WO2017024934A1 - Electronic signing method, device and signing server - Google Patents

Electronic signing method, device and signing server Download PDF

Info

Publication number
WO2017024934A1
WO2017024934A1 PCT/CN2016/091524 CN2016091524W WO2017024934A1 WO 2017024934 A1 WO2017024934 A1 WO 2017024934A1 CN 2016091524 W CN2016091524 W CN 2016091524W WO 2017024934 A1 WO2017024934 A1 WO 2017024934A1
Authority
WO
WIPO (PCT)
Prior art keywords
hash value
digital certificate
key
encrypted
private
Prior art date
Application number
PCT/CN2016/091524
Other languages
French (fr)
Chinese (zh)
Inventor
高翔
胡远平
刘凯
贡鹏
汪卫国
Original Assignee
阿里巴巴集团控股有限公司
高翔
胡远平
刘凯
贡鹏
汪卫国
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 高翔, 胡远平, 刘凯, 贡鹏, 汪卫国 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2017024934A1 publication Critical patent/WO2017024934A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present application relates to the field of Internet technologies, and in particular, to a method, an apparatus, and a signature server for implementing an electronic signature.
  • the present application provides a new technical solution, which can solve the technical problem of reducing the hardware cost of the electronic signature process by applying an electronic signature of an electronic document in real time on the Internet when the amount of users is large.
  • a method for implementing an electronic signature comprising:
  • a method for implementing an electronic signature comprising:
  • the third-party service platform After the third-party service platform encrypts the hash value by using the second key, receiving the encrypted hash value through the second private network;
  • the encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
  • an apparatus for implementing an electronic signature comprising:
  • a determining module for determining a hash value of the electronic document to be signed
  • a first encryption module configured to encrypt, by using a private key corresponding to the public key in the digital certificate, the hash value determined by the determining module;
  • a signature synthesizing module configured to synthesize the hash value encrypted by the first encryption module, the digital certificate, and the picture of the electronic signature into the electronic document.
  • processor a memory for storing the processor executable instructions
  • processor is configured to:
  • a signature server comprising:
  • processor a memory for storing the processor executable instructions
  • processor is configured to:
  • the third-party service platform After the third-party service platform encrypts the hash value by using the second key, Receiving the encrypted hash value through the second private network;
  • the encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
  • the present application encrypts the hash value by using the private key corresponding to the public key in the digital certificate, and synthesizes the encrypted hash value, the digital certificate and the electronic signature picture into the electronic document. Therefore, the problem of high implementation cost of the U shield signature scheme in the prior art is solved, the mode of the Internet signature is realized, the user cost is reduced, the hash value is encrypted, and the encrypted hash value and the digital certificate are obtained. Synthesizing into electronic documents enhances the security and credibility of electronic signatures.
  • FIG. 1A is a flow chart showing a method of implementing an electronic signature according to an exemplary embodiment of the present invention
  • FIG. 1B shows a schematic diagram of a picture of an electronic signature in accordance with an exemplary embodiment of the present invention
  • FIG. 1C shows a schematic diagram of a digital certificate in accordance with an exemplary embodiment of the present invention
  • FIG. 2A is a flow chart showing a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention.
  • FIG. 2B illustrates a scene graph in accordance with another exemplary embodiment of the present invention
  • FIG. 3A illustrates a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention
  • FIG. 3B illustrates a scene graph in accordance with yet another exemplary embodiment of the present invention
  • FIG. 4A is a flow chart showing a method of implementing an electronic signature in accordance with still another exemplary embodiment of the present invention.
  • FIG. 4B illustrates a scene graph in accordance with yet another exemplary embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of a signature server according to an exemplary embodiment of the present invention.
  • FIG. 6 is a block diagram showing the structure of an electronic signature device according to an exemplary embodiment of the present invention.
  • FIG. 7 shows a schematic structural diagram of implementing an electronic signature device according to another exemplary embodiment of the present invention.
  • first, second, third, etc. may be used to describe various information in this application, such information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as the second information without departing from the scope of the present application.
  • second information may also be referred to as the first information.
  • word "if” as used herein may be interpreted as "when” or “when” or “in response to a determination.”
  • the encrypted hash value, the digital certificate, and the electronic signature image are synthesized into an electronic document by encrypting the hash value with a private key corresponding to the public key in the digital certificate. Therefore, the problem of high implementation cost of the U shield signature scheme in the prior art is solved, the mode of the Internet signature is realized, the user cost is reduced, the hash value is encrypted, and the encrypted hash value and the digital certificate are synthesized.
  • the electronic document has improved the security and credibility of the electronic signature.
  • FIG. 1A illustrates a flow of a method of implementing an electronic signature in accordance with an exemplary embodiment of the present invention.
  • Schematic diagram FIG. 1B shows a schematic diagram of an electronic signature in accordance with an exemplary embodiment of the present invention
  • FIG. 1C shows a schematic diagram of a digital certificate according to an exemplary embodiment of the present invention; on.
  • the method for implementing an electronic signature includes the following steps:
  • Step 101 Determine a hash value of the electronic document to be signed
  • Step 102 Encrypt the hash value by using a private key corresponding to the public key in the digital certificate
  • Step 103 Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
  • the electronic document may be a local file (eg, a certification file, an electronic receipt, etc.); in another embodiment, the electronic document may be from a first service platform, and the first service platform may For a payment-type financial service platform (for example, Alipay), correspondingly, the electronic document may be an asset certificate, a bill, or an electronic receipt; in another embodiment, the electronic document may be from the second service platform, and the second service platform may be Deposit-based financial business platform (for example, Lucky Fort), correspondingly, the electronic document can be a loan and interest certificate; in another embodiment, the electronic document can be from the third business platform, and the third business platform can be the Internet financial service platform.
  • the network merchant bank correspondingly, the electronic document can be an electronic certificate applied by the end user, etc., and thus, the source of the electronic document is not limited in this application.
  • the electronic signature may be an electronic signature of the enterprise corresponding to the first service platform, an electronic signature of the enterprise corresponding to the second service platform, and an electronic signature of the enterprise corresponding to the third service platform.
  • the hash value of the electronic document may be extracted by a hash algorithm.
  • the encryption method of the hash value may be determined according to the source of the electronic document. For example, if the electronic document is from the first service platform, the encryption machine may be set in the signature server, and the encryption machine is used.
  • the first key also known as the primary key, MainKey
  • MainKey to encrypt the private key in the digital certificate; for example, if the electronic document is from the second service platform, the hash value can be sent to the first private network
  • the three-party authentication center for example, the CA center
  • the third-party authentication center encrypts the hash value by using the private key corresponding to the public key in the digital certificate, and then returns the encrypted hash value through the first private network.
  • Hash values can be encrypted by using different encryption methods for electronic documents from different sources to meet personalized business needs.
  • a picture of the corresponding electronic signature may be obtained from the corresponding service platform (the first service platform, the second service platform, and the third service platform), and the encrypted hash value,
  • the corresponding service platform the first service platform, the second service platform, and the third service platform
  • the encrypted hash value the encrypted hash value
  • the electronic signature synthesized on the electronic document is "AB company", and when the click event on the electronic signature of "AB company" is monitored, the related information of the digital certificate shown in FIG. 1C is displayed. Since the digital certificate is obtained through a third-party certification center, the user can verify the authenticity of the electronic signature through the digital certificate.
  • the embodiment of the present invention implements the mode of the Internet signature by the steps S101-S103, and solves the problem that the U shield signature scheme in the prior art has a high implementation cost, reduces the user cost, and passes the hash value. Encryption and the synthesis of encrypted hashes and digital certificates onto electronic documents enhance the security and credibility of electronic signatures.
  • FIG. 2A shows a flow diagram of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention
  • FIG. 2B illustrates a scenario of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention.
  • the embodiment is exemplified by taking an electronic document from the first service platform as an example.
  • the method for implementing an electronic signature includes the following steps:
  • Step 201 Determine a hash value of the electronic document to be signed
  • Step 202 Obtain a digital certificate and a private key corresponding to the public key in the digital certificate, where the private key is encrypted;
  • Step 203 decrypt the encrypted private key
  • Step 204 Encrypt the hash value by using the decrypted private key
  • Step 205 Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
  • step 201 For the description of the foregoing step 201, refer to the related description of the foregoing step 101, which will not be described in detail herein.
  • the digital certificate and the encrypted private key may be obtained from the cloud database, wherein the first key of the encryption machine on the signature server may be passed (also referred to as the main The secret key encrypts the private key corresponding to the public key in the digital certificate, and then stores it in the cloud database, and decrypts the encrypted private key stored in the cloud database when needed.
  • the cloud database may store a large number of digital certificates and a private key corresponding to the public key in the digital certificate, thereby implementing a large number of digital certificates and a private key corresponding to the public key in the digital certificate. Safe to save.
  • step 205 For the description of the foregoing step 205, refer to the related description of the foregoing step 103, and details are not described herein.
  • the signature server 22 applies for a digital certificate from the third-party authentication center 21, and encrypts it with the first key of the local encryption machine (not shown) of the signature server 22.
  • the private key corresponding to the public key in the digital certificate stores the encrypted private key and the digital certificate into the cloud database 23.
  • the signature server 22 obtains an electronic document that needs to be electronically signed from the first service platform 24, extracts a hash value of the electronic document by using a hash algorithm, and obtains a digital certificate and an encrypted private key from the cloud database 23, together with a hash.
  • the values are transmitted together to the encryption machine local to the signature server 22, and the private key corresponding to the public key in the digital certificate is decrypted in the encryption machine local to the signature server 22, and the public key corresponding to the digital certificate is obtained.
  • the private key, the encryption machine then encrypts the hash value by using the private key.
  • the signature server 22 synthesizes the encrypted hash value, the digital certificate and the electronic signature onto the electronic document, thereby providing the electronic document. To the user.
  • the encryption machine of the signature server is Internal processing, thus ensuring the security of the private key corresponding to the public key in the digital certificate during use.
  • the encryption machine in the third-party authentication center can only store a limited number of private keys corresponding to the public key in the digital certificate, thereby supporting the large amount of data and high concurrency of the Internet signature, and ensuring The security of the private key corresponding to the public key in the digital certificate.
  • FIG. 3A illustrates a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention
  • FIG. 3B illustrates a scenario of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention
  • FIG. 1 is an exemplary illustration of an electronic document provided by a second service platform.
  • the method for implementing an electronic signature includes the following steps:
  • Step 301 Determine a hash value of the electronic document to be signed
  • Step 303 Receive, by using the first private network, the encrypted hash value from the third-party authentication center.
  • Step 304 Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
  • step 301 For the description of the foregoing step 301, refer to the related description of step 101 above, and details are not described herein.
  • the first private network may be a dedicated communication network connected to the signature server and the authentication center, in which no other devices are accessed, through the first private network.
  • the hash value and the encrypted hash value are transmitted to ensure the security of the hash value.
  • the signature server 31 is jointly signed with the third party certification center 32.
  • the signature server 31 extracts the hash value of the electronic document through the hash algorithm, and the signature server 31 transmits the hash value to the third-party authentication center 32 through the first private network, and the third-party authentication center 32
  • the hash value is encrypted using the private key corresponding to the public key in the digital certificate, after which the encrypted hash value is returned to the signature server 31 via the first private network, and the signature server 31 encrypts the hash.
  • the hash value, digital certificate, and electronic signature are combined into an electronic document, and the electronic document can be provided to the user.
  • the hash value of the electronic document is sent to the third-party authentication center through the first private network, and the hash value is encrypted by the third-party authentication center by using the private key corresponding to the public key in the digital certificate.
  • Receiving the encrypted hash value through the first private network, and encrypting the hash value and number The image of the word certificate and the electronic signature is synthesized into an electronic document, which solves the problem of high implementation cost of the U-Shield signature scheme in the prior art, reduces the user cost, and utilizes the digital certificate stored in the third-party certification center.
  • the private key corresponding to the public key encrypts the hash value, and then combines the digital certificate and the encrypted hash value into the electronic document, thereby improving the credibility of the electronic signature, and at the same time, the electronic document can be leaked to the electronic document.
  • Other unrelated businesses ensure the commercial security of electronic documents.
  • FIG. 4A shows a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention
  • FIG. 4B illustrates a scenario of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention
  • FIG. 1 is an exemplary embodiment of an electronic document provided from a third service platform.
  • the method for implementing an electronic signature includes the following steps:
  • Step 401 Determine a hash value of the electronic document to be signed
  • Step 402 Send the hash value and the second key of the electronic document to the third-party service platform through the second private network, where the second key is a preset key between the signature server and the third-party service platform or Keys for mutual negotiation;
  • Step 403 Receive an encrypted hash value through the second private network.
  • Step 404 Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
  • step 401 For the description of the above step 401, refer to the related description of the above step 101, which will not be described in detail herein.
  • the second private network may be a dedicated communication network connected to the signature server and the third-party service platform, in which no other device is accessed, and the second The private network transmits the hash value and the encrypted hash value to ensure the security of the hash value.
  • the third-party service platform may be a platform that can provide an electronic document, such as the first service platform, the second service platform, and the third service platform in the foregoing embodiment.
  • step 404 For the description of the above step 404, refer to the related description of the above step 103, which will not be described in detail herein.
  • the signature server 41 acquires an electronic document from the third-party service platform 42, extracts a hash value of the electronic document by using a hash algorithm, and transmits the hash value to the third-party service platform 42.
  • the encryption machine encrypts the hash value by the encryption machine of the third-party service platform 42 through the second key, and then the third service platform 42 returns the encrypted hash value to the signature service.
  • the signature server 41 synthesizes the encrypted hash value, the digital certificate, and the electronic signature into the electronic document, thereby providing the electronic document to the user.
  • This embodiment can meet the requirement that the third-party service platform 42 requires the private key corresponding to the public key in the digital certificate to be stored, and the flexibility of the electronic signature mode is improved.
  • the present application also proposes a schematic structural diagram of the signature server according to an exemplary embodiment of the present application shown in FIG. 5.
  • the network server includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may of course include hardware required for other services.
  • the processor reads the corresponding computer program from the non-volatile memory into memory and then runs, forming a device implementing the electronic signature on a logical level.
  • the present application does not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution body of the following processing flow is not limited to each logical unit, and may be Hardware or logic device.
  • FIG. 6 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention.
  • the apparatus for implementing an electronic signature may include: a determining module 61, a first encryption module 62, and a signing Chapter Synthesis Module 63. among them:
  • a determining module 61 configured to determine a hash value of the electronic document to be signed
  • the first encryption module 62 is configured to encrypt the hash value determined by the determining module 61 by using a private key corresponding to the public key in the digital certificate;
  • the signature synthesizing module 63 is configured to synthesize the hashed value of the first encryption module 62, the digital certificate, and the electronic signature into the electronic document.
  • FIG. 7 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention. As shown in FIG. 7, on the basis of the foregoing embodiment shown in FIG. 6, the first encryption module 62 may include:
  • the obtaining unit 621 is configured to obtain a digital certificate and a private key corresponding to the public key in the digital certificate, where the private key is encrypted;
  • the decrypting unit 622 is configured to decrypt the encrypted private key obtained by the obtaining unit 621;
  • the encryption unit 623 is configured to encrypt the hash value by using the private key decrypted by the decryption unit 622.
  • the apparatus may further include:
  • a second encryption module 64 configured to encrypt, by using the first key, a private key corresponding to the public key in the digital certificate
  • the storage module 65 is configured to store the encrypted private key and the digital certificate by the second encryption module 64.
  • the digital certificate and the encrypted private key are obtained from a cloud database.
  • the first encryption module 62 can include:
  • the first sending unit 624 is configured to send the hash value of the electronic document to the third-party authentication center by using the first private network, where the third-party authentication center is configured to generate a digital certificate and adopt a public key corresponding to the digital certificate.
  • the private key encrypts the hash value
  • the first receiving unit 625 is configured to receive, by using the first private network, the encrypted hash value from the third-party authentication center.
  • the first private network is a dedicated communication network connected to the signature server and the third party certificate authority.
  • the apparatus may further include:
  • the sending module 66 is configured to send the hash value and the second key of the electronic document to the third-party service platform by using the second private network, where the second key is preset between the signature server and the third-party service platform.
  • Secret key
  • the receiving module 67 is configured to receive the encrypted hash value from the third-party authentication center through the second private network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Image Processing (AREA)

