Digital seal technology
In order to identify the authenticity of documents or letters, the traditional practice is that the relevant personnel are signature or seal on document or letter. They play a role of certification, approval, and effective. General seal can meet the following five principles:
(1) The seal can be confirmed. That is, when there is your seal on the file, others are confident that this file is issued by you;
(2) The seal is unable to fake, that is, the seal is the certificate of the stamp;
(3) The seal cannot be reused, that is, anyone can't use the seal elsewhere to move the file;
(4) After the file is sealed, it cannot be tampered;
(5) The seal has undisurable, that is, the stamped person cannot deny that it is a stamp act on the file.
In fact, these few will be 100% satisfied. Handwritten signatures and seals can be fake, can be moved from one file to another, and the files after the seal can also be tampered with. We can hopes that the implementation of these cheating means is difficult, and it is easy to find. However, the actual situation is that the copy of the signature of the handwritten sign has also had a certain difficulty. The seal of the seal has become a primary school student can easily complete. In response to a large number of domestic accustomed to confirming the use of file authenticity, how to prevent the stamp for fake is a huge real issue.
At present, various management and restrictions on the seal, and the use of various management and restrictions are all methods of being. The only possible way in the future is to take "Digital Signature" technology.
digital signature
¨ concept
Before the digital signature technology appeared, a "digital signature" technology has appeared, simply, is the signature on the table, and then transfer the image to the electronic document, this "digitized signature" can be cut, then paste To arbitrary documents, such illegal replication becomes very easy, so this signature is unsafe. Digital signature technology and digital signature technology are two distinct security technologies, digital signatures are not related to the user's name and handwriting form, which actually uses information on the information sent by the information sender's private key transformation. For different document information, the sender's digital signature is not the same. No private key, anyone cannot complete illegal copying. In this sense, "Digital Signature" is to process the packet to be transmitted by a one-way function to authenticate the source of the message and verify whether the message is changed.
When the technique is actually operating, the sender first applies mathematical transformations, the resulting information is unique to the original information; the recipient is inversely converted to obtain the original information. As long as the mathematical transformation method is excellent, the transformed information has strong security in the transmission, it is difficult to decipher, tamper. This process is called encryption, and the corresponding reverse transformation process is referred to as decryption.
There are now two different types of encryption techniques, one is symmetric encryption, both parties have a shared key, only can be used in the case of both sides know the key, usually in an isolated environment, such as using ATM When the user needs to enter a user identification number (PIN), after the bank confirms this number, the two sides conduct transactions on the basis of the password. If the number of users is too large, this mechanism does not exceed the scope of management. reliable.
The other is asymmetric encryption, also known as the public key encryption, the key is a key pair composed of the public key and the private key, encrypts with a private key, and can decrypt the public key, but due to the public The key is unable to calculate the private key, so the public key does not damage the security of the private key, the public key does not need to be kept secret, can be disclosed, and the private key must be kept confidential, and the Identification Center and the database are required. Features
As the name suggests, with "handwritten signature", digital signatures also have the five major characteristics described above, can solve problems such as denial, forgery, tampering, and pretending. The specific implementation requirements are: the sender cannot deny the transmitted packet signature, the recipient can verify the message signature sent by the sender, the recipient cannot fake the sender's packet signature, the recipient cannot perform the sender's packet Partial tampering, a user in the network cannot pretend that another user is used as a sender or receiver.
Therefore, the application range of digital signatures is wide. It is a breakthrough in ensuring the security of electronic data exchange (EDI). Any of the cases that need to be judged to the user can use digital signatures, such as encryption letters, business letters. , Order purchase system, remote financial transaction, automatic mode processing, etc.
The introduction of digital signatures will inevitably bring some new issues, need to be further resolved, and digital signatures require support for relevant legal provisions.
(1) The legislature is required to have enough attention to digital signature technology, and accelerate footsteps in legislation, quickly develop relevant laws to fully realize special differential roles with digital signatures, and effectively promote e-commerce and other online transactions.
(2) If the sender's information has been digitally signed, then the receiver must have a digital signature software, which requires software to have high popularity.
(3) Assuming that someone sends information, it will be separated from a certain organization, which is canceled with the original digital signature, and the digital signature sent in the past can only find the original confirmation information in the cancel confirmation list, which needs to be identified. The center combines time information for identification.
