TWM578053U - System for generating signing documents sequentially providing the signature for the signing party - Google Patents
System for generating signing documents sequentially providing the signature for the signing party Download PDFInfo
- Publication number
- TWM578053U TWM578053U TW108200689U TW108200689U TWM578053U TW M578053 U TWM578053 U TW M578053U TW 108200689 U TW108200689 U TW 108200689U TW 108200689 U TW108200689 U TW 108200689U TW M578053 U TWM578053 U TW M578053U
- Authority
- TW
- Taiwan
- Prior art keywords
- signature
- file
- server
- client
- document
- Prior art date
Links
Abstract
一種依順序提供簽章對象簽章以產生簽章文件之系統,其透過文件主機依據所取得之原始文件的類別定義簽章順序並產生包含原始文件與簽章順序的目標文件,簽章伺服器依據簽章順序依序將包含目標文件的電子文件提供給簽章對象簽章以產生簽章文件後,將簽章文件傳送給簽章對象的使用者或擁有者保存之技術手段,可以確保電子文件不會被替換,並達成在電子文件中提供近似印鑑的技術功效。A system for providing a signature object signature in order to generate a signature document, which defines a signature order according to the category of the original document obtained by the file host and generates an object file including the original file and the signature order, and the signature server According to the signature order, the electronic file containing the target file is sequentially provided to the signature object signature to generate the signature file, and the signature file is transmitted to the user or the owner of the signature object to save the electronic means to ensure the electronic The document will not be replaced and the technical effect of providing an approximate seal in the electronic file will be achieved.
Description
一種文件簽章系統,特別係指一種依順序提供簽章對象簽章以產生簽章文件之系統。A document signing system, in particular, a system for providing a signature object signature in order to generate a signature document.
由於保存列印於紙本上的文件需要合適的環境,否則紙本容易遭到汙損,而除了環境的因素之外,紙本文件也需要空間來保存,因此,紙本文件的保存需要一定的成本。Since the documents stored on the paper need a suitable environment, the paper is easily stained, and in addition to the environmental factors, the paper documents need space to be saved. Therefore, the preservation of the paper documents needs to be fixed. the cost of.
而隨著資訊處理技術與通信技術的快速發展,由於電子文件不容易因為環境因素而遭到破壞,且幾乎不需要保存空間,這造成紙本文件逐漸轉變為電子文件的趨勢。不過,相對的,電子文件比紙本文件容易被竊取、篡改、或偽造,也就是說電子文件的安全性也較紙本文件來得低。With the rapid development of information processing technology and communication technology, electronic files are not easily destroyed by environmental factors, and there is almost no need to save space, which causes the trend of paper documents to be gradually converted into electronic files. However, in contrast, electronic documents are easier to steal, falsify, or falsify than paper documents, which means that electronic documents are less secure than paper documents.
也因此,目前對於竊取電子文件的防範,可藉由加解密技術將電子文件加密而確保電子文件的安全性,而對於偽造或篡改電子文件的防範,則可利用數位簽章技術而保證電子文件的正確性。Therefore, at present, for the prevention of stealing electronic files, electronic files can be encrypted by encryption and decryption technology to ensure the security of electronic files, and for the prevention of falsification or tampering with electronic files, digital signature technology can be used to ensure electronic files. The correctness.
不過,在某些情況下,電子文件可能在被簽章之前就已被替換,例如使用者操作客戶端連線到電子文件提供者所提供之伺服器時,由於使用者可能無法以肉眼確認進行簽章作業之電子文件的內容,因此,有心人士可以讓使用者所瀏覽的文件內容與被簽章之電子文件的內容有所出入,造成使用者的損失。However, in some cases, the electronic file may have been replaced before it was signed. For example, when the user operates the client to connect to the server provided by the electronic file provider, the user may not be able to confirm with the naked eye. The content of the electronic file of the signature operation, therefore, the interested person can make the content of the file browsed by the user inconsistent with the content of the electronic document being signed, resulting in loss of the user.
綜上所述,可知先前技術中長期以來一直存在電子文件可能在簽章前就被替換的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that in the prior art, there has been a long-standing problem that electronic documents may be replaced before the signature, and therefore it is necessary to propose an improved technical means to solve this problem.
有鑒於先前技術存在電子文件可能在簽章前就被替換的問題,本創作遂揭露一種依順序提供簽章對象簽章以產生簽章文件之系統,其中:In view of the problem that prior art electronic documents may be replaced before the signature, the present disclosure discloses a system for providing signature signatures in order to generate signature documents, wherein:
本創作所揭露之依順序提供簽章對象簽章以產生簽章文件之系統,至少包含:客戶端,用以提供內容參數;文件主機,用以取得原始文件,並依據原始文件之類別定義簽章順序,及用以產生包含簽章順序及原始文件之目標文件,並產生與目標文件對應之文件識別資料,其中,原始文件包含內容參數;簽章伺服器,用以接收文件主機所傳送之目標文件及文件識別資料,及用以依據簽章順序依序提供多個簽章對象對電子文件簽章以產生簽章文件,並傳送簽章文件至客戶端,其中,簽章對象包含客戶端及簽章伺服器,簽章文件包含簽章對象所產生之記載文件識別資料之可視化資料,且簽章順序所表示之第一個簽章對象對電子文件簽章時,電子文件為目標文件,簽章順序所表示之非第一個簽章對象對電子文件簽章時,電子文件為簽章順序所表示之前一個簽章對象進行簽章後所產生之作業文件;存查伺服器,用以接收並儲存簽章伺服器所傳送之簽章文件。The system disclosed in the present invention provides a signature object signature in order to generate a signature file, and at least includes: a client for providing content parameters; a file host for obtaining the original file, and defining the signature according to the category definition of the original document a sequence of chapters, and a target file for generating a signature sequence and an original file, and generating file identification data corresponding to the target file, wherein the original file includes content parameters; the signature server is configured to receive the file host The target file and the file identification data, and the plurality of signature objects are sequentially provided according to the signature order to sign the electronic file to generate the signature file, and the signature file is transmitted to the client, wherein the signature object includes the client And the signature server, the signature file contains the visualized data of the document identification data generated by the signature object, and the electronic signature is the target file when the first signature object indicated by the signature sequence is for the electronic document signature. When the signature of the signature is not the first signature of the signature object, the electronic signature is the signature of the previous signature. After the job files generated by the signature object; reference purposes server for receiving and storing the transmitted signature the signature file server.
本創作所揭露之系統如上,與先前技術之間的差異在於本創作透過文件主機依據所取得之原始文件的類別定義簽章順序並產生包含原始文件與簽章順序的目標文件,簽章伺服器依據簽章順序依序將包含目標文件的電子文件提供給簽章對象簽章以產生簽章文件後,將簽章文件傳送給簽章對象的使用者或擁有者保存,藉以解決先前技術所存在的問題,並可以達成在電子文件中提供近似印鑑的技術功效。The system disclosed in the present application is as above, and the difference from the prior art is that the author defines the signature order according to the category of the original document obtained by the file host and generates an object file containing the original file and the signature order, the signature server. According to the signature order, the electronic file containing the target file is sequentially provided to the signature object signature to generate the signature file, and the signature file is transmitted to the user or owner of the signature object to save the prior art. The problem, and can achieve the technical effect of providing an approximate seal in an electronic file.
以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。The features and implementations of the present invention will be described in detail below in conjunction with the drawings and the embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.
本創作可以由簽章伺服器控制待簽章之電子文件依據簽章順序在簽章對象之間傳遞,並限制只能由特定的計算設備或應用程式才能對電子文件簽章,藉以確保待簽章之電子文件不會被計算設備或應用程式的使用者修改,同時保證待簽章之電子文件不會被文件提供者替換。另外,本創作也可以提供客戶端確認所持有之簽章文件中的文件內容是否與原件內容相符。The creation of the electronic document to be signed by the signature server can be passed between the signature objects according to the signature order, and the electronic document can only be signed by a specific computing device or application, thereby ensuring that the signature is to be signed. The electronic file of the chapter will not be modified by the user of the computing device or application, and the electronic file to be signed will not be replaced by the file provider. In addition, this creation can also provide the client to confirm whether the contents of the document in the signature file held by the client match the original content.
本創作所提之簽章順序可以記錄簽章對象的先後次序,其中,簽章對象為需要對電子文件簽章的計算設備及/或應用程式,且簽章對象是以相對應的對象識別資料表示。The signature sequence proposed in this creation can record the order of the signature objects, wherein the signature object is a computing device and/or an application that needs to sign the electronic file, and the signature object is the corresponding object identification data. Said.
本創作所提之計算設備包含但不限於一個或多個處理器、一個或多個記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等元件。透過所包含之多個元件,計算設備可以載入並執行作業系統,使作業系統在計算設備上運行。例如:個人電腦、筆記型電腦、手機、平板、智慧手錶、導航裝置、數位相機、電視、投影機、電子書閱讀器、多媒體撥放器、電視遊樂器、電子字典、車用電腦等,但本創作並不以此為限。The computing devices referred to in this creation include, but are not limited to, one or more processors, one or more memory modules, and components such as bus bars that connect different components, including memory modules and processors. Through the various components included, the computing device can load and execute the operating system to cause the operating system to run on the computing device. For example: personal computers, notebook computers, mobile phones, tablets, smart watches, navigation devices, digital cameras, televisions, projectors, e-book readers, multimedia players, video games, electronic dictionaries, car computers, etc., but This creation is not limited to this.
本創作所提之計算設備的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。The bus of the computing device proposed by the present application may include one or more types, for example, including a data bus, an address bus, a control bus, and an expansion bus ( Expansion bus), and / or local bus and other types of bus. Busbars for computing devices include, but are not limited to, side-by-side industry standard architecture (ISA) busses, peripheral component interconnect (PCI) busses, video electronic standards associations (VESA) local busses, and tandem universal sequence busses (USB), Fast Peripheral Component Interconnect (PCI-E) bus, etc.
