CN110730080A - Signed document client and server based on private key self-support - Google Patents

Signed document client and server based on private key self-support Download PDF

Info

Publication number
CN110730080A
CN110730080A CN201910986633.7A CN201910986633A CN110730080A CN 110730080 A CN110730080 A CN 110730080A CN 201910986633 A CN201910986633 A CN 201910986633A CN 110730080 A CN110730080 A CN 110730080A
Authority
CN
China
Prior art keywords
signature
private key
signed
client
signing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910986633.7A
Other languages
Chinese (zh)
Inventor
尹永政
李媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhihui Xinyuan Technology Co Ltd
Original Assignee
Beijing Zhihui Xinyuan Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhihui Xinyuan Technology Co Ltd filed Critical Beijing Zhihui Xinyuan Technology Co Ltd
Priority to CN201910986633.7A priority Critical patent/CN110730080A/en
Publication of CN110730080A publication Critical patent/CN110730080A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Document Processing Apparatus (AREA)

Abstract

The invention discloses a private key self-holding-based signed document client and a server, wherein the client sends an acquired digital certificate and a signature picture to the server, and the server performs pre-signature processing on a pdf document to be signed according to the digital certificate and the signature picture to obtain a pre-signature original text and sends the pre-signature original text to the client; the client signs the pre-signed original text by using the private key to obtain a signature value, and sends the signature value and the pre-signed original text to the server; and the server performs merging processing according to the signature value and the pre-signature original text to obtain a signed document. The private key of the application is self-supported by the user, all data signatures and signs must be actively initiated by the user at the client and follow-up operation can be completed according to the private key, the signing is guaranteed to be executed according to the will of the user, and safe and convenient signing is achieved.

Description

Signed document client and server based on private key self-support
Technical Field
The invention relates to the technical field of information security, in particular to a signed document client and a signed document server based on private key self-holding.
Background
With the construction and development of information technology, a large number of business data documents are mutually transmitted through a network, and an offline paper contract is signed online.
In the public key cryptosystem, in order to ensure the security of the key, the key of the user is usually stored in special cryptographic hardware, such as Ukey, SmartCard, and the key cannot be derived from the cryptographic hardware.
However, in some cases, for example, due to the cost, or due to the lack of suitable cryptographic hardware (such as a mobile communication terminal), the user cannot rely on the cryptographic hardware to store the secret key and then use the secret key to perform digital signature, but both the private key and the document to be signed are stored, and when the user triggers the signing process, the signing is automatically performed until the whole process is completed. The problems that easily occur in this process are: the private key is located and may be stolen by others, so that an unintended document signing result appears.
Disclosure of Invention
The invention aims to provide a private key self-supporting document signing client and a private key self-supporting document signing server, which improve the security of document signing.
In order to achieve the purpose, the invention provides the following scheme:
a private key self-sustaining based cloud signing client, the client comprising:
the acquisition module is used for acquiring a digital certificate, a signature picture and a private key and sending the digital certificate and the signature picture to a server;
the receiving module is used for receiving pdf documents to be signed processed by the server according to the digital certificate and the signature pictures to obtain pre-signature original texts;
the signature module is used for signing the pre-signed original text by using the private key to obtain a signature value;
and the sending module is used for sending the signature value and the pre-signature original text to the server to obtain a signed document.
Optionally, the client obtains the digital certificate, the signature picture and the private key from the Ukey.
Optionally, a position where the signature value is written is reserved in the pre-signature original text.
Optionally, the signature module specifically includes:
the range acquisition unit is used for acquiring the range of the digital abstract required to be calculated in the pre-signed original text;
the hash processing unit is used for carrying out hash operation on the range of the digital abstract to obtain the digital abstract;
and the signature unit is used for signing the digital abstract to obtain the signature value.
Optionally, the signed document is obtained by writing the signature value into the position of the signature value.
A private key self-sustaining based cloud signing server, the server comprising:
the receiving module is used for receiving the digital certificate and the signature picture sent by the client;
the document processing module is used for processing the pdf document to be signed by using the digital certificate and the signature picture to obtain a pre-signature original text and sending the pre-signature original text to the client;
and the document signing module is used for receiving the pre-signed original text and a signature value obtained after the client signs the pre-signed original text according to a private key, and combining the pre-signed original text and the signature value to obtain a signed document.
Optionally, the client obtains the digital certificate, the signature picture and the private key from the Ukey.
Optionally, a position where the signature value is written is reserved in the pre-signature original text.
Optionally, the client signs the pre-signed original text according to a private key to obtain a signature value, and specifically includes:
acquiring the range of the digital abstract required to be calculated in the pre-signed original text;
carrying out Hash processing on the range of the digital abstract to obtain the digital abstract;
and signing the digital digest to form the signature value.
Optionally, the signed document is obtained by writing the signature value into the position of the signature value.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the client side acquires a digital certificate and a signature picture and sends the digital certificate and the signature picture to the server, and the server performs pre-signature processing on a pdf document to be signed according to the digital certificate and the signature picture to obtain a pre-signature original text and sends the pre-signature original text to the client side; the client signs the pre-signed original text by using the private key to obtain a signature value, and sends the signature value and the pre-signed original text to the server; and the server performs merging processing according to the signature value and the pre-signature original text to obtain a signed document. The private key of the application is self-supported by the user, all data signatures and signs must be actively initiated by the user at the client and follow-up operation can be completed according to the private key, the signing is guaranteed to be executed according to the will of the user, and safe and convenient signing is achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a private key self-sustaining based signed document client provided by an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a private key self-supporting based signing document server provided by an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a signing document client and a signing document server based on private key self-support, which ensure that document signing is executed according to the will of a user on the premise of private key self-support, and improve the security of document signing.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Examples
As shown in fig. 1, the private key self-sustaining based signed document client provided by the present embodiment includes: an acquisition module 101, a receiving module 102, a signature module 103 and a sending module 104.
The acquisition module 101 is configured to acquire a digital certificate, a signature picture, and a private key, and send the digital certificate and the signature picture to a server.
The receiving module 102 is configured to receive a pdf document to be signed, which is obtained after the server processes the pdf document to be signed according to the digital certificate and the signature picture.
The signature module 103 is configured to sign the pre-signed original text by using the private key to obtain a signature value.
The sending module 104 is configured to send the signature value and the pre-signature original text to the server, so as to obtain a signed document.
The private key of the application is self-supported by the user, all data signatures and signs must be actively initiated by the user at the client and follow-up operation can be completed according to the private key, the signing is guaranteed to be executed according to the will of the user, and safe and convenient signing is achieved.
And the client acquires the digital certificate, the signature picture and the private key from the Ukey.
In a specific implementation process, the digital certificate and the signature picture are written into a pdf document to be signed according to pdf format requirements, and a position where the signature value is written is reserved to form a pre-signature original text.
The signature module 103 specifically includes:
and the range acquisition unit is used for acquiring the range of the digital abstract required to be calculated in the pre-signed original text.
And the hash processing unit is used for carrying out hash operation on the range of the digital abstract to obtain the digital abstract.
And the signature unit is used for signing the digital abstract to obtain the signature value.
And writing the signature value into the position of the signature value to finish the signing of the document.
The invention also includes a server corresponding to the signed document client based on private key self-support, the server includes: a receiving module 201, a document processing module 202 and a document signing module 203.
The receiving module 201 is configured to receive a digital certificate and a signature picture sent by a client.
The document processing module 202 is configured to process the pdf document to be signed by using the digital certificate and the signature image to obtain a pre-signature original text, and send the pre-signature original text to the client.
The document signing module 203 is configured to receive the pre-signed original text and a signature value obtained by the client signing the pre-signed original text according to a private key, and merge the pre-signed original text and the signature value to obtain a signed document.
And the client acquires the digital certificate, the signature picture and the private key from the Ukey.
The client side signs the pre-signed original text according to a private key to obtain a signature value, and the signature value specifically comprises the following steps:
acquiring the range of the digital abstract required to be calculated in the pre-signed original text;
carrying out Hash processing on the range of the digital abstract to obtain the digital abstract;
and signing the digital digest to form the signature value.
And reserving a position for writing the signature value in the pre-signature original text, and writing the signature value in the position of the signature value to finish signing the document.
For the server disclosed by the embodiment, since the server corresponds to the client disclosed by the embodiment, the description is simple, and for relevant points, reference may be made to the description of the client.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (10)

1. A private key self-sustaining based cloud signing client, the client comprising:
the acquisition module is used for acquiring a digital certificate, a signature picture and a private key and sending the digital certificate and the signature picture to a server;
the receiving module is used for receiving pdf documents to be signed processed by the server according to the digital certificate and the signature pictures to obtain pre-signature original texts;
the signature module is used for signing the pre-signed original text by using the private key to obtain a signature value;
and the sending module is used for sending the signature value and the pre-signature original text to the server to obtain a signed document.
2. The private key self-sustaining based cloud signing client of claim 1, wherein the client obtains the digital certificate, the signature picture and the private key from Ukey.
3. The private key self-sustaining based cloud signing client of claim 1, wherein a location for writing the signature value is reserved in the pre-signed text.
4. The private key self-sustaining based cloud signing client of claim 1, wherein the signature module specifically comprises:
the range acquisition unit is used for acquiring the range of the digital abstract required to be calculated in the pre-signed original text;
the hash processing unit is used for carrying out hash operation on the range of the digital abstract to obtain the digital abstract;
and the signature unit is used for signing the digital abstract to obtain the signature value.
5. The private key self-sustaining based cloud signing client of claim 3, wherein writing the signature value to the location of the signature value results in the signed document.
6. A private key self-sustaining based cloud signing server, the server comprising:
the receiving module is used for receiving the digital certificate and the signature picture sent by the client;
the document processing module is used for processing the pdf document to be signed by using the digital certificate and the signature picture to obtain a pre-signature original text and sending the pre-signature original text to the client;
and the document signing module is used for receiving the pre-signed original text and a signature value obtained after the client signs the pre-signed original text according to a private key, and combining the pre-signed original text and the signature value to obtain a signed document.
7. The private key self-sustaining based cloud signing server of claim 6, wherein the client obtains the digital certificate, the signature picture and the private key from Ukey.
8. The private key self-sustaining based cloud signing server of claim 6, wherein a location for writing the signature value is reserved in the pre-signed text.
9. The private key self-sustaining-based cloud signing server according to claim 6, wherein the client obtains a signature value after signing the pre-signed text according to a private key, and specifically comprises:
acquiring the range of the digital abstract required to be calculated in the pre-signed original text;
carrying out Hash processing on the range of the digital abstract to obtain the digital abstract;
and signing the digital digest to form the signature value.
10. A private key self-sustaining based signed document server according to claim 8, wherein writing the signature value to the location of the signature value results in the signed document.
CN201910986633.7A 2019-10-17 2019-10-17 Signed document client and server based on private key self-support Pending CN110730080A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910986633.7A CN110730080A (en) 2019-10-17 2019-10-17 Signed document client and server based on private key self-support

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910986633.7A CN110730080A (en) 2019-10-17 2019-10-17 Signed document client and server based on private key self-support

Publications (1)

Publication Number Publication Date
CN110730080A true CN110730080A (en) 2020-01-24

Family

ID=69221455

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910986633.7A Pending CN110730080A (en) 2019-10-17 2019-10-17 Signed document client and server based on private key self-support

Country Status (1)

Country Link
CN (1) CN110730080A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917881A (en) * 2020-08-05 2020-11-10 广东巴金斯科技有限公司 Cross-border e-commerce local signing method, device, equipment and system
CN112131610A (en) * 2020-09-07 2020-12-25 百望股份有限公司 Format file digital signature method and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7024558B1 (en) * 1999-11-24 2006-04-04 Fujitsu Limited Apparatus and method for authenticating digital signatures and computer-readable recording medium thereof
CN106355104A (en) * 2016-08-25 2017-01-25 杭州天谷信息科技有限公司 Electronic signature method for realizing original privacy protection based on sandbox technology
CN106888089A (en) * 2015-12-16 2017-06-23 卓望数码技术(深圳)有限公司 The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature
CN109445665A (en) * 2018-09-17 2019-03-08 江苏敏行信息技术有限公司 A kind of set Zhang Fangfa in the close Electronic Signature of state
CN110266469A (en) * 2019-06-18 2019-09-20 江苏慧世联网络科技有限公司 A kind of remote online electronic signature method based on WEB script data stream operation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7024558B1 (en) * 1999-11-24 2006-04-04 Fujitsu Limited Apparatus and method for authenticating digital signatures and computer-readable recording medium thereof
CN106888089A (en) * 2015-12-16 2017-06-23 卓望数码技术(深圳)有限公司 The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature
CN106355104A (en) * 2016-08-25 2017-01-25 杭州天谷信息科技有限公司 Electronic signature method for realizing original privacy protection based on sandbox technology
CN109445665A (en) * 2018-09-17 2019-03-08 江苏敏行信息技术有限公司 A kind of set Zhang Fangfa in the close Electronic Signature of state
CN110266469A (en) * 2019-06-18 2019-09-20 江苏慧世联网络科技有限公司 A kind of remote online electronic signature method based on WEB script data stream operation

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917881A (en) * 2020-08-05 2020-11-10 广东巴金斯科技有限公司 Cross-border e-commerce local signing method, device, equipment and system
CN111917881B (en) * 2020-08-05 2022-11-15 广东巴金斯科技有限公司 Cross-border e-commerce local signing method, device, equipment and system
CN112131610A (en) * 2020-09-07 2020-12-25 百望股份有限公司 Format file digital signature method and electronic equipment

Similar Documents

Publication Publication Date Title
CN104618107B (en) digital signature method and system
WO2018224724A1 (en) Electronic documents certification
US9246888B2 (en) Systems and methods for secure communication over an unsecured communication channel
CN104462522A (en) File online preview method, mobile terminal and server
CN106921496A (en) A kind of digital signature method and system
CN112073307B (en) Mail processing method, mail processing device, electronic equipment and computer readable medium
CN104158668A (en) Method and system for realizing electronic signature
CN110730080A (en) Signed document client and server based on private key self-support
US20200169411A1 (en) Cryptograpic font script with integrated signature for verification
CN106851635A (en) A kind of distributed signature method and system of identity-based
CN111651130A (en) File printing method, device, system, electronic equipment and storage medium
CN104135544A (en) Business card information acquiring method and system based on two-dimensional codes
CN117561508A (en) Cross-session issuance of verifiable credentials
CN110619232A (en) Electronic signature method and device, electronic equipment and computer readable storage medium
CN109934588A (en) A kind of business handling method and device
CN104992087B (en) Mobile terminal innovation creative data information processing method and mobile terminal
CN112561475A (en) Electronic signing system and method
CN112598810A (en) Exhibition entrance processing method and device
JP6972729B2 (en) Image display system, material provision support device, material acquisition device, material provision support method, and computer program
CN109992984A (en) A kind of file identification method and equipment based on two dimensional code
US11902451B2 (en) Cross-blockchain identity and key management
CN115618307A (en) Anti-counterfeiting verification method and device for printout file, electronic equipment and medium
CN115329396A (en) Transaction contract online signing method and system, electronic device and readable storage medium
KR101837831B1 (en) Electronic signature display and verification methods with enhanced security
WO2020192398A1 (en) Qr code-based information propagation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200124

RJ01 Rejection of invention patent application after publication