(4) Infrastructure (Identification Center, Online Access Database, etc.) is the use of public funds or charge users during use? If the fee is charged during the use, will it affect the comprehensive promotion of this technology?
¨
There are many ways to implement digital signatures, and there are currently more non-symmetric encryption techniques and symmetric encryption techniques. Although these two technical implementation steps are not the same, the general work program is the same. Users can first download or purchase digital signature software, and then install it on your computer. After generating a key, the software automatically transmits the public key to the outside. Since the storage needs of the public key, an identification center (CA) is required to complete the personal information and its key determination. The Identification Center is a third party member involved in management to ensure the safety and centralized management of information. When the user gets the public key, first request a digital confirmation to the identification center, after the identification center confirms the user's identity, send a digital confirmation, and the identification center sends a confirmation information to the database. The user then uses the private key to sign the transmitted information, guarantee the integrity of the information, and make the sender unable to deny the transmission of information, then send the recipient; after receiving the information, use the public key to confirm the number Signature, enter the database to check the status and credibility of the user confirmation information; the last database returns the user to confirm status information to the recipient. However, when using this technology, the signature must pay attention to protect the private key because it is an important basis for the security of public key system. If the key is lost, the Identification Center should be reported immediately to include it in the confirmation cancel list. Second, the Identification Center must be able to quickly confirm the relationship between the user's identity and its key. Once the user request is received, the Identification Center should immediately authenticate the security of the information and return information. At present, my country's digital signatures have not reached the point of "people", at least I haven't used this to life, who is using digital signatures when using digital signatures? Or have you heard of the famous PGP?
However, it is foreseen that with the gradual penetration of people's lives, the popularity of digital signatures is late or later, especially for business, all of the business needs to be manually signed, and the places where you can use digital signatures. And many places you have to use, such as electronic data exchange EDI, the US government uses EDI to shop and provide services, in which case handwritten signature is not
The United States has passed the digital signature law in 2000. my country is drafting the digital signature bill, which can say that the digital signature in our country is its current look in the United States. At present, the security of the 1024-bit RSA algorithm has been high enough. As of any organization, no organization, claims to be able to crack the length of the length.
Digital signature in the seal
Although "Digital Signing Technology" in the digital world has already had enough security, cracking a 512-bit length key estimate to take out 100 Dr.'s brain, but the ordinary seal is not such a thing. . Anyone who has a hand, it seems to be a radish, engraving the seal of the model model (I don't know if you have tried it?), As the big scorpion visible in Zhongguancun Street is known.
At present, there are various ways to prevent seal forgery. For example, in the seal design: change certain features of the standard font; or add a random point, a mesh, on the ring, random or press the position of the needle point in the dial. Encoding; or add integrated or split invisible code, barcode, hardware, and even fingerprints, photos with graphic passwords, and more. In terms of printing and printing, fluorescent anti-counterfeiting printing is used.
But saying that old truth, these measures can only be seen as the new clothes of the emperor, and they have got a gentleman. At present, the prevention of the preserved pseudo, the competent department seems to be a handless, nothing to do, doing a surface article, engraving a general chapter, also need engraving people, advise you to go to the Public Security Bureau to report.
In this case, then a natural idea is that we can actually apply "digital signature" to the ordinary seal, that is, the implementation of the "digital seal", its principle is to use numerical signature unavailability to ensure Security technology security. The implementation of the "Digital Seal" can overcome the current digital signature technology can only be applied to electronic files, and there is no disadvantage of ordinary documents. In the case where e-commerce is not popular, most formal documents and protocols still require physical properties, which makes digital signatures have received great restrictions. A viable solution is to use digital watermarking techniques to seamlessly integrate digital signatures into the Digital Seal, so that "digital signature" is above files in digital or paper forms.
Then the problem is how to ensure that the digital signature information can be complete in image distortion, document printing, scanning, and transmission, in other words, how to make the applied digital watermarking algorithm has high robustness ( Robustness is a strong meaning). In principle, if the technical route is feasible, then today I can implement the documentation of printing and fax in the "Digital Signing Act", we can have legal effects as the source (so-called red head file).
From this, the digital signature in the seal guarantees the safety of traditional seals.
It's so much, it is, it is a throwing brick, and a statement.
Hunnish
A bare code http://www.assuredigit.com
