Content of the invention
In view of this, the application provides a kind of new technical scheme, can solve when customer volume is big with mutualThe Electronic Signature of networking mode real-time applying for electronic document, reduces the skill of the hardware cost of Electronic Signature processArt problem.
For achieving the above object, the application provides technical scheme as follows:
First aspect according to the application it is proposed that a kind of method realizing Electronic Signature, including:
Determine the cryptographic Hash of the electronic document treating stamped signature;
Described cryptographic Hash is encrypted using the private key corresponding with the public key in digital certificate;
The picture of cryptographic Hash, described digital certificate and described Electronic Signature after described encryption is synthesized to instituteState in electronic document.
Second aspect according to the application it is proposed that a kind of method realizing Electronic Signature, including:
Determine the cryptographic Hash of the electronic document treating stamped signature;
The described cryptographic Hash of described electronic document, the second key are sent to described by the second dedicated networkThird party's business platform, described second key by described stamped signature server and described third party's business platform itBetween default key;
After described third party's business platform is encrypted using cryptographic Hash described in described second secret key pair, lead toCross the described cryptographic Hash after described second dedicated network receives described encryption;
The picture of cryptographic Hash, digital certificate and Electronic Signature after described encryption is synthesized to described electronics literary compositionIn shelves.
The third aspect according to the application it is proposed that a kind of device realizing Electronic Signature, including:
Determining module, for determining the cryptographic Hash of the electronic document treating stamped signature;
First encrypting module, the described cryptographic Hash for determining to described determining module adopts and digital certificateIn the corresponding private key of public key be encrypted;
Stamped signature synthesis module, for the described cryptographic Hash after encrypting described first encrypting module, described numberThe picture of word certificate and described Electronic Signature is synthesized in described electronic document.
Fourth aspect according to the application it is proposed that a kind of stamped signature server, including:
Processor;For storing the memorizer of described processor executable;
Wherein, described processor is configured to:
Determine the cryptographic Hash of the electronic document treating stamped signature;
Described cryptographic Hash is encrypted using the private key corresponding with the public key in digital certificate;
The picture of cryptographic Hash, described digital certificate and described Electronic Signature after described encryption is synthesized to instituteState in electronic document.
The 5th aspect according to the application it is proposed that a kind of stamped signature server, including:
Processor;For storing the memorizer of described processor executable;
Wherein, described processor is configured to:
Determine the cryptographic Hash of the electronic document treating stamped signature;
The described cryptographic Hash of described electronic document, the second key are sent to described by the second dedicated networkThird party's business platform, described second key by described stamped signature server and described third party's business platform itBetween default key;
After described third party's business platform is encrypted using cryptographic Hash described in described second secret key pair, lead toCross the described cryptographic Hash after described second dedicated network receives described encryption;
The picture of cryptographic Hash, digital certificate and Electronic Signature after described encryption is synthesized to described electronics literary compositionIn shelves.
From above technical scheme, the application is by adopting and the public key phase in digital certificate to cryptographic HashCorresponding private key is encrypted, by the picture synthesis of the cryptographic Hash, digital certificate and Electronic Signature after encryptionTo in electronic document, thus solving the problems, such as that U-shield stamped signature scheme implementation cost of the prior art is high,Achieve the pattern of the Internet stamped signature, reduce user cost, by encrypting to cryptographic Hash and will encryptCryptographic Hash afterwards and digital certificate are synthesized on electronic document, improve the safety of Electronic Signature and public letterPower.
Specific embodiment
Here will in detail exemplary embodiment be illustrated, its example is illustrated in the accompanying drawings.FollowingWhen description is related to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogousKey element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the applicationThere is embodiment.On the contrary, they be only with such as appended claims in described in detail, the application oneThe example of a little consistent apparatus and method of aspect.
It is the purpose only merely for description specific embodiment in term used in this application, and be not intended to be limitingThe application." a kind of " of singulative used in the application and appended claims, " instituteState " and " being somebody's turn to do " be also intended to including most forms, unless context clearly shows that other implications.Also shouldWork as understanding, term "and/or" used herein refers to and comprises one or more associated to list itemAny or all possible combination of purpose.
It will be appreciated that though may be described various using term first, second, third, etc. in the applicationInformation, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information thatThis distinguishes.For example, in the case of without departing from the application scope, the first information can also be referred to asTwo information, similarly, the second information can also be referred to as the first information.Depending on linguistic context, as in this instituteUse word " if " can be construed to " and ... when " or " when ... when " or " responseIn determination ".
