Electronic signature associated file trust and efficient file set verification method

By constructing a file relationship graph and using Bloom filters and Bloom trees, the problem of ineffective management and verification of associated files in existing electronic signature systems is solved, achieving efficient verification of electronic signature file sets and the integrity of the trust chain.

CN121902218BActive Publication Date: 2026-06-19UNIV OF SCI & TECH OF CHINA

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
UNIV OF SCI & TECH OF CHINA
Filing Date
2026-03-26
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing electronic signature systems cannot effectively manage and verify associated documents, cannot meet the verification requirements of subsequent documents on preceding documents, and cannot verify the relationship between documents.

Method used

By constructing a file association graph and directed file dependencies, a signature dictionary and Bloom filter are generated. Bloom trees are then used for efficient verification of file sets, ensuring the integrity of the file trust chain and the efficiency of verifying associated files.

Benefits of technology

It enables trusted verification of associated files for electronically signed documents, improving the efficiency and accuracy of file verification, reducing storage costs and time overhead, and ensuring efficient retrieval of file sets and storage of pre-verification results.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121902218B_ABST
    Figure CN121902218B_ABST
Patent Text Reader

Abstract

This invention discloses an efficient method for verifying trust in electronically signed documents and file sets, relating to the field of electronic signature technology. The method includes: acquiring standard electronically signed documents and constructing a file association graph based on the electronic signature business process, generating a file set and directed file dependencies; creating a signature dictionary and storing the acquired information of the preceding dependent standard electronically signed documents in the signature dictionary; sequentially verifying each standard electronically signed document in the file set, and determining the valid documents in the file trust chain based on the verification results and storing them in a Bloom filter; constructing a Bloom tree upwards using the Bloom filters of all file sets as leaf nodes, retrieving and verifying the documents to be verified in the file set to be verified, and obtaining the file set to be verified and the verification results of the documents to be verified. This invention enables efficient storage and retrieval of file pre-verification and verification results, improving file verification efficiency.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of electronic signature technology, and more specifically, to a method for efficient verification of electronic signature-associated document trust and document sets. Background Technology

[0002] With the rapid development of internet technology, traditional paper-based document signing methods have gradually revealed their limitations. Electronic signatures, as a digital tool, are now widely used. Existing electronically signed documents can support high-security verification through technologies such as digital certificates, digital signatures, and timestamps; at the same time, compared to paper documents, electronically signed documents can achieve more efficient archiving, evidence preservation, and traceability, meeting higher management requirements.

[0003] However, existing electronic signature systems are generally limited to signing and verifying single electronically signed documents, failing to effectively manage and verify related documents. Taking electronic signature scenarios in business processing as an example, some business transactions may involve multiple documents requiring signatures, with sequential relationships between them. Subsequent documents require verification of the validity of their preceding documents before processing and signing can proceed. When using electronic signatures, each document is typically signed separately, and document verification can only verify the signature of a single document. This makes it difficult to utilize document relationships and satisfy the verification requirements of subsequent documents regarding their preceding documents.

[0004] No effective solutions have yet been proposed to address the problems in the relevant technologies. Summary of the Invention

[0005] To address the problems in related technologies, this invention proposes an efficient method for verifying trust in electronic signature-associated documents and document sets, thereby overcoming the aforementioned technical issues in existing related technologies.

[0006] Therefore, the specific technical solution adopted by the present invention is as follows:

[0007] An efficient method for verifying trust in electronic signature-linked documents and document sets includes the following steps:

[0008] Obtain standard electronically signed documents and construct a document relationship diagram based on the electronic signature business process. Generate a file set and directed file dependencies based on the document relationship diagram.

[0009] A signature dictionary is created for standard electronic signature files based on the directed file dependency relationship, and the information of the previous level dependent standard electronic signature files is stored in the signature dictionary.

[0010] Based on the information stored in the file set and signature dictionary, each standard electronic signature file in the file set is verified sequentially to obtain the verification result. Based on the verification result, the valid files in the file trust chain are determined and stored in the Bloom filter.

[0011] A Bloom tree is constructed by using the Bloom filters of all file sets as leaf nodes. Based on the Bloom tree, the files to be verified in the file set to be verified are retrieved and verified to obtain the file set to be verified and the verification results of the files to be verified.

[0012] Furthermore, standard electronically signed documents are obtained, and a document relationship diagram is constructed based on the electronic signature business process. A file set and directed file dependencies are generated based on this diagram, including:

[0013] Standard electronically signed documents are used as points in a document relationship graph, and the dependencies between electronically signed documents are extracted based on the electronically signed business process.

