CN114785518B - Decentralizing electronic notarization signature method, system and node - Google Patents

Abstract

An electronic notarization signature method, system and node for decentralization, the system comprises an initialization configuration unit, a user node task configuration unit, a task initiation and text locking unit and a multiparty node signature operation unit. The invention takes the decentralization as a starting point, and constructs a network with a plurality of nodes, so that each time of effective signature of a user needs the joint participation of a plurality of nodes in the network, thereby overcoming the defects of a centralized platform. In the signature network of the multiparty nodes, any node user joining the network is not only a user of the electronic signature service, but also a provider of the network support service, the user can define which nodes are needed to participate in common by the effective signature, and all the nodes are controlled by all node owners, so that even constructors of the network system do not have the capability of forging the user signature, and the safety and reliability of the user signature are ensured.

Description

Decentralizing electronic notarization signature method, system and node

Technical Field

The invention relates to the field of electronic signatures, in particular to a method and a system for realizing safe and efficient electronic signatures without Ukey.

Background

With the continuous development of digital transformation of society, the demand for electronic signatures is increasing; while the traditional electronic signature based on the Ukey digital certificate is not convenient to use, the electronic signature based on the SaaS platform hosted by the digital certificate is centralized although convenient to use, and the platform is in charge of signature private keys of all users, so that the electronic signature has the capability of forging the user signature theoretically; how to realize effective electronic signature under the conditions of convenient use and safety and reliability is a problem to be researched and solved.

Disclosure of Invention

The invention aims at solving the problem of user signature safety and reliability in the field of electronic signatures, and provides a decentralised electronic notarization signature method, a decentralised electronic notarization signature system and a decentralised electronic notarization signature node. The invention constructs a reliable electronic signature network without centralization, which can prevent the service provider from forging the user signature while ensuring the convenience and the rapidness of the user to use the electronic signature service, and ensure the safety and the reliability of the user signature.

The technical scheme of the invention is as follows:

The invention provides a decentralization electronic notarization signature method, which comprises the steps of user nodes The third type of signature operation node, notarization node _(z), task scheduling center TSC, identity management center IDC, business management system BS, notarization management system NTM and security SDK are communicated, wherein: the notarization node and the notarization management system are configured in a third party notarization organization with the identity of a trusted proving person, and the method comprises the following steps:

S1, initializing configuration steps:

1.1 user node Configuring a key derivation algorithm kdf, a signature algorithm sign, a signature verification algorithm ver and a decryption algorithm dec, wherein the node comprises a face recognition module and an identity authentication module;

1.2, a third class signature operation node configures a signature algorithm sign and a public-private key pair, wherein the private key is S (node), and the public key is P (node);

1.3 public security node (z) configures signature algorithm sign and public-private key pair, wherein the private key is The public key is

1.4 An IDC configuration database, wherein the database comprises an identity and authorization database and a node list Nl, the node list Nl records a node owner, a node public key and a node access address, and the node owner comprises a user node, a notarization node and a third type signature operation node; the identity and authorization database is used for recording the identity and signing authority of the user;

1.5 a task scheduling center TSC configuration memory synchronously stores a node list Nl of an identity management center IDC;

1.6 notarization management System NTM configures Multi-party signature aggregation Algorithm as, multi-party public Key aggregation Algorithm apk, signature Algorithm sign, signature verification Algorithm ver, CA digital certificate of notarization institution and corresponding certificate private Key

1.7, Configuring a browser script ATV by a service management system BS, wherein a password algorithm is integrated in the browser script ATV, and when a user loads a script through a browser, the browser can perform local hash operation and generate a two-dimensional code;

1.8 secure SDK configuration private Key A hash algorithm hash, a signature algorithm (sign) and an encryption algorithm (enc), wherein the black box receives input of a preset source and format and provides output of a preset rule;

s2, user node task configuration:

2.1 user U runs user node tools through user nodes Sending a request to a task scheduling center TSC, and acquiring a node list Nl;

the user U inputs identity information U _id for identity and face comparison, sets a key known by the user, namely a PIN code, and simultaneously selects a node list Nl _U,Nl_U matched with the user for multiparty calculation from a node list Nl to contain at least one notarized node _(z);

2.2 user node Using PIN code, user identity information and equipment environment parameters as key factors, and adopting a key derivation algorithm kdf to generate a corresponding public-private key pair (UK _p,UK_s) for a user U, wherein UK _p is a public key and UK _s is a private key;

User node Using the private key UK _s to carry out signature operation S _ign(UK_s,U_id,Nl_U)＝S_Uid on the identity information U _id and the node list Nl _U to obtain a corresponding signature value S _Uid;

Operation is completed, user node Submitting the identity information U _id together with the signature value S _Uid, the public key UK _p and the selected node list Nl _U to a task scheduling centre;

2.3, the task scheduling center analyzes the node list Nl _U, acquires a notarization node _(z) selected by a user, and sends U _id、S_Uid、UK_p、Nl_U to a notarization management system of a notarization institution to which the notarization node _(z) belongs;

2.4 the notarization management system compares and checks the identity of the user U, and sends a user node list Nl _U to the identity management center after signature information S _Uid is checked and signed by using a public key UK _p;

2.5 the identity management center reads the node list Nl _U, and queries the database to obtain the public key set P (node ₁,node₂,…node_n) of each corresponding node described in the node list Nl _U, wherein the public key set P contains the public key corresponding to the notarized node _(z) Returning the public key set P (node ₁,node₂,…node_n) to the notarization management system;

2.6 notarization management system calls public key aggregation algorithm apk to operate user public key UK _p and public key set P (node ₁,node₂,…node_n) to generate aggregation public key UP _apk of user U;

the notarization management system calls a signature algorithm sign and uses the private key of the CA digital certificate of the notarization institution Notarized certificate signing is carried out on U _id、UP_apk, and a signature value/>Transmitting U _id、UP_apk、UK_p、S_Uid,/>To an identity management center IDC, and synchronously returning a message to a task scheduling center to inform the user node of the user U that the registration is completed;

2.7 identity management center IDC uses U _id、UP_apk、UK_p、S_Uid, Establishing association and logging in a database;

S3, a task initiating and text locking step:

3.1 the business management system receives the file M to be signed uploaded from the task initiator, determines the user U needing to sign the file, establishes the task number as task _M for the single task, and inputs the file M and the user public key UK _p to the security SDK;

3.2 secure SDK invokes hash algorithm hash to calculate hash value of file M as H (M), invokes signature algorithm hash to private key Calculating a signature value S ^ATS H (M) for H (M), calling an encryption algorithm (enc) to encrypt H (M) and S ^ATS H (M) by using a public key UK _p to obtain ciphertext/>The task is output to a service management system, and the service management system sends a task _M to a user U;

3.3 the user U accesses the service management system through the browser tool and submits the identity information U _id to the service management system to acquire tasks;

3.4 the service management system adds the file M, task number task _M, identity information U _id and ciphertext The browser script ATV provides a link address for the user U to access by the browser;

Browser loading M, U_id、/>ATV script, executing ATV script, calculating hash value h (M) of file M by using hash algorithm (hash) built in script locally in browser, generating file containing M, task _M、h(m)、U_id,/>, using rule built in scriptThe two-dimensional code of the data is displayed on a browser page;

3.5 user U running user node Inputting a PIN code of a user; user node/>Using PIN code, identity information U _id and equipment environment parameters as input, and locally reproducing a user public and private key pair (UK _p,UK_s) by using a key derivation algorithm (kdf);

User node Reading the two-dimensional code provided by the browser, and analyzing M, task _M、h(m)、U_id,/>Ciphertext/>, with private key UK _s using decryption algorithm (dec)Performing decryption operation to obtain plaintext H (M) and S ^ATS H (M); further comparing whether H (M) is consistent with H (M), and if not, canceling signing; if so, using a signature verification algorithm (ver) with the public key/>, of the ATSPerforming signature verification operation on S ^ATS H (M), wherein the signature verification passes, and the fact that the content of the file checked and checked by the user U is consistent with the content of the subsequent signature confirmation is indicated;

S4, multiparty node signature operation: the method comprises the steps of user node signature, multiparty node cooperation operation, full node aggregate signature and verification, and notarization making quasi-text;

4.1 user node signature:

4.1.1 after the pass of the signature verification, the user node Signature operation is carried out on H (M) by using a signature algorithm (sign) through a private key UK _s to obtain a signature value S ^U (M), and signature operation is carried out on S ^ATS H (M) to obtain a signature value S ^U(S^ATS H (M));

User node Transmitting U _id、task_M、h(m)、S^U(m)、S^ATS H (M) to a task scheduling center;

4.1.2 the task scheduling center sends task _M、U_id to the identity management center to inquire the identity authentication state and authorization of user U;

4.1.3 the identity management center queries the identity and authorization database, if the user U is confirmed to have signing authority, returns a node list Nl _U of the user U to the task scheduling center, and if the user U does not have authority, returns a termination task;

4.2 multiparty node cooperative operation:

4.2.1 the task scheduling center analyzes Nl _U to obtain a collaboration node ₁,node₂,…node_n designated by the user U, wherein the collaboration node comprises notarized node _(z);

Task scheduling centers respectively send tasks _M and h (m) to node ₁,node₂,…node_n;

4.2.2, each node respectively calls a signature algorithm (sign) to finish signature operation on h (m) by using respective private keys, and each node respectively returns a signature value S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (m) to the task scheduling center;

4.2.3 the task scheduling center receives the signature values returned by all the nodes corresponding to the Nl _U, and the multi-party node cooperative signature is completed;

