TWM520159U - Device for generating and identifying electronic document containing electronic authentication and paper authentication - Google Patents

Device for generating and identifying electronic document containing electronic authentication and paper authentication Download PDF

Info

Publication number
TWM520159U
TWM520159U TW104218643U TW104218643U TWM520159U TW M520159 U TWM520159 U TW M520159U TW 104218643 U TW104218643 U TW 104218643U TW 104218643 U TW104218643 U TW 104218643U TW M520159 U TWM520159 U TW M520159U
Authority
TW
Taiwan
Prior art keywords
data
file
signature
module
verification
Prior art date
Application number
TW104218643U
Other languages
Chinese (zh)
Inventor
Chieh-Hung Huang
Original Assignee
Quick Retrieval Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quick Retrieval Corp filed Critical Quick Retrieval Corp
Priority to TW104218643U priority Critical patent/TWM520159U/en
Publication of TWM520159U publication Critical patent/TWM520159U/en

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Description

產生與驗證具電子認證與紙本認證的認證電子文件之裝置Device for generating and verifying certified electronic documents with electronic and paper certifications

一種產生與驗證電子文件之裝置,特別係指一種產生與驗證具電子認證與紙本認證的認證電子文件之裝置。A device for generating and verifying electronic documents, and more particularly to a device for generating and verifying electronic documents having electronic and paper certifications.

隨著網路的迅速發展,許多以往需要本人親自到文件簽發單位申請的服務逐漸可以透過網路申請。在申請人完成申請後,相關單位或機關等文件簽發單位會透過網路傳送相關文件的電子檔案給使用者。With the rapid development of the Internet, many services that previously required me to apply in person to the document issuing unit can gradually apply through the Internet. After the applicant completes the application, the issuing unit of the relevant unit or agency will send the electronic file of the relevant documents to the user via the Internet.

使用者於網站上申請證明文件時,通常是要以紙本交付第三方,作為自己證明之用。不過現在使用者透過網路所收到的電子檔案中並不會包含文件簽發單位的蓋章,或是縱然有電子簽章但是在電子檔案被列印後亦無法對電子檔案中的電子簽章進行驗證,因此,使用者所收到的電子檔案列印後內容的真偽並無法被驗證,也就是說,若使用者希望證明電子檔案列印後的內容不是偽造的,則使用者需要將電子檔案的內容列印為紙本檔案,並將列印出來的紙本檔案攜帶至文件簽發單位蓋章。這表示當某些單位(第三方)需要使用者提供可以確認列印內容不是偽造的紙本檔案時,使用者仍然需要親自到文件簽發單位申請,或是透過網路申請電子文件後,親自到文件簽發單位蓋章。When a user applies for a supporting document on the website, it is usually required to deliver the paper to a third party as proof of use. However, the electronic files received by users through the Internet will not include the stamp of the document issuing unit, or even if there is an electronic signature, the electronic signature in the electronic file cannot be obtained after the electronic file is printed. Verification, therefore, the authenticity of the printed content of the electronic file received by the user cannot be verified, that is, if the user wishes to prove that the content after the electronic file is printed is not forged, the user needs to The contents of the electronic file are printed as a paper file, and the printed paper file is carried to the document issuing unit for stamping. This means that when some organizations (third parties) need users to provide a paper copy that can confirm that the printed content is not forged, the user still needs to apply in person to the document issuing unit or apply for the electronic file through the Internet. The document is issued by the unit stamp.

還有,一般使用者在網路上進行文件簽署作業時,企業網站會提供具備電子簽署功能的網頁供使用者進行電子簽署,網站端於驗證使用者簽章無誤後,也會進行企業簽署(加簽)。企業網站於雙方簽署完畢後,製成具有雙方電子簽章的電子文件(簡稱已簽署電子文件),並將已簽署電子文件傳送給使用者及企業網站儲存庫,為留存收執。然因,企業網站具備較高的資訊處理能力,擁有完整的電子簽章驗證系統及調閱系統,但使用者端,則無此設備,且一般的列印保存,則更是無法驗證。In addition, when a general user performs a document signing operation on the Internet, the company website will provide a webpage with electronic signature function for the user to sign electronically. After the website verifies that the user has signed the signature, the company will also sign the enterprise (plus sign). After the signing of the two websites, the company's website will be electronically signed (with the electronic signature), and the signed electronic documents will be transmitted to the user and the company's website repository for receipt and retention. However, the corporate website has a high level of information processing capabilities, has a complete electronic signature verification system and access system, but the user side, there is no such equipment, and the general print save, it is even more impossible to verify.

綜上所述,可知先前技術中長期以來一直存在已簽署電子文件於列印後無法驗證真偽的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that in the prior art, there has been a long-standing problem that the signed electronic document cannot be verified after printing, and therefore it is necessary to propose an improved technical means to solve this problem.

有鑒於先前技術存在電子文件之內容不易驗證真偽的問題,本創作遂揭露一種產生與驗證具電子認證與紙本認證的認證電子文件之裝置,其中:In view of the fact that the content of electronic documents in the prior art is difficult to verify the authenticity, the present invention discloses a device for generating and verifying electronic documents having electronic authentication and paper certification, wherein:

本創作所揭露之產生具電子認證與紙本認證的認證電子文件之裝置,至少包含:文件提供模組,用以提供樣板電子文件;資料傳輸模組,用以接收客戶端所傳送之與樣板電子文件相對應之輸入資料;資料處理模組,用以組合輸入資料及樣板電子文件為原始電子文件,藉以由資料傳輸模組傳送原始電子文件至客戶端,及用以驗證資料傳輸模組接收自客戶端之客戶簽章資料;服務簽章模組,用以依據原始電子文件產生相對應之服務簽章資料,藉以由資料傳輸模組傳送原始電子文件、客戶簽章資料及服務簽章資料至驗證伺服器,並接收驗證伺服器依據原始電子文件產生之驗證簽章資料;資料編碼模組,用以對原始電子文件、客戶簽章資料、服務簽章資料及驗證簽章資料進行編碼以產生可視化之認證資料;文件合併模組,用以合併原始電子文件及認證資料為具電子認證與紙本認證的認證電子文件。The device for generating a certified electronic file with electronic authentication and paper certification disclosed in the present invention includes at least: a file providing module for providing a template electronic file; and a data transmission module for receiving a template transmitted by the client. The input data of the electronic file; the data processing module for combining the input data and the sample electronic file as the original electronic file, whereby the data transmission module transmits the original electronic file to the client, and is used to verify the data transmission module receiving The customer signature information from the client; the service signature module is used to generate the corresponding service signature data based on the original electronic file, so that the original electronic file, the customer signature information and the service signature data are transmitted by the data transmission module. To the verification server, and receiving the verification signature data generated by the verification server according to the original electronic file; the data encoding module is used to encode the original electronic file, the customer signature data, the service signature data and the verification signature data. Generate visualized certification data; document consolidation module for merging original electronic documents and certification materials Authentication with the electronic paper authentication and authentication of electronic documents.

本創作所揭露之另一種產生具電子認證與紙本認證的認證電子文件之裝置,至少包含:文件提供模組,用以提供樣板電子文件;資料傳輸模組,用以接收客戶端所傳送之認證資料;資料處理模組,用以依據認證資料讀取與樣板電子文件相對應之客戶資料,並組合輸入資料及樣板電子文件為原始電子文件;服務簽章模組,用以依據原始電子文件產生相對應之服務簽章資料,藉以由資料傳輸模組傳送原始電子文件及服務簽章資料至驗證伺服器,並接收驗證伺服器依據原始電子文件產生之驗證簽章資料;資料編碼模組,用以對原始電子文件、服務簽章資料及驗證簽章資料進行編碼以產生可視化之認證資料;文件合併模組,用以合併原始電子文件及認證資料為具電子認證與紙本認證的認證電子文件。Another device for generating a certified electronic file with electronic authentication and paper certification disclosed in the present invention comprises at least: a file providing module for providing a template electronic file; and a data transmission module for receiving the transmission by the client The authentication data; the data processing module is configured to read the customer data corresponding to the template electronic file according to the authentication data, and combine the input data and the template electronic file into the original electronic file; the service signature module is used to use the original electronic file. Corresponding service signature data is generated, whereby the original electronic file and the service signature data are transmitted by the data transmission module to the verification server, and the verification signature data generated by the verification server according to the original electronic file is received; the data encoding module, The original electronic document, the service signature data and the verification signature data are encoded to generate visualized authentication data; the document combining module is used to merge the original electronic document and the certification data into an electronic certificate and electronic authentication certificate. file.

本創作所揭露之驗證具電子認證與紙本認證的認證電子文件之裝置,至少包含:資料獲取模組,用以由預先被提供之認證電子文件中獲取認證資料;文件解碼模組,用以依據認證資料獲取原始電子文件、服務簽章資料、及驗證簽章資料;客戶解密模組,用以解密服務簽章資料以取得服務簽章雜湊值,及解密驗證簽章資料以取得驗證簽章雜湊值;雜湊運算模組,用以依據原始電子文件產生文件雜湊值;文件驗證模組,用以依據文件雜湊值、服務簽章雜湊值、及驗證簽章雜湊值判斷認證電子文件是否通過驗證。The device for verifying the electronic document having the electronic certificate and the paper certificate authentication disclosed in the present invention comprises at least: a data acquisition module for obtaining the authentication data from the pre-provided certified electronic file; and the file decoding module for Obtain original electronic documents, service signature information, and verification signature data based on the certification data; the customer decryption module is used to decrypt the service signature data to obtain the service signature hash value, and decrypt the verification signature data to obtain the verification signature a hashing value module for generating a file hash value based on the original electronic file; and a file verification module for determining whether the authentication electronic file is verified based on the file hash value, the service signature hash value, and the verification signature hash value .

本創作所揭露之裝置如上,與先前技術之間的差異在於本創作透過服務伺服器將服務伺服器、驗證伺服器、及客戶端所產生之可視化的簽章資料與原始電子文件組合成具電子認證與紙本認證的認證電子文件,藉以解決先前技術所存在的問題,並可以達成驗證電子文件的數位內容或紙本內容是否與正本相符的技術功效。The device disclosed in the present application is as above, and the difference from the prior art is that the creation combines the service signature server and the original electronic document generated by the service server, the verification server, and the client into an electronic device through the service server. Certification and paper-certified certification electronic documents to solve the problems of the prior art, and to achieve the technical effect of verifying whether the digital content or the paper content of the electronic document is consistent with the original.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。The features and implementations of the present invention will be described in detail below in conjunction with the drawings and the embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.

