CN117692185A

CN117692185A - Electronic seal using method and device, electronic equipment and storage medium

Info

Publication number: CN117692185A
Application number: CN202311624406.2A
Authority: CN
Inventors: 杨春全; 石聪慧; 刘庆忠; 黄伟湘; 曾小箭; 李家乐; 余广琪; 李金清
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Internet Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Internet Co Ltd
Priority date: 2023-11-29
Filing date: 2023-11-29
Publication date: 2024-03-12

Abstract

The application provides a use method and device of an electronic seal, electronic equipment and a storage medium, wherein the method comprises the following steps: the method comprises the steps of responding to a target object request, signing an electronic file to be authorized by using a target electronic seal, sending a use request containing initial seal data of the target electronic seal to an SIM card, sending a selected appointed identification item in a personal identification item list contained in the initial seal data to the SIM card, then receiving specific seal data which is sent by the SIM card and is generated by updating a first verification code in the initial seal data based on first identification information corresponding to the appointed identification item, signing the electronic file to be authorized based on the specific seal data, and generating the electronic file to be authorized. Thereby improving the use safety of the electronic seal.

Description

Electronic seal using method and device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the technical fields of communications technologies, encryption technologies, and the like, and in particular, to a method and an apparatus for using an electronic seal, an electronic device, and a storage medium.

Background

An electronic signature is defined as "data contained in electronic form in a data message that is attached to identify the signer and indicate that the signer approves the content therein. The traditional paper surface signing or stamping function is realized by the technical means, so that the true identity of a transaction principal is confirmed, and the safety, the authenticity and the non-repudiation of the transaction are ensured. "

The electronic seal is a visual expression form of an electronic signature, takes a cryptographic technology as a core, effectively binds a digital certificate, a signature key and a seal image, and is used for realizing graphical production data of the integrity, the authenticity and the non-repudiation of various electronic documents. However, internet electronic information has the characteristics of replicability and transmissibility, and the electronic seal has the risk of being stolen.

Therefore, a method for using the electronic seal with high security is needed.

Disclosure of Invention

The present application aims to solve, at least to some extent, one of the technical problems in the related art.

Therefore, a first object of the present application is to propose a method for using an electronic seal, which is executed by a terminal device, so as to improve the use security of the electronic seal.

A second object of the present application is to propose a method of using an electronic seal, performed by a SIM card.

A third object of the present application is to propose a device for using an electronic seal applied to a terminal device.

A fourth object of the present application is to provide a device for using an electronic seal applied to a SIM card.

A fifth object of the present application is to propose an electronic device.

A sixth object of the present application is to propose a computer readable storage medium.

A seventh object of the present application is to propose a computer programme product.

To achieve the above object, an embodiment of a first aspect of the present application provides a method for using an electronic seal, which is executed by a terminal device, including:

signing an electronic file to be authorized by using a target electronic seal in response to a target object request, and sending a use request to the SIM card, wherein the use request comprises initial seal data of the target electronic seal;

transmitting the selected appointed identification item in the personal identification item list contained in the initial seal data to the SIM card;

and receiving specific seal data of the target electronic seal sent by the SIM card, signing the electronic file to be authorized based on the specific seal data, and generating an authorized electronic file, wherein the specific seal data is generated by updating a first verification code in the initial seal data by the SIM card based on first identification information corresponding to a specified identification item.

To achieve the above object, an embodiment of a second aspect of the present application provides another method for using an electronic seal, which is executed by a SIM card, and includes:

receiving a use request of a target object for a target electronic seal sent by a terminal device, wherein the use request comprises initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized;

Receiving a designated identification item sent by terminal equipment;

updating a first check code in the initial seal data based on the first identification information corresponding to the appointed identification item to generate specific seal data;

and transmitting the specific seal data to the terminal equipment, and storing the specified identification item and the file identifier in an associated manner.

To achieve the above object, an embodiment of a third aspect of the present application provides an apparatus for using an electronic seal, which is applied to a terminal device, and the apparatus includes:

the receiving and transmitting module is used for signing the electronic file to be authorized by using the target electronic seal in response to the target object request and sending a use request to the SIM card, wherein the use request comprises initial seal data of the target electronic seal;

the selection module is used for sending the selected appointed identification items in the personal identification item list contained in the initial seal data to the SIM card;

and the signature module is used for receiving specific seal data of the target electronic seal sent by the SIM card, signing the electronic file to be authorized based on the specific seal data, and generating an authorized electronic file, wherein the specific seal data is generated by updating a first verification code in the initial seal data by the SIM card based on first identification information corresponding to a specified identification item.

To achieve the above object, an embodiment of a fourth aspect of the present application provides an electronic seal using device, applied to a SIM card, where the device includes:

the receiving and transmitting module is used for receiving a use request of a target object for the target electronic seal sent by the terminal equipment, wherein the use request comprises initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized;

the receiving and transmitting module is used for receiving the appointed identification item sent by the terminal equipment;

the generation module is used for updating a first check code in the initial seal data based on the first identification information corresponding to the appointed identification item to generate specific seal data;

and the receiving and transmitting module is used for transmitting the specific seal data to the terminal equipment and storing the appointed identification item and the file identifier in an associated mode.

To achieve the above object, an embodiment of a fifth aspect of the present application provides an electronic device, including:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the methods of the embodiments described above.

To achieve the above object, an embodiment of a sixth aspect of the present application proposes a computer-readable storage medium storing computer instructions, wherein the computer instructions are for causing a computer to perform the method according to the above embodiment.

To achieve the above object, an embodiment of a seventh aspect of the present application proposes a computer program product comprising a computer program which, when executed by a processor, implements the method of the above embodiment.

The application provides a method, a device, electronic equipment and a storage medium for using an electronic seal, wherein the method, the device, the electronic equipment and the storage medium are used for signing an electronic file to be authorized by using a target electronic seal in response to a target object request, sending a use request of initial seal data containing the target electronic seal to an SIM card, sending a selected appointed identification item in a personal identification item list contained in the initial seal data to the SIM card, then receiving specific seal data which is generated by updating a first verification code in the initial seal data based on first identification information corresponding to the appointed identification item and sent by the SIM card, signing the electronic file to be authorized based on the specific seal data, and generating the electronic file to be authorized. And updating the first verification code in the initial seal data based on the first identification information corresponding to the appointed identification item, and generating specific seal data corresponding to the electronic file to be authorized. The method and the device realize the generation of unique seal data aiming at each electronic file to be authorized, and avoid centralized authorization. Thereby improving the use safety of the electronic seal.

Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.

Drawings

The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:

fig. 1 is a schematic flow chart of a method for using an electronic seal according to an embodiment of the present application;

fig. 2 is a schematic structural diagram of initial stamp data according to an embodiment of the present application;

FIG. 3 is a schematic flow chart of another method for using an electronic seal according to an embodiment of the present disclosure;

FIG. 4 is a schematic flow chart of another method for using an electronic seal according to an embodiment of the present disclosure;

FIG. 5 is a schematic flow chart of another method for using an electronic seal according to an embodiment of the present disclosure;

FIG. 6 is a schematic flow chart of another method for using an electronic seal according to an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of a device for using an electronic seal according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of another device for using an electronic seal according to an embodiment of the present application.

Detailed Description

Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary and intended for the purpose of explaining the present application and are not to be construed as limiting the present application.

The following describes a method and apparatus for using an electronic seal according to an embodiment of the present application with reference to the accompanying drawings.

The application method of the electronic seal is implemented by the application device (hereinafter referred to as application device) of the electronic seal provided by the application embodiment, and the application device can be configured in terminal equipment and a subscriber identity module (Subscriber Identity Module, SIM) card, so that the application safety of the electronic seal is improved.

The application using device can comprise a client program and a server program corresponding to the application using device, wherein the client program is deployed in a client, and the server program can be deployed in a server. The client is used for interacting with a user. The server may be used to manage the generated electronic seal data. The client communicates with the server to exchange data. The client and the server may be deployed in the same terminal device, or may be deployed in different terminal devices. The SIM card is deployed in the terminal equipment to which the client belongs.

Fig. 1 is a flow chart of a method for using an electronic seal according to an embodiment of the present application.

As shown in fig. 1, the method for using the electronic seal is executed by a terminal device and comprises the following steps:

and step 101, signing the electronic file to be authorized by using the target electronic seal in response to the target object request, and sending a use request to the SIM card, wherein the use request comprises initial seal data of the target electronic seal and file identification of the electronic file to be authorized.

The electronic file to be authorized can be an electronic contract or an electronic invoice waiting for signature authorization. The file identifier may be any information such as a file name that is used to uniquely identify the electronic file. The present application is not limited in this regard.

In the application, the target object can upload the electronic file to be authorized in the client and trigger the signature control in the client interface. When the client monitors that the signature control is triggered, a use request can be generated based on initial seal data of the target electronic seal and file identification of the electronic file to be authorized, and the use request is sent to the SIM card. Therefore, the SIM card can receive the use request of the target electronic seal.

In addition, at least one electronic stamp associated with the target object may be preset in the terminal device. Thus, when the target object is associated with only one electronic seal, the electronic seal can be determined as the target electronic seal. When a target object is associated with a plurality of electronic stamps, an electronic stamp selected from the target object among the plurality of electronic stamps may be determined as a target electronic stamp. The initial stamp data of the target electronic stamp can be pre-generated and stored in the terminal device.

As shown in fig. 2, the initial stamp data may include custom data, wherein the custom data includes authorization information, and the authorization information includes a first verification code.

Optionally, the custom data may further include a stamp revocation list (Seal Revocation List, SRL) connection, a random factor, a preset function identifier, a personal identification list, and the like. Wherein the SRL link is used to verify whether the target electronic stamp is revoked and the randomness factor is used to enhance randomness. The preset function identifier is any information used for determining the preset function, such as a function name. The preset function is used for generating a first verification code. The personal identification item list is used for verifying the use permission of the target object for the target electronic seal. The identification items contained in the personal identification item list can be mobile phone numbers, base station information, identification card numbers, names, enterprise names, biological characteristics, reserved problems and the like.

Step 102, the appointed identification item selected in the personal identification item list contained in the initial seal data is sent to the SIM card.

In the application, the terminal device can analyze the initial seal data to obtain a personal identification item list contained in the initial seal data, and display the personal identification item list in the display interface. When any one or more identification items in the personal identification item list are detected to be selected, the selected identification item can be determined to be a designated identification item, and the designated identification item is sent to the SIM card.

And 103, receiving specific seal data of the target electronic seal sent by the SIM card, signing the electronic file to be authorized based on the specific seal data, and generating the electronic file to be authorized, wherein the specific seal data is generated by updating a first verification code in the initial seal data by the SIM card based on first identification information corresponding to the specified identification item, and the SIM card stores the file identification in association with the specified identification item.

In the application, after receiving the appointed identification item, the SIM card can analyze the initial seal data to obtain the first check code in the initial seal data, and meanwhile, the SIM card inquires and determines the first identification information corresponding to the appointed identification item. And then updating the first check code in the initial seal data based on the first identification information corresponding to the appointed identification item to generate specific seal data. For example, the first identification information corresponding to the specified identification item may be directly spliced, and the first check code may be updated by using the character string obtained after the splicing. Or after the first identification information is processed by using a preset function (such as a zero knowledge algorithm) to obtain a new character string, the first check code is updated by using the new character string.

In addition, the SIM card may collect and store the first identification information in advance.

After generating the specific seal data, the SIM card can send the characteristic seal data to the terminal equipment. Therefore, the terminal equipment can receive the specific seal data of the target electronic seal sent by the SIM card. And then, the terminal equipment can sign the electronic file to be authorized based on the specific seal data to generate the electronic file to be authorized. For example, the specific seal data is spliced into the data file of the electronic file to be authorized, so as to generate the authorized electronic file.

It can be understood that the SIM card updates the first verification code in the initial seal data based on the first identification information corresponding to the specified identification item, and generates specific seal data corresponding to the electronic file to be authorized. The method and the device can generate unique seal data for each electronic file to be authorized. Even if stamp data is obtained from an authorized electronic document, it cannot be used for the authorization of forging other electronic documents. Thereby improving the use safety of the electronic seal.

Optionally, the electronic file to be authorized may also be configured in the use request. The SIM card can analyze the use request to obtain the electronic file to be authorized. The SIM card may then sign the electronic file to be authorized based on the pre-generated private key, generating a digital signature. The digital signature may then be sent to the terminal device. Therefore, the terminal equipment can splice the digital signature and the specific seal data with the data file of the electronic file to be authorized to generate the authorized electronic file. So as to prevent the contents of the authorized electronic file from being tampered, thereby improving the use security of the electronic seal.

Optionally, the digital signature and/or the specific seal data received by the terminal device may also be generated and sent to the terminal device after the permission authentication of the target electronic seal for the target object based on the second identification information input by the target object is successful. Thereby improving the use safety of the electronic seal.

In the method, a target electronic seal is used for signing an electronic file to be authorized in response to a target object request, a use request containing initial seal data of the target electronic seal is sent to an SIM card, a selected appointed identification item in a personal identification item list contained in the initial seal data is sent to the SIM card, then specific seal data which is sent by the SIM card and is generated by updating a first verification code in the initial seal data based on first identification information corresponding to the appointed identification item is received, and signing is performed on the electronic file to be authorized based on the specific seal data, so that the electronic file to be authorized is generated. And updating the first verification code in the initial seal data based on the first identification information corresponding to the appointed identification item, and generating specific seal data corresponding to the electronic file to be authorized. The method and the device realize the generation of unique seal data aiming at each electronic file to be authorized, and avoid centralized authorization. Thereby improving the use safety of the electronic seal.

Fig. 3 is a flow chart of another method for using an electronic seal according to an embodiment of the present application.

As shown in fig. 3, the method for using the electronic seal is executed by a terminal device and comprises the following steps:

in step 301, a target electronic seal is used to sign an electronic document to be authorized in response to a target object request, and a use request is sent to a SIM card, wherein the use request includes initial seal data of the target electronic seal.

Step 302, the selected appointed identification item in the personal identification item list contained in the initial seal data is sent to the SIM card.

Step 303, receiving specific seal data of a target electronic seal sent by the SIM card, and signing an electronic file to be authorized based on the specific seal data to generate an electronic file to be authorized, wherein the specific seal data is generated by updating a first verification code in initial seal data by the SIM card based on first identification information corresponding to a specified identification item.

In this application, the specific implementation process of step 301 to step 303 may be referred to the detailed description of any embodiment of the present application, which is not repeated herein.

And step 304, in response to the request for verification of the authorized electronic file, sending a verification request to the SIM card, wherein the verification request contains the file identification of the authorized electronic file.

In the application, when the authorization electronic file needs to be checked, the authorization electronic file can be selected in the client and a check control is triggered. When the client detects that the check control is triggered, the client can analyze and acquire a file identification from the authorized electronic file, generate a check request based on the file identification, and send the check request to the SIM card.

It should be noted that, the file identifier of the authorized electronic file is the same as the file identifier of the corresponding electronic file to be authorized.

And 305, receiving an identification parameter sent by the SIM card, wherein the identification parameter is generated by the SIM card based on first identification information corresponding to a specified identification item associated with the file identification.

In the application, after receiving the verification request, the SIM card may query and determine the specified identification item associated with the file identifier, and query and obtain the first identification information corresponding to the specified identification item. The first identification information may then be sent directly to the terminal device as identification parameter. Or, in order to ensure the security of the private data of the user and avoid the leakage of the data, the first identification information may be encrypted by using a preset function (such as a zero knowledge algorithm) to obtain an identification parameter, and the identification parameter is sent to the terminal device. Therefore, the terminal equipment can receive the identification parameters sent by the SIM card.

Optionally, after receiving the verification request, the SIM card may encrypt the first identification information and the random factor by using a preset function to obtain an identification parameter when the specific seal data includes the random factor, and the identification parameter is sent to the terminal device. Therefore, the terminal equipment can receive the identification parameters sent by the SIM card.

Step 306, determining the second verification code based on the identification parameter, and matching the second verification code with the third verification code in the specific seal data to determine whether the authorized electronic file is legal.

In the application, the identification parameter can be directly determined to be the second verification code, and the second verification code is matched with the third verification code in the specific seal data. And when the second verification code is the same as the third verification code, determining that the authorized electronic file is legal. And when the second verification code is different from the third verification code, determining that the authorized electronic file is illegal. In addition, the preset function for generating the identification parameter and the preset function for generating the third verification code should be the same.

When the preset function is zero knowledge algorithm, the terminal device can process the identification parameters by using the preset function, determine the second verification code, and match the second verification code with the third verification code in the specific seal data. And when the second verification code is the same as the third verification code, determining that the authorized electronic file is legal. And when the second verification code is different from the third verification code, determining that the authorized electronic file is illegal. It should be noted that, the zero-knowledge algorithm used for determining the second verification code is the same as the zero-knowledge algorithm used for generating the identification parameter by the SIM card. The preset function identifier may be configured in the specific stamp data when the SIM generates the specific stamp data to indicate a preset function used in a subsequent verification process of the authorized electronic file.

Optionally, when the digital signature is included in the authorized electronic file, the digital signature may be decrypted by using a certificate that is generated in advance by the SIM card and sent to the terminal device, and the decrypted data of the digital signature may be verified based on the file text data in the authorized electronic file, so as to determine a verification result of the digital signature. And under the condition that the digital signature is successfully checked and the second verification code is matched with the third verification code in the specific seal data, determining whether the authorized electronic file is legal or not.

Optionally, when the specific seal data includes metadata information and SRL links, the terminal device may verify, a priori, whether the format of the specific seal data is correct, verify the signature value by using the seal producer certificate and the algorithm corresponding to the algorithm identifier, and query, through the SRL links, whether the target electronic seal is revoked and the expiration time. And under the conditions that the format of the specific seal data is correct, the signature value is successfully checked, the target electronic seal is not revoked, and the current time is not up to the expiration time, executing the processes from step 205 to step 206. And determining whether the authorized electronic file is legal or not under the condition that the format of the specific seal data is incorrect, the verification of the signature value fails, or the target electronic seal is revoked, or the current moment exceeds the expiration time. Thereby improving the efficiency of verifying the authorized electronic file. The metadata information comprises a seal head, a seal mark, a seal maker certificate, an algorithm mark and a signature value.

In the method, a target electronic seal is used for signing an electronic file to be authorized in response to a target object request, a use request containing initial seal data of the target electronic seal is sent to an SIM card, a selected appointed identification item in a personal identification item list contained in the initial seal data is sent to the SIM card, then specific seal data which is sent by the SIM card and is generated by updating a first verification code in the initial seal data based on first identification information corresponding to the appointed identification item is received, and signing is performed on the electronic file to be authorized based on the specific seal data, so that the electronic file to be authorized is generated. And responding to the request verification of the authorized electronic file, sending a verification request containing the file identification of the authorized electronic file to the SIM card, and then receiving the identification parameters sent by the SIM card, wherein the identification parameters are generated by the SIM card based on the first identification information corresponding to the specified identification item associated with the file identification, so as to determine the second verification code based on the identification parameters, and match the second verification code with the third verification code in the specific seal data to determine whether the authorized electronic file is legal or not. And updating the first verification code in the initial seal data based on the first identification information corresponding to the appointed identification item, and generating specific seal data corresponding to the electronic file to be authorized. The method and the device realize the generation of unique seal data aiming at each electronic file to be authorized, and avoid centralized authorization. Thereby improving the use safety of the electronic seal.

Fig. 4 is a flow chart of another method for using an electronic seal according to an embodiment of the present application.

As shown in fig. 4, the method for using the electronic seal is executed by the SIM card, and includes the following steps:

step 401, receiving a use request of a target object for a target electronic seal sent by a terminal device, wherein the use request includes initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized.

The electronic document to be authorized may be an electronic contract or an electronic invoice waiting for signature authorization, which is not limited in this application.

Step 402, receiving a specified identification item sent by a terminal device.

In the application, the terminal device can analyze the initial seal data to obtain a personal identification item list contained in the initial seal data, and display the personal identification item list in the display interface. When any one or more identification items in the personal identification item list are detected to be selected, the selected identification item can be determined to be a designated identification item, and the designated identification item is sent to the SIM card. Therefore, the SIM card can receive the appointed identification item sent by the terminal equipment.

Step 403, updating the first check code in the initial seal data based on the first identification information corresponding to the specified identification item, and generating the specific seal data.

In the application, the SIM card can collect and store the first identification information in advance. Thereafter, first identification information corresponding to the specified identification item may be queried for. Then, each piece of first identification information can be processed by using a preset function to generate a second verification code, and the second verification code is used for replacing the first verification code in the initial seal data to generate specific seal data.

Optionally, a random factor may be generated, and the first identification information and the random factor are processed by using a preset function to generate a second verification code, so that the second verification code is used to replace the first verification code in the initial seal data, and specific seal data is generated. Thereby improving the randomness of the specific seal data and the use safety of the electronic seal. In addition, the random factor can be configured in the specific seal data or stored in association with the file identifier, so that the authorized electronic file can be checked by acquiring the random factor later.

In addition, a plurality of preset functions may be preset. And then when the second verification code is generated, one of a plurality of preset functions can be randomly selected to process each piece of first identification information. And setting the function identification of the selected one preset function in specific seal data or storing the function identification and the file identification in a correlated way so as to facilitate the subsequent generation of identification parameters based on the selected one preset function to verify the authorized electronic file.

Optionally, on the basis of updating the first check code in the initial seal data based on the first identification information corresponding to the specified identification item, the personal identification item list in the initial seal data can be updated by using the specified identification item to generate the specific seal data.

And step 404, transmitting the specific seal data to the terminal equipment, and storing the specified identification item and the file identifier in an associated manner.

In the application, after generating the specific seal data, the SIM card may send the specific seal data to the terminal device. The terminal device can sign the electronic file to be authorized based on the specific seal data to obtain the electronic file to be authorized.

In addition, the SIM card stores the specified identification item in association with the file identity. So that the authorization electronic file can be checked based on the first identification information corresponding to the appointed identification item.

In the application, the SIM card receives a use request of a target object, which is sent by the terminal equipment, for the initial seal data of the target electronic seal and the file identifier of the electronic file to be authorized, and the initial seal data, which is sent by the terminal equipment, and after the identification item is specified, the first check code in the initial seal data can be updated based on the first identification information corresponding to the identification item to generate specific seal data, and then the specific seal data is sent to the terminal equipment and is stored in association with the identification item and the file identifier. The SIM card updates the first verification code in the initial seal data based on the first identification information corresponding to the appointed identification item, and specific seal data corresponding to the electronic file to be authorized is generated. The method and the device realize the generation of unique seal data aiming at each electronic file to be authorized, and avoid centralized authorization. Thereby improving the use safety of the electronic seal.

Fig. 5 is a flow chart of another method for using an electronic seal according to an embodiment of the present application.

As shown in fig. 5, the method for using the electronic seal is executed by the SIM card, and includes the following steps:

step 501, a use request of a target object for a target electronic seal sent by a terminal device is received, wherein the use request includes initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized.

Step 502, receiving a specified identification item sent by a terminal device.

Step 503, updating the first check code in the initial seal data based on the first identification information corresponding to the specified identification item, and generating the specific seal data.

And step 504, transmitting the specific seal data to the terminal equipment, and storing the specified identification item in association with the file identifier.

In this application, the specific implementation process of steps 501 to 504 may be referred to the detailed description of any embodiment of the present application, and will not be described herein again.

Step 505, determining a personal identification item list contained in the initial stamp data.

In the application, the SIM card can analyze the initial seal data to obtain a personal identification item list. Alternatively, a personal identification item list may be set in advance in the system. The personal identification item list is used for verifying the use permission of the target object for the target electronic seal. The identification items contained in the personal identification item list can be mobile phone numbers, base station information, identification card numbers, names, enterprise names, biological characteristics, reserved problems and the like.

Step 506, starting an acquisition program corresponding to each identification item in the personal identification item list, and acquiring second identification information corresponding to each identification item.

In the application, an acquisition program corresponding to each identification item can be preset in the SIM card. Therefore, the acquisition program corresponding to each identification item in the personal identification item list can be started to acquire the second identification information corresponding to each identification item.

And step 507, comparing the second identification information corresponding to each identification item with the first identification information to finish authority authentication of the target object for using the target electronic seal.

In the application, the second identification information and the first identification information corresponding to each identification item can be compared. And under the condition that the second identification information and the first identification information corresponding to each identification item are the same, determining that the target object has the authority to use the target electronic seal, and successfully authenticating the authority. And under the condition that the second identification information and the first identification information corresponding to any identification item are different, determining that the target object does not have the authority to use the target electronic seal, and failing to authenticate the authority.

And step 508, under the condition that the authority authentication is successful, signing the electronic file to be authorized by using a pre-generated private key to generate a digital signature, and transmitting the digital signature to the terminal equipment.

In the application, under the condition that authority authentication is successful, a pre-generated private key can be used for signing the electronic file to be authorized to generate a digital signature, and the digital signature is sent to the terminal equipment. Therefore, the terminal equipment can sign the electronic file to be authorized based on the digital signature and the specific seal data to generate the electronic file to be authorized. So as to prevent the contents of the authorized electronic file from being tampered, thereby improving the use security of the electronic seal.

In the application, under the condition that the authority authentication of using the target electronic seal on the target object is successful, the SIM card signs the electronic file to be authorized by using the private key to generate a digital signature, and sends the digital signature to the terminal equipment. The terminal equipment can sign the electronic file to be authorized based on the digital signature and the specific seal data to generate the electronic file to be authorized so as to prevent the contents of the electronic file to be authorized from being tampered. Thereby improving the use safety of the electronic seal.

Fig. 6 is a flow chart of another method for using an electronic seal according to an embodiment of the present application.

As shown in fig. 6, the method for using the electronic seal is performed by a SIM card, and includes the following steps:

step 601, in response to receiving a request for making a target electronic seal sent by a terminal device, starting an acquisition program corresponding to each identification item in a preset personal identification item list, and obtaining first identification information corresponding to each identification item, wherein the request for making includes seal image data and attribute information.

The seal image data comprises an image type, image data, an image width and an image height. The stamp attribute includes stamp type, stamp name, stamp maker certificate type, stamp maker certificate list, production time, valid start time, valid expiration time, etc.

In the application, the target object can set seal image data and attribute information in the client, and then can trigger the seal making control in the client interface. After the client monitors that the seal making control is triggered, a making request can be generated based on seal image data and attribute information, and the making request is sent to the SIM card.

After receiving a request for making a target electronic seal sent by a terminal device, the SIM card can start an acquisition program corresponding to each identification item in a preset personal identification item list to acquire first identification information corresponding to each identification item. And storing the first identification information association corresponding to each identification item in the system.

Step 602, processing each piece of first identification information by using a preset function to generate a first verification code.

In this application, the detailed description of generating the first verification code may refer to the detailed description of generating the second verification code in this application, which is not described herein again.

And 603, generating initial seal data based on the first verification code, the seal image data and the attribute information, and transmitting the initial seal data to the terminal equipment.

In the application, based on the first verification code, the seal image data and the attribute information, initial seal data can be generated according to a preset seal data format, and the initial seal data is sent to the terminal device.

Optionally, the SIM card may further send the initial seal data to the server, where the server generates metadata information and an SRL link, and after the initial seal data is supplemented based on the metadata information and the SRL link, the SIM card sends the supplemented initial seal data to the terminal device. In the subsequent verification process of the authorized electronic file, the terminal equipment performs preliminary verification on the validity of the specific seal data based on the metadata information, and then verifies the third verification code in the specific seal data, so that the verification efficiency is improved.

The metadata information comprises a seal head, a seal mark, a seal maker certificate, an algorithm mark and a signature value. The signature value is generated by encrypting the seal head, the seal mark, the seal attribute, the seal image data and the custom data by using a seal maker private key at the server side. The algorithm identifier is any information such as the number, the name and the like of the algorithm for uniquely determining the encryption algorithm, and the corresponding encryption algorithm is the encryption algorithm for generating the signature value. The stamp head includes a head identifier, a stamp version number, a manufacturer identifier, etc. The stamp mark may be any information such as a stamp number that can be used to uniquely determine stamp data. The seal maker certificate corresponds to the seal maker private key and is used for decrypting the data encrypted by the seal maker private key.

Step 604, receiving a use request of a target object for the target electronic seal sent by the terminal device, wherein the use request contains initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized.

Step 605, receiving a specified identification item sent by the terminal device.

Step 606, updating the first check code in the initial seal data based on the first identification information corresponding to the specified identification item, and generating the specific seal data.

Step 607, transmitting the specific seal data to the terminal device, and storing the specified identification item and the file identification in association.

For a specific implementation procedure of step 604 to step 607, reference may be made to the detailed description of any embodiment of the present application, which is not described herein.

In the method, the SIM card updates the first verification code in the initial seal data based on the first identification information corresponding to the appointed identification item, and generates specific seal data corresponding to the electronic file to be authorized. The method and the device realize the generation of unique seal data aiming at each electronic file to be authorized, and avoid centralized authorization. Thereby improving the use safety of the electronic seal.

In order to achieve the above embodiment, the present application further provides a device for using the electronic seal.

Fig. 7 is a schematic structural diagram of a device for using an electronic seal according to an embodiment of the present application.

As shown in fig. 7, the device for using an electronic seal is applied to a terminal device and includes a transceiver module 710, a selection module 720, and a signature module 730.

The transceiver module 710 is configured to sign an electronic file to be authorized by using the target electronic seal in response to a request of a target object, and send a use request to the SIM card, where the use request includes initial seal data of the target electronic seal and a file identifier of the electronic file to be authorized;

the selecting module 720 is configured to send the selected specified identification item in the personal identification item list included in the initial stamp data to the SIM card;

and the signing module 730 is configured to receive specific seal data of the target electronic seal sent by the SIM card, and sign the electronic file to be authorized based on the specific seal data to generate an authorized electronic file, where the specific seal data is generated by updating a first verification code in the initial seal data by the SIM card based on first identification information corresponding to the specified identification item, and the SIM card stores a file identifier in association with the specified identification item.

Further, in a possible implementation manner of the embodiment of the present application, the device further includes a verification module, configured to:

Responding to the request verification of the authorized electronic file, and sending a verification request to the SIM card, wherein the verification request contains a file identifier of the authorized electronic file;

receiving identification parameters sent by the SIM card, wherein the identification parameters are generated by the SIM card based on first identification information corresponding to a specified identification item associated with a file identifier;

and determining a second verification code based on the identification parameters, and matching the second verification code with a third verification code in the specific seal data to determine whether the authorized electronic file is legal or not.

Further, in a possible implementation manner of the embodiment of the present application, the usage request further includes an electronic file to be authorized, and the signature module 730 is configured to:

signing the electronic file to be authorized based on the specific seal data and the digital signature to generate the electronic file to be authorized, wherein the digital signature is generated by signing the electronic file to be authorized by using a pre-generated private key after the SIM card successfully authenticates the authority of using the target electronic seal to the target object based on the second identification information input by the target object.

It should be noted that the foregoing explanation of the embodiment of the method for using an electronic signature performed by a terminal device is also applicable to the apparatus for using an electronic signature of this embodiment, and will not be repeated herein.

Fig. 8 is a schematic structural diagram of a device for using an electronic seal according to an embodiment of the present application.

As shown in fig. 8, the device for using the electronic seal is applied to a SIM card and includes a transceiver module 810, a generating module 820 and a storage module 830.

The transceiver module 810 is configured to receive a use request for a target electronic seal from a target object sent by a terminal device, where the use request includes initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized;

the transceiver module 810 is configured to receive a specified identification item sent by a terminal device;

a generating module 820, configured to update a first check code in the initial seal data based on the first identification information corresponding to the specified identification item, and generate specific seal data;

and the storage module 830 is configured to send the specific seal data to the terminal device, and store the specified identification item in association with the file identifier.

Further, in one possible implementation manner of the embodiment of the present application, the generating module 820 is configured to:

processing each piece of first identification information by using a preset function to generate a second verification code;

and replacing the first verification code in the initial seal data by the second verification code to generate specific seal data.

Further, in one possible implementation manner of the embodiment of the present application, the generating module 820 includes:

generating a random factor;

and processing each piece of first identification information and the random factor by using a preset function to generate a second verification code.

Further, in a possible implementation manner of the embodiment of the present application, the device further includes a permission authentication module, configured to:

determining a personal identification item list contained in the initial seal data;

starting an acquisition program corresponding to each identification item in the personal identification item list, and acquiring second identification information corresponding to each identification item;

comparing the second identification information corresponding to each identification item with the first identification information to finish authority authentication of the target object for using the target electronic seal;

and under the condition that the authority authentication is passed, signing the electronic file to be authorized by using a pre-generated private key to generate a digital signature, and transmitting the digital signature to the terminal equipment.

Further, in one possible implementation manner of the embodiment of the present application, the method further includes a manufacturing module, configured to:

responding to a manufacturing request of a target electronic seal sent by a terminal device, starting a collection program corresponding to each identification item in a preset personal identification item list, and obtaining first identification information corresponding to each identification item, wherein the manufacturing request comprises seal image data and attribute information;

processing each piece of first identification information by using a preset function to generate a first verification code;

Generating initial seal data based on the first verification code, seal image data and attribute information, and sending the initial seal data to the terminal equipment.

Further, in a possible implementation of the embodiment of the present application, the initial stamp data further includes an SRL link, and the SRL is used to check whether the target electronic stamp is revoked.

It should be noted that the foregoing explanation of the embodiment of the method for using an electronic seal executed by a SIM card is also applicable to the device for using an electronic seal of this embodiment, and will not be repeated here.

In order to achieve the above embodiments, the present application further proposes an electronic device including: a processor, a memory communicatively coupled to the processor; the memory stores computer-executable instructions; the processor executes the computer-executable instructions stored in the memory to implement the methods provided by the previous embodiments.

In order to implement the above embodiment, the present application further proposes a computer-readable storage medium, in which computer-executable instructions are stored, which when executed by a processor are configured to implement the method provided in the foregoing embodiment.

In order to implement the above embodiments, the present application also proposes a computer program product comprising a computer program which, when executed by a processor, implements the method provided by the above embodiments.

The processes of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the personal information of the user related in the application all accord with the regulations of related laws and regulations, and do not violate the popular public order.

It should be noted that personal information from users should be collected for legitimate and reasonable uses and not shared or sold outside of these legitimate uses. In addition, such collection/sharing should be performed after receiving user informed consent, including but not limited to informing the user to read user agreements/user notifications and signing agreements/authorizations including authorization-related user information before the user uses the functionality. In addition, any necessary steps are taken to safeguard and ensure access to such personal information data and to ensure that other persons having access to the personal information data adhere to their privacy policies and procedures.

The present application contemplates embodiments that may provide a user with selective prevention of use or access to personal information data. That is, the present application contemplates that hardware and/or software may be provided to prevent or block access to such personal information data. Once personal information data is no longer needed, risk can be minimized by limiting data collection and deleting data. In addition, personal identification is removed from such personal information, as applicable, to protect the privacy of the user.

In the foregoing descriptions of embodiments, descriptions of the terms "one embodiment," "some embodiments," "example," "particular example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.

Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "plurality" is at least two, such as two, three, etc., unless explicitly defined otherwise.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and additional implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.

Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium may even be paper or other suitable medium upon which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.

It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. As with the other embodiments, if implemented in hardware, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.

Those of ordinary skill in the art will appreciate that all or part of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, and the program may be stored in a computer readable storage medium, where the program when executed includes one or a combination of the steps of the method embodiments.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented as software functional modules and sold or used as a stand-alone product.

The above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, or the like. Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.

Claims

1. A method of using an electronic seal, performed by a terminal device, comprising:

signing an electronic file to be authorized by using a target electronic seal in response to a target object request, and sending a use request to a SIM card, wherein the use request comprises initial seal data of the target electronic seal and a file identifier of the electronic file to be authorized;

receiving specific seal data of the target electronic seal sent by the SIM card, signing the electronic file to be authorized based on the specific seal data, and generating an authorized electronic file, wherein the specific seal data is generated by updating a first verification code in the initial seal data by the SIM card based on first identification information corresponding to the specified identification item, and the SIM card stores the file identification and the specified identification item in an associated mode.

2. The method as recited in claim 1, further comprising:

responding to the request verification of the authorized electronic file, and sending a verification request to the SIM card, wherein the verification request comprises a file identifier of the authorized electronic file;

receiving an identification parameter sent by the SIM card, wherein the identification parameter is generated by the SIM card based on first identification information corresponding to a specified identification item associated with the file identification;

and determining a second verification code based on the identification parameters, matching the second verification code with a third verification code in the specific seal data, and determining whether the authorized electronic file is legal or not.

3. The method of claim 1, wherein the request to use further includes the electronic document to be authorized, the signing the electronic document to be authorized based on the particular stamp data, generating an authorized electronic document comprising:

and signing the electronic file to be authorized based on the specific seal data and the digital signature to generate the electronic file to be authorized, wherein the digital signature is generated by signing the electronic file to be authorized by using a pre-generated private key after the SIM card successfully authenticates the authority of the target object using the target electronic seal based on the second identification information input by the target object.

4. A method of using an electronic seal, performed by a SIM card, comprising:

receiving a designated identification item sent by terminal equipment;

and sending the specific seal data to terminal equipment, and storing the specified identification item and the file identifier in an associated mode.

5. The method of claim 4, wherein updating the first check code in the initial stamp data based on the first identification information corresponding to the specified identification item, and generating the specific stamp data, comprises:

6. The method of claim 5, wherein the processing each of the first identification information using a predetermined function to generate a second verification code comprises:

Generating a random factor;

7. The method as recited in claim 4, further comprising:

comparing the second identification information corresponding to each identification item with the first identification information to finish authority authentication of the target object using the target electronic seal;

8. The method as recited in claim 4, further comprising:

generating initial seal data based on the first verification code, the seal image data and the attribute information, and sending the initial seal data to terminal equipment.

9. The method of any of claims 4-8, wherein the initial stamp data further includes an SRL link, the SRL link being used to query whether the target electronic stamp is to be revoked.

10. A device for using an electronic seal, applied to a terminal device, the device comprising:

the receiving and transmitting module is used for signing the electronic file to be authorized by using the target electronic seal in response to the target object request and transmitting a use request to the SIM card, wherein the use request comprises initial seal data of the target electronic seal and a file identifier of the electronic file to be authorized;

the selection module is used for sending the appointed identification items selected from the personal identification item list contained in the initial seal data to the SIM card;

and the signature module is used for receiving specific seal data of the target electronic seal sent by the SIM card, signing the electronic file to be authorized based on the specific seal data, and generating an authorized electronic file, wherein the specific seal data is generated by updating a first verification code in the initial seal data by the SIM card based on first identification information corresponding to the specified identification item, and the SIM card stores the file identification and the specified identification item in an associated mode.

11. A device for using an electronic seal, applied to a SIM card, the device comprising:

the receiving and transmitting module is used for receiving a use request of a target object for a target electronic seal sent by the terminal equipment, wherein the use request comprises initial seal data of the target electronic seal and a file identifier of an electronic file to be authorized;

and the storage module is used for sending the specific seal data to terminal equipment and storing the specified identification item and the file identifier in an associated mode.

12. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;

the memory stores computer-executable instructions;

the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1-3 or to implement the method of any one of claims 4-9.

13. A computer readable storage medium having stored therein computer executable instructions for implementing the method of any of claims 1-3 or for implementing the method of any of claims 4-9 when executed by a processor.

14. A computer program product comprising a computer program which, when executed by a processor, implements the method of any of claims 1-3 or implements the method of any of claims 4-9.