the electronic document verification system as described in request item 1, wherein the user is a student and the issuing unit is a school unit. The operation method of the electronic document verification system as described in request item 1, wherein the user is a job seeker and the issuing unit is a company unit.