CN109753824B - Distributed electronic signature method and system - Google Patents
Distributed electronic signature method and system Download PDFInfo
- Publication number
- CN109753824B CN109753824B CN201811535135.2A CN201811535135A CN109753824B CN 109753824 B CN109753824 B CN 109753824B CN 201811535135 A CN201811535135 A CN 201811535135A CN 109753824 B CN109753824 B CN 109753824B
- Authority
- CN
- China
- Prior art keywords
- seal
- center
- sub
- synchronization
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000001360 synchronised effect Effects 0.000 claims abstract description 102
- 238000004519 manufacturing process Methods 0.000 claims abstract description 6
- 230000008014 freezing Effects 0.000 claims description 4
- 238000007710 freezing Methods 0.000 claims description 4
- 238000010257 thawing Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 6
- 238000012795 verification Methods 0.000 abstract description 4
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a distributed electronic signature method and a distributed electronic signature system. The method divides a signature system into a main center electronic signature unit and a sub-center electronic signature unit, wherein the main center electronic signature unit is responsible for uniformly manufacturing seals and managing the states of the seals of each sub-center, classifies synchronous requests according to the actual conditions of synchronous seal information, pushes the seal synchronous requests to the electronic signature units of each sub-center through the main center synchronous unit and the sub-center synchronous unit by adopting different logic strategies according to the difference of values of seal synchronous category fields, and provides the functions of seal application, seal verification, seal application record inquiry, seal information inquiry and the like for users by the sub-center. The distributed electronic signature method and the system provided by the invention effectively solve the practical requirements of unified management of the seal and cross-regional use of the seal, realize seal synchronous request processing through a queue technology, and realize better decoupling to improve the concurrency.
Description
Technical Field
The present invention relates to the field of electronic signatures, and more particularly, to a distributed electronic signature method and system.
Background
With the popularization of the Internet, various electronic commerce activities and electronic government activities are rapidly developed, and electronic signature is beginning to be widely applied to various fields, mainly including: online signing, online payment, online tax payment, online stock frying, online account opening and the like. Electronic signature, like the digital certificate we use, is a means for identity verification, broadly referred to as being in electronic form, attached to and logically associated with an electronic document, and can be used to identify the signer of the electronic document, ensure the integrity of the document, and represent what the signer agrees to the fact stated by the electronic document. The electronic signature technology is the most mature digital signature at present, and is manufactured by using an asymmetric cipher technology of a public key and a secret key. The electronic signature is a representation form of the electronic signature, the electronic signature operation is converted into the same visual effect as the paper file stamping operation by utilizing an image processing technology, and meanwhile, the authenticity and the integrity of the electronic information and the non-repudiation of a signer are ensured by utilizing the electronic signature technology. Specifically, the document data to be signed is held, and the trusted signature server synthesizes valid signature data according to the valid electronic signature technical specification. In order to ensure the effectiveness of the seal, the seal system is required to be more scientific and safe for the management of the seal.
In the field of electronic invoices, a unit providing a seal service hopes to put the manufacture of the seal at a headquarter, so that the authority control, statistics and charging of the seal are convenient. Meanwhile, for enterprises needing electronic invoices, the electronic invoices are often distributed across the country, and it is hoped that the stamps made by headquarters can be synchronized to all provincial molecular companies to provide electronic invoice stamping services for enterprise users. The conventional electronic signature system cannot meet the needs of people at all, and a brand new electronic signature system is urgently needed to be designed to meet the needs of people.
Disclosure of Invention
In order to solve the technical problem that the electronic signature authority control cannot be solved in the prior art, the invention provides a distributed electronic signature method, which comprises the following steps:
when a seal synchronous triggering event exists, a main center client sends an original seal synchronous request to a main center electronic signature unit, wherein the seal synchronous triggering event comprises making a new seal for a sub-center user, changing a seal state for the sub-center user and changing a sub-center to which the seal user belongs, the original seal synchronous request is a seal synchronous request corresponding to the seal synchronous triggering event, and the seal state comprises freezing the seal, thawing the seal and canceling the seal;
the method comprises the steps that a master center electronic signature unit determines a seal synchronization category according to an original seal synchronization request, generates a first seal synchronization request and sends the first seal synchronization request to the master center synchronization unit, wherein the first seal synchronization request comprises a sub-center ID, seal information and seal synchronization category values, and the seal synchronization category values are values assigned to seal synchronization operations corresponding to the original seal synchronization request;
after receiving a first seal synchronization request, a main center synchronization unit acquires address information of a sub-center synchronization unit according to a sub-center ID, and sends the first seal synchronization request to the sub-center synchronization unit designated by the first seal synchronization request;
after receiving a first seal synchronization request, a sub-center synchronization unit performs validity check on the first seal synchronization request, determines that the first seal synchronization request is from a legal main center synchronization unit and seal information in the first seal synchronization request belongs to the sub-center, and generates a second seal synchronization request and sends the second seal synchronization request to a sub-center electronic signature unit after passing the validity check, wherein the second seal synchronization request comprises seal information and seal synchronization class values;
and the sub-center electronic signature unit performs corresponding seal synchronization operation on the seal information according to the seal synchronization class value in the second seal synchronization request.
