Digital signature method based on real-name authentication and digital certificateTechnical Field
The invention relates to the technical field of electronic signature, in particular to a digital signature method based on real-name authentication and digital certificates.
Background
Paper documents are commonly used for signing, and the traditional paper signing process requires people to sign on paper, which also causes problems. Such as the need to print a document, hand write a signature, and then scan or fax back to electronic form. Waste paper and ink are relatively expensive, are prone to document loss or damage, and require additional time to process paper documents. With the development of digitization, people gradually turn to a mode of combining layers to carry out electronic signature, and the method realizes the effect of digital signature by scanning or photographing the signature and embedding the signature into a PDF file. However, in some scenarios, signing by digital certificates still presents difficulties. If the digital certificate is adopted for signing, the digital certificate is required to be applied to a trusted CA organization, the digital certificate is issued for the user, and then the digital signature is carried out. The process of issuing the certificate is complicated in operation and takes a long time, a PIN code is required to be input when the digital certificate is signed, and after the certificate is out of date, certificate updating and the like are required to be carried out, so that the operation is more complicated; the digital signature is carried out by adopting a digital certificate, so that the problem of private keys of users is necessarily involved, the existing certificates comprise hard certificates or soft certificates, the digital signature is safer by using the hard certificates, but each user is difficult to issue a hard certificate, the existing solution adopts a soft certificate mode, and the private keys of the soft certificates have larger potential safety hazards by using public equipment for signature; in addition, the existing digital signature method has the following disadvantages:
1. the safety is lower: when signing by using the picture-composition PDF file, the picture can be copied, tampered or replaced. This means that the authenticity and integrity of the signature cannot be fully guaranteed and is vulnerable to counterfeiting and tampering;
2. the reliability is not high: the signature of the picture composition does not provide trust verification. In legal and commercial transactions, the trustworthiness of the signature is important to confirm the identity and willingness of the signer. Files that use pictures to compose a signature may be questioned because insufficient evidence is provided to prove the authenticity of the signature;
3. it is difficult to verify: the use of a picture to synthesize a signed file presents difficulties in verifying the authenticity of the signature. The recipient needs to rely on other means to verify the validity of the signature, such as contacting the signer for verification or using other trusted evidence to prove the authenticity of the signature;
4. in the embedded signature mode, the picture can be copied and tampered;
therefore, the authenticity and the integrity of the existing digital signature mode cannot be guaranteed.
In order to solve the defects existing in the prior art, long-term exploration is performed, and various solutions are proposed. For example, chinese patent literature discloses a digital signature method and system [ CN201410849952.0], which includes obtaining a PDF file corresponding to a user to be signed and a hash value of the PDF file; receiving identity information of the user to be signed; transmitting the identity information and the hash value of the PDF file to a signature end; receiving an identity information hash value, IBE signature information and an IBE public key generated by the signature end according to the identity information and the hash value of the PDF file; and writing the identity information hash value, the IBE signature information and the IBE public key into a signature domain of the PDF file to complete digital signature.
The above scheme solves the problems of complicated digital certificate issuing process and inconvenient use of digital certificates in the prior art to a certain extent, but the scheme still has a plurality of defects, such as: the authenticity and integrity of the signature cannot be guaranteed.
Disclosure of Invention
The invention aims to solve the problems and provide a digital signature method based on real-name authentication and digital certificates.
In order to achieve the above purpose, the present invention adopts the following technical scheme: a digital signature method based on real name authentication and digital certificate includes the following steps:
s1, verifying the identity of a signer;
s2, verifying the file authority;
s3, signature verification;
s4, acquiring a digital certificate;
s5, associating the digital certificate and the signature data and generating a PDF document.
In the above-mentioned digital signature method based on real-name authentication and digital certificate, in step S1, the authentication includes biometric identification and password identification, where the biometric identification includes fingerprint identification and facial identification, the password identification is divided into mobile terminal authentication code or system random password, the authentication mode is actively set by the control platform, and the authentication information is compared with information by the information database connected with the control platform, after the comparison is completed, the comparison result is fed back to the control platform, and the control platform sends the feedback result to the user interface.
In the digital signature method based on real-name authentication and digital certificates, the identity verification result is divided into two types of verification success and verification failure, and if verification fails, a login failure page is displayed and the login page is jumped to again; after verification is successful, a login success page is displayed, a user can select a signature file, and file authority verification is performed after the signature file is selected.
In the above digital signature method based on real-name authentication and digital certificate, step S2 is specifically divided into the following steps:
s21, verifying the file authority;
s22, displaying file content after verification is passed;
s23, displaying error information and returning to reselect the file after verification failure;
s24, checking file content.
Each file is placed in the verification system, the verification system is connected with a file verification database of the control platform, verification authority information of each file is stored in the file verification database and used for being compared with the authority of the opened file, and the verification authority information is input into the file verification database in advance or is distributed through the control platform based on user ID information.
In the above digital signature method based on real-name authentication and digital certificate, step S3 specifically includes the following steps:
s31, a user clicks a file to sign;
s32, selecting a signing mode;
s33, selecting a exclusive electronic signature;
s34, inputting signature information;
s35, submitting signature information;
s36, checking the signature information.
In step S32, the signing modes include a picture signature, a date signature, a handwritten signature and an electronic signature, when the signing modes are selected, one or more combinations of the signing modes can be selected, each signing mode is provided with a signature mode, the signature modes correspond to different verification attributes, and in step S34, the exclusive electronic signature is actively recorded after passing identity verification or is regularly distributed through a control platform.
In the above digital signature method based on real-name authentication and digital certificate, step S36 specifically includes the following steps:
s361, carrying out background comparison and verification on the signature information;
s362, generating an electronic signature if the verification is passed, and returning to a real-name verification step if the verification is failed;
s363, after the electronic signature is generated, the electronic signature is applied to the file;
s364, completing the signing of the file after the signature position is checked to be qualified.
In step S361, the background comparison and verification includes recording and storing a verification information base of signature information, the verification information base performs information transmission between the files through encrypted wireless signals, each file designates a corresponding connection path and ID information, when the comparison and verification are performed, the signature information, the ID information and path information of the file are transmitted to the verification information base, and the verification information base performs comparison by calling the stored or recorded information of the file and the currently received signature information.
In the digital signature method based on real-name authentication and digital certificate, after the document is signed, the digital certificate is acquired through step S4 to generate a time stamp, thereby realizing the application of the electronic signature to the document and the generation of a PDF document,
the step S4 specifically comprises the following steps:
s41, clicking a signing button by a user to apply for a digital certificate;
s42, calling a trusted timestamp service after the digital certificate is acquired;
s43, acquiring a time stamp and preparing signature data;
s44, unlocking the signature data by using the private key.
In the above digital signature method based on real-name authentication and digital certificate, step S5 specifically includes the following steps:
s51, associating the digital certificate with signature data;
s52, performing secondary verification on the digital certificate and the signature data;
s53, carrying out signature information backup after checking is completed;
s54, generating a PDF file.
Compared with the prior art, the invention has the advantages that:
the safety is high: the digital signature uses an encryption algorithm to protect the security of the signature, ensure the authenticity and the integrity of the signature and prevent the falsification and counterfeiting;
the reliability is high: the digital signature uses the digital certificate to verify the identity of the signer, so that the certification of the credibility is provided, and the question and dispute of the signature are reduced;
verifiability: the digital signature can be easily verified, and the receiver only needs to use the public key of the signer to carry out decryption operation, so that the validity of the signature is verified;
legal compliance: digital signatures are approved by law in many countries and regions and meet legal requirements for signatures.
Drawings
FIG. 1 is a signer and file rights verification flow diagram of the present invention;
FIG. 2 is a flow chart of document signing verification in the present invention;
FIG. 3 is a digital certificate acquisition flow chart of the present invention;
FIG. 4 is a partial structural connection block diagram of the present invention;
in the figure: a control platform 1, an information database 11, a verification system 2, a file verification database 21 and a verification information database 3.
Detailed Description
The invention will be described in further detail with reference to the drawings and the detailed description.
As shown in fig. 1-4, a digital signature method based on real-name authentication and digital certificates includes the following steps:
s1, verifying the identity of a signer;
s2, verifying the file authority;
s3, signature verification;
s4, acquiring a digital certificate;
s5, associating the digital certificate and the signature data and generating a PDF document.
In step S1, the authentication includes biometric identification and password identification, where the biometric identification includes fingerprint identification and facial identification, the password identification is divided into a mobile terminal authentication code or a system random password, the authentication mode is actively set by the control platform 1, and the authentication information is compared with information by the information database 11 connected to the control platform 1, after the comparison is completed, the comparison result is fed back to the control platform 1, and the control platform 1 sends the feedback result to the user interface.
The identity of a signer is verified by using an identity verification system account number/password authentication, real-name authentication is carried out before signing in order to ensure the authenticity of the signature, and the authenticity of a user is verified by combining a password and a biological feature recognition verification means through double-factor authentication.
The authentication results are divided into authentication success and authentication failure, and if the authentication fails, a login failure page is displayed and the login page is jumped to again; after verification is successful, a login success page is displayed, a user can select a signature file, and file authority verification is performed after the signature file is selected.
Further, the step S2 is specifically divided into the following steps:
s21, verifying the file authority;
s22, displaying file content after verification is passed;
s23, displaying error information and returning to reselect the file after verification failure;
s24, checking file content.
The file authority verification is used for improving the privacy and the security of the file and realizing independent management of single file.
Each file is placed in the verification system 2, the verification system 2 is connected with the file verification database 21 of the control platform 1, and the verification authority information of each file is stored in the file verification database 21 and is used for comparing with the authority of the opened file, and the verification authority information is input into the file verification database 21 in advance or is distributed through the control platform 1 based on user ID information.
The step S3 specifically comprises the following steps:
s31, a user clicks a file to sign;
s32, selecting a signing mode;
s33, selecting a exclusive electronic signature;
s34, inputting signature information;
s35, submitting signature information;
s36, checking the signature information.
In step S32, the signing modes include a picture signature, a date signature, a handwritten signature and an electronic signature, when the signing modes are selected, one or more combinations of the signing modes can be selected, each signing mode is provided with a signature mode, the signature modes correspond to different verification attributes, and in step S34, the exclusive electronic signature is actively recorded after passing identity verification or is regularly distributed through the control platform 1.
The signature method suitable for various application scenes is provided, signature diversification is embodied, and the verification system is utilized to verify the signature information input by the book, so that accuracy is ensured.
The step S36 specifically includes the following steps:
s361, carrying out background comparison and verification on the signature information;
s362, generating an electronic signature if the verification is passed, and returning to a real-name verification step if the verification is failed;
s363, after the electronic signature is generated, the electronic signature is applied to the file;
s364, completing the signing of the file after the signature position is checked to be qualified.
In step S361, the background comparison and verification includes a verification information base 3 for recording and storing signature information, the verification information base performs information transmission between the files through encrypted wireless signals, each file designates a corresponding connection path and ID information, when the comparison and verification is performed, the signature information, the ID information and path information of the file are transmitted to the verification information base 3, and the verification information base 3 performs comparison by retrieving the stored or recorded information of the file and the currently received signature information.
The control platform 1 can be used for generating an operation report, realizing effective traceability of information such as product information, change records, rejection time, login information and the like, and supporting on-line verification of the signing authenticity of the file.
In detail, after the document is signed, the digital certificate is acquired through step S4 to generate a time stamp, thereby realizing the application of the electronic signature to the document and the generation of the PDF document,
the step S4 specifically comprises the following steps:
s41, clicking a signing button by a user to apply for a digital certificate;
s42, calling a trusted timestamp service after the digital certificate is acquired;
s43, acquiring a time stamp and preparing signature data;
s44, unlocking the signature data by using the private key.
Preferably, step S5 specifically includes the steps of:
s51, associating the digital certificate with signature data;
s52, performing secondary verification on the digital certificate and the signature data;
s53, carrying out signature information backup after checking is completed;
s54, generating a PDF file.
The management method of the digital certificate comprises the following steps: binding the personal certificate, the personal account and the personal authentication information by pre-configuring the enterprise certificate or applying for the personal certificate, and storing the personal certificate, the personal account and the personal authentication information on a blockchain.
Invocation algorithm of trusted timestamp service: and carrying out random access on a group of trusted timestamp service addresses, and judging whether to use the service for digital signature or not through response time of an interface, so that the aim of higher efficiency is achieved.
In summary, the principle of this embodiment is as follows: 1. the identity of a signer is verified in an account/password authentication mode, real name authentication is carried out before signing in order to ensure the authenticity of the signature, the authenticity of a user is verified by combining a password and a biological verification means through double-factor authentication, then file opening and signature information are verified by utilizing a file verification database 21 and a verification information base 3, a signature mode suitable for various use scenes is provided, the use range is expanded, finally legal effectiveness and traceability of the signature are ensured by using a digital certificate and a trusted timestamp service, higher security and reliability are brought to an electronic signature document by using a blockchain technology, and distributed and non-tamperable transaction records are provided by a blockchain to ensure the traceability and non-repudiation of the signature. The digital technology helps to store complete electronic signature information, ensures the true and credible identity of a signing user, improves the transparency of various procedures during digital signature, and reduces potential risks.
The specific embodiments described herein are offered by way of example only to illustrate the spirit of the invention. Those skilled in the art may make various modifications or additions to the described embodiments or substitutions thereof without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.
Although terms of the control platform 1, the information database 11, the verification system 2, the document verification database 21, the verification information database 3, etc. are used more herein, the possibility of using other terms is not excluded. These terms are used merely for convenience in describing and explaining the nature of the invention; they are to be interpreted as any additional limitation that is not inconsistent with the spirit of the present invention.