CN111865572B - Method and system for joint signature - Google Patents
Method and system for joint signature Download PDFInfo
- Publication number
- CN111865572B CN111865572B CN202010529531.5A CN202010529531A CN111865572B CN 111865572 B CN111865572 B CN 111865572B CN 202010529531 A CN202010529531 A CN 202010529531A CN 111865572 B CN111865572 B CN 111865572B
- Authority
- CN
- China
- Prior art keywords
- signature
- private key
- file
- signed
- nth
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000004364 calculation method Methods 0.000 claims abstract description 9
- 230000004913 activation Effects 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a joint signature method and a system, wherein the method comprises the following steps: the electronic signature system acquires a private key S, divides the private key S into N sub-private keys Sn, and respectively sends the sub-private keys Sn to an nth client; the nth client side sends the received sub private key Sn to the nth signature device; the nth signature device stores the received sub private key Sn; the electronic signature system enters a signable state. The electronic signature system sends the file to be signed to the nth client; the nth client side obtains the sub private key Sn, and the sub private key Sn is used for carrying out signature calculation on the file to be signed to obtain an nth signature value; the nth client side sends the sub private key Sn and the nth signature value to the electronic signature system; the electronic signature system merges the sub-private keys Sn into a private key S ', acquires the private key S and the signature image from the background server, compares the private key S ' with the private key S, and if the private key S ' is consistent with the private key S, performs signature operation on the signature image by using the private key S, and signs the signature image with the signature on the file to be signed.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method and a system for joint signature.
Background
The seal is an important certificate for people to make social and commercial communications. In China, the government, enterprises and public institutions and individuals release documents, sign contracts, receive and pay bills and the like all need to use the entity seal. With the development of internet technology, electronic commerce and digital information technology have been developed rapidly and have been widely applied in various fields. Therefore, the electronic signature technology becomes an indispensable identity authentication means in life and work of people after the physical seal.
By adopting the electronic signature technology, the business process can be simplified, and the resources such as manpower, material resources, paper and the like are saved. The existing electronic signature technology can complete the process after single signature, but in practical application, the issue of a file or the signing of a contract often needs a plurality of people or a plurality of organizations to sign and authorize before the file is effective, so how to realize multi-person combined signature by adopting the electronic signature technology is the problem to be solved at present.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a combined signature method;
another object of the present invention is to provide a joint signature system.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the invention provides a joint signature method on one hand, which comprises the following steps: the electronic signature system acquires a private key S and divides the private key S into N sub-private keys Sn, wherein N is a positive integer greater than 1, N =1, … … N; the electronic signature system sends the private key S to a background server and respectively sends the sub private keys Sn to the nth client; the nth client detects whether the nth signature equipment is connected or not, and sends the received sub private key Sn to the nth signature equipment after detecting that the nth signature equipment is connected; the nth signature device stores the received sub private key Sn; the electronic signature system enters a signable state, and the step of jointly signing the files to be signed comprises the following steps: the electronic signature system acquires a file to be signed and sends the file to be signed to the nth client; the nth client acquires a sub private key Sn from the nth signature device connected with the nth client; the nth client performs signature calculation on the file to be signed by using the sub private key Sn to obtain an nth signature value; the nth client side sends the sub private key Sn and the nth signature value to the electronic signature system; the electronic signature system receives the sub private keys Sn from each client, and the sub private keys Sn are combined into a private key S' according to a preset algorithm; the electronic signature system obtains a private key S and a signature image from a background server, compares the private key S 'with the private key S, if the private key S' is consistent with the private key S, performs signature operation on the signature image by using the private key S to generate a signature image with a signature, and signs the signature image with the signature at a first preset position on a file to be signed to generate a signed file.
Optionally, after the electronic signature system performs the joint signature step, the electronic signature system sends the signed file to the notarization system, and obtains a notarization signature file fed back by the notarization system, where the notarization signature file is a file generated after the notarization system signs at a second preset position on the signed file.
Optionally, after the electronic signature system performs the joint signature step, the electronic signature system generates information to be verified according to the signed file, wherein the information to be verified at least includes: the signature system comprises summary information of a signed file, signature information generated by signing the summary information by using a private key S and a signature certificate of the electronic signature system; the electronic signature system sends the information to be verified to the notarization system and obtains a verified file fed back by the notarization system, wherein the verified file comprises a file generated after the notarization system verifies and signs the information to be verified at a second preset position on the signed file after the notarization system passes the verification.
Optionally, after the electronic signature system obtains the signature image from the background server, before performing signature operation on the signature image by using the private key S, the method further includes: the electronic signature system acquires the entity seal picture, identifies entity seal information from the entity seal picture, compares the entity seal information with the signature image, and if the comparison is consistent, continues to execute the step of signature operation on the signature image by using the private key S.
Optionally, after the electronic signature system obtains the signature image from the background server, before performing signature operation on the signature image by using the private key S, the method further includes: and the electronic signature system acquires the activation information from the external security equipment, and continues to execute the step of performing signature operation on the signature image by using the private key S after acquiring the activation information.
In another aspect, the present invention provides a joint signature system, including: the system comprises an electronic signature system, N clients and N signature devices respectively connected with the clients, wherein N is a positive integer greater than 1; the electronic signature system is used for acquiring a private key S and dividing the private key S into N sub-private keys Sn; the private key S is sent to a background server, and the sub private keys Sn are respectively sent to the nth client; wherein N =1, … … N; the nth client is used for detecting whether the nth signature equipment is connected or not, and sending the received sub private key Sn to the nth signature equipment after detecting that the nth signature equipment is connected; the nth signature device is used for storing the received sub private key Sn; the electronic signature system is also used for opening a state capable of being signed, acquiring a file to be signed after entering the state capable of being signed, and sending the file to be signed to the nth client; the nth client is also used for acquiring a sub private key Sn from nth signature equipment connected with the nth client, carrying out signature calculation on a file to be signed by using the sub private key Sn to obtain an nth signature value, and sending the sub private key Sn and the nth signature value to the electronic signature system; the electronic signature system is also used for receiving the sub private keys Sn from each client and combining the sub private keys Sn into a private key S' according to a preset algorithm; the method comprises the steps of obtaining a private key S and a signature image from a background server, comparing the private key S 'with the private key S, if the private key S' is consistent with the private key S, performing signature operation on the signature image by using the private key S to generate a signature image with a signature, and signing the signature image with the signature at a first preset position on a file to be signed to generate a signed file.
Optionally, the electronic signature system is further configured to send the signed file to a notarization system, and obtain a notarization signature file fed back by the notarization system, where the notarization signature file is a file generated after the notarization system signs at a second preset position on the signed file.
Optionally, the electronic signature system is further configured to generate information to be verified according to the signed file, where the information to be verified at least includes: the signature system comprises summary information of a signed file, signature information generated by signing the summary information by using a private key S and a signature certificate of the electronic signature system; and sending the information to be verified to a notarization system, and acquiring a verified file fed back by the notarization system, wherein the verified file comprises a file generated after the notarization system passes the verification of the information to be verified and signs at a second preset position on the signed file.
Optionally, the electronic signature system is further configured to obtain an entity signature picture, identify entity signature information from the entity signature picture, compare the entity signature information with the signature image, and perform signature operation on the signature image by using the private key S if the comparison is consistent.
Optionally, the electronic signature system is further configured to acquire activation information from an external security device, and continue to perform signature operation on the signature image by using the private key S after the activation information is acquired.
According to the technical scheme provided by the invention, the electronic signature system divides the private key S into a plurality of sub private keys Sn and respectively sends each sub private key Sn to a client, so that a plurality of signature personnel can sign a file to be signed by using the sub private keys Sn distributed to the personnel. The electronic signature system respectively obtains the signature file and the sub private keys Sn from the client sides of a plurality of signature personnel, the sub private keys are spliced and then compared with the private key S, if the comparison is consistent, all signature personnel are proved to approve the signature file, and therefore the electronic signature system can carry out electronic signature on the signature file only after the comparison is consistent. Therefore, the joint signature system realizes the function of joint signature of multiple persons on the file.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a joint signature method according to embodiment 1 of the present invention;
fig. 2 is a diagram illustrating specific steps of jointly signing a to-be-signed file after the electronic signature system provided in embodiment 1 of the present invention enters a signable state;
fig. 3 is a schematic structural diagram of a joint signature system according to embodiment 2 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The present embodiment provides a method of joint signature, as shown in fig. 1, the method includes:
s1, an electronic signature system acquires a private key S and divides the private key S into N sub-private keys Sn; wherein N is a positive integer greater than 1, N =1, … … N.
And S2, the electronic signature system sends the private key S to a background server and respectively sends the sub private keys Sn to the nth client.
