SunlightStamp signature cloud SaaS applications is proprietary PKI products. Its internal implementation based on digital signature technology to support state secret algorithm, using chain blocks distributed storage technology, dual channel signature encryption technology for the network in an office environment for electronic document content integrity check to ensure the signing of the document behavior the non-repudiation.
SunlightStamp official signature client supports Word, Excel, PDF, Web of four commonly used electronic document format, easy to install and easy to use. While the SaaS-based cloud service interface provided by a third-party APP can support the application of various electronic contracts, electronic instruments, OA office and so on.
SunlightStamp signature Cloud SaaS application architecture
A key technology: digital signature technology . Digital signature technology is gradually built up in the PKI architecture process of continuous improvement, the information security is a systems engineering has many functional requirements, information systems should protect the confidentiality, integrity and non-repudiation and other features, the digital signature technology is one guarantee information integrity and non-repudiation of the most effective techniques.
Signatories agreed to use digest algorithm to obtain the electronic document to be signed digest value, and then use your own private key signature to the signature digest value, the digest value after the signature as a signature part attached to the original document, sent to the verifier together .
In the PKI system, digital certificate authority provides a powerful guarantee for the public key system. Digital certificate is an authoritative electronic document, identity card similar function in real life. In public-key system, the media as a key management, digital certificates to prove the identity of a body and the legality of its public key. Trusted digital certificates issued by the agency usually the certificate authority, known as CA center will user's personal information with the user's public key information bundled together and then signed by the CA's signature to authenticate the legitimacy of the certificate . Digital certificates mainly include: personal information about the certificate holder, the certificate holder's public key certificate issued is valid, the CA issues digital certificates and other information and a list of signatures to the algorithm.
关键技术二:数字水印技术。数字水印技术是指用信号处理的方法在数字化的多媒体数据中嵌入隐蔽的标记,这种标记通常是不可见的,只有通过专用的检测方法才能提取。从技术上讲,目前的数字水印软件可以分成两类:时域水印软件和变换域水印软件。
所谓时域数字水印是指将通过密钥产生的随机序列直接加入声音、图像或视频信号中作为水印。由于嵌入信号的能量很低,所以不会被人的视觉和听觉所察觉。时空域数字水印技术的特点是隐藏的数据量大,而且可以根据信号的局部特性进行自适应,还具有易碎性,信号的有损操作都可以破坏水印。
变换域水印软件首先将原始的图像或声音信号进行DCT或小波变换,在变换域上嵌入水印信息,然后经反变换输出。在检测水印时,也要首先对信号作相应的数学变换,然后通过相关运算检测水印。DCT变换域上的数字水印具有很强的鲁棒性,可以抗各种信号变形。由于JPEG、MPEG等数据压缩方法也是在DCT变换域上操作的,所以DCT变换域数字水印具有与生俱来的抗有损压缩能力。不过,DCT变换域水印方法不能作到对图像、声音等信号内容的自适应,因此往往会造成对图像亮度等特征的明显损害。小波变换域上的数字水印方法兼具时空域方法和DCT变换域方法的优点,是一种既有自适应功能,又有鲁棒性的技术,其缺点是计算量大。
关键技术三:区块链技术。基于区块链的签章数据存储。传统的电子印章签章及其管理系统均是数据中心化的集中化存储,每个节点的认证,均需要中心端的许可,每次用印记录必须实时上传中心,这种模式天然存在弊端。利用区块链去中心化、信息不可伪造、不可篡改的技术特点,打造更安全、更方便的电子签章模式。
基于区块链的签章数据验证。传统签章所有密码运算使用智能卡系统内置的相关算法实现。区块链电子签章系统的签名运算可以使用签章联盟链内置的相关算法实现,签名运算完全在联盟链全节点内完成,不会泄漏到主机内存或其他设备中。
基于区块链的签章数据共享。利用SunlightDB区块链数据库技术,将数据同步传送给司法鉴定中心、公证处,保全中心、合同双方等,多方共同组织形成一条签章联盟链,同时在线出具司法鉴定证书、公证书。当债务人未履行合同义务时,可凭公证机构签发的执行证书,直接向人民法院申请强制执行。
签章架构演示视频