[0014] The dependencies between electronically signed documents are used as directed edges in the file association graph to construct the file association graph;

[0015] Based on the file association diagram, several standard electronic signature files with dependencies on each other are integrated into a file set, and the directed file dependencies are stored in units of the file set.

[0016] Furthermore, the rules for determining dependencies in electronically signed documents are as follows:

[0017] In an electronic signature business process, if one standard electronic signature document business process is the next level process of another standard electronic signature document business process, and the two standard electronic signature documents have a trust association, then the two standard electronic signature documents have an electronic signature document dependency relationship.

[0018] Furthermore, the rule for determining the trust association between two standard electronic signature documents is as follows: when the preceding standard electronic signature document becomes invalid, all subsequent process standard electronic signature documents become invalid and need to be updated and re-signed based on the new preceding standard electronic signature document.

[0019] Furthermore, storing the acquired information from the preceding pre-existing standard electronic signature documents into the signature dictionary includes:

[0020] The information of the electronically signed document of the preceding pre-dependent standard includes the name, identifier, and digest of the electronically signed document of the preceding pre-dependent standard.

[0021] Based on the file association trust dependency relationship, obtain the name, identifier and digest of the previous level of the electronic signature document that the current electronic signature document depends on;

[0022] Store the name, identifier, and digest of the previous-level pre-dependent standard electronic signature file into an optional custom entry in the signature dictionary, and add file signatures to the signature dictionary.

[0023] Furthermore, based on the information stored in the file set and signature dictionary, each standard electronically signed file in the file set is verified sequentially to obtain verification results. Based on these results, valid files in the file trust chain are determined and stored in a Bloom filter, including:

[0024] Retrieve the stored file association information from the file collection, and obtain the verification information of all standard electronically signed files. Determine the file trust chain of the file collection based on the stored file association information.

[0025] The standard electronically signed files in the file set are verified sequentially using the verification information in the order of the file trust chain, and the previous dependent standard electronically signed files are verified recursively until the first standard electronically signed file in the file trust chain is reached, and the verification result is obtained.

[0026] Based on the verification results, obtain the name, identifier, and digest of the valid files in the file trust chain. Calculate the hash value based on the name, identifier, and digest of the valid files, map the hash value to the Bloom filter, and store all valid files in the file trust chain into the Bloom filter in sequence to generate a unique file set identifier.

[0027] Furthermore, the verification information includes: the standard electronic signature document digest, the standard electronic signature document signature data, and the digest data of the standard electronic signature document's previous predecessor dependent standard electronic signature document;

[0028] The verification process includes: verifying the signature of the standard electronically signed document, the digital certificate for the signature of the standard electronically signed document, and the digest of the previous-level pre-dependency standard electronically signed document associated with the trust dependency relationship of the standard electronically signed document.

[0029] Furthermore, a Bloom tree is constructed upwards from the Bloom filters of all file sets as leaf nodes. Based on the Bloom tree, the files to be verified in the file set to be verified are retrieved and verified, resulting in the file set to be verified and the verification results of the files to be verified, including:

[0030] The height of the Bloom tree is determined based on the number of all file sets, and the Bloom filter of each file set is used as a leaf node.

[0031] Based on the leaf node positions corresponding to the file set, the retrieval path from the internal node to the leaf node of the file set and the hash function corresponding to the path edge are determined. The hash value is calculated according to the hash function and stored in the Bloom filter of the internal node to construct a fully multi-branch Bloom tree.

[0032] The validity of the set of files to be verified is verified using a Bloom tree, and the verification results of the set of files to be verified are obtained. Based on the verification results of the set of files to be verified, the leaf nodes of the files to be verified are retrieved and queried. The verification results of the files to be verified are determined according to the query results.

[0033] Furthermore, a Bloom tree is used to validate the set of files to be validated, obtaining the validation results for the set of files to be validated. Based on the validation results of the set of files to be validated, leaf nodes of the files to be validated are retrieved and queried. The validation results of the files to be validated are determined based on the query results, including:

[0034] The search begins from the root node of the Bloom tree. At the current root node, each file in the set of files to be verified is used to calculate its hash value using each hash function in the set of hash functions. Based on the hash value calculation result, it is determined whether the file should be stored in the Bloom filter, and the storage determination result is obtained.

[0035] The validity of the file set to be verified is determined based on the storage judgment result, and the verification result of the file set to be verified is obtained. If the verification result of the file set to be verified is that the file set to be verified is valid, then the corresponding edge of the corresponding hash function is used to search its child nodes until the leaf node is found.