本創作所提之計算設備的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。若計算設備為多處理器設備,也就是計算設備包含多個處理器,則計算設備所包含的處理器都相同或類似,且透過匯流排耦接與通訊。The processor of the computing device proposed by the present invention is coupled to the bus bar. The processor includes a register group or a scratchpad space, and the scratchpad group or scratchpad space can be completely disposed on the processing wafer, or all or part of the processor is disposed outside the processing chip and via a dedicated electrical connection. And/or coupled to the processor via a bus. The processor can be a processing unit, a microprocessor, or any suitable processing element. If the computing device is a multi-processor device, that is, the computing device includes multiple processors, the computing device includes the same or similar processors and is coupled and communicated through the bus.
計算設備的處理器可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。The processor of the computing device can be coupled to the chip set or electrically connected to the chip set through the bus bar. The chipset is composed of one or more integrated circuits (ICs), including a memory controller and a peripheral input/output (I/O) controller, that is, the memory controller and the peripheral output controller can be included in In an integrated circuit, two or more integrated circuits can also be used. The chipset typically provides input and memory management functions, as well as providing a plurality of general purpose and/or dedicated registers, timers, etc., wherein the general purpose and/or dedicated registers and timers are coupled or One or more processors electrically coupled to the chip set are accessed or used.
計算設備的處理器也可以透過記憶體控制器存取安裝於計算設備上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory, NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟、磁帶機、隨身碟(快閃記憶體)、固態硬碟(Solid State Disk, SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。The processor of the computing device can also access the data stored in the memory module and the large-capacity storage area of the computing device through the memory controller. The above memory module includes any type of volatile memory and/or non-volatile memory (NVRAM) memory, such as static random access memory (SRAM), dynamic random access. Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The mass storage area described above may include any type of storage device or storage medium, such as a hard disk drive, a compact disc, a tape drive, a flash drive (flash memory), a solid state disk (SSD), or any Other storage devices, etc. That is to say, the memory controller can access data in the static random access memory, the dynamic random access memory, the flash memory, the hard disk drive, and the solid state hard disk.
計算設備的處理器也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、以及GPS接收器等周邊裝置或介面通訊。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、3G/4G/5G等行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路設備、非同步傳輸模式(ATM)設備、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠進行資料的輸入與輸出,也能夠與具有上述描述之元件的另一個計算設備進行通訊。The processor of the computing device can also communicate with the peripheral device or interface such as the peripheral output device, the peripheral input device, the communication interface, and the GPS receiver through the peripheral output/input bus through the peripheral output/input controller. The peripheral input device can be any type of input device, such as a keyboard, a mouse, a trackball, a trackpad, a rocker, etc., and the peripheral output device can be any type of output device, such as a display, a printer, etc., peripheral input device It can also be the same device as the peripheral output device, such as a touch screen. The communication interface can include a wireless communication interface and/or a wired communication interface, and the wireless communication interface can include a wireless communication network such as Wi-Fi, Zigbee, Bluetooth, infrared, near field communication (NFC), 3G/4G/5G, etc. The interface of the road or other wireless data transmission protocol, the wired communication interface can be an Ethernet device, an asynchronous transfer mode (ATM) device, a DSL data machine, a cable (data) data machine, and the like. The processor can periodically poll various peripheral devices and interfaces to enable the computing device to perform input and output of data, as well as to communicate with another computing device having the elements described above.
以下先以「第1圖」本創作所提之依順序提供簽章對象簽章以產生簽章文件之系統架構圖來說明本創作的系統。如「第1圖」所示,本創作之系統含有文件主機120、簽章伺服器130、客戶端150、存查伺服器160,以及可附加的公證伺服器170。其中,文件主機120、簽章伺服器130、客戶端150、存查伺服器160、及公證伺服器170均為計算設備,且在實務上,文件主機120、簽章伺服器130、以及存查伺服器160所提供的功能可以任意分散到多個不同的計算設備或組合在相同的計算設備中。In the following, the system of the signature of the signature document is provided in the order in which the "1st picture" is created in order to produce the system diagram of the signature document. As shown in "FIG. 1", the system of the present creation includes a file host 120, a signature server 130, a client 150, a check server 160, and an attachable notary server 170. The file host 120, the signature server 130, the client 150, the check server 160, and the notary server 170 are all computing devices, and in practice, the file host 120, the signature server 130, and the check server The functionality provided by 160 can be arbitrarily distributed across multiple different computing devices or combined in the same computing device.
文件主機120可以與簽章伺服器130連接,在部分的實施例中,文件主機120也可以與存查伺服器160連接。文件主機120可以傳送資料或訊號給簽章伺服器130及存查伺服器160,也可以接收存查伺服器160所傳送的資料或訊號。其中,文件主機120可以透過通訊介面使用有線網路或無線網路與簽章伺服器130、及存查伺服器160連接,本創作沒有特別的限制。The file host 120 can be coupled to the signature server 130. In some embodiments, the file host 120 can also be coupled to the check server 160. The file host 120 can transmit the data or signal to the signature server 130 and the search server 160, and can also receive the data or signals transmitted by the storage server 160. The file host 120 can be connected to the signature server 130 and the check server 160 through a communication interface using a wired network or a wireless network. The creation is not particularly limited.
文件主機120負責接收服務伺服器400所提供的原始文件,並負責依據所取得之原始文件的類別決定簽章對象,並定義各簽章對象的簽章順序。本創作所提之簽章對象包含客戶端150以及簽章伺服器130,在部分的實施例中,簽章對象還可以包含公證伺服器170。The file host 120 is responsible for receiving the original file provided by the service server 400, and is responsible for determining the signature object according to the type of the original file obtained, and defining the signature order of each signature object. The signature object proposed by the present invention includes a client 150 and a signature server 130. In some embodiments, the signature object may further include a notary server 170.
文件主機120也負責產生目標文件以及與目標文件對應的文件識別資料,其中,文件主機所產生的目標文件包含所定義之簽章順序以及取得自服務伺服器400之原始文件;本創作所提之文件識別資料可以由任意數量的文字、字母、數字、與符號任意排列產生,一般而言,文件識別資料為唯一值,也就是說目標文件所對應之文件識別資料通常不會重複。The file host 120 is also responsible for generating the target file and the file identification data corresponding to the target file, wherein the object file generated by the file host includes the defined signature sequence and the original file obtained from the service server 400; The file identification data can be randomly arranged by any number of characters, letters, numbers, and symbols. Generally speaking, the file identification data is a unique value, that is, the file identification data corresponding to the target file is usually not repeated.
文件主機120可以接收服務伺服器400所傳送的存取參數,並可以依據所接收到之存取參數設定所產生之目標文件的存取權限,也可以將所設定之存取權限傳送至存查伺服器160儲存。文件主機120所設定之存取權限可以是可存取之身分的權限,例如不限任何人可存取目標文件或限制僅特定人可存取目標文件;也可以是可存取之次數的權限,例如限制每日或每小時等單位時間內可存取的次數等。但本創作所提之存取權限並不以上述為限,凡可以用來限制存取目標文件的條件都可以作為存取權限在本創作中被使用,透過存取權限來可以降低使用者之敏感資料被曝光的可能性。The file host 120 can receive the access parameters transmitted by the service server 400, and can set the access rights of the generated target files according to the received access parameters, or can transfer the set access rights to the search servo. The device 160 stores. The access authority set by the file host 120 may be the right to access the identity, for example, no one can access the target file or restrict only the specific person to access the target file; or may be the accessable number of times For example, limit the number of times that can be accessed per unit time, such as daily or hourly. However, the access rights provided by this creation are not limited to the above. Any conditions that can be used to restrict access to the target file can be used as access rights in this creation. The possibility of sensitive information being exposed.
在部分的實施例中,文件主機120可以儲存所產生的目標文件,也可以儲存存查伺服器160所傳來的簽章文件。文件主機120也可以將所產生的存取權限傳送至存查伺服器160儲存。In some embodiments, the file host 120 may store the generated object file or store the signature file sent by the server 160. The file host 120 can also transfer the generated access rights to the check server 160 for storage.
簽章伺服器130可以與客戶端150、文件主機120、存查伺服器160、以及公證伺服器170連接。簽章伺服器130可以傳送資料或訊號給客戶端150、文件主機120、存查伺服器160、以及公證伺服器170,也可以接收客戶端150、文件主機120、存查伺服器160、以及公證伺服器170所傳送的資料或訊號。其中,簽章伺服器130可以透過通訊介面使用有線網路或無線網路與客戶端150、文件主機120、存查伺服器160、以及公證伺服器170連接,本創作沒有特別的限制。The signature server 130 can be coupled to the client 150, the file host 120, the check server 160, and the notary server 170. The signature server 130 can transmit data or signals to the client 150, the file host 120, the check server 160, and the notary server 170, and can also receive the client 150, the file host 120, the check server 160, and the notarized server. 170 transmitted data or signals. The signature server 130 can be connected to the client 150, the file host 120, the check server 160, and the notary server 170 through a communication interface using a wired network or a wireless network. The creation is not particularly limited.
簽章伺服器130負責接收文件主機120所傳送的目標文件以及與目標文件對應的文件識別資料。簽章伺服器130也負責依據目標文件中所記錄的簽章順序,將電子文件依序提供簽章順序所表示之各個簽章對象,使得各個簽章對象對電子文件簽章以產生新的電子文件。其中,簽章對象所產生之新的電子文件包含簽章對象所簽章之電子文件以及簽章所產生的簽章資料。值得一提的,當簽章對象為簽章伺服器130自身時,簽章伺服器130可以對電子文件簽章,藉以產生新的電子文件。The signature server 130 is responsible for receiving the target file transmitted by the file host 120 and the file identification data corresponding to the target file. The signature server 130 is also responsible for sequentially providing the electronic document in each of the signature objects represented by the signature sequence according to the signature sequence recorded in the target file, so that each signature object signs the electronic document to generate a new electronic file. Among them, the new electronic file generated by the signature object contains the electronic document signed by the signature object and the signature information generated by the signature. It is worth mentioning that when the signature object is the signature server 130 itself, the signature server 130 can sign the electronic file to generate a new electronic file.