本創作可以將經過使用者編輯所產生的原始電子文件與驗證用之可視化的認證資料合併為具電子認證與紙本認證的認證電子文件,使得獲得認證電子文件之列印內容或數位內容的使用者可以透過認證電子文件中的認證資料驗證原始電子文件是否與正本相符。其中,本創作所提之認證資料為可視化的資料,例如二維條碼、QR code等,但本創作並不以此為限,凡可以表示特定資訊或是記錄特定資訊(如對認證資料進行解碼後獲得特定資訊),且為可視化的資料都可以做為本創作的認證資料。This creation can combine the original electronic file generated by the user's editing and the visualized authentication data for verification into a certified electronic file with electronic certification and paper certification, so that the printed content of the certified electronic document or the use of digital content can be obtained. The authentication data in the certified electronic file can verify whether the original electronic file matches the original. Among them, the certification materials mentioned in this creation are visualized materials, such as 2D barcodes, QR codes, etc., but this creation is not limited to this. Any specific information or specific information can be recorded (such as decoding of authentication data). After obtaining specific information, and the visualized materials can be used as the certification materials for this creation.

以下先以「第1圖」本創作所提之產生具電子認證與紙本認證的認證電子文件之系統架構圖來說明本創作的系統運作。如「第1圖」所示,本創作之系統含有服務伺服器100、驗證伺服器400以及客戶端200。The following is a description of the system architecture of the electronic document with electronic certification and paper certification certified by the "Picture 1". As shown in "FIG. 1", the system of the present creation includes a service server 100, a verification server 400, and a client 200.

服務伺服器100負責產生具電子認證與紙本認證的認證電子文件。其中,伺服器100更包含文件提供模組110、服務簽章模組120、資料傳輸模組130、資料處理模組150、資料編碼模組160、以及文件合併模組170。The service server 100 is responsible for generating authentication electronic files with electronic authentication and paper certification. The server 100 further includes a file providing module 110, a service signing module 120, a data transmission module 130, a data processing module 150, a data encoding module 160, and a file combining module 170.

文件提供模組110負責提供樣板電子文件。文件提供模組110可以讀取樣板電子文件庫以取得樣板電子文件,但文件提供模組110取得樣板電子文件的方式並不以此為限。The document providing module 110 is responsible for providing the template electronic file. The file providing module 110 can read the template electronic file library to obtain the template electronic file, but the manner in which the file providing module 110 obtains the template electronic file is not limited thereto.

樣板電子文件庫中的樣板電子文件通常是由服務伺服器100的管理者預先建立的電子檔案,包含可提供使用者填寫或簽署的文件或是不需要使用者填寫或簽署的文件,該文件可以是單頁的文件也可以是多頁的文件,例如契約文件或權益手冊等。另外,樣板電子文件可以使用HTML、XML、PDF等檔案格式建立,但本創作亦不以上述為限。The template electronic file in the template electronic file library is usually an electronic file pre-established by the administrator of the service server 100, and includes files that can be filled or signed by the user or files that are not required to be filled or signed by the user. A single-page document can also be a multi-page document, such as a contract document or an equity manual. In addition, the template electronic file can be created using HTML, XML, PDF and other file formats, but this creation is not limited to the above.

資料處理模組150負責依據文件提供模組110所提供的樣板電子文件產生原始電子文件。資料處理模組150可以將資料傳輸模組130接收自客戶端200的輸入資料與文件提供模組110所提供的樣板電子文件組合為原始電子文件,例如,資料處理模組150可以將資料傳輸模組130所接收之輸入資料中的各個文字資料分別填入文件提供模組110所提供之樣板電子文件中相對應的文字預留位置,藉以完成樣板電子文件中需要使用者填寫的欄位,而若被接收的輸入資料中還包含客戶端200所上傳的一個或多個圖片資料,例如,身分證正面圖、身分證反面圖、第二證件圖及銀行存摺封面圖等,則資料處理模組150可以將各個圖片資料填入相對應之圖片預留位置外,還可以產生依據被填入樣板電子文件的所有圖片資料產生圖片列表,被產生的圖片列表中包含各個圖片資料的雜湊(Hash)值,一般而言,圖片列表中的雜湊值會以16進位表示。在部分的實施例中,資料處理模組150也可以依據登入系統之客戶端所使用的身分認證資料,由資料庫中直接讀出必要的客戶資料,並將所讀出之客戶資料中的各個資料分別填入樣板電子文件中的對應位置(若被讀出之資料中包含圖片資料,同樣可以產生圖片列表),而不需要使用資料傳輸模組130所接收的輸入資料來產生原始電子文件。另外,資料處理模組150也可以只記錄輸入資料或客戶資料中之各個資料項目對應之樣板電子文件中的位置,使得原始電子文件包含兩個部分,一個部份是樣板電子文件、另一部份是輸入資料或客戶資料。但資料處理模組150依據樣板電子文件產生原始電子文件的方式並不以上述為限。The data processing module 150 is responsible for generating the original electronic file according to the template electronic file provided by the file providing module 110. The data processing module 150 can combine the input data received by the data transmission module 130 from the client 200 and the template electronic file provided by the file providing module 110 into an original electronic file. For example, the data processing module 150 can transmit the data transmission module. The text data in the input data received by the group 130 is respectively filled in the corresponding text reserved position in the template electronic file provided by the file providing module 110, so as to complete the field in the template electronic file that needs to be filled by the user, and If the received input data further includes one or more image data uploaded by the client 200, for example, an identity card front view, an identity card reverse map, a second ID map, and a bank passbook cover map, the data processing module 150 can fill each picture material into the corresponding picture reserved position, and can also generate a picture list according to all the picture materials filled in the template electronic file, and the generated picture list contains hashes of each picture material (Hash). Values, in general, the hash values in the picture list are represented in hexadecimal. In some embodiments, the data processing module 150 can also directly read the necessary customer data from the database according to the identity authentication data used by the client of the login system, and each of the read customer data. The data is filled in the corresponding position in the template electronic file (if the image data is included in the read data, the picture list can also be generated), and the input data received by the data transmission module 130 is not needed to generate the original electronic file. In addition, the data processing module 150 can also record only the position in the electronic file corresponding to each data item in the input data or the customer data, so that the original electronic file contains two parts, one part is a template electronic file, and the other part is a template electronic file and another part. The input is the input data or customer data. However, the manner in which the data processing module 150 generates the original electronic file according to the template electronic file is not limited to the above.

服務簽章模組120負責產生與資料處理模組150所提供之原始電子文件相對應的電子簽章。一般而言,服務簽章模組120可以使用服務伺服器100之管理者所申請之數位憑證中的私密金鑰對原始電子文件進行特定的運算,藉以在運算後產生與原始電子文件相對應的電子簽章。在本創作中,服務簽章模組120所產生之與原始電子文件相對應的電子簽章被稱為「服務簽章資料」。The service signature module 120 is responsible for generating an electronic signature corresponding to the original electronic file provided by the data processing module 150. In general, the service signature module 120 can perform a specific operation on the original electronic file using the private key in the digital certificate applied by the administrator of the service server 100, thereby generating a corresponding corresponding to the original electronic file after the operation. Electronic signature. In the present creation, the electronic signature generated by the service signature module 120 corresponding to the original electronic document is referred to as "service signature data".

服務簽章模組120可以依據資料處理模組150所提供之原始電子文件驗證客戶簽章資料,並在驗證客戶簽章無誤時產生與原始電子文件相對應的電子簽章。但本創作並不以此為限,在部分的實施例中,客戶端200可能不需要對資料處理模組150所提供之原始電子文件簽章,此時,服務簽章模組120可以不驗證客戶簽章資料而直接產生與原始電子文件相對應的電子簽章。The service signature module 120 can verify the customer signature data according to the original electronic file provided by the data processing module 150, and generate an electronic signature corresponding to the original electronic document when verifying that the customer signature is correct. However, the present invention is not limited thereto. In some embodiments, the client 200 may not need to sign the original electronic file provided by the data processing module 150. At this time, the service signature module 120 may not verify. The customer signature information directly generates an electronic signature corresponding to the original electronic document.

資料傳輸模組130可以接收客戶端200所傳回之與樣板電子文件相對應的輸入資料。其中,客戶端200會在稍後說明。The data transmission module 130 can receive the input data corresponding to the template electronic file returned by the client 200. Among them, the client 200 will be explained later.

資料傳輸模組130負責將資料處理模組150所產生的原始電子文件傳送至客戶端200,並接收客戶端200對資料處理模組150所產生之原始電子文件簽章所產生的客戶簽章資料。The data transmission module 130 is responsible for transmitting the original electronic file generated by the data processing module 150 to the client 200, and receiving the customer signature data generated by the client 200 for the original electronic document signature generated by the data processing module 150. .

資料傳輸模組130也負責將資料處理模組150所提供的原始電子文件、接收自客戶端200的客戶簽章資料、以及服務簽章模組120所產生的服務簽章資料傳送到驗證伺服器400,並接收驗證伺服器400所傳回之相對應的驗證簽章資料。在部分的實施例中,資料處理模組150所提供之原始電子文件並不需要經過客戶端200簽章,此時資料傳輸模組130可以不傳送客戶簽章資料,而傳送資料處理模組150所提供的原始電子文件與服務簽章模組120所產生的服務簽章資料到驗證伺服器400。其中,驗證伺服器400將於稍後說明。The data transmission module 130 is also responsible for transmitting the original electronic file provided by the data processing module 150, the customer signature data received from the client 200, and the service signature data generated by the service signature module 120 to the verification server. 400, and receiving the corresponding verification signature data returned by the verification server 400. In some embodiments, the original electronic file provided by the data processing module 150 does not need to be signed by the client 200. At this time, the data transmission module 130 may transmit the data processing module 150 without transmitting the customer signature data. The original electronic file provided and the service signature data generated by the service signature module 120 are sent to the verification server 400. Among them, the verification server 400 will be described later.

資料編碼模組160負責對資料處理模組150組合產生之原始電子文件、服務簽章模組120產生之服務簽章資料、資料傳輸模組130所接收到之客戶簽章資料與驗證伺服器400產生的驗證簽章資料進行編碼,並在編碼後產生分別與原始電子文件、服務簽章資料、客戶簽章資料、驗證簽章資料相對應之可視化的認證資料。資料編碼模組160所產生的各個認證資料可以在經過解碼或轉換或者其他處理方式而獲得相對應的原始電子文件、服務簽章資料、客戶簽章資料、或驗證簽章資料。The data encoding module 160 is responsible for the original electronic file generated by the data processing module 150, the service signature data generated by the service signature module 120, the customer signature data received by the data transmission module 130, and the verification server 400. The generated verification signature data is encoded, and after the encoding, the visualized authentication materials corresponding to the original electronic document, the service signature data, the customer signature data, and the verification signature data are generated. Each of the authentication materials generated by the data encoding module 160 can obtain a corresponding original electronic file, service signature data, customer signature data, or verification signature data after being decoded or converted or otherwise processed.

其中,資料編碼模組160所產生之與原始電子文件相對應的認證資料可以是對文件提供模組110所提供之原始電子文件進行編碼所產生的資料,也可以是對原始電子文件之特定一頁進行編碼所產生的資料。The authentication data corresponding to the original electronic file generated by the data encoding module 160 may be the data generated by encoding the original electronic file provided by the file providing module 110, or may be a specific one for the original electronic file. The information generated by the page is encoded.