It is that the application is further described, the following example is provided:
According to one embodiment of the application, corresponding with the public key in digital certificate by adopting to cryptographic HashPrivate key be encrypted, the picture of cryptographic Hash, digital certificate and Electronic Signature after encryption is synthesized to electricityIn subdocument, thus solving the problems, such as that U-shield stamped signature scheme implementation cost of the prior art is high, realizeThe pattern of the Internet stamped signature, reduces user cost, by cryptographic Hash encryption and will be after encryptionCryptographic Hash and digital certificate are synthesized on electronic document, improve safety and the public credibility of Electronic Signature.
Figure 1A shows the stream of the method realizing Electronic Signature according to one example embodiment of the present inventionJourney schematic diagram, Figure 1B shows the schematic diagram of the Electronic Signature according to one example embodiment of the present invention,Fig. 1 C shows the schematic diagram of the digital certificate according to one example embodiment of the present invention;Can applyOn stamped signature server.As shown in Figure 1A, the method realizing Electronic Signature comprises the steps:
Step 101, determines the cryptographic Hash of the electronic document treating stamped signature;
Step 102, is encrypted using the private key corresponding with the public key in digital certificate to cryptographic Hash;
Step 103, the picture of cryptographic Hash, digital certificate and Electronic Signature after encryption is synthesized to electronicsIn document.
In a step 101, in one embodiment, electronic document can be local file (for example it was demonstrated thatFile, electronic receipt etc.);In another embodiment, electronic document can come from the first business platform,First business platform can be for paying type of financial business platform (for example, Alipay), accordingly, electronicsDocument can prove for assets, bill, electronic receipt;In another embodiment, electronic document can comeFrom the second business platform, the second business platform can be deposit type of financial business platform (for example, wealth bringing in is precious),Accordingly, electronic document can be loaning bill and interest proves;In another embodiment, electronic document is permissibleFrom the 3rd business platform, the 3rd business platform (for example, can net business for the Internet financial business platformBank), accordingly, electronic document can be electronic certificate of terminal use's application etc., it follows thatThe application is not limited to the source of electronic document.
In one embodiment, Electronic Signature can be the corresponding enterprise of the first business platform Electronic Signature,The Electronic Signature of the corresponding enterprise of the second business platform, the Electronic Signature of the corresponding enterprise of the 3rd business platform.In one embodiment, the cryptographic Hash of electronic document can be extracted by Hash (Hash) algorithm.
In a step 102, in one embodiment, can be determined to cryptographic Hash according to the source of electronic documentCipher mode, for example, if electronic document be derived from the first business platform, can be in stamped signature serverSetting encryption equipment, to be encrypted by first key (alternatively referred to as main key, MainKey) of encryption equipmentPrivate key in digital certificate;Again for example, if electronic document is derived from the second business platform, can be by theCryptographic Hash is sent to Third Party Authentication center (for example, CA center) by one dedicated network, by third partyAuthentication center is encrypted by using the private key pair cryptographic Hash corresponding with the public key in digital certificate, itAfterwards the cryptographic Hash after encrypting is returned to by stamped signature server by the first dedicated network;Again for example, if electricSubdocument be derived from the 3rd business platform, can by cryptographic Hash, stamped signature server and third party's financial platform itBetween the second key of setting be sent to the encryption equipment of the 3rd business platform by the second dedicated network, by the 3rdBusiness platform is encrypted using the second secret key pair cryptographic Hash that both sides set by encryption equipment, afterwards, theCryptographic Hash after encryption is returned to stamped signature server by three business platforms again.By the electronics to separate sourcesDocument is encrypted to cryptographic Hash using different cipher modes, can also meet the business demand of personalization.
In step 103, in one embodiment, can from corresponding business platform (the first business platform,Second business platform, the 3rd business platform) obtain the picture of corresponding Electronic Signature, by the Kazakhstan after encryptionThe synthesis mode that the picture of uncommon value, digital certificate and Electronic Signature is synthesized in electronic document may refer to existingThere is the associated description of technology, will not be described in detail herein.
As shown in Figure 1B, synthesis Electronic Signature on the electronic document is " AB company ", when listening toDuring click event on the Electronic Signature of " AB company ", the correlation of the digital certificate shown in display Fig. 1 CInformation, because digital certificate is got by Third Party Authentication center, therefore can make user pass throughThe true or false of digital certificate authentication Electronic Signature.
Seen from the above description, the embodiment of the present invention achieves the Internet stamped signature by step S101-S103Pattern, solve the problems, such as that U-shield stamped signature scheme implementation cost of the prior art is high, reduce userCost, is synthesized to electronic document by cryptographic Hash encryption and by the cryptographic Hash after encryption and digital certificateOn, improve safety and the public credibility of Electronic Signature.