需要說明的是,在本創作中,若對電子文件簽章之簽章對象為簽章順序所表示之第一個簽章對象時,被簽章的電子文件為文件主機120提供給簽章伺服器130的目標文件,被產生之新的電子文件在本創作被稱為「作業文件」;若簽章對象為簽章順序所表示之最後一個簽章對象時,被簽章的電子文件為簽章順序中排列在簽章對象之前的另一個簽章對象進行簽章後所產生之作業文件,被產生之新的電子文件在本創作中被稱為「簽章文件」;而若簽章對象不是簽章順序所表示之第一個簽章對象,也不是最後一個簽章對象時,被簽章的電子文件為簽章順序中排列在簽章對象之前的另一個簽章對象進行簽章後所產生之作業文件,被產生之新的電子文件也同樣是新的作業文件。例如,簽章順序記錄的三個簽章對象,順序分別為第一裝置、第二裝置、以及第三裝置,則簽章伺服器130可以先將目標文件提供給第一裝置簽章以產生第一作業文件,接著,簽章伺服器130可以再將第一作業文件提供給第二裝置簽章以產生第二作業文件,最後,簽章伺服器130可以將第二作業文件提供給第三裝置以產生簽章文件。It should be noted that, in the present creation, if the signature object of the electronic document signature is the first signature object indicated by the signature order, the signed electronic file is provided to the signature server 120 for the document host 120. The target file of the device 130, the new electronic file generated is referred to as a "job file" in the present creation; if the signature object is the last signature object indicated by the signature order, the signed electronic document is a signature The job file generated after the signature of another signature object in front of the signature object in the chapter order, the new electronic file generated is called "signature document" in this creation; and if the signature object Not the first signature object represented by the signature order, nor the last signature object, the signed electronic file is signed for another signature object arranged before the signature object in the signature order. The resulting work file, the resulting new electronic file, is also a new work file. For example, the three signature objects recorded in the signature sequence are the first device, the second device, and the third device, respectively, and the signature server 130 may first provide the target file to the first device signature to generate the first a job file, and then the signature server 130 can provide the first job file to the second device signature to generate a second job file. Finally, the signature server 130 can provide the second job file to the third device. To generate a signature document.
另外,當簽章對象不是簽章順序所表示的第一個簽章對象時,簽章對象還可以在進行簽章前,先確認作業文件是否經過變造,排列在簽章順序之前的簽章對象的簽章是否確實完成。例如,簽章順序記錄的三個簽章對象,順序分別為第一裝置、第二裝置、以及第三裝置時,第二裝置可以確認所接收到的作業文件是否經過變造,並確認所接收到之作業文件中是否包含第一裝置的簽章;第三裝置可以確認所接收到的作業文件是否經過變造,並確認所接收到之作業文件中是否包含第一裝置與第二裝置的簽章。In addition, when the signature object is not the first signature object represented by the signature order, the signature object can also confirm whether the job file has been altered before the signature is signed, and the signature is arranged before the signature order. Whether the signature of the object is indeed completed. For example, when the three signature objects recorded in the signature sequence are the first device, the second device, and the third device, respectively, the second device can confirm whether the received job file has been altered, and confirm the received. Whether the signature of the first device is included in the job file; the third device can confirm whether the received job file has been altered, and confirm whether the received job file includes the sign of the first device and the second device. chapter.
在部分的實施例中,簽章伺服器130也可以將文件主機120所產生的文件識別資料傳送給簽章對象,使得簽章對象可以在對電子文件簽章前或簽章後產生可視化資料,並可以將所產生之可視化資料加入簽章對象所產生之新的電子文件中。本創作所提之可視化資料為可以記載接收自簽章伺服器130之文件識別資料的資料,例如,圖形或條碼等,但本創作並不以此為限。可視化資料甚至可以嵌入與簽章對象對應的圖示、記號、標誌、商標等可以表示簽章對象的圖形。In some embodiments, the signature server 130 can also transmit the file identification data generated by the file host 120 to the signature object, so that the signature object can generate visual data before or after signing the electronic document. The generated visual data can be added to the new electronic file generated by the signature object. The visual data provided in the present creation is a material that can record the document identification data received from the signature server 130, such as a graphic or a bar code, but the present invention is not limited thereto. The visualization data can even embed graphics, symbols, logos, trademarks, etc. corresponding to the signature object, which can represent the signature object.
簽章伺服器130也負責將簽章文件傳送到客戶端150以及存查伺服器160。The signature server 130 is also responsible for transmitting the signature file to the client 150 and to the check server 160.
在部分的實施例中,簽章伺服器130也可以加密文件主機120所產生的文件識別資料。In some embodiments, the signature server 130 can also encrypt the file identification data generated by the file host 120.
客戶端150可以是專用於本創作的特定計算設備,也可以是安裝於一般計算設備中與本創作相容的應用程式,或可以是包含與本創作相容之特定電路的一般計算設備。Client 150 may be a particular computing device dedicated to the present authoring, or an application installed in a general computing device that is compatible with the present authoring, or may be a general computing device containing specific circuitry compatible with the present authoring.
客戶端150可以與簽章伺服器130、存查伺服器160、公證伺服器170連接,並可以傳送資料或訊號給簽章伺服器130、存查伺服器160、及公證伺服器170,也可以接收簽章伺服器130、存查伺服器160、及公證伺服器170所傳送的資料或訊號。其中,客戶端150可以透過通訊介面使用有線網路或無線網路與簽章伺服器130、存查伺服器160、及公證伺服器170連接,本創作沒有特別的限制。The client 150 can be connected to the signature server 130, the storage server 160, and the notary server 170, and can transmit data or signals to the signature server 130, the storage server 160, and the notary server 170, and can also receive the signature. The data or signal transmitted by the server 130, the check server 160, and the notary server 170. The client 150 can be connected to the signature server 130, the check server 160, and the notary server 170 through a communication interface using a wired network or a wireless network. The creation is not particularly limited.
客戶端150可以提供內容參數,也可以提供存取參數。在部分的實施例中,客戶端150可以透過服務伺服器400確認文件內容,並傳送內容參數(以及存取參數)至服務伺服器400,使得服務伺服器400產生包含客戶端150所提供之內容參數的原始文件,並將所產生的原始文件(以及存取參數)傳送給文件主機120。The client 150 can provide content parameters as well as access parameters. In some embodiments, the client 150 can confirm the file content through the service server 400 and transmit the content parameters (and access parameters) to the service server 400, so that the service server 400 generates the content provided by the client 150. The original file of the parameter is passed to the file host 120 for the resulting original file (and access parameters).
客戶端150也負責接收簽章伺服器130所傳送的電子文件,並負責對所接收到的電子文件簽章,藉以產生新的電子文件。客戶端150也負責將所產生之新的電子文件傳回簽章伺服器130。The client 150 is also responsible for receiving the electronic file transmitted by the signature server 130 and is responsible for signing the received electronic file to generate a new electronic file. The client 150 is also responsible for transmitting the generated new electronic file back to the signature server 130.
客戶端150也可以在接收簽章伺服器130所傳送之電子文件時,接收與所接收到之電子文件對應的文件識別資料。客戶端150也可以在對所接收到的電子文件簽章前或簽章後,依據所接收到之文件識別資料產生可視化資料,並可以將所產生的可視化資料加入簽章後所產生之新的電子文件中。The client 150 may also receive the file identification data corresponding to the received electronic file when receiving the electronic file transmitted by the signature server 130. The client 150 may also generate visual data according to the received document identification data before or after the signature of the received electronic document, and may add the generated visual data to the new one generated after the signature. In the electronic file.
客戶端150也負責接收簽章伺服器130所傳送的簽章文件。The client 150 is also responsible for receiving the signature file transmitted by the signature server 130.
在部分的實施例中,客戶端150也可以依據簽章文件中所包含的可視化資料取得可視化資料所記載的文件識別資料,並可以將所取得之文件識別資料傳送到公證伺服器170。一般而言,客戶端150可以掃描或擷取簽章文件中的可視化資料,藉以取得可視化資料所記載的文件識別資料。In some embodiments, the client 150 may also obtain the file identification data recorded by the visualization according to the visualization data included in the signature file, and may transmit the obtained file identification data to the notary server 170. In general, the client 150 can scan or retrieve the visualized data in the signature file to obtain the document identification data recorded in the visualized data.
客戶端150也可以接收公證伺服器170所傳送的信物。本創作所提之信物為具有時效性的資料,可以由任意數量的字母、數字、及符號任意排列而成。The client 150 can also receive the tokens transmitted by the notary server 170. The tokens proposed in this creation are time-sensitive materials and can be arbitrarily arranged by any number of letters, numbers, and symbols.
客戶端150也可以將透過可視化資料取得之文件識別資料以及接收自公證伺服器170的信物傳送給存查伺服器160,並可以接收存查伺服器160所傳送之與所取得之文件識別資料對應的目標文件。The client 150 can also transmit the file identification data obtained through the visualization data and the token received from the notary server 170 to the storage server 160, and can receive the target corresponding to the acquired file identification data transmitted by the storage server 160. file.
存查伺服器160可以與客戶端150、文件主機120、簽章伺服器130、公證伺服器170連接,並可以傳送資料或訊號給客戶端150、文件主機120及公證伺服器170,也可以接收客戶端150、文件主機120、簽章伺服器130、以及公證伺服器170所傳送的資料或訊號。其中,存查伺服器160可以透過通訊介面使用有線網路或無線網路與客戶端150、文件主機120、簽章伺服器130、公證伺服器170連接,本創作沒有特別的限制。The check server 160 can be connected to the client 150, the file host 120, the signature server 130, and the notary server 170, and can transmit data or signals to the client 150, the file host 120, and the notary server 170, and can also receive clients. The data or signal transmitted by the terminal 150, the file host 120, the signature server 130, and the notary server 170. The search server 160 can be connected to the client 150, the file host 120, the signature server 130, and the notary server 170 through a communication interface using a wired network or a wireless network. The creation is not particularly limited.
存查伺服器160負責接收簽章伺服器130所傳送的簽章文件,並可以儲存所接收到的簽章文件。存查伺服器160也可以接收文件主機120所傳送之目標文件的存取權限。The check server 160 is responsible for receiving the signature file transmitted by the signature server 130 and storing the received signature file. The check server 160 can also receive access rights to the target file transmitted by the file host 120.
值得一提的是,存查伺服器160可以只儲存簽章文件所包含之目標文件的目標文件相關資訊,並可以將所接收到的簽章文件儲存至文件主機120。其中,存查伺服器160所儲存的目標文件相關資訊包含但不限於目標文件對應的文件識別資料、目標文件的建立日期、目標文件的狀態、目標文件的存取權限等。It is worth mentioning that the search server 160 can store only the target file related information of the target file included in the signature file, and can store the received signature file to the file host 120. The information related to the target file stored by the check server 160 includes, but is not limited to, the file identification data corresponding to the target file, the date of creation of the target file, the state of the target file, and the access authority of the target file.
在部分的實施例中,存查伺服器160可以接收公證伺服器170所傳送之文件識別資料,並判斷與所接收到之文件識別資料對應的目標文件是否可以即時被存取,也就是判斷與文件識別資料對應的目標文件是否正被儲存於存查伺服器160(或文件主機120)中。其中,存查伺服器160可以依據所儲存之目標文件相關資訊中的目標文件的建立日期、目標文件的狀態、及/或目標文件的存取權限等資料進行判斷,也可以直接在儲存媒體中嘗試搜尋目標文件,但存查伺服器160判斷目標文件是否可以即時被存取的方式並不以上述為限。In some embodiments, the check server 160 can receive the file identification data transmitted by the notary server 170, and determine whether the target file corresponding to the received file identification data can be accessed immediately, that is, the judgment file. Whether the target file corresponding to the identification data is being stored in the storage server 160 (or the file host 120). The checking server 160 may determine the data according to the date of creation of the target file, the state of the target file, and/or the access authority of the target file in the stored target file related information, or may directly try in the storage medium. The search target file is searched, but the manner in which the check server 160 determines whether the target file can be accessed immediately is not limited to the above.
存查伺服器160也可以將與所接收到之文件識別資料對應的目標文件是否可以即時被存取時的判斷結果傳送給公證伺服器170。存查伺服器160也可以在所儲存之目標文件相關資訊中的目標文件的存取權限表示需要身分驗證時,產生身分驗證訊息,並將所產生的身分驗證訊息連同上述的判斷結果一併傳送給公證伺服器170。其中,身分驗證訊息包含用來讓使用者完成身分驗證的任何資料,舉例來說,身分驗證訊息可以包含驗證方式以及相關訊息,例如,驗證方式可以是使用憑證驗證或是使用帳號密碼驗證等,相關訊息也可以是能夠被使用的憑證、或是進行驗證的帳號密碼等,但身分驗證訊息並不以上述為限。The check server 160 can also transmit the judgment result when the target file corresponding to the received file identification data can be instantly accessed to the notary server 170. The checking server 160 may also generate an identity verification message when the access authority of the target file in the stored target file related information indicates that the identity verification is required, and transmit the generated identity verification message together with the foregoing judgment result. Notary server 170. The identity verification message includes any information used to enable the user to complete the identity verification. For example, the identity verification message may include the verification method and related information, for example, the verification method may be using certificate verification or using account password verification. The related information may also be a voucher that can be used, or an account password for verification, etc., but the identity verification message is not limited to the above.
存查伺服器160也可以接收公證伺服器170所傳送的信物,並可以接收客戶端150所傳送之信物。存查伺服器160也可以判斷公證伺服器170所傳送的信物是否與客戶端150所傳送之信物是否相同,且客戶端150所傳送之信物是否在時效內。當存查伺服器160判斷公證伺服器170與客戶端150所傳送的信物相同,且客戶端150所傳送之信物在時效內時,存查伺服器160可以將與公證伺服器170先前所傳送之文件識別資料對應的目標文件傳送給客戶端150;而若存查伺服器160判斷公證伺服器170與客戶端150所傳送的信物不同,或客戶端150所傳送之信物不在時效內,則存查伺服器160可以不傳送目標文件給客戶端150。The check server 160 can also receive the token transmitted by the notary server 170 and can receive the token transmitted by the client 150. The check server 160 can also determine whether the token transmitted by the notary server 170 is the same as the token transmitted by the client 150, and whether the token transmitted by the client 150 is within the time limit. When the check server 160 determines that the notarization server 170 is the same as the token transmitted by the client 150, and the token transmitted by the client 150 is within the time limit, the check server 160 can identify the file previously transmitted by the notary server 170. The target file corresponding to the data is transmitted to the client 150; and if the check server 160 determines that the notarization server 170 is different from the token transmitted by the client 150, or the token transmitted by the client 150 is not within the time limit, the check server 160 may The target file is not transmitted to the client 150.
存查伺服器160也可以接收公證伺服器170所傳送之客戶端識別資料,並可以在取得與公證伺服器170先前所傳送之文件識別資料對應的目標文件後,依據客戶端識別資料將所取得的目標文件直接或間接傳送給客戶端150。其中,間接傳送的方式例如透過電子郵件或即時訊息等方式傳送,但本創作並不以此為限。The check server 160 can also receive the client identification data transmitted by the notary server 170, and can obtain the target file corresponding to the file identification data previously transmitted by the notary server 170, according to the client identification data. The target file is transmitted directly or indirectly to the client 150. Among them, the indirect transmission method is transmitted by means of e-mail or instant message, but the creation is not limited thereto.
公證伺服器170可以與客戶端150、簽章伺服器130、存查伺服器160連接,並可以傳送資料或訊號給客戶端150、簽章伺服器130、存查伺服器160,也可以接收客戶端150、簽章伺服器130、存查伺服器160所傳送的資料或訊號。其中,公證伺服器170可以透過通訊介面使用有線網路或無線網路與客戶端150、簽章伺服器130、存查伺服器160連接,本創作沒有特別的限制。The notifying server 170 can be connected to the client 150, the signature server 130, and the storage server 160, and can transmit data or signals to the client 150, the signature server 130, the storage server 160, and the client 150. The signature server 130 and the data or signal transmitted by the server 160 are stored. The notarization server 170 can be connected to the client 150, the signature server 130, and the check server 160 through a communication interface using a wired network or a wireless network. The creation is not particularly limited.
公證伺服器170負責接收簽章伺服器130所傳送的電子文件,並負責對所接收到的電子文件簽章,藉以產生新的電子文件。公證伺服器170也負責將所產生之新的電子文件傳回簽章伺服器130。The notary server 170 is responsible for receiving the electronic file transmitted by the signature server 130 and is responsible for signing the received electronic file to generate a new electronic file. The notary server 170 is also responsible for transmitting the generated new electronic file back to the signature server 130.
公證伺服器170也負責儲存簽章文件的相關資訊(在本創作中亦使用「簽章文件相關資訊」表示),公證伺服器170所儲存之簽章文件相關資訊包含但不限於簽章文件的摘要值(digest)、簽章文件的雜湊值(hash value)、與簽章文件所包含之目標文件對應的文件識別資料等。在部分的實施例中,公證伺服器170可以依據所儲存之簽章文件相關資訊判斷簽章文件是否與目標文件的正本或原始文件相符。The notary server 170 is also responsible for storing the relevant information of the signature file (also referred to as "signature document related information" in this creation), and the information of the signature file stored by the notary server 170 includes but is not limited to the signature file. The digest value, the hash value of the signature file, and the file identification data corresponding to the target file included in the signature file. In some embodiments, the notary server 170 can determine whether the signature file matches the original or original file of the target file according to the stored signature file related information.
公證伺服器170也可以在接收簽章伺服器130所傳送之電子文件時,接收與所接收到之電子文件對應的文件識別資料。公證伺服器170也可以在對所接收到的電子文件簽章前或簽章後,依據所接收到之文件識別資料產生可視化資料,並可以將所產生的可視化資料加入簽章後所產生之新的電子文件中。The notary server 170 may also receive the file identification data corresponding to the received electronic file when receiving the electronic file transmitted by the signature server 130. The notarization server 170 may also generate visual data according to the received document identification data before or after the signature of the received electronic document, and may add the generated visual data to the new signature. In the electronic file.
在部分的實施例中,公證伺服器170可以接收客戶端150所傳送的文件識別資料,並可以依據所儲存之簽章文件相關資訊判斷與所接收到之文件識別資料對應的目標文件是否存在。In some embodiments, the notary server 170 can receive the file identification data transmitted by the client 150, and can determine whether the target file corresponding to the received file identification data exists according to the stored signature file related information.
公證伺服器170也可以在判斷與所接收到之文件識別資料對應的目標文件存在時,將所接收到的文件識別資料傳送給存查伺服器160。而若公證伺服器170判斷與所接收到之文件識別資料對應的目標文件不存在,則公證伺服器170可以拒絕客戶端150存取目標文件。The notary server 170 may also transmit the received file identification data to the storage server 160 when it is determined that the target file corresponding to the received document identification data exists. If the notifying server 170 determines that the target file corresponding to the received file identification data does not exist, the notary server 170 may reject the client 150 from accessing the target file.
公證伺服器170也可以接收存查伺服器160所傳送的判斷結果,並可以在所接收到的判斷結果表示目標文件可以即時被存取時,產生信物,以及將所產生的信物傳回客戶端150以及存查伺服器160。公證伺服器170也可以在所接收到的判斷結果表示目標文件無法即時被存取時,產生相對應的通知訊息,並將所產生的通知訊息傳回客戶端150,以及將客戶端150的客戶端識別資料傳送給存查伺服器160。The notary server 170 can also receive the judgment result transmitted by the check server 160, and can generate a token when the received judgment result indicates that the target file can be accessed immediately, and transmit the generated token back to the client 150. And the check server 160. The notary server 170 may also generate a corresponding notification message when the received judgment result indicates that the target file cannot be accessed immediately, and transmit the generated notification message to the client 150, and the client of the client 150. The end identification data is transmitted to the check server 160.
公證伺服器170也可以接收存查伺服器160所傳送的身分驗證訊息,並可以依據所接收到的身分驗證訊息要求客戶端150進行身分驗證,以及依據客戶端150的身分驗證結果選擇允許或拒絕客戶端150存取目標文件。當公證伺服器170選擇允許客戶端150存取目標文件時,公證伺服器170才可以傳送所產生的信物或通知訊息至客戶端150,並傳送所產生的信物或客戶端識別資料至存查伺服器160。The notifying server 170 can also receive the identity verification message transmitted by the checking server 160, and can request the client 150 to perform identity verification according to the received identity verification message, and select to allow or deny the client according to the identity verification result of the client 150. End 150 accesses the target file. When the notary server 170 selects to allow the client 150 to access the target file, the notary server 170 can transmit the generated token or notification message to the client 150, and transmit the generated token or client identification data to the storage server. 160.
接著以第一實施例來解說本創作的運作系統,並請參照「第2圖」本創作所提之依順序提供簽章對象簽章以產生簽章文件之方法流程圖。在本實施例中,假設本創作應用在線上投保的機制中,但本創作並不以此為限。Next, the operation system of the present creation is explained in the first embodiment, and the flow chart of the method of providing the signature object signature in order to generate the signature document in the order of the creation of the second drawing is described. In this embodiment, it is assumed that the creation application is in the online insurance system, but the creation is not limited thereto.
首先,客戶端150可以與提供線上投保服務的服務伺服器400連線,並將服務伺服器400要求提供之投保資料(內容參數)傳送給服務伺服器400。在本實施例中,假設客戶端150為安裝在一般計算設備上的瀏覽程式,服務伺服器400為網頁伺服器,客戶端150可以在服務伺服器400所提供的網頁中輸入投保資料。First, the client 150 can be connected to the service server 400 that provides the online insurance service, and transmits the insurance information (content parameters) requested by the service server 400 to the service server 400. In this embodiment, it is assumed that the client 150 is a browsing program installed on a general computing device, and the service server 400 is a web server, and the client 150 can input the insured materials in the webpage provided by the service server 400.
在服務伺服器400接收到客戶端150所提供的投保資料後,服務伺服器400可以產生包含所接收到之投保資料的電子保單(原始文件),並可以將所產生的電子保單提供給文件主機120,使得文件主機120取得原始文件(步驟210)。在本實施例中,假設服務伺服器400可以儲存各種保險產品之合約書的模板,並可以將所接收到的投保資料逐一填入客戶端150所選擇之保險產品之合約書的模板的對應欄位中,藉以產生完整的電子保單。After the service server 400 receives the insurance information provided by the client 150, the service server 400 may generate an electronic policy (original file) containing the received insurance information, and may provide the generated electronic policy to the file host. 120, causing the file host 120 to retrieve the original file (step 210). In this embodiment, it is assumed that the service server 400 can store the template of the contract of various insurance products, and can fill the received insurance materials one by one into the corresponding column of the template of the insurance product selected by the client 150. In order to generate a complete electronic policy.
在文件主機120取得原始文件(步驟210)後,文件主機120可以依據所取得之原始文件的類別定義簽章順序(步驟220)。在本實施例中,由於原始文件為保單,因此,文件主機120可以定義簽章順序為先由客戶端150簽章,再由簽章伺服器130簽章。After the file host 120 retrieves the original file (step 210), the file host 120 can define the signature order based on the category of the original file obtained (step 220). In this embodiment, since the original file is a policy, the file host 120 can define the signature order to be signed by the client 150 first, and then signed by the signature server 130.
在文件主機120定義簽章順序後,文件主機120可以產生包含所定義之簽章順序以及所取得之原始文件的目標文件,並可以產生與所產生之目標文件對應的文件識別資料,以及可以將所產生之目標文件以及文件識別資料傳送給簽章伺服器130(步驟230)。After the file host 120 defines the signature sequence, the file host 120 may generate an object file including the defined signature order and the obtained original file, and may generate file identification data corresponding to the generated target file, and may The generated object file and file identification data are transmitted to the signature server 130 (step 230).
在簽章伺服器130接收到文件主機120所產生的目標文件以及文件識別資料後,簽章伺服器130可以依據目標文件中的簽章順序依序將電子文件提供給簽章順序所表示之簽章對象,藉以在所有簽章對象完成簽章後產生簽章文件(步驟250)。在本實施例中,由於簽章順序依序為客戶端150以及簽章伺服器130,因此,簽章伺服器130可以將目標文件作為電子文件,傳送給客戶端150,使得客戶端150在服務伺服器400所提供的網頁中要求客戶端150對電子文件簽章。客戶端150可以使用與使用者之數位憑證對應的私鑰對電子文件簽章後,產生包含電子文件以及簽章資料的新電子文件,並將所產生之新的電子文件傳回簽章伺服器130。由於客戶端150並非簽章順序所表示之最後一個簽章單位,因此,客戶端150所產生的電子文件在本創作中也被稱為作業文件。After the signature server 130 receives the target file generated by the file host 120 and the file identification data, the signature server 130 can sequentially provide the electronic file to the signature indicated by the signature sequence according to the signature order in the target file. The chapter object is used to generate a signature file after all signature objects have completed the signature (step 250). In this embodiment, since the signature order is the client 150 and the signature server 130, the signature server 130 can transmit the target file as an electronic file to the client 150, so that the client 150 is in service. The web page provided by the server 400 requires the client 150 to sign the electronic file. The client 150 can sign the electronic file by using the private key corresponding to the digital certificate of the user, generate a new electronic file containing the electronic file and the signature information, and transmit the generated new electronic file to the signature server. 130. Since the client 150 is not the last sign unit indicated by the signature order, the electronic file generated by the client 150 is also referred to as a job file in the present creation.
在簽章伺服器130接收到客戶端150所傳送的電子文件後,可以依據將目標文件中的簽章順序將電子文件提供給簽章順序所表示之在客戶端150之後的簽章對象,由於此時的簽章對象為簽章伺服器130本身,因此,簽章伺服器130可以先確認所接收到的電子文件是否沒有經過變造,且是否包含客戶端150的簽章,當簽章伺服器130判斷所接收到的電子文件經過變造,或沒有包含客戶端150的簽章時,簽章伺服器130可以拒絕對電子文件簽章,而若簽章伺服器130判斷所接收到的電子文件沒有經過變造,且確實包含客戶端150的簽章,則簽章伺服器130可以使用與提供服務伺服器400之保險公司的數位憑證對應的私鑰對接收自客戶端150的電子文件簽章,並在簽章後產生包含接收自客戶端150之電子文件以及簽章資料的新電子文件。由於簽章伺服器130為簽章順序所表示之最後一個簽章單位,因此,簽章伺服器130所產生的電子文件在本創作中也被稱為簽章文件,也就是說,在本實施例中,簽章文件包含目標文件、客戶端150所產生之簽章資料以及簽章伺服器130所產生之簽章資料。After the signature server 130 receives the electronic file transmitted by the client 150, the electronic file may be provided to the signature object indicated by the signature sequence after the client 150 according to the signature sequence in the target file. The signature object at this time is the signature server 130 itself. Therefore, the signature server 130 can first confirm whether the received electronic file has not been altered, and whether the signature of the client 150 is included, when the signature servo When the device 130 determines that the received electronic file has been altered, or does not include the signature of the client 150, the signature server 130 may refuse to sign the electronic file, and if the signature server 130 determines the received electronic If the document has not been altered and does contain the signature of the client 150, the signature server 130 can use the private key pair corresponding to the digital certificate of the insurance company providing the service server 400 to receive the electronic file signature from the client 150. Chapter, and after the signature, generates a new electronic file containing the electronic file received from the client 150 and the signature information. Since the signature server 130 is the last signature unit indicated by the signature sequence, the electronic file generated by the signature server 130 is also referred to as a signature file in the present creation, that is, in this implementation. In the example, the signature file includes the target file, the signature data generated by the client 150, and the signature data generated by the signature server 130.
在簽章伺服器130產生簽章文件後,簽章伺服器130可以將所產生的簽章文件傳回客戶端150,使得客戶端150的使用者可以下載簽章伺服器130所產生的簽章文件,簽章伺服器130也可以將所產生的簽章文件傳送給存查伺服器160,使得存查伺服器160儲存簽章伺服器130所產生的簽章文件(步驟260)。After the signature server 130 generates the signature file, the signature server 130 can transmit the generated signature file to the client 150, so that the user of the client 150 can download the signature generated by the signature server 130. The document, signature server 130 may also transmit the generated signature file to the check server 160, such that the check server 160 stores the signature file generated by the signature server 130 (step 260).
如此,透過本創作,保險公司所提供的服務伺服器400以及使用者所使用的客戶端150都無法在目標文件成為簽章文件的過程中直接存取電子文件,確保簽章文件完整無誤,沒有遭到保險公司以及使用者的變造或置換。In this way, through the creation, the service server 400 provided by the insurance company and the client 150 used by the user cannot directly access the electronic file in the process of the target file becoming the signature file, ensuring that the signature file is complete and correct, Changed or replaced by insurance companies and users.
繼續以第二實施例來解說本創作的運作系統,同樣請參照「第2圖」所示之流程圖。在本實施例中,同樣假設本創作應用在線上投保的機制中。Continuing with the second embodiment to explain the operation system of the present creation, please also refer to the flow chart shown in "Fig. 2". In this embodiment, it is also assumed that the authoring application is in the online insured mechanism.
首先,客戶端150可以與提供線上投保服務的服務伺服器400連線,並將服務伺服器400要求提供之投保資料(內容參數)傳送給服務伺服器400。在本實施例中,假設客戶端150為安裝在一般計算設備上的特定應用程式,客戶端150可以應用程式中瀏覽保單內容、選擇保單產品、並輸入投保資料。First, the client 150 can be connected to the service server 400 that provides the online insurance service, and transmits the insurance information (content parameters) requested by the service server 400 to the service server 400. In this embodiment, assuming that the client 150 is a specific application installed on a general computing device, the client 150 can browse policy content, select a policy product, and enter insurance materials in the application.
在服務伺服器400接收到客戶端150所提供的投保資料後,服務伺服器400可以產生包含所接收到之投保資料的電子保單(原始文件),並可以將所產生的電子保單提供給文件主機120,使得文件主機120取得原始文件(步驟210),之後,文件主機120可以依據所取得之原始文件的類別定義簽章順序(步驟220)。在本實施例中,由於原始文件為保單,因此,文件主機120可以定義簽章順序為先由客戶端150簽章,再由簽章伺服器130簽章,最後由公證伺服器170簽章。After the service server 400 receives the insurance information provided by the client 150, the service server 400 may generate an electronic policy (original file) containing the received insurance information, and may provide the generated electronic policy to the file host. 120, causing the file host 120 to obtain the original file (step 210), after which the file host 120 can define the signature order according to the obtained category of the original file (step 220). In this embodiment, since the original file is a policy, the file host 120 can define the signature order to be signed by the client 150 first, then signed by the signature server 130, and finally signed by the notary server 170.
在文件主機120定義簽章順序後,文件主機120可以產生包含所定義之簽章順序以及所取得之原始文件的目標文件,並可以產生與所產生之目標文件對應的文件識別資料,以及可以將所產生之目標文件以及文件識別資料傳送給簽章伺服器130(步驟230)。在本實施例中,假設目標文件為PDF格式的檔案。After the file host 120 defines the signature sequence, the file host 120 may generate an object file including the defined signature order and the obtained original file, and may generate file identification data corresponding to the generated target file, and may The generated object file and file identification data are transmitted to the signature server 130 (step 230). In this embodiment, it is assumed that the target file is a file in PDF format.
在簽章伺服器130接收到文件主機120所產生的目標文件以及文件識別資料後,簽章伺服器130可以將所接收到的文件識別資料加密(步驟240),並可以依據目標文件中的簽章順序依序將電子文件提供給簽章順序所表示之簽章對象,藉以在所有簽章對象完成簽章後產生簽章文件(步驟250)。After the signature server 130 receives the target file generated by the file host 120 and the file identification data, the signature server 130 may encrypt the received file identification data (step 240), and may be based on the signature in the target file. The chapter sequentially provides the electronic file to the signature object represented by the signature order, so that the signature file is generated after all the signature objects have completed the signature (step 250).
在本實施例中,由於簽章順序依序為客戶端150、簽章伺服器130、以及公證伺服器170,因此,簽章伺服器130可以先將所接收到的目標文件作為電子文件傳送給客戶端150,同時也將加密後的文件識別資料傳送給客戶端150。客戶端150在接收到電子文件以及文件識別資料後,可以使用與使用者之數位憑證對應的私鑰對所接收到的電子文件簽章,並在簽章後產生相對應的簽章資料,客戶端150也可以使用QR code的編碼方式對所接收到的文件識別資料編碼,並使用QR code之編碼方式中的容錯功能將代表使用者的圖示加入編碼產生的QR code中,藉以產生可視化的QR code(可視化資料)。之後,客戶端150可以使用PDF的檔案格式,將所接收到的電子文件、所產生之簽章資料、所產生之可視化的QR code分別加入相對應的欄位中以產生包含目標文件、簽章資料、及可視化QR code的新電子文件,並可以將所產生之新的電子文件傳回簽章伺服器130,其中,可視化的QR code被加入Visual Sign的欄位中。由於客戶端150並非簽章順序所表示之最後一個簽章單位,因此,客戶端150所產生的電子文件為本創作中的作業文件。In this embodiment, since the signature order is the client 150, the signature server 130, and the notary server 170, the signature server 130 may first transmit the received target file as an electronic file. The client 150 also transmits the encrypted file identification data to the client 150. After receiving the electronic file and the file identification data, the client 150 may use the private key corresponding to the digital certificate of the user to sign the received electronic file, and generate a corresponding signature data after the signature, the client The terminal 150 can also encode the received file identification data by using the QR code encoding method, and use the fault tolerance function in the QR code encoding method to add the icon representing the user to the QR code generated by the encoding, thereby generating a visualization. QR code (visualization data). Afterwards, the client 150 can use the PDF file format to add the received electronic file, the generated signature data, and the generated QR code to the corresponding fields to generate the target file and signature. The data, and a new electronic file of the QR code are visualized, and the generated new electronic file can be transmitted back to the signature server 130, wherein the visualized QR code is added to the field of the Visual Sign. Since the client 150 is not the last sign unit indicated by the signature order, the electronic file generated by the client 150 is the job file in the creation.
在簽章伺服器130接收到客戶端150所傳送的電子文件後,可以依據將目標文件中的簽章順序將接收自客戶端150的電子文件以及加密後的文件識別資料提供給簽章順序所表示之在客戶端150之後的簽章對象,由於此時的簽章對象為簽章伺服器130本身,因此,簽章伺服器130可以在確認所接收到的電子文件沒有經過變造,且包含排列在簽章順序之前的所有簽章對象(也就是客戶端150)的簽章後,使用與提供服務伺服器400之保險公司的數位憑證對應的私鑰對接收自客戶端150的電子文件簽章,也可以產生包含保險公司之商標且記載加密後之文件識別資料的QR code(可視化資料),並可以產生包含接收自客戶端150之電子文件、所產生之簽章資料、所產生之QR code的新電子文件(簽章伺服器130對電子文件簽章以產生新電子文件的過程與客戶端150相同,故不詳細描述)。After the signature server 130 receives the electronic file transmitted by the client 150, the electronic file received from the client 150 and the encrypted file identification data may be provided to the signature sequence according to the signature sequence in the target file. The signature object indicated after the client 150, since the signature object at this time is the signature server 130 itself, the signature server 130 can confirm that the received electronic file has not been altered, and includes After the signatures of all the signature objects (ie, the client 150) arranged before the signature sequence, the electronic file received from the client 150 is obtained using the private key corresponding to the digital certificate of the insurance company providing the service server 400. The chapter may also generate a QR code (visualized data) containing the trademark of the insurance company and including the encrypted document identification data, and may generate an electronic file containing the received document from the client 150, the generated signature data, and the generated QR. The new electronic file of code (the process by which the signature server 130 signs the electronic file to generate a new electronic file is the same as that of the client 150 and therefore will not be described in detail).
在簽章伺服器130完成簽章作業後,簽章伺服器130可以再次依據將目標文件中的簽章順序將所產生的電子文件以及加密後的文件識別資料提供給簽章順序所表示之在簽章伺服器130之後的簽章對象,也就是公證伺服器170。因此,簽章伺服器130可以將加密後的文件識別資料以及所產生的電子文件傳送給公證伺服器170。公證伺服器170在接收到文件識別資料以及電子文件後,可以先確認所接收到的電子文件是否經過變造,且是否包含排列在簽章順序之前的所有簽章對象的簽章,若公證伺服器170所接收到的電子文件沒有經過變造且包含排列在簽章順序之前的客戶端150與簽章伺服器130的簽章,則公證伺服器170可以使用與提供公證伺服器170之公證單位的數位憑證對應的私鑰對所接收到的電子文件簽章,也可以產生包含公證單位之商標且記載加密後之文件識別資料的QR code(可視化資料),並可以產生包含接收自簽章伺服器130之電子文件、所產生之簽章資料、所產生之QR code的新電子文件(公證伺服器170對電子文件簽章以產生新電子文件的過程與客戶端150相同,故不詳細描述)。由於公證伺服器170為簽章順序所表示之最後一個簽章單位,因此,公證伺服器170所產生的電子文件在本創作中也被稱為簽章文件,也就是說,在本實施例中,簽章文件包含目標文件、客戶端150所產生之簽章資料與可視化資料、簽章伺服器130所產生之簽章資料與可視化資料、以及公證伺服器170所產生之簽章資料與可視化資料。After the signature server 130 completes the signature job, the signature server 130 can again provide the generated electronic file and the encrypted file identification data to the signature sequence according to the signature sequence in the target file. The signature object after the signature server 130, that is, the notary server 170. Therefore, the signature server 130 can transmit the encrypted file identification material and the generated electronic file to the notary server 170. After receiving the document identification data and the electronic file, the notarization server 170 may first confirm whether the received electronic file has been altered, and whether it contains the signatures of all the signature objects arranged before the signature order, if the notarized servo The electronic file received by the device 170 is not modified and includes the signature of the client 150 and the signature server 130 arranged before the signature sequence, and the notary server 170 can use the notary unit that provides the notary server 170. The private key corresponding to the digital certificate may also generate a QR code (visualized data) including the trademark of the notary unit and the encrypted document identification information, and may generate a self-signed signature servo. The electronic file of the device 130, the generated signature data, and the new electronic file of the generated QR code (the process in which the notary server 170 signs the electronic document to generate a new electronic file is the same as the client 150, and therefore is not described in detail) . Since the notary server 170 is the last sign unit indicated by the signature order, the electronic file generated by the notary server 170 is also referred to as a signature file in the present creation, that is, in this embodiment. The signature file includes the target file, the signature data and the visualization data generated by the client 150, the signature data and the visualization data generated by the signature server 130, and the signature data and the visualization data generated by the notary server 170. .
