1. Technical Field
Embodiments of the present disclosure relate to signature technology, and particularly to a system and method for signing an electronic document.
2. Description of Related Art
“Signature” is a very important work in an enterprise. Many documents (such as contracts or orders) need to be signed by a leader. For example, a purchase order will not to be performed if the purchase order is not authorized and signed by the leader. However, currently, a single application server is used to process signatures on electronic documents. If many electronic documents need to be signed, the single application server would spend much time to sign the electronic documents. Thus, it is time-consuming and inefficiently to process signatures on multiple electronic documents.
All of the processes described below may be embodied in, and fully automated by, functional code modules executed by one or more general purpose computers or processors. The code modules may be stored in any type of readable medium or other storage device. Some or all of the methods may alternatively be embodied in specialized hardware. Depending on the embodiment, the readable medium may be a hard disk drive, a compact disc, a digital video disc, or a tape drive.
In some embodiments, each of the client computers 10 electronically connects to the entry server 20 through a network 40. Each of the application server 30 electronically connects to the entry server 20 through the network 40. The client computer 10 stores electronic documents to be signed and a corresponding identifier. The client computer 10 further stores a digital certificate of a signer, the digital certificates are issued by an authorized third-party organization. In some embodiments, the digital certificate may include, but are not limited to, a public key, a private key, or signer information, for example. The public key is used to verify the identity of the signer when the signer receives the digital signature. The private key is kept secret and is used for the digital signature. The network 40 may be an intranet, the Internet or other suitable communication networks. The entry server 20 and the application servers 30 may be computers, or other suitable computing devices. Each of the application servers 30 has a corresponding serial number, such as “1,” “2,” “3,” “4,” and “5.”
The entry server 20 includes an assignment module 200, a storage system 201, and a processor 202. In some embodiments, the module 200 may comprise computerized code in the form of one or more programs that are stored in the second storage system 201 (or memory). The computerized code includes instructions that are executed by the at least one processor 202 to provide functions for modules 200.
The application server 30 includes a generation module 300, a merger module 301, a third storage system 302, and a processor 303. In some embodiments, the modules 300 and 301 may comprise computerized code in the form of one or more programs that are stored in the third storage system 302 (or memory). The computerized code includes instructions that are executed by the at least one processor 303 to provide functions for modules 300 and 301.
The request module 100 sends a digital signature request of an electronic document in the first storage system 102 to the entry server 20. In some embodiments, the digital signature request may include the electronic document and the corresponding identifier of the electronic document.
The assignment module 200 calculates an assignment value of the electronic document, and sends the electronic document to a corresponding application server 30 according to the assignment value. Firstly, the assignment module 200 calculates a hash value of the identifier of the electronic document according to a hash algorithm. The hash algorithm transforms the electronic document into a fixed-length character string, to shorten the length of the digital signature. The fixed-length character string may be 128 bit, 160 bit, 256 bit, and 512 bit. Secondly, the assignment module 200 obtains a total number of the application servers 30 from the second storage system 201. The assignment value can be calculated according to the hash value of the identifier of the electronic documents and the total number of the application servers 30 using a complementation algorithm by the assignment module 200. Finally, the assignment module 200 sends the electronic document to the application server 30 according to the assignment value.
For example, the hash value of the identifier of the electronic document is “100,” and the total number of the application servers 30 is “8.” The assignment module 200 calculates the assignment value “4” according to “100” and “8” using the complementation algorithm. In this particular example, 100 divide by 8=A, and has a remainder (i.e., the assignment value) of 4. The assignment module 200 sends the electronic document to the application server 30 having a serial number of “4.”
Upon receiving the electronic document from the entry server 20, the generation module 300 generates a hash value of the electronic document according to the hash algorithm, and sends the hash value of the electronic document to the client computer 10. The hash value of the electronic document is a numerical representation of content of the electronic document according to the hash algorithm. In some embodiments, the hash algorithm may be a secure hash algorithm 1 (SHA1).
Upon receiving the hash value of the electronic document from the application server 30, the encryption module 101 encrypts the hash value of the electronic document to generate a signed value, and sends the signed value to the entry server 20. In some embodiments, the encryption module 101 encrypts the hash value of the electronic document with the private key using a public key cryptogram algorithm to generate the signed value. For example, the public key cryptogram algorithm may be Ron Rivest, Adi Shamir, and Len Adleman (RSA). The public key cryptogram algorithm is also known as an asymmetry algorithm to encrypt and decrypt electronic documents with different keys (the public key and the private key).
Upon receiving the signed value from the client computer 10, the assignment module 200 sends the signed value to the application server 30 determined by the assignment value. For example, if the assignment value is “4,” the assignment module 200 sends the electronic document to the application server 30 having the serial number of “4.”
In some embodiments, upon receiving the signed value from the entry server 20, the merger module 301 merges the signed value and the electronic document according to a Cryptographic Message Syntax Standard (e.g., PKCS#7) to generate a digitally-signed electronic document. The PKCS refers to a group of Public Key Cryptography Standards.
In block S10, the request module 100 of the client computer 10 sends a digital signature request of an electronic document in the first storage system 102 to the entry server 20. The digital signature request may include the electronic document and an identifier of the electronic document.
In block S11, the assignment module 200 of the entry server 20 calculates an assignment value of the electronic document, and sends the electronic document to a corresponding application server 30 according to the assignment value.
In block S12, the generation module 300 of the application server 30 generates a hash value of the electronic document according to the hash algorithm, and sends the hash value of the electronic document to the client computer 10.
In block S13, the encryption module 101 of the client computer 10 encrypts the hash value of the electronic document to generate a signed value, and sends the signed value to the entry server 20. The encryption module 101 encrypts the hash value of the electronic document with the private key using a public key cryptogram algorithm such as a RSA algorithm to generate the signed value.
In block S14, the assignment 200 of the entry server 20 sends the signed value to the application server 30 corresponding to the assignment value.
In block S15, the merger module 301 of the application server 30 merges the signed value and the electronic document according to a PKCS#7 to generate a digitally-signed electronic document.
It should be emphasized that the above-described embodiments of the present disclosure, particularly, any embodiments, are merely possible examples of implementations, merely set forth for a clear understanding of the principles of the disclosure. Many variations and modifications may be made to the above-described embodiment(s) of the disclosure without departing substantially from the spirit and principles of the disclosure. All such modifications and variations are intended to be included herein within the scope of this disclosure and the present disclosure and protected by the following claims.
Number | Date | Country | Kind |
---|---|---|---|
200910312945.6 | Dec 2009 | CN | national |