[0036] The file to be verified is queried in the Bloom filter of the leaf node. If the query result shows that the file to be verified exists, the verification result of the file to be verified is that the verification of the file to be verified is successful; otherwise, the verification result of the file to be verified is that the verification of the file to be verified is unsuccessful.

[0037] Furthermore, determining the validity of the set of files to be verified based on the storage judgment results includes:

[0038] If the hash value corresponding to one of the hash functions in the hash value calculation result is stored in the Bloom filter, then the set of files to be verified is deemed valid.

[0039] If the storage judgment result is that the hash values ​​corresponding to all hash functions in the hash value calculation result are not stored in the Bloom filter, then the set of files to be verified is determined to be invalid.

[0040] The beneficial effects of this invention are as follows:

[0041] 1. This invention verifies the association of documents by constructing the relationships between electronically signed documents as graph information and storing the directed dependency graph. The dependent files of the electronically signed documents are stored in their PDF file dictionary, recording the association information. The integrity of the association of preceding documents is verified based on the stored digest information, confirming whether the digest information of the preceding documents matches the stored digest information. This ensures that the preceding documents have not been tampered with based on the trusted content that subsequent documents depend on, guaranteeing the integrity of the trusted file chain.

[0042] 2. This invention achieves efficient file set retrieval through efficient verification of associated file chains, specifically based on Bloom filters and trusted third-party pre-verification. Pre-verification results are stored, and a Bloom tree is constructed to enable efficient file set retrieval. The invention efficiently retrieves the file chain information to be verified and searches the Bloom filter for the files to be verified, determining their validity. The efficient retrieval via Bloom filters reduces time overhead and storage costs, achieving efficient storage and retrieval of file pre-verification and verification results. Trusted pre-verification further enhances file verification efficiency. Attached Figure Description

[0043] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0044] Figure 1 This is a flowchart of an efficient verification method for electronic signature-associated document trust and document set verification according to an embodiment of the present invention;

[0045] Figure 2 This is a specific implementation flow of an electronic signature associated document trust and efficient document set verification method according to an embodiment of the present invention;

[0046] Figure 3 This is a storage structure diagram of a Bloom tree in an efficient verification method for electronic signature-associated file trust and file set according to an embodiment of the present invention. Detailed Implementation

[0047] To further illustrate the various embodiments, the present invention provides accompanying drawings, which are part of the disclosure of the present invention. These drawings are mainly used to illustrate the embodiments and can be used in conjunction with the relevant descriptions in the specification to explain the operating principles of the embodiments. With reference to these drawings, those skilled in the art should be able to understand other possible implementation methods and the advantages of the present invention.

[0048] According to embodiments of the present invention, an efficient method for verifying the trust of electronic signature-associated documents and document sets is provided.

[0049] The present invention will now be further described in conjunction with the accompanying drawings and specific embodiments, such as... Figure 1 As shown, the method for efficient verification of electronic signature-associated document trust and document sets according to an embodiment of the present invention includes the following steps:

[0050] Obtain standard electronically signed documents and construct a document relationship diagram based on the electronic signature business process. Generate a file set and directed file dependencies based on the document relationship diagram.

[0051] Specifically, standard electronically signed documents are obtained, and a document relationship diagram is constructed based on the electronic signature business process. Based on this diagram, a file set and directed file dependencies are generated, including:

[0052] Standard electronically signed documents are used as points in a document relationship graph, and the dependencies between electronically signed documents are extracted based on the electronically signed business process.

[0053] Specifically, the rules for determining dependencies in electronically signed documents are as follows:

[0054] In an electronic signature business process, if one standard electronic signature document business process is the next level process of another standard electronic signature document business process, and the two standard electronic signature documents have a trust association, then the two standard electronic signature documents have an electronic signature document dependency relationship.

[0055] Specifically, the rule for determining the trust relationship between two standard electronic signature documents is as follows: if the preceding standard electronic signature document becomes invalid, then all subsequent standard electronic signature documents become invalid and need to be updated and re-signed based on the new preceding standard electronic signature document.

[0056] The dependencies between electronically signed documents are used as directed edges in the file association graph to construct the file association graph.

[0057] Based on the file association diagram, several standard electronic signature files with dependencies on each other are integrated into a file set, and the directed file dependencies are stored in units of the file set.

[0058] Specifically, such as Figure 2As shown, step 1 generates a file association graph based on the electronic signature business process for a standard electronic signature PDF file, storing the electronic signature files and directed file dependencies. The specific implementation of generating the file association graph and directed file dependencies includes using electronic signature files as nodes in the graph and electronic signature file dependencies as directed edges. When a business process of one electronic signature file is the next level process of another electronic signature business process, and the two electronic signature files have a trust association, a directed edge is constructed between the nodes of the two electronic signature files to represent their trust dependency relationship. Dependencies can be preset by file templates or configured as needed. Specifically, file trust association means that when the current preceding file becomes invalid, all subsequent process files must be updated and re-signed based on the new preceding file. The electronic signature management system stores the directed graph information of file dependencies, forming file sets from multiple files with relationships, and storing the corresponding dependencies on a file set basis.

[0059] A signature dictionary is created for standard electronic signature files based on the directed file dependencies, and the information of the previous-level dependent standard electronic signature files is stored in the signature dictionary.

[0060] Specifically, storing the acquired information from the previous-level pre-existing standard electronic signature documents into the signature dictionary includes:

[0061] The information of the electronically signed document of the preceding pre-dependent standard includes the name, identifier, and digest of the electronically signed document of the preceding pre-dependent standard.

[0062] Based on the file association trust dependency relationship, obtain the name, identifier and digest of the previous level of the electronic signature document that the current electronic signature document depends on;

[0063] Store the name, identifier, and digest of the previous-level pre-dependent standard electronic signature file into an optional custom entry in the signature dictionary, and add file signatures to the signature dictionary.

[0064] Specifically, such as Figure 2 As shown, step 2 involves the signature business process management department creating a signature dictionary for the electronic signature PDF file based on the directed association file dependency relationship. This includes adding the file information and file digests of the preceding process and trusted dependent files to the optional entries in the signature dictionary of the PDF file, and adding a file signature. Specifically, the signature business process management department stores the name, file identifier, and file digest of the electronic signature file's parent-level preceding dependent file in the optional custom entries of the signature dictionary based on the file association trust dependency relationship, and adds a signature to the signature dictionary.

[0065] Based on the information stored in the file set and signature dictionary, each standard electronically signed file in the file set is verified sequentially to obtain the verification result. Based on the verification result, the valid files in the file trust chain are determined and stored in the Bloom filter.

[0066] Specifically, based on the information stored in the file set and signature dictionary, each standard electronically signed file in the file set is verified sequentially to obtain the verification result. Based on the verification result, valid files in the file trust chain are determined and stored in the Bloom filter, including:

[0067] Retrieve the stored file association information from the file collection, and obtain the verification information of all standard electronically signed files. Determine the file trust chain of the file collection based on the stored file association information.

[0068] The standard electronically signed files in the file set are verified sequentially using the verification information in the order of the file trust chain, and the previous dependent standard electronically signed files are verified recursively until the first standard electronically signed file in the file trust chain is reached, and the verification result is obtained.

[0069] Specifically, the verification information includes: the standard electronic signature document digest, the standard electronic signature document signature data, and the digest data of the standard electronic signature document's previous predecessor dependent standard electronic signature documents;

[0070] The verification process includes: verifying the signature of the standard electronically signed document, the digital certificate for the signature of the standard electronically signed document, and the digest of the previous-level pre-dependency standard electronically signed document associated with the trust dependency relationship of the standard electronically signed document.

[0071] Based on the verification results, obtain the name, identifier, and digest of the valid files in the file trust chain. Calculate the hash value based on the name, identifier, and digest of the valid files, map the hash value to the Bloom filter, and store all valid files in the file trust chain into the Bloom filter in sequence to generate a unique file set identifier.

[0072] Specifically, such as Figure 2 As shown, step 3 involves the trusted certificate authority verifying the file trust chain of the electronic signature associated files and storing the verified trusted electronic signature files in the file trust chain in the corresponding Bloom filter of that file set. Specifically, verifying the file trust chain of the electronic signature associated files involves the trusted certificate authority obtaining the file set from the electronic signature management system. The system stores file association information and requests verification information for all electronically signed documents from the electronic signature management system, including document digests, signature data, and digest data of documents that the document depends on. Based on the document verification information, it sequentially verifies the electronically signed documents, starting with the latest file in the file chain. signature Digital signature certificate Summary of the parent file of the associated trust dependency relationship Check if it is correct, and recursively verify the previous file in the file chain up to the first file; then, select the valid files in the file chain. file name File identifier Document Summary Calculate hash value Mapping to Bloom Filter In the process, the entire trust chain of the file is verified and stored sequentially in the Bloom filter. And generate a unique file set identifier for it. .