Further, the method provides different calling interfaces for the main center client aiming at different seal synchronous triggering events, wherein:
aiming at making a new seal for the sub-center user and changing the seal state for the sub-center user, a calling interface is provided for a main center client;
aiming at the sub-center to which the seal user change belongs, another calling interface is provided for the main center client.
Further, the determining, by the master center electronic signature unit, a seal synchronization category according to the original seal synchronization request, and generating a first seal synchronization request includes:
when the original seal synchronization request is to synchronize a new seal for a sub-center user, the main center electronic signature unit returns a result to prompt that the seal does not exist after determining that the sub-center user does not exist, and contacts a main center electronic signature unit administrator to apply for the seal, and the seal synchronization process is ended; when the fact that the seal exists in the sub-center user and the seal state is not the cancellation is determined, a first seal synchronous request is generated, wherein the first seal synchronous request comprises an ID (identification) of the sub-center to which the seal belongs, seal information and a first assignment of seal synchronous types;
when the original seal synchronous request is for the state of synchronizing the seal by the sub-center user, the main center electronic signature unit generates a first seal synchronous request after determining that the seal exists by the sub-center user and determining that the state of the seal is not a logout, wherein the first seal synchronous request comprises an ID of the sub-center to which the seal in the state to be changed belongs, seal information of the seal in the state to be changed and second assignment of seal synchronous types;
when the original seal synchronization request is a sub-center to which the seal user belongs, the main center electronic signature unit generates a first seal request after determining that the seal exists for the user to which the sub-center to be changed belongs and the state of the seal is not a logout, wherein the first seal synchronization request comprises an ID to which the seal user belongs to the sub-center to be moved, seal information of the user to which the sub-center to be changed belongs and a third assignment of seal synchronization types.
Further, after the main center synchronization unit receives the first seal synchronization request, the method obtains address information of the sub-center synchronization unit according to the sub-center ID, and at least one of HTTPS secure transmission and encryption of the sent first seal synchronization request by using an encryption algorithm is adopted when the first seal synchronization request is sent to the sub-center synchronization unit in the first seal synchronization request.
Further, the operation of the sub-center electronic signature unit to the seal information according to the seal synchronization type value in the second seal synchronization request includes:
when the seal synchronous category value is the first assignment of the seal synchronous category, the seal is directly put in storage by the sub-center electronic signature unit;
when the seal synchronous category value is a second assignment of the seal synchronous category, the sub-center electronic signature unit changes the state of the user seal;
when the seal synchronous category value is the third assignment of the seal synchronous category, the sub-center electronic signature unit directly inserts the seal data into a seal table to which a user who intends to change the sub-center belongs.
Further, when the master center electronic signature unit generates a plurality of first seal synchronization requests, the first seal synchronization requests are put into the queue unit, sequentially received by the master synchronization unit and then sent to the sub-center synchronization unit.
According to another aspect of the present invention, there is provided a distributed electronic signature system, the system comprising:
the main center client is used for sending an original seal synchronization request to the main center electronic signature unit when a seal synchronization trigger event exists, wherein the seal synchronization trigger event comprises the steps of manufacturing a new seal for a sub-center user, changing a seal state for the sub-center user and changing a sub-center to which the seal user belongs, the original seal synchronization request is a seal synchronization request corresponding to the seal synchronization trigger event, and the seal state comprises a frozen seal, a defreezed seal and a cancellation seal;
the main center electronic signature unit is used for determining a seal synchronization category according to an original seal synchronization request, generating a first seal synchronization request and sending the first seal synchronization request to the main center synchronization unit, wherein the first seal synchronization request comprises a sub-center ID, seal information and seal synchronization category values, and the seal synchronization category values are values assigned to seal synchronization operations corresponding to the original seal synchronization request;
the main center synchronization unit is used for acquiring address information of the sub-center synchronization unit according to the sub-center ID after receiving the first seal synchronization request, and sending the first seal synchronization request to the sub-center synchronization unit designated by the first seal synchronization request;
the sub-center synchronizing unit is used for carrying out validity check on the first seal synchronizing request after receiving the first seal synchronizing request, determining that the first seal synchronizing request is from a legal main center synchronizing unit and seal information in the first seal synchronizing request belongs to the sub-center, and generating a second seal synchronizing request and sending the second seal synchronizing request to the sub-center electronic signature unit after passing the validity check, wherein the second seal synchronizing request comprises seal information and seal synchronizing type values;
and the sub-center electronic signature units are used for carrying out corresponding seal synchronous operation on the seal information according to the seal synchronous category value in the second seal synchronous request, wherein each sub-center electronic signature unit corresponds to one sub-center synchronous unit.
Further, the primary hub client includes two call interfaces, wherein:
aiming at making a new seal for the sub-center user and changing the seal state for the sub-center user, the main center client is provided with a calling interface;
aiming at the sub-center to which the seal user changes, the main center client has another calling interface.
Further, the system also comprises a queue unit for receiving the first seal synchronization request generated by the main center electronic signature unit and sequentially transmitting the first seal synchronization request to the main center synchronization unit.
Further, the master center electronic signature unit includes:
the first request generating unit is used for returning a result prompt to the master center electronic signature unit for prompting the absence of the seal after determining that the seal does not exist in the sub-center user when the original seal synchronization request is for synchronizing the new seal for the sub-center user, and requesting to contact a master center electronic signature unit administrator for applying the seal, wherein the seal synchronization process is finished; when the fact that the seal exists in the sub-center user and the seal state is not the cancellation is determined, a first seal synchronous request is generated, wherein the first seal synchronous request comprises an ID (identification) of the sub-center to which the seal belongs, seal information and a first assignment of seal synchronous types;
the second request generation unit is used for generating a first seal synchronization request after the main center electronic signature unit determines that the seal exists in the sub-center user and determines that the seal state is not a logout when the original seal synchronization request is the sub-center user synchronous seal state, wherein the first seal synchronization request comprises an ID of the sub-center to which the seal in a to-be-changed state belongs, seal information of the seal in the to-be-changed state and second assignment of seal synchronization types;
and the third request generation unit is used for generating a first seal request after the main center electronic signature unit determines that the user who wants to change the affiliated sub-center has the seal when the original seal synchronization request is the sub-center affiliated to the seal user synchronization, wherein the first seal synchronization request comprises the ID of the seal user who wants to migrate into the sub-center, the seal information of the user who wants to change the affiliated sub-center and a third assignment of the seal synchronization category.
Further, the master center synchronization unit further includes an encryption unit for encrypting the first seal synchronization request using an encryption algorithm, that is, encrypting the first seal synchronization request using a public key certificate of a sub-center synchronization unit configured by the master center synchronization unit.
Further, the sub-center synchronization unit further comprises a decryption unit, which is used for decrypting the first seal synchronization unit through a private key of the sub-center synchronization unit.
Further, the split-center electronic signature unit includes:
the first operation unit is used for directly carrying out warehousing operation on the seal by the sub-center electronic signature unit when the seal synchronous category value is a first assignment of the seal synchronous category;
the second operation unit is used for changing the state of the user seal by the sub-center electronic signature unit when the seal synchronous category value is a second assignment of the seal synchronous category;
and the third operation unit is used for directly inserting the data of the seal into the seal table of the user of the sub-center to be changed when the seal synchronous type value is a third assignment of the seal synchronous type.
The distributed electronic signature method and system provided by the technical scheme of the invention divide a signature system into a main center electronic signature unit and sub-center electronic signature units, wherein the main center electronic signature unit is responsible for uniformly manufacturing seals and managing the states of all sub-center seals, classifying synchronous requests according to the actual conditions of synchronous seal information, pushing the seal synchronous requests to the electronic signature units of all sub-centers through the main center synchronous unit and the sub-center synchronous unit by adopting different logic strategies according to the difference of values of seal synchronous category fields, and providing the functions of seal application, seal verification, seal application record inquiry, seal information inquiry and the like by the sub-centers. The distributed electronic signature method and the distributed electronic signature system provided by the invention have the following beneficial effects:
1. the method of the invention effectively solves the real requirement of unified management of the seal and cross-regional use of the seal, the main center is responsible for managing and manufacturing the seal, and the sub-centers are responsible for users to actually use the seal. The system main electronic signature unit and the sub electronic signature unit are definite in work division and take account of authority concentration.
2. The electronic signature method and the system have unique advantages in performance and safety, and the request processing is realized between the main center electronic signature unit and the main center synchronous unit through a queue technology, so that the concurrency is improved by decoupling well. In addition, the design on the whole architecture conceals the signature unit, avoids exposing under the external network, and simultaneously realizes independence on core business.
3. The actual conditions of the synchronous seal information are classified, and different logic strategies are adopted in final receiving processing through the difference of values of seal synchronous category fields. By the establishment of the logic strategy, the system target and logic processing are clearer.
Drawings
Exemplary embodiments of the present invention may be more completely understood in consideration of the following drawings:
FIG. 1 is a flow chart of a distributed electronic signature method according to a preferred embodiment of the present invention;
fig. 2 is a schematic structural view of a distributed electronic signature system according to a preferred embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a flowchart of a distributed electronic signature method according to a preferred embodiment of the present invention. As shown in fig. 1, the distributed electronic signature method 100 according to the preferred embodiment starts in step 101.
In step 101, when there is a stamp synchronization trigger event, the master center client sends an original stamp synchronization request to the master center electronic signature unit, where the stamp synchronization trigger event includes making a new stamp for a sub-center user, changing a stamp state for the sub-center user, and changing a sub-center to which the stamp user belongs, the original stamp synchronization request is a stamp synchronization request corresponding to the stamp synchronization trigger event, and the stamp state includes freezing the stamp, thawing the stamp, and canceling the stamp.
In the preferred embodiment, when the main center electronic signature unit calls the interface to make a new seal for a certain sub-center, the main center client sends an original seal synchronization request, i.e. a new seal synchronization, to the main center electronic signature.
In step 102, the master center electronic signature unit determines a seal synchronization category according to the original seal synchronization request, generates a first seal synchronization request, and sends the first seal synchronization request to the master center synchronization unit, wherein the first seal synchronization request includes a sub-center ID, seal information, and a seal synchronization category value, and the seal synchronization category value is a value assigned to seal synchronization operation corresponding to the original seal synchronization request.
Preferably, the determining, by the master center electronic signature unit, a seal synchronization category according to the original seal synchronization request, and generating the first seal synchronization request includes:
when the original seal synchronization request is to synchronize a new seal for a sub-center user, the main center electronic signature unit returns a result to prompt that the seal does not exist after determining that the sub-center user does not exist, and contacts a main center electronic signature unit administrator to apply for the seal, and the seal synchronization process is ended; when the fact that the seal exists in the sub-center user and the seal state is not the cancellation is determined, a first seal synchronous request is generated, wherein the first seal synchronous request comprises an ID (identification) of the sub-center to which the seal belongs, seal information and a first assignment of seal synchronous types;
when the original seal synchronous request is for the state of synchronizing the seal by the sub-center user, the main center electronic signature unit generates a first seal synchronous request after determining that the seal exists by the sub-center user and determining that the state of the seal is not a logout, wherein the first seal synchronous request comprises an ID of the sub-center to which the seal in the state to be changed belongs, seal information of the seal in the state to be changed and second assignment of seal synchronous types;
when the original seal synchronization request is a sub-center to which the seal user belongs, the main center electronic signature unit generates a first seal request after determining that the seal exists for the user to which the sub-center to be changed belongs and the state of the seal is not a logout, wherein the first seal synchronization request comprises an ID to which the seal user belongs to the sub-center to be moved, seal information of the user to which the sub-center to be changed belongs and a third assignment of seal synchronization types.
In the preferred embodiment, after the primary center electronic signature unit receives an original seal synchronization request for synchronizing a new seal, detecting whether the seal exists in the sub-center, and when the seal does not exist in the sub-center, but a new seal exists in the database and the seal state is not a logout, generating a first seal synchronization request and sending the first seal synchronization request to the primary center synchronization unit, wherein the first seal synchronization request comprises a sub-center ID, seal information and seal synchronization type value, the seal information is information of the new seal in the sub-center, and the seal synchronization type value of the new seal is 1.
In step 103, after receiving the first seal synchronization request, the main center synchronization unit obtains address information of the sub-center synchronization unit according to the sub-center ID, and sends the first seal synchronization request to the sub-center synchronization unit specified by the first seal synchronization request.
Preferably, after the main center synchronization unit receives the first seal synchronization request, the method obtains address information of the sub-center synchronization unit according to the sub-center ID, and at least one of HTTPS secure transmission and encryption of the transmitted first seal synchronization request by using an encryption algorithm is adopted when the first seal synchronization request is transmitted to the sub-center synchronization unit in the first seal synchronization request.
In the preferred embodiment, the primary central synchronization unit configures the public key certificates of each sub-central synchronization unit for encryption by configuring one-way https and encryption and decryption policies.
In step 104, after receiving the first seal synchronization request, the sub-center synchronization unit performs validity check on the first seal synchronization request, determines that the first seal synchronization request is from a legal main center synchronization unit and seal information in the first seal synchronization request belongs to the sub-center, and generates and sends a second seal synchronization request to the sub-center electronic signature unit after passing the validity check, wherein the second seal synchronization request includes seal information and seal synchronization type values.
In the preferred embodiment, since the unidirectional https and encryption and decryption policies are configured, the private key of the sub-center synchronization unit is used for decryption to obtain the seal synchronization information in the first seal synchronization request, and the information is verified to determine whether the information is from the legal main center synchronization unit and whether the sub-center to which the seal synchronization information belongs is correct. And when the verification is passed, the sub-center synchronization unit generates a second seal synchronization request comprising seal information and seal synchronization class values and sends the second seal synchronization request to the sub-center electronic signature unit.
In step 105, the sub-center electronic signature unit performs corresponding seal synchronization operation on the seal information according to the seal synchronization class value in the second seal synchronization request.
Preferably, the operation of the sub-center electronic signature unit for performing different operations on the seal information according to the seal synchronization type value in the second seal synchronization request includes:
when the seal synchronous category value is the first assignment of the seal synchronous category, the seal is directly put in storage by the sub-center electronic signature unit;
when the seal synchronous category value is a second assignment of the seal synchronous category, the sub-center electronic signature unit changes the state of the user seal;
when the seal synchronous category value is the third assignment of the seal synchronous category, the sub-center electronic signature unit directly inserts the seal data into a seal table to which a user who intends to change the sub-center belongs.
In the preferred embodiment, after the sub-center electronic signature unit receives the second seal synchronization request, the stamp synchronization operation is known to be a new seal synchronization operation according to the stamp synchronization class value of 1, so that the new seal is directly put in storage.
Preferably, the method provides different calling interfaces for the main center client aiming at different seal synchronous triggering events, wherein:
aiming at making a new seal for the sub-center user and changing the seal state for the sub-center user, a calling interface is provided for a main center client;
aiming at the sub-center to which the seal user change belongs, another calling interface is provided for the main center client.
Preferably, the method further comprises the step of putting the first stamp synchronization requests into a queue unit when the master center electronic signature unit generates the first stamp synchronization requests, sequentially receiving the first stamp synchronization requests by the master center electronic signature unit in sequence, and sending the first stamp synchronization requests to the sub-center synchronization unit.
Fig. 2 is a schematic structural view of a distributed electronic signature system according to a preferred embodiment of the present invention. As shown in fig. 2, the distributed electronic signature system 200 according to the preferred embodiment includes:
and the main center client 201 is configured to send an original stamp synchronization request to the main center electronic signature unit when a stamp synchronization trigger event exists, where the stamp synchronization trigger event includes making a new stamp for a sub-center user, changing a stamp state for the sub-center user, and changing a sub-center to which the stamp user belongs, the original stamp synchronization request is a stamp synchronization request corresponding to the stamp synchronization trigger event, and the stamp state includes freezing the stamp, thawing the stamp, and canceling the stamp.
The main center electronic signature unit 202 is configured to determine a seal synchronization type according to an original seal synchronization request, generate a first seal synchronization request, and send the first seal synchronization request to the main center synchronization unit, where the first seal synchronization request includes a sub-center ID, seal information, and a seal synchronization type value, where the seal synchronization type value is a value assigned to a seal synchronization operation corresponding to the original seal synchronization request.
And the main center synchronization unit 203 is configured to obtain address information of the sub-center synchronization unit according to the sub-center ID after receiving the first seal synchronization request, and send the first seal synchronization request to the sub-center synchronization unit specified by the first seal synchronization request.
And the sub-center synchronization unit 204 is configured to perform validity check on the first seal synchronization request after receiving the first seal synchronization request, determine that the first seal synchronization request is from a valid main center synchronization unit and seal information in the first seal synchronization request belongs to the sub-center, generate a second seal synchronization request after passing the validity check, and send the second seal synchronization request to the sub-center electronic signature unit, where the second seal synchronization request includes seal information and seal synchronization class values.
In the preferred embodiment, there are a plurality of split center synchronization units.
And the sub-center electronic signature units 205 are used for performing corresponding seal synchronization operation on the seal information according to the seal synchronization class value in the second seal synchronization request, wherein each sub-center electronic signature unit corresponds to one sub-center synchronization unit.
Preferably, the primary hub client 201 includes two call interfaces, wherein:
aiming at making a new seal for the sub-center user and changing the seal state for the sub-center user, the main center client is provided with a calling interface;
aiming at the sub-center to which the seal user changes, the main center client has another calling interface.
Preferably, the system further comprises a queue unit 206, configured to receive the first seal synchronization request generated by the master central electronic signature unit, and sequentially transmit the first seal synchronization request to the master central synchronization unit.
Preferably, the master center electronic signature unit 202 includes:
a first request generating unit 221, configured to, when the original seal synchronization request is for synchronizing a new seal for a sub-center user, return a result to prompt that the seal does not exist after determining that the sub-center user does not exist by the main center electronic signature unit, and contact a main center electronic signature unit administrator to apply for the seal, where the seal synchronization process ends; when the fact that the seal exists in the sub-center user and the seal state is not the cancellation is determined, a first seal synchronous request is generated, wherein the first seal synchronous request comprises an ID (identification) of the sub-center to which the seal belongs, seal information and a first assignment of seal synchronous types;
a second request generating unit 222, configured to generate, when the original seal synchronization request is a seal synchronization state of a sub-center user, a first seal synchronization request after determining that the sub-center user has the seal and that the seal state is not a logout, where the first seal synchronization request includes an ID of the sub-center to which the seal in a to-be-changed state belongs, seal information of the seal in the to-be-changed state, and a second assignment of a seal synchronization class;
and a third request generating unit 223, configured to generate, when the original seal synchronization request is a sub-center to which the seal user belongs, a first seal request after determining that the user who wants to change the sub-center already has a seal, where the first seal synchronization request includes an ID of the sub-center to which the seal user belongs, seal information of the user who wants to change the sub-center, and a third assignment of seal synchronization class.
Preferably, the primary central synchronization unit 203 further comprises an encryption unit for encrypting the first stamp synchronization request using an encryption algorithm, i.e. a public key certificate of a sub-central synchronization unit configured by the primary central synchronization unit.
Preferably, the sub-center synchronization unit 204 further comprises a decryption unit for decrypting the first stamp synchronization unit by means of a private key of the sub-center synchronization unit.
Preferably, the split-center electronic signature unit 205 includes:
a first operation unit 251, configured to directly perform a warehousing operation on the stamp by using a split-center electronic signature unit when the stamp synchronization class value is a first assignment of a stamp synchronization class;
a second operation unit 252 for changing the state of the user stamp by the split-center electronic signature unit when the stamp synchronization class value is a second assignment of the stamp synchronization class;
and a third operation unit 253, configured to, when the seal synchronization class value is a third assignment of a seal synchronization class, directly insert the seal data into a seal table to which a user who intends to change a sub-center belongs by the sub-center electronic signature unit.
The invention has been described with reference to a few embodiments. However, as is well known to those skilled in the art, other embodiments than the above disclosed invention are equally possible within the scope of the invention, as defined by the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise therein. All references to "a/an/the [ means, component, etc. ]" are to be interpreted openly as referring to at least one instance of said means, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
Claims (11)
1. A distributed electronic signature method, the method comprising:
when a seal synchronous triggering event exists, a main center client sends an original seal synchronous request to a main center electronic signature unit, wherein the seal synchronous triggering event comprises making a new seal for a sub-center user, changing a seal state for the sub-center user and changing a sub-center to which the seal user belongs, the original seal synchronous request is a seal synchronous request corresponding to the seal synchronous triggering event, and the seal state comprises freezing the seal, thawing the seal and canceling the seal;
the main center electronic signature unit determines a seal synchronization category according to the original seal synchronization request, generates a first seal synchronization request, and sends the first seal synchronization request to the main center synchronization unit, wherein the main center electronic signature unit determines the seal synchronization category according to the original seal synchronization request, and generates the first seal synchronization request comprises:
when the original seal synchronization request is to synchronize a new seal for a sub-center user, the main center electronic signature unit returns a result to prompt that the seal does not exist after determining that the sub-center user does not exist, and contacts a main center electronic signature unit administrator to apply for the seal, and the seal synchronization process is ended; when the fact that the seal exists in the sub-center user and the seal state is not the cancellation is determined, a first seal synchronous request is generated, wherein the first seal synchronous request comprises an ID (identification) of the sub-center to which the seal belongs, seal information and a first assignment of seal synchronous types;
when the original seal synchronous request is for the state of synchronizing the seal by the sub-center user, the main center electronic signature unit generates a first seal synchronous request after determining that the seal exists by the sub-center user and determining that the state of the seal is not a logout, wherein the first seal synchronous request comprises an ID of the sub-center to which the seal in the state to be changed belongs, seal information of the seal in the state to be changed and second assignment of seal synchronous types;
when the original seal synchronization request is a sub-center to which the seal user belongs is synchronized, the main center electronic signature unit generates a first seal request after determining that the seal exists for the user to which the sub-center to be changed belongs and the state of the seal is not logged off, wherein the first seal synchronization request comprises an ID to which the seal user is to migrate into the sub-center, seal information of the user to which the sub-center to be changed belongs and a third assignment of seal synchronization types;
after receiving a first seal synchronization request, a main center synchronization unit acquires address information of a sub-center synchronization unit according to a sub-center ID, and sends the first seal synchronization request to the sub-center synchronization unit designated by the first seal synchronization request;
after receiving a first seal synchronization request, a sub-center synchronization unit performs validity check on the first seal synchronization request, determines that the first seal synchronization request is from a legal main center synchronization unit and seal information in the first seal synchronization request belongs to the sub-center, and generates a second seal synchronization request and sends the second seal synchronization request to a sub-center electronic signature unit after passing the validity check, wherein the second seal synchronization request comprises seal information and seal synchronization class values;
and the sub-center electronic signature unit performs corresponding seal synchronization operation on the seal information according to the seal synchronization class value in the second seal synchronization request.
2. The method of claim 1, wherein the method provides different call interfaces for a master-center client for different stamp-sync trigger events, wherein:
aiming at making a new seal for the sub-center user and changing the seal state for the sub-center user, a calling interface is provided for a main center client;
aiming at the sub-center to which the seal user change belongs, another calling interface is provided for the main center client.
3. The method according to claim 1, wherein after the primary central synchronization unit receives the first seal synchronization request, the method obtains address information of the sub-central synchronization unit according to the sub-central ID, and encrypts the transmitted first seal synchronization request by using HTTPS secure transmission and using an encryption algorithm when transmitting the first seal synchronization request to the sub-central synchronization unit in the first seal synchronization request.
4. The method of claim 1, wherein the multi-center electronic signature unit performs different operations on the stamp information according to the stamp synchronization category value in the second stamp synchronization request, including:
when the seal synchronous category value is the first assignment of the seal synchronous category, the seal is directly put in storage by the sub-center electronic signature unit;
when the seal synchronous category value is a second assignment of the seal synchronous category, the sub-center electronic signature unit changes the state of the user seal;
when the seal synchronous category value is the third assignment of the seal synchronous category, the sub-center electronic signature unit directly inserts the seal data into a seal table to which a user who intends to change the sub-center belongs.
5. The method of claim 1, further comprising placing a plurality of first stamp synchronization requests in a queue unit when generated by the master-center electronic signature unit, sequentially received by the master-center electronic signature unit and sent to the split-center synchronization unit.
6. A distributed electronic signature system, the system comprising:
the main center client is used for sending an original seal synchronization request to the main center electronic signature unit when a seal synchronization trigger event exists, wherein the seal synchronization trigger event comprises the steps of manufacturing a new seal for a sub-center user, changing a seal state for the sub-center user and changing a sub-center to which the seal user belongs, the original seal synchronization request is a seal synchronization request corresponding to the seal synchronization trigger event, and the seal state comprises a frozen seal, a defreezed seal and a cancellation seal;
the master center electronic signature unit is used for determining a seal synchronization category according to an original seal synchronization request, generating a first seal synchronization request and sending the first seal synchronization request to the master center synchronization unit, wherein the master center electronic signature unit comprises:
the first request generating unit is used for returning a result prompt to the master center electronic signature unit for prompting the absence of the seal after determining that the seal does not exist in the sub-center user when the original seal synchronization request is for synchronizing the new seal for the sub-center user, and requesting to contact a master center electronic signature unit administrator for applying the seal, wherein the seal synchronization process is finished; when the fact that the seal exists in the sub-center user and the seal state is not the cancellation is determined, a first seal synchronous request is generated, wherein the first seal synchronous request comprises an ID (identification) of the sub-center to which the seal belongs, seal information and a first assignment of seal synchronous types;
the second request generation unit is used for generating a first seal synchronization request after the main center electronic signature unit determines that the seal exists in the sub-center user and determines that the seal state is not a logout when the original seal synchronization request is the sub-center user synchronous seal state, wherein the first seal synchronization request comprises an ID of the sub-center to which the seal in a to-be-changed state belongs, seal information of the seal in the to-be-changed state and second assignment of seal synchronization types;
a third request generating unit, configured to generate, when the original seal synchronization request is a sub-center to which the seal user belongs, a first seal request after determining that the user who wants to change the sub-center already has a seal, where the first seal synchronization request includes an ID of the sub-center to which the seal user wants to migrate, seal information of the user who wants to change the sub-center, and a third assignment of a seal synchronization class;
the main center synchronization unit is used for acquiring address information of the sub-center synchronization unit according to the sub-center ID after receiving the first seal synchronization request, and sending the first seal synchronization request to the sub-center synchronization unit designated by the first seal synchronization request;
the sub-center synchronizing unit is used for carrying out validity check on the first seal synchronizing request after receiving the first seal synchronizing request, determining that the first seal synchronizing request is from a legal main center synchronizing unit and seal information in the first seal synchronizing request belongs to the sub-center, and generating a second seal synchronizing request and sending the second seal synchronizing request to the sub-center electronic signature unit after passing the validity check, wherein the second seal synchronizing request comprises seal information and seal synchronizing type values;
and the sub-center electronic signature units are used for carrying out corresponding seal synchronous operation on the seal information according to the seal synchronous category value in the second seal synchronous request, wherein each sub-center electronic signature unit corresponds to one sub-center synchronous unit.
7. The system of claim 6, wherein the primary hub client comprises two call interfaces, wherein:
aiming at making a new seal for the sub-center user and changing the seal state for the sub-center user, the main center client is provided with a calling interface;
aiming at the sub-center to which the seal user changes, the main center client has another calling interface.
8. The system of claim 6, further comprising a queue unit for receiving the first stamp synchronization request generated by the master center electronic signature unit and sequentially transmitting to the master center synchronization unit.
9. The system of claim 6, wherein the master-center synchronization unit further comprises an encryption unit for encrypting the first stamp-synchronization request using an encryption algorithm, i.e., using a public key certificate of a split-center synchronization unit configured by the master-center synchronization unit.
10. The system of claim 9, wherein the split center synchronization unit further comprises a decryption unit for decrypting the first stamp synchronization unit with a private key of the split center synchronization unit.
11. The system of claim 6, wherein the split-center electronic signature unit comprises:
the first operation unit is used for directly carrying out warehousing operation on the seal by the sub-center electronic signature unit when the seal synchronous category value is a first assignment of the seal synchronous category;
the second operation unit is used for changing the state of the user seal by the sub-center electronic signature unit when the seal synchronous category value is a second assignment of the seal synchronous category;
and the third operation unit is used for directly inserting the data of the seal into the seal table of the user of the sub-center to be changed when the seal synchronous type value is a third assignment of the seal synchronous type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811535135.2A CN109753824B (en) | 2018-12-14 | 2018-12-14 | Distributed electronic signature method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811535135.2A CN109753824B (en) | 2018-12-14 | 2018-12-14 | Distributed electronic signature method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109753824A CN109753824A (en) | 2019-05-14 |
| CN109753824B true CN109753824B (en) | 2023-05-05 |
Family
ID=66403618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811535135.2A Active CN109753824B (en) | 2018-12-14 | 2018-12-14 | Distributed electronic signature method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109753824B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559633B (en) * | 2020-12-16 | 2024-03-22 | 航天信息股份有限公司 | Electronic seal service node management system and method |
| CN114117550A (en) * | 2021-11-25 | 2022-03-01 | 中国建设银行股份有限公司 | Electronic seal generation method, device, electronic device and storage medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069192A1 (en) * | 2000-12-04 | 2002-06-06 | Aegerter William Charles | Modular distributed mobile data applications |
| JP5116323B2 (en) * | 2007-03-13 | 2013-01-09 | キヤノン株式会社 | Information processing apparatus, information processing method, and computer program |
| US20090006258A1 (en) * | 2007-06-26 | 2009-01-01 | John Gordon Ross | Registration Process |
| CN103607451B (en) * | 2013-11-18 | 2017-02-15 | 上海爱数信息技术股份有限公司 | Client terminal and server terminal document operation synchronization method supporting concurrence |
| CN105488186A (en) * | 2015-12-01 | 2016-04-13 | 徐红伟 | Decentralized distributed credit investigation inquiry release method |
| CN105656995A (en) * | 2015-12-25 | 2016-06-08 | 深圳中兴网信科技有限公司 | Data sharing method and system based on distributed processing |
| CN106936582A (en) * | 2015-12-31 | 2017-07-07 | 航天信息股份有限公司 | Electronic Seal System and method |
| GB2571390B (en) * | 2016-02-03 | 2022-07-20 | Luther Systems Ltd | Systems and method for secure management of digital contracts |
| CN110490004B (en) * | 2018-06-11 | 2022-09-02 | 腾讯科技(深圳)有限公司 | Processing method of electronic signature file, client, computer equipment and medium |
-
2018
- 2018-12-14 CN CN201811535135.2A patent/CN109753824B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109753824A (en) | 2019-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Brunner et al. | Did and vc: Untangling decentralized identifiers and verifiable credentials for the web of trust | |
| CN109413087B (en) | Data sharing method and device, digital gateway and computer readable storage medium | |
| CN110769035B (en) | Block chain asset issuing method, platform, service node and storage medium | |
| USRE34954E (en) | Method for secure time-stamping of digital documents | |
| US6553493B1 (en) | Secure mapping and aliasing of private keys used in public key cryptography | |
| CN111556120B (en) | Data processing method and device based on block chain, storage medium and equipment | |
| US5745574A (en) | Security infrastructure for electronic transactions | |
| US6247127B1 (en) | Method and apparatus for providing off-line secure communications | |
| EP1750389B1 (en) | System and method for updating keys used for public key cryptography | |
| CN111884815A (en) | Block chain-based distributed digital certificate authentication system | |
| US20110276490A1 (en) | Security service level agreements with publicly verifiable proofs of compliance | |
| US20020138725A1 (en) | Method and apparatus for obtaining status of public key certificate updates | |
| US20190370483A1 (en) | Data Protection Method and System | |
| US20130124870A1 (en) | Cryptographic document processing in a network | |
| CN109600228A (en) | The signature method and sealing system of anti-quantum calculation based on public keys pond | |
| CN114338242B (en) | Cross-domain single sign-on access method and system based on block chain technology | |
| CN111866042B (en) | Method and device for synchronizing telecommunication account number change | |
| JP2022020602A (en) | Electronic contract evidence preservation system based on smart contract system | |
| CN1547344A (en) | Method of applying timestamp in remote signature system | |
| CN109242404A (en) | History information management method, device, computer equipment and readable storage medium storing program for executing | |
| CN113395164A (en) | Electronic voting method based on ring signature and block chain | |
| US20220020014A1 (en) | Transaction mode-based electronic contract preservation system | |
| CN109753824B (en) | Distributed electronic signature method and system | |
| US8578152B2 (en) | Methods, systems, and apparatus for staggered renewal periods | |
| US11777745B2 (en) | Cloud-side collaborative multi-mode private data circulation method based on smart contract |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |