CN113254210A - OFD file signature verification method, system and equipment based on cloud service - Google Patents

OFD file signature verification method, system and equipment based on cloud service Download PDF

Info

Publication number
CN113254210A
CN113254210A CN202110597589.8A CN202110597589A CN113254210A CN 113254210 A CN113254210 A CN 113254210A CN 202110597589 A CN202110597589 A CN 202110597589A CN 113254210 A CN113254210 A CN 113254210A
Authority
CN
China
Prior art keywords
signature
server
file
verification
ofd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110597589.8A
Other languages
Chinese (zh)
Inventor
张民遐
林汕
曾德长
刘武阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Gaodeng Computer Technology Co Ltd
Original Assignee
Shenzhen Gaodeng Computer Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Gaodeng Computer Technology Co Ltd filed Critical Shenzhen Gaodeng Computer Technology Co Ltd
Priority to CN202110597589.8A priority Critical patent/CN113254210A/en
Publication of CN113254210A publication Critical patent/CN113254210A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5083Techniques for rebalancing the load in a distributed system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/5011Pool

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cloud service-based OFD file rapid signature verification method, system and equipment. The OFD file rapid signature verification method based on the cloud service comprises the following steps: determining a server in a server cluster as a target server, so that when the target server receives at least one OFD file, the target server performs signature verification processing on the at least one OFD file at the same time, and performing signature verification processing on one OFD file by the target server includes: and decompressing the OFD file to obtain an XML file, analyzing the XML file to obtain signature data, performing signature verification according to the signature data, and outputting a signature verification result. The invention has the beneficial effects that: the cloud server is used for rapidly checking the large-batch OFD files, the checking efficiency is higher, HASH value verification is added in the checking process, whether the files are tampered or not is checked, the accuracy and reliability of checking the labels are improved, and meanwhile, relevant information such as certificates and signatures can be output.