文件合併模組170負責合併資料處理模組150組合產生之原始電子文件、以及資料編碼模組160所產生的認證資料,文件合併模組170合併原始電子文件與認證資料後所產生的電子文件在本創作中被稱為「具電子認證與紙本認證的認證電子文件」。其中,具電子認證與紙本認證的認證電子文件中的每一頁都包含資料編碼模組160所產生的認證資料,也就是包含部分的原始電子文件的內容,包含該部分或全部原始電子文件相對應的認證資料、以及包含分別與服務簽章資料、客戶簽章資料、以及驗證簽章資料相對應的認證資料。The file merging module 170 is responsible for combining the original electronic file generated by the data processing module 150 and the authentication data generated by the data encoding module 160. The electronic file generated by the file merging module 170 combining the original electronic file and the authentication data is This creation is called "certified electronic documents with electronic certification and paper certification." Each page of the electronic certificate with electronic authentication and paper certification includes the authentication data generated by the data encoding module 160, that is, the content of the original electronic file containing part of the original electronic file. The corresponding certification materials and the certification materials corresponding to the service signature materials, customer signature materials, and verification signature materials.

請繼續參考「第2圖」。客戶端200負責依據具電子認證與紙本認證的認證電子文件中的認證資料,對認證電子文件中的目標電子文件進行驗證。客戶端200可以是智慧型手機、平板電腦等行動裝置,也可以是執行於行動裝置中的應用程式,或可以是執行於行動裝置中之應用程式的子程序,本創作並沒有特別的限制。其中,客戶端200更包含資料獲取模組210、客戶簽章模組220、資料傳輸模組230、文件解碼模組240、雜湊運算模組250、客戶解密模組260、文件驗證模組270,以及可附加的輸入模組280與顯示模組290。Please continue to refer to "Figure 2." The client 200 is responsible for verifying the target electronic file in the authentication electronic file according to the authentication data in the electronic file with the electronic certification and the paper certification. The client 200 may be a mobile device such as a smart phone or a tablet computer, or may be an application executed in the mobile device, or may be a subroutine of an application executed in the mobile device. The present creation is not particularly limited. The client 200 further includes a data acquisition module 210, a client signature module 220, a data transmission module 230, a file decoding module 240, a hash computing module 250, a client decryption module 260, and a file verification module 270. And an input module 280 and a display module 290 that can be attached.

資料獲取模組210負責獲取包含於具電子認證與紙本認證的認證電子文件中的認證資料。資料獲取模組210可以經由客戶端200的攝影鏡頭擷取包含於被列印為紙本之認證電子文件或螢幕顯示的認證電子文件中的認證資料,也可以由認證電子文件的電子檔中讀取出認證資料,無須透過攝影鏡頭擷取或掃瞄作業,但資料獲取模組210獲取包含於認證電子文件中之認證資料的方式並不以上述為限。The data acquisition module 210 is responsible for acquiring the authentication materials included in the authentication electronic file with electronic certification and paper certification. The data acquisition module 210 can retrieve the authentication data included in the authentication electronic file printed on the certified electronic file or the screen display by the photographic lens of the client 200, or can be read from the electronic file of the certified electronic file. The authentication data is not required to be captured or scanned by the photographic lens, but the manner in which the data acquisition module 210 obtains the authentication data included in the authentication electronic file is not limited to the above.

客戶簽章模組220負責簽署資料傳輸模組230所接收到的原始電子文件,並在簽署後產生客戶簽章資料。也就是使用客戶端200之使用者所申請的數位憑證中的私密金鑰對樣本電子文件進行運算,運算後所產生的資料即為客戶簽章資料。其中,客戶簽章模組220對原始電子文件中之文字資料的簽章方式為整合式簽章,即進行簽章之運算的內容直接包含文字資料;而客戶簽章模組220對原始電子文件中之圖片資料的簽章方式則採用分離式簽章法(Detached signatures),即對圖片資料的雜湊值進行簽章之運算。The customer signature module 220 is responsible for signing the original electronic file received by the data transmission module 230 and generating the customer signature data after signing. That is, the sample electronic file is calculated by using the private key in the digital certificate applied by the user of the client 200, and the data generated after the operation is the customer signature data. The signature pattern of the customer signature module 220 on the original electronic file is an integrated signature, that is, the content of the signature operation directly includes the text data; and the customer signature module 220 pairs the original electronic document. In the signature method of the picture material in the middle, the Detached signatures method is used, that is, the hash value of the picture data is signed.

一般而言,客戶簽章模組220簽署原始電子文件時,是採逐頁簽署,但客戶簽章模組220也可以依據服務伺服器100的指示產生一份不同格式的客戶簽章資料,例如,可以是對整份原始電子文件簽署所產生的一個簽章資料或對原始電子文件逐頁簽署所產生的多頁簽章資料。Generally, when the customer signature module 220 signs the original electronic file, it is signed by page, but the customer signature module 220 can also generate a customer signature data in different formats according to the instructions of the service server 100, for example, It may be a signature material generated by signing the entire original electronic document or a multi-page signature data generated by signing the original electronic document page by page.

資料傳輸模組230負責接收服務伺服器100所傳送的原始電子文件,並將客戶簽章模組220所產生的客戶簽章資料傳回服務伺服器100。The data transmission module 230 is responsible for receiving the original electronic file transmitted by the service server 100, and transmitting the customer signature data generated by the customer signature module 220 to the service server 100.

文件解碼模組240負責依據資料獲取模組210所獲取之認證電子文件中的認證資料獲取原始電子文件、服務簽章資料、客戶簽章資料、以及驗證簽章資料。The file decoding module 240 is responsible for obtaining the original electronic file, the service signature data, the customer signature data, and the verification signature data according to the authentication data in the authentication electronic file acquired by the data acquisition module 210.

若認證電子文件中與原始電子文件對應的認證資料為資料編碼模組160對整份原始電子文件進行編碼而產生,則文件解碼模組240可以只對原始電子文件的任何一頁進行解碼即可取得原始電子文件,而若與原始電子文件對應的認證資料是資料編碼模組160對原始電子文件之特定一頁進行編碼所產生的資料,則文件解碼模組240解碼後只能取得該頁的內容,也就是說,文件解碼模組240需要對原始電子文件中的每一頁都進行解碼後才可以依序組合出原始電子文件。同樣的,文件解碼模組240也可以解碼其他認證資料,藉以在完成認證資料的解碼後,取得服務簽章資料、客戶簽章資料、以及驗證簽章資料。If the authentication data corresponding to the original electronic file in the authentication electronic file is generated by the data encoding module 160 encoding the entire original electronic file, the file decoding module 240 can decode only any page of the original electronic file. Obtaining the original electronic file, and if the authentication data corresponding to the original electronic file is the data generated by the data encoding module 160 encoding a specific page of the original electronic file, the file decoding module 240 can only obtain the page after decoding. The content, that is, the file decoding module 240 needs to decode each page in the original electronic file before the original electronic file can be sequentially combined. Similarly, the file decoding module 240 can also decode other authentication materials, so that after completing the decoding of the authentication data, the service signature data, the customer signature data, and the verification signature data are obtained.

客戶解密模組260負責解密客戶簽章資料以取得「客戶簽章雜湊值」,負責解密服務簽章資料以取得「服務簽章雜湊值」,負責解密驗證簽章資料以取得「驗證簽章雜湊值」。The client decryption module 260 is responsible for decrypting the client signature data to obtain the "customer signature hash value", and is responsible for decrypting the service signature data to obtain the "service signature hash value", and is responsible for decrypting the verification signature data to obtain the "verification signature hash". value".

雜湊運算模組250負責依據文件解碼模組240所獲取之原始電子文件產生與原始電子文件相對應的文件雜湊值。一般而言,雜湊運算模組250會對原始電子文件進行雜湊(Hash)運算,並在運算後產生一個雜湊值,在本創作中,雜湊運算模組250對原始電子文件進行雜湊運算後所產生之被與原始電子文件相對應的雜湊值被稱為「文件雜湊值」。The hash operation module 250 is responsible for generating a file hash value corresponding to the original electronic file according to the original electronic file acquired by the file decoding module 240. In general, the hash operation module 250 performs a hash operation on the original electronic file and generates a hash value after the operation. In the present creation, the hash operation module 250 generates a hash operation on the original electronic file. The hash value corresponding to the original electronic file is referred to as a "file hash value."

雜湊運算模組250可以對所產生之文件雜湊值以及文件解碼模組240所取得的客戶簽章資料進行雜湊運算以產生「第一驗證雜湊值」,也可以對所產生之文件雜湊值與文件解碼模組240所取得的驗證簽章資料進行雜湊運算以產生「第二驗證雜湊值」。The hash operation module 250 may perform a hash operation on the generated file hash value and the client signature data obtained by the file decoding module 240 to generate a “first verification hash value”, and may also generate a file hash value and a file. The verification signature data obtained by the decoding module 240 performs a hash operation to generate a "second verification hash value".

文件驗證模組270負責比對雜湊運算模組250所產生的文件雜湊值以及客戶解密模組260所取得的客戶簽章雜湊值。在某些實施例中,客戶端200不需要簽署原始電子文件,因而沒有產生客戶簽章資料,所以,客戶解密模組260無法解碼客戶簽章資料而取得客戶簽章雜湊值,在此狀況下,文件驗證模組270將以文件雜湊值與客戶解密模組260所取得之服務簽章雜湊值進行比對。The file verification module 270 is responsible for comparing the file hash value generated by the hash operation module 250 with the client signature hash value obtained by the client decryption module 260. In some embodiments, the client 200 does not need to sign the original electronic file, and thus the client signature data is not generated. Therefore, the client decryption module 260 cannot decode the client signature data and obtain the client signature hash value. The file verification module 270 compares the file hash value with the service signature hash value obtained by the client decryption module 260.

文件驗證模組270也負責比對客戶解密模組260所取得的服務簽章雜湊值與「文件雜湊值及客戶簽章資料」的雜湊值(第一驗證雜湊值)。在某些實施例中,客戶端200不需要簽署原始電子文件,因而沒有產生客戶簽章資料,所以,客戶解密模組260無法解碼客戶簽章資料而取得客戶簽章雜湊值,在此狀況下,文件驗證模組270不進行此比對。The file verification module 270 is also responsible for comparing the service signature hash value obtained by the client decryption module 260 with the hash value (first verification hash value) of the "file hash value and the client signature data". In some embodiments, the client 200 does not need to sign the original electronic file, and thus the client signature data is not generated. Therefore, the client decryption module 260 cannot decode the client signature data and obtain the client signature hash value. The file verification module 270 does not perform this comparison.

文件驗證模組270也負責比對客戶解密模組260所取得的驗證簽章雜湊值與「文件雜湊值及驗證簽章資料」的雜湊值(第二驗證雜湊值)。The file verification module 270 is also responsible for comparing the verification signature hash value obtained by the client decryption module 260 with the hash value (second verification hash value) of the "file hash value and the verification signature data".

文件驗證模組270負責於文件雜湊值與服務簽章雜湊值相同、服務簽章雜湊值與第一驗證雜湊值相同、且驗證簽章雜湊值與第二驗證雜湊值相同時,判斷認證電子文件通過驗證。否則,文件驗證模組270將判斷認證電子文件驗證失敗。The file verification module 270 is responsible for determining the authentication electronic file when the file hash value is the same as the service signature hash value, the service signature hash value is the same as the first verification hash value, and the verification signature hash value is the same as the second verification hash value. approved. Otherwise, the file verification module 270 will determine that the authentication electronic file verification failed.

文件驗證模組270也可以可視化的方式提供比對文件解碼模組240所獲取之原始電子文件以及資料獲取模組210所獲取之認證電子文件中的目標電子文件。The file verification module 270 can also provide the original electronic file acquired by the file decoding module 240 and the target electronic file in the authentication electronic file acquired by the data acquisition module 210 in a visual manner.

輸入模組280可以提供輸入文件資料,輸入模組280提供輸入的文件資料包含文字資料或文字資料及圖片資料。The input module 280 can provide input file data, and the input module 280 provides input file data including text data or text data and image data.

顯示模組290可以顯示文件解碼模組240所獲取之原始電子文件,也可以顯示文件驗證模組270的驗證結果。The display module 290 can display the original electronic file acquired by the file decoding module 240, and can also display the verification result of the file verification module 270.

驗證伺服器400負責接收服務伺服器100所提供的原始電子文件、客戶簽章資料及服務簽章資料,並對所接收到的客戶簽章資料及服務簽章資料進行驗證,在客戶簽章資料及服務簽章資料通過驗證後,以原始電子文件的雜湊值及服務簽章資料進行簽章藉以產生驗證簽章資料,並將簽章所產生的驗證簽章資料傳回服務伺服器100。也就是說,驗證伺服器400可以將原始電子文件的雜湊值與服務簽章資料視為一份資料,並使用驗證伺服器400之管理者所申請的數位憑證中的私密金鑰對原始電子文件的雜湊值與服務簽章資料所組成的資料進行運算,運算後所產生的結果即為驗證簽章資料。但若客戶簽章資料或服務簽章資料無法通過驗證伺服器400的驗證時,驗證伺服器400將不產生驗證簽章資料。The verification server 400 is responsible for receiving the original electronic file, the customer signature information and the service signature data provided by the service server 100, and verifying the received customer signature data and the service signature data, and the customer signature data. After the verification of the service signature data, the signature of the original electronic document and the service signature data are signed to generate the verification signature data, and the verification signature data generated by the signature is transmitted back to the service server 100. That is, the verification server 400 can treat the hash value of the original electronic file and the service signature data as one piece of data, and use the private key of the digital certificate applied by the administrator of the verification server 400 to the original electronic file. The hash value is calculated by the data composed of the service signature data, and the result produced by the operation is the verification signature data. However, if the customer signature information or the service signature data cannot pass the verification of the verification server 400, the verification server 400 will not generate the verification signature data.

接著以第一實施例來解說本創作的運作系統。首先說明本創作產生具電子認證與紙本認證的認證電子文件的過程,並請參照「第3圖」本創作所提之產生具電子認證與紙本認證的認證電子文件之方法流程圖。在本實施例中,假設原始電子文件為金融機構與使用者的契約,例如信託帳戶開戶契約書,格式為HTML檔,但本創作並不以此為限。Next, the operational system of the present creation will be explained in the first embodiment. First, the process of creating an electronic document with electronic certification and paper certification is created. Please refer to the flowchart of the method for generating electronic documents with electronic certification and paper certification. In this embodiment, it is assumed that the original electronic file is a contract between the financial institution and the user, for example, a trust account opening account, and the format is an HTML file, but the creation is not limited thereto.

設置在金融機構之服務伺服器100的文件提供模組110可以提供樣板電子文件(步驟301)。在本實施例中,假設文件提供模組110所提供的樣板電子文件已預先由金融機構的員工(通常也是服務伺服器100的管理者)設計完成並儲存於服務伺服器100中。The document providing module 110 provided at the financial institution's service server 100 can provide a template electronic file (step 301). In the present embodiment, it is assumed that the template electronic file provided by the file providing module 110 has been previously designed and stored by the employee of the financial institution (usually also the manager of the service server 100) and stored in the service server 100.

在客戶操作客戶端200登入服務伺服器100後,可以操作客戶端200選擇服務伺服器100提供的契約簽署服務,如此,服務伺服器100的資料處理模組150可以透過服務伺服器100的資料傳輸模組130要求客戶端200輸入文件提供模組110所提供之樣板電子文件需要的輸入資料(步驟310)。After the client operates the client 200 to log in to the service server 100, the client 200 can be operated to select the contract signing service provided by the service server 100. Thus, the data processing module 150 of the service server 100 can transmit data through the service server 100. The module 130 requires the client 200 to input the input data required by the template electronic file provided by the file providing module 110 (step 310).

接著,服務伺服器100的資料傳輸模組130可以接收客戶端200所傳送的輸入資料,並將所接收到的輸入資料提供給資料處理模組150。在本實施例中,客戶端200所輸入的輸入資料可以包括文字資料及圖片資料,其中,文字資料可以包含客戶端之使用者的姓名、身分證字號、出生日期、國籍、性別、婚姻狀況、戶籍地址、通訊地址、連絡電話、緊急連絡人、對帳單寄送方式、、約定帳號資料、風險屬性分析問卷調查資料、以及客戶端之使用者所簽屬的簽名與日期等;圖片資料可以包含身分證正面圖、身分證反面圖、第二證件(健保卡)正面圖、銀行存摺正面圖等。Then, the data transmission module 130 of the service server 100 can receive the input data transmitted by the client 200 and provide the received input data to the data processing module 150. In this embodiment, the input data input by the client 200 may include text data and image data, wherein the text data may include the name of the user of the client, the identity card number, date of birth, nationality, gender, marital status, Household registration address, mailing address, contact telephone number, emergency contact person, statement delivery method, agreed account information, risk attribute analysis questionnaire data, and signature and date signed by the user of the client; Includes the front view of the ID card, the reverse view of the ID card, the front view of the second ID card (the health insurance card), and the front view of the bank passbook.

在服務伺服器100的資料處理模組150取得服務伺服器100的資料傳輸模組130所接收到的輸入資料後,可以由文件提供模組110取得樣板電子文件,並組合所取得的輸入資料及樣板電子文件以產生原始電子文件(步驟320)。After the data processing module 150 of the service server 100 obtains the input data received by the data transmission module 130 of the service server 100, the file providing module 110 can obtain the template electronic file and combine the obtained input data and The template electronic file is used to generate the original electronic file (step 320).

之後,服務伺服器100的資料傳輸模組130可以將服務伺服器100的資料處理模組150所產生的原始電子文件傳送至客戶端200,客戶可以透過客戶端200審閱服務伺服器100所提供之原始電子文件的內容是否正確,若原始電子文件的內容正確且同意原始電子文件中所列的約定條款,則客戶可以操作客戶端200,使得客戶端200的客戶簽章模組220對原始電子文件進行簽章,藉以產生客戶簽章資料(步驟330)。客戶端200的資料傳輸模組230可以在客戶簽章模組220完成簽章後,將所產生的客戶簽章資料上傳至服務伺服器100。Thereafter, the data transmission module 130 of the service server 100 can transmit the original electronic file generated by the data processing module 150 of the service server 100 to the client 200, and the client can review the service server 100 through the client 200. Whether the content of the original electronic file is correct, if the content of the original electronic file is correct and agrees to the agreed terms listed in the original electronic file, the client can operate the client 200 such that the client signature module 220 of the client 200 pairs the original electronic file. A signature is generated to generate customer signature information (step 330). The data transmission module 230 of the client 200 can upload the generated customer signature data to the service server 100 after the client signature module 220 completes the signature.

服務伺服器100的資料傳輸模組130於接收到客戶端200所傳送的客戶簽章資料後,可以將所接收到的客戶簽章資料提供給服務簽章模組120。服務伺服器100的資料處理模組150可以依據所產生的原始電子文件驗證資料傳輸模組130所接收到的客戶簽章資料無誤後,服務簽章模組120可以由資料處理模組150取得被產生的原始電子文件,並產生與原始電子文件相對應的服務簽章資料(步驟340)。After receiving the customer signature data transmitted by the client 200, the data transmission module 130 of the service server 100 can provide the received customer signature data to the service signature module 120. The data processing module 150 of the service server 100 can verify that the customer signature data received by the data transmission module 130 is correct according to the generated original electronic file, and the service signature module 120 can be obtained by the data processing module 150. The original electronic file is generated and the service signature data corresponding to the original electronic file is generated (step 340).

服務伺服器100的服務簽章模組120於產生服務簽章資料後,服務伺服器100的資料傳輸模組130可以將資料處理模組150所產生的原始電子文件、接收自客戶端200的客戶簽章資料、以及服務簽章模組120所產生的服務簽章資料傳送至驗證伺服器400。After the service signature module 120 of the service server 100 generates the service signature data, the data transmission module 130 of the service server 100 can use the original electronic file generated by the data processing module 150 and the client received from the client 200. The signature information and the service signature data generated by the service signature module 120 are transmitted to the verification server 400.

驗證伺服器400可以於驗證客戶簽章資料正確及服務簽章資料正確後,產生相對應的驗證簽章資料(步驟350),並將所產生的驗證簽章資料傳回給服務伺服器100。而若驗證伺服器400判斷客戶簽章資料或服務簽章資料不正確,也就是客戶簽章資料或服務簽章資料沒有通過驗證伺服器400的驗證,則驗證伺服器400將可以不產生驗證簽章資料,並傳回驗證失敗的訊息給服務伺服器100。The verification server 400 may generate corresponding verification signature data after verifying that the customer signature data is correct and the service signature data is correct (step 350), and return the generated verification signature data to the service server 100. If the verification server 400 determines that the customer signature data or the service signature data is incorrect, that is, the customer signature data or the service signature data does not pass the verification by the verification server 400, the verification server 400 may not generate the verification signature. The profile information is returned to the service server 100.

服務伺服器100的資料傳輸模組130於收到驗證簽章資料後,可以將資料處理模組150所產生的原始電子文件、接收自客戶端200的客戶簽章資料、服務簽章模組120所產生的服務簽章資料、以及接收自驗證伺服器400的驗證簽章資料提供給服務伺服器100的資料編碼模組160。資料編碼模組160可以將原始電子文件、客戶簽章資料、服務簽章資料、以及驗證簽章資料進行編碼以產生相對應之可視化認證資料(步驟360)。在本實施例中,被產生之可視化認證資料可以是QR code的形式,但本創作並不以此為限。After receiving the verification signature data, the data transmission module 130 of the service server 100 may send the original electronic file generated by the data processing module 150, the customer signature data received from the client 200, and the service signature module 120. The generated service signature data and the verification signature data received from the verification server 400 are provided to the data encoding module 160 of the service server 100. The data encoding module 160 may encode the original electronic file, the customer signature data, the service signature data, and the verification signature data to generate corresponding visual authentication data (step 360). In this embodiment, the generated visual authentication material may be in the form of a QR code, but the creation is not limited thereto.

服務伺服器100的文件合併模組170於取得服務伺服器100之資料處理模組150所產生的原始電子文件以及服務伺服器100之資料編碼模組160所產生的可視化認證資料後,可以合併原始電子文件與可視化認證資料成為具電子認證與紙本認證的認證電子文件(步驟370)。在本實施例中,被產生之認證電子文件500如「第5圖」所示具有多頁,其中,除了記載圖片的頁面之外,其他頁面(包含文件本文與記載附件雜湊值的頁面)都包含相對應之可視化認證資料,另外,假設被產生之認證電子文件的格式可以是PDF格式,但本創作並不以此為限。The file merging module 170 of the service server 100 can merge the original electronic file generated by the data processing module 150 of the service server 100 and the visual authentication data generated by the data encoding module 160 of the service server 100. The electronic document and the visual certification material become certified electronic documents with electronic certification and paper certification (step 370). In the present embodiment, the generated authentication electronic file 500 has a plurality of pages as shown in "figure 5", wherein, in addition to the page in which the picture is recorded, the other pages (including the pages of the document and the hash value of the attached file) are The corresponding visual authentication data is included. In addition, the format of the generated certified electronic file may be in PDF format, but the creation is not limited thereto.

在服務伺服器100的文件合併模組170產生具電子認證與紙本認證的認證電子文件後,服務伺服器100便可以將所產生的具電子認證與紙本認證的認證電子文件傳送給使用者。在本實施例中,假設服務伺服器100可以及時回傳被產生的認證電子文件給客戶端200的使用者,亦可透過電子郵件將被產生的認證電子文件提供給使用者,亦可將被產生的認證電子文件存放於特定的網站上,使用者可以連線到該網站並經過身分確認後自行下載服務伺服器100所產生的認證電子文件。如此,使用者便可以取得可視化電子認證文件。After the file merging module 170 of the service server 100 generates the authentication electronic file with the electronic certificate and the paper certificate, the service server 100 can transmit the generated authentication electronic file with the electronic certificate and the paper certificate to the user. . In this embodiment, it is assumed that the service server 100 can return the generated authentication electronic file to the user of the client 200 in time, and can also provide the generated authentication electronic file to the user through email, or The generated authentication electronic file is stored on a specific website, and the user can connect to the website and confirm the identity and generate the authentication electronic file generated by the service server 100. In this way, the user can obtain a visual electronic authentication file.

接著繼續說明本創作驗證具電子認證與紙本認證的認證電子文件的過程,並請參照「第4A圖」本創作所提之驗證認證電子文件之方法流程圖。Then continue to explain the process of verifying the electronic document with electronic certification and paper certification, and please refer to the flowchart of the method for verifying the certification electronic file proposed in the "4A".

在本實施例中,假設使用者所取得之具電子認證與紙本認證的認證電子文件為信託帳戶開戶契約書,若使用者使用印表機將所取得之認證電子文件(也就是信託帳戶開戶契約書)印出,並希望使用客戶端200驗證所取得的認證電子文件是否與正本相符。則使用者可以執行於智慧型手機上的驗證程式,並將被印出的認證電子文件提供給客戶端200(步驟402)。如此,客戶端200的資料獲取模組210可以獲取認證電子文件中所包含的認證資料(步驟410)。在本實施例中,假設資料獲取模組210會透過智慧型手機上的攝影鏡頭擷取被印出之認證電子文件中所包含的可視化之認證資料。In this embodiment, it is assumed that the electronic document obtained by the user with the electronic certificate and the paper certificate is a trust account opening account, and if the user uses the printer to obtain the certified electronic file (that is, the trust account is opened) The contract is printed and it is desirable to use the client 200 to verify that the obtained certified electronic document matches the original. The user can execute the verification program on the smart phone and provide the printed authentication electronic file to the client 200 (step 402). As such, the data acquisition module 210 of the client 200 can obtain the authentication data contained in the authentication electronic file (step 410). In this embodiment, it is assumed that the data acquisition module 210 captures the visualized authentication data contained in the printed authentication electronic file through the photographic lens on the smart phone.

另外,使用者也可以直接在客戶端200上執行驗證程式,並操作驗證程式讀取所取得的認證電子文件的電子檔,藉以提供認證電子文件(步驟402),使得客戶端200的資料獲取模組210可以直接獲取認證電子文件中所包含的認證資料(步驟410)。In addition, the user can also execute the verification program directly on the client 200, and operate the verification program to read the electronic file of the obtained authentication electronic file, thereby providing the authentication electronic file (step 402), so that the data acquisition mode of the client 200 is enabled. The group 210 can directly obtain the authentication material contained in the authentication electronic file (step 410).

在客戶端200的資料獲取模組210取得認證電子文件中的認證資料(步驟410)後,客戶端200的文件解碼模組240可以依據客戶端200的資料獲取模組210所取得的認證資料獲取原始電子文件、服務簽章資料、客戶簽章資料、以及驗證簽章資料(步驟420)。在本實施例中,假設文件解碼模組240會對認證資料進行解碼,並在解碼後取得原始電子文件、服務簽章資料、客戶簽章資料、以及驗證簽章資料。After the data acquisition module 210 of the client 200 obtains the authentication data in the authentication electronic file (step 410), the file decoding module 240 of the client 200 can obtain the authentication data obtained by the data acquisition module 210 of the client 200. The original electronic document, the service signature information, the customer signature information, and the verification signature data (step 420). In this embodiment, it is assumed that the file decoding module 240 decodes the authentication data, and obtains the original electronic file, the service signature data, the customer signature data, and the verification signature data after decoding.

在客戶端200的文件解碼模組240依據認證資料獲取原始電子文件、服務簽章資料、客戶簽章資料、以及驗證簽章資料(步驟420)後,客戶端200的雜湊運算模組250可以依據文件解碼模組240所獲取之原始電子文件產生與原始電子文件相對應的文件雜湊值(步驟440)。After the file decoding module 240 of the client 200 obtains the original electronic file, the service signature data, the customer signature data, and the verification signature data according to the authentication data (step 420), the hash computing module 250 of the client 200 can be based on The original electronic file acquired by the file decoding module 240 generates a file hash value corresponding to the original electronic file (step 440).

同樣在客戶端200的文件解碼模組240獲取原始電子文件、服務簽章資料、客戶簽章資料、以及驗證簽章資料(步驟420)後,客戶端200的客戶解密模組260可以解碼文件解碼模組240所獲取的客戶簽章資料以產生與客戶簽章資料相對應的客戶簽章雜湊值、解碼文件解碼模組240所獲取的服務簽章資料以產生與服務簽章資料相對應的服務簽章雜湊值、及解碼文件解碼模組240所獲取的驗證簽章資料以產生與驗證簽章資料相對應的驗證簽章雜湊值(步驟450)。在本實施例中,假設客戶解密模組可以使用數位憑證中的私密金鑰解碼文件解碼模組240所獲取的客戶簽章資料、服務簽章資料、驗證簽章資料以產生客戶簽章雜湊值、服務簽章雜湊值、驗證簽章雜湊值。Similarly, after the file decoding module 240 of the client 200 obtains the original electronic file, the service signature data, the customer signature data, and the verification signature data (step 420), the client decryption module 260 of the client 200 can decode the file decoding. The customer signature data acquired by the module 240 is used to generate a customer signature hash value corresponding to the customer signature data, and the service signature data obtained by the decoding file decoding module 240 is generated to generate a service corresponding to the service signature data. The signature hash value and the verification signature data obtained by the decoded file decoding module 240 are generated to generate a verification signature hash value corresponding to the verification signature data (step 450). In this embodiment, it is assumed that the client decryption module can use the private key in the digital certificate to decode the customer signature data, the service signature data, and the verification signature data acquired by the file decoding module 240 to generate a customer signature hash value. Service signature hash value, verification signature hash value.

在客戶端200的雜湊運算模組250產生文件雜湊值(步驟440),以及在客戶端200的客戶解密模組260產生客戶簽章雜湊值、服務簽章雜湊值、驗證簽章雜湊值(步驟450)後,客戶端200的文件驗證模組270可以依據雜湊運算模組250所產生的文件雜湊值、客戶解密模組260所產生之客戶簽章雜湊值、服務簽章雜湊值、與驗證簽章雜湊值判斷認證電子文件是否通過驗證(步驟470)。在本實施例中,可以如「第4B圖」的流程所示,文件驗證模組270比對雜湊運算模組250所產生的文件雜湊值以及客戶解密模組260所產生之客戶簽章資料的簽章雜湊值(步驟471),當比對結果表示文件雜湊值與簽章雜湊值相符時,客戶端200的雜湊運算模組250可以依據文件雜湊值及客戶簽章資料產生第一驗證雜湊值(步驟472),並由文件驗證模組270比對第一驗證雜湊值與服務簽章雜湊值是否相同(步驟474),當比對結果表示第一驗證雜湊值與服務簽章雜湊值相同時,雜湊運算模組250可以繼續依據文件雜湊值及服務簽章資料產生第二驗證雜湊值(步驟475),並由文件驗證模組270比對第二驗證雜湊值與驗證簽章雜湊值是否相同(步驟477),當比對結果表示第二驗證雜湊值與驗證簽章雜湊值相同時,文件驗證模組270可以判斷認證電子文件通過驗證(步驟478)。也就是當文件雜湊值與簽章雜湊值相同、第一驗證雜湊值與服務簽章雜湊值相同、且第二驗證雜湊值與驗證簽章雜湊值相同,則文件驗證模組270會在三次比對後判斷認證電子文件通過驗證,而若文件雜湊值與簽章雜湊值不同、第一驗證雜湊值與服務簽章雜湊值不同、或第二驗證雜湊值與驗證簽章雜湊值不同,則文件驗證模組270可以在比對後判斷認證電子文件沒有通過驗證(步驟479)。The hash computing module 250 at the client 200 generates a file hash value (step 440), and the client decryption module 260 at the client 200 generates a client signature hash value, a service signature hash value, and a verification signature hash value (steps). After the 450), the file verification module 270 of the client 200 can be based on the file hash value generated by the hash operation module 250, the client signature hash value generated by the client decryption module 260, the service signature hash value, and the verification signature. The hash value determines whether the authentication electronic file has passed the verification (step 470). In this embodiment, as shown in the flow of FIG. 4B, the file verification module 270 compares the file hash value generated by the hash operation module 250 with the client signature data generated by the client decryption module 260. The signature hash value (step 471), when the comparison result indicates that the file hash value matches the signature hash value, the hash operation module 250 of the client 200 can generate the first verification hash value according to the file hash value and the client signature data. (Step 472), and the file verification module 270 compares whether the first verification hash value is the same as the service signature hash value (step 474), when the comparison result indicates that the first verification hash value is the same as the service signature hash value. The hash operation module 250 can continue to generate a second verification hash value according to the file hash value and the service signature data (step 475), and the file verification module 270 compares the second verification hash value with the verification signature hash value. (Step 477), when the comparison result indicates that the second verification hash value is the same as the verification signature hash value, the file verification module 270 may determine that the authentication electronic file passes the verification (step 478). That is, when the file hash value is the same as the signature hash value, the first verification hash value is the same as the service signature hash value, and the second verification hash value is the same as the verification signature hash value, the file verification module 270 is in three ratios. After verifying that the authentication electronic file passes the verification, if the file hash value is different from the signature hash value, the first verification hash value is different from the service signature hash value, or the second verification hash value is different from the verification signature hash value, the file The verification module 270 can determine that the authentication electronic file has not passed the verification after the comparison (step 479).

在上述的實施例中,若客戶端200的文件驗證模組270判斷認證電子文件通過驗證,顯示模組290可以顯示客戶端200的文件解碼模組240所獲取之原始電子文件及文件驗證模組270對客戶簽章資料、服務簽章資料及驗證簽章資料的驗證結果。並能以可視化的方式提供使用者比對原始電子文件與目標電子文件。In the above embodiment, if the file verification module 270 of the client 200 determines that the authentication electronic file passes the verification, the display module 290 can display the original electronic file and the file verification module acquired by the file decoding module 240 of the client 200. 270 verification results of customer signature information, service signature information and verification signature data. And can provide users with a visual comparison of the original electronic file and the target electronic file.

如此,透過本創作,可以讓認證電子文件中所包含的原始電子文件與認證資料都是可視的,使得使用者可以直接透過認證電子文件中的認證資料判斷認證電子文件中的之原始電子文件是否與正本相符。In this way, through the creation, the original electronic file and the authentication data contained in the authentication electronic file can be made visible, so that the user can directly judge whether the original electronic file in the electronic file is authenticated by the authentication data in the authentication electronic file. In accordance with the original.

以下繼續以第二實施例來解說本創作的運作系統。在本實施例中,同樣假設原始電子文件為金融機構與使用者的契約,但本創作並不以此為限。The operation system of the present creation will be explained below with reference to the second embodiment. In this embodiment, the original electronic file is also assumed to be a contract between the financial institution and the user, but the present creation is not limited thereto.

設置在金融機構之服務伺服器100的文件提供模組110可以提供樣板電子文件(步驟301)。在客戶操作客戶端200輸入認證資料以登入服務伺服器100後,可以操作客戶端200選擇服務伺服器100提供的契約簽署服務,如此,服務伺服器100的資料處理模組150可以依據客戶端200登入服務伺服器100所使用的認證資料讀取與樣板電子文件相對應的客戶資料。接著,在服務伺服器100的資料處理模組150可以由文件提供模組110取得樣板電子文件,並組合所取得的客戶資料及樣板電子文件成為原始電子文件。The document providing module 110 provided at the financial institution's service server 100 can provide a template electronic file (step 301). After the client operation client 200 inputs the authentication data to log in to the service server 100, the client 200 can be operated to select the contract signing service provided by the service server 100. Thus, the data processing module 150 of the service server 100 can be based on the client 200. The authentication data used by the login service server 100 reads the customer profile corresponding to the template electronic file. Then, the data processing module 150 of the service server 100 can obtain the template electronic file by the file providing module 110, and combine the obtained customer data and the template electronic file into the original electronic file.

之後,服務伺服器100的服務簽章模組120可以由服務伺服器100的資料處理模組150取得被產生的原始電子文件,並產生與原始電子文件相對應的服務簽章資料。Thereafter, the service signature module 120 of the service server 100 can obtain the generated original electronic file from the data processing module 150 of the service server 100, and generate service signature data corresponding to the original electronic file.

服務伺服器100的服務簽章模組120於產生服務簽章資料後,服務伺服器100的資料傳輸模組130可以將資料處理模組150所產生的原始電子文件以及服務簽章模組120所產生的服務簽章資料傳送至驗證伺服器400。After the service signature module 120 of the service server 100 generates the service signature data, the data transmission module 130 of the service server 100 can use the original electronic file generated by the data processing module 150 and the service signature module 120. The generated service signature data is transmitted to the verification server 400.

驗證伺服器400可以於驗證服務簽章資料正確後,產生相對應的驗證簽章資料(步驟350),並將所產生的驗證簽章資料傳回給服務伺服器100。而若驗證伺服器400判斷服務簽章資料不正確,也就是服務簽章資料沒有通過驗證伺服器400的驗證,則驗證伺服器400將可以不產生驗證簽章資料,並傳回驗證失敗的訊息給服務伺服器100。The verification server 400 may generate corresponding verification signature data after the verification service signature data is correct (step 350), and transmit the generated verification signature data to the service server 100. If the verification server 400 determines that the service signature data is incorrect, that is, the service signature data does not pass the verification by the verification server 400, the verification server 400 may not generate the verification signature data, and return the verification failure message. The service server 100 is given.

服務伺服器100的資料傳輸模組130於收到驗證簽章資料後,可以將服務伺服器100之資料處理模組150所產生的原始電子文件、服務簽章模組120所產生的服務簽章資料、以及接收自驗證伺服器400的驗證簽章資料提供給服務伺服器100的資料編碼模組160。資料編碼模組160可以將原始電子文件、服務簽章資料、以及驗證簽章資料進行編碼以產生相對應之可視化認證資料。After receiving the verification signature data, the data transmission module 130 of the service server 100 can sign the service generated by the original electronic file generated by the data processing module 150 of the service server 100 and the service signature module 120. The data and the verification signature data received from the verification server 400 are provided to the data encoding module 160 of the service server 100. The data encoding module 160 may encode the original electronic file, the service signature data, and the verification signature data to generate corresponding visual authentication materials.

服務伺服器100的文件合併模組170於取得服務伺服器100之資料處理模組150所產生的原始電子文件以及服務伺服器100之資料編碼模組160所產生的可視化認證資料後,可以合併原始電子文件與可視化之認證資料成為具電子認證與紙本認證的認證電子文件。The file merging module 170 of the service server 100 can merge the original electronic file generated by the data processing module 150 of the service server 100 and the visual authentication data generated by the data encoding module 160 of the service server 100. Electronic documents and visualized certification materials become certified electronic documents with electronic certification and paper certification.

在服務伺服器100的文件合併模組170產生具電子認證與紙本認證的認證電子文件後,服務伺服器100便可以將所產生的具電子認證與紙本認證的認證電子文件傳送給使用者。After the file merging module 170 of the service server 100 generates the authentication electronic file with the electronic certificate and the paper certificate, the service server 100 can transmit the generated authentication electronic file with the electronic certificate and the paper certificate to the user. .

假設使用者在取得服務伺服器100所傳送的認證電子文件後,使用印表機將所取得之具電子認證與紙本認證的認證電子文件印出,並希望使用客戶端200驗證所取得的認證電子文件是否與正本相符。則使用者可以執行於客戶端的驗證程式,並將被印出的認證電子文件提供給客戶端200。如此,客戶端200的資料獲取模組210可以透過智慧型手機上的攝影鏡頭擷取認證電子文件之紙本內容中所包含的可視化之認證資料。使用者也可以直接操作客戶端200讀取所取得的認證電子文件的電子檔,使得客戶端200的資料獲取模組210可以直接獲取認證電子文件中所包含的認證資料。It is assumed that after obtaining the authentication electronic file transmitted by the service server 100, the user prints the obtained electronic certificate with the electronic certificate and the paper certificate using the printer, and hopes to verify the obtained authentication by using the client 200. Whether the electronic file matches the original. The user can execute the verification program of the client and provide the printed authentication electronic file to the client 200. In this way, the data acquisition module 210 of the client 200 can capture the visualized authentication data contained in the paper content of the authentication electronic file through the photographic lens on the smart phone. The user can directly operate the client 200 to read the electronic file of the obtained authentication electronic file, so that the data acquisition module 210 of the client 200 can directly obtain the authentication data included in the authentication electronic file.

在客戶端200的資料獲取模組210取得認證電子文件中的認證資料後,客戶端200的文件解碼模組240可以依據客戶端200的資料獲取模組210所取得的認證資料獲取原始電子文件、服務簽章資料、以及驗證簽章資料。在本實施例中,假設文件解碼模組240會對認證資料進行解碼,並在解碼後取得原始電子文件、服務簽章資料、以及驗證簽章資料。After the data acquisition module 210 of the client 200 obtains the authentication data in the authentication electronic file, the file decoding module 240 of the client 200 can obtain the original electronic file according to the authentication data obtained by the data acquisition module 210 of the client 200. Service signature information, and verification signature information. In this embodiment, it is assumed that the file decoding module 240 decodes the authentication data, and obtains the original electronic file, the service signature data, and the verification signature data after decoding.

在客戶端200的文件解碼模組240依據認證資料獲取原始電子文件、服務簽章資料、以及驗證簽章資料後,客戶端200的雜湊運算模組250可以依據文件解碼模組240所獲取之原始電子文件產生與原始電子文件相對應的文件雜湊值。After the file decoding module 240 of the client 200 obtains the original electronic file, the service signature data, and the verification signature data according to the authentication data, the hash computing module 250 of the client 200 can obtain the original according to the file decoding module 240. The electronic file produces a file hash value corresponding to the original electronic file.

同樣在客戶端200的文件解碼模組240獲取原始電子文件、服務簽章資料、以及驗證簽章資料後,客戶端200的客戶解密模組260可以使用數位憑證中的私密金鑰解碼文件解碼模組240所獲取的服務簽章資料以產生與服務簽章資料相對應的服務簽章雜湊值、以及解碼文件解碼模組240所獲取的驗證簽章資料以產生與驗證簽章資料相對應的驗證簽章雜湊值。Similarly, after the file decoding module 240 of the client 200 obtains the original electronic file, the service signature data, and the verification signature data, the client decryption module 260 of the client 200 can decode the file decoding module using the private key in the digital certificate. The service signature data obtained by the group 240 is used to generate a service signature hash value corresponding to the service signature data, and the verification signature data obtained by the decoding file decoding module 240 to generate verification corresponding to the verification signature data. Sign the hash value.

在客戶端200的雜湊運算模組250產生文件雜湊值,以及在客戶端200的客戶解密模組260產生服務簽章雜湊值與驗證簽章雜湊值後,客戶端200的文件驗證模組270可以依據雜湊運算模組250所產生的文件雜湊值、客戶解密模組260所產生之服務簽章雜湊值與驗證簽章雜湊值判斷認證電子文件是否通過驗證。在本實施例中,文件驗證模組270可以比對雜湊運算模組250所產生的文件雜湊值以及客戶解密模組260所產生之服務簽章雜湊值,當比對結果表示文件雜湊值與服務簽章雜湊值相符時,雜湊運算模組250可以依據文件雜湊值及服務簽章資料產生第二驗證雜湊值,文件驗證模組270可以比對第二驗證雜湊值與驗證簽章雜湊值是否相同,當比對結果表示第二驗證雜湊值與驗證簽章雜湊值相同時,可以判斷認證電子文件通過驗證。也就是當文件雜湊值與服務簽章雜湊值相同、且第二驗證雜湊值與驗證簽章雜湊值相同時,文件驗證模組270會在兩次比對後判斷認證電子文件通過驗證,而若文件雜湊值與服務簽章雜湊值不同、或第二驗證雜湊值與驗證簽章雜湊值不同,則文件驗證模組270可以在比對後判斷認證電子文件沒有通過驗證。After the hash computing module 250 of the client 200 generates a file hash value, and after the client decryption module 260 of the client 200 generates the service signature hash value and the verification signature hash value, the file verification module 270 of the client 200 can The authentication hash file determines whether the authentication electronic file passes the verification according to the file hash value generated by the hash operation module 250, the service signature hash value generated by the client decryption module 260, and the verification signature hash value. In this embodiment, the file verification module 270 can compare the file hash value generated by the hash operation module 250 with the service signature hash value generated by the client decryption module 260, and when the comparison result indicates the file hash value and service. When the signature hash value matches, the hash operation module 250 can generate the second verification hash value according to the file hash value and the service signature data, and the file verification module 270 can compare whether the second verification hash value and the verification signature hash value are the same. When the comparison result indicates that the second verification hash value is the same as the verification signature hash value, the authentication electronic file can be judged to pass the verification. That is, when the file hash value is the same as the service signature hash value, and the second verification hash value is the same as the verification signature hash value, the file verification module 270 determines that the authentication electronic file passes the verification after two comparisons, and if If the file hash value is different from the service signature hash value, or the second verification hash value is different from the verification signature hash value, the file verification module 270 may determine that the authentication electronic file has not passed the verification after the comparison.

綜上所述,可知本創作與先前技術之間的差異在於透過服務伺服器將服務伺服器、驗證伺服器、及客戶端所產生之可視化的簽章資料與原始電子文件組合成具電子認證與紙本認證的認證電子文件之技術手段,藉由此一技術手段可以解決先前技術所存在電子文件之內容不易驗證真偽的問題,進而達成驗證電子文件是否與正本相符的技術功效。In summary, it can be seen that the difference between the present creation and the prior art is that the service server, the verification server, and the visual signature data generated by the client are combined with the original electronic file to be electronically authenticated through the service server. The technical means of authenticating electronic documents for paper certification can solve the problem that the content of electronic documents existing in the prior art is difficult to verify authenticity by means of a technical means, thereby achieving the technical effect of verifying whether the electronic file conforms to the original.

再者,本創作可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the creation can be implemented in hardware, software or a combination of hardware and software, or in a centralized manner in a computer system or in a distributed manner in which different components are interspersed among several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.

100‧‧‧服務伺服器
110‧‧‧文件提供模組
120‧‧‧服務簽章模組
130‧‧‧資料傳輸模組
150‧‧‧資料處理模組
160‧‧‧資料編碼模組
170‧‧‧文件合併模組
200‧‧‧客戶端
210‧‧‧資料獲取模組
220‧‧‧客戶簽章模組
230‧‧‧資料傳輸模組
240‧‧‧文件解碼模組
250‧‧‧雜湊運算模組
260‧‧‧客戶解密模組
270‧‧‧文件驗證模組
280‧‧‧輸入模組
290‧‧‧顯示模組
500‧‧‧認證電子文件
步驟301‧‧‧服務伺服器提供樣板電子文件
步驟310‧‧‧服務伺服器要求客戶端輸入輸入資料
步驟320‧‧‧服務伺服器組合輸入資料及樣板電子文件以產生原始電子文件
步驟330‧‧‧客戶端對原始電子文件進行簽章以產生客戶簽章資料
步驟340‧‧‧服務伺服器依據原始電子文件驗證客戶簽章無誤後產生服務簽章資料
步驟350‧‧‧驗證伺服器驗證客戶簽章資料及服務簽章資料正確後產生驗證簽章資料
步驟360‧‧‧服務伺服器對原始電子文件、客戶簽章資料、服務簽章資料及驗證簽章資料進行編碼以產生可視化之認證資料
步驟370‧‧‧服務伺服器合併原始電子文件及可視化之認證資料成為具電子認證與紙本認證的認證電子文件
步驟402‧‧‧提供具電子認證與紙本認證的認證電子文件
步驟410‧‧‧獲取認證資料
步驟420‧‧‧依據認證資料獲取原始電子文件、服務簽章資料、客戶簽章資料、及驗證簽章資料
步驟440‧‧‧依據原始電子文件產生相對應之文件雜湊值
步驟450‧‧‧解密客戶簽章資料、服務簽章資料、及驗證簽章資料,以產生客戶簽章雜湊值、服務簽章雜湊值、驗證簽章雜湊值
步驟470‧‧‧依據文件雜湊值、客戶簽章雜湊值、服務簽章雜湊值、及驗證簽章雜湊值判斷認證電子文件是否通過驗證
步驟471‧‧‧判斷文件雜湊值與客戶簽章雜湊值是否相同
步驟472‧‧‧依據文件雜湊值及客戶簽章資料產生第一驗證雜湊值
步驟474‧‧‧判斷第一驗證雜湊值與服務簽章雜湊值是否相同
步驟475‧‧‧依據文件雜湊值及服務簽章資料產生第二驗證雜湊值
步驟477‧‧‧判斷第二驗證雜湊值與服務簽章雜湊值是否相同
步驟478‧‧‧判斷認證電子文件通過驗證
步驟479‧‧‧判斷認證電子文件無法通過驗證
100‧‧‧Service Server
110‧‧‧Document providing module
120‧‧‧Service Signature Module
130‧‧‧Data Transmission Module
150‧‧‧Data Processing Module
160‧‧‧Data Encoding Module
170‧‧‧File merge module
200‧‧‧Client
210‧‧‧ Data Acquisition Module
220‧‧‧Customer Signature Module
230‧‧‧Data Transmission Module
240‧‧‧File Decoding Module
250‧‧‧Bus computing module
260‧‧‧Customer Decryption Module
270‧‧‧Document verification module
280‧‧‧ input module
290‧‧‧Display module
500‧‧‧Certified electronic document Step 301‧‧‧Service server provides sample electronic file Step 310‧‧‧Service server requires client to input input data Step 320‧‧‧Service server combination input data and template electronic file to generate Original electronic document step 330‧‧‧ The client signs the original electronic document to generate the customer signature data Step 340‧‧‧ The service server verifies the customer signature according to the original electronic document and generates the service signature information. Step 350‧ ‧Verification server verifies that the customer signature information and service signature information are correct and generates verification signature data. Step 360‧‧‧Service server encodes original electronic documents, customer signature information, service signature information and verification signature data To generate visualized certification data Step 370‧‧‧ Service server merges original electronic documents and visualized certification data into certified electronic documents with electronic and paper certification steps. Steps ‧ ‧ Provide certification for electronic and paper certification Electronic document step 410‧‧‧ Access to certification information Step 420‧‧ Access to original electronic documents, service signature information, customer signature information, and verification signature information. Step 440‧‧ ‧ Generate corresponding document hash values based on the original electronic document. Step 450‧‧ Decrypt customer signature information, service sign Chapter data, and verification signature information, to generate customer signature hash value, service signature hash value, verification signature hash value step 470‧‧ ‧ based on file hash value, customer signature hash value, service signature hash value, And verifying the signature hash value to determine whether the authentication electronic document has passed the verification step 471‧‧ ‧ whether the document hash value is the same as the customer signature hash value. Step 472‧‧‧ Generate the first verification hash value based on the file hash value and the customer signature data Step 474‧‧‧ Determine whether the first verification hash value is the same as the service signature hash value Step 475‧‧‧ Generate a second verification hash value based on the file hash value and the service signature data Step 477‧‧‧ Determine the second verification hash value Whether the hash value of the service signature is the same. Step 478‧‧‧Certification of the electronic document through the verification step 479‧‧ Pieces can not be verified

第1圖為本創作所提之產生具電子認證與紙本認證的認證電子文件之系統架構圖。 第2圖為本創作所提之驗證認證電子文件之客戶端之元件示意圖。 第3圖為本創作所提之產生電子認證與紙本認證的認證電子文件之方法流程圖。 第4A圖為本創作所提之驗證認證電子文件之方法流程圖。 第4B圖為本創作所提之驗證認證電子文件之詳細方法流程圖。 第5圖為本創作實施例所提之認證電子文件之示意圖。Figure 1 is a system architecture diagram of the authoritative electronic document for electronic and paper certification. Figure 2 is a schematic diagram of the components of the client of the verification and certification electronic file proposed by the author. Figure 3 is a flow chart of the method for creating an electronic document for electronic authentication and paper certification. Figure 4A is a flow chart of the method for verifying the authentication electronic file proposed by the author. Figure 4B is a flow chart of the detailed method of verifying the authentication electronic file proposed by the author. Figure 5 is a schematic diagram of the authentication electronic file proposed in the creative embodiment.

500‧‧‧認證電子文件 500‧‧‧Certified electronic documents

Claims (10)

一種產生具電子認證與紙本認證的認證電子文件之裝置,該裝置與一驗證伺服器連接,並提供一客戶端連接,該裝置至少包含:一文件提供模組,用以提供一樣板電子文件;一資料傳輸模組,用以接收該客戶端所傳送之與該樣板電子文件相對應之一輸入資料;一資料處理模組,用以組合該輸入資料及該樣板電子文件為一原始電子文件,藉以由該資料傳輸模組傳送該原始電子文件至該客戶端,及用以驗證該資料傳輸模組接收自該客戶端之一客戶簽章資料;一服務簽章模組,用以依據該原始電子文件產生相對應之一服務簽章資料,藉以由該資料傳輸模組傳送該原始電子文件、該客戶簽章資料及該服務簽章資料至該驗證伺服器,並接收該驗證伺服器依據該原始電子文件產生之一驗證簽章資料;一資料編碼模組,用以對該原始電子文件、該客戶簽章資料、該服務簽章資料及該驗證簽章資料進行編碼以產生一可視化之認證資料;及一文件合併模組,用以合併該原始電子文件及該認證資料為一具電子認證與紙本認證之認證電子文件。 A device for generating an electronic document having electronic authentication and paper certification, the device being connected to a verification server and providing a client connection, the device comprising at least: a file providing module for providing the same electronic file a data transmission module for receiving one of the input data corresponding to the template electronic file transmitted by the client; a data processing module for combining the input data and the template electronic file as an original electronic file And transmitting, by the data transmission module, the original electronic file to the client, and verifying that the data transmission module receives a customer signature data from the client; a service signature module for The original electronic file generates a corresponding service signature data, whereby the original electronic file, the customer signature data and the service signature data are transmitted by the data transmission module to the verification server, and the verification server is received. The original electronic file generates one of the verification signature materials; a data encoding module for the original electronic document, the customer signature data, The service signature information and the verification signature data are encoded to generate a visualized authentication material; and a document combining module for combining the original electronic document and the authentication material is an electronic certificate and a paper authentication certification electronic file. 如申請專利範圍第1項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該資料編碼模組是依據整份該原始電子文件產生該可視化之認證資料,或是依據該原始電子文件中之每一頁分別產生該可視化之認證資料。 The device for verifying an electronic certificate for electronic certification and paper certification according to the first aspect of the patent application, wherein the data encoding module generates the visualized authentication data according to the entire original electronic file, or according to the Each of the original electronic files produces the visualized authentication material. 如申請專利範圍第1項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該輸入資料是文字資料或圖片資料,或是文字資料與圖片資料的組合。 For example, the device for verifying electronic documents and electronically certified electronic documents according to the first aspect of the patent application, wherein the input data is a text material or a picture material, or a combination of text data and image data. 如申請專利範圍第1項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該資料處理模組更用以配置該原始電子文件中每一頁之內容。 The device for verifying the electronic certificate and the paper-certified authentication electronic file according to the first aspect of the patent application, wherein the data processing module is further configured to configure the content of each page in the original electronic file. 一種產生具電子認證與紙本認證的認證電子文件之裝置,該裝置與一驗證伺服器連接,並提供一客戶端連接,該裝置至少包含:一文件提供模組,用以提供一樣板電子文件;一資料傳輸模組,用以接收該客戶端所傳送之一認證資料;一資料處理模組,用以依據該認證資料讀取與該樣板電子文件相對應之一客戶資料,並組合該客戶資料及該樣板電子文件為一原始電子文件;一服務簽章模組,用以依據該原始電子文件產生相對應之一服務簽章資料,藉以由該資料傳輸模組傳送該原始電子文件及該服務簽章資料至該驗證伺服器,並接收該驗證伺服器依據該原始電子文件產生之一驗證簽章資料;一資料編碼模組,用以對該原始電子文件、該服務簽章資料及該驗證簽章資料進行編碼以產生一可視化之認證資料;及一文件合併模組,用以合併該原始電子文件及該認證資料為一具電子認證與紙本認證之認證電子文件。 A device for generating an electronic document having electronic authentication and paper certification, the device being connected to a verification server and providing a client connection, the device comprising at least: a file providing module for providing the same electronic file a data transmission module for receiving one of the authentication materials transmitted by the client; a data processing module for reading one of the customer data corresponding to the template electronic file according to the authentication data, and combining the customer The data and the template electronic file are an original electronic file; a service signature module is configured to generate a corresponding service signature data according to the original electronic file, so that the original electronic file is transmitted by the data transmission module and the Serving the signature data to the verification server, and receiving the verification server to generate one of the verification signature data according to the original electronic file; a data encoding module for the original electronic file, the service signature data and the Verifying that the signature data is encoded to produce a visualized authentication material; and a document merging module for merging the original electronic document and Certification data for an electronic certification and paper certification of certified electronic documents. 如申請專利範圍第5項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該資料編碼模組是依據整份該原始電子文件產生該可視 化之認證資料,或是依據該原始電子文件中之每一頁分別產生該可視化之認證資料。 An apparatus for verifying an electronic document having electronic certification and paper certification as described in claim 5, wherein the data encoding module generates the visual based on the entire original electronic file. The certification information is generated, or the visualized certification data is generated according to each page in the original electronic document. 如申請專利範圍第5項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該客戶資料是文字資料或圖片資料,或是文字資料與圖片資料的組合。 For example, the device for verifying electronic documents and electronically certified electronic documents according to item 5 of the patent application scope, wherein the customer data is a text material or a picture material, or a combination of text data and image data. 如申請專利範圍第5項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該資料處理模組更用以配置該原始電子文件中每一頁之內容。 For example, the device for verifying the electronic certificate and the paper-certified authentication electronic file described in claim 5, wherein the data processing module is further configured to configure the content of each page in the original electronic file. 一種驗證具電子認證與紙本認證的認證電子文件之裝置,該裝置與一驗證伺服器連接,該裝置至少包含:一資料獲取模組,用以由預先被提供之一認證電子文件中獲取一認證資料;一文件解碼模組,用以依據該認證資料獲取一原始電子文件、一服務簽章資料、及一驗證簽章資料;一客戶解密模組,用以解密該服務簽章資料以取得一服務簽章雜湊值,及解密該驗證簽章資料以取得一驗證簽章雜湊值;一雜湊運算模組,用以依據該原始電子文件產生一文件雜湊值;及一文件驗證模組,用以依據該文件雜湊值、該服務簽章雜湊值、及該驗證簽章雜湊值判斷該認證電子文件是否通過驗證。 A device for verifying an electronic file with electronic authentication and paper certification, the device being connected to a verification server, the device comprising at least: a data acquisition module for acquiring one of the electronic files provided in advance by one of the authentication files a document decoding module, configured to obtain an original electronic file, a service signature data, and a verification signature data according to the authentication data; a client decryption module for decrypting the service signature data to obtain a service signature hash value, and decrypting the verification signature data to obtain a verification signature hash value; a hash operation module for generating a file hash value based on the original electronic file; and a file verification module Whether the authentication electronic file passes the verification is determined according to the hash value of the file, the service signature hash value, and the verification signature hash value. 如申請專利範圍第9項所述之驗證具電子認證與紙本認證的認證電子文件之裝置,其中該文件解碼模組更用以依據該認證資料獲取一客戶簽章資料,該客戶解密模組更用以解密該客戶簽章資料以取得一客戶簽章雜湊值, 該雜湊運算模組更用以依據該文件雜湊值與該客戶簽章資料產生一第一驗證雜湊值及依據該文件雜湊值與該服務簽章資料產生一第二驗證雜湊值,該文件驗證模組更用以於該文件雜湊值與該客戶簽章雜湊值相符、該第一驗證雜湊值與該服務簽章雜湊值相符、且該第二驗證雜湊值與該驗證簽章雜湊值相符時,判斷該認證電子文件通過驗證。 For example, the device for verifying electronic documents and electronically certified electronic documents according to claim 9 of the patent application scope, wherein the file decoding module is further configured to obtain a customer signature data according to the authentication data, the customer decryption module More used to decrypt the customer signature information to obtain a customer signature hash value, The hash computing module is further configured to generate a first verification hash value according to the file hash value and the customer signature data, and generate a second verification hash value according to the file hash value and the service signature data, the file verification mode The group is further configured to match the hash value of the file to the customer signature hash value, the first verification hash value is consistent with the service signature hash value, and the second verification hash value matches the verification signature hash value. It is judged that the authentication electronic file passes the verification.
TW104218643U 2015-11-20 2015-11-20 Device for generating and identifying electronic document containing electronic authentication and paper authentication TWM520159U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104218643U TWM520159U (en) 2015-11-20 2015-11-20 Device for generating and identifying electronic document containing electronic authentication and paper authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104218643U TWM520159U (en) 2015-11-20 2015-11-20 Device for generating and identifying electronic document containing electronic authentication and paper authentication

Publications (1)

Publication Number Publication Date
TWM520159U true TWM520159U (en) 2016-04-11

Family

ID=56362261

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104218643U TWM520159U (en) 2015-11-20 2015-11-20 Device for generating and identifying electronic document containing electronic authentication and paper authentication

Country Status (1)

Country Link
TW (1) TWM520159U (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI620138B (en) * 2016-11-22 2018-04-01 Chunghwa Telecom Co Ltd Remote authentication method for remote account opening
TWI669627B (en) * 2017-10-18 2019-08-21 東海大學 File protection component and its protection method
TWI711975B (en) * 2017-03-29 2020-12-01 楊建綱 Multi-dimensional barcode mobile identity authentication method and authentication server mechanism
TWI742429B (en) * 2019-09-17 2021-10-11 臺灣網路認證股份有限公司 System for displaying signature message of portable document format file in web page and method thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI620138B (en) * 2016-11-22 2018-04-01 Chunghwa Telecom Co Ltd Remote authentication method for remote account opening
TWI711975B (en) * 2017-03-29 2020-12-01 楊建綱 Multi-dimensional barcode mobile identity authentication method and authentication server mechanism
TWI669627B (en) * 2017-10-18 2019-08-21 東海大學 File protection component and its protection method
TWI742429B (en) * 2019-09-17 2021-10-11 臺灣網路認證股份有限公司 System for displaying signature message of portable document format file in web page and method thereof

Similar Documents

Publication Publication Date Title
US20220239499A1 (en) System and method for high trust cloud digital signing
US11093652B2 (en) Web-based method and system for applying a legally enforceable signature on an electronic document
US20190005268A1 (en) Universal original document validation platform
US20190319948A1 (en) Remote authentication and identification proofing systems and methods
US8949706B2 (en) Systems and methods for distributed electronic signature documents
US20080091954A1 (en) Method and system for facilitating printed page authentication, unique code generation and content integrity verification of documents
US20130247218A1 (en) System And Method For Verifying Authenticity Of Documents
US8085445B2 (en) Method to certify facsimile transmissions
US20100161993A1 (en) Notary document processing and storage system and methods
JP3853528B2 (en) Authentication management system and authentication management method
US9978112B2 (en) System and method for digital watermarking
CN1858793A (en) Electronic contract managing system operation platform
MX2013007923A (en) High value document authentication system & method.
US20150063657A1 (en) System and Method for Digitally Watermarking Digital Facial Portraits
US20150063658A1 (en) System and Method for Digital Watermarking
TWM520159U (en) Device for generating and identifying electronic document containing electronic authentication and paper authentication
Yahya et al. A new academic certificate authentication using leading edge technology
TWI595380B (en) Device for generating or verifying authenticate electronic document with electronic and paper certification and method thereof
US20080022109A1 (en) Electronic data disclosure method and system
US20150063656A1 (en) System and Method for Digitally Watermarking Digital Facial Portraits
CN117980895A (en) Secure signing method, device and system
TW201504833A (en) System for generating and verifying visual electronic authentication document and methods thereof
Shaik Preventing forged and fabricated academic credentials using cryptography and QR codes
US20220164480A1 (en) System for generating a digital handwritten signature using a mobile device
JP2017175377A (en) Time stamp storage server, portable terminal, electronic data storage server, time stamp storage program, portable terminal program, and electronic data storage program