In this embodiment, taking N =3 as an example, that is, when a file to be signed is signed, the electronic signature system needs to sign the file after three signature personnel, user a, user B, and user C, all sign. The electronic signature system divides the private key S into 3 sub-private keys S1, S2 and S3, sends the sub-private key S1 to the 1 st client of the user A, sends the sub-private key S2 to the 2 nd client of the user B, sends the sub-private key S3 to the 3 rd client of the user C, and uploads the private key S to a background server for backup storage. As an alternative embodiment, the method of splitting the secret key S into N sub-secret keys Sn includes, but is not limited to: the characters of the private key S are equally divided into N character segments, and each character segment is used as a sub-private key. Thus, each signer may be assigned a child private key Sn.
And S3, the nth client detects whether the nth signature equipment is connected or not, and sends the received sub private key Sn to the nth signature equipment after detecting that the nth signature equipment is connected.
In this embodiment, the client may be an application program loaded on a user terminal (e.g., a computer, a mobile phone, a tablet computer, etc.), and the signature device may be an electronic device with data encryption and decryption functions, such as an intelligent password key.
And S4, the nth signature device stores the received sub private key Sn.
In this embodiment, the nth signature device stores the sub private key Sn allocated by the electronic signature system after receiving the sub private key Sn, so that the signature personnel can conveniently use the sub private key when needing to perform signature operation.
And S5, the electronic signature system enters a signable state and performs combined signature on the file to be signed.
In this embodiment, after the electronic signature system enters the signable state, the system can be applied to perform the joint signature operation. As shown in fig. 2, the step of the electronic signature system performing joint signature on the file to be signed specifically includes:
s5-1, the electronic signature system acquires a file to be signed and sends the file to be signed to an nth client;
in this step, the file to be signed may be an electronic version file, such as a PDF file, uploaded to the electronic signature system by the user.
S5-2, the nth client acquires a sub private key Sn from the nth signature device connected with the nth client;
s5-3, the nth client performs signature calculation on the file to be signed by using the sub private key Sn to obtain an nth signature value; the nth client side sends the sub private key Sn and the nth signature value to the electronic signature system;
in this step, after the user approves the content of the file to be signed, the user permits the file to be signed by connecting the signature device owned by the user and performing signature operation.
As an alternative implementation, taking N =3 as an example, the electronic signature system may sequentially send the files to be signed to the client of user a (i.e., the 1 st client), the client of user B (i.e., the 2 nd client), and the client of user C (i.e., the 3 rd client), respectively. That is to say, the client of the user a acquires the sub private key S1 from the 1 st signing device connected to the client, performs signature calculation on the ground signing file by using the sub private key S1 to obtain the 1 st signature value, and sends the 1 st signature value to the electronic signing system. After receiving the 1 st signature value, the electronic signature system sends the file to be signed to the client of the user B, and the client of the user B performs signature operation on the file to be signed to generate a 2 nd signature value. Similarly, the client of the user C performs signature operation on the file to be signed after the user B completes the signature operation to generate the 3 rd signature value. In practical application, the optional implementation manner can be applied to an application scenario in which a plurality of signature personnel are in leadership and subordinate relations, that is, after the user A signs the file to be signed, the file to be signed is submitted to the leadership user B of the user A for examination and approval through the electronic signature system, and so on.
As another alternative, taking N =3 as an example, the electronic signature system may send the file to be signed to the client of user a, the client of user B, and the client of user C at the same time. That is to say, all users can receive the file to be signed and perform signature operation on the file to be signed at the same time, and after each user completes the signature operation, the signature value is fed back to the electronic signature system through the client. In practical application, the optional implementation manner can be applied to an application scenario in which a plurality of signature personnel are in a hierarchical relationship, that is, a file to be signed can take effect after being approved by all users.
S5-4, the electronic signature system receives the sub private keys Sn from each client, and the sub private keys Sn are combined into a private key S' according to a preset algorithm;
in this step, the preset algorithm for splicing the sub-private keys Sn corresponds to the way of splitting the private key S. For example, the electronic signature system equally divides the characters of the private key S into N character segments, and sequentially uses each character segment as the sub-private key S1 and the sub-private key S2 … … sub-private key S3, so that the preset algorithm for splicing the sub-private keys Sn may be: the electronic signature system can splice the character segments of all the sub private keys Sn according to the sequence of the sub private key S1 and the sub private key S2 … … and the sub private key S3.
And S5-5, the electronic signature system acquires the private key S and the signature image from the background server, compares the private key S 'with the private key S, if the private key S' is consistent with the private key S, performs signature operation on the signature image by using the private key S to generate a signature image with a signature, signs the signature image with the signature on a first preset position on the file to be signed, and generates a signed file.
In this step, if the private key S' is consistent with the private key S, it can be verified that all signature personnel have signed the file to be signed. After all signers complete signing, the electronic signature system can utilize the private key S to sign the signature image, wherein the signature image can be an electronic image of a seal such as a official seal, a contract seal, a name seal and the like. Alternatively, the first preset position may be a blank identified on the file to be signed, or the first preset position is set as a lower right corner position of the file to be signed, and so on.
Therefore, through executing the steps S5-1 to S5-5, a plurality of signature personnel can use the electronic signature system to complete joint signature, and after the electronic signature system enters a signature-capable state, joint signature operation can be executed for a plurality of files to be signed.
In this embodiment, after a plurality of signers jointly sign a document to be signed, the signed document may be sent to a third-party notary institution for notarization of the document. As an optional implementation manner, after the electronic signature system performs the joint signature step in step S5, the electronic signature system sends the signed file to the notarization system, and obtains a notarization signature file fed back by the notarization system, where the notarization signature file is a file generated after the notarization system signs at a second preset position on the signed file. In this alternative embodiment, the notarization system may be an electronic signature system installed on the terminal of the third-party notarization institution. The notarization system receives the signed file from the electronic signature system, so that notarization personnel can verify the file content on the notarization system, and the notarization system is applied to sign the signed file after verification is passed. The notarization system can sign the electronic image of the notarization mechanism seal by using a private key of the notarization system to generate a notarization seal with a signature, and the notarization seal is loaded on a second preset position of the signed document to generate the notarization signature document. As another optional implementation manner, after the electronic signature system performs the joint signature step in step S5, the electronic signature system generates information to be verified according to the signed file, where the information to be verified at least includes: the signature system comprises summary information of a signed file, signature information generated by signing the summary information by using a private key S and a signature certificate of the electronic signature system; and the electronic signature system sends the information to be verified to the notarization system and acquires a verified file fed back by the notarization system, wherein the verified file comprises a file generated after the notarization system verifies the information to be verified and signs the information at a second preset position on the signed file after passing the verification. In this optional implementation, a person in the notary organization may use the notary system to verify the signed document, specifically, the notary system receives the signature certificate of the electronic signature system, and verifies the signature of the signature certificate by using the public key of the electronic signature system in the signature certificate, thereby verifying the authenticity of the signed document.
In this embodiment, after the electronic signature system in step S5-5 acquires the signature image from the background server, before performing signature operation on the signature image by using the private key S, the step may further include: the electronic signature system acquires the entity seal picture, identifies entity seal information from the entity seal picture, compares the entity seal information with the signature image, and if the comparison is consistent, continues to execute the step of signature operation on the signature image by using the private key S. Therefore, the authenticity of the acquired signature image can be verified in a mode of uploading the photo of the entity signature to the electronic signature system.
In this embodiment, after the electronic signature system in step S5-5 acquires the signature image from the background server, before performing signature operation on the signature image by using the private key S, the step may further include: and the electronic signature system acquires the activation information from the external security equipment, and continues to execute the step of performing signature operation on the signature image by using the private key S after acquiring the activation information. The external safety equipment can be an intelligent password Key (namely a USB Key) of a user, and can also be an electronic legal identity card and the like. Therefore, the activation information of the electronic signature system can be acquired through the external equipment containing the user identity information, so that the system can be activated after the user is authorized.
By adopting the joint signature method provided by the embodiment, the electronic signature system divides the private key S into a plurality of sub private keys Sn, each sub private key Sn is respectively sent to one client, and a plurality of signature personnel can utilize the sub private keys Sn distributed to the personnel to sign the files to be signed. The electronic signature system respectively obtains the signature file and the sub private keys Sn from the client sides of a plurality of signature personnel, the sub private keys are spliced and then compared with the private key S, if the comparison is consistent, all signature personnel are proved to approve the signature file, and therefore the electronic signature system can carry out electronic signature on the signature file only after the comparison is consistent. Therefore, the joint signature system realizes the function of joint signature of multiple persons on the file.
Example 2
The present embodiment provides a system for joint signature, as shown in fig. 3, the system includes: the electronic signature system comprises an electronic signature system 1, N clients 2 and N signature devices 3 respectively connected with the clients 2, wherein N is a positive integer larger than 1.
The electronic signature system 1 is used for acquiring a private key S and dividing the private key S into N sub-private keys Sn; the private key S is sent to a background server, and the sub private keys Sn are respectively sent to the nth client; wherein N =1, … … N; an nth client; the signature device is used for detecting whether the nth signature device is connected or not, and sending the received sub private key Sn to the nth signature device after the nth signature device is detected to be connected.
In this embodiment, taking N =3 as an example, that is, when a file to be signed is signed, the file to be signed may be signed only after three signers, namely, user a, user B, and user C, have signed the signature. The electronic signature system divides the private key S into 3 sub-private keys S1, S2 and S3, sends the sub-private key S1 to the 1 st client of the user A, sends the sub-private key S2 to the 2 nd client of the user B, sends the sub-private key S3 to the 3 rd client of the user C, and uploads the private key S to a background server for backup storage. As an alternative embodiment, the electronic signature system 1 is configured to divide the private key S into N sub-private keys Sn, and includes: the electronic signature system 1 is configured to divide the characters of the private key S into N character segments, and use each character segment as a sub-private key. Thus, each signer may be assigned a child private key Sn. In this embodiment, the client 2 may be an application program loaded on a user terminal (e.g., a computer, a mobile phone, a tablet computer, etc.), and the signature device 3 may be an electronic device with data encryption and decryption functions, such as an intelligent password key.
In this embodiment, the nth signature device 3 is configured to store the received child private key Sn. The nth signature device 3 stores the sub private key Sn distributed by the electronic signature system 1 after receiving the sub private key Sn, so that signature personnel can conveniently use the signature device when needing to perform signature operation. The electronic signature system 1 is also used for opening the signable state. After the electronic signature system 1 enters into the signable state, the system can be applied to perform the joint signature operation.
In this embodiment, after entering the state of being able to be signed, the electronic signature system 1 is further configured to obtain a file to be signed, and send the file to be signed to the nth client 2. The file to be signed may be an electronic version file uploaded to an electronic signature system by a user, such as a PDF file. The nth client 2 is further configured to obtain the sub private key Sn from the nth signature device 3 connected to the nth client, perform signature calculation on the file to be signed by using the sub private key Sn to obtain an nth signature value, and send the sub private key Sn and the nth signature value to the electronic signature system 1. Thus, after the user approves the content of the file to be signed, the user connects the signature device 3 owned by the user and performs a signature operation to permit the file to be signed.
As an alternative embodiment, taking N =3 as an example, the electronic signature system 1 may be configured to sequentially send files to be signed to the client 2 of the user a (i.e., the 1 st client 2), the client 2 of the user B (i.e., the 2 nd client 2), and the client 2 of the user C (i.e., the 3 rd client 2), respectively. That is to say, the client 2 of the user a obtains the sub private key S1 from the 1 st signing device 3 connected to the client, performs signature calculation on the ground signing file by using the sub private key S1 to obtain the 1 st signature value, and sends the 1 st signature value to the electronic signing system 1. The electronic signature system 1 is configured to send the file to be signed to the client 2 of the user B after receiving the 1 st signature value, and the client 2 of the user B performs signature operation on the file to be signed to generate the 2 nd signature value. Similarly, the client 2 of the user C performs the signature operation on the file to be signed after the user B completes the signature operation to generate the 3 rd signature value. In practical application, the optional implementation manner can be applied to an application scenario in which a plurality of signing personnel are leaders and subordinates, that is, after the user a signs the file to be signed, the file to be signed is submitted to the leader user B of the user a for approval through the electronic signature system, and so on.
As another optional embodiment, taking N =3 as an example, the electronic signature system 1 may be further configured to simultaneously send the file to be signed to the client 2 of the user a, the client 2 of the user B, and the client 2 of the user C. That is to say, all users can receive the file to be signed and perform signature operation on the file to be signed at the same time, and after each user completes the signature operation, the signature value is fed back to the electronic signature system 1 through the client 2. In practical application, the optional implementation manner can be applied to an application scene in which a plurality of signature personnel are in hierarchical relationship, namely, the file to be signed can take effect after being approved by all users.
In this embodiment, the electronic signature system 1 is further configured to receive the sub-private keys Sn from each client, and merge the sub-private keys Sn into the private key S' according to a preset algorithm. And the preset algorithm for splicing the sub private keys Sn corresponds to the mode for splitting the private key S. For example, the electronic signature system 1 may equally divide the characters of the private key S into N character segments, and sequentially use each character segment as the sub-private key S1 and the sub-private key S2 … … sub-private key S3, so that the preset algorithm for splicing the sub-private keys Sn may be: the electronic signature system 1 splices the character segments of all the sub private keys Sn according to the sequence of the sub private key S1 and the sub private key S2 … … and the sub private key S3.
In this embodiment, the electronic signature system 1 is further configured to obtain the private key S and the signature image from the background server, compare the private key S 'with the private key S, perform signature operation on the signature image by using the private key S if the private key S' is consistent with the private key S, generate a signature image with a signature, sign the signature image with the signature at a first preset position on the file to be signed, and generate a signed file. Therefore, if the private key S' is consistent with the private key S, all signature personnel can be proved to have signed the file to be signed. After all signers complete signing, the electronic signature system 1 can utilize the private key S to sign the signature image, wherein the signature image can be an electronic image of a seal such as a official seal, a contract seal, a name seal, and the like. Optionally, the first preset position may be a blank identified on the file to be signed, or a lower right corner of the file to be signed, or the like. Therefore, a plurality of signature personnel can use the electronic signature system 1 to complete the joint signature, and the electronic signature system 1 can execute the joint signature operation aiming at a plurality of files to be signed after entering the state of being signed.
In this embodiment, after a plurality of signers jointly sign a document to be signed, the signed document may be sent to a third-party notary institution for notarization of the document. As an optional implementation manner, the electronic signature system 1 is further configured to send the signed file to a notarization system, and obtain a notarization signature file fed back by the notarization system, where the notarization signature file is a file generated after the notarization system signs at a second preset position on the signed file. In this alternative embodiment, the notarization system may be an electronic signature system installed on the terminal of the third-party notarization institution. The notarization system receives the signed file from the electronic signature system 1, so that notarization personnel can verify the file content on the notarization system, and the notarization system is applied to sign the signed file after verification is passed. The notarization system can sign the electronic image of the notarization mechanism seal by using a private key of the notarization system to generate a notarization seal with a signature, and the notarization seal is loaded on a second preset position of the signed document to generate the notarization signature document. As another optional implementation manner, the electronic signature system 1 is further configured to generate information to be verified according to the signed file, where the information to be verified at least includes: the signature system comprises the summary information of a signed file, signature information generated by signing the summary information by using a private key S and a signature certificate of the electronic signature system 1; and sending the information to be verified to a notarization system, and acquiring a verified file fed back by the notarization system, wherein the verified file comprises a file generated after the notarization system passes the verification of the information to be verified and signs at a second preset position on the signed file. In this optional implementation, a person in the notary organization may use the notary system to verify the signed document, specifically, the notary system receives the signature certificate of the electronic signature system, and verifies the signature of the signature certificate by using the public key of the electronic signature system in the signature certificate, thereby verifying the authenticity of the signed document.
As an optional implementation manner, the electronic signature system 1 is further configured to obtain an entity signature picture, identify entity signature information from the entity signature picture, compare the entity signature information with the signature image, and perform signature operation on the signature image by using the private key S if the comparison is consistent. Therefore, the authenticity of the acquired signature image can be verified in a mode of uploading the photo of the entity signature to the electronic signature system.
As an optional implementation manner, the electronic signature system 1 is further configured to obtain activation information from an external security device, and continue to perform signature operation on the signature image by using the private key S after obtaining the activation information. The external safety equipment can be an intelligent password Key (namely a USB Key) of a user, and can also be an electronic legal identity card and the like. Therefore, the activation information of the electronic signature system can be acquired through the external equipment containing the user identity information, so that the system can be activated after the user is authorized.
By adopting the joint signature system provided by the embodiment, the electronic signature system 1 divides the private key S into a plurality of sub private keys Sn, and respectively sends each sub private key Sn to one client 2, and a plurality of signature personnel can utilize the sub private keys Sn distributed to the personnel to sign the files to be signed. The electronic signature system 1 respectively obtains the signature file and the sub private keys Sn from the client sides of a plurality of signature personnel, the sub private keys are spliced and then compared with the private key S, if the comparison is consistent, all the signature personnel are proved to approve the signature file, and therefore the electronic signature system 1 can carry out electronic signature on the signature file after the comparison is consistent. Therefore, the joint signature system realizes the function of multi-person joint signature of the file.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer-readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. A joint signature method is characterized in that,
the electronic signature system acquires a private key S and divides the private key S into N sub-private keys Sn, wherein N is a positive integer greater than 1, N =1, … … N;
the electronic signature system sends the private key S to a background server and respectively sends the sub private keys Sn to the nth client;
the nth client detects whether the nth signature equipment is connected or not, and sends the received sub private key Sn to the nth signature equipment after detecting that the nth signature equipment is connected;
the nth signature device stores the received sub private key Sn;
the electronic signature system enters a signable state, and the step of performing combined signature on the file to be signed comprises the following steps:
the electronic signature system acquires the file to be signed and sends the file to be signed to an nth client;
the nth client acquires the sub private key Sn from the nth signature device connected with the nth client;
the nth client performs signature calculation on the file to be signed by using the sub private key Sn to obtain an nth signature value;
the nth client side sends the sub private key Sn and the nth signature value to the electronic signature system;
the electronic signature system receives the sub private keys Sn from each client, and merges the sub private keys Sn into a private key S' according to a preset algorithm;
the electronic signature system obtains a private key S and a signature image from the background server, compares the private key S 'with the private key S, if the private key S' is consistent with the private key S, uses the private key S to perform signature operation on the signature image to generate a signature image with a signature, and signs the signature image with the signature at a first preset position on the file to be signed to generate a signed file.
2. The method of claim 1, wherein after the electronic signature system performs the step of joint signing, the method further comprises:
the electronic signature system sends the signed file to a notarization system, and acquires the notarization signature file fed back by the notarization system, wherein the notarization signature file is a file generated after the notarization system signs at a second preset position on the signed file.
3. The method of claim 1, wherein after the electronic signature system performs the step of joint signing, the method further comprises:
the electronic signature system generates information to be verified according to the signed file, wherein the information to be verified at least comprises: the signature system comprises the summary information of the signed file, signature information generated by signing the summary information by using the private key S and a signature certificate of the electronic signature system;
the electronic signature system sends the information to be verified to a notarization system and acquires a verified file fed back by the notarization system, wherein the verified file comprises a file generated after the notarization system verifies the information to be verified and signs at a second preset position on the signed file after the notarization system passes the verification.
4. The method according to any one of claims 1 to 3, wherein after the electronic signature system obtains the signature image from the background server, before performing a signature operation on the signature image by using the private key S, the method further comprises:
the electronic signature system acquires an entity signature picture, identifies entity signature information from the entity signature picture, compares the entity signature information with the signature image, and if the comparison is consistent, continues to execute the step of performing signature operation on the signature image by using the private key S.
5. The method according to any one of claims 1 to 3, wherein after the electronic signature system obtains the signature image from the background server, before performing a signature operation on the signature image by using the private key S, the method further comprises:
the electronic signature system acquires activation information from external security equipment, and continues to execute the step of performing signature operation on the signature image by using the private key S after acquiring the activation information.
6. A joint signature system, the system comprising: the system comprises an electronic signature system, N clients and N signature devices respectively connected with the clients, wherein N is a positive integer greater than 1;
the electronic signature system is used for acquiring a private key S and dividing the private key S into N sub-private keys Sn; the private key S is sent to a background server, and the sub private keys Sn are respectively sent to the nth client; wherein N =1, … … N;
the nth client is used for detecting whether the nth signature equipment is connected or not, and sending the received sub private key Sn to the nth signature equipment after detecting that the nth signature equipment is connected;
the nth signature device is used for storing the received sub private key Sn;
the electronic signature system is also used for opening a state capable of being signed, acquiring a file to be signed after entering the state capable of being signed, and sending the file to be signed to the nth client;
the nth client is further used for acquiring the sub private key Sn from nth signature equipment connected with the nth client, performing signature calculation on a file to be signed by using the sub private key Sn to obtain an nth signature value, and sending the sub private key Sn and the nth signature value to the electronic signature system;
the electronic signature system is also used for receiving the sub private keys Sn from each client and combining the sub private keys Sn into a private key S' according to a preset algorithm; the method comprises the steps of obtaining a private key S and a signature image from a background server, comparing the private key S 'with the private key S, if the private key S' is consistent with the private key S, performing signature operation on the signature image by using the private key S to generate a signature image with a signature, signing the signature image with the signature at a first preset position on a file to be signed, and generating a signed file.
7. The system of claim 6,
the electronic signature system is also used for sending the signed file to a notarization system and acquiring the notarization signature file fed back by the notarization system, wherein the notarization signature file is a file generated after the notarization system signs at a second preset position on the signed file.
8. The system of claim 6,
the electronic signature system is further configured to generate information to be verified according to the signed file, where the information to be verified at least includes: the signature system comprises the summary information of the signed file, signature information generated by signing the summary information by using the private key S and a signature certificate of the electronic signature system; and sending the information to be verified to a notarization system, and acquiring a verified file fed back by the notarization system, wherein the verified file comprises a file generated after the notarization system verifies the information to be verified and signs the information at a second preset position on the signed file.
9. The system according to any one of claims 6 to 8,
the electronic signature system is also used for acquiring an entity seal picture, identifying entity seal information from the entity seal picture, comparing the entity seal information with the signature image, and if the comparison is consistent, performing signature operation on the signature image by using the private key S.
10. The system according to any one of claims 6 to 8,
the electronic signature system is also used for acquiring activation information from external security equipment, and continuously performing signature operation on the signature image by using the private key S after the activation information is acquired.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010529531.5A CN111865572B (en) | 2020-06-11 | 2020-06-11 | Method and system for joint signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010529531.5A CN111865572B (en) | 2020-06-11 | 2020-06-11 | Method and system for joint signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111865572A CN111865572A (en) | 2020-10-30 |
| CN111865572B true CN111865572B (en) | 2023-01-31 |
Family
ID=72986106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010529531.5A Active CN111865572B (en) | 2020-06-11 | 2020-06-11 | Method and system for joint signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111865572B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676451B (en) * | 2020-12-24 | 2024-06-18 | 航天信息股份有限公司 | Electronic document signing method and device, storage medium and electronic equipment |
| CN112613841B (en) * | 2020-12-25 | 2024-05-31 | 江苏华能智慧能源供应链科技有限公司 | Electronic file approval method and system based on threshold password technology |
| CN114239004B (en) * | 2021-11-16 | 2025-04-25 | 中国南方电网有限责任公司 | Electronic signature generation method, device, computer equipment and storage medium |
| CN114679280A (en) * | 2022-03-15 | 2022-06-28 | 北京宏思电子技术有限责任公司 | RSA-based joint signature generation method and device |
| CN114971586A (en) * | 2022-06-24 | 2022-08-30 | 深圳市建筑设计研究总院有限公司 | A file signature method, device and storage medium |
| CN120528598A (en) * | 2025-07-17 | 2025-08-22 | 云南电网有限责任公司 | Electronic seal management and control method and system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8959353B2 (en) * | 2009-03-31 | 2015-02-17 | Topaz Systems, Inc. | Distributed system for multi-function secure verifiable signer authentication |
| CN104517048A (en) * | 2013-09-26 | 2015-04-15 | 天津书生软件技术有限公司 | Electronic seal implementing system and method |
| CN103679436B (en) * | 2013-12-17 | 2018-08-14 | 重庆邮电大学 | A kind of electronic contract security system and method based on biological information identification |
| CN106452775B (en) * | 2015-08-07 | 2020-01-14 | 阿里巴巴集团控股有限公司 | Method and device for realizing electronic signature and signature server |
| TWI639124B (en) * | 2017-05-01 | 2018-10-21 | 財金資訊股份有限公司 | Providing devices and methods, recording media and computer program products containing payment information of QR code |
| CN108763965A (en) * | 2018-05-23 | 2018-11-06 | 国信嘉宁数据技术有限公司 | Method, apparatus, equipment and the medium that electronic contract data are saved from damage |
-
2020
- 2020-06-11 CN CN202010529531.5A patent/CN111865572B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111865572A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111865572B (en) | Method and system for joint signature | |
| US11777726B2 (en) | Methods and systems for recovering data using dynamic passwords | |
| US20210224938A1 (en) | System and method for electronically providing legal instrument | |
| US11625465B2 (en) | Systems for identity validation and association | |
| JP2024056970A (en) | Digital Wallet Device | |
| CN114037435A (en) | Method and apparatus for providing information attestation using a centralized or distributed ledger | |
| WO2020042713A1 (en) | Document authentication method, device, equipment and readable medium | |
| US10812271B2 (en) | Privacy control using unique identifiers associated with sensitive data elements of a group | |
| CA3057398C (en) | Securely performing cryptographic operations | |
| US12200141B2 (en) | Systems and methods for conducting remote attestation | |
| US20180316509A1 (en) | Method and System for Authentication of Electronic Documents | |
| CN112367314B (en) | Identity authentication method, device, computing equipment and medium | |
| EP3884611A1 (en) | Method and system for providing a tamper proof record chain | |
| WO2013180745A1 (en) | Methods and systems for increasing the security private keys | |
| WO2020071939A1 (en) | Method and system for confidential paperless presentation of documents | |
| CN110690973B (en) | Identity verification method, identity verification device, identity verification medium and electronic equipment | |
| TWM626928U (en) | Online insurance approval system | |
| CN116112178B (en) | Verification identifier generation method, system, electronic device and storage medium | |
| Ajlouni et al. | Secure Mobile Authentication With Blockchain | |
| TWI805142B (en) | Online insurance approval system | |
| CN107248919A (en) | Generation and the method and apparatus of Graphics Application coding | |
| Goli et al. | QR Code Scanning as a Highly Available Surrogate of NFC for Verifiable Presentation Exchange | |
| CN119227040A (en) | A global quantum-secure electronic signature system and method | |
| CN116128508A (en) | Transaction certificate generation method and device, processor and electronic equipment | |
| Costa | Reducing fraud in authentication systems using attribute certificates |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |