CN118611920A - Electronic tender document processing method, device, electronic device and storage medium - Google Patents

Abstract

The present application discloses an electronic tender document processing method, device, electronic device and storage medium, which belongs to the field of information and network security technology. The electronic tender document processing method includes: receiving a first request from a bidding enterprise user to log in to an e-commerce platform through a client using a password key; verifying the first request, and calling the signature verification service of a third-party CA organization to verify the password key; after the signature verification is passed, electronically signing the document to be signed online; encrypting the contract document to generate a contract document ciphertext; signing the contract document ciphertext to obtain a first signature value, and storing the contract document ciphertext and the first signature value in the database of the e-commerce platform; encrypting the random symmetric key and sending it to a third-party CA organization. The embodiment of the present application can ensure the security, integrity, confidentiality and non-tamperability of the bidding document, improve the efficiency of bid opening, and reduce occasional problems caused by human operation.

Description

Electronic tender document processing method, device, electronic device and storage medium

Technical Field

The present application belongs to the field of information and network security technology, and in particular, relates to an electronic tender processing method, device, electronic device and storage medium.

Background Art

With the vigorous development of Internet technology, more and more commercial passwords are deeply involved in electronic bidding. Electronic bidding includes important confidential documents of the company, such as quotation documents, business documents and technical documents. How to ensure data security from bidding to bid opening is particularly important. At present, bidders use self-applied CA certificates for signature encryption and use the CA certificate to decrypt files during the bid opening stage. This method has problems such as damaged supplier password key hardware, poor network conditions, forgotten passwords, and incorrect CA driver versions, which lead to failure of file encryption delivery or decryption, resulting in too long a time for project bid opening, and even project cancellation.

Summary of the invention

To this end, the present application proposes an electronic tender document processing method, device, electronic device and storage medium, which can improve the efficiency of project decryption and bid opening, and reduce occasional problems caused by human operation.

In the first aspect, the present application provides an electronic tender document processing method, which is applied to an e-commerce platform, and the method includes: receiving a first request, wherein the first request is a request for a bidding enterprise user to log in to the e-commerce platform through a client using a cryptographic key; verifying the first request, and if the verification passes, calling the signature verification service of a third-party CA organization to verify the cryptographic key; after the signature verification passes, performing an online electronic signature on the to-be-signed file uploaded by the bidding enterprise user to obtain a contract document; encrypting the contract document based on a random symmetric key generated by the cryptographic key to generate a contract document ciphertext; signing the contract document ciphertext based on a private key of the cryptographic key to obtain a first signature value corresponding to the contract document ciphertext, and storing the contract document ciphertext and the corresponding first signature value in a database of the e-commerce platform; encrypting the random symmetric key and sending it to the third-party CA organization, so that the third-party CA organization encrypts and stores the random symmetric key.

In the above embodiment, when the bidding enterprise user logs in to the e-commerce platform through the client using the password key, the bidding enterprise user is authenticated. After the authentication is passed, the password key is verified, thereby realizing the secondary identity authentication of the bidding user. After the verification is passed, the uploaded document to be signed is electronically signed online to obtain the contract document. Through the pre-signing module, the signed document does not need to be transmitted to the third-party CA institution password service platform. The bidding enterprise user can directly perform the electronic signing operation of the bidding document in the pre-signing module, which can maximize the privacy and security of the document and reduce the transformation workload of the e-commerce platform. The contract document is encrypted with a random symmetric key generated by the code key to generate a ciphertext of the contract document, and the ciphertext of the contract document is signed to obtain a first signature value. The ciphertext of the contract document and the corresponding first signature value are stored in the database of the e-commerce platform. The integrity, confidentiality and non-repudiation of the bidding document are ensured by using cryptographic technology, and the key used to decrypt the bidding document during the bidding stage is entrusted to a third-party CA organization, which can effectively prevent information leakage and ensure the non-tamperability of the bidding document. Further, the efficiency of project decryption and bidding opening can be improved, and occasional problems caused by human operations can be reduced.

According to one embodiment of the present application, the method further includes:

During the bid opening phase, a random symmetric key plaintext is obtained from the third-party CA organization;

Calling the signature verification service of the third-party CA institution to verify the ciphertext of the contract document. After the signature verification is passed, using the random symmetric key plaintext to decrypt the ciphertext of the contract document to obtain the contract document;

The signature verification service of the third-party CA organization is called to verify the signature of the contract document. After the signature verification is passed, the bid opening process is completed.

In the above embodiment, during the bid opening stage, a random symmetric key plaintext is obtained from the third-party CA for bid opening, and the signature verification service of the third-party CA organization is called to verify the ciphertext of the contract document. After the verification is passed, the ciphertext of the contract document is decrypted using the random symmetric key plaintext to obtain the contract document, and the signature verification service of the third-party CA organization is called again to verify the contract document. After the verification is passed, the bid opening process is completed, the bid opening key is obtained from the third-party CA organization, and the ciphertext verification of the contract document and the signature verification of the contract document are added, which can ensure the integrity of the bidding documents, improve the efficiency of project decryption and bid opening, reduce occasional problems caused by human operations, and improve the security and effectiveness of the electronic bid opening process.

According to an embodiment of the present application, verifying the first request includes:

Parsing the MAC address in the extension item of the digital certificate of the cryptographic key through a certificate assistant tool to verify the consistency between the MAC address and the physical address information of the computer where the client is located;

If the MAC address is consistent with the physical address information of the computer where the client is located, the verification is successful.

In the above embodiment, the MAC address in the extension item of the digital certificate of the cryptographic key is parsed by the certificate assistant tool, and the consistency of the MAC address with the physical address information of the computer where the client is located is verified, so as to realize the identity authentication of the bidding enterprise user who logs into the e-commerce platform.

According to an embodiment of the present application, the calling of a signature verification service of a third-party CA organization to verify the signature of the cryptographic key includes:

Using the private key in the cryptographic key to digitally sign the random number generated by the cryptographic key to obtain a second signature value, and sending the random number and the second signature value to the cryptographic service sharing platform of the third-party CA organization;

The cryptographic service sharing platform of the third-party CA organization is configured to: use the public key certificate corresponding to the cryptographic key to decrypt the second signature value to obtain a first hash value, compare the first hash value with the second hash value, and if they are consistent, the signature verification is passed. The second hash value is obtained by performing the same hash calculation on the random number as the digital signature process.

In the above embodiment, by calling the signature verification service of a third-party CA organization to verify the signature of the cryptographic key, secondary identity authentication of the bidding enterprise user who logs into the e-commerce platform can be achieved, thereby improving the security of the bidding.

According to an embodiment of the present application, the step of performing online electronic signing on the document to be signed uploaded by the bidding enterprise user to obtain the signed document includes:

Receiving a signature request sent by the bidding enterprise user, wherein the signature request carries an electronic seal and the document to be signed;

The electronic signature pre-module is called to perform online electronic signature on the document to be signed based on the electronic seal to obtain a signed document.

According to an embodiment of the present application, the electronic signature pre-module is configured to perform a hash calculation on the document to be signed to obtain a digest value, and return the document to be signed and the digest value to the e-commerce platform;

After the e-commerce platform signs the summary value, it obtains a third signature value and returns the third signature value to the electronic signature front-end module. The electronic signature front-end module is also configured to: synthesize a signed document based on the third signature value, the electronic seal and the document to be signed, and return the signed document to the e-commerce platform.

In the above embodiment, by deploying an electronic signature front-end module on the user side of the e-commerce platform, the performance loss caused by large file transmission can be greatly reduced. The bidding documents do not need to be transmitted to the third-party CA agency cryptographic service platform. The bidding enterprise users can directly perform electronic signature operations on the bidding documents in the electronic signature front-end module, which can maximize the privacy and security of the documents and reduce the amount of transformation work on the e-commerce platform.

According to an embodiment of the present application, encrypting the random symmetric key and sending it to the third-party CA institution so that the third-party CA institution encrypts and stores the random symmetric key includes:

Encrypt the random symmetric key using the enterprise trust certificate public key provided by the third-party CA institution to obtain a first random symmetric key ciphertext, and send the first random symmetric key ciphertext to the third-party CA institution;

Among them, the third-party CA organization is configured to: use the enterprise managed certificate private key to decrypt the first random symmetric key ciphertext to obtain a random symmetric key, use the protection key to encrypt the random symmetric key to obtain a second random symmetric key ciphertext, and store the second random symmetric key ciphertext.

In the above embodiment, by encrypting and storing the bidding documents on the e-commerce platform, encrypting and storing the random symmetric key used to decrypt the bidding documents in the bid opening stage in a third-party CA institution, and obtaining the random symmetric key from the third-party CA institution in the bid opening stage, remote centralized decryption can be achieved, decryption failures can be avoided, the efficiency of project decryption and bid opening can be improved, and occasional problems caused by human operation can be reduced. In addition, the third-party CA institution cannot obtain the bidding documents before the bid opening, and the bidding platform cannot decrypt the bidding documents before the bid opening. This can effectively prevent information leakage, while also ensuring the non-tamperability of the bidding documents, and improving the security and effectiveness of the electronic bidding and bid opening process.

According to an embodiment of the present application, obtaining a random symmetric key plaintext from the third-party CA institution includes:

Sending a second request to the third-party CA institution, the second request is used to request the third-party CA institution to return a random symmetric key, the third-party CA institution is configured to: decrypt the second random symmetric key ciphertext using the protection key to obtain the random symmetric key, and encrypt the random symmetric key using the e-commerce platform public key certificate to obtain a third random symmetric key ciphertext, and send the third random symmetric key ciphertext to the e-commerce platform;

The third random symmetric key ciphertext is decrypted using the private key of the e-commerce platform to obtain a random symmetric key plaintext.

According to an embodiment of the present application, the calling of the signature verification service of the third-party CA institution to verify the signature of the ciphertext of the contract document includes:

Call the cryptographic service sharing platform of the third-party CA organization, use the public key certificate corresponding to the cryptographic key to decrypt the first signature value, obtain the third hash value, and compare the third hash value with the fourth hash value. If they are consistent, the signature verification is successful. The fourth hash value is obtained by performing the same hash calculation on the ciphertext of the contract document as the signature operation.

According to an embodiment of the present application, the calling of the signature verification service of the third-party CA institution to verify the signature of the contract document includes:

Call the cryptographic service sharing platform of the third-party CA organization, use the public key certificate corresponding to the cryptographic key to decrypt the third signature value in the contract document, obtain the fifth hash value, and compare the fifth hash value with the sixth hash value. If they are consistent, the signature verification is successful. The sixth hash value is obtained by performing the same hash calculation on the file to be signed in the contract document.

In the above embodiment, during the bid opening stage, a random symmetric key plaintext is obtained from the third-party CA for bid opening, and the signature verification service of the third-party CA organization is called to verify the ciphertext of the contract document. After the verification is passed, the ciphertext of the contract document is decrypted using the random symmetric key plaintext to obtain the contract document, and the signature verification service of the third-party CA organization is called again to verify the contract document. After the verification is passed, the bid opening process is completed, the bid opening key is obtained from the third-party CA organization, and the ciphertext verification of the contract document and the signature verification of the contract document are added, which can ensure the integrity of the bidding documents, improve the efficiency of project decryption and bid opening, reduce occasional problems caused by human operations, and improve the security and effectiveness of the electronic bid opening process.

According to one embodiment of the present application, the cryptographic key is issued by the cryptographic service sharing platform of the third-party CA organization, and the cryptographic key includes: a digital certificate and an electronic seal of the bidding enterprise.

In a second aspect, the present application provides an electronic tender document processing device, the device comprising:

A receiving unit, configured to receive a first request, wherein the first request is a request from a bidding enterprise user to log in to the e-commerce platform using a password key through a client;

An identity authentication unit, configured to verify the first request, and if the verification is successful, call a signature verification service of a third-party CA organization to verify the signature of the cryptographic key;

The electronic signature unit is used to electronically sign the documents uploaded by the bidding enterprise user online after the signature verification is passed to obtain the contract document;

An encryption unit, used to encrypt the contract document based on a random symmetric key generated by the cryptographic key to generate a ciphertext of the contract document;

A signature unit, used to perform a signature operation on the contract document ciphertext based on the private key of the cryptographic key, obtain the contract document ciphertext and the corresponding signature value, and store the contract document ciphertext and the corresponding signature value in the database of the e-commerce platform;

The key encryption transmission unit is used to encrypt the random symmetric key and then send it to the third-party CA organization, so that the third-party CA organization encrypts and stores the random symmetric key.

In the above embodiment, when the bidding enterprise user logs in to the e-commerce platform through the client using the password key, the bidding enterprise user is authenticated. After the authentication is passed, the password key is verified, thereby realizing the secondary identity authentication of the bidding user. After the verification is passed, the uploaded document to be signed is electronically signed online to obtain the contract document. Through the pre-signing module, the signed document does not need to be transmitted to the third-party CA institution password service platform. The bidding enterprise user can directly perform the electronic signing operation of the bidding document in the pre-signing module, which can maximize the privacy and security of the document and reduce the transformation workload of the e-commerce platform. The contract document is encrypted with a random symmetric key generated by the code key to generate a ciphertext of the contract document, and the ciphertext of the contract document is signed to obtain a first signature value. The ciphertext of the contract document and the corresponding first signature value are stored in the database of the e-commerce platform. The integrity, confidentiality and non-repudiation of the bidding document are ensured by using cryptographic technology, and the key used to decrypt the bidding document during the bidding stage is entrusted to a third-party CA organization, which can effectively prevent information leakage and ensure the non-tamperability of the bidding document. Further, the efficiency of project decryption and bidding opening can be improved, and occasional problems caused by human operations can be reduced.

According to one embodiment of the present application, the electronic tender document processing device further includes:

An acquisition unit, used to acquire a random symmetric key plaintext from the third-party CA organization during the bid opening stage;

A first signature verification unit is used to call the signature verification service of the third-party CA institution to verify the ciphertext of the contract document, and after the signature verification is passed, use the random symmetric key plaintext to decrypt the ciphertext of the contract document to obtain the contract document;

The second signature verification unit calls the signature verification service of the third-party CA organization to verify the signature of the contract document, and completes the bid opening process after the signature verification is passed.

In the above embodiment, during the bid opening stage, a random symmetric key plaintext is obtained from the third-party CA for bid opening, and the signature verification service of the third-party CA organization is called to verify the ciphertext of the contract document. After the verification is passed, the ciphertext of the contract document is decrypted using the random symmetric key plaintext to obtain the contract document, and the signature verification service of the third-party CA organization is called again to verify the contract document. After the verification is passed, the bid opening process is completed, the bid opening key is obtained from the third-party CA organization, and the ciphertext verification of the contract document and the signature verification of the contract document are added, which can ensure the integrity of the bidding documents, improve the efficiency of project decryption and bid opening, reduce occasional problems caused by human operation, and improve the security and effectiveness of the electronic bid opening process.

In a third aspect, the present application provides an electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein when the processor executes the computer program, the electronic tender processing method as described in the first aspect above is implemented.

In a fourth aspect, the present application provides a non-transitory computer-readable storage medium having a computer program stored thereon, and when the computer program is executed by a processor, the electronic tender document processing method as described in the first aspect above is implemented.

In a fifth aspect, the present application provides a chip, comprising a processor and a communication interface, wherein the communication interface is coupled to the processor, and the processor is used to run a program or instruction to implement the electronic tender processing method as described in the first aspect.

In a sixth aspect, the present application provides a computer program product, including a computer program, which, when executed by a processor, implements the electronic tender processing method as described in the first aspect above.

Additional aspects and advantages of the present application will be given in part in the description below, and in part will become apparent from the description below, or will be learned through the practice of the present application.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and/or additional aspects and advantages of the present application will become apparent and easily understood from the description of the embodiments in conjunction with the following drawings, in which:

FIG1 is a schematic diagram of a flow chart of an electronic tender document processing method provided in an embodiment of the present application;

FIG2 is a schematic diagram of a process of login authentication of an e-commerce platform provided in an embodiment of the present application;

FIG3 is a schematic diagram of an interaction for online electronic signature of a bidding document provided in an embodiment of the present application;

FIG4 is a schematic diagram of the interactive process of bidding for bidding documents provided in an embodiment of the present application;

FIG5 is a schematic diagram of an interactive process of opening a bid document provided in an embodiment of the present application;

FIG6 is a schematic diagram of the structure of an electronic tender document processing device provided in an embodiment of the present application;

FIG. 7 is a schematic diagram of the structure of an electronic device provided in an embodiment of the present application.

DETAILED DESCRIPTION

The following will be combined with the drawings in the embodiments of the present application to clearly describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, rather than all the embodiments. All other embodiments obtained by ordinary technicians in this field based on the embodiments in the present application belong to the scope of protection of this application.

The terms "first", "second", etc. in the specification and claims of this application are used to distinguish similar objects, and are not used to describe a specific order or sequence. It should be understood that the data used in this way can be interchangeable under appropriate circumstances, so that the embodiments of the present application can be implemented in an order other than those illustrated or described here, and the objects distinguished by "first", "second", etc. are generally of one type, and the number of objects is not limited. For example, the first object can be one or more. In addition, "and/or" in the specification and claims represents at least one of the connected objects, and the character "/" generally indicates that the objects associated with each other are in an "or" relationship.

The electronic tender document processing method, device, electronic device and storage medium provided in the embodiments of the present application are described in detail below with reference to the accompanying drawings through specific embodiments and their application scenarios.

The electronic tender processing method provided in the embodiment of the present application may be executed by an electronic device or a functional module or functional entity in the electronic device that can implement the electronic tender processing method, such as an e-commerce platform. The electronic devices mentioned in the embodiment of the present application include but are not limited to mobile phones, tablet computers, computers, servers, etc. The electronic tender processing method provided in the embodiment of the present application is described below using an e-commerce platform as an example of the execution entity.

The e-commerce platform in the embodiment of the present application refers to an electronic bidding system/platform. Bidding corporate users can submit electronic bidding documents after logging into the e-commerce platform. The electronic bidding documents include quotation documents, business documents, technical documents, etc. The e-commerce platform can also provide online remote centralized bidding.

Fig. 1 is a flow chart of an electronic tender document processing method provided in an embodiment of the present application. As shown in Fig. 1 , the electronic tender document processing method includes: step 110, step 120, step 130, step 140, step 150 and step 160.

Step 110: receiving a first request, where the first request is a request from a bidding enterprise user to log in to the e-commerce platform using a password key through a client;

It can be understood that the bidding enterprise user, that is, the bidding entity user, inserts the password key on the PC side, that is, the bidding enterprise user uses the password key to log in to the e-commerce platform through the client, and the e-commerce platform receives the first request, which is a request for the bidding enterprise user to log in to the e-commerce platform through the client using the password key.

The client is the end where the bidding enterprise user is located, and the bidding enterprise user logs in to the e-commerce platform through the client. The client and the e-commerce platform adopt the B/S (Browser/Server) architecture, that is, the browser/server architecture.

A cryptographic key, also known as a USBKEY, usually refers to an encryption device or software that contains a private key and/or a public key. It is used to store sensitive information such as the user's private key and digital certificate, and can perform cryptographic operations, data encryption and decryption, digital signatures, and other operations.

It should be noted that the cryptographic key used by the bidding enterprise user is issued by the cryptographic service sharing platform of the third-party CA (Certificate Authority) agency, and the cryptographic key includes: a digital certificate and the electronic seal of the bidding enterprise.

Among them, the third-party CA agency is a third-party electronic certification service agency established in accordance with the law, which has the ability to provide trusted digital certificates, electronic seals and data encryption and decryption services to e-commerce platforms and client users to meet the needs of safe and reliable digital applications.

It is worth noting that before the third-party CA institution's cryptographic service sharing platform issues the cryptographic key to the bidding enterprise user, the bidding enterprise user needs to submit the cryptographic key digital certificate and electronic seal application materials to the third-party CA institution through the client.

Optionally, the cryptographic key includes a signature certificate, an encryption certificate and the bidding company's electronic seal.

In some embodiments, the e-commerce platform integrates the cryptographic service of the cryptographic service sharing platform of the third-party CA institution, and issues secret keys to the bidding enterprise users in combination with the cryptographic service sharing platform of the third-party CA institution.

Step 120: Verify the first request. If the verification is successful, call the signature verification service of the third-party CA organization to verify the signature of the cryptographic key.

It should be noted that in the embodiment of the present application, when the bidding enterprise user logs in to the e-commerce platform through a cryptographic key, the client first authenticates the identity of the user who sends the first request. After the verification is passed, the cryptographic key is verified through the cryptographic service sharing platform of the third-party CA organization integrated in the e-commerce platform to achieve secondary authentication of the user identity.

Among them, the third-party CA agency cryptographic service sharing platform verifies the signature of the cryptographic key, which means: verifying the digital certificate in the cryptographic key.

The specific steps for signature verification are as follows:

Digital signature generation: The sender uses his own private key to digitally sign the transaction information or message (here, the random number generated by the cryptographic key).

Information transmission: The signed information is sent to the recipient or server together with the original text.

Signature verification process: The receiver or server verifies the digital signature using the sender's public key. This step ensures that the information has not been tampered with and verifies that the information indeed comes from the sender who holds the corresponding private key. Signature verification is usually performed by a dedicated signature verification server or software. In the embodiment of the present application, the signature verification process is performed by using the public key certificate of the key through a third-party CA institution cryptographic service sharing platform to compare the hash value of the original information with the hash value obtained after decrypting the signature to see if they are consistent.

After the third-party CA agency's cryptographic service sharing platform verifies the signature of the cryptographic key, the bidding enterprise user successfully logs into the e-commerce platform to conduct electronic bidding.

Step 130: After the signature verification is passed, the documents uploaded by the bidding enterprise user are electronically signed online to obtain the contract document;

In order to realize electronic bidding, the e-commerce platform provides electronic signature pre-service, deploys the electronic signature pre-module on the user side, and adopts digital certificate and electronic seal technology. The bidding enterprise users can perform online electronic signature operations on the bidding documents, which involves the synthesis of signature value (signed using password key and private key) and electronic seal to obtain the signed document. The signed document is the bidding document after electronic signature, which ensures that the bidding document cannot be tampered with.

It should be noted that the documents to be signed uploaded by the bidding enterprise users are the bidding documents of the bidding enterprise users.

In the embodiment of the present application, the e-commerce platform deploys an electronic signature front-end module on the user side, which can significantly reduce the performance loss caused by large file transmission. The signature file does not need to be transmitted to the third-party CA agency cryptographic service platform. The bidding enterprise users can directly perform electronic signature operations on the bidding documents in the signature front-end module, which can maximize the privacy and security of the files while reducing the amount of transformation work on the e-commerce platform.

Step 140: Encrypt the contract document based on the random symmetric key generated by the cryptographic key to generate a ciphertext of the contract document;

After the bidding document is electronically signed, the contract document is obtained. In order to ensure the data security of the bidding document, the bidding document encryption and decryption key uses a symmetric key randomly generated by USBKEY, and adopts a "one-time one-key" method to ensure the data security of the bidding document. Based on the random symmetric key generated by the cryptographic key, such as SM4, the contract document is encrypted to generate the ciphertext of the contract document.

Step 150: perform a signing operation on the contract document ciphertext based on the private key of the cryptographic key to obtain a first signature value corresponding to the contract document ciphertext, and store the contract document ciphertext and the corresponding first signature value in a database of the e-commerce platform;

Furthermore, the ciphertext of the contract document is signed using the private key of the cryptographic key to obtain a signature value corresponding to the ciphertext of the contract document, namely, a first signature value, and the ciphertext of the contract document and the corresponding first signature value are stored in the database of the e-commerce platform.

Therefore, the e-commerce platform is based on PKI/CA and digital certificate technology, and adopts the bidding document signature + bidding document ciphertext + bidding document ciphertext signature method to store it on the e-commerce platform to ensure the integrity, confidentiality and non-repudiation of the bidding documents during the bidding process.

Step 160: Encrypt the random symmetric key and send it to the third-party CA organization, so that the third-party CA organization encrypts and stores the random symmetric key.

The random symmetric key generated by the cryptographic key is the key used to decrypt the bidding documents during the bid opening stage. In an embodiment of the present application, the random symmetric key is encrypted and sent to the third-party CA agency so that the third-party CA agency encrypts and stores the random symmetric key. It can be understood that the random symmetric key needs to be encrypted and transmitted to the third-party CA agency. After the third-party CA agency decrypts it, the original random symmetric key is obtained, and the original random symmetric key is encrypted and stored.

The embodiment of the present application proposes a method for separately storing the key and ciphertext of the bidding document, that is, encrypting the bidding document and storing it on the e-commerce platform, and entrusting the key used for decrypting the bidding document in the bid opening stage to a third-party CA organization, so that remote and centralized decryption can be performed in the bid opening stage. The third-party CA organization cannot obtain the bidding document before the bid opening, and the bidding platform cannot decrypt the bidding document before the bid opening. This can effectively prevent information leakage and also ensure the non-tamperability of the bidding document.

The electronic bidding document processing method provided by the embodiment of the present application performs identity authentication on the bidding enterprise user when the bidding enterprise user logs in to the e-commerce platform through the client using the password key. After the authentication is passed, the password key is verified, thereby realizing the secondary identity authentication of the bidding user. After the verification is passed, the uploaded document to be signed is electronically signed online to obtain the signed document. Through the pre-signing module, the signed document does not need to be transmitted to the password service platform of the third-party CA organization. The bidding enterprise user can directly perform the electronic signing operation on the bidding document in the pre-signing module, which can maximize the privacy and security of the document and reduce the transformation workload of the e-commerce platform. The random symmetric key generated by the key is used to encrypt the contract document to generate a ciphertext of the contract document, and the ciphertext of the contract document is signed to obtain a first signature value. The ciphertext of the contract document and the corresponding first signature value are stored in the database of the e-commerce platform. The integrity, confidentiality and non-repudiation of the bidding document are ensured by using cryptographic technology, and the key used to decrypt the bidding document during the bidding stage is entrusted to a third-party CA organization, which can effectively prevent information leakage and ensure the non-tamperability of the bidding document. The electronic bidding document processing method provided in the embodiment of the present application can improve the efficiency of project decryption and bidding opening, and can reduce occasional problems caused by human operations.

It is understandable that step 120 implements the e-commerce platform login authentication. Figure 2 is a flow chart of the e-commerce platform login authentication provided by the embodiment of the present application. As shown in Figure 2, the main user of the e-commerce platform submits the USBKEY digital certificate and electronic seal application materials to the third-party CA organization. When the USBKEY is inserted into the PC to log in to the e-commerce platform, the client first parses the digital certificate MAC address through the certificate assistant tool to verify the consistency with the PC physical address information; secondly, the e-commerce platform integrates the signature verification service provided by the third-party CA organization to realize the secondary authentication of the user identity.

In some embodiments, the verifying the first request includes:

Parsing the MAC address in the extension item of the digital certificate of the cryptographic key through a certificate assistant tool to verify the consistency between the MAC address and the physical address information of the computer where the client is located;

If the MAC address is consistent with the physical address information of the computer where the client is located, the verification is successful.

Specifically, when the PC inserts the password key to log in to the e-commerce platform, the client parses the MAC address in the extension item of the digital certificate of the password key through the certificate assistant tool to verify the consistency of the MAC address with the physical address information of the computer where the client is located.

If the MAC address is consistent with the physical address information of the computer where the client is located, the verification is successful.

In an embodiment of the present application, the MAC address in the extension item of the digital certificate of the cryptographic key is parsed through a certificate assistant tool to verify the consistency of the MAC address with the physical address information of the computer where the client is located, thereby realizing the identity authentication of the bidding enterprise user who logs into the e-commerce platform.

In some embodiments, calling a signature verification service of a third-party CA organization to verify the signature of the cryptographic key includes:

Using the private key in the cryptographic key to digitally sign the random number generated by the cryptographic key to obtain a second signature value, and sending the random number and the second signature value to the cryptographic service sharing platform of the third-party CA organization;

The cryptographic service sharing platform of the third-party CA organization is configured to: use the public key certificate corresponding to the cryptographic key to decrypt the second signature value to obtain a first hash value, compare the first hash value with the second hash value, and if they are consistent, the signature verification is passed. The second hash value is obtained by performing the same hash calculation on the random number as the digital signature process.

It is understandable that the signature verification of the cryptographic key is performed by the cryptographic service sharing platform of the third-party CA institution. Calling the signature verification service of the third-party CA institution to verify the signature of the cryptographic key includes the following steps:

The cryptographic key generates random numbers;

Using the private key in the cryptographic key to digitally sign the random number generated by the cryptographic key to obtain a second signature value, and sending the random number and the second signature value to the cryptographic service sharing platform of the third-party CA organization;

The cryptographic service sharing platform of the third-party CA institution decrypts the second signature value using the public key certificate corresponding to the cryptographic key to obtain a first hash value; and the cryptographic service sharing platform of the third-party CA institution performs the same hash calculation as the digital signature process on the random number to obtain a second hash value;

The first hash value is compared with the second hash value, and if they are consistent, the verification is successful.

In the embodiment of the present application, by calling the signature verification service of a third-party CA organization to verify the signature of the cryptographic key, secondary identity authentication of the bidding enterprise user who logs into the e-commerce platform can be achieved, thereby improving the security of the bidding.

Figure 3 is an interactive schematic diagram of online electronic signature of bidding documents provided by the embodiment of the present application. As shown in Figure 3, after the bidding enterprise user passes the login authentication, he initiates a signature request from the e-commerce platform, and the electronic signature front-end module performs online electronic signature.

In some embodiments, the step of performing online electronic signature on the document to be signed uploaded by the bidding enterprise user to obtain the signed document includes:

Receiving a signature request sent by the bidding enterprise user, wherein the signature request carries an electronic seal and the document to be signed;

The electronic signature front-end module is called to perform online electronic signature on the document to be signed based on the electronic seal to obtain a signed document.

Specifically, the e-commerce platform deploys an electronic signature pre-module, uses digital certificates and electronic seal technology, and allows bidding enterprise users to perform electronic signature operations on bidding documents to ensure that the bidding documents cannot be tampered with. The specific steps are as follows:

The bidding enterprise user initiates a signature request from the e-commerce platform and sends the electronic seal and the document to be signed to the electronic signature pre-module;

The electronic signature pre-module performs online electronic signature on the document to be signed based on the electronic seal to obtain a signed document.

In some embodiments, the electronic signature pre-module is configured to perform a hash calculation on the document to be signed to obtain a digest value, and return the document to be signed and the digest value to the e-commerce platform;

After the e-commerce platform signs the summary value, it obtains a third signature value and returns the third signature value to the electronic signature front-end module. The electronic signature front-end module is also configured to: synthesize a signed document based on the third signature value, the electronic seal and the document to be signed, and return the signed document to the e-commerce platform.

Referring to Figure 3, the electronic signature front-end module performs hash calculation on the file to be signed to obtain a summary value, and returns the file to be signed and the summary value to the e-commerce platform. The e-commerce platform signs the summary value using the private key of the cryptographic key through the client to obtain a third signature value, and returns the third signature value, the electronic seal and the file to be signed to the electronic signature front-end module. The electronic signature front-end module synthesizes the third signature value, the electronic seal and the file to be signed to obtain a signed document, and sends the signed document to the e-commerce platform.

In the embodiment of the present application, by deploying an electronic signature front-end module on the user side of the e-commerce platform, the performance loss caused by large file transmission can be greatly reduced. The bidding documents do not need to be transmitted to the third-party CA agency cryptographic service platform. The bidding enterprise users can directly perform electronic signature operations on the bidding documents in the electronic signature front-end module, which can maximize the privacy and security of the documents and reduce the amount of transformation work on the e-commerce platform.

FIG4 is a schematic diagram of the interactive process of bidding on a bidding document provided in an embodiment of the present application. As shown in FIG4 , the steps of bidding on a bidding document include:

The bidding enterprise user uploads the documents to be signed, i.e. the bidding documents;

The e-commerce platform uses the private key of the password key to perform online electronic signature on the documents uploaded by the bidding enterprise users to obtain the contract documents;

The cryptographic key generates a random symmetric key, and the e-commerce platform encrypts the contract document based on the random symmetric key generated by the cryptographic key to generate a ciphertext of the contract document;

Performing a signing operation on the ciphertext of the contract document based on the private key of the cryptographic key to obtain a first signature value corresponding to the ciphertext of the contract document, and storing the ciphertext of the contract document and the corresponding first signature value in a database of the e-commerce platform;

The e-commerce platform encrypts the random symmetric key and sends it to the third-party CA institution, so that the third-party CA institution encrypts and stores the random symmetric key.

The embodiment of the present application implements key link process control through cryptographic technology, encrypts the contract document using a random symmetric key generated by a cryptographic key to obtain the contract document ciphertext, and signs the contract document ciphertext using the private key of the cryptographic key, which can effectively prevent the leakage of bidding document information and also ensure the non-tamperability of the bidding document. At the same time, the embodiment of the present application proposes to store the contract document ciphertext and the corresponding first signature value in the database of the e-commerce platform, encrypt and store the random symmetric key in a third-party CA organization, and realize the separate storage of the bid opening key and the bid document ciphertext, further improving the security and effectiveness of electronic bidding and bid opening.

In some embodiments, encrypting the random symmetric key and then sending it to the third-party CA institution so that the third-party CA institution encrypts and stores the random symmetric key includes:

Encrypt the random symmetric key using the enterprise trust certificate public key provided by the third-party CA institution to obtain a first random symmetric key ciphertext, and send the first random symmetric key ciphertext to the third-party CA institution;

Among them, the third-party CA organization is configured to: use the enterprise managed certificate private key to decrypt the first random symmetric key ciphertext to obtain a random symmetric key, use the protection key to encrypt the random symmetric key to obtain a second random symmetric key ciphertext, and store the second random symmetric key ciphertext.

It can be understood that the random symmetric key is encrypted using the enterprise managed certificate public key to obtain a first random symmetric key ciphertext, and the first random symmetric key ciphertext is sent to the third-party CA agency, so that the third-party CA agency uses the enterprise managed certificate private key to decrypt the first random symmetric key ciphertext to obtain the first random symmetric key original text, and the first random symmetric key original text is encrypted using the protection key and then stored.

The electronic tender document processing method provided in the embodiment of the present application encrypts and stores the tender document on an e-commerce platform, encrypts and stores the random symmetric key used to decrypt the tender document in the tender opening stage in a third-party CA organization, and obtains the random symmetric key from the third-party CA organization in the tender opening stage, thereby realizing remote centralized decryption, avoiding decryption failures, improving the efficiency of project decryption and tender opening, and reducing occasional problems caused by human operation. In addition, the third-party CA organization cannot obtain the tender document before the tender opening, and the bidding platform cannot decrypt the tender document before the tender opening. This can effectively prevent information leakage, while also ensuring the non-tamperability of the tender document, thereby improving the security and effectiveness of the electronic tender document bidding and tender opening process.

FIG5 is a schematic diagram of the interactive process of opening a bid document provided in an embodiment of the present application. As shown in FIG5 , the steps of opening a bid document include:

The third-party CA institution decrypts the second random symmetric key ciphertext using the protection key to obtain the random symmetric key, and encrypts the random symmetric key using the e-commerce platform public key certificate to obtain the third random symmetric key ciphertext, and sends the third random symmetric key ciphertext to the e-commerce platform;

Decrypting the third random symmetric key ciphertext using the private key of the e-commerce platform to obtain a random symmetric key plaintext;

Call the signature verification service of the third-party CA institution to verify the ciphertext of the contract document. After the signature verification is passed, use the random symmetric key plaintext to decrypt the ciphertext of the contract document to obtain the contract document;

Call the signature verification service of a third-party CA organization to verify the contract documents. After the verification is passed, the bid opening process is completed.

Referring to FIG5 , in some embodiments, the electronic tender document processing method further includes:

During the bid opening phase, a random symmetric key plaintext is obtained from the third-party CA organization;

Calling the signature verification service of the third-party CA institution to verify the ciphertext of the contract document. After the signature verification is passed, using the random symmetric key plaintext to decrypt the ciphertext of the contract document to obtain the contract document;

The signature verification service of the third-party CA organization is called to verify the signature of the contract document. After the signature verification is passed, the bid opening process is completed.

In some embodiments, obtaining a random symmetric key plaintext from the third-party CA institution includes:

Sending a second request to the third-party CA institution, the second request is used to request the third-party CA institution to return a random symmetric key, the third-party CA institution is configured to: decrypt the second random symmetric key ciphertext using the protection key to obtain the random symmetric key, and encrypt the random symmetric key using the e-commerce platform public key certificate to obtain a third random symmetric key ciphertext, and send the third random symmetric key ciphertext to the e-commerce platform;

The third random symmetric key ciphertext is decrypted using the private key of the e-commerce platform to obtain a random symmetric key plaintext.

The embodiment of the present application uses a third-party CA organization to generate an e-commerce platform hosting certificate, thereby effectively solving the problem of secure sharing during key transmission.

In some embodiments, calling the signature verification service of the third-party CA organization to verify the signature of the signed document ciphertext includes:

Call the cryptographic service sharing platform of the third-party CA organization, use the public key certificate corresponding to the cryptographic key to decrypt the first signature value, obtain the third hash value, and compare the third hash value with the fourth hash value. If they are consistent, the signature verification is successful. The fourth hash value is obtained by performing the same hash calculation on the ciphertext of the contract document as the signature operation.

In some embodiments, calling the signature verification service of the third-party CA organization to verify the signature of the contract document includes:

Call the cryptographic service sharing platform of the third-party CA organization, use the public key certificate corresponding to the cryptographic key to decrypt the third signature value in the contract document, obtain the fifth hash value, and compare the fifth hash value with the sixth hash value. If they are consistent, the signature verification is successful. The sixth hash value is obtained by performing the same hash calculation on the file to be signed in the contract document.

In an embodiment of the present application, during the bid opening stage, a random symmetric key plaintext for bid opening is obtained from a third-party CA, and the signature verification service of the third-party CA organization is called to verify the ciphertext of the contract document. After the verification is passed, the ciphertext of the contract document is decrypted using the random symmetric key plaintext to obtain the contract document, and the signature verification service of the third-party CA organization is called again to verify the contract document. After the verification is passed, the bid opening process is completed, the bid opening key is obtained from the third-party CA organization, and the ciphertext verification of the contract document and the signature verification of the contract document are added, which can ensure the integrity of the bidding documents, improve the efficiency of project decryption and bid opening, reduce occasional problems caused by human operations, and improve the security and effectiveness of the electronic bid opening process.

Another embodiment of the present application provides an electronic tender document processing method, comprising:

When receiving a first request from a bidding enterprise user to log in to the e-commerce platform through a password key, parsing the MAC address in the digital certificate of the password key through a certificate assistant tool to verify the consistency of the MAC address with the physical address information of the computer where the client is located;

When the MAC address is consistent with the physical address information of the computer where the client is located, the cryptographic key is verified through the cryptographic service sharing platform of the third-party CA institution integrated with the e-commerce platform, and the verification result is returned to the client of the e-commerce platform;

If the signature verification result is passed, the e-commerce platform receives a signature request sent by the user, wherein the signature request carries an electronic seal and a document to be signed;

The e-commerce platform sends the signature request to the electronic signature front-end module, and the electronic signature front-end module uses the electronic seal to perform online electronic signature on the document to be signed to obtain a signed document;

Encrypting the contract document based on the random symmetric key generated by the cryptographic key to generate a ciphertext of the contract document;

Performing a signing operation on the ciphertext of the contract document based on the private key of the cryptographic key to obtain a signature value corresponding to the ciphertext of the contract document, and storing the ciphertext of the contract document and the signature value corresponding to the ciphertext of the contract document in a database of the e-commerce platform;

Encrypt the random symmetric key using the enterprise trust certificate public key provided by the third-party CA institution to obtain a first random symmetric key ciphertext, send the first random symmetric key ciphertext to the third-party CA institution, the third-party CA institution decrypts the first random symmetric key ciphertext using the stored enterprise trust certificate private key to obtain a random symmetric key, encrypt the random symmetric key using the protection key to obtain a second random symmetric key ciphertext, and store the second random symmetric key ciphertext;

During the bid opening stage, the third-party CA institution uses the protection key to decrypt the second random symmetric key ciphertext to obtain a random symmetric key, and uses the e-commerce platform public key certificate to encrypt the random symmetric key to obtain a third random symmetric key ciphertext, and sends the third random symmetric key ciphertext to the e-commerce platform;

The e-commerce platform uses the private key to decrypt the third random symmetric key ciphertext to obtain a random symmetric key plaintext;

The e-commerce platform calls the signature verification service of the third-party CA institution to verify the ciphertext of the contract document. After the signature verification is passed, the e-commerce platform uses the random symmetric key plaintext to decrypt the ciphertext of the contract document to obtain the contract document;

The e-commerce platform calls the signature verification service of the third-party CA organization to verify the signature of the contract document, and completes the bid opening process after the signature verification is passed.

The electronic tender document processing method provided in the embodiment of the present application is that when the bidding enterprise user needs to bid, the password key is inserted into the PC, and the client first authenticates the identity of the user who sends the first request. After the verification is passed, the password key is verified through the third-party CA institution password service sharing platform integrated in the e-commerce platform to realize the secondary authentication of the user identity. After the signature verification is passed, the bidding enterprise user uploads the document to be signed, and the e-commerce platform performs online electronic signature through the electronic signature front-end module to obtain the signed document, encrypts the signed document based on the random symmetric key generated by the password key, generates the signed document ciphertext, and signs the signed document ciphertext to obtain the first signature value, stores the signed document ciphertext and the corresponding first signature value in the database of the e-commerce platform, uses cryptographic technology to ensure the integrity, confidentiality and non-repudiation of the bidding document, and entrusts the key used to decrypt the bidding document in the bid opening stage to the third-party CA institution. The third-party CA organization cannot obtain the bidding documents before the bid opening, and the bidding platform cannot decrypt the bidding documents before the bid opening. This can effectively prevent information leakage and ensure the immutability of the bidding documents. During the bid opening stage, the random symmetric key plaintext used for bid opening is obtained from the third-party CA, and the signature verification service of the third-party CA organization is called to verify the ciphertext of the contract document. After the verification is passed, the ciphertext of the contract document is decrypted using the random symmetric key plaintext to obtain the contract document, and the signature verification service of the third-party CA organization is called again to verify the contract document. After the verification is passed, the bid opening process is completed, the bid opening key is obtained from the third-party CA organization, and the ciphertext verification of the contract document and the signature verification of the contract document are added, so that remote centralized decryption can be achieved, decryption failure can be avoided, the integrity of the bidding documents can be ensured, the efficiency of project decryption and bid opening can be improved, occasional problems caused by human operation can be reduced, and the security and effectiveness of the electronic bid opening process can be improved.

The electronic tender document processing method provided in the embodiment of the present application can be executed by an electronic tender document processing device. In the embodiment of the present application, the electronic tender document processing device provided in the embodiment of the present application is described by taking the electronic tender document processing method executed by the electronic tender document processing device as an example.

FIG6 is a schematic diagram of the structure of an electronic tender document processing device provided in an embodiment of the present application. The electronic tender document processing device is applied to an e-commerce platform, that is, the electronic tender document processing device can be a functional module or entity on the e-commerce platform. As shown in FIG6 , the electronic tender document processing device 60 includes: a receiving unit 610, an identity authentication unit 620, an electronic signature unit 630, an encryption unit 640, a signature unit 650, and a key encryption transmission unit 660.

The receiving unit 610 is configured to receive a first request, where the first request is a request from a bidding enterprise user to log in to the e-commerce platform using a password key through a client;

The identity authentication unit 620 is used to verify the first request, and if the verification is successful, call the signature verification service of the third-party CA organization to verify the signature of the cryptographic key;

The electronic signature unit 630 is used to perform online electronic signature on the document to be signed uploaded by the bidding enterprise user after the signature verification is passed, so as to obtain the contract document;

An encryption unit 640 is used to encrypt the contract file based on a random symmetric key generated by the cryptographic key to generate a ciphertext of the contract file;

The signature unit 650 is used to perform a signature operation on the contract document ciphertext based on the private key of the cryptographic key to obtain the contract document ciphertext and the corresponding signature value, and store the contract document ciphertext and the corresponding signature value in the database of the e-commerce platform;

The key encryption transmission unit 660 is used to encrypt the random symmetric key and send it to the third-party CA institution, so that the third-party CA institution encrypts and stores the random symmetric key.

The electronic tender document processing device provided in the embodiment of the present application also includes:

An acquisition unit, used to acquire a random symmetric key plaintext from the third-party CA organization during the bid opening stage;

A first signature verification unit is used to call the signature verification service of the third-party CA institution to verify the ciphertext of the contract document, and after the signature verification is passed, use the random symmetric key plaintext to decrypt the ciphertext of the contract document to obtain the contract document;

The second signature verification unit calls the signature verification service of the third-party CA organization to verify the contract document, and completes the bid opening process after the signature verification is passed.

In some embodiments, the verifying the first request includes:

Parsing the MAC address in the extension item of the digital certificate of the cryptographic key through a certificate assistant tool to verify the consistency between the MAC address and the physical address information of the computer where the client is located;

If the MAC address is consistent with the physical address information of the computer where the client is located, the verification is successful.

In some embodiments, calling a signature verification service of a third-party CA organization to verify the signature of the cryptographic key includes:

Using the private key in the cryptographic key to digitally sign the random number generated by the cryptographic key to obtain a second signature value, and sending the random number and the second signature value to the cryptographic service sharing platform of the third-party CA organization;

The cryptographic service sharing platform of the third-party CA organization is configured to: use the public key certificate corresponding to the cryptographic key to decrypt the second signature value to obtain a first hash value, compare the first hash value with the second hash value, and if they are consistent, the signature verification is passed. The second hash value is obtained by performing the same hash calculation on the random number as the digital signature process.

In some embodiments, the step of performing online electronic signature on the document to be signed uploaded by the bidding enterprise user to obtain the signed document includes:

Receiving a signature request sent by the bidding enterprise user, wherein the signature request carries the electronic seal of the bidding enterprise and the document to be signed;

The electronic signature front-end module is called to perform online electronic signature on the document to be signed based on the electronic seal to obtain a signed document.

In some embodiments, the electronic signature pre-module is configured to perform a hash calculation on the document to be signed to obtain a digest value, and return the document to be signed and the digest value to the e-commerce platform;

After the e-commerce platform signs the summary value, it obtains a third signature value and returns the third signature value to the electronic signature front-end module. The electronic signature front-end module is also configured to: synthesize a signed document based on the third signature value, the electronic seal and the document to be signed, and return the signed document to the e-commerce platform.

In some embodiments, encrypting the random symmetric key and then sending it to the third-party CA institution so that the third-party CA institution encrypts and stores the random symmetric key includes:

Encrypt the random symmetric key using the enterprise trust certificate public key provided by the third-party CA institution to obtain a first random symmetric key ciphertext, and send the first random symmetric key ciphertext to the third-party CA institution;

Among them, the third-party CA organization is configured to: use the enterprise managed certificate private key to decrypt the first random symmetric key ciphertext to obtain a random symmetric key, use the protection key to encrypt the random symmetric key to obtain a second random symmetric key ciphertext, and store the second random symmetric key ciphertext.

In some embodiments, obtaining a random symmetric key plaintext from the third-party CA institution includes:

Sending a second request to the third-party CA institution, the second request is used to request the third-party CA institution to return a random symmetric key, the third-party CA institution is configured to: use the protection key to decrypt the second random symmetric key ciphertext to obtain the random symmetric key, and use the e-commerce platform public key certificate to encrypt the random symmetric key to obtain a third random symmetric key ciphertext, and send the third random symmetric key ciphertext to the e-commerce platform;

The third random symmetric key ciphertext is decrypted using the private key of the e-commerce platform to obtain a random symmetric key plaintext.

In some embodiments, calling the signature verification service of the third-party CA organization to verify the signature of the signed document ciphertext includes:

Call the cryptographic service sharing platform of the third-party CA organization, use the public key certificate corresponding to the cryptographic key to decrypt the first signature value, obtain the third hash value, and compare the third hash value with the fourth hash value. If they are consistent, the signature verification is successful. The fourth hash value is obtained by performing the same hash calculation on the ciphertext of the contract document as the signature operation.

In some embodiments, calling the signature verification service of the third-party CA organization to verify the signature of the contract document includes:

Call the cryptographic service sharing platform of the third-party CA organization, use the public key certificate corresponding to the cryptographic key to decrypt the third signature value in the contract document, obtain the fifth hash value, and compare the fifth hash value with the sixth hash value. If they are consistent, the signature verification is successful. The sixth hash value is obtained by performing the same hash calculation on the file to be signed in the contract document.

In some embodiments, the cryptographic key is issued by the cryptographic service sharing platform of the third-party CA organization, and the cryptographic key includes: a digital certificate and an electronic seal of the bidding enterprise.

The electronic tender document processing device in the embodiment of the present application can be an electronic device, or a component in the electronic device, such as an integrated circuit or a chip. The electronic device can be a terminal, or it can be other devices other than a terminal. Exemplarily, the electronic device can be a mobile phone, a tablet computer, a laptop computer, a PDA, a vehicle-mounted electronic device, a mobile Internet device (Mobile Internet Device, MID), an augmented reality (augmented reality, AR)/virtual reality (virtual reality, VR) device, a robot, a wearable device, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook or a personal digital assistant (personal digital assistant, PDA), etc. It can also be a server, a network attached storage (Network Attached Storage, NAS), a personal computer (personal computer, PC), a television (television, TV), a teller machine or a self-service machine, etc., and the embodiment of the present application is not specifically limited.

The electronic tender document processing device in the embodiment of the present application may be a device having an operating system. The operating system may be a Microsoft (Windows) operating system, an Android (Android) operating system, an IOS operating system, or other possible operating systems, which are not specifically limited in the embodiment of the present application.

The electronic tender document processing device provided in the embodiment of the present application can implement each process implemented by the method embodiments of Figures 1 to 5. To avoid repetition, they will not be described here.

In some embodiments, as shown in Figure 7, the embodiment of the present application also provides an electronic device 700, including a processor 701, a memory 702, and a computer program stored in the memory 702 and executable on the processor 701. When the program is executed by the processor 701, the various processes of the above-mentioned electronic bid processing method embodiment are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

It should be noted that the electronic devices in the embodiments of the present application include the mobile electronic devices and non-mobile electronic devices mentioned above.

An embodiment of the present application also provides a non-transitory computer-readable storage medium, on which a computer program is stored. When the computer program is executed by a processor, the various processes of the above-mentioned electronic bid processing method embodiment are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a computer read-only memory ROM, a random access memory RAM, a magnetic disk or an optical disk.

An embodiment of the present application also provides a computer program product, including a computer program, which implements the above-mentioned electronic tender processing method when executed by a processor.

The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a computer read-only memory ROM, a random access memory RAM, a magnetic disk or an optical disk.

An embodiment of the present application further provides a chip, which includes a processor and a communication interface, wherein the communication interface is coupled to the processor, and the processor is used to run programs or instructions to implement the various processes of the above-mentioned electronic bid processing method embodiment, and can achieve the same technical effect. To avoid repetition, it will not be repeated here.

It should be understood that the chip mentioned in the embodiments of the present application can also be called a system-level chip, a system chip, a chip system or a system-on-chip chip, etc.

It should be noted that, in this article, the term "comprises", "includes" or any other variant thereof is intended to cover non-exclusive inclusion, so that the process, method, article or device including a series of elements includes not only those elements, but also includes other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, the elements defined by the sentence "including one..." do not exclude the presence of other identical elements in the process, method, article or device including the element. In addition, it should be pointed out that the scope of the method and device in the embodiment of the present application is not limited to performing functions in the order shown or discussed, and may also include performing functions in a substantially simultaneous manner or in reverse order according to the functions involved, for example, the described method may be performed in an order different from that described, and various steps may also be added, omitted, or combined. In addition, the features described with reference to certain examples may be combined in other examples.

Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present application, or the part that contributes to the prior art, can be embodied in the form of a computer software product, which is stored in a storage medium (such as ROM/RAM, a magnetic disk, or an optical disk), and includes a number of instructions for a terminal (which can be a mobile phone, a computer, a server, or a network device, etc.) to execute the methods described in each embodiment of the present application.

The embodiments of the present application are described above in conjunction with the accompanying drawings, but the present application is not limited to the above-mentioned specific implementation methods. The above-mentioned specific implementation methods are merely illustrative and not restrictive. Under the guidance of the present application, ordinary technicians in this field can also make many forms without departing from the scope of protection of the purpose of the present application and the claims, all of which are within the protection of the present application.

In the description of this specification, the description with reference to the terms "one embodiment", "some embodiments", "illustrative embodiments", "examples", "specific examples", or "some examples" means that the specific features, structures, materials or characteristics described in conjunction with the embodiment or example are included in at least one embodiment or example of the present application. In this specification, the schematic representation of the above terms does not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials or characteristics described may be combined in any one or more embodiments or examples in a suitable manner.

Although the embodiments of the present application have been shown and described, those skilled in the art will appreciate that various changes, modifications, substitutions and variations may be made to the embodiments without departing from the principles and spirit of the present application, and that the scope of the present application is defined by the claims and their equivalents.

Claims (15)

1. The electronic bidding processing method is characterized by being applied to an electronic commerce platform and comprising the following steps of:

receiving a first request, wherein the first request is a request that a bidding enterprise user logs in the electronic commerce platform through a client by using a password key;

verifying the first request, and calling a signature verification service of a third party CA mechanism to verify the password key under the condition that the first request passes the verification;

after the signature verification passes, carrying out online electronic signature on the file to be signed uploaded by the bidding enterprise user to obtain a subscription file;

encrypting the subscription file based on the random symmetric key generated by the password key to generate a subscription file ciphertext;

Performing signature operation on the subscription file ciphertext based on the private key of the password key to obtain a first signature value corresponding to the subscription file ciphertext, and storing the subscription file ciphertext and the corresponding first signature value in a database of the electronic commerce platform;

and encrypting the random symmetric key and then sending the encrypted random symmetric key to the third-party CA mechanism so that the third-party CA mechanism stores the random symmetric key in an encrypted mode.

2. The electronic bidding processing method of claim 1, further comprising:

in the open label stage, acquiring a random symmetric key plaintext from the third party CA mechanism;

Invoking signature verification service of the third party CA mechanism to verify signature on the signature document ciphertext, and decrypting the signature document ciphertext by utilizing the random symmetric key plaintext after the signature verification passes, so as to obtain the signature document;

and calling a signature verification service of the third-party CA mechanism to verify the signature of the subscription file, and completing the label opening process after the signature verification is passed.

3. The electronic bidding processing method of claim 1 or 2, wherein the validating the first request comprises:

Analyzing an MAC address in an extension item of a digital certificate of the password key through a certificate assistant tool, and verifying the consistency of the MAC address and physical address information of a computer where the client is located;

And if the MAC address is consistent with the physical address information of the computer where the client is located, the verification is passed.

4. The electronic bidding processing method of claim 1 or 2, wherein invoking the signing service of the third party CA institution to sign the cryptographic key comprises:

Carrying out digital signature on a random number generated by the password key by utilizing a private key in the password key to obtain a second signature value, and sending the random number and the second signature value to a password service sharing platform of a third-party CA (certificate authority);

The cryptographic service sharing platform of the third party CA institution is configured to: and decrypting the second signature value by using a public key certificate corresponding to the password key to obtain a first hash value, comparing the first hash value with a second hash value, and if the first hash value is consistent with the second hash value, checking the signature to pass, wherein the second hash value is obtained by carrying out hash calculation on the random number, which is the same as the digital signature process.

5. The electronic bidding document processing method according to claim 1 or 2, wherein the performing online electronic signing on the document to be signed uploaded by the bidding enterprise user to obtain a contracted document includes:

Receiving a signature request sent by a user of the bidding enterprise, wherein the signature request carries an electronic seal and the file to be signed of the bidding enterprise;

and calling an electronic signature pre-module to perform online electronic signature on the file to be signed based on the electronic seal to obtain a signature file.

6. The electronic tag processing method according to claim 5, wherein the electronic tag pre-module is configured to perform hash computation on the document to be signed to obtain a digest value, and return the document to be signed and the digest value to the electronic commerce platform;

after signing the abstract value, the electronic commerce platform obtains a third signature value, and returns the third signature value to the electronic signature pre-module, wherein the electronic signature pre-module is further configured to: and synthesizing a signature file based on the third signature value, the electronic seal and the file to be signed, and returning the signature file to the electronic commerce platform.

7. The electronic bidding process method of claim 2, wherein the encrypting the random symmetric key and then sending the encrypted random symmetric key to the third party CA institution to enable the third party CA institution to encrypt and store the random symmetric key comprises:

Encrypting the random symmetric key by using an enterprise hosting certificate public key provided by a third-party CA organization to obtain a first random symmetric key ciphertext, and transmitting the first random symmetric key ciphertext to the third-party CA organization;

wherein the third party CA authority is configured to: decrypting the first random symmetric key ciphertext by using the enterprise escrow certificate private key to obtain a random symmetric key, encrypting the random symmetric key by using the protection key to obtain a second random symmetric key ciphertext, and storing the second random symmetric key ciphertext.

8. The electronic bidding process of claim 7, wherein the obtaining random symmetric key plaintext from the third-party CA authority comprises:

sending a second request to the third-party CA authority, the second request requesting the third-party CA authority to return a random symmetric key, the third-party CA authority configured to: decrypting the second random symmetric key ciphertext by using the protection key to obtain the random symmetric key, encrypting the random symmetric key by using an e-commerce platform public key certificate to obtain a third random symmetric key ciphertext, and transmitting the third random symmetric key ciphertext to the e-commerce platform;

and decrypting the third random symmetric key ciphertext by using the private key of the electronic commerce platform to obtain a random symmetric key plaintext.

9. The electronic bidding document processing method of claim 2, wherein invoking the signing service of the third party CA institution to sign the ciphertext of the subscription document comprises:

And invoking a password service sharing platform of the third party CA mechanism, decrypting the first signature value by utilizing a public key certificate corresponding to the password key to obtain a third hash value, comparing the third hash value with a fourth hash value, and if the third hash value is consistent with the fourth hash value, checking the signature to pass, wherein the fourth hash value is obtained by carrying out hash calculation which is the same as the signature operation on the signature file ciphertext.

10. The electronic bidding document processing method of claim 6, wherein invoking the signing service of the third party CA institution to sign the subscription document includes:

And invoking a password service sharing platform of the third party CA mechanism, decrypting the third signature value in the signing file by utilizing a public key certificate corresponding to the password key to obtain a fifth hash value, comparing the fifth hash value with a sixth hash value, and if the fifth hash value is consistent with the sixth hash value, checking the signature, wherein the sixth hash value is obtained by carrying out the same hash calculation on the files to be signed in the signing file.

11. The electronic tag processing method of claim 1, wherein the cryptographic key is issued by a cryptographic service sharing platform of the third party CA institution, the cryptographic key comprising: digital certificates and bidding enterprise electronic seals.

12. An electronic bidding document processing apparatus, applied to an electronic commerce platform, comprising:

The electronic commerce system comprises a receiving unit, a first request and a second request, wherein the receiving unit is used for receiving a first request, and the first request is a request that a bidding enterprise user logs in the electronic commerce platform through a client by using a password key;

The identity authentication unit is used for verifying the first request, and calling a signature verification service of a third party CA mechanism to verify the password key under the condition that the first request passes the verification;

The electronic signature unit is used for conducting online electronic signature on the files to be signed uploaded by the bidding enterprise users after the signing passes, so as to obtain subscription files;

the encryption unit is used for encrypting the subscription file based on the random symmetric key generated by the password key to generate a subscription file ciphertext;

The signing unit is used for carrying out signing operation on the subscription file ciphertext based on the private key of the password key to obtain the subscription file ciphertext and a corresponding signature value, and storing the subscription file ciphertext and the corresponding signature value in a database of the electronic commerce platform;

and the key encryption transmission unit is used for encrypting the random symmetric key and then transmitting the encrypted random symmetric key to the third-party CA mechanism so that the third-party CA mechanism stores the random symmetric key in an encrypted mode.

13. The electronic tagbook processing device of claim 12, further comprising:

the acquisition unit is used for acquiring a random symmetric key plaintext from the third-party CA mechanism in the opening stage;

The first signature verification unit is used for calling signature verification service of the third-party CA mechanism to verify signature on the signature document ciphertext, and after signature verification passes, decrypting the signature document ciphertext by utilizing the random symmetric key plaintext to obtain the signature document;

and the second signature verification unit calls signature verification service of the third-party CA mechanism to verify the signature of the subscription file, and after the signature verification passes, the label opening process is completed.

14. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the electronic tagbook processing method of any of claims 1-11 when the program is executed by the processor.

15. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the electronic bidding processing method of any of claims 1-11.