Description

OFD file signature verification method, system and equipment based on cloud service
Technical Field
The invention relates to the technical field of OFD format files, in particular to a cloud service-based OFD file rapid signature verification method, system and equipment.
Background
The electronic file storage and exchange format edition document (GB/T33190-2016), which is proposed by the national electronic file administration department, the intersite conference office and the department of industry and informatization, specifies the storage and exchange format of the electronic file in the edition. The OFD file is a plate-type document based on the above standard, and adopts the architectural format of a packed XML file.
The conventional OFD signature verification method needs local deployment and consumption of resources such as a local machine CPU (central processing unit), a memory and the like, cannot quickly verify signatures of large-batch OFD files, and cannot output related information such as certificates and signatures.
Disclosure of Invention
In order to solve the above problems, an object of the present invention is to provide a method, a system, and an apparatus for fast signature verification of an OFD file, which are based on a cloud service, can perform fast signature verification on the OFD file in a large batch without locally deploying and consuming local resources, and provide signature verification results, certificates, and signature related information in an interface form.
In order to achieve the above object, the present invention provides a cloud service-based OFD file fast signature verification method, which includes:
determining one server in the server cluster as a target server, so that the target server performs signature verification processing on at least one OFD file simultaneously when receiving the at least one OFD file,
wherein, the target server performs signature verification processing on one OFD file, including:
decompressing the OFD file to obtain an XML file;
analyzing the XML file to obtain signature data, wherein the signature data comprises the following steps: analyzing a signature list file Singaturesxml, analyzing a signature description file Signature xml, and analyzing a signature data file SignedValue.
And performing signature verification according to the signature data and outputting a signature verification result.
As a further improvement of the present invention, the determining one server in the server cluster as a target server includes:
and detecting the idle rate of a CPU and a memory of each server in the server cluster at regular time, calculating the average idle rate of each server, and selecting a server with the highest average idle rate as the target server.
As a further improvement of the present invention, said selecting a server with the highest average idle rate as the target server includes:
a pre-selection server: traversing all servers of the server cluster, and screening out the servers meeting preset conditions as reference servers;
the preferred server: sorting the average idle rate of each reference server;
selecting a server: and selecting one reference server with the highest average idle rate value from all the reference servers as the target server, and if a plurality of reference servers with the highest average idle rate value exist, randomly selecting one reference server as the target server.
As a further improvement of the present invention, the method further comprises:
and after the target server is determined, starting at least one server container on the target server to simultaneously analyze at least one OFD file, wherein each server container receives, stores, decompresses, analyzes and verifies the signature of at least one OFD file, and outputs a signature verification result.
As a further improvement of the present invention, the parsing the XML file to obtain signature data further includes:
and after the target server analyzes and obtains the signature list file Singaturs.
As a further improvement of the present invention, the signature verification according to the signature data includes:
checking whether the signer certificate is valid;
checking whether the signer certificate is valid;
verifying whether the electronic seal is valid;
calculating the HASH value of the XML file, and checking whether the XML file is tampered;
verifying whether the signature value of the electronic seal is correct or not;
verifying whether the signature value of the electronic signature is correct;
verifying whether the electronic seal is matched with the signer;
checking whether the signer certificate is revoked;
verifying whether the hash value of the original text of the signature information of the electronic signature is correct or not;
and verifying whether the time stamp of the electronic signature is valid.
As a further improvement of the present invention, the method further comprises:
when the signature information of the signature list file Singaturs. xml is signed and verified, finishing the verification, and outputting a verification result, verification information, a signer certificate and a signer certificate, wherein the verification result, the verification information, the signer certificate and the signer certificate are assembled and output in a JSON form.
The invention also provides a cloud service-based OFD file rapid signature verification system, which comprises:
the target server selection module is used for determining one server in the server cluster as a target server;
an OFD file sending module, configured to send an OFD file signature verification request to the target server;
wherein the target server comprises:
a receiving module, configured to receive the OFD file;
a decompression module: the OFD file receiving module is used for receiving the OFD file from the OFD server;
an analysis module: the method is used for analyzing the XML file obtained by decompression of the decompression module to obtain signature data, and comprises the following steps: analyzing a signature list file Singaturesxml, analyzing a signature description file Signature xml, and analyzing a signature data file SignedValue.
Signature verification module: the signature verification module is used for verifying the signature according to the signature data obtained by the analysis of the analysis module;
an output module: which is used for outputting the signature verification result.
As a further improvement of the present invention, the determining, by the target server selection module, that one server in the server cluster is used as the target server includes:
and detecting the idle rate of a CPU and a memory of each server in the server cluster at regular time, calculating the average idle rate of each server, and selecting a server with the highest average idle rate as the target server.
As a further improvement of the present invention, the selecting module of the target server selects a server with the highest average idle rate as the target service, and includes:
a pre-selection server: traversing all servers of the server cluster, and screening out the servers meeting preset conditions as reference servers;
the preferred server: sorting the average idle rate of each reference server;
selecting a server: and selecting one reference server with the highest average idle rate value from all the reference servers as the target server, and if a plurality of reference servers with the highest average idle rate value exist, randomly selecting one reference server as the target server.
As a further improvement of the present invention, the system further comprises:
and after the target server is determined, starting at least one server container on the target server to simultaneously perform signature verification on at least one OFD file, wherein each server container performs receiving, storing, decompressing, analyzing and signature verification on at least one OFD file and outputs a signature verification result.
As a further improvement of the present invention, the parsing module parses the XML file to obtain the signature data, further comprising:
and after the target server analyzes and obtains the signature list file Singaturs.
As a further improvement of the present invention, the signature verification module performs signature verification according to the signature data, and includes:
checking whether the signer certificate is valid;
checking whether the signer certificate is valid;
verifying whether the electronic seal is valid;
calculating the HASH value of the XML file, and checking whether the XML file is tampered;
verifying whether the signature value of the electronic seal is correct or not;
verifying whether the signature value of the electronic signature is correct;
verifying whether the electronic seal is matched with the signer;
checking whether the signer certificate is revoked;
verifying whether the hash value of the original text of the signature information of the electronic signature is correct or not;
and verifying whether the time stamp of the electronic signature is valid.
As a further improvement of the present invention, after the signature information of the signature list file singatures. xml is signed and verified, the signature verification module finishes the verification;
and after the seal verification is finished, the output module outputs a verification result, verification information, a signer certificate and a signer certificate, and the output module is assembled in a JSON form and outputs the verification result, the verification information, the signer certificate and the signer certificate.
The invention also provides electronic equipment which comprises a memory and a processor, wherein the memory is used for storing one or more computer instructions, and the one or more computer instructions are executed by the processor to realize the OFD file quick signature verification method based on the cloud service.
The invention provides a computer readable storage medium, on which a computer program is stored, wherein the computer program is executed by a processor to realize the method for fast signature verification of the OFD file based on the cloud service.
The invention has the beneficial effects that: the cloud server is used for rapidly checking the large-batch OFD files, the checking efficiency is higher, HASH value verification is added in the checking process, whether the files are tampered or not is checked, the accuracy and reliability of checking the labels are improved, and meanwhile, relevant information such as certificates and signatures can be output.
Drawings
Fig. 1 is a schematic flow chart of an OFD file fast signature verification method based on cloud services according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a target server selection process of an OFD file fast signature verification method based on cloud services according to an embodiment of the present invention;
fig. 3 is a signature verification flowchart of a cloud service-based OFD file fast signature verification method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a hierarchical structure of an OFD file of the cloud service-based OFD file fast signature verification method according to the embodiment of the present invention;
fig. 5 is a schematic data structure diagram of an electronic seal of an OFD file fast signature verification method based on cloud services according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an electronic signature data structure of an OFD file fast signature verification method based on cloud services according to an embodiment of the present invention;
fig. 7 is a schematic data structure diagram of signature information of an OFD file fast signature verification method based on cloud services according to an embodiment of the present invention;
fig. 8 is a system diagram of an OFD file fast signature verification method based on cloud services according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an OFD file fast signature verification system based on cloud services according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An OFD file fast signature verification method based on cloud services in an embodiment of the present invention is, as shown in fig. 1, the method including: determining one server in the server cluster as a target server, wherein the target server executes: receiving the OFD file, decompressing the OFD file to obtain an XML file, analyzing the XML file to obtain signature data, performing signature verification according to the signature data, and outputting a signature verification result.
Wherein determining a server in the server cluster as a target server comprises: the server cluster resource scheduling system detects the idle rate of a CPU and a memory of each server node in the server cluster at regular time, calculates the average value of the idle rates, and selects a server with the highest average idle rate as a target server. Receiving, decompressing and analyzing the OFD file, performing signature verification on the OFD file and outputting a signature verification result are all executed on the target server.
In an alternative embodiment, as shown in fig. 2, the step of selecting a target server includes:
pre-selecting a server node: traversing all server nodes of the server cluster, and screening out server nodes meeting preset conditions;
the preferred server node: sorting the screened server nodes meeting the preset conditions according to the average idle rate;
selecting a server node: and selecting a server with the highest average idle rate as a target server.
The server nodes meeting the preset conditions are servers of which the CPU and the memory meet the analysis requirements of the OFD file. For example, if 1-core CPU or 2G memory is needed, a server with 1-core CPU or 2G memory is screened out.
The method for calculating the average idle rate of the server comprises the following steps: average idle rate = ((total core number-used core number)/total core number + (total memory-used memory)/total memory)/2. For example, an 8-core 16G server, has been used with 2 cores 8G, the average of the idleness of the server = ((8-2)/8+ (16-8)/16)/2= 0.625.
And sorting according to the average idle rate of the servers, and selecting one server with the highest average idle rate as a target server. And when the server node is selected, if a plurality of servers with the highest average idle rate value exist, one server is randomly selected as a target server.
A target server can simultaneously correspond to a plurality of OFD file signature verification requests to perform signature verification on a plurality of OFD files. And after the resources of one target server are completely occupied, selecting another server with the highest average value of the idle rate at the current moment as the target server to continuously respond to the OFD file signature verification request, and simultaneously processing a plurality of target servers to realize the quick signature verification of a large batch of OFD files.