在公證伺服器170完成簽章作業後,公證伺服器170也可以記錄簽章所產生之新電子文件(簽章文件)的簽章文件相關資訊,並可以將所產生的新電子文件傳回簽章伺服器130。在本實施例中,假設公證伺服器170所記錄之簽章文件相關資訊包含簽章文件的摘要值、簽章文件的雜湊值、以及與簽章文件所包含之目標文件對應的文件識別資料。After the notary server 170 completes the signing operation, the notary server 170 can also record the signature information of the new electronic file (signature document) generated by the signature, and can transmit the generated new electronic file back to the signature. Server 130. In this embodiment, it is assumed that the information related to the signature file recorded by the notary server 170 includes the digest value of the signature file, the hash value of the signature file, and the file identification data corresponding to the target file included in the signature file.
在簽章伺服器130接收到簽章順序所表示之最後一個簽章單位所產生的電子文件(簽章文件)後,簽章伺服器130可以將所接收到的簽章文件傳回客戶端150,使得客戶端150的使用者可以下載經過客戶端150、簽章伺服器130、以及公證伺服器170簽章的簽章文件,簽章伺服器130也可以將簽章文件傳送給存查伺服器160,使得存查伺服器160儲存簽章文件(步驟260)。在本實施例中,存查伺服器160可以將簽章文件傳送到文件主機120儲存,並將簽章文件所包含之目標文件的文件識別資料、建立日期、存取權限等目標文件相關資訊寫入資料庫中。After the signature server 130 receives the electronic file (signature file) generated by the last signature unit indicated by the signature sequence, the signature server 130 can transmit the received signature file to the client 150. The user of the client 150 can download the signature file signed by the client 150, the signature server 130, and the notary server 170, and the signature server 130 can also transmit the signature file to the storage server 160. The check server 160 causes the signature server to store the signature file (step 260). In this embodiment, the check server 160 can transfer the signature file to the file host 120 for storage, and write the file identification information, the creation date, the access authority, and the like of the target file included in the signature file. In the database.
如此,透過本創作,保險公司所提供的服務伺服器400以及使用者所使用的客戶端150都無法在目標文件成為簽章文件的過程中直接存取電子文件,除了確保簽章文件完整無誤之外,透過公證伺服器170的簽章,更可以保證目標文件的不可否認性。In this way, through the creation, the service server 400 provided by the insurance company and the client 150 used by the user cannot directly access the electronic file in the process of the target file becoming the signature file, except that the signature document is complete and correct. In addition, through the signature of the notary server 170, the non-repudiation of the target file can be guaranteed.
接著請參考「第3圖」所示之方法流程圖,在客戶端150接收到簽章伺服器130所傳送的簽章文件後,當客戶端150的使用者想要確認簽章文件中所記錄的保單內容是否與保險時的內容相同時,客戶端150可以依據簽章文件中之可視化資料取得可視化資料所記載的文件識別資料,並可以將所取得之文件識別資料傳送給公證伺服器170(步驟310)。在本實施例中,使用者可以將簽章文件列印為紙本的形式,或可以使用其他計算設備顯示簽章文件,並可以操作客戶端150使用內建的QR code掃描功能掃描被列印在紙本上或被其他顯示裝置所顯示之簽章文件中的QR code,使得客戶端150在對掃描所得之QR code解碼後取得文件識別資料。在本實施例中,由於文件識別資料經過簽章伺服器130的加密,因此,客戶端150在取得文件識別資料後,還可以對所取得之文件識別資料解密。Then, referring to the method flowchart shown in FIG. 3, after the client 150 receives the signature file transmitted by the signature server 130, the user of the client 150 wants to confirm the record in the signature file. When the content of the policy is the same as the content of the insurance, the client 150 can obtain the file identification data recorded by the visualization according to the visual data in the signature file, and can transmit the obtained document identification data to the notary server 170 ( Step 310). In this embodiment, the user can print the signature file in the form of a paper, or can display the signature file using other computing devices, and can operate the client 150 to scan and print using the built-in QR code scanning function. The QR code in the signature file displayed on the paper or by other display devices causes the client 150 to obtain the file identification data after decoding the scanned QR code. In this embodiment, since the file identification data is encrypted by the signature server 130, the client 150 can decrypt the obtained file identification data after obtaining the file identification data.
在公證伺服器170接收到客戶端150所傳送的文件識別資料後,公證伺服器170可以依據所接收到之文件識別資料判斷與文件識別資料對應的目標文件是否存在。若目標文件存在,則公證伺服器170可以將所接收到的文件識別資料傳送給存查伺服器160(步驟320);而若目標文件不存在,公證伺服器170可以拒絕客戶端150存取目標文件。在本實施例中,公證伺服器170可以在所儲存之簽章文件相關資訊中是否存在與所接收到之文件識別資料相同的資料,若是,表示目標文件存在,反之,表示目標文件不存在。After the notary server 170 receives the file identification data transmitted by the client 150, the notary server 170 can determine whether the target file corresponding to the file identification data exists according to the received file identification data. If the target file exists, the notary server 170 can transmit the received file identification data to the check server 160 (step 320); and if the target file does not exist, the notary server 170 can reject the client 150 to access the target file. . In this embodiment, the notarization server 170 may have the same data as the received document identification data in the stored signature file related information, and if so, indicates that the target file exists, and conversely, indicates that the target file does not exist.
在存查伺服器160接收到公證伺服器170所傳送的文件識別資料後,存查伺服器160可以判斷與所接收到之文件識別資料對應的目標文件是否可即時被存取並產生判斷結果,並可以將所產生的判斷結果傳回公證伺服器170(步驟330)。在本實施例中,存查伺服器160可以由資料庫中讀出與所接收到之文件識別資料對應的目標文件的目標文件相關資訊,並依據所讀出之目標文件相關資訊中的建立日期或狀態判斷目標文件是否可即時被存取,例如判斷建立日期距今是否已達封存或銷毀標準,或是依據狀態判斷目標文件是否還存在等。After the check server 160 receives the file identification data transmitted by the notary server 170, the check server 160 can determine whether the target file corresponding to the received file identification data can be accessed immediately and generate a judgment result, and can The generated judgment result is transmitted back to the notary server 170 (step 330). In this embodiment, the search server 160 may read the target file related information of the target file corresponding to the received file identification data from the database, and according to the date of establishment in the related information of the target file read or The status determines whether the target file can be accessed immediately, for example, whether the date of establishment has reached the storage or destruction criteria, or whether the target file still exists according to the status.
在公證伺服器170接收到存查伺服器160所傳送的判斷結果後,公證伺服器170可以在判斷結果表示目標文件可以被即時存取時,產生信物,並可以將所產生的信物傳送給存查伺服器160以及發出與目標文件對應之文件識別資料的客戶端150(步驟350)。After the notarization server 170 receives the determination result transmitted by the check server 160, the notary server 170 may generate a token when the judgment result indicates that the target file can be accessed instantaneously, and may transmit the generated token to the storage servo. The processor 160 and the client 150 that issues the file identification material corresponding to the target file (step 350).
客戶端150在接收到公證伺服器170所傳送的信物後,可以將所接收到的信物傳送給存查伺服器160(步驟360),存查伺服器160在接收到公證伺服器170所傳送的信物且接收到客戶端150所傳送的信物後,可以判斷公證伺服器170所傳送的信物與客戶端150所傳送的信物是否相同,並可以在判斷公證伺服器170與客戶端150所傳送的信物相同時,讀出目標文件,並將所讀出的目標文件傳送到客戶端150(步驟370)。在客戶端150接收到存查伺服器160所傳送的目標文件後,使用者可以使用肉眼或客戶端150或其他程式比對簽章文件所記錄的保單內容與目標文件所記錄的保單內容是否相同。After receiving the token transmitted by the notary server 170, the client 150 may transmit the received token to the checking server 160 (step 360), and the checking server 160 receives the token transmitted by the notary server 170 and After receiving the token transmitted by the client 150, it can be determined whether the token transmitted by the notary server 170 is the same as the token transmitted by the client 150, and can be used when determining that the notarization server 170 and the client 150 transmit the same token. The target file is read and the read target file is transferred to the client 150 (step 370). After the client 150 receives the target file transmitted by the check server 160, the user can use the naked eye or the client 150 or other program to compare the policy content recorded by the signature file with the policy content recorded by the target file.
另外,在公證伺服器170接收到存查伺服器160所傳送的判斷結果後,若判斷結果表示目標文件無法被即時存取,則公證伺服器170可以將傳送與目標文件對應之文件識別資料的客戶端150的對象識別資料傳送給存查伺服器160。In addition, after the notarization server 170 receives the determination result transmitted by the check server 160, if the judgment result indicates that the target file cannot be accessed instantaneously, the notary server 170 can transmit the file identification data corresponding to the target file. The object identification data of the terminal 150 is transmitted to the check server 160.
在存查伺服器160接收到公證伺服器170所傳送之對象識別資料後,存查伺服器160可以等待取得目標文件,並可以在取得目標文件後,依據所接收到的對象識別資料將目標文件直接或間接傳送給客戶端150。After the check server 160 receives the object identification data transmitted by the notary server 170, the check server 160 can wait for the target file to be obtained, and after obtaining the target file, the target file can be directly or according to the received object identification data. Indirectly transmitted to the client 150.
如此,透過本創作,也可以在降低存查伺服器160負擔的條件下提供使用者進行調卷作業,同時增加調卷作業的安全性。In this way, the user can also provide the user to perform the volume adjustment operation under the condition of reducing the burden on the storage server 160, and at the same time increase the security of the volume adjustment operation.
上述的實施例中,在存查伺服器160將所產生的判斷結果傳回公證伺服器170(步驟330)前,也可以由資料庫中讀出目標文件的存取權限,並可以在所讀出之存取權限表示需要身分驗證時,產生相對應身分驗證訊息,以及將所產生的身分驗證訊息連同所產生的判斷結果一併傳送給公證伺服器170。假設存查伺服器160所產生的身份驗證訊息表示需要使用憑證進行身份驗證。In the above embodiment, before the check server 160 returns the generated judgment result to the notary server 170 (step 330), the access authority of the target file may be read from the database, and may be read out. The access authority indicates that the identity verification message is generated when the identity verification is required, and the generated identity verification message is transmitted to the notary server 170 together with the generated judgment result. It is assumed that the authentication message generated by the check server 160 indicates that the credential needs to be used for authentication.
在公證伺服器170接收到存查伺服器160所傳送的身份驗證訊息後,可以要求客戶端150使用憑證進行身份驗證,並依據身份驗證的結果判斷是否允許客戶端150存取目標文件(步驟340)。若客戶端150通過身份驗證,則公證伺服器170可以允許客戶端150存取目標文件,公證伺服器170可以在判斷結果表示目標文件可以被即時存取時傳送所產生信物到存查伺服器160與客戶端150(步驟350),或是在判斷結果表示目標文件無法被即時存取時,傳送客戶端150的對象識別資料至存查伺服器160。而若客戶端150沒有通過身份驗證,則公證伺服器170可以拒絕客戶端150存取目標文件。After the notifying server 170 receives the identity verification message sent by the check server 160, the client 150 may be required to use the certificate for identity verification, and determine whether to allow the client 150 to access the target file according to the result of the identity verification (step 340). . If the client 150 passes the authentication, the notary server 170 can allow the client 150 to access the target file, and the notary server 170 can transmit the generated token to the checking server 160 when the judgment result indicates that the target file can be accessed instantly. The client 150 (step 350) or transmits the object identification data of the client 150 to the check server 160 when the result of the judgment indicates that the target file cannot be accessed immediately. If the client 150 does not pass the authentication, the notary server 170 can reject the client 150 to access the target file.
綜上所述,可知本創作與先前技術之間的差異在於具有文件主機依據所取得之原始文件的類別定義簽章順序並產生包含原始文件與簽章順序的目標文件,簽章伺服器依據簽章順序依序將包含目標文件的電子文件提供給簽章對象簽章以產生簽章文件後,將簽章文件傳送給簽章對象的使用者或擁有者保存之技術手段,藉由此一技術手段可以來解決先前技術所存在電子文件可能在簽章前就被替換的問題,進而達成在電子文件中提供近似印鑑的技術功效。In summary, it can be seen that the difference between the present creation and the prior art is that the file host defines the signature order according to the category of the original file obtained and generates an object file containing the original file and the signature order, and the signature server is based on the signature. The chapter sequentially provides the electronic file containing the target file to the signature object signature to generate the signature file, and then transmits the signature file to the user or the owner of the signature object to save the technical means. The means can solve the problem that the electronic files existing in the prior art may be replaced before the signature, thereby achieving the technical effect of providing the approximate seal in the electronic file.
雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.
120‧‧‧文件主機120‧‧‧File Host
130‧‧‧簽章伺服器 130‧‧‧Signature Server
150‧‧‧客戶端 150‧‧‧Client
160‧‧‧存查伺服器 160‧‧‧Check server
170‧‧‧公證伺服器 170‧‧‧ notary server
400‧‧‧服務伺服器 400‧‧‧Service Server
步驟210‧‧‧文件主機取得原始文件,原始文件包含客戶端所提供之內容參數 Step 210‧‧‧ The file host obtains the original file, and the original file contains the content parameters provided by the client.
步驟220‧‧‧文件主機依據原始文件之類別定義簽章順序 Step 220‧‧‧ The file host defines the signature order according to the category of the original document
步驟230‧‧‧文件主機產生包含簽章順序及原始文件之目標文件,並產生與目標文件對應之文件識別資料,及傳送目標文件及文件識別資料至簽章伺服器 Step 230‧‧‧ The file host generates an object file containing the signature sequence and the original file, and generates file identification data corresponding to the target file, and transmits the target file and the file identification data to the signature server
步驟240‧‧‧簽章伺服器加密文件識別資料 Step 240‧‧‧Signature Server Encrypted File Identification Data
步驟250‧‧‧簽章伺服器依據簽章順序依序提供多個簽章對象對電子文件簽章以產生簽章文件,簽章文件包含簽章對象所產生之記載文件識別資料之可視化資料 Step 250‧‧‧ The signature server provides a plurality of signature objects in sequence according to the signature sequence to sign the electronic document to generate a signature document, and the signature document includes visual data of the identification data of the document generated by the signature object.
步驟260‧‧‧簽章伺服器傳送簽章文件至存查伺服器儲存,並傳送簽章文件至客戶端 Step 260‧‧‧ The signature server transmits the signature file to the check server storage and transmits the signature file to the client
步驟310‧‧‧客戶端依據可視化資料取得文件識別資料並傳送文件識別資料至公證伺服器 Step 310‧‧‧ The client obtains the file identification data according to the visualization data and transmits the file identification data to the notary server
步驟320‧‧‧公證伺服器依據文件識別資料判斷目標文件存在時傳送文件識別資料至存查伺服器 Step 320‧‧‧ The notarization server transmits the file identification data to the storage server when the target file exists according to the file identification data
步驟330‧‧‧存查伺服器依據與文件識別資料對應之目標文件是否可即時被存取產生判斷結果,並傳送判斷結果至公證伺服器 Step 330‧‧‧ The check server generates a judgment result according to whether the target file corresponding to the file identification data can be accessed immediately, and transmits the judgment result to the notary server
步驟340‧‧‧公證伺服器依據身分驗證訊息判斷是否允許客戶端存取目標文件 Step 340‧‧‧ The notary server determines whether to allow the client to access the target file based on the identity verification message
步驟350‧‧‧公證伺服器於判斷結果表示為可即時被存取時,傳送信物至客戶端及存查伺服器 Step 350‧‧‧ The notary server transmits the token to the client and the check server when the judgment result is expressed as being instantly accessible
步驟360‧‧‧客戶端傳送信物至存查伺服器 Step 360‧‧‧ The client transmits the token to the check server
步驟370‧‧‧存查伺服器於公證伺服器與客戶端傳送之信物相同時傳送目標文件至客戶端 Step 370‧‧‧ The check server transmits the target file to the client when the notarization server and the client transmit the same token
第1圖為本創作所提之依順序提供簽章對象簽章以產生簽章文件之系統架構圖。 第2圖為本創作所提之依順序提供簽章對象簽章以產生簽章文件之方法流程圖。 第3圖為本創作所提之依簽章文件中之可視化資料調閱目標文件之方法流程圖。The first figure is a system architecture diagram of the signature object signature provided in order to generate the signature document. The second figure is a flow chart of the method for providing the signature of the signature object in order to generate the signature document. Figure 3 is a flow chart of the method for reading the target file according to the visual data in the signature file.
Claims (11)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW108200689U TWM578053U (en) | 2019-01-15 | 2019-01-15 | System for generating signing documents sequentially providing the signature for the signing party |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW108200689U TWM578053U (en) | 2019-01-15 | 2019-01-15 | System for generating signing documents sequentially providing the signature for the signing party |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM578053U true TWM578053U (en) | 2019-05-11 |
Family
ID=67353168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW108200689U TWM578053U (en) | 2019-01-15 | 2019-01-15 | System for generating signing documents sequentially providing the signature for the signing party |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM578053U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI690192B (en) * | 2019-01-15 | 2020-04-01 | 臺灣網路認證股份有限公司 | System for providing signature entities to sign electronic document in order for generating signed document and method thereof |
-
2019
- 2019-01-15 TW TW108200689U patent/TWM578053U/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI690192B (en) * | 2019-01-15 | 2020-04-01 | 臺灣網路認證股份有限公司 | System for providing signature entities to sign electronic document in order for generating signed document and method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3598336B1 (en) | Information processing device and information processing method | |
| US8887290B1 (en) | Method and system for content protection for a browser based content viewer | |
| KR20050058488A (en) | Apparatus, system and method for securing digital documents in a digital appliance | |
| CN115277143A (en) | Data secure transmission method, device, equipment and storage medium | |
| TWM539667U (en) | System of online credentials application for network transaction via carrier | |
| CN114386104A (en) | Method for storing sensitive data, data reading method and device | |
| CN110955904B (en) | Data encryption method, data decryption method, processor and computer equipment | |
| TWI690192B (en) | System for providing signature entities to sign electronic document in order for generating signed document and method thereof | |
| TWM578053U (en) | System for generating signing documents sequentially providing the signature for the signing party | |
| US7966460B2 (en) | Information usage control system, information usage control device and method, and computer readable medium | |
| CN113221190A (en) | Electronic signature method, device and system of PDF file and storage medium | |
| TWM602765U (en) | System for attesting and verifying insurance policy through third-party blockchain | |
| CN111783119A (en) | Form data security control method and device, electronic equipment and storage medium | |
| TWM575144U (en) | Computing equipment using password of operating system to encrypt and decrypt | |
| TWM620550U (en) | System for verifying identity on different devices by verifying valid certificates | |
| TWM583978U (en) | System of using physical carrier to store digital certificate for performing online transaction | |
| CN110837627A (en) | Software copyright authentication method, system and equipment based on hard disk serial number | |
| TWI788682B (en) | System and method for evidencing and verifying insurance policy through third-party block-chain | |
| TWM576681U (en) | Computing device validating user identity during signing | |
| TWM580295U (en) | System for managing certificate with embedded browser module and computing equipment | |
| TW202018626A (en) | System for verifying user identity when processing digital signature and method thereof | |
| TWI777105B (en) | System for obtaining additional data when identifying to execute operation and method thereof | |
| TWI790495B (en) | System for driving smart card by third-party device for identity verification and method thereof | |
| TWI767113B (en) | System for using certificate stored in carrier to conduct online transactions and method thereof | |
| CN112632571B (en) | Data encryption method, data decryption device and storage device |