Fig. 2A shows the method realizing Electronic Signature in accordance with an alternative illustrative embodiment of the present inventionSchematic flow sheet, Fig. 2 B show in accordance with an alternative illustrative embodiment of the present invention realize Electronic SignatureMethod scene graph;The present embodiment is derived from as a example the first business platform provides by electronic document and carries out exampleProperty explanation.As Fig. 2A institute, the method realizing Electronic Signature comprises the steps:
Step 201, determines the cryptographic Hash of the electronic document treating stamped signature;
Step 202, the corresponding private key of the public key in acquisition digital certificate and digital certificate, this private keyThrough encryption;
Step 203, is decrypted to the private key through encryption;
Step 204, is encrypted using the private key pair cryptographic Hash after deciphering;
Step 205, the picture of cryptographic Hash, digital certificate and Electronic Signature after encryption is synthesized to electronicsIn document.
The description of above-mentioned steps 201 may refer to the associated description of above-mentioned steps 101, will not be described in detail herein.
In step 202 to step 204, in one embodiment, numeral can be obtained from cloud databaseCertificate and the private key through encryption, wherein it is possible to the first key by the encryption equipment on stamped signature server(alternatively referred to as main key) is encrypted to the private key corresponding with the public key in digital certificate, deposits afterwardsStorage, beyond the clouds in data base, is being carried out to the private key through encryption being stored in cloud database when neededDeciphering.In another embodiment, cloud database can be stored with magnanimity digital certificate and with numeral cardThe corresponding private key of public key in book, thus realize to a large amount of digital certificates and with digital certificate in public keyThe safety of corresponding private key is deposited all.
The description of above-mentioned steps 205 may refer to the associated description of above-mentioned steps 103, will not be described in detail herein.
As an exemplary scenario, as shown in Figure 2 B, stamped signature server 22 is from Third Party Authentication center21 have applied for digital certificate, by the first of the local encryption equipment (not shown) of stamped signature server 22Key encrypting the private key corresponding with the public key in digital certificate, by the private key after encryption and digital certificateStore to cloud database 23.Stamped signature server 22 gets needs from the first business platform 24 to be carried outThe electronic document of Electronic Signature, extracts the cryptographic Hash of electronic document, from cloud database using hash algorithm23 obtain digital certificate and the private key through encryption, are sent to stamped signature server 22 together with cryptographic HashIn local encryption equipment, in the local encryption equipment of stamped signature server 22 to digital certificate in public key phaseCorresponding private key is decrypted, and obtains the private key corresponding with the public key in digital certificate, and encryption equipment is right againCryptographic Hash is encrypted using this private key, finally, stamped signature server 22 by encrypt after cryptographic Hash, numeralCertificate and Electronic Signature are synthesized on electronic document, and then electronic document can be supplied to user.Due toBe decrypted by the first secret key pair private key corresponding with the public key in digital certificate, and by with numberThe process of the corresponding private key pair cryptographic Hash encryption of word CertPubKey is all in the encryption equipment of stamped signature serverPortion is processed, it is ensured that the private key corresponding with the public key in digital certificate is in the safety using process.
In the present embodiment, private key after digital certificate and encryption due to database purchase beyond the clouds, needingWhen Electronic Signature being carried out to electronic document, from cloud database obtain digital certificate and digital certificate plusPrivate key after close, can avoid the encryption equipment at Third Party Authentication center in prior art can only preserve limitedThe private key corresponding with the public key in digital certificate of quantity, such that it is able to support the big number of the Internet stamped signatureAccording to the characteristic of amount and high concurrent, and ensure that the safety of the private key corresponding with the public key in digital certificate.
Fig. 3 A shows the method realizing Electronic Signature in accordance with a further exemplary embodiment of the present inventionSchematic flow sheet, Fig. 3 B show in accordance with a further exemplary embodiment of the present invention realize Electronic SignatureMethod scene graph;The present embodiment is provided illustrative with electronic document by the second business platform.As shown in Figure 3A, the method realizing Electronic Signature comprises the steps:
Step 301, determines the cryptographic Hash of the electronic document treating stamped signature;
Step 302, the cryptographic Hash of electronic document is sent in Third Party Authentication by the first dedicated networkThe heart, wherein, Third Party Authentication center is used for generating digital certificate and adopting and the public key phase in digital certificateCorresponding private key pair cryptographic Hash encryption;
Step 303, receives the cryptographic Hash after the encryption of Third Party Authentication center by the first dedicated network;
Step 304, the picture of cryptographic Hash, digital certificate and Electronic Signature after encryption is synthesized to electronicsIn document.
The description of above-mentioned steps 301 may refer to the associated description of above-mentioned steps 101, will not be described in detail herein.
In step 302 and step 303, in one embodiment, the first dedicated network can be for being connected toStamped signature server and the dedicated communications network of authentication center, do not access other in this dedicated communications network and setStandby, the cryptographic Hash after the first dedicated network transmits cryptographic Hash and encryption is it can be ensured that the peace of cryptographic HashQuan Xing.
The description of above-mentioned steps 304 may refer to the associated description of above-mentioned steps 103, and here is no longer detailed.
As an exemplary scenario, as shown in Figure 3 B, stamped signature server 31 and Third Party Authentication center32 joint stamped signatures.During joint stamped signature, stamped signature server 31 extracts electronics literary composition by hash algorithmThe cryptographic Hash of shelves, stamped signature server 31 by the first dedicated network, cryptographic Hash is sent in Third Party AuthenticationThe heart 32, by Third Party Authentication center 32 using the private key pair Hash corresponding with the public key in digital certificateValue is encrypted, and afterwards, by the first dedicated network, the cryptographic Hash after encrypting is returned to stamped signature server31, the cryptographic Hash after encrypting, digital certificate, Electronic Signature are synthesized to electronic document by stamped signature server 31In, and then electronic document can be supplied to user.
In the present embodiment, the cryptographic Hash of electronic document is sent to Third Party Authentication by the first dedicated networkCenter, enters centrally through the private key pair cryptographic Hash corresponding with the public key in digital certificate in Third Party AuthenticationAfter row encryption, the cryptographic Hash after encrypting is received by the first dedicated network, by the cryptographic Hash after encryption, numberThe picture of word certificate and Electronic Signature is synthesized in electronic document, solves U-shield stamped signature of the prior artThe high problem of scheme implementation cost, reduces user cost, by using being stored in Third Party Authentication centerCorresponding with the public key in digital certificate private key pair cryptographic Hash encryption, then by after digital certificate, encryptionCryptographic Hash be synthesized on electronic document, improve the public credibility of Electronic Signature, meanwhile, electronics can be madeDocument does not go out to be compromised to other unrelated enterprises it is ensured that the business security of electronic document.
Fig. 4 A shows the method realizing Electronic Signature in accordance with a further exemplary embodiment of the present inventionSchematic flow sheet, Fig. 4 B show in accordance with a further exemplary embodiment of the present invention realize Electronic SignatureMethod scene graph;The present embodiment is derived from as a example the 3rd business platform provides by electronic document and carries out exampleProperty explanation.As shown in Figure 4 A, the method realizing Electronic Signature comprises the steps:
Step 401, determines the cryptographic Hash of the electronic document treating stamped signature;
Step 402, the cryptographic Hash of electronic document, the second key are sent to by the second dedicated networkThree party service platform, wherein, the second key is default between stamped signature server and third party's business platformKey or the key of joint consultation;
Step 403, the cryptographic Hash after the second dedicated network receives encryption;
Step 404, the picture of cryptographic Hash, digital certificate and Electronic Signature after encryption is synthesized to electronicsIn document.
The description of above-mentioned steps 401 may refer to the associated description of above-mentioned steps 101, will not be described in detail herein.
In step 402 and step 403, in one embodiment, the second dedicated network can be for being connected toStamped signature server and the dedicated communications network of third party's business platform, do not access in this dedicated communications networkOther equipment, the cryptographic Hash after the second dedicated network transmits cryptographic Hash and encryption is it can be ensured that HashThe safety of value.In one embodiment, third party's business platform can be the first industry in above-described embodimentBusiness platform, the second business platform, the 3rd business platform etc. can provide the platform of electronic document.
The description of above-mentioned steps 404 may refer to the associated description of above-mentioned steps 103, and here is no longer detailed.
As an exemplary scenario, as shown in Figure 4 B, stamped signature server 41 is from third party's business platform42 acquisition electronic documents, are extracted the cryptographic Hash of electronic document, cryptographic Hash are transferred to the using hash algorithmThe encryption equipment of three party service platform 42, passes through the second secret key pair by the encryption equipment of third party's business platform 42Cryptographic Hash is encrypted, the stamped signature service that then cryptographic Hash after encrypting is returned to by the 3rd business platform 42Device 41, the cryptographic Hash after encrypting, digital certificate, Electronic Signature are synthesized to electronics by stamped signature server 41In document, and then electronic document can be supplied to user.
The present embodiment can meet third party's business platform 42 and require to take care of and the public key phase in digital certificateThe demand of corresponding private key, improves the motility of Electronic Signature mode.
By above-described embodiment, can there is being suitable for of different Electronic Signatures in different business scenariosScheme, therefore when playing the advantage of operational version of various Electronic Signatures, meets the business of personalizationDemand.
Corresponding to the above-mentioned method realizing Electronic Signature, the application also proposed shown in Fig. 5 according to thisThe schematic configuration diagram of the stamped signature server of one exemplary embodiment of application.Refer to Fig. 5, in hardware layerFace, this webserver includes processor, internal bus, network interface, internal memory and non-volatile depositsReservoir, is also possible that the hardware required for other business certainly.Processor is from nonvolatile memoryRead corresponding computer program and then to run in internal memory, logic level is formed and realizes Electronic SignatureDevice.Certainly, in addition to software realization mode, the application is not precluded from other implementations, thanAs logical device or the mode of software and hardware combining etc. that is to say, that the executive agent of following handling processIt is not limited to each logical block or hardware or logical device.
Fig. 6 is the structural representation of the device realizing Electronic Signature according to one example embodiment of the present inventionFigure;As shown in fig. 6, this device realizing Electronic Signature can include:Determining module 61, first is encryptedModule 62, stamped signature synthesis module 63.Wherein:
Determining module 61, for determining the cryptographic Hash of the electronic document treating stamped signature;
First encrypting module 62, for cryptographic Hash that determining module 61 is determined using with digital certificate inThe corresponding private key of public key be encrypted;
Stamped signature synthesis module 63, for the cryptographic Hash after encrypting the first encrypting module 62, digital certificateIt is synthesized in electronic document with the picture of Electronic Signature.
Fig. 7 is the structural representation of the device realizing Electronic Signature according to one example embodiment of the present inventionFigure;As shown in fig. 7, on the basis of above-mentioned embodiment illustrated in fig. 6, the first encrypting module 62 may include:
Acquiring unit 621, for obtaining digital certificate and the private corresponding with the public key in digital certificateKey, this private key is through encryption;
Decryption unit 622, is decrypted for acquiring unit is obtained with 621 private keys through encryption got;
Ciphering unit 623, for being encrypted using the private key pair cryptographic Hash after decryption unit 622 deciphering.
In one embodiment, device may also include:
Second encrypting module 64, for the private corresponding with the public key in digital certificate by the first secret key pairKey is encrypted;
Memory module 65, for storing private key and digital certificate after the second encrypting module 64 encryption.
In one embodiment, digital certificate and the private key after encryption obtain from cloud database.
In one embodiment, the first encrypting module 62 may include:
First transmitting element 624, for being sent to the cryptographic Hash of electronic document by the first dedicated networkThird Party Authentication center, wherein, Third Party Authentication center is used for generating digital certificate and demonstrate,proving using with numeralThe corresponding private key pair cryptographic Hash encryption of public key in book;
First receiving unit 625, is added from Third Party Authentication center for being received by the first dedicated networkCryptographic Hash after close.
In one embodiment, the first dedicated network is to be connected to stamped signature server and Third Party Authentication centerDedicated communications network.
In one embodiment, device may also include:
Sending module 66, for sending out the cryptographic Hash of electronic document, the second key by the second dedicated networkGive third party business platform, wherein, the second key is between stamped signature server and third party's business platformDefault key;
Receiver module 67, for being received after the encryption of Third Party Authentication center by the second dedicated networkCryptographic Hash.
Above-described embodiment is visible, can have being suitable for of different Electronic Signatures in different business scenariosScheme, therefore when playing the advantage of operational version of various Electronic Signatures, meeting individual business needsAsk.
Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to thisOther embodiments of application.The application is intended to any modification, purposes or the adaptability of the applicationChange, these modifications, purposes or adaptations are followed the general principle of the application and are included this ShenPlease undocumented common knowledge in the art or conventional techniques.Description and embodiments only byIt is considered as exemplary, the true scope of the application and spirit are pointed out by claim below.
Also, it should be noted term " inclusion ", "comprising" or its any other variant be intended to non-exclusiveProperty comprise, so that including a series of process of key elements, method, commodity or equipment not only include thatA little key elements, but also include other key elements being not expressly set out, or also include for this process, sideMethod, commodity or the intrinsic key element of equipment.In the absence of more restrictions, " include one by sentenceIndividual ... " key element that limits is it is not excluded that in process, method, commodity or the equipment including described key elementAlso there is other identical element.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all thisWithin the spirit of application and principle, any modification, equivalent substitution and improvement done etc., should be included inWithin the scope of the application protection.