In an optional implementation manner, after the target server is determined, a server container is started on the target server, the server container receives, stores, decompresses and parses the OFD file, parses the XML file to obtain signature data, performs signature verification according to the signature data, and outputs a signature verification result. A plurality of server containers can be started on one target server, and one server container can process a plurality of OFD file signature verification requests. When one server container resource is completely occupied, the target server can be selected again and the server container can be started, so that the rapid signature verification of a large batch of OFD files is realized.
In an alternative embodiment, the OFD file hierarchy is shown in fig. 4, wherein parsing the XML file comprises: xml, signature description file signature xml, signature data file signature value. Xml contains a signature list file, xml contains a file path of signedvalue.dat, signedvalue.dat is a file in der code ASN1 format, and signature data can be obtained after decoding the signedvalue.dat file. The data structure of the signature data is shown in fig. 6.
According to an optional implementation mode, after the target server analyzes and obtains the signature list file, a thread pool is created, the signature list file is concurrently traversed through the thread pool, signature data is obtained through analysis, and signature verification is carried out according to the signature data. The thread pool is created, the thread creating and destroying expenses can be reduced, the threads of the thread pool can be repeatedly used, and the efficiency is improved.
In an alternative embodiment, as shown in fig. 3, the signature verification step according to the signature data includes:
analyzing the certificate information of the signer to obtain the certificate information of the signer, and checking whether the signer certificate is valid;
analyzing the certificate information of the signer to obtain the certificate information of the signer, and checking whether the signer certificate is valid;
verifying whether the electronic seal is valid; (checking whether the electronic seal is in the expiration date)
Calculating the HASH value of the XML file, and checking whether the XML file is tampered;
verifying whether the signature value of the electronic seal is correct or not;
verifying whether the signature value of the electronic signature is correct;
verifying whether the electronic seal is matched with the signer;
checking whether the signer certificate is revoked;
verifying whether the hash value of the original text of the signature information of the electronic signature is correct or not;
verifying whether the timestamp of the electronic signature is valid.
Wherein the content of the first and second substances,
verifying that the signer certificate and the signer certificate are valid includes, for example: the signer certificate and the signer certificate obtained through analysis comprise digital certificate information, a version, a serial number, a signature algorithm identifier, a hash algorithm identifier, an issuer, a user, a validity period, a public key, a basic constraint, a private key identifier, a user private key identifier, a secret key use and the like. And checking whether the signer certificate and the signer certificate are valid or not by checking whether the certificate is in the valid period, whether the certificate is revoked or not and verifying the trust chain, wherein if the certificate is not revoked or conforms to the trust chain verification in the valid period, the specification certificate is valid and the verification is successful.
Verifying that the electronic seal is valid includes, for example: the data structure of the electronic seal obtained by analysis comprises seal information, a seal maker certificate, a signature algorithm identifier, a signature value, a validity period and the like; the data structure of the electronic seal is shown in fig. 5. And verifying whether the electronic seal is valid or not, wherein the verification is successful by checking whether the electronic seal is in the valid period or not and indicating that the electronic seal is valid in the valid period.
For example, the checking whether the XML file is tampered includes that the XML file includes all the parsed XML files, HASH values of the XML files are respectively calculated, and whether the XML file is tampered is checked. XML files contain HASH algorithm and record each XML file path and corresponding HASH value, the HASH value of each XML file is calculated through calculating the HASH algorithm, and if the calculated HASH value is equal to the corresponding HASH value, the XML files are not tampered. If the data is not tampered, the verification is successful. Through HASH value verification, the accuracy and the reliability of the verification are improved.
Verifying that the signature value of the electronic seal is correct includes, for example: as shown in the data structure of the electronic seal shown in FIG. 5, the verification is carried out according to the verification algorithm flow of GB/T32918.2-2016 through the public key of the signer certificate and the signature information of the electronic seal.
Verifying that the signature value of the electronic signature is correct includes, for example: the data structure of the electronic signature obtained by analysis is verified according to the verification algorithm flow of GB/T32918.2-2016 through the public key of the signer certificate and the signature information of the electronic signature as shown in FIG. 6.
Verifying that the electronic seal and signer match includes, for example: if the information type of the signer certificate is 1 (digital certificate), verifying whether the signer certificate is in a signer certificate list of the seal attribute; if not, the verification fails, and the electronic seal and the signer are verified to be not matched. If the information type of the signer certificate is 2 (the hash value of the digital certificate), calculating the hash value of each certificate in the signer certificate list of the signer attribute to obtain a hash value list, then verifying whether the hash value of the signer certificate is in the hash value list obtained by calculation, and if not, failing to verify that the electronic signer is not matched with the signer.
Verifying whether the hash value of the original text of the signature information of the electronic signature is correct includes, for example: the data structure of the signature information is shown in fig. 7, and includes a version number, an electronic seal, signature time, a hash value of an original text, an attribute of the original text, custom data, and the like; and verifying whether the original text hash value of the signature is the same as the original text hash value after the signature, if not, the verification fails, and the original text hash value part of the signature information of the electronic signature is correct.
Verifying that the timestamp of the electronic signature is valid includes, for example: the data structure of the electronic signature is shown in fig. 6, the electronic signature data includes a timestamp, and if the signature time is later than the timestamp of the electronic signature data, the verification fails, and the timestamp of the verified electronic signature is invalid.