4.3 multiparty signature aggregation and signature verification:

4.3.1 the task scheduling center sends a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes to a notarization management system of a notarization institution to which a notarization node _(z) belongs;

4.3.2 notarization management System invoking the signing Algorithm (ver) Using the public Key of the notarization node _(z) Checking signature value S ^node(z) (m), passing the signature checking, and sending task _M、U_id to an identity management center;

4.3.3 the identity management center queries the identity and authorization database, if the user U is confirmed to have signing authority, the aggregation public key UP _apk of the multiparty signature of the user U is returned to the notary management system, and if the user U does not have authority, the termination task is returned;

The 4.3.4 notarization management system calls a multiparty signature aggregation algorithm (as) to execute operation on the signature value S ^U(m)、S^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) to generate a complete aggregation signature value S (M);

the notarization management system uses the aggregation public key UP _apk to check the aggregation signature value S (M), and the check passes, namely, the fact that all the multi-party node signatures selected by the user U are executed and are all effective is indicated, and the aggregation and verification of the multi-party signatures are completed;

4.4 notarized signature and method of making a quasi-text generation

4.4.1 After aggregation and verification of multiparty signatures are completed, the notarization management system uses the CA digital certificate private key of the notarization institutionSigning the hash value h (M) of the file M to generate a signature value/>

The notarization management system sends a task number task _M, an aggregate signature S (M) and a notarization certificate signatureTo a task scheduling center;

4.4.2 task scheduling center task _M, S (M), A forwarding service management system;

4.4.3 the service management System sums the signature values S (M) And the CA digital certificate of the notarization mechanism is synthesized to the signature domain of the document M to generate a quasi-text M _u containing notarization signature confirmation.

Further, the third type signature operation node is any terminal with operation capability in the network, and the node is responsible for returning a signature value after signing operation by a private key of the node when receiving an instruction of a task scheduling center; in step 2.1, the user U selects a node list Nl _U for multiparty calculation in cooperation with the user U from the node list Nl; the node list Nl _U contains at least one notarized node _(z); the rest nodes select any number and variety of combinations of user nodes, notarization nodes and third class signature operation nodes except the rest nodes.

The system comprises an initialization configuration unit, a user node task configuration unit, a task initiation and text locking unit and a multiparty node signature operation unit.

The method comprises the steps of initializing and configuring, configuring user node tasks, locking tasks and texts and calculating multiparty node signatures; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

User node Configuring a key derivation algorithm kdf, a signature algorithm sign, a signature verification algorithm ver and a decryption algorithm dec, wherein the node comprises a face recognition module and an identity authentication module;

Executing the user node task configuration step, specifically comprising:

User U runs user node tools through user nodes Sending a request to a task scheduling center TSC, and acquiring a node list Nl;

the user U inputs identity information U _id for identity and face comparison, sets a key known by the user, namely a PIN code, and simultaneously selects a node list Nl _U,Nl_U matched with the user for multiparty calculation from a node list Nl to contain at least one notarized node _(z);

User node Using PIN code, user identity information and equipment environment parameters as key factors, and adopting a key derivation algorithm kdf to generate a corresponding public-private key pair (UK _p,UK_s) for a user U, wherein UK _p is a public key and UK _s is a private key;

User node Using the private key UK _s to carry out signature operation S _ign(UK_s,U_id,Nl_U)＝S_Uid on the identity information U _id and the node list Nl _U to obtain a corresponding signature value S _Uid;

Operation is completed, user node Submitting the identity information U _id together with the signature value S _Uid, the public key UK _p and the selected node list Nl _U to a task scheduling centre;

Executing the steps of task initiation and text locking, which specifically comprises the following steps:

The user U receives a task _M sent by a service management system, accesses the service management system through a browser tool, and submits identity information U _id to the service management system to acquire a task;

The browser of the user U loads M, task _M、U_id sent by the service management system, ATV script, executing ATV script, calculating hash value h (M) of file M by using hash algorithm (hash) built in script locally in browser, generating file containing M, task _M、h(m)、U_id,/>, using rule built in scriptThe two-dimensional code of the data is displayed on a browser page;

user U operates user node Inputting a PIN code of a user; user node/>Using PIN code, identity information U _id and equipment environment parameters as input, and locally reproducing a user public and private key pair (UK _p,UK_s) by using a key derivation algorithm (kdf);

User node Reading the two-dimensional code provided by the browser, and analyzing M, task _M、h(m)、U_id,/>Ciphertext/>, with private key UK _s using decryption algorithm (dec)Performing decryption operation to obtain plaintext H (M) and S ^ATS H (M); further comparing whether H (M) is consistent with H (M), and if not, canceling signing; if so, using a signature verification algorithm (ver) with the public key/>, of the ATSPerforming signature verification operation on S ^ATS H (M), wherein the signature verification passes, and the fact that the content of the file checked and checked by the user U is consistent with the content of the subsequent signature confirmation is indicated;

executing the multiparty node signature operation step, which specifically comprises the following steps:

User node Signature algorithm (sign) is used to perform signature operation on H (M) with private key UK _s to obtain signature value S ^U (M), signature algorithm on S ^ATS H (M) to obtain signature value S ^U(S^ATS H (M)), and user node/>U _id、task_M、h(m)、S^U(m)、S^ATS H (M) is sent to the task scheduling center.

A user node is used for executing the decentralization electronic notarization signature method of the user node, and comprises an initialization configuration module, a user node task configuration module, a task initiation and text locking module and a multiparty node signature operation module.

A kind of third kind of signature operation node's decentralizing electronic notarization signature method, this method includes carrying out the initialization configuration step and multiparty node signature operation step; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

the third class signature operation node configures a signature algorithm sign and a public-private key pair, wherein the private key is S (node), and the public key is P (node);

executing the multiparty node signature operation step, which specifically comprises the following steps:

If any user selects the node to enter a node list Nl _U, receiving tasks _M and h (m) respectively sent by a task scheduling center; and calling a signature algorithm (sign) to complete signature operation on h (m) with a private key, and returning a signature value to the task scheduling center.

A third class signature operation node is used for executing the decentralization electronic notarization signature method of the third class signature operation node, and the node comprises an initialization configuration module and a multiparty node signature operation module.

The decentralizing electronic notarization signature method of notarization nodes comprises the steps of executing initialization configuration and multiparty node signature operation; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

Public certificate node (z) configures signature algorithm sign and public-private key pair, wherein the private key is The public key is

Executing the multiparty node signature operation step, which specifically comprises the following steps:

If any user selects to enter a node list NI _U, receiving tasks _M and h (m) respectively sent by a task scheduling center; and calling a signature algorithm (sign) to complete signature operation on h (m) with a private key, and returning a signature value to the task scheduling center.

The notarization node is used for executing the decentralization electronic notarization signature method of the notarization node and is characterized by comprising an initialization configuration module and a multiparty node signature operation module.

The method comprises the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

The identity management center IDC configures a database, wherein the database comprises an identity and authorization database and a node list Nl, the node list Nl records a node owner, a node public key and a node access address, and the node owner comprises user nodes, notarization nodes and third-class signature operation nodes; the identity and authorization database is used for recording the identity and signing authority of the user;

Executing the user node task configuration step, specifically comprising:

The identity management center IDC receives a user node list Nl _U fed back after identity verification by the notarization management system;

The identity management center reads the node list Nl _U, and queries the database to obtain a public key set P (node ₁,node₂,…node_n) of each corresponding node recorded in the node list Nl _U, wherein the public key set P comprises public keys corresponding to the notarized node _(z) Returning the public key set P (node ₁,node₂,…node_n) to the notarization management system;

The identity management center receives a signature value sent by the notarization management system after signing the notarization certificate Identity information U _id, an aggregation public key UP _apk, a user public key UK _p, and a signature value S _Uid;

the identity management center IDC comprises U _id、UP_apk、UK_p、S_Uid, Establishing association and logging in a database;

executing the multiparty node signature operation step, which specifically comprises the following steps:

The identity management center receives the task _M、U_id sent by the task scheduling center, inquires the identity and authorization database, returns a node list Nl _U of the user U to the task scheduling center if the user U is confirmed to have signing authority, and returns a termination task if the user U does not have authority;

The identity management center receives the task _M、U_id sent by the notary management system, inquires the identity and authorization database, returns a multiparty signature aggregation public key UP _apk of the user U to the notary management system if the user U is confirmed to have signing authority, and returns a termination task if the user U does not have authority.

An identity management center is used for executing the decentralization electronic notarization signing method of the identity management center, and the center comprises an initialization configuration module, a user node task configuration module and a multiparty node signing operation module.

The method comprises the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein;

The initialization configuration step is executed, and specifically comprises the following steps:

The task scheduling center TSC configures a memory and synchronously stores a node list Nl of the identity management center IDC;

Executing the user node task configuration step, specifically comprising:

Task scheduling center TSC receiving user node The sent request returns a node list Nl;

Task scheduling center TSC receiving user node The transmitted identity information U _id, signature value S _Uid, public key UK _p and selected node list Nl _U;

The task scheduling center analyzes the node list Nl _U, acquires a notarization node _(z) selected by a user, and sends U _id、S_Uid、UK_p、Nl_U to a notarization management system of a notarization mechanism to which the notarization node _(z) belongs;

the task scheduling center receives a signature value sent by a notarization management system after signing a notarization certificate Identity information U _id, an aggregation public key UP _apk, a user public key UK _p, and a signature value S _Uid;

executing the multiparty node signature operation step, which specifically comprises the following steps:

task scheduling center receives user node Transmitted U _id、task_M、h(m)、S^U(m)、S^ATS H (M);

The task scheduling center sends a task _M、U_id to the identity management center to inquire the identity authentication state and authorization of the user U;

The task scheduling center receives the inquiry reply information sent by the identity management center, if the user U is confirmed to have signing authority, the task scheduling center receives a node list Nl _U of the user U, and if the user U does not have the signing authority, the task scheduling center receives a termination task;

The task scheduling center analyzes Nl _U to obtain a collaboration node ₁,node₂,…node_n designated by a user U, wherein the collaboration node comprises notarized node _(z); send task _M, h (m) to node ₁,node₂,…node_n;

The task scheduling center receives the signature value S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (m) sent by the node ₁,node₂,…node_n until the signature value returned by all nodes corresponding to the Nl _U is received, and the cooperative signature of the multiple nodes is completed;

The task scheduling center sends a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes to a notarization management system of a notarization institution to which a notarization node _(z) belongs;

the task scheduling center receives a task number task _M, an aggregate signature S (M), and a notarized certificate signature sent after the aggregation and verification of the notarized management system multiparty signatures are completed Task _M, S (M),/>A forwarding service management system.

A task scheduling center is used for executing the decentralization electronic notarization signing method of the task scheduling center, and comprises an initialization configuration module, a user node task configuration module and a multiparty node signing operation module.

The method comprises the steps of executing initialization configuration, task initiation and text locking and multiparty node signature operation; wherein;

The initialization configuration step is executed, and specifically comprises the following steps:

The method comprises the steps that a service management system BS configures a browser script ATV, a password algorithm is integrated in the browser script ATV, and after a user loads a script through a browser, the browser can perform local hash operation and generate a two-dimensional code;

Executing the steps of task initiation and text locking, which specifically comprises the following steps:

The service management system BS receives a file M to be signed uploaded by a task initiator, determines a user U needing to sign the file, establishes a task number of task _M for the single task, and inputs the file M and a user public key UK _p to a security SDK;

The service management system BS receives encrypted task ciphertext sent by the secure SDK The service management system sends a task _M to a user U;

After receiving the task acquisition request of the user U, the service management system BS sends the file M, task number task _M, identity information U _id, and ciphertext The browser script ATV provides a link address for the user U to access by the browser;

executing the multiparty node signature operation step, which specifically comprises the following steps:

The service management system receives tasks _M, S (M), which are forwarded by the task scheduling center, Signature value S (M) and/>And the CA digital certificate of the notarization institution is synthesized to the signature domain of the document M to generate a quasi-text M _u containing notarization signature confirmation.

The system comprises an initialization configuration module, a task initiation and text locking module and a multiparty node signature operation module;

the system is capable of communicating with a secure SDK configured with a private key A hash algorithm hash, a signature algorithm (sign) and an encryption algorithm (enc), the black box accepting input of a predetermined source and format and providing output of a predetermined rule;

the secure SDK can receive a task encryption request sent by the service management system, call a hash value of a hash algorithm hash calculation file M as H (M), and call a signature algorithm hash to use a private key Calculating a signature value S ^ATS H (M) for H (M), calling an encryption algorithm (enc) to encrypt H (M) and S ^ATS H (M) by using a public key UK _p to obtain ciphertext/>And output to the service management system.

The decentralizing electronic notarization signature method of the notarization management system comprises the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein;

The initialization configuration step is executed, and specifically comprises the following steps:

The public certificate management system NTM configures a multiparty signature aggregation algorithm as, a multiparty public key aggregation algorithm apk, a signature algorithm sign, a signature verification algorithm ver, a CA digital certificate of a public certificate authority and a corresponding certificate private key

Executing the user node task configuration step, specifically comprising:

The notarization management system is used as a user selection mechanism and receives identity information U _id, a signature value S _Uid, a public key UK _p and a selected node list Nl _U of a user sent by a task scheduling center;

The notarization management system compares and checks the identity of the user U, and sends a user node list Nl _U to the identity management center after signature information S _Uid is checked and passed by using a public key UK _p;

The notarization management system receives the public key set P (node ₁,node₂,…node_n) of each corresponding node in the node list Nl _U sent by the identity management center, wherein the public key set P comprises the public keys corresponding to the notarization node _(z)

The notarization management system calls a public key aggregation algorithm apk to operate a user public key UK _p and a public key set P (node ₁,node₂,…node_n) so as to generate an aggregation public key UP _apk of the user U;

the notarization management system calls a signature algorithm sign and uses the private key of the CA digital certificate of the notarization institution Notarized certificate signing is carried out on U _id、UP_apk, and a signature value/>Transmitting U _id、UP_apk、UK_p、S_Uid,/>To an identity management center IDC, and synchronously returning a message to a task scheduling center to inform the user node of the user U that the registration is completed;

executing the multiparty node signature operation step, which specifically comprises the following steps:

the notarization management system receives a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes, which are sent by a task scheduling center; and the notarization management system belongs to the notarization institution of notarization node _(z);

the notarization management system calls a signature verification algorithm (ver) to use the public key of the notarization node _(z) Checking signature value S ^node(z) (m), passing the signature checking, and sending task _M、U_id to an identity management center;

The notarization management system receives inquiry reply information sent by the identity management center, if the user U is confirmed to have signing authority, the notarization management system receives an aggregation public key UP _apk of the multiparty signature of the user U, and if the notarization management system does not have authority, the notarization management system receives a termination task;

When the right is available, the notarization management system calls a multiparty signature aggregation algorithm (as) to execute operation on the signature value S ^U(m)、S^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) to generate a complete aggregated signature value S (M); signing the aggregated signature value S (M) by using an aggregated public key UP _apk, wherein the signing verification passes, namely that all multiparty node signatures selected by a user U are completely executed and are completely effective, and aggregation and verification of multiparty signatures are completed;

after the aggregation and verification of the multiparty signature are completed, the public certificate management system uses the CA digital certificate private key of the public certificate authority Signing the hash value h (M) of the file M to generate a signature value/>The task number task _M, the aggregate signature S (M), the notary certificate signature/>To the task scheduling center.

A notarization management system is used for executing the decentralization electronic notarization signature method of the notarization management system, and the system comprises an initialization configuration module, a user node task configuration module and a multiparty node signature operation module.

The invention has the beneficial effects that:

The invention takes the decentralization as a starting point, and constructs a network with a plurality of nodes, so that each time of effective signature of a user can be achieved by generating consensus through the joint participation of a plurality of nodes in the network, thereby overcoming the defects of a centralization platform. In the signature network of the multiparty nodes, any node user joining the network is a user of the electronic signature service and can also be a provider of the network support service, the user can define which nodes are needed to participate in common by the effective signature of the user, and all the nodes are controlled by all node owners, so that even constructors of the network system do not have the capability of forging the user signature; meanwhile, in order to enable the electronic signature files to be more easily mutually recognized in practice, the invention particularly introduces a notarization node with the identity of a third party notarization person into the network node, and the notarization mechanism can participate in the process of the user signature behavior in real time through the participation of the notarization node and provides notarization for the user when the electronic signature evidence is required to be provided.

The invention has the following specific advantages:

1. The electronic signature of the user does not need to depend on Ukey or on the digital certificate applied by the user;

2. The validity of the electronic signature is not verified by the authenticity of the digital certificate on the electronic file after the fact, but the notary directly gives a proof on the authenticity of the signature process;

3. without the user delegating signed control to the service provider, the use of the system does not rely on trust with the service provider.

Additional features and advantages of the invention will be set forth in the detailed description which follows.

Drawings

The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts throughout the exemplary embodiments of the invention.

Fig. 1 shows a schematic diagram of the system configuration of the present invention.

Fig. 2 shows a user node task configuration flow chart of the present invention.

FIG. 3 illustrates a task initiation and text locking flow chart of the present invention.

Fig. 4 shows a flow chart of a user node signature in a multiparty node signature calculation step of the present invention.

Fig. 5 shows a flowchart of the multiparty node cooperation operation in the multiparty node signature operation step of the present invention.

Fig. 6 shows a flowchart of the full node aggregate signature and verification in the multiparty node signature calculation step of the present invention.

FIG. 7 is a flow chart showing the generation of notarized petechiae text in the multi-party signature operation step of the present invention.

Detailed Description

Preferred embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.

Example 1:

The invention provides a decentralization electronic notarization signature method, which comprises the steps of user nodes The third type of signature operation node, notarization node _(z), task scheduling center TSC, identity management center IDC, business management system BS, notarization management system NTM and security SDK are communicated, wherein: the notarization node and the notarization management system are configured in a third party notarization organization with the identity of a trusted proving person, and the method comprises the following steps:

S1, initializing configuration steps:

1.1 user node Configuring a key derivation algorithm kdf, a signature algorithm sign, a signature verification algorithm ver and a decryption algorithm dec, wherein the node comprises a face recognition module and an identity authentication module; the user node operates on intelligent terminals such as mobile phones;

1.2, a third class signature operation node configures a signature algorithm sign and a public-private key pair, wherein the private key is S (node), and the public key is P (node);

The third type of signature operation node is a server with a built-in signature algorithm (sign) or other terminals with operation capability; when receiving an instruction of the task scheduling center, the node returns a signature value after signing operation by a private key of the node; in the network of the invention, any terminal with operation capability can be added to become a common node;

1.3 public security node (z) configures signature algorithm sign and public-private key pair, wherein the private key is The public key is

The notarization node is a terminal with operation capability controlled by a notarization mechanism, is in charge of signing operation by a private key of the node and returning a signature value when receiving an instruction of a task scheduling center, as the notarization node is the same as a third class signature operation node; in the network of the invention, only third party notarization institutions with trusted proving person identities can be added to become notarization nodes;

1.4 an IDC configuration database, wherein the database comprises an identity and authorization database and a node list Nl, the node list Nl records a node owner, a node public key and a node access address, and the node owner comprises a user node, a notarization node and a third type signature operation node; the identity and authorization database is used for recording the identity and signing authority of the user;

1.5 a task scheduling center TSC configuration memory synchronously stores a node list Nl of an identity management center IDC;

1.6 notarization management System NTM configures Multi-party signature aggregation Algorithm as, multi-party public Key aggregation Algorithm apk, signature Algorithm sign, signature verification Algorithm ver, CA digital certificate of notarization institution and corresponding certificate private Key

1.7, Configuring a browser script ATV by a service management system BS, wherein a password algorithm is integrated in the browser script ATV, and when a user loads a script through a browser, the browser can perform local hash operation and generate a two-dimensional code;

1.8 secure SDK configuration private Key A hash algorithm hash, a signature algorithm (sign) and an encryption algorithm (enc), wherein the black box receives input of a preset source and format and provides output of a preset rule;

S2, user node task configuration steps are shown in FIG. 2:

2.1 user U runs user node tools through user nodes Sending a request to a task scheduling center TSC, and acquiring a node list Nl;

the user U inputs identity information U _id for identity and face comparison, sets a key known by the user, namely a PIN code, and simultaneously selects a node list Nl _U,Nl_U matched with the user for multiparty calculation from a node list Nl to contain at least one notarized node _(z);

2.2 user node Using PIN code, user identity information and equipment environment parameters as key factors, and adopting a key derivation algorithm kdf to generate a corresponding public-private key pair (UK _p,UK_s) for a user U, wherein UK _p is a public key and UK _s is a private key;

User node Using the private key UK _s to carry out signature operation S _iSn(UK_s,U_id,Nl_U)＝S_Uid on the identity information U _id and the node list Nl _U to obtain a corresponding signature value S _Uid; during the operation, all operations are carried out locally for the user, and the PIN code of the user cannot be transmitted outwards in any form;

Operation is completed, user node Submitting the identity information U _id together with the signature value S _Uid, the public key UK _p and the selected node list Nl _U to a task scheduling centre;

2.3, the task scheduling center analyzes the node list Nl _U, acquires a notarization node _(z) selected by a user, and sends U _id、S_Uid、UK_p、Nl_U to a notarization management system of a notarization institution to which the notarization node _(z) belongs;

2.4 the notarization management system compares and checks the identity of the user U, and sends a user node list Nl _U to the identity management center after signature information S _Uid is checked and signed by using a public key UK _p;

2.5 the identity management center reads the node list Nl _U, and queries the database to obtain the public key set P (node ₁,node₂,…node_n) of each corresponding node described in the node list Nl _U, wherein the public key set P contains the public key corresponding to the notarized node _(z) Returning the public key set P (node ₁,node₂,…node_n) to the notarization management system;

2.6 notarization management system calls public key aggregation algorithm apk to operate user public key UK _p and public key set P (node ₁,node₂,…node_n) to generate aggregation public key UP _apk of user U;

the notarization management system calls a signature algorithm sign and uses the private key of the CA digital certificate of the notarization institution Notarized certificate signing is carried out on U _id、UP_apk, and a signature value/>Transmitting U _id、UP_apk、UK_p、S_Uid,/>To an identity management center IDC, and synchronously returning a message to a task scheduling center to inform the user node of the user U that the registration is completed;

2.7 identity management center IDC uses U _id、UP_apk、UK_p、S_Uid, Establishing association and logging in a database;

S3, a task initiating and text locking step is carried out, as shown in FIG. 3:

3.1 the business management system receives the file M to be signed uploaded from the task initiator, determines the user U needing to sign the file, establishes the task number as task _M for the single task, and inputs the file M and the user public key UK _p to the security SDK;

3.2 secure SDK invokes hash algorithm hash to calculate hash value of file M as H (M), invokes signature algorithm hash to private key Calculating a signature value S ^ATS H (M) for H (M), calling an encryption algorithm (enc) to encrypt H (M) and S ^ATS H (M) by using a public key UK _p to obtain ciphertext/>The task is output to a service management system, and the service management system sends a task _M to a user U;

3.3 the user U accesses the service management system through the browser tool and submits the identity information U _id to the service management system to acquire tasks;

3.4 the service management system adds the file M, task number task _M, identity information U _id and ciphertext The browser script ATV provides a link address for the user U to access by the browser;

browser loading M, task _M、U_id, ATV script, executing ATV script, calculating hash value h (M) of file M by using hash algorithm (hash) built in script locally in browser, generating file containing M, task _M、h(m)、U_id,/>, using rule built in scriptThe two-dimensional code of the data is displayed on a browser page;

3.5 user U running user node Inputting a PIN code of a user; user node/>Using PIN code, identity information U _id and equipment environment parameters as input, and locally reproducing a user public and private key pair (UK _p,UK_s) by using a key derivation algorithm (kdf);

User node Reading the two-dimensional code provided by the browser, and analyzing M, task _M、h(m)、U_id,/>Ciphertext/>, with private key UK _s using decryption algorithm (dec)Performing decryption operation to obtain plaintext H (M) and S ^ATS H (M); further comparing whether H (M) is consistent with H (M), and if not, canceling signing; if so, using a signature verification algorithm (ver) with the public key/>, of the ATSPerforming signature verification operation on S ^ATS H (M), wherein the signature verification passes, and the fact that the content of the file checked and checked by the user U is consistent with the content of the subsequent signature confirmation is indicated;

S4, multiparty node signature operation: the method comprises the steps of user node signature, multiparty node cooperation operation, full node aggregate signature and verification, and notarization making quasi-text;

4.1 user node signature as shown in fig. 4:

4.1.1 after the pass of the signature verification, the user node Signature operation is carried out on H (M) by using a signature algorithm (sign) through a private key UK _s to obtain a signature value S ^U (M), and signature operation is carried out on S ^ATS H (M) to obtain a signature value S ^U(S^ATS H (M));

User node Transmitting U _id、task_M、h(m)、S^U(m)、S^ATS H (M) to a task scheduling center;

4.1.2 the task scheduling center sends task _M、U_id to the identity management center to inquire the identity authentication state and authorization of user U;

4.1.3 the identity management center queries the identity and authorization database, if the user U is confirmed to have signing authority, returns a node list Nl _U of the user U to the task scheduling center, and if the user U does not have authority, returns a termination task;

4.2 Multi-party node collaboration operations, as shown in FIG. 5;

4.2.1 the task scheduling center analyzes Nl _U to obtain a collaboration node ₁,node₂,…node_n designated by the user U, wherein the collaboration node comprises notarized node _(z);

Task scheduling centers respectively send tasks _M and h (m) to node ₁,node₂,…node_n;

4.2.2, each node respectively calls a signature algorithm (sign) to finish signature operation on h (m) by using respective private keys, and each node respectively returns a signature value S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (m) to the task scheduling center;

4.2.3 the task scheduling center receives the signature values returned by all the nodes corresponding to the Nl _U, and the multi-party node cooperative signature is completed;

4.3 multiparty signature aggregation and signature verification, as shown in fig. 6;

4.3.1 the task scheduling center sends a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes to a notarization management system of a notarization institution to which a notarization node _(z) belongs;

4.3.2 notarization management System invoking the signing Algorithm (ver) Using the public Key of the notarization node _(z) Checking signature value S ^node(z) (m), passing the signature checking, and sending task _M、U_id to an identity management center;

4.3.3 the identity management center queries the identity and authorization database, if the user U is confirmed to have signing authority, the aggregation public key UP _apk of the multiparty signature of the user U is returned to the notary management system, and if the user U does not have authority, the termination task is returned;

The 4.3.4 notarization management system calls a multiparty signature aggregation algorithm (as) to execute operation on the signature value S ^U(m)、S^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) to generate a complete aggregation signature value S (M);

the notarization management system uses the aggregation public key UP _apk to check the aggregation signature value S (M), and the check passes, namely, the fact that all the multi-party node signatures selected by the user U are executed and are all effective is indicated, and the aggregation and verification of the multi-party signatures are completed;

4.4 notarized signature and quasi-text generation, as shown in FIG. 7;

4.4.1 after aggregation and verification of multiparty signatures are completed, the notarization management system uses the CA digital certificate private key of the notarization institution Signing the hash value h (M) of the file M to generate a signature value/>

The notarization management system sends a task number task _M, an aggregate signature S (M) and a notarization certificate signatureTo a task scheduling center;

4.4.2 task scheduling center task _M, S (M), A forwarding service management system;

4.4.3 the service management System sums the signature values S (M) And the CA digital certificate of the notarization mechanism is synthesized to the signature domain of the document M to generate a quasi-text M _u containing notarization signature confirmation.

Further, the third type signature operation node is any terminal with operation capability in the network, and the node is responsible for returning a signature value after signing operation by a private key of the node when receiving an instruction of a task scheduling center; in step 2.1, the user U selects a node list Nl _U for multiparty calculation in cooperation with the user U from the node list Nl; the node list Nl _U contains at least one notarized node _(z); the rest nodes select any number and variety of combinations of user nodes, notarization nodes and third class signature operation nodes except the rest nodes.

Example 2:

An decentralized electronic notarization signature system, as shown in figure 1, comprises user nodes A third type of signature operation node, a notarization node _(z), a task scheduling center TSC, an identity management center IDC, a service management system BS, a notarization management system NTM and a security SDK, wherein: the notarization node and the notarization management system are configured in a third party notarization organization with the identity of a trusted proving person, the system executes the decentralization electronic notarization signature method described in the embodiment 1, and the system comprises an initialization configuration unit, a user node task configuration unit, a task initiation and text locking unit and a multiparty node signature operation unit.

Example 3:

The method comprises the steps of initializing and configuring, configuring user node tasks, locking tasks and texts and calculating multiparty node signatures; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

User node Configuring a key derivation algorithm kdf, a signature algorithm sign, a signature verification algorithm ver and a decryption algorithm dec, wherein the node comprises a face recognition module and an identity authentication module;

Executing the user node task configuration step, specifically comprising:

User U runs user node tools through user nodes Sending a request to a task scheduling center TSC, and acquiring a node list Nl;

the user U inputs identity information U _id for identity and face comparison, sets a key known by the user, namely a PIN code, and simultaneously selects a node list Nl _U,Nl_U matched with the user for multiparty calculation from a node list Nl to contain at least one notarized node _(z);

User node Using PIN code, user identity information and equipment environment parameters as key factors, and adopting a key derivation algorithm kdf to generate a corresponding public-private key pair (UK _p,UK_s) for a user U, wherein UK _p is a public key and UK _s is a private key;

User node Using the private key UK _s to carry out signature operation S _ign(UK_s,U_id,Nl_U)＝S_Uid on the identity information U _id and the node list Nl _U to obtain a corresponding signature value S _Uid;

Operation is completed, user node Submitting the identity information U _id together with the signature value S _Uid, the public key UK _p and the selected node list Nl _U to a task scheduling centre;

Executing the steps of task initiation and text locking, which specifically comprises the following steps:

The user U receives a task _M sent by a service management system, accesses the service management system through a browser tool, and submits identity information U _id to the service management system to acquire a task;

The browser of the user U loads M, task _M、U_id sent by the service management system, ATV script, executing ATV script, calculating hash value h (M) of file M by using hash algorithm (hash) built in script locally in browser, generating file containing M, task _M、h(m)、U_id,/>, using rule built in scriptThe two-dimensional code of the data is displayed on a browser page;

user U operates user node Inputting a PIN code of a user; user node/>Using PIN code, identity information U _id and equipment environment parameters as input, and locally reproducing a user public and private key pair (UK _p,UK_s) by using a key derivation algorithm (kdf);

User node Reading the two-dimensional code provided by the browser, and analyzing M, taSk _M、h(m)、U_id,/>Ciphertext/>, with private key UK _s using decryption algorithm (dec)Performing decryption operation to obtain plaintext H (M) and S ^ATS H (M); further comparing whether H (M) is consistent with H (M), and if not, canceling signing; if so, using a signature verification algorithm (ver) with the public key/>, of the ATSPerforming signature verification operation on S ^ATS H (M), wherein the signature verification passes, and the fact that the content of the file checked and checked by the user U is consistent with the content of the subsequent signature confirmation is indicated;

executing the multiparty node signature operation step, which specifically comprises the following steps:

When a user node Signature algorithm (sign) is used to perform signature operation on H (M) with private key UK _s to obtain signature value S ^U (M), signature algorithm on S ^ATS H (M) to obtain signature value S ^U(S^ATS H (M)), and user node/>U _id、task_M、h(m)、S^U(m)、S^ATS H (M) is sent to the task scheduling center.

When a user U is selected by any other user to enter a node list Nl _U and needs to participate in multi-party node signature operation of other nodes, receiving tasks _M and h (m) respectively sent by a task scheduling center; and calling a signature algorithm (sign) to complete signature operation on h (m) with a private key, and returning a signature value to the task scheduling center.

Example 4:

A user node for executing the user node decentralizing electronic notarization signature method of embodiment 3 comprises an initialization configuration module, a user node task configuration module, a task initiation and text locking module and a multiparty node signature operation module.

Example 5:

A kind of third kind of signature operation node's decentralizing electronic notarization signature method, this method includes carrying out the initialization configuration step and multiparty node signature operation step; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

the third class signature operation node configures a signature algorithm sign and a public-private key pair, wherein the private key is S (node), and the public key is P (node);

executing the multiparty node signature operation step, which specifically comprises the following steps:

If any user selects the node to enter a node list Nl _U, receiving tasks _M and h (m) respectively sent by a task scheduling center; and calling a signature algorithm (sign) to complete signature operation on h (m) with a private key, and returning a signature value to the task scheduling center.

Example 6:

A third class signature operation node for performing the decentralised electronic notarization signature method of the third class signature operation node of embodiment 5, the node comprising an initialization configuration module and a multiparty node signature operation module.

Example 7:

The decentralizing electronic notarization signature method of notarization nodes comprises the steps of executing initialization configuration and multiparty node signature operation; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

Public certificate node (z) configures signature algorithm sign and public-private key pair, wherein the private key is The public key is

Executing the multiparty node signature operation step, which specifically comprises the following steps:

If any user selects the node to enter a node list Nl _U, receiving tasks _M and h (m) respectively sent by a task scheduling center; and calling a signature algorithm (sign) to complete signature operation on h (m) with a private key, and returning a signature value to the task scheduling center.

Example 8:

A notarization node for executing the decentralizing electronic notarization signing method of the notarization node of embodiment 7, wherein the node comprises an initialization configuration module and a multiparty node signing operation module.

Example 9:

The method comprises the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

The identity management center IDC configures a database, wherein the database comprises an identity and authorization database and a node list Nl, the node list Nl records a node owner, a node public key and a node access address, and the node owner comprises user nodes, notarization nodes and third-class signature operation nodes; the identity and authorization database is used for recording the identity and signing authority of the user;

Executing the user node task configuration step, specifically comprising:

The identity management center IDC receives a user node list Nl _U fed back after identity verification by the notarization management system;

The identity management center reads the node list Nl _U, and queries the database to obtain a public key set P (node ₁,node₂,…node_n) of each corresponding node recorded in the node list Nl _U, wherein the public key set P comprises public keys corresponding to the notarized node _(z) Returning the public key set P (node ₁,node₂,…node_n) to the notarization management system;

The identity management center receives a signature value sent by the notarization management system after signing the notarization certificate Identity information U _id, an aggregation public key UP _apk, a user public key UK _p, and a signature value S _Uid;

the identity management center IDC comprises U _id、UP_apk、UK_p、S_Uid, Establishing association and logging in a database;

executing the multiparty node signature operation step, which specifically comprises the following steps:

The identity management center receives the task _M、U_id sent by the task scheduling center, inquires the identity and authorization database, returns a node list Nl _U of the user U to the task scheduling center if the user U is confirmed to have signing authority, and returns a termination task if the user U does not have authority;

The identity management center receives the task _M、U_id sent by the notary management system, inquires the identity and authorization database, returns a multiparty signature aggregation public key UP _apk of the user U to the notary management system if the user U is confirmed to have signing authority, and returns a termination task if the user U does not have authority.

Example 10:

An identity management center for executing the method for decentralizing electronic notarization signature of the identity management center as described in embodiment 9, the center comprising an initialization configuration module, a user node task configuration module, and a multiparty node signature operation module.

Example 11:

the method comprises the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein;

The initialization configuration step is executed, and specifically comprises the following steps:

The task scheduling center TSC configures a memory and synchronously stores a node list Nl of the identity management center IDC;

Executing the user node task configuration step, specifically comprising:

Task scheduling center TSC receiving user node The sent request returns a node list Nl;

Task scheduling center TSC receiving user node The transmitted identity information U _id, signature value S _Uid, public key UK _p and selected node list Nl _U;

The task scheduling center analyzes the node list Nl _U, acquires a notarization node _(z) selected by a user, and sends U _id、S_Uid、UK_p、Nl_U to a notarization management system of a notarization mechanism to which the notarization node _(z) belongs;

the task scheduling center receives a signature value sent by a notarization management system after signing a notarization certificate Identity information U _id, an aggregation public key UP _apk, a user public key UK _p, and a signature value S _Uid;

executing the multiparty node signature operation step, which specifically comprises the following steps:

task scheduling center receives user node Transmitted U _id、task_M、h(m)、S^U(m)、S^ATS H (M);

The task scheduling center sends a task _M、U_id to the identity management center to inquire the identity authentication state and authorization of the user U;

The task scheduling center receives the inquiry reply information sent by the identity management center, if the user U is confirmed to have signing authority, the task scheduling center receives a node list Nl _U of the user U, and if the user U does not have the signing authority, the task scheduling center receives a termination task;

The task scheduling center analyzes Nl _U to obtain a collaboration node ₁,node₂,…node_n designated by a user U, wherein the collaboration node comprises notarized node _(z); send task _M, h (m) to node ₁,node₂,…node_n;

The task scheduling center receives the signature value S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (m) sent by the node ₁,node₂,…node_n until the signature value returned by all nodes corresponding to the Nl _U is received, and the cooperative signature of the multiple nodes is completed;

The task scheduling center sends a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes to a notarization management system of a notarization institution to which a notarization node _(z) belongs;

the task scheduling center receives a task number task _M, an aggregate signature S (M), and a notarized certificate signature sent after the aggregation and verification of the notarized management system multiparty signatures are completed Task _M, S (M),/>A forwarding service management system.

Example 12:

A task scheduling center for executing the decentralised electronic notarization signing method of the task scheduling center described in embodiment 11, the center comprising an initialization configuration module, a user node task configuration module and a multiparty node signature operation module.

Example 13:

The method comprises the steps of executing initialization configuration, task initiation and text locking and multiparty node signature operation; wherein;

The initialization configuration step is executed, and specifically comprises the following steps:

The method comprises the steps that a service management system BS configures a browser script ATV, a password algorithm is integrated in the browser script ATV, and after a user loads a script through a browser, the browser can perform local hash operation and generate a two-dimensional code;

Executing the steps of task initiation and text locking, which specifically comprises the following steps:

The service management system BS receives a file M to be signed uploaded by a task initiator, determines a user U needing to sign the file, establishes a task number of task _M for the single task, and inputs the file M and a user public key UK _p to a security SDK;

The service management system BS receives encrypted task ciphertext sent by the secure SDK The service management system sends a task _M to a user U;

After receiving the task acquisition request of the user U, the service management system BS sends the file M, task number task _M, identity information U _id, and ciphertext The browser script ATV provides a link address for the user U to access by the browser; /(I)

Executing the multiparty node signature operation step, which specifically comprises the following steps:

The service management system receives tasks _M, S (M), which are forwarded by the task scheduling center, Signature value S (M) and/>And the CA digital certificate of the notarization institution is synthesized to the signature domain of the document M to generate a quasi-text M _u containing notarization signature confirmation.

Example 14:

a business management system for executing the decentralised electronic notarization signing method of the business management system of embodiment 13, the system comprising an initialization configuration module, a task initiation and text locking module and a multiparty node signing operation module;

the system is capable of communicating with a secure SDK configured with a private key A hash algorithm hash, a signature algorithm (sign) and an encryption algorithm (enc), the black box accepting input of a predetermined source and format and providing output of a predetermined rule;

the secure SDK can receive a task encryption request sent by the service management system, call a hash value of a hash algorithm hash calculation file M as H (M), and call a signature algorithm hash to use a private key Calculating a signature value S ^ATS H (M) for H (M), calling an encryption algorithm (enc) to encrypt H (M) and S ^ATS H (M) by using a public key UK _p to obtain ciphertext/>And output to the service management system.

Example 15:

The decentralizing electronic notarization signature method of the notarization management system comprises the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein;

The initialization configuration step is executed, and specifically comprises the following steps:

The public certificate management system NTM configures a multiparty signature aggregation algorithm as, a multiparty public key aggregation algorithm apk, a signature algorithm sign, a signature verification algorithm ver, a CA digital certificate of a public certificate authority and a corresponding certificate private key

Executing the user node task configuration step, specifically comprising:

The notarization management system is used as a user selection mechanism and receives identity information U _id, a signature value S _Uid, a public key UK _p and a selected node list Nl _U of a user sent by a task scheduling center;

The notarization management system compares and checks the identity of the user U, and sends a user node list Nl _U to the identity management center after signature information S _Uid is checked and passed by using a public key UK _p;

The notarization management system receives the public key set P (node ₁,node₂,…node_n) of each corresponding node in the node list Nl _U sent by the identity management center, wherein the public key set P comprises the public keys corresponding to the notarization node _(z)

The notarization management system calls a public key aggregation algorithm apk to operate a user public key UK _p and a public key set P (node ₁,node₂,…node_n) so as to generate an aggregation public key UP _apk of the user U;

the notarization management system calls a signature algorithm sign and uses the private key of the CA digital certificate of the notarization institution Notarized certificate signing is carried out on U _id、UP_apk, and a signature value/>Transmitting U _id、UP_apk、UK_p、S_Uid,/>To an identity management center IDC, and synchronously returning a message to a task scheduling center to inform the user node of the user U that the registration is completed;

executing the multiparty node signature operation step, which specifically comprises the following steps:

the notarization management system receives a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes, which are sent by a task scheduling center; and the notarization management system belongs to the notarization institution of notarization node _(z);

the notarization management system calls a signature verification algorithm (ver) to use the public key of the notarization node _(z) Checking signature value S ^node(z) (m), passing the signature checking, and sending task _M、U_id to an identity management center;

The notarization management system receives inquiry reply information sent by the identity management center, if the user U is confirmed to have signing authority, the notarization management system receives an aggregation public key UP _apk of the multiparty signature of the user U, and if the notarization management system does not have authority, the notarization management system receives a termination task;

When the right is available, the notarization management system calls a multiparty signature aggregation algorithm (as) to execute operation on the signature value S ^U(m)、S^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) to generate a complete aggregated signature value S (M); signing the aggregated signature value S (M) by using an aggregated public key UP _apk, wherein the signing verification passes, namely that all multiparty node signatures selected by a user U are completely executed and are completely effective, and aggregation and verification of multiparty signatures are completed;

after the aggregation and verification of the multiparty signature are completed, the public certificate management system uses the CA digital certificate private key of the public certificate authority Signing the hash value h (M) of the file M to generate a signature value/>The task number task _M, the aggregate signature S (M), the notary certificate signature/>To the task scheduling center.

Example 16:

A notarization management system for executing the decentralization electronic notarization signing method of the notarization management system of embodiment 15, the system comprises an initialization configuration module, a user node task configuration module and a multiparty node signing operation module.

The foregoing description of embodiments of the invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described.

Claims (13)

1. An electronic notarization signature method for decentralization, characterized in that the method is composed of user nodesThe third type of signature operation node, notarization node _(z), task scheduling center TSC, identity management center IDC, business management system BS, notarization management system NTM and security SDK are communicated, wherein: the notarization node and the notarization management system are configured in a third party notarization organization with the identity of a trusted proving person, and the method comprises the following steps:

S1, initializing configuration steps:

1.1 user node Configuring a key derivation algorithm kdf, a signature algorithm sign, a signature verification algorithm ver and a decryption algorithm dec, wherein the node comprises a face recognition module and an identity authentication module;

1.2, a third class signature operation node configures a signature algorithm sign and a public-private key pair, wherein the private key is S (node), and the public key is P (node);

1.3 public security node (z) configures signature algorithm sign and public-private key pair, wherein the private key is Public key is/>

1.4 An IDC configuration database, wherein the database comprises an identity and authorization database and a node list Nl, the node list Nl records a node owner, a node public key and a node access address, and the node owner comprises a user node, a notarization node and a third type signature operation node; the identity and authorization database is used for recording the identity and signing authority of the user;

1.5 a task scheduling center TSC configuration memory synchronously stores a node list Nl of an identity management center IDC;

1.6 notarization management System NTM configures Multi-party signature aggregation Algorithm as, multi-party public Key aggregation Algorithm apk, signature Algorithm sign, signature verification Algorithm ver, CA digital certificate of notarization institution and corresponding certificate private Key

1.7, Configuring a browser script ATV by a service management system BS, wherein a password algorithm is integrated in the browser script ATV, and when a user loads a script through a browser, the browser can perform local hash operation and generate a two-dimensional code;

1.8 secure SDK configuration private Key A hash algorithm hash, a signature algorithm (sign) and an encryption algorithm (enc), wherein the black box receives input of a preset source and format and provides output of a preset rule;

s2, user node task configuration:

2.1 user U runs user node tools through user nodes Sending a request to a task scheduling center TSC, and acquiring a node list Nl;

the user U inputs identity information U _id for identity and face comparison, sets a key known by the user, namely a PIN code, and simultaneously selects a node list Nl _U,Nl_U matched with the user for multiparty calculation from a node list Nl to contain at least one notarized node _(z);

2.2 user node Using PIN code, user identity information and equipment environment parameters as key factors, and adopting a key derivation algorithm kdf to generate a corresponding public-private key pair (UK _p,UK_s) for a user U, wherein UK _p is a public key and UK _s is a private key;

User node Using the private key UK _s to carry out signature operation S _ign(UK_s,U_id,Nl_U)＝S_Uid on the identity information U _id and the node list Nl _U to obtain a corresponding signature value S _Uid;

Operation is completed, user node Submitting the identity information U _id together with the signature value S _Uid, the public key UK _p and the selected node list Nl _U to a task scheduling centre;

2.3, the task scheduling center analyzes the node list Nl _U, acquires a notarization node _(z) selected by a user, and sends U _id、S_Uid、UK_p、Nl_U to a notarization management system of a notarization institution to which the notarization node _(z) belongs;

2.4 the notarization management system compares and checks the identity of the user U, and sends a user node list Nl _U to the identity management center after signature information S _Uid is checked and signed by using a public key UK _p;

2.5 the identity management center reads the node list Nl _U, and queries the database to obtain the public key set P (node ₁,node₂,…node_n) of each corresponding node described in the node list Nl _U, wherein the public key set P contains the public key corresponding to the notarized node _(z) Returning the public key set P (node ₁,node₂,…node_n) to the notarization management system;

2.6 notarization management system calls public key aggregation algorithm apk to operate user public key UK _p and public key set P (node ₁,node₂,…node_n) to generate aggregation public key UP _apk of user U;

the notarization management system calls a signature algorithm sign and uses the private key of the CA digital certificate of the notarization institution Notarized certificate signing is carried out on U _id、UP_apk, and a signature value/>Transmitting U _id、UP_apk、UK_p、S_Uid,/>To an identity management center IDC, and synchronously returning a message to a task scheduling center to inform the user node of the user U that the registration is completed;

2.7 identity management center IDC uses U _id、UP_apk、UK_p、S_Uid, Establishing association and logging in a database;

S3, a task initiating and text locking step:

3.1 the business management system receives the file M to be signed uploaded from the task initiator, determines the user U needing to sign the file, establishes the task number as task _M for the single task, and inputs the file M and the user public key UK _p to the security SDK;

3.2 secure SDK invokes hash algorithm hash to calculate hash value of file M as H (M), invokes signature algorithm hash to private key Calculating a signature value S ^ATS H (M) for H (M), calling an encryption algorithm (enc) to encrypt H (M) and S ^ATS H (M) by using a public key UK _p to obtain ciphertext/>The task is output to a service management system, and the service management system sends a task _M to a user U;

3.3 the user U accesses the service management system through the browser tool and submits the identity information U _id to the service management system to acquire tasks;

3.4 the service management system adds the file M, task number task _M, identity information U _id and ciphertext The browser script ATV provides a link address for the user U to access by the browser;

browser loading M, task _M、U_id, ATV script, executing ATV script, calculating hash value h (M) of file M by using hash algorithm (hash) built in script locally in browser, generating file containing M, task _M、h(m)、U_id,/>, using rule built in scriptThe two-dimensional code of the data is displayed on a browser page;

3.5 user U running user node Inputting a PIN code of a user; user node/>Using PIN code, identity information U _id and equipment environment parameters as input, and locally reproducing a user public and private key pair (UK _p,UK_s) by using a key derivation algorithm (kdf);

User node Reading the two-dimensional code provided by the browser, and analyzing M, task _M、h(m)、U_id,/>Ciphertext/>, with private key UK _s using decryption algorithm (dec)Performing decryption operation to obtain plaintext H (M) and S ^ATS H (M); further comparing whether H (M) is consistent with H (M), and if not, canceling signing; if so, using a signature verification algorithm (ver) with the public key of the ATSPerforming signature verification operation on S ^ATS H (M), wherein the signature verification passes, and the fact that the content of the file checked and checked by the user U is consistent with the content of the subsequent signature confirmation is indicated;

S4, multiparty node signature operation: the method comprises the steps of user node signature, multiparty node cooperation operation, full node aggregate signature and verification, and notarization making quasi-text;

4.1 user node signature:

4.1.1 after the pass of the signature verification, the user node Signature operation is carried out on H (M) by using a signature algorithm (sign) through a private key UK _s to obtain a signature value S ^U (M), and signature operation is carried out on S ^ATS H (M) to obtain a signature value S ^U(S^ATS H (M));

User node Transmitting U _id、task_M、h(m)、S^U(m)、S^ATS H (M) to a task scheduling center;

4.1.2 the task scheduling center sends task _M、U_id to the identity management center to inquire the identity authentication state and authorization of user U;

4.1.3 the identity management center queries the identity and authorization database, if the user U is confirmed to have signing authority, returns a node list Nl _U of the user U to the task scheduling center, and if the user U does not have authority, returns a termination task;

4.2 multiparty node cooperative operation:

4.2.1 the task scheduling center analyzes Nl _U to obtain a collaboration node ₁,node₂,…node_n designated by the user U, wherein the collaboration node comprises notarized node _(z);

Task scheduling centers respectively send tasks _M and h (m) to node ₁,node₂,…node_n;

4.2.2, each node respectively calls a signature algorithm (sign) to finish signature operation on h (m) by using respective private keys, and each node respectively returns a signature value S ^node1(m)、S^node2(m)、S^node(z)(m)…S^node(n) (m) to the task scheduling center;

4.2.3 the task scheduling center receives the signature values returned by all the nodes corresponding to the Nl _U, and the multi-party node cooperative signature is completed;

4.3 multiparty signature aggregation and signature verification:

4.3.1 the task scheduling center sends a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)…S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes to a notarization management system of a notarization institution to which a notarization node _(z) belongs;

4.3.2 notarization management System invoking the signing Algorithm (ver) Using the public Key of the notarization node _(z) Checking signature value S ^node(z) (m), passing the signature checking, and sending task _M、U_id to an identity management center;

4.3.3 the identity management center queries the identity and authorization database, if the user U is confirmed to have signing authority, the aggregation public key UP _apk of the multiparty signature of the user U is returned to the notary management system, and if the user U does not have authority, the termination task is returned;

The 4.3.4 notarization management system calls a multiparty signature aggregation algorithm (as) to execute operation on the signature value S ^U(m)、S^node1(m)、S^node2(m)、S^node(z)(m)...S^node(n) (M) to generate a complete aggregation signature value S (M);

the notarization management system uses the aggregation public key UP _apk to check the aggregation signature value S (M), and the check passes, namely, the fact that all the multi-party node signatures selected by the user U are executed and are all effective is indicated, and the aggregation and verification of the multi-party signatures are completed;

4.4 notarized signature and method of making a quasi-text generation

4.4.1 After aggregation and verification of multiparty signatures are completed, the notarization management system uses the CA digital certificate private key of the notarization institutionSigning the hash value h (M) of the file M to generate a signature value/>

The notarization management system sends a task number task _M, an aggregate signature S (M) and a notarization certificate signatureTo a task scheduling center;

4.4.2 task scheduling center task _M, S (M), A forwarding service management system;

4.4.3 the service management System sums the signature values S (M) And the CA digital certificate of the notarization mechanism is synthesized to the signature domain of the document M to generate a quasi-text M _u containing notarization signature confirmation.

2. The method for decentralizing electronic notarization of claim 1, wherein the third class of signature operation node is any terminal with operation capability in the network, and the node is responsible for returning a signature value after signing operation by a private key of the node when receiving an instruction of a task scheduling center;

In step 2.1, the user U selects a node list Nl _U for multiparty calculation in cooperation with the user U from the node list Nl; the node list Nl _U contains at least one notarized node _(z); the rest nodes select any number and variety of combinations of user nodes, notarization nodes and third class signature operation nodes except the rest nodes.

3. An decentralized electronic notarization signature system for executing the decentralized electronic notarization signature method according to claim 1, characterized in that the system comprises an initialization configuration unit, a user node task configuration unit, a task initiation and text locking unit, and a multiparty node signature operation unit.

4. The method is characterized by comprising an initialization configuration step, a user node task configuration step, a task initiation and text locking step and a multiparty node signature operation step; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

User node Configuring a key derivation algorithm kdf, a signature algorithm sign, a signature verification algorithm ver and a decryption algorithm dec, wherein the node comprises a face recognition module and an identity authentication module;

Executing the user node task configuration step, specifically comprising:

User U runs user node tools through user nodes Sending a request to a task scheduling center TSC, and acquiring a node list Nl;

the user U inputs identity information U _id for identity and face comparison, sets a key known by the user, namely a PIN code, and simultaneously selects a node list Nl _U,Nl_U matched with the user for multiparty calculation from a node list Nl to contain at least one notarized node _(z);

User node Using PIN code, user identity information and equipment environment parameters as key factors, and adopting a key derivation algorithm kdf to generate a corresponding public-private key pair (UK _p,UK_s) for a user U, wherein UK _p is a public key and UK _s is a private key;

User node Using the private key UK _s to carry out signature operation S _ign(UK_s,U_id,Nl_U)＝S_Uid on the identity information U _id and the node list Nl _U to obtain a corresponding signature value S _Uid;

Operation is completed, user node Submitting the identity information U _id together with the signature value S _Uid, the public key UK _p and the selected node list Nl _U to a task scheduling centre;

Executing the steps of task initiation and text locking, which specifically comprises the following steps:

The user U receives a task _M sent by a service management system, accesses the service management system through a browser tool, and submits identity information U _id to the service management system to acquire a task;

The browser of the user U loads M, task _M、U_id sent by the service management system, ATV script, executing ATV script, calculating hash value h (M) of file M by using hash algorithm (hash) built in script locally in browser, generating file containing M, task _M, h (M), UId and/or I > by using rule built in scriptThe two-dimensional code of the data is displayed on a browser page;

user U operates user node Inputting a PIN code of a user; user node/>Using PIN code, identity information U _id and equipment environment parameters as input, and locally reproducing a user public and private key pair (UK _p,UK_s) by using a key derivation algorithm (kdf);

User node Reading the two-dimensional code provided by the browser, and analyzing M, task _M、h(m)、U_id,/>Ciphertext/>, with private key UK _s using decryption algorithm (dec)Performing decryption operation to obtain plaintext H (M) and S ^ATS H (M); further comparing whether H (M) is consistent with H (M), and if not, canceling signing; if so, using a signature verification algorithm (ver) with the public key of the ATSPerforming signature verification operation on S ^ATS H (M), wherein the signature verification passes, and the fact that the content of the file checked and checked by the user U is consistent with the content of the subsequent signature confirmation is indicated;

executing the multiparty node signature operation step, which specifically comprises the following steps:

User node Signature algorithm (sign) is used to perform signature operation on H (M) with private key UK _s to obtain signature value S ^U (M), signature algorithm on S ^ATS H (M) to obtain signature value S ^U(S^ATS H (M)), and user node/>U _id、task_M、h(m)、S^U(m)、S^ATS H (M) is sent to the task scheduling center.

5. A user node for performing the user node's decentralised electronic notarization signing method of claim 4, the node comprising an initialisation configuration module, a user node task configuration module, a task initiation and text locking module and a multiparty node signature operation module.

6. The method is characterized by comprising an initialization configuration step, a user node task configuration step and a multiparty node signature operation step; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

The identity management center IDC configures a database, wherein the database comprises an identity and authorization database and a node list Nl, the node list Nl records a node owner, a node public key and a node access address, and the node owner comprises user nodes, notarization nodes and third-class signature operation nodes; the identity and authorization database is used for recording the identity and signing authority of the user;

Executing the user node task configuration step, specifically comprising:

The identity management center IDC receives a user node list Nl _U fed back after identity verification by the notarization management system;

The identity management center reads the node list Nl _U, and queries the database to obtain a public key set P (node ₁,node₂,…node_n) of each corresponding node recorded in the node list Nl _U, wherein the public key set P comprises public keys corresponding to the notarized node _(z) Returning the public key set P (node ₁,node₂,…node_n) to the notarization management system;

The identity management center receives a signature value sent by the notarization management system after signing the notarization certificate Identity information U _id, an aggregation public key UP _apk, a user public key UK _p, and a signature value S _Uid;

the identity management center IDC comprises U _id、UP_apk、UK_p、S_Uid, Establishing association and logging in a database;

executing the multiparty node signature operation step, which specifically comprises the following steps:

The identity management center receives the task _M、U_id sent by the task scheduling center, inquires the identity and authorization database, returns a node list Nl _U of the user U to the task scheduling center if the user U is confirmed to have signing authority, and returns a termination task if the user U does not have authority;

The identity management center receives the task _M、U_id sent by the notary management system, inquires the identity and authorization database, returns a multiparty signature aggregation public key UP _apk of the user U to the notary management system if the user U is confirmed to have signing authority, and returns a termination task if the user U does not have authority.

7. An identity management center for performing the decentralised electronic notarization signing method of the identity management center of claim 6, the center comprising an initialization configuration module, a user node task configuration module, and a multiparty node signature operation module.

8. The method is characterized by comprising an initialization configuration step, a user node task configuration step and a multiparty node signature operation step; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

The task scheduling center TSC configures a memory and synchronously stores a node list Nl of the identity management center IDC;

Executing the user node task configuration step, specifically comprising:

Task scheduling center TSC receiving user node The sent request returns a node list Nl;

Task scheduling center TSC receiving user node The transmitted identity information U _id, signature value S _Uid, public key UK _p and selected node list Nl _U;

The task scheduling center analyzes the node list Nl _U, acquires a notarization node _(z) selected by a user, and sends U _id、S_Uid、UK_p、Nl_U to a notarization management system of a notarization mechanism to which the notarization node _(z) belongs;

the task scheduling center receives a signature value sent by a notarization management system after signing a notarization certificate Identity information U _id, an aggregation public key UP _apk, a user public key UK _p, and a signature value S _Uid;

executing the multiparty node signature operation step, which specifically comprises the following steps:

task scheduling center receives user node Transmitted U _id、task_M、h(m)、S^U (M), signature value S ^ATS H (M);

The task scheduling center sends a task _M、U_id to the identity management center to inquire the identity authentication state and authorization of the user U;

The task scheduling center receives the inquiry reply information sent by the identity management center, if the user U is confirmed to have signing authority, the task scheduling center receives a node list Nl _U of the user U, and if the user U does not have the signing authority, the task scheduling center receives a termination task;

The task scheduling center analyzes Nl _U to obtain a collaboration node ₁,node₂,…node_n designated by a user U, wherein the collaboration node comprises notarized node _(z); send task _M, h (m) to node ₁,node₂,…node_n;

The task scheduling center receives the signature value S ^node1(m)、S^node2(m)、S^node(z)(m)…S^node(n) (m) sent by the node ₁,node₂,…node_n until the signature value returned by all nodes corresponding to the Nl _U is received, and the cooperative signature of the multiple nodes is completed;

The task scheduling center sends a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)…S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes to a notarization management system of a notarization institution to which a notarization node _(z) belongs;

the task scheduling center receives a task number task _M, an aggregate signature S (M), and a notarized certificate signature sent after the aggregation and verification of the notarized management system multiparty signatures are completed Task _M, S (M),/>A forwarding service management system.

9. A task scheduling center for performing the decentralised electronic notarization signing method of the task scheduling center of claim 8, the center comprising an initialization configuration module, a user node task configuration module and a multiparty node signature operation module.

10. The method is characterized by comprising an initialization configuration step, a task initiation and text locking step and a multiparty node signature operation step; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

The method comprises the steps that a service management system BS configures a browser script ATV, a password algorithm is integrated in the browser script ATV, and after a user loads a script through a browser, the browser can perform local hash operation and generate a two-dimensional code;

Executing the steps of task initiation and text locking, which specifically comprises the following steps:

The service management system BS receives a file M to be signed uploaded by a task initiator, determines a user U needing to sign the file, establishes a task number of task _M for the single task, and inputs the file M and a user public key UK _p to a security SDK;

The service management system BS receives encrypted task ciphertext sent by the secure SDK The service management system sends a task _M to a user U;

After receiving the task acquisition request of the user U, the service management system BS sends the file M, task number task _M, identity information U _id, and ciphertext The browser script ATV provides a link address for the user U to access by the browser;

executing the multiparty node signature operation step, which specifically comprises the following steps:

The service management system receives tasks _M, S (M), which are forwarded by the task scheduling center, Signature value S (M) and the notarized signature value/>And the CA digital certificate of the notarization institution is synthesized to the signature domain of the document M to generate a quasi-text M _u containing notarization signature confirmation.

11. A business management system for executing the decentralised electronic notarization signing method of the business management system of claim 10, wherein the system comprises an initialization configuration module, a task initiation and text locking module and a multiparty node signing operation module;

the system is capable of communicating with a secure SDK configured with a private key A hash algorithm hash, a signature algorithm (sign) and an encryption algorithm (enc), the black box accepting input of a predetermined source and format and providing output of a predetermined rule;

the secure SDK can receive a task encryption request sent by the service management system, call a hash value of a hash algorithm hash calculation file M as H (M), and call a signature algorithm hash to use a private key Calculating a signature value S ^ATS H (M) for H (M), calling an encryption algorithm (enc) to encrypt H (M) and S ^ATS H (M) by using a public key UK _p to obtain ciphertext/>And output to the service management system.

12. The decentralizing electronic notarization signature method of the notarization management system is characterized by comprising the steps of executing initialization configuration, user node task configuration and multiparty node signature operation; wherein,

The initialization configuration step is executed, and specifically comprises the following steps:

The public certificate management system NTM configures a multiparty signature aggregation algorithm as, a multiparty public key aggregation algorithm apk, a signature algorithm sign, a signature verification algorithm ver, a CA digital certificate of a public certificate authority and a corresponding certificate private key

Executing the user node task configuration step, specifically comprising:

The notarization management system is used as a user selection mechanism and receives identity information U _id, a signature value S _Uid, a public key UK _p and a selected node list Nl _U of a user sent by a task scheduling center;

The notarization management system compares and checks the identity of the user U, and sends a user node list Nl _U to the identity management center after signature information S _Uid is checked and passed by using a public key UK _p;

The notarization management system receives the public key set P (node ₁,node₂,…node_n) of each corresponding node in the node list Nl _U sent by the identity management center, wherein the public key set P comprises the public keys corresponding to the notarization node _(z)

The notarization management system calls a public key aggregation algorithm apk to operate a user public key UK _p and a public key set P (node ₁,node₂,…node_n) so as to generate an aggregation public key UP _apk of the user U;

the notarization management system calls a signature algorithm sign and uses the private key of the CA digital certificate of the notarization institution Notarized certificate signing is carried out on U _id、UP_apk, and a signature value/>Transmitting U _id、UP_apk、UK_p、S_Uid,/>To an identity management center IDC, and synchronously returning a message to a task scheduling center to inform the user node of the user U that the registration is completed;

executing the multiparty node signature operation step, which specifically comprises the following steps:

The notarization management system receives a task number task _M, a hash value h (M) of a file M, signature values S ^node1(m)、S^node2(m)、S^node(z)(m)…S^node(n) (M) of all nodes, identity information U _id and signature values S ^U (M) of user nodes, which are sent by a task scheduling center; and the notarization management system belongs to the notarization institution of notarization node _(z);

the notarization management system calls a signature verification algorithm (ver) to use the public key of the notarization node _(z) Checking signature value S ^node(z) (m), passing the signature checking, and sending task _M、U_id to an identity management center;

The notarization management system receives inquiry reply information sent by the identity management center, if the user U is confirmed to have signing authority, the notarization management system receives an aggregation public key UP _apk of the multiparty signature of the user U, and if the notarization management system does not have authority, the notarization management system receives a termination task;

When the right is available, the notarization management system calls a multiparty signature aggregation algorithm (as) to execute operation on the signature value S ^U(m)、S^node1(m)、S^node2(m)、S^node(z)(m)…S^node(n) (M) to generate a complete aggregated signature value S (M); signing the aggregated signature value S (M) by using an aggregated public key UP _apk, wherein the signing verification passes, namely that all multiparty node signatures selected by a user U are completely executed and are completely effective, and aggregation and verification of multiparty signatures are completed;

after the aggregation and verification of the multiparty signature are completed, the public certificate management system uses the CA digital certificate private key of the public certificate authority Signing the hash value h (M) of the file M to generate a signature value/>The task number task _M, the aggregate signature S (M), the notary certificate signature/>To the task scheduling center.

13. A notarization management system for executing the decentralization electronic notarization signing method of the notarization management system as claimed in claim 12, wherein the system comprises an initialization configuration module, a user node task configuration module and a multiparty node signing operation module.