HK1233794A - Method and apparatus for accomplishing electronic signing and signing server - Google Patents
Method and apparatus for accomplishing electronic signing and signing server Download PDFInfo
- Publication number
- HK1233794A HK1233794A HK17107234.2A HK17107234A HK1233794A HK 1233794 A HK1233794 A HK 1233794A HK 17107234 A HK17107234 A HK 17107234A HK 1233794 A HK1233794 A HK 1233794A
- Authority
- HK
- Hong Kong
- Prior art keywords
- hash value
- digital certificate
- private
- encrypted
- electronic document
- Prior art date
Links
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an apparatus for implementing electronic signature, and a signature server.
Background
When electronic signature is needed to be carried out on electronic files provided for users by large-scale internet financial enterprises, the private key used by the electronic signature in the prior art is placed in a U shield, when the users use the electronic signature, the U shield is inserted into a computer, and an electronic signature system carries out signature on the electronic files by acquiring the private key in the U shield corresponding to a public key in a digital certificate.
Disclosure of Invention
In view of this, the present application provides a new technical solution, which can solve the technical problems of applying for electronic signatures of electronic documents in real time in an internet manner when the number of users is large, and reducing hardware cost in the electronic signature process.
In order to achieve the above purpose, the present application provides the following technical solutions:
according to a first aspect of the present application, a method for implementing an electronic signature is provided, including:
determining a hash value of an electronic document to be signed;
encrypting the hash value by adopting a private key corresponding to a public key in a digital certificate;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
According to a second aspect of the present application, a method of implementing an electronic signature is presented, comprising:
determining a hash value of an electronic document to be signed;
sending the hash value and a second secret key of the electronic document to the third-party service platform through a second private network, wherein the second secret key is a secret key preset between the signature server and the third-party service platform;
after the third-party service platform encrypts the hash value by using the second secret key, receiving the encrypted hash value through the second private network;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
According to a third aspect of the present application, an apparatus for implementing an electronic signature is provided, including:
the determining module is used for determining the hash value of the electronic document to be signed;
the first encryption module is used for encrypting the hash value determined by the determination module by adopting a private key corresponding to a public key in a digital certificate;
and the signature synthesis module is used for synthesizing the hash value, the digital certificate and the picture of the electronic signature which are encrypted by the first encryption module into the electronic document.
According to a fourth aspect of the present application, there is provided a signature server comprising:
a processor; a memory for storing the processor-executable instructions;
wherein the processor is configured to:
determining a hash value of an electronic document to be signed;
encrypting the hash value by adopting a private key corresponding to a public key in a digital certificate;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
According to a fifth aspect of the present application, there is provided a signature server comprising:
a processor; a memory for storing the processor-executable instructions;
wherein the processor is configured to:
determining a hash value of an electronic document to be signed;
sending the hash value and a second secret key of the electronic document to the third-party service platform through a second private network, wherein the second secret key is a secret key preset between the signature server and the third-party service platform;
after the third-party service platform encrypts the hash value by using the second secret key, receiving the encrypted hash value through the second private network;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
According to the technical scheme, the Hash value is encrypted by the private key corresponding to the public key in the digital certificate, and the encrypted Hash value, the digital certificate and the picture of the electronic signature are synthesized into the electronic document, so that the problem of high implementation cost of the U-shield signature scheme in the prior art is solved, the mode of Internet signature is realized, the user cost is reduced, and the safety and the public credibility of the electronic signature are improved by encrypting the Hash value and synthesizing the encrypted Hash value and the digital certificate onto the electronic document.
Drawings
FIG. 1A shows a flowchart of a method of implementing an electronic signature in accordance with an example embodiment of the present invention;
FIG. 1B shows a schematic view of a picture of an electronic signature according to an example embodiment of the invention;
FIG. 1C shows a schematic diagram of a digital certificate in accordance with an exemplary embodiment of the present invention;
FIG. 2A shows a flowchart of a method of implementing an electronic signature in accordance with another example embodiment of the present invention;
FIG. 2B shows a scene diagram according to another exemplary embodiment of the invention;
FIG. 3A shows a flowchart of a method of implementing an electronic signature in accordance with yet another example embodiment of the present invention;
FIG. 3B shows a scene diagram according to yet another exemplary embodiment of the invention;
FIG. 4A shows a flowchart of a method of implementing an electronic signature in accordance with yet another example embodiment of the present invention;
FIG. 4B shows a scene diagram according to yet another exemplary embodiment of the invention;
FIG. 5 shows a schematic structural diagram of a signature server according to an exemplary embodiment of the present invention;
FIG. 6 shows a schematic structural diagram of an apparatus for implementing electronic signature according to an exemplary embodiment of the present invention;
fig. 7 shows a schematic structural diagram of an apparatus for implementing electronic signature according to another exemplary embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
For further explanation of the present application, the following examples are provided:
according to one embodiment of the application, the hash value is encrypted by a private key corresponding to a public key in the digital certificate, and the encrypted hash value, the digital certificate and the picture of the electronic signature are synthesized into the electronic document, so that the problem of high implementation cost of a U-shield signature scheme in the prior art is solved, an internet signature mode is realized, the user cost is reduced, and the security and the public trust of the electronic signature are improved by encrypting the hash value and synthesizing the encrypted hash value and the digital certificate onto the electronic document.
FIG. 1A shows a schematic flow diagram of a method of implementing an electronic signature in accordance with an exemplary embodiment of the present invention, FIG. 1B shows a schematic diagram of an electronic signature in accordance with an exemplary embodiment of the present invention, and FIG. 1C shows a schematic diagram of a digital certificate in accordance with an exemplary embodiment of the present invention; can be applied to a signature server. As shown in fig. 1A, the method for implementing an electronic signature includes the following steps:
step 101, determining a hash value of an electronic document to be signed;
102, encrypting the hash value by adopting a private key corresponding to a public key in a digital certificate;
and 103, synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
In step 101, in an embodiment, the electronic document may be a local file (e.g., a certification file, an electronic receipt, etc.); in another embodiment, the electronic document may be from a first service platform, which may be a payment-like financial service platform (e.g., pay for treasure), and correspondingly, the electronic document may be an asset certificate, a bill, an electronic receipt; in another embodiment, the electronic document may be from a second business platform, which may be a deposit type financial business platform (e.g., money and treasures), and correspondingly, the electronic document may be a loan and interest certificate; in yet another embodiment, the electronic document may be from a third service platform, and the third service platform may be an internet financial service platform (e.g., an internet banking), and accordingly, the electronic document may be an electronic certificate applied by the end user, and so on.
In an embodiment, the electronic signature may be an electronic signature of an enterprise corresponding to the first service platform, an electronic signature of an enterprise corresponding to the second service platform, and an electronic signature of an enterprise corresponding to the third service platform. In one embodiment, the Hash value of the electronic document may be extracted by a Hash (Hash) algorithm.
In step 102, in an embodiment, the encryption mode of the hash value may be determined according to the source of the electronic document, for example, if the electronic document comes from the first service platform, an encryption machine may be set in the signing server, and a private key in the digital certificate is encrypted by a first key (also referred to as a master key) of the encryption machine; for another example, if the electronic document is from the second service platform, the hash value may be sent to a third party certificate authority (e.g., a CA center) through the first private network, and the third party certificate authority encrypts the hash value by using a private key corresponding to the public key in the digital certificate, and then returns the encrypted hash value to the signature server through the first private network; for another example, if the electronic document is from a third service platform, the hash value, a second secret key set between the signing server and a third-party financial platform may be sent to an encryption machine of the third service platform through a second private network, the third service platform encrypts the hash value by using the second secret key set by both parties through the encryption machine, and then the third service platform returns the encrypted hash value to the signing server. The electronic documents from different sources are encrypted by adopting different encryption modes to encrypt the hash value, so that personalized service requirements can be met.
In step 103, in an embodiment, the corresponding electronic signature picture may be obtained from the corresponding service platform (the first service platform, the second service platform, and the third service platform), and a combining manner of combining the encrypted hash value, the digital certificate, and the electronic signature picture into the electronic document may refer to related descriptions in the prior art, and will not be described in detail herein.
As shown in fig. 1B, the electronic signature synthesized on the electronic document is "AB company", and when a click event on the electronic signature of "AB company" is monitored, the related information of the digital certificate shown in fig. 1C is displayed, and since the digital certificate is acquired by the third-party certificate authority, the user can verify the authenticity of the electronic signature through the digital certificate.
As can be seen from the above description, the embodiment of the present invention implements the mode of internet signing through steps S101 to S103, solves the problem of high implementation cost of the U-shield signing scheme in the prior art, reduces user cost, and improves security and public trust of electronic signing by encrypting the hash value and synthesizing the encrypted hash value and the digital certificate into the electronic document.
FIG. 2A shows a flowchart of a method of implementing an electronic signature according to another exemplary embodiment of the invention, and FIG. 2B shows a scene diagram of a method of implementing an electronic signature according to another exemplary embodiment of the invention; the embodiment is exemplified by taking the electronic document provided from the first service platform as an example. As shown in fig. 2A, the method for implementing an electronic signature includes the following steps:
step 201, determining a hash value of an electronic document to be signed;
step 202, obtaining a digital certificate and a private key corresponding to a public key in the digital certificate, wherein the private key is encrypted;
step 203, decrypting the encrypted private key;
step 204, encrypting the hash value by using the decrypted private key;
and step 205, synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
The description of step 201 above can be referred to the related description of step 101 above, and is not detailed here.
In steps 202 to 204, in an embodiment, the digital certificate and the encrypted private key may be obtained from the cloud database, wherein the private key corresponding to the public key in the digital certificate may be encrypted by a first key (also referred to as a master key) of an encryption engine on the signature server, and then stored in the cloud database, and the encrypted private key stored in the cloud database may be decrypted when needed. In another embodiment, the cloud database may store a large number of digital certificates and private keys corresponding to public keys in the digital certificates, thereby implementing secure storage of the large number of digital certificates and private keys corresponding to the public keys in the digital certificates.
The description of step 205 above can be referred to the related description of step 103 above, and will not be described in detail here.
As an exemplary scenario, as shown in fig. 2B, the signature server 22 applies for a digital certificate from the third party certificate authority 21, encrypts a private key corresponding to a public key in the digital certificate by using a first key of an encryption machine (not shown) local to the signature server 22, and stores the encrypted private key and the digital certificate in the cloud database 23. The signature server 22 obtains an electronic document to be electronically signed from the first service platform 24, extracts a hash value of the electronic document by using a hash algorithm, obtains a digital certificate and an encrypted private key from the cloud database 23, transmits the digital certificate and the encrypted private key to a local encryption machine of the signature server 22 together with the hash value, decrypts the private key corresponding to the public key in the digital certificate in the local encryption machine of the signature server 22 to obtain the private key corresponding to the public key in the digital certificate, encrypts the hash value by using the private key, and finally, the signature server 22 synthesizes the encrypted hash value, the digital certificate and the electronic signature to the electronic document, thereby providing the electronic document for a user. Since the process of decrypting the private key corresponding to the public key in the digital certificate by the first private key and encrypting the hash value by the private key corresponding to the public key of the digital certificate are both processed inside the encryption machine of the signature server, the security of the private key corresponding to the public key in the digital certificate is ensured during the use process.
In this embodiment, because the digital certificate and the encrypted private key are stored in the cloud database, when electronic signing is required to be performed on an electronic document, the digital certificate and the encrypted private key of the digital certificate are obtained from the cloud database, which can prevent an encryption machine in a third party authentication center in the prior art from being capable of only storing a limited number of private keys corresponding to the public keys in the digital certificate, thereby supporting the characteristics of large data volume and high concurrency of internet signing, and ensuring the security of the private key corresponding to the public key in the digital certificate.
FIG. 3A shows a flowchart illustrating a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention, and FIG. 3B shows a scene diagram illustrating a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention; the embodiment is exemplified by the electronic document provided by the second service platform. As shown in fig. 3A, the method for implementing an electronic signature includes the following steps:
step 301, determining a hash value of an electronic document to be signed;
step 302, sending the hash value of the electronic document to a third party authentication center through a first private network, wherein the third party authentication center is used for generating a digital certificate and encrypting the hash value by using a private key corresponding to a public key in the digital certificate;
step 303, receiving the encrypted hash value from the third party authentication center through the first private network;
and step 304, synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
The description of step 301 above can be referred to the related description of step 101 above, and will not be described in detail here.
In step 302 and step 303, in an embodiment, the first private network may be a private communication network connected to the signature server and the authentication center, no other device is accessed in the private communication network, and the security of the hash value may be ensured by transmitting the hash value and the encrypted hash value through the first private network.
The description of step 304 above can be referred to the related description of step 103 above, and will not be described in detail here.
As an exemplary scenario, as shown in FIG. 3B, the signature server 31 is federated in signature with the third party certificate authority 32. In the joint signature process, the signature server 31 extracts the hash value of the electronic document through a hash algorithm, the signature server 31 sends the hash value to the third party authentication center 32 through the first private network, the third party authentication center 32 encrypts the hash value by using a private key corresponding to a public key in the digital certificate, then the encrypted hash value is returned to the signature server 31 through the first private network, and the signature server 31 synthesizes the encrypted hash value, the digital certificate and the electronic signature into the electronic document, so that the electronic document can be provided for a user.
In the embodiment, the hash value of the electronic document is sent to the third party authentication center through the first private network, after the third party certificate authority encrypts the hash value by the private key corresponding to the public key in the digital certificate, receiving the encrypted hash value through the first private network, synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document, solves the problem of high implementation cost of the U shield signature scheme in the prior art, reduces the user cost, the public trust of the electronic signature is improved by encrypting the hash value by using the private key which is stored in the third party authentication center and corresponds to the public key in the digital certificate and then synthesizing the digital certificate and the encrypted hash value on the electronic document, meanwhile, the electronic document can not be leaked to other irrelevant enterprises, and the business safety of the electronic document is ensured.
FIG. 4A shows a flowchart illustrating a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention, and FIG. 4B shows a scene diagram illustrating a method of implementing an electronic signature in accordance with yet another exemplary embodiment of the present invention; the embodiment exemplifies an example in which the electronic document is provided from the third service platform. As shown in fig. 4A, the method for implementing an electronic signature includes the following steps:
step 401, determining a hash value of an electronic document to be signed;
step 402, sending the hash value of the electronic document and a second secret key to a third-party service platform through a second private network, wherein the second secret key is a preset secret key between the signature server and the third-party service platform or a jointly negotiated secret key;
step 403, receiving the encrypted hash value through the second private network;
and step 404, synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
The description of step 401 above can be referred to the related description of step 101 above, and will not be described in detail here.
In step 402 and step 403, in an embodiment, the second private network may be a private communication network connected between the signature server and the third party service platform, no other device is accessed in the private communication network, and the security of the hash value may be ensured by transmitting the hash value and the encrypted hash value through the second private network. In an embodiment, the third-party service platform may be a platform capable of providing an electronic document, such as the first service platform, the second service platform, and the third service platform in the foregoing embodiments.
The description of step 404 above can be referred to the related description of step 103 above, and will not be described in detail here.
As an exemplary scenario, as shown in fig. 4B, the signature server 41 obtains the electronic document from the third-party service platform 42, extracts a hash value of the electronic document by using a hash algorithm, transmits the hash value to the encryption machine of the third-party service platform 42, encrypts the hash value by using the second key by the encryption machine of the third-party service platform 42, returns the encrypted hash value to the signature server 41 by the third service platform 42, and combines the encrypted hash value, the digital certificate, and the electronic signature into the electronic document by the signature server 41, so that the electronic document can be provided to the user.
The embodiment can meet the requirement that the third-party service platform 42 needs to store the private key corresponding to the public key in the digital certificate, and improves the flexibility of the electronic signature mode.
By the embodiment, different applicable schemes of the electronic signature can be provided in different service scenes, so that personalized service requirements are met while advantages of using schemes of various electronic signatures are exerted.
Corresponding to the above method for implementing electronic signature, the present application also proposes a schematic structural diagram of a signature server according to an exemplary embodiment of the present application, shown in fig. 5. Referring to fig. 5, the network server includes, at a hardware level, a processor, an internal bus, a network interface, a memory, and a non-volatile memory, but may also include hardware required for other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form a device for realizing the electronic signature on a logic level. Of course, besides the software implementation, the present application does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
FIG. 6 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention; as shown in fig. 6, the apparatus for implementing electronic signature may include: a determination module 61, a first encryption module 62, and a signature composition module 63. Wherein:
a determining module 61, configured to determine a hash value of the electronic document to be signed;
a first encryption module 62, configured to encrypt the hash value determined by the determination module 61 with a private key corresponding to a public key in the digital certificate;
and the signature synthesis module 63 is configured to synthesize the hash value, the digital certificate, and the picture of the electronic signature, which are encrypted by the first encryption module 62, into the electronic document.
FIG. 7 is a schematic structural diagram of an apparatus for implementing an electronic signature according to an exemplary embodiment of the present invention; as shown in fig. 7, based on the embodiment shown in fig. 6, the first encryption module 62 may include:
an obtaining unit 621, configured to obtain a digital certificate and a private key corresponding to a public key in the digital certificate, where the private key is encrypted;
a decryption unit 622 configured to decrypt the encrypted private key obtained 621 by the obtaining unit;
and an encrypting unit 623, configured to encrypt the hash value by using the private key decrypted by the decrypting unit 622.
In an embodiment, the apparatus may further comprise:
a second encryption module 64, configured to encrypt a private key corresponding to the public key in the digital certificate by using the first key;
a storage module 65, configured to store the private key and the digital certificate encrypted by the second encryption module 64.
In one embodiment, the digital certificate and the encrypted private key are obtained from a cloud database.
In one embodiment, the first encryption module 62 may include:
a first sending unit 624, configured to send the hash value of the electronic document to a third party certificate authority through a first private network, where the third party certificate authority is configured to generate a digital certificate and encrypt the hash value with a private key corresponding to a public key in the digital certificate;
a first receiving unit 625, configured to receive the encrypted hash value from the third party certificate authority through the first private network.
In one embodiment, the first private network is a private communication network connected between the signature server and a third party certificate authority.
In an embodiment, the apparatus may further comprise:
the sending module 66 is configured to send the hash value of the electronic document and the second secret key to the third-party service platform through the second private network, where the second secret key is a secret key preset between the signature server and the third-party service platform;
and the receiving module 67 is configured to receive the encrypted hash value from the third party certificate authority through the second private network.
The embodiment can show that different applicable schemes of the electronic signature can be provided in different service scenes, so that the personalized service requirements are met while the advantages of the using schemes of various electronic signatures are exerted.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (18)
1. A method for realizing electronic signature is applied to a signature server, and comprises the following steps:
determining a hash value of an electronic document to be signed;
encrypting the hash value by adopting a private key corresponding to a public key in a digital certificate;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
2. The method of claim 1, wherein encrypting the hash value with a private key corresponding to a public key in a digital certificate comprises:
acquiring a digital certificate and a private key corresponding to a public key in the digital certificate, wherein the private key is encrypted;
decrypting the encrypted private key;
and encrypting the hash value by adopting the decrypted private key.
3. The method of claim 2, further comprising:
encrypting the private key by a first key;
and storing the digital certificate and the encrypted private key.
4. The method of claim 2, wherein the digital certificate and the encrypted private key are obtained from a cloud database.
5. The method of claim 1, wherein encrypting the hash value with a private key corresponding to a public key in a digital certificate comprises:
sending the hash value of the electronic document to a third party authentication center through a first private network, wherein the third party authentication center is used for generating the digital certificate and encrypting the hash value by adopting a private key corresponding to a public key in the digital certificate;
and receiving the encrypted hash value from the third party authentication center through the first private network.
6. The method of claim 5, wherein the first private network is a private communication network connected between the signature server and the third party certificate authority.
7. A method for realizing electronic signature is applied to a signature server, and comprises the following steps:
determining a hash value of an electronic document to be signed;
sending the hash value and a second secret key of the electronic document to the third-party service platform through a second private network, wherein the second secret key is a secret key preset between the signature server and the third-party service platform;
after the third-party service platform encrypts the hash value by using the second secret key, receiving the encrypted hash value through the second private network;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
8. The method of claim 9, wherein the second private network is a private communication network connected between a signature server and the third service platform.
9. An apparatus for implementing an electronic signature, the apparatus comprising:
the determining module is used for determining the hash value of the electronic document to be signed;
the first encryption module is used for encrypting the hash value determined by the determination module by adopting a private key corresponding to a public key in a digital certificate;
and the signature synthesis module is used for synthesizing the hash value, the digital certificate and the picture of the electronic signature which are encrypted by the first encryption module into the electronic document.
10. The apparatus of claim 9, wherein the first encryption module comprises:
an acquisition unit, configured to acquire a digital certificate and a private key corresponding to a public key in the digital certificate, where the private key is encrypted;
the decryption unit is used for decrypting the encrypted private key acquired by the acquisition unit;
and the encryption unit is used for encrypting the hash value by adopting the private key decrypted by the decryption unit.
11. The apparatus of claim 10, further comprising:
the second encryption module is used for encrypting a private key corresponding to the public key in the digital certificate through the first secret key;
and the storage module is used for storing the digital certificate and a private key corresponding to the public key in the digital certificate.
12. The apparatus of claim 10, wherein the digital certificate and the encrypted private key are obtained from a cloud database.
13. The apparatus of claim 9, wherein the first encryption module comprises:
a first sending unit, configured to send the hash value of the electronic document to the third-party certificate authority through a first private network, where the third-party certificate authority is configured to generate the digital certificate and encrypt the hash value with a private key corresponding to a public key in the digital certificate;
a first receiving unit, configured to receive, through the first private network, the encrypted hash value from the third-party certificate authority.
14. The apparatus of claim 13, wherein the first private network is a private communication network connected between the signature server and the third party certificate authority.
15. The apparatus of claim 9, further comprising:
a sending module, configured to send the hash value and a second secret key of the electronic document to the third service platform through a second private network, where the second secret key is a secret key preset between the signature server and the third-party service platform;
and the receiving module is used for receiving the encrypted hash value from the third party authentication center through the second private network.
16. The apparatus of claim 15, wherein the second private network is a private communication network connected between a signature server and the third service platform.
17. A signature server, the signature server comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
determining a hash value of an electronic document to be signed;
encrypting the hash value by adopting a private key corresponding to a public key in a digital certificate;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
18. A signature server, the signature server comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to:
determining a hash value of an electronic document to be signed;
sending the hash value and a second secret key of the electronic document to the third-party service platform through a second private network, wherein the second secret key is a secret key preset between the signature server and the third-party service platform;
after the third-party service platform encrypts the hash value by using the second secret key, receiving the encrypted hash value through the second private network;
and synthesizing the encrypted hash value, the digital certificate and the picture of the electronic signature into the electronic document.
Publications (3)
| Publication Number | Publication Date |
|---|---|
| HK1233794A1 HK1233794A1 (en) | 2018-02-02 |
| HK1233794A true HK1233794A (en) | 2018-02-02 |
| HK1233794B HK1233794B (en) | 2021-01-22 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106452775B (en) | Method and device for realizing electronic signature and signature server | |
| US10826701B2 (en) | Providing low risk exceptional access | |
| US11483161B2 (en) | Method for information processing and non-transitory computer readable storage medium | |
| CN113162752B (en) | Data processing method and device based on hybrid homomorphic encryption | |
| US11363454B2 (en) | Providing low risk exceptional access with verification of device possession | |
| CN111971929B (en) | Secure distributed key management system | |
| US10079682B2 (en) | Method for managing a trusted identity | |
| US9065593B2 (en) | Securing speech recognition data | |
| US10250385B2 (en) | Customer call logging data privacy in cloud infrastructure | |
| US8732481B2 (en) | Object with identity based encryption | |
| CN105553662A (en) | Dynamic digital right management method and system based on identification password | |
| JP2012518329A (en) | A framework for trusted cloud computing and services | |
| JP4614377B2 (en) | ENCRYPTED DATA MANAGEMENT SYSTEM AND METHOD, STORAGE MEDIUM | |
| US12141248B2 (en) | Systems and methods for whitebox device binding | |
| CN103546547A (en) | Cryptosystem for cloud storage files | |
| TWI734729B (en) | Method and device for realizing electronic signature and signature server | |
| CN106953917B (en) | Method of data synchronization and system | |
| JP4282272B2 (en) | Privacy protection type multiple authority confirmation system, privacy protection type multiple authority confirmation method, and program thereof | |
| HK1233794A (en) | Method and apparatus for accomplishing electronic signing and signing server | |
| HK1233794A1 (en) | Method and apparatus for accomplishing electronic signing and signing server | |
| HK1233794B (en) | Method and apparatus for accomplishing electronic signing and signing server | |
| SG193666A1 (en) | Method and appratus for protecting digital documents and images with pki and document rendering |