Abstract

The present application provides an electronic signing method and device. The method comprises: determining a hash value of an electronic document to be signed; performing encryption on the hash value by using a private key corresponding to a public key of a digital certificate; and synthesizing the encrypted hash value, the digital certificate and an image of an electronic signature in the electronic document. The technical solution of the present invention addresses the problem of a high implementation cost of a USBKey signing solution in the prior art, thus providing an Internet signing mode and reducing costs for users.

Description

实现电子签章的方法、装置及签章服务器Method, device and signature server for realizing electronic signature 技术领域Technical field
本申请涉及互联网技术领域,尤其涉及一种实现电子签章的方法、装置及签章服务器。The present application relates to the field of Internet technologies, and in particular, to a method, an apparatus, and a signature server for implementing an electronic signature.
背景技术Background technique
当需要对大型互联网金融企业为用户提供的电子文件进行电子签章时,现有技术通过电子签章所用的私钥是放置在U盾中,当用户使用电子签章时,将U盾插入电脑,电子签章系统通过获取U盾内的与数字证书中的公钥相对应的私钥对电子文档进行签章,由于使用该方案的前提是必须使用户购买U盾,因此当大量用户需要电子签章时,实施成本高,推广难度大。When it is necessary to electronically sign an electronic file provided by a large Internet financial enterprise for a user, the private key used in the prior art through the electronic signature is placed in the U shield, and when the user uses the electronic signature, the U shield is inserted into the computer. The electronic signature system signs the electronic document by obtaining the private key corresponding to the public key in the digital certificate in the U shield. The premise of using the scheme is that the user must purchase the U shield, so when a large number of users need electronic When signing, the implementation cost is high and the promotion is difficult.
发明内容Summary of the invention
有鉴于此,本申请提供一种新的技术方案,可以解决在用户量大时以互联网方式实时申请电子文档的电子签章,降低电子签章过程的硬件成本的技术问题。In view of this, the present application provides a new technical solution, which can solve the technical problem of reducing the hardware cost of the electronic signature process by applying an electronic signature of an electronic document in real time on the Internet when the amount of users is large.
为实现上述目的,本申请提供技术方案如下:To achieve the above objective, the present application provides the following technical solutions:
根据本申请的第一方面,提出了一种实现电子签章的方法,包括:According to a first aspect of the present application, a method for implementing an electronic signature is provided, comprising:
确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
对所述哈希值采用与数字证书中的公钥相对应的私钥进行加密;Encrypting the hash value with a private key corresponding to the public key in the digital certificate;
将所述加密后的哈希值、所述数字证书和所述电子签章的图片合成到所述电子文档中。And synthesizing the encrypted hash value, the digital certificate, and the picture of the electronic signature into the electronic document.
根据本申请的第二方面,提出了一种实现电子签章的方法,包括:According to a second aspect of the present application, a method for implementing an electronic signature is provided, comprising:
确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
将所述电子文档的所述哈希值、第二秘钥通过第二专用网络发送给所述 第三方业务平台,所述第二秘钥由所述签章服务器和所述第三方业务平台之间预设的秘钥;Sending the hash value and the second key of the electronic document to the a third-party service platform, where the second key is a key preset between the signature server and the third-party service platform;
在所述第三方业务平台采用所述第二秘钥对所述哈希值进行加密后,通过所述第二专用网络接收所述加密后的所述哈希值;After the third-party service platform encrypts the hash value by using the second key, receiving the encrypted hash value through the second private network;
将所述加密后的哈希值、数字证书和电子签章的图片合成到所述电子文档中。The encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
根据本申请的第三方面,提出了一种实现电子签章的装置,包括:According to a third aspect of the present application, an apparatus for implementing an electronic signature is provided, comprising:
确定模块,用于确定待签章的电子文档的哈希值;a determining module for determining a hash value of the electronic document to be signed;
第一加密模块,用于对所述确定模块确定的所述哈希值采用与数字证书中的公钥相对应的私钥进行加密;a first encryption module, configured to encrypt, by using a private key corresponding to the public key in the digital certificate, the hash value determined by the determining module;
签章合成模块,用于将所述第一加密模块加密后的所述哈希值、所述数字证书和所述电子签章的图片合成到所述电子文档中。And a signature synthesizing module, configured to synthesize the hash value encrypted by the first encryption module, the digital certificate, and the picture of the electronic signature into the electronic document.
根据本申请的第四方面,提出了一种签章服务器,包括:According to a fourth aspect of the present application, a signature server is provided, comprising:
处理器;用于存储所述处理器可执行指令的存储器;a processor; a memory for storing the processor executable instructions;
其中,所述处理器被配置为:Wherein the processor is configured to:
确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
对所述哈希值采用与数字证书中的公钥相对应的私钥进行加密;Encrypting the hash value with a private key corresponding to the public key in the digital certificate;
将所述加密后的哈希值、所述数字证书和所述电子签章的图片合成到所述电子文档中。And synthesizing the encrypted hash value, the digital certificate, and the picture of the electronic signature into the electronic document.
根据本申请的第五方面,提出了一种签章服务器,包括:According to a fifth aspect of the present application, a signature server is provided, comprising:
处理器;用于存储所述处理器可执行指令的存储器;a processor; a memory for storing the processor executable instructions;
其中,所述处理器被配置为:Wherein the processor is configured to:
确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
将所述电子文档的所述哈希值、第二秘钥通过第二专用网络发送给所述第三方业务平台,所述第二秘钥由所述签章服务器和所述第三方业务平台之间预设的秘钥;Transmitting the hash value and the second key of the electronic document to the third-party service platform by using a second private network, where the second key is used by the signature server and the third-party service platform Pre-set secret key;
在所述第三方业务平台采用所述第二秘钥对所述哈希值进行加密后,通 过所述第二专用网络接收所述加密后的所述哈希值;After the third-party service platform encrypts the hash value by using the second key, Receiving the encrypted hash value through the second private network;
将所述加密后的哈希值、数字证书和电子签章的图片合成到所述电子文档中。The encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
由以上技术方案可见,本申请通过对哈希值采用与数字证书中的公钥相对应的私钥进行加密,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中,从而解决了现有技术中的U盾签章方案实施成本高的问题,实现了互联网签章的模式,降低了用户成本,通过对哈希值加密以及将加密后的哈希值和数字证书合成到电子文档上,提升了电子签章的安全性和公信力。It can be seen from the above technical solution that the present application encrypts the hash value by using the private key corresponding to the public key in the digital certificate, and synthesizes the encrypted hash value, the digital certificate and the electronic signature picture into the electronic document. Therefore, the problem of high implementation cost of the U shield signature scheme in the prior art is solved, the mode of the Internet signature is realized, the user cost is reduced, the hash value is encrypted, and the encrypted hash value and the digital certificate are obtained. Synthesizing into electronic documents enhances the security and credibility of electronic signatures.
附图说明DRAWINGS
图1A示出了根据本发明的一示例性实施例的实现电子签章的方法的流程示意图;FIG. 1A is a flow chart showing a method of implementing an electronic signature according to an exemplary embodiment of the present invention; FIG.
图1B示出了根据本发明的一示例性实施例的电子签章的图片的示意图;FIG. 1B shows a schematic diagram of a picture of an electronic signature in accordance with an exemplary embodiment of the present invention; FIG.
图1C示出了根据本发明的一示例性实施例的数字证书的示意图;FIG. 1C shows a schematic diagram of a digital certificate in accordance with an exemplary embodiment of the present invention; FIG.
图2A示出了根据本发明的另一示例性实施例的实现电子签章的方法的流程示意图;2A is a flow chart showing a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention;
图2B示出了根据本发明的另一示例性实施例的场景图;FIG. 2B illustrates a scene graph in accordance with another exemplary embodiment of the present invention; FIG.
图3A示出了根据本发明的又一示例性实施例的实现电子签章的方法的流程示意图;FIG. 3A illustrates a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention; FIG.
图3B示出了根据本发明的又一示例性实施例的场景图;FIG. 3B illustrates a scene graph in accordance with yet another exemplary embodiment of the present invention; FIG.
图4A示出了根据本发明的又一示例性实施例的实现电子签章的方法的流程示意图;4A is a flow chart showing a method of implementing an electronic signature in accordance with still another exemplary embodiment of the present invention;
图4B示出了根据本发明的又一示例性实施例的场景图;FIG. 4B illustrates a scene graph in accordance with yet another exemplary embodiment of the present invention; FIG.
图5示出了根据本发明的一示例性实施例的签章服务器的结构示意图;FIG. 5 is a schematic structural diagram of a signature server according to an exemplary embodiment of the present invention; FIG.
图6示出了根据本发明的一示例性实施例的实现电子签章装置的结构示意图; FIG. 6 is a block diagram showing the structure of an electronic signature device according to an exemplary embodiment of the present invention; FIG.
图7示出了根据本发明的另一示例性实施例的实现电子签章装置的结构示意图。FIG. 7 shows a schematic structural diagram of implementing an electronic signature device according to another exemplary embodiment of the present invention.
具体实施方式detailed description
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. The following description refers to the same or similar elements in the different figures unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Instead, they are merely examples of devices and methods consistent with aspects of the present application as detailed in the appended claims.
在本申请使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本申请。在本申请和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terminology used in the present application is for the purpose of describing particular embodiments, and is not intended to be limiting. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
应当理解,尽管在本申请可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本申请范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used to describe various information in this application, such information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, the first information may also be referred to as the second information without departing from the scope of the present application. Similarly, the second information may also be referred to as the first information. Depending on the context, the word "if" as used herein may be interpreted as "when" or "when" or "in response to a determination."
为对本申请进行进一步说明,提供下列实施例:In order to further illustrate this application, the following examples are provided:
根据本申请一个实施例,通过对哈希值采用与数字证书中的公钥相对应的私钥进行加密,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中,从而解决了现有技术中的U盾签章方案实施成本高的问题,实现了互联网签章的模式,降低了用户成本,通过对哈希值加密以及将加密后的哈希值和数字证书合成到电子文档上,提升了电子签章的安全性和公信力。According to an embodiment of the present application, the encrypted hash value, the digital certificate, and the electronic signature image are synthesized into an electronic document by encrypting the hash value with a private key corresponding to the public key in the digital certificate. Therefore, the problem of high implementation cost of the U shield signature scheme in the prior art is solved, the mode of the Internet signature is realized, the user cost is reduced, the hash value is encrypted, and the encrypted hash value and the digital certificate are synthesized. The electronic document has improved the security and credibility of the electronic signature.
图1A示出了根据本发明的一示例性实施例的实现电子签章的方法的流 程示意图,图1B示出了根据本发明的一示例性实施例的电子签章的示意图,图1C示出了根据本发明的一示例性实施例的数字证书的示意图;可以应用在签章服务器上。如图1A所示,实现电子签章的方法包括如下步骤:FIG. 1A illustrates a flow of a method of implementing an electronic signature in accordance with an exemplary embodiment of the present invention. Schematic diagram, FIG. 1B shows a schematic diagram of an electronic signature in accordance with an exemplary embodiment of the present invention, and FIG. 1C shows a schematic diagram of a digital certificate according to an exemplary embodiment of the present invention; on. As shown in FIG. 1A, the method for implementing an electronic signature includes the following steps:
步骤101,确定待签章的电子文档的哈希值;Step 101: Determine a hash value of the electronic document to be signed;
步骤102,对哈希值采用与数字证书中的公钥相对应的私钥进行加密;Step 102: Encrypt the hash value by using a private key corresponding to the public key in the digital certificate;
步骤103,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中。Step 103: Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
在步骤101中,在一实施例中,电子文档可以是本地文件(例如,证明文件、电子回单等);在另一实施例中,电子文档可以来自第一业务平台,第一业务平台可以为支付类金融业务平台(例如,支付宝),相应的,电子文档可以为资产证明、账单、电子回单;在另一实施例中,电子文档可以来自第二业务平台,第二业务平台可以为存款类金融业务平台(例如,招财宝),相应的,电子文档可以为借款和利息证明;在再一实施例中,电子文档可以来自第三业务平台,第三业务平台可以为互联网金融业务平台(例如,网商银行),相应的,电子文档可以为终端用户申请的电子凭证等等,由此可知,本申请对电子文档的来源不做限制。In step 101, in an embodiment, the electronic document may be a local file (eg, a certification file, an electronic receipt, etc.); in another embodiment, the electronic document may be from a first service platform, and the first service platform may For a payment-type financial service platform (for example, Alipay), correspondingly, the electronic document may be an asset certificate, a bill, or an electronic receipt; in another embodiment, the electronic document may be from the second service platform, and the second service platform may be Deposit-based financial business platform (for example, Lucky Fort), correspondingly, the electronic document can be a loan and interest certificate; in another embodiment, the electronic document can be from the third business platform, and the third business platform can be the Internet financial service platform. (For example, the network merchant bank), correspondingly, the electronic document can be an electronic certificate applied by the end user, etc., and thus, the source of the electronic document is not limited in this application.
在一实施例中,电子签章可以为第一业务平台对应的企业的电子签章、第二业务平台对应的企业的电子签章、第三业务平台对应的企业的电子签章。在一实施例中,可以通过哈希(Hash)算法提取电子文档的哈希值。In an embodiment, the electronic signature may be an electronic signature of the enterprise corresponding to the first service platform, an electronic signature of the enterprise corresponding to the second service platform, and an electronic signature of the enterprise corresponding to the third service platform. In an embodiment, the hash value of the electronic document may be extracted by a hash algorithm.
在步骤102中,在一实施例中,可以根据电子文档的来源确定对哈希值的加密方式,例如,如果电子文档来自第一业务平台,可以在签章服务器中设置加密机,通过加密机的第一秘钥(也可称为主秘钥,MainKey)来加密数字证书中的私钥;再例如,如果电子文档来自第二业务平台,可以通过第一专用网络将哈希值发送给第三方认证中心(例如,CA中心),由第三方认证中心通过使用与数字证书中的公钥相对应的私钥对哈希值进行加密,之后通过第一专用网络将加密后的哈希值返还给签章服务器;再例如,如果电子文档来自第三业务平台,可以将哈希值、签章服务器和第三方金融平台之 间设定的第二秘钥通过第二专用网络发送给第三业务平台的加密机,由第三业务平台通过加密机采用双方设定的第二秘钥对哈希值进行加密,之后,第三业务平台再将加密后的哈希值返回给签章服务器。通过对不同来源的电子文档采用不同的加密方式对哈希值进行加密,还可以满足个性化的业务需求。In step 102, in an embodiment, the encryption method of the hash value may be determined according to the source of the electronic document. For example, if the electronic document is from the first service platform, the encryption machine may be set in the signature server, and the encryption machine is used. The first key (also known as the primary key, MainKey) to encrypt the private key in the digital certificate; for example, if the electronic document is from the second service platform, the hash value can be sent to the first private network The three-party authentication center (for example, the CA center), the third-party authentication center encrypts the hash value by using the private key corresponding to the public key in the digital certificate, and then returns the encrypted hash value through the first private network. Give the signature server; for example, if the electronic document comes from the third business platform, you can use hash values, signature servers, and third-party financial platforms. The second key set between the two is sent to the encryption machine of the third service platform by the second private network, and the third service platform encrypts the hash value by using the second key set by the encryption machine, and then The three service platforms then return the encrypted hash value to the signature server. Hash values can be encrypted by using different encryption methods for electronic documents from different sources to meet personalized business needs.
在步骤103中,在一实施例中,可以从相应的业务平台(第一业务平台、第二业务平台、第三业务平台)获取相应的电子签章的图片,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中的合成方式可以参见现有技术的相关描述,在此不再详述。In step 103, in an embodiment, a picture of the corresponding electronic signature may be obtained from the corresponding service platform (the first service platform, the second service platform, and the third service platform), and the encrypted hash value, For the synthesis of the digital certificate and the electronic signature image into the electronic document, refer to the related description of the prior art, which will not be described in detail herein.
如图1B所示,合成在电子文档上的电子签章为“AB公司”,当监听到“AB公司”的电子签章上的点击事件时,显示图1C所示的数字证书的相关信息,由于数字证书是通过第三方认证中心获取到的,因此可以使用户通过数字证书验证电子签章的真伪性。As shown in FIG. 1B, the electronic signature synthesized on the electronic document is "AB company", and when the click event on the electronic signature of "AB company" is monitored, the related information of the digital certificate shown in FIG. 1C is displayed. Since the digital certificate is obtained through a third-party certification center, the user can verify the authenticity of the electronic signature through the digital certificate.
由上述描述可知,本发明实施例通过步骤S101-S103实现了互联网签章的模式,解决了现有技术中的U盾签章方案实施成本高的问题,降低了用户成本,通过对哈希值加密以及将加密后的哈希值和数字证书合成到电子文档上,提升了电子签章的安全性和公信力。It can be seen from the above description that the embodiment of the present invention implements the mode of the Internet signature by the steps S101-S103, and solves the problem that the U shield signature scheme in the prior art has a high implementation cost, reduces the user cost, and passes the hash value. Encryption and the synthesis of encrypted hashes and digital certificates onto electronic documents enhance the security and credibility of electronic signatures.
图2A示出了根据本发明的另一示例性实施例的实现电子签章的方法的流程示意图,图2B示出了根据本发明的另一示例性实施例的实现电子签章的方法的场景图;本实施例以电子文档来自第一业务平台提供为例进行示例性说明。如图2A所,实现电子签章的方法包括如下步骤:2A shows a flow diagram of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention, and FIG. 2B illustrates a scenario of a method of implementing an electronic signature in accordance with another exemplary embodiment of the present invention. The embodiment is exemplified by taking an electronic document from the first service platform as an example. As shown in FIG. 2A, the method for implementing an electronic signature includes the following steps:
步骤201,确定待签章的电子文档的哈希值;Step 201: Determine a hash value of the electronic document to be signed;
步骤202,获取数字证书以及数字证书中的公钥相对应的私钥,该私钥经过加密的;Step 202: Obtain a digital certificate and a private key corresponding to the public key in the digital certificate, where the private key is encrypted;
步骤203,对经过加密的私钥进行解密;Step 203: decrypt the encrypted private key;
步骤204,采用解密后的私钥对哈希值进行加密;Step 204: Encrypt the hash value by using the decrypted private key;
步骤205,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中。 Step 205: Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
上述步骤201的描述可以参见上述步骤101的相关描述,在此不再详述。For the description of the foregoing step 201, refer to the related description of the foregoing step 101, which will not be described in detail herein.
在步骤202至步骤204中,在一实施例中,可以从云端数据库获取数字证书和经过加密的私钥,其中,可以通过签章服务器上的加密机的第一秘钥(也可称为主秘钥)对与数字证书中的公钥相对应的私钥进行加密,之后存储在云端数据库中,在需要时在对存储在云端数据库的经过加密的私钥进行解密。在另一实施例中,云端数据库可以存储有海量的数字证书和与数字证书中的公钥相对应的私钥,从而实现对大量数字证书和与数字证书中的公钥相对应的私钥的安全存诸。In step 202 to step 204, in an embodiment, the digital certificate and the encrypted private key may be obtained from the cloud database, wherein the first key of the encryption machine on the signature server may be passed (also referred to as the main The secret key encrypts the private key corresponding to the public key in the digital certificate, and then stores it in the cloud database, and decrypts the encrypted private key stored in the cloud database when needed. In another embodiment, the cloud database may store a large number of digital certificates and a private key corresponding to the public key in the digital certificate, thereby implementing a large number of digital certificates and a private key corresponding to the public key in the digital certificate. Safe to save.
上述步骤205的描述可以参见上述步骤103的相关描述,在此不再详述。For the description of the foregoing step 205, refer to the related description of the foregoing step 103, and details are not described herein.
作为一个示例性场景,如图2B所示,签章服务器22从第三方认证中心21申请了数字证书,通过签章服务器22本地的加密机(图中未示)的第一秘钥来加密与数字证书中的公钥相对应的私钥,将加密后的私钥和数字证书存储至云端数据库23中。签章服务器22从第一业务平台24获取到需要进行电子签章的电子文档,采用哈希算法提取电子文档的哈希值,从云端数据库23获取数字证书和经过加密的私钥,连同哈希值一起传送到签章服务器22本地的加密机中,在签章服务器22本地的加密机中对与数字证书中的公钥相对应的私钥进行解密,得到与数字证书中的公钥相对应的私钥,加密机再对哈希值采用该私钥进行加密,最后,签章服务器22将加密后的哈希值、数字证书和电子签章合成到电子文档上,进而可以将电子文档提供给用户。由于通过第一秘钥对与数字证书中的公钥相对应的私钥进行解密,以及通过与数字证书公钥相对应的私钥对哈希值加密的过程都在签章服务器的加密机的内部处理,因此确保了与数字证书中的公钥相对应的私钥在使用过程的安全。As an exemplary scenario, as shown in FIG. 2B, the signature server 22 applies for a digital certificate from the third-party authentication center 21, and encrypts it with the first key of the local encryption machine (not shown) of the signature server 22. The private key corresponding to the public key in the digital certificate stores the encrypted private key and the digital certificate into the cloud database 23. The signature server 22 obtains an electronic document that needs to be electronically signed from the first service platform 24, extracts a hash value of the electronic document by using a hash algorithm, and obtains a digital certificate and an encrypted private key from the cloud database 23, together with a hash. The values are transmitted together to the encryption machine local to the signature server 22, and the private key corresponding to the public key in the digital certificate is decrypted in the encryption machine local to the signature server 22, and the public key corresponding to the digital certificate is obtained. The private key, the encryption machine then encrypts the hash value by using the private key. Finally, the signature server 22 synthesizes the encrypted hash value, the digital certificate and the electronic signature onto the electronic document, thereby providing the electronic document. To the user. Since the private key corresponding to the public key in the digital certificate is decrypted by the first key, and the hash value is encrypted by the private key corresponding to the digital certificate public key, the encryption machine of the signature server is Internal processing, thus ensuring the security of the private key corresponding to the public key in the digital certificate during use.
本实施例中,由于在云端数据库存储了数字证书和加密后的私钥,在需要对电子文档进行电子签章时,从云端数据库获取数字证书和数字证书的加密后的私钥,可以避免现有技术中在第三方认证中心的加密机只能保存有限数量的与数字证书中的公钥相对应的私钥,从而可以支持互联网签章的大数据量和高并发的特性,并确保了与数字证书中的公钥相对应的私钥的安全性。 In this embodiment, since the digital certificate and the encrypted private key are stored in the cloud database, when the electronic signature needs to be electronically signed, the encrypted private key of the digital certificate and the digital certificate is obtained from the cloud database, thereby avoiding the present In the technology, the encryption machine in the third-party authentication center can only store a limited number of private keys corresponding to the public key in the digital certificate, thereby supporting the large amount of data and high concurrency of the Internet signature, and ensuring The security of the private key corresponding to the public key in the digital certificate.
图3A示出了根据本发明的又一示例性实施例的实现电子签章的方法的流程示意图,图3B示出了根据本发明的又一示例性实施例的实现电子签章的方法的场景图;本实施例以电子文档由第二业务平台提供进行示例性说明。如图3A所示,实现电子签章的方法包括如下步骤:FIG. 3A illustrates a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention, and FIG. 3B illustrates a scenario of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention. FIG. 1 is an exemplary illustration of an electronic document provided by a second service platform. As shown in FIG. 3A, the method for implementing an electronic signature includes the following steps:
步骤301,确定待签章的电子文档的哈希值;Step 301: Determine a hash value of the electronic document to be signed;
步骤302,将电子文档的哈希值通过第一专用网络发送给第三方认证中心,其中,第三方认证中心用于生成数字证书并采用与数字证书中的公钥相对应的私钥对哈希值加密;Step 302: Send a hash value of the electronic document to the third-party authentication center through the first private network, where the third-party authentication center is configured to generate a digital certificate and adopt a private key pair hash corresponding to the public key in the digital certificate. Value encryption
步骤303,通过第一专用网络接收来自第三方认证中心加密后的哈希值;Step 303: Receive, by using the first private network, the encrypted hash value from the third-party authentication center.
步骤304,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中。Step 304: Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
上述步骤301的描述可以参见上述步骤101的相关描述,在此不再详述。For the description of the foregoing step 301, refer to the related description of step 101 above, and details are not described herein.
在步骤302和步骤303中,在一实施例中,第一专用网络可以为连接在签章服务器和认证中心的专用通信网络,在该专用通信网络中未接入其他设备,通过第一专用网络传输哈希值和加密后的哈希值,可以确保哈希值的安全性。In step 302 and step 303, in an embodiment, the first private network may be a dedicated communication network connected to the signature server and the authentication center, in which no other devices are accessed, through the first private network. The hash value and the encrypted hash value are transmitted to ensure the security of the hash value.
上述步骤304的描述可以参见上述步骤103的相关描述,在此不再详。For the description of the foregoing step 304, refer to the related description of the foregoing step 103, which is not detailed here.
作为一个示例性场景,如图3B所示,签章服务器31与第三方认证中心32联合签章。在联合签章过程中,签章服务器31通过哈希算法提取电子文档的哈希值,签章服务器31通过第一专用网络将哈希值发送给第三方认证中心32,由第三方认证中心32使用与数字证书中的公钥相对应的私钥对哈希值进行加密,之后,通过第一专用网络将加密后的哈希值返回给签章服务器31,签章服务器31将加密后的哈希值、数字证书、电子签章合成到电子文档中,进而可以将电子文档提供给用户。As an exemplary scenario, as shown in FIG. 3B, the signature server 31 is jointly signed with the third party certification center 32. In the joint signature process, the signature server 31 extracts the hash value of the electronic document through the hash algorithm, and the signature server 31 transmits the hash value to the third-party authentication center 32 through the first private network, and the third-party authentication center 32 The hash value is encrypted using the private key corresponding to the public key in the digital certificate, after which the encrypted hash value is returned to the signature server 31 via the first private network, and the signature server 31 encrypts the hash. The hash value, digital certificate, and electronic signature are combined into an electronic document, and the electronic document can be provided to the user.
本实施例中,将电子文档的哈希值通过第一专用网络发送给第三方认证中心,在第三方认证中心通过与数字证书中的公钥相对应的私钥对哈希值进行加密后,通过第一专用网络接收加密后的哈希值,将加密后的哈希值、数 字证书和电子签章的图片合成到电子文档中,解决了现有技术中的U盾签章方案实施成本高的问题,降低了用户成本,通过利用存储在第三方认证中心的与数字证书中的公钥相对应的私钥对哈希值加密,再将数字证书、加密后的哈希值合成到电子文档上,提升了电子签章的公信力,同时,可以使电子文档不出被泄漏至其它无关的企业,确保电子文档的商业安全。In this embodiment, the hash value of the electronic document is sent to the third-party authentication center through the first private network, and the hash value is encrypted by the third-party authentication center by using the private key corresponding to the public key in the digital certificate. Receiving the encrypted hash value through the first private network, and encrypting the hash value and number The image of the word certificate and the electronic signature is synthesized into an electronic document, which solves the problem of high implementation cost of the U-Shield signature scheme in the prior art, reduces the user cost, and utilizes the digital certificate stored in the third-party certification center. The private key corresponding to the public key encrypts the hash value, and then combines the digital certificate and the encrypted hash value into the electronic document, thereby improving the credibility of the electronic signature, and at the same time, the electronic document can be leaked to the electronic document. Other unrelated businesses ensure the commercial security of electronic documents.
图4A示出了根据本发明的又一示例性实施例的实现电子签章的方法的流程示意图,图4B示出了根据本发明的又一示例性实施例的实现电子签章的方法的场景图;本实施例以电子文档来自第三业务平台提供为例进行示例性说明。如图4A所示,实现电子签章的方法包括如下步骤:4A shows a flow diagram of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention, and FIG. 4B illustrates a scenario of a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention. FIG. 1 is an exemplary embodiment of an electronic document provided from a third service platform. As shown in FIG. 4A, the method for implementing an electronic signature includes the following steps:
步骤401,确定待签章的电子文档的哈希值;Step 401: Determine a hash value of the electronic document to be signed;
步骤402,将电子文档的哈希值、第二秘钥通过第二专用网络发送给第三方业务平台,其中,第二秘钥为签章服务器和第三方业务平台之间预设的秘钥或者共同协商的密钥;Step 402: Send the hash value and the second key of the electronic document to the third-party service platform through the second private network, where the second key is a preset key between the signature server and the third-party service platform or Keys for mutual negotiation;
步骤403,通过第二专用网络接收加密后的哈希值;Step 403: Receive an encrypted hash value through the second private network.
步骤404,将加密后的哈希值、数字证书和电子签章的图片合成到电子文档中。Step 404: Synthesize the encrypted hash value, the digital certificate, and the electronic signature picture into an electronic document.
上述步骤401的描述可以参见上述步骤101的相关描述,在此不再详述。For the description of the above step 401, refer to the related description of the above step 101, which will not be described in detail herein.
在步骤402和步骤403中,在一实施例中,第二专用网络可以为连接在签章服务器和第三方业务平台的专用通信网络,在该专用通信网络中未接入其他设备,通过第二专用网络传输哈希值和加密后的哈希值,可以确保哈希值的安全性。在一实施例中,第三方业务平台可以为上述实施例中的第一业务平台、第二业务平台、第三业务平台等能够提供电子文档的平台。In step 402 and step 403, in an embodiment, the second private network may be a dedicated communication network connected to the signature server and the third-party service platform, in which no other device is accessed, and the second The private network transmits the hash value and the encrypted hash value to ensure the security of the hash value. In an embodiment, the third-party service platform may be a platform that can provide an electronic document, such as the first service platform, the second service platform, and the third service platform in the foregoing embodiment.
上述步骤404的描述可以参见上述步骤103的相关描述,在此不再详。For the description of the above step 404, refer to the related description of the above step 103, which will not be described in detail herein.
作为一个示例性场景,如图4B所示,签章服务器41从第三方业务平台42获取电子文档,采用哈希算法提取电子文档的哈希值,将哈希值传输给第三方业务平台42的加密机,由第三方业务平台42的加密机通过第二秘钥对哈希值进行加密,然后第三业务平台42将加密后的哈希值返还给的签章服务 器41,签章服务器41将加密后的哈希值、数字证书、电子签章合成到电子文档中,进而可以将电子文档提供给用户。As an exemplary scenario, as shown in FIG. 4B, the signature server 41 acquires an electronic document from the third-party service platform 42, extracts a hash value of the electronic document by using a hash algorithm, and transmits the hash value to the third-party service platform 42. The encryption machine encrypts the hash value by the encryption machine of the third-party service platform 42 through the second key, and then the third service platform 42 returns the encrypted hash value to the signature service. The signature server 41 synthesizes the encrypted hash value, the digital certificate, and the electronic signature into the electronic document, thereby providing the electronic document to the user.
本实施例可以满足第三方业务平台42要求保管与数字证书中的公钥相对应的私钥的需求,提高了电子签章方式的灵活性。This embodiment can meet the requirement that the third-party service platform 42 requires the private key corresponding to the public key in the digital certificate to be stored, and the flexibility of the electronic signature mode is improved.
通过上述实施例,可以在不同的业务场景中有着不同的电子签章的适用方案,因此在发挥各种电子签章的使用方案的优势时,满足了个性化的业务需求。Through the above embodiments, different electronic signatures can be applied in different service scenarios. Therefore, when the advantages of various electronic signatures are utilized, personalized service requirements are satisfied.
对应于上述的实现电子签章的方法,本申请还提出了图5所示的根据本申请的一示例性实施例的签章服务器的示意结构图。请参考图5,在硬件层面,该网络服务器包括处理器、内部总线、网络接口、内存以及非易失性存储器,当然还可能包括其他业务所需要的硬件。处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,在逻辑层面上形成实现电子签章的装置。当然,除了软件实现方式之外,本申请并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。Corresponding to the above method for implementing an electronic signature, the present application also proposes a schematic structural diagram of the signature server according to an exemplary embodiment of the present application shown in FIG. 5. Referring to FIG. 5, at the hardware level, the network server includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may of course include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into memory and then runs, forming a device implementing the electronic signature on a logical level. Of course, in addition to the software implementation, the present application does not exclude other implementation manners, such as a logic device or a combination of software and hardware, etc., that is, the execution body of the following processing flow is not limited to each logical unit, and may be Hardware or logic device.
图6为根据本发明的一示例性实施例的实现电子签章的装置的结构示意图;如图6所示,该实现电子签章的装置可以包括:确定模块61、第一加密模块62、签章合成模块63。其中:FIG. 6 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention; as shown in FIG. 6, the apparatus for implementing an electronic signature may include: a determining module 61, a first encryption module 62, and a signing Chapter Synthesis Module 63. among them:
确定模块61,用于确定待签章的电子文档的哈希值;a determining module 61, configured to determine a hash value of the electronic document to be signed;
第一加密模块62,用于对确定模块61确定的哈希值采用与数字证书中的公钥相对应的私钥进行加密;The first encryption module 62 is configured to encrypt the hash value determined by the determining module 61 by using a private key corresponding to the public key in the digital certificate;
签章合成模块63,用于将第一加密模块62加密后的哈希值、数字证书和电子签章的图片合成到电子文档中。The signature synthesizing module 63 is configured to synthesize the hashed value of the first encryption module 62, the digital certificate, and the electronic signature into the electronic document.
图7为根据本发明的一示例性实施例的实现电子签章的装置的结构示意图;如图7所示,在上述图6所示实施例的基础上,第一加密模块62可包括:FIG. 7 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention; as shown in FIG. 7, on the basis of the foregoing embodiment shown in FIG. 6, the first encryption module 62 may include:
获取单元621,用于获取数字证书以及与数字证书中的公钥相对应的私钥,该私钥是经过加密的; The obtaining unit 621 is configured to obtain a digital certificate and a private key corresponding to the public key in the digital certificate, where the private key is encrypted;
解密单元622,用于对获取单元获621取到的经过加密的私钥进行解密;The decrypting unit 622 is configured to decrypt the encrypted private key obtained by the obtaining unit 621;
加密单元623,用于采用解密单元622解密后的私钥对哈希值进行加密。The encryption unit 623 is configured to encrypt the hash value by using the private key decrypted by the decryption unit 622.
在一实施例中,装置还可包括:In an embodiment, the apparatus may further include:
第二加密模块64,用于通过第一秘钥对与数字证书中的公钥相对应的私钥进行加密;a second encryption module 64, configured to encrypt, by using the first key, a private key corresponding to the public key in the digital certificate;
存储模块65,用于存储第二加密模块64加密后的私钥和数字证书。The storage module 65 is configured to store the encrypted private key and the digital certificate by the second encryption module 64.
在一实施例中,数字证书和加密后的私钥从云端数据库获取。In an embodiment, the digital certificate and the encrypted private key are obtained from a cloud database.
在一实施例中,第一加密模块62可包括:In an embodiment, the first encryption module 62 can include:
第一发送单元624,用于将电子文档的哈希值通过第一专用网络发送给第三方认证中心,其中,第三方认证中心用于生成数字证书并采用与数字证书中的公钥相对应的私钥对哈希值加密;The first sending unit 624 is configured to send the hash value of the electronic document to the third-party authentication center by using the first private network, where the third-party authentication center is configured to generate a digital certificate and adopt a public key corresponding to the digital certificate. The private key encrypts the hash value;
第一接收单元625,用于通过第一专用网络接收来自第三方认证中心加密后的哈希值。The first receiving unit 625 is configured to receive, by using the first private network, the encrypted hash value from the third-party authentication center.
在一实施例中,第一专用网络为连接在签章服务器和第三方认证中心的专用通信网络。In an embodiment, the first private network is a dedicated communication network connected to the signature server and the third party certificate authority.
在一实施例中,装置还可包括:In an embodiment, the apparatus may further include:
发送模块66,用于将电子文档的哈希值、第二秘钥通过第二专用网络发送给第三方业务平台,其中,第二秘钥为签章服务器和第三方业务平台之间预设的秘钥;The sending module 66 is configured to send the hash value and the second key of the electronic document to the third-party service platform by using the second private network, where the second key is preset between the signature server and the third-party service platform. Secret key;
接收模块67,用于通过第二专用网络接收来自第三方认证中心加密后的哈希值。The receiving module 67 is configured to receive the encrypted hash value from the third-party authentication center through the second private network.
上述实施例可见,可以在不同的业务场景中有着不同的电子签章的适用方案,因此在发挥各种电子签章的使用方案的优势时,满足了个性化业务需求。The above embodiments can be seen that different electronic signatures can be applied in different service scenarios. Therefore, when the advantages of various electronic signatures are utilized, the personalized service requirements are met.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本申请的其它实施方案。本申请旨在涵盖本申请的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本申请的一般性原理并包括本申 请未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本申请的真正范围和精神由下面的权利要求指出。Other embodiments of the present application will be readily apparent to those skilled in the <RTIgt; The application is intended to cover any variations, uses, or adaptations of the application, which are in accordance with the general principles of the application and include the present application. Common knowledge or conventional techniques in the art are not disclosed. The specification and examples are to be regarded as illustrative only,
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It is also to be understood that the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, Other elements not explicitly listed, or elements that are inherent to such a process, method, commodity, or equipment. An element defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device including the element.
以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。 The above is only the preferred embodiment of the present application, and is not intended to limit the present application. Any modifications, equivalent substitutions, improvements, etc., which are made within the spirit and principles of the present application, should be included in the present application. Within the scope of protection.

Claims (18)

  1. 一种实现电子签章的方法,其特征在于,应用于签章服务器上,所述方法包括:A method for implementing an electronic signature, characterized in that it is applied to a signature server, the method comprising:
    确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
    对所述哈希值采用与数字证书中的公钥相对应的私钥进行加密;Encrypting the hash value with a private key corresponding to the public key in the digital certificate;
    将所述加密后的哈希值、数字证书和电子签章的图片合成到所述电子文档中。The encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
  2. 根据权利要求1所述的方法,其特征在于,所述对所述哈希值采用与数字证书中的公钥相对应的私钥进行加密,包括:The method according to claim 1, wherein said encrypting said hash value with a private key corresponding to a public key in a digital certificate comprises:
    获取数字证书以及与所述数字证书中的公钥相对应的私钥,该私钥是经过加密的;Obtaining a digital certificate and a private key corresponding to the public key in the digital certificate, the private key being encrypted;
    对所述经过加密的私钥进行解密;Decrypting the encrypted private key;
    采用所述解密后的私钥对所述哈希值进行加密。The hash value is encrypted using the decrypted private key.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    通过第一秘钥对所述私钥进行加密;Encrypting the private key by using a first key;
    存储所述数字证书和加密后的私钥。The digital certificate and the encrypted private key are stored.
  4. 根据权利要求2所述的方法,其特征在于,所述数字证书和所述经过加密的私钥从云端数据库获取。The method of claim 2 wherein said digital certificate and said encrypted private key are obtained from a cloud database.
  5. 根据权利要求1所述的方法,其特征在于,所述对所述哈希值采用与数字证书中的公钥相对应的私钥进行加密,包括:The method according to claim 1, wherein said encrypting said hash value with a private key corresponding to a public key in a digital certificate comprises:
    将所述电子文档的所述哈希值通过第一专用网络发送给第三方认证中心,其中,所述第三方认证中心用于生成所述数字证书并采用与所述数字证书中的公钥相对应的私钥对所述哈希值加密;Sending the hash value of the electronic document to a third-party authentication center through a first private network, where the third-party authentication center is configured to generate the digital certificate and adopt a public key in the digital certificate The corresponding private key encrypts the hash value;
    通过所述第一专用网络接收来自所述第三方认证中心加密后的所述哈希值。Receiving, by the first private network, the hash value encrypted from the third-party authentication center.
  6. 根据权利要求5所述的方法,其特征在于,所述第一专用网络为连接 在所述签章服务器和所述第三方认证中心的专用通信网络。The method of claim 5 wherein said first private network is a connection A dedicated communication network at the signature server and the third party certification authority.
  7. 一种实现电子签章的方法,其特征在于,应用于签章服务器上,所述方法包括:A method for implementing an electronic signature, characterized in that it is applied to a signature server, the method comprising:
    确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
    将所述电子文档的所述哈希值、第二秘钥通过第二专用网络发送给所述第三方业务平台,所述第二秘钥为所述签章服务器和所述第三方业务平台之间预设的秘钥;Transmitting the hash value and the second key of the electronic document to the third-party service platform by using a second private network, where the second key is the signature server and the third-party service platform Pre-set secret key;
    在所述第三方业务平台采用所述第二秘钥对所述哈希值进行加密后,通过所述第二专用网络接收加密后的哈希值;After the third-party service platform encrypts the hash value by using the second key, receiving the encrypted hash value through the second private network;
    将所述加密后的哈希值、数字证书和电子签章的图片合成到所述电子文档中。The encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
  8. 根据权利要求7所述的方法,其特征在于,所述第二专用网络为连接在签章服务器和所述第三业务平台的专用通信网络。The method of claim 7 wherein said second private network is a private communication network coupled between the signature server and said third service platform.
  9. 一种实现电子签章的装置,其特征在于,所述装置包括:An apparatus for implementing an electronic signature, characterized in that the apparatus comprises:
    确定模块,用于确定待签章的电子文档的哈希值;a determining module for determining a hash value of the electronic document to be signed;
    第一加密模块,用于对所述确定模块确定的所述哈希值采用与数字证书中的公钥相对应的私钥进行加密;a first encryption module, configured to encrypt, by using a private key corresponding to the public key in the digital certificate, the hash value determined by the determining module;
    签章合成模块,用于将所述第一加密模块加密后的所述哈希值、所述数字证书和所述电子签章的图片合成到所述电子文档中。And a signature synthesizing module, configured to synthesize the hash value encrypted by the first encryption module, the digital certificate, and the picture of the electronic signature into the electronic document.
  10. 根据权利要求9所述的装置,其特征在于,所述第一加密模块包括:The apparatus according to claim 9, wherein the first encryption module comprises:
    获取单元,用于获取数字证书以及与所述数字证书中的公钥相对应的私钥,该私钥是经过加密的;An obtaining unit, configured to obtain a digital certificate and a private key corresponding to the public key in the digital certificate, the private key is encrypted;
    解密单元,用于对所述获取单元获取到的所述经过加密的私钥进行解密;a decryption unit, configured to decrypt the encrypted private key acquired by the acquiring unit;
    加密单元,用于采用所述解密单元解密后的所述私钥对所述哈希值进行加密。And an encryption unit, configured to encrypt the hash value by using the private key decrypted by the decryption unit.
  11. 根据权利要求10所述的装置,其特征在于,所述装置还包括:The device according to claim 10, wherein the device further comprises:
    第二加密模块,用于通过第一秘钥对与所述数字证书中的公钥相对应的 私钥进行加密;a second encryption module, configured to correspond to a public key in the digital certificate by using a first key pair The private key is encrypted;
    存储模块,用于存储所述数字证书和与所述数字证书中的公钥相对应的私钥。And a storage module, configured to store the digital certificate and a private key corresponding to the public key in the digital certificate.
  12. 根据权利要求10所述的装置,其特征在于,所述数字证书和所述加密后的私钥从云端数据库获取。The apparatus according to claim 10, wherein said digital certificate and said encrypted private key are obtained from a cloud database.
  13. 根据权利要求9所述的装置,其特征在于,所述第一加密模块包括:The apparatus according to claim 9, wherein the first encryption module comprises:
    第一发送单元,用于将所述电子文档的所述哈希值通过第一专用网络发送给所述第三方认证中心,其中,所述第三方认证中心用于生成所述数字证书并采用与所述数字证书中的公钥相对应的私钥对所述哈希值加密;a first sending unit, configured to send the hash value of the electronic document to the third-party authentication center by using a first private network, where the third-party authentication center is configured to generate the digital certificate and adopt Encrypting the hash value by a private key corresponding to the public key in the digital certificate;
    第一接收单元,用于通过所述第一专用网络接收来自所述第三方认证中心加密后的所述哈希值。And a first receiving unit, configured to receive, by using the first private network, the hash value encrypted by the third-party authentication center.
  14. 根据权利要求13所述的装置,其特征在于,所述第一专用网络为连接在所述签章服务器和所述第三方认证中心的专用通信网络。The apparatus of claim 13 wherein said first private network is a private communication network coupled to said signature server and said third party authentication center.
  15. 根据权利要求9所述的装置,其特征在于,所述装置还包括:The device according to claim 9, wherein the device further comprises:
    发送模块,用于将所述电子文档的所述哈希值、第二秘钥通过第二专用网络发送给所述第三业务平台,所述第二秘钥为所述签章服务器和所述第三方业务平台之间预设的秘钥;a sending module, configured to send the hash value and the second key of the electronic document to the third service platform by using a second private network, where the second key is the signature server and the a preset key between third-party service platforms;
    接收模块,用于通过所述第二专用网络接收来自所述第三方认证中心加密后的所述哈希值。And a receiving module, configured to receive, by using the second private network, the hash value encrypted by the third-party authentication center.
  16. 根据权利要求15所述的装置,其特征在于,所述第二专用网络为连接在签章服务器和所述第三业务平台的专用通信网络。The apparatus of claim 15 wherein said second private network is a private communication network coupled between the signature server and said third service platform.
  17. 一种签章服务器,其特征在于,所述签章服务器包括:A signature server, wherein the signature server comprises:
    处理器;processor;
    用于存储处理器可执行指令的存储器;a memory for storing processor executable instructions;
    其中,所述处理器被配置为:Wherein the processor is configured to:
    确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
    对所述哈希值采用与数字证书中的公钥相对应的私钥进行加密; Encrypting the hash value with a private key corresponding to the public key in the digital certificate;
    将加密后的所述哈希值、所述数字证书和电子签章的图片合成到所述电子文档中。The encrypted hash value, the digital certificate, and the picture of the electronic signature are synthesized into the electronic document.
  18. 一种签章服务器,其特征在于,所述签章服务器包括:A signature server, wherein the signature server comprises:
    处理器;processor;
    用于存储处理器可执行指令的存储器;a memory for storing processor executable instructions;
    其中,所述处理器被配置为:Wherein the processor is configured to:
    确定待签章的电子文档的哈希值;Determining the hash value of the electronic document to be signed;
    将所述电子文档的所述哈希值、第二秘钥通过第二专用网络发送给所述第三方业务平台,所述第二秘钥由所述签章服务器和所述第三方业务平台之间预设的秘钥;Transmitting the hash value and the second key of the electronic document to the third-party service platform by using a second private network, where the second key is used by the signature server and the third-party service platform Pre-set secret key;
    在所述第三方业务平台采用所述第二秘钥对所述哈希值进行加密后,通过所述第二专用网络接收所述加密后的所述哈希值;After the third-party service platform encrypts the hash value by using the second key, receiving the encrypted hash value through the second private network;
    将所述加密后的哈希值、数字证书和电子签章的图片合成到所述电子文档中。 The encrypted hash value, digital certificate, and electronic signature picture are synthesized into the electronic document.
PCT/CN2016/091524 2015-08-07 2016-07-25 Electronic signing method, device and signing server WO2017024934A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510484844.2 2015-08-07
CN201510484844.2A CN106452775B (en) 2015-08-07 2015-08-07 Method and device for realizing electronic signature and signature server

Publications (1)

Publication Number Publication Date
WO2017024934A1 true WO2017024934A1 (en) 2017-02-16

Family

ID=57982965

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/091524 WO2017024934A1 (en) 2015-08-07 2016-07-25 Electronic signing method, device and signing server

Country Status (2)

Country Link
CN (1) CN106452775B (en)
WO (1) WO2017024934A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110266469A (en) * 2019-06-18 2019-09-20 江苏慧世联网络科技有限公司 A kind of remote online electronic signature method based on WEB script data stream operation
CN110532808A (en) * 2019-08-20 2019-12-03 江西金格科技股份有限公司 A kind of electronic signature method based on electronic document image object
CN110555311A (en) * 2019-07-22 2019-12-10 航天信息股份有限公司 Electronic signature system security design method and system based on pure soft cryptographic operation
CN110837634A (en) * 2019-10-24 2020-02-25 杭州安存网络科技有限公司 Electronic signature method based on hardware encryption machine
CN111277417A (en) * 2020-01-15 2020-06-12 浙江华云信息科技有限公司 Electronic signature implementation method based on national network security technology architecture
CN111865605A (en) * 2020-06-11 2020-10-30 天地融科技股份有限公司 Electronic signature method and terminal, and electronic signature verification method and terminal
CN113391880A (en) * 2021-06-21 2021-09-14 西安超越申泰信息科技有限公司 Trusted mirror image transmission method for layered double hash verification
CN113537965A (en) * 2021-07-09 2021-10-22 萨摩亚商恩旺股份有限公司 Solid modeling and non-homogenization virtual and anti-counterfeiting integration system
CN113656766A (en) * 2021-08-02 2021-11-16 中金金融认证中心有限公司 Method, system and storage medium for signing seal on electronic document
CN114676451A (en) * 2020-12-24 2022-06-28 航天信息股份有限公司 Electronic document signature method and device, storage medium and electronic equipment
CN114978772A (en) * 2022-07-27 2022-08-30 北京惠朗时代科技有限公司 Separated storage electronic signature encryption protection system based on Internet
CN116436618A (en) * 2023-06-07 2023-07-14 江苏意源科技有限公司 Intelligent code scanning signature system and intelligent code scanning signature method
CN117150532A (en) * 2023-10-30 2023-12-01 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium
CN117692152A (en) * 2024-02-04 2024-03-12 杭州天谷信息科技有限公司 Signature verification network-based signature method, signature verification method and certificate issuing method

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018218465A1 (en) * 2017-05-27 2018-12-06 深圳市大疆创新科技有限公司 Electronic signature system, electronic signature server and electronic signature method
CN107344454B (en) * 2017-07-27 2020-06-30 上海策赢网络科技有限公司 Digital seal generation method, service request and providing method and electronic equipment
CN108038772A (en) * 2018-01-24 2018-05-15 上海百昌拍卖有限公司 Subject matter auction system and device
CN108074175A (en) * 2018-01-24 2018-05-25 上海百昌拍卖有限公司 Electronic signature method and device
CN108320224A (en) * 2018-01-24 2018-07-24 上海百昌拍卖有限公司 Subject matter auction system and device
CN109614802B (en) * 2018-10-31 2020-11-27 如般量子科技有限公司 Anti-quantum-computation signature method and signature system
CN109600228B (en) * 2018-10-31 2021-07-27 如般量子科技有限公司 Anti-quantum-computation signature method and system based on public key pool
CN109756341B (en) * 2018-12-05 2022-03-11 新华三技术有限公司 Electronic signature method and device
CN109697603A (en) * 2018-12-27 2019-04-30 中国移动通信集团江苏有限公司 Guard method, device, equipment and the medium of E-seal
CN111291392B (en) * 2020-01-22 2022-09-06 京东科技控股股份有限公司 Electronic signature method and device, electronic equipment and storage medium
CN111865572B (en) * 2020-06-11 2023-01-31 天地融科技股份有限公司 Method and system for joint signature

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132195A1 (en) * 2003-12-16 2005-06-16 Josef Dietl Electronic signing apparatus and methods
CN101714222A (en) * 2008-10-08 2010-05-26 刘学明 Safe electronic stamping method based on notarization stamp of notarization institution
CN103259665A (en) * 2013-05-28 2013-08-21 福建伊时代信息科技股份有限公司 Method and system of electronic signature
CN103873255A (en) * 2014-03-03 2014-06-18 杭州电子科技大学 Electronic contract off-line signing method based on trusted third party

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003304243A (en) * 2002-04-12 2003-10-24 Mitsubishi Electric Information Systems Corp Electronic signature program
CN101022339A (en) * 2007-03-23 2007-08-22 郭传真 Electronic sign stamp identifying method combined with digital centifi cate and stamp
CN101369889B (en) * 2007-08-13 2010-12-22 兆日科技(深圳)有限公司 Method for electronic endorsement of document

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132195A1 (en) * 2003-12-16 2005-06-16 Josef Dietl Electronic signing apparatus and methods
CN101714222A (en) * 2008-10-08 2010-05-26 刘学明 Safe electronic stamping method based on notarization stamp of notarization institution
CN103259665A (en) * 2013-05-28 2013-08-21 福建伊时代信息科技股份有限公司 Method and system of electronic signature
CN103873255A (en) * 2014-03-03 2014-06-18 杭州电子科技大学 Electronic contract off-line signing method based on trusted third party

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110266469A (en) * 2019-06-18 2019-09-20 江苏慧世联网络科技有限公司 A kind of remote online electronic signature method based on WEB script data stream operation
CN110266469B (en) * 2019-06-18 2022-11-29 江苏慧世联网络科技有限公司 Remote online electronic signature method based on WEB script data stream operation
CN110555311A (en) * 2019-07-22 2019-12-10 航天信息股份有限公司 Electronic signature system security design method and system based on pure soft cryptographic operation
CN110532808A (en) * 2019-08-20 2019-12-03 江西金格科技股份有限公司 A kind of electronic signature method based on electronic document image object
CN110532808B (en) * 2019-08-20 2023-04-11 江西金格科技有限公司 Electronic signature method based on electronic document image object
CN110837634A (en) * 2019-10-24 2020-02-25 杭州安存网络科技有限公司 Electronic signature method based on hardware encryption machine
CN110837634B (en) * 2019-10-24 2023-10-27 杭州安存网络科技有限公司 Electronic signature method based on hardware encryption machine
CN111277417A (en) * 2020-01-15 2020-06-12 浙江华云信息科技有限公司 Electronic signature implementation method based on national network security technology architecture
CN111277417B (en) * 2020-01-15 2023-12-29 浙江华云信息科技有限公司 Electronic signature implementation method based on national network security technology architecture
CN111865605A (en) * 2020-06-11 2020-10-30 天地融科技股份有限公司 Electronic signature method and terminal, and electronic signature verification method and terminal
CN111865605B (en) * 2020-06-11 2023-07-21 天地融科技股份有限公司 Electronic signature method and terminal, electronic signature verification method and terminal
CN114676451A (en) * 2020-12-24 2022-06-28 航天信息股份有限公司 Electronic document signature method and device, storage medium and electronic equipment
CN113391880B (en) * 2021-06-21 2023-04-07 超越科技股份有限公司 Trusted mirror image transmission method for layered double hash verification
CN113391880A (en) * 2021-06-21 2021-09-14 西安超越申泰信息科技有限公司 Trusted mirror image transmission method for layered double hash verification
CN113537965A (en) * 2021-07-09 2021-10-22 萨摩亚商恩旺股份有限公司 Solid modeling and non-homogenization virtual and anti-counterfeiting integration system
CN113656766A (en) * 2021-08-02 2021-11-16 中金金融认证中心有限公司 Method, system and storage medium for signing seal on electronic document
CN113656766B (en) * 2021-08-02 2024-04-12 中金金融认证中心有限公司 Method, system and storage medium for signing electronic document with saddle stitch chapter
CN114978772A (en) * 2022-07-27 2022-08-30 北京惠朗时代科技有限公司 Separated storage electronic signature encryption protection system based on Internet
CN116436618A (en) * 2023-06-07 2023-07-14 江苏意源科技有限公司 Intelligent code scanning signature system and intelligent code scanning signature method
CN116436618B (en) * 2023-06-07 2023-08-22 江苏意源科技有限公司 Intelligent code scanning signature system and intelligent code scanning signature method
CN117150532A (en) * 2023-10-30 2023-12-01 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium
CN117150532B (en) * 2023-10-30 2024-01-26 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium
CN117692152A (en) * 2024-02-04 2024-03-12 杭州天谷信息科技有限公司 Signature verification network-based signature method, signature verification method and certificate issuing method
CN117692152B (en) * 2024-02-04 2024-05-31 杭州天谷信息科技有限公司 Signature verification network-based signature method, signature verification method and certificate issuing method

Also Published As

Publication number Publication date
CN106452775A (en) 2017-02-22
CN106452775B (en) 2020-01-14

Similar Documents

Publication Publication Date Title
WO2017024934A1 (en) Electronic signing method, device and signing server
US12093419B2 (en) Methods and devices for managing user identity authentication data
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US10673632B2 (en) Method for managing a trusted identity
TWI725793B (en) System and method for mapping decentralized identifiers to real-world entities
US10944563B2 (en) Blockchain systems and methods for user authentication
WO2020192773A1 (en) Digital identity authentication method, device, apparatus and system, and storage medium
CN110798315B (en) Data processing method and device based on block chain and terminal
EP3437322B1 (en) Providing low risk exceptional access
CA3061808A1 (en) Securely executing smart contract operations in a trusted execution environment
JP2023502346A (en) Quantum secure networking
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN113162752B (en) Data processing method and device based on hybrid homomorphic encryption
TWI734729B (en) Method and device for realizing electronic signature and signature server
US11997075B1 (en) Signcrypted envelope message
US20230124498A1 (en) Systems And Methods For Whitebox Device Binding
WO2017107642A1 (en) Text processing method, apparatus and system for secure input method
KR102475434B1 (en) Security method and system for crypto currency
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
WO2016074124A1 (en) A system and method for facilitating a financial transaction between a payer and a payee
JP2004086599A (en) Credit card information management device, management method, and program thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16834558

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16834558

Country of ref document: EP

Kind code of ref document: A1