In an optional implementation manner, the electronic seal verification process includes:
verifying the correctness of the data format of the electronic seal: analyzing the electronic seal according to the electronic seal format, and verifying whether the electronic seal conforms to the electronic seal data format; if the data format of the electronic seal is incorrect, the verification fails, an error code is returned, and the verification process is exited.
Verifying whether the signature value of the electronic seal is correct: verifying whether the signature value in the electronic seal is correct or not according to the seal information, the seal maker certificate and the signature algorithm identification; and if the electronic seal signature verification fails, returning an error code and exiting the verification process.
Verifying the validity of the electronic seal signer certificate: verifying the validity of the signer certificate, wherein the verification item at least comprises: verifying a certificate trust chain of a signer, verifying the validity period of a certificate of the signer, whether the certificate of the signer is revoked or not and whether the key usage is correct or not; and if the signer certificate fails to be verified, returning an error code and exiting the verification process.
Verifying the validity period of the electronic seal: verifying whether the electronic seal is overdue or not according to the seal validity period starting time and the seal validity period ending time in the seal attributes; if the electronic seal is expired, the verification fails and an error code is returned and the verification process is exited.
If the verification of the steps is successful, the electronic seal is verified to be correct and effective, and the verification process can be normally quitted.
In an alternative embodiment, the electronic signature verification process includes:
verifying the correctness of the electronic signature data format: and analyzing the electronic signature data according to the electronic signature data format, and if the analysis fails, returning an error code and exiting the verification process. And verifying the correctness of the electronic seal in the electronic signature according to the electronic seal verification process. If the electronic signature or the electronic seal data format is incorrect, an error code is returned and the verification process is exited.
Verifying whether the signature value of the electronic signature is correct: and analyzing the obtained signature information, signer certificate and signature algorithm identification according to the electronic signature data format, and verifying the electronic signature value. If the signature value verifies a vendor, an error code is returned and the verification process exits.
Verifying the matching of the signer certificate and the electronic seal: and extracting the signer certificate information type and the signer certificate information list in the electronic seal. If the signer certificate information type value is 1 (digital certificate), the digital certificate needs to be compared; and comparing the signer certificate obtained by analysis with the certificates in the signer certificate information list in the electronic seal one by one in a binary way, and if the comparison fails, returning an error code and exiting the verification process. If the signer certificate information type value is 2 (the hash value of the digital certificate), the hash value of the certificate needs to be compared; calculating and analyzing the hash value of the signer certificate, comparing the hash value with the hash values in the signer certificate information list in the electronic seal one by one, and if the comparison fails, returning an error code and exiting the verification process.
Verifying the validity of the electronic seal: and extracting the electronic seal from the signature information, verifying the validity of the seal according to the electronic seal verification process, and if the verification fails, comprehensively judging by combining the signature time in the signature information. If the electronic seal is invalid due to the fact that the signer certificate is invalid and the signer certificate is also invalid at the signature time point, recording the electronic seal as prompt information; if the electronic seal is invalid due to expiration or being scattered, and the signature time is not within the validity period of the electronic seal, or the electronic seal is not in a normal state at that time, returning an error code and exiting the verification process. And (4) verifying whether the electronic seal is in a normal state at the time of signature, and if not, returning an error code and exiting the verification process.
Verifying signer certificate validity: obtaining signer certificate from the electronic signature data, verifying the validity of the signer certificate, wherein the verification item at least comprises: certificate trust chain verification, certificate validity period verification, whether the certificate is distributed and distributed, and whether the key usage is correct. If the signer certificate validity verification fails and is caused by certificate trust chain verification or incorrect key usage, an error code is returned and the verification process is exited. If the signer fails to verify the validity of the certificate and is caused by the certificate expiring or the certificate state being revoked, the validity of the signing time is further verified.
Verifying the validity of the signature time: and comparing the validity period of the signer certificate with the signature time, if the signature time is not within the validity period of the signer certificate, the signature is invalid, the verification fails, an error code is returned, and the verification process exits. If the signature time is within the validity period of the signer certificate, checking the corresponding revocation list, if the certificate is in the invalid state at the signature time, the signature fails, the verification fails, returning an error code and exiting the verification process.
Verifying the hash of the original text: and extracting original text attribute data from the electronic signature data, and extracting the original text to be verified from the original text attribute data and the signature protection range. And carrying out hash operation on the original text data to be verified to form an original text miscellaneous value to be verified. And extracting the hash value of the original text from the electronic signature data, performing binary comparison with the hash value of the original text to be verified, if the comparison fails, failing to verify the electronic signature, returning an error code and exiting the verification process.
Verifying the validity of the timestamp: if the electronic signature data contains the time stamp, the validity verification of the time stamp should be performed. If the time stamp verification is not passed, the signature is invalid, an error code is returned, and the verification process is exited. And comparing the time in the timestamp with the signature time, if the signature time is later than the time in the timestamp, the signature is invalid, returning an error code and exiting the verification process. And verifying the validity of the time in the timestamp according to the validity of the verification signature time, and if the time does not pass the validity, returning an error code and exiting the verification process.
If the verification in the steps is effective, the verification result of the electronic signature is effective, and the verification process can be normally quitted.
In an optional implementation mode, after the signature information of the signature list file is subjected to signature verification, the verification is finished, and a verification result, verification information, a signer certificate and a signer certificate are output. And the verification result, the verification information, the signer certificate and the signer certificate are assembled and output in a JSON form.
As shown in fig. 9, the system for fast signature verification of an OFD file based on cloud services according to the embodiment of the present invention includes: the system comprises a target server selection module and an OFD file sending module, wherein the target server comprises a receiving module, a decompression module, an analysis module, a signature verification module and an output module. Wherein
The target server selection module is used for determining one server in the server cluster as a target server; the OFD file sending module is used for sending an OFD file signature verification request to the target server; the receiving module is used for receiving the OFD file; the decompression module is used for decompressing the OFD file received by the receiving module to obtain an XML file; the analysis module is used for analyzing the XML file obtained by decompression module decompression to obtain signature data; the signature verification module is used for performing signature verification according to the signature data obtained by analysis of the analysis module; the output module is used for outputting the signature verification result.
In an optional implementation manner, the target server selection module determines one server in the server cluster as the target server, including detecting idle rates of a CPU and a memory of each server in the server cluster at regular time, calculating an average idle rate value of each server, and selecting the server with the highest average idle rate value as the target server. The target server selecting module selects a server with the highest average idle rate as a target server, and comprises the following steps:
a pre-selection server: traversing all servers of the server cluster, and screening out the servers meeting preset conditions as reference servers;
the preferred server: sorting the average idle rate values of the reference servers;
selecting a server: and selecting one reference server with the highest average idle rate among all the reference servers as a target server.
In an optional implementation manner, the target server selection module selects a server, and if there are multiple reference servers with the highest average idle rate, one of the reference servers is randomly selected as the target server.
In an optional embodiment, after the target server is determined, at least one server container is started on the target server to perform signature verification on at least one OFD file at the same time, and each server container performs receiving, storing, decompressing, parsing and signature verification on at least one OFD file and outputs a signature verification result.
In an alternative embodiment, the parsing module parsing the XML file includes: xml, signature description file signature xml, signature data file signature value.
In an optional implementation manner, the parsing module parses the XML file to obtain signature data, after the target server parses the signature list file singatus.
In an alternative embodiment, the signature verification module performing signature verification according to the signature data includes: checking whether the signer certificate is valid; checking whether the signer certificate is valid; verifying whether the electronic seal is valid; calculating the HASH value of the XML file, and checking whether the XML file is tampered; verifying whether the signature value of the electronic seal is correct or not; verifying whether the signature value of the electronic signature is correct; verifying whether the electronic seal is matched with the signer; checking whether the signer certificate is revoked; verifying whether the hash value of the original text of the signature information of the electronic signature is correct or not; and verifying whether the time stamp of the electronic signature is valid. And if the verification in the steps is valid, the electronic signature verification result is valid.
In an alternative embodiment, the signature verification module finishes the verification after the signature information of the single documents of the signature list is verified. And after the seal verification is finished, the output module outputs a verification result, verification information, a signer certificate and a signer certificate, wherein the verification result, the verification information, the signer certificate and the signer certificate can be assembled and output in a JSON form.
The invention also relates to an electronic device comprising the server, the terminal and the like. The electronic device includes: at least one processor; a memory communicatively coupled to the at least one processor; and a communication component communicatively coupled to the storage medium, the communication component receiving and transmitting data under control of the processor; wherein the memory stores instructions executable by the at least one processor to implement the method of the above embodiments.
In an alternative embodiment, the memory is used as a non-volatile computer-readable storage medium for storing non-volatile software programs, non-volatile computer-executable programs, and modules. The processor executes various functional applications of the device and data processing, i.e., implements the method, by executing nonvolatile software programs, instructions, and modules stored in the memory.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store a list of options, etc. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be connected to the external device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more modules are stored in the memory and, when executed by the one or more processors, perform the methods of any of the method embodiments described above.
The product can execute the method provided by the embodiment of the application, has corresponding functional modules and beneficial effects of the execution method, and can refer to the method provided by the embodiment of the application without detailed technical details in the embodiment.
The present invention also relates to a computer-readable storage medium for storing a computer-readable program for causing a computer to perform some or all of the above-described method embodiments.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Furthermore, those of ordinary skill in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
It will be understood by those skilled in the art that while the present invention has been described with reference to exemplary embodiments, various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (10)

1. A cloud service-based OFD file rapid signature verification method is characterized by comprising the following steps:
determining one server in the server cluster as a target server, so that the target server performs signature verification processing on at least one OFD file simultaneously when receiving the at least one OFD file,
wherein, the target server performs signature verification processing on one OFD file, including:
decompressing the OFD file to obtain an XML file;
analyzing the XML file to obtain signature data, wherein the signature data comprises the following steps: analyzing the signature list file, analyzing the signature description file and analyzing the signature data file;
and performing signature verification according to the signature data, and outputting a signature verification result.
2. The method of claim 1,
the determining that one server in the server cluster is a target server includes:
and detecting the idle rate of a CPU and a memory of each server in the server cluster at regular time, calculating the average idle rate of each server, and selecting a server with the highest average idle rate as the target server.
3. The method according to claim 2, wherein the selecting a server with the highest average idle rate as the target server comprises:
a pre-selection server: traversing all servers of the server cluster, and screening out the servers meeting preset conditions as reference servers;
the preferred server: sorting the average idle rate of each reference server;
selecting a server: selecting one reference server with the highest average idle rate value in all the reference servers as the target server; and if a plurality of reference servers with the highest average idle rate exist, one reference server is randomly selected as the target server.
4. The method of claim 1, further comprising:
and after the target server is determined, starting at least one server container on the target server to simultaneously analyze at least one OFD file, wherein each server container receives, stores, decompresses, analyzes and verifies the signature of at least one OFD file, and outputs a signature verification result.
5. The method of claim 1, wherein parsing the XML file to obtain signature data further comprises:
and after the target server analyzes to obtain the signature list file, creating a thread pool, traversing the signature list file through the thread pool, analyzing to obtain signature data, and performing signature verification according to the signature data.
6. The method of claim 1, wherein the signature verification according to the signature data comprises:
checking whether the signer certificate is valid;
checking whether the signer certificate is valid;
verifying whether the electronic seal is valid;
calculating the HASH value of the XML file, and checking whether the XML file is tampered;
verifying whether the signature value of the electronic seal is correct or not;
verifying whether the signature value of the electronic signature is correct;
verifying whether the electronic seal is matched with the signer;
checking whether the signer certificate is revoked;
verifying whether the hash value of the original text of the signature information of the electronic signature is correct or not;
and verifying whether the time stamp of the electronic signature is valid.
7. The method of claim 5, further comprising:
when the signature information of the signature list file is signed and verified, finishing the verification, and outputting a verification result, verification information, a signer certificate and a signer certificate; and the verification result, the verification information, the signer certificate and the signer certificate are assembled and output in a JSON form.
8. An OFD file rapid signature verification system based on cloud service is characterized by comprising:
the target server selection module is used for determining one server in the server cluster as a target server;
an OFD file sending module, configured to send an OFD file signature verification request to the target server;
wherein the target server comprises:
a receiving module, configured to receive the OFD file;
a decompression module: the OFD file receiving module is used for receiving the OFD file from the OFD server;
an analysis module: the method is used for analyzing the XML file obtained by decompression of the decompression module and analyzing the XML file to obtain signature data, and comprises the following steps: analyzing the signature list file, analyzing the signature description file and analyzing the signature data file;
signature verification module: the signature verification module is used for verifying the signature according to the signature data obtained by the analysis of the analysis module;
an output module: which is used for outputting the signature verification result.
9. An electronic device comprising a memory and a processor, wherein the memory is configured to store one or more computer instructions, wherein the one or more computer instructions are executed by the processor to implement the method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, the computer program being executable by a processor for implementing the method according to any one of claims 1-7.
CN202110597589.8A 2021-05-31 2021-05-31 OFD file signature verification method, system and equipment based on cloud service Pending CN113254210A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110597589.8A CN113254210A (en) 2021-05-31 2021-05-31 OFD file signature verification method, system and equipment based on cloud service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110597589.8A CN113254210A (en) 2021-05-31 2021-05-31 OFD file signature verification method, system and equipment based on cloud service

Publications (1)

Publication Number Publication Date
CN113254210A true CN113254210A (en) 2021-08-13

Family

ID=77185343

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110597589.8A Pending CN113254210A (en) 2021-05-31 2021-05-31 OFD file signature verification method, system and equipment based on cloud service

Country Status (1)

Country Link
CN (1) CN113254210A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113743959A (en) * 2021-08-30 2021-12-03 远光软件股份有限公司 Method for verifying OFD electronic invoice signature, computer device and computer readable storage medium
CN115422559A (en) * 2022-08-05 2022-12-02 中金金融认证中心有限公司 Signature method, electronic equipment and readable storage medium for circulation type service
CN115454939A (en) * 2022-09-16 2022-12-09 重庆易保全网络科技有限公司 Method for stamping additional page of OFD format file after stamping
CN115834071A (en) * 2022-09-29 2023-03-21 福昕鲲鹏(北京)信息科技有限公司 Automatic electronic seal updating method and system
CN117134918A (en) * 2023-07-20 2023-11-28 威艾特科技(深圳)有限公司 Distributed data signature verification method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494775A (en) * 2018-03-26 2018-09-04 四川长虹电器股份有限公司 It prevents from utilizing valid data or the method for distorting valid data progress network attack
US20180316506A1 (en) * 2009-06-05 2018-11-01 Signix, Inc. Method And System For Signing And Authenticating Electronic Documents Via A Signature Authority Which May Act In Concert With Software Controlled By The Signer
CN110162388A (en) * 2019-04-26 2019-08-23 深圳智链物联科技有限公司 A kind of method for scheduling task, system and terminal device
CN110417558A (en) * 2018-06-28 2019-11-05 腾讯科技(深圳)有限公司 Verification method and device, the storage medium and electronic device of signature
CN111625787A (en) * 2020-05-21 2020-09-04 杭州尚尚签网络科技有限公司 OFD-based electronic signature multi-version traceable rapid signature checking method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180316506A1 (en) * 2009-06-05 2018-11-01 Signix, Inc. Method And System For Signing And Authenticating Electronic Documents Via A Signature Authority Which May Act In Concert With Software Controlled By The Signer
CN108494775A (en) * 2018-03-26 2018-09-04 四川长虹电器股份有限公司 It prevents from utilizing valid data or the method for distorting valid data progress network attack
CN110417558A (en) * 2018-06-28 2019-11-05 腾讯科技(深圳)有限公司 Verification method and device, the storage medium and electronic device of signature
CN110162388A (en) * 2019-04-26 2019-08-23 深圳智链物联科技有限公司 A kind of method for scheduling task, system and terminal device
CN111625787A (en) * 2020-05-21 2020-09-04 杭州尚尚签网络科技有限公司 OFD-based electronic signature multi-version traceable rapid signature checking method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113743959A (en) * 2021-08-30 2021-12-03 远光软件股份有限公司 Method for verifying OFD electronic invoice signature, computer device and computer readable storage medium
CN115422559A (en) * 2022-08-05 2022-12-02 中金金融认证中心有限公司 Signature method, electronic equipment and readable storage medium for circulation type service
CN115454939A (en) * 2022-09-16 2022-12-09 重庆易保全网络科技有限公司 Method for stamping additional page of OFD format file after stamping
CN115834071A (en) * 2022-09-29 2023-03-21 福昕鲲鹏(北京)信息科技有限公司 Automatic electronic seal updating method and system
CN117134918A (en) * 2023-07-20 2023-11-28 威艾特科技(深圳)有限公司 Distributed data signature verification method and device

Similar Documents

Publication Publication Date Title
CN113254210A (en) OFD file signature verification method, system and equipment based on cloud service
US20120324229A1 (en) System and method for generating keyless digital multi-signatures
CN107911222B (en) Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program
US20170373939A1 (en) Data uploading method, apparatus, and system
CN108023941B (en) Voice control method and device and electronic equipment
CN111414426A (en) Data processing method and system based on block chain
CN111275438A (en) Consensus method, device, equipment and storage medium for block chain network
CN112995357B (en) Domain name management method, device, medium and electronic equipment based on cloud hosting service
CN109145651B (en) Data processing method and device
CN111679978B (en) Program testing method, program testing device, electronic equipment and storage medium
CN113779642B (en) Data processing method, device and system thereof, and electronic equipment
CN113542405B (en) Block chain-based network communication system, method, equipment and storage medium
CN112132574A (en) Block chain data checking method, data processing method, device and equipment
CN112181599B (en) Model training method, device and storage medium
CN112260934B (en) Resource interaction method and system based on education cloud platform
CN113326503A (en) Certificate management method and computing device
CN110930163B (en) Method, system and storage medium for implementing house source entrusting business
CN110730063B (en) Security verification method and system, internet of things platform, terminal and readable storage medium
US20140236661A1 (en) Supplier analysis and verification system and method
CN112231691A (en) Equipment login method, device and system
CN112597118A (en) Method and device for adding shared file
CN112258184A (en) Method and device for freezing area block chain network, electronic equipment and readable storage medium
CN112434241A (en) Service processing method, computer device and storage medium
CN107105325B (en) Advertisement data stream sending method, related server and system
CN114679466B (en) Consensus processing method, device, computer equipment and medium for block chain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210813

RJ01 Rejection of invention patent application after publication