[0073] A Bloom tree is constructed by using the Bloom filters of all file sets as leaf nodes. Based on the Bloom tree, the files to be verified in the file set to be verified are retrieved and verified to obtain the file set to be verified and the verification results of the files to be verified.

[0074] Specifically, a Bloom tree is constructed by using the Bloom filters of the entire file set as leaf nodes and building upwards. Based on the Bloom tree, the files to be verified in the file set are retrieved and verified to obtain the file set to be verified and the verification results of the files to be verified, including:

[0075] The height of the Bloom tree is determined based on the number of all file sets, and the Bloom filter of each file set is used as a leaf node.

[0076] Based on the leaf node positions corresponding to the file set, the retrieval path from the internal node to the leaf node of the file set and the hash function corresponding to the path edge are determined. The hash value is calculated according to the hash function and stored in the Bloom filter of the internal node to construct a fully multi-branch Bloom tree.

[0077] The validity of the set of files to be verified is verified using a Bloom tree, and the verification results of the set of files to be verified are obtained. Based on the verification results of the set of files to be verified, the leaf nodes of the files to be verified are retrieved and queried. The verification results of the files to be verified are determined according to the query results.

[0078] Specifically, a Bloom tree is used to validate the set of files to be validated, obtaining the validation results for the set of files to be validated. Based on the validation results of the set of files to be validated, leaf nodes of the files to be validated are retrieved and queried. The validation results of the files to be validated are determined based on the query results, including:

[0079] The search begins from the root node of the Bloom tree. At the current root node, each file in the set of files to be verified is used to calculate its hash value using each hash function in the set of hash functions. Based on the hash value calculation result, it is determined whether the file should be stored in the Bloom filter, and the storage determination result is obtained.

[0080] The validity of the file set to be verified is determined based on the storage judgment result, and the verification result of the file set to be verified is obtained. If the verification result of the file set to be verified is that the file set to be verified is valid, then the corresponding edge of the corresponding hash function is used to search for its child nodes until the leaf node is found.

[0081] Specifically, determining the validity of the set of files to be verified based on the storage judgment results includes:

[0082] If the hash value corresponding to one of the hash functions in the hash value calculation result is stored in the Bloom filter, then the set of files to be verified is deemed valid.

[0083] If the storage judgment result is that the hash values ​​corresponding to all hash functions in the hash value calculation result are not stored in the Bloom filter, then the set of files to be verified is determined to be invalid.

[0084] The file to be verified is queried in the Bloom filter of the leaf node. If the query result shows that the file to be verified exists, the verification result of the file to be verified is that the verification of the file to be verified is successful; otherwise, the verification result of the file to be verified is that the verification of the file to be verified is unsuccessful.

[0085] Specifically, such as Figure 2 As shown, step 4 involves the trusted certificate authority constructing a Bloom tree upwards using the Bloom filters of the file set as leaf nodes. The Bloom tree, being a multi-branch tree, has nodes at each level composed of Bloom filters. The data corresponding to the Bloom filters in the leaf nodes is stored in the Bloom filters of the non-leaf nodes using different hash functions. Step 5 involves the signed document verifier retrieving and verifying the file set and the signed documents. It retrieves the leaf node storing the pre-verification results of the documents to be verified and verifies whether the hash value of the file data is in the Bloom filter stored in the corresponding node. If it exists, the file is considered valid and has not been tampered with. Constructing the Bloom tree specifically involves the trusted certificate authority determining the file set size based on the number of documents... Complete construction Forked Brønsted tree, completely The height of the forked tree is Create a Bloom filter for each of the nodes, and for each leaf node... Corresponding A set of files in a set of files To form a correspondence Bloom filter maintenance for each internal node of the Bloom tree A set of hash functions Each hash function corresponds to an edge from the corresponding node to one of its child nodes; for any set of files The retrieval path is determined based on the position of its corresponding leaf node. The hash function used for the corresponding path, Calculate the hash function corresponding to the path edge from the internal node to the leaf node of the file set. And store it in the Bloom filter of that internal node.

[0086] Retrieve and verify the set of files and signed documents, specifically: for the set of files to be verified... The file to be verified Starting from the root node, the set of hash functions is used sequentially on the current node. Each hash function in the calculation The process involves determining whether a hash function result exists in the Bloom filter. If it does, the search continues downwards along the corresponding edge to its child nodes until a leaf node is reached. If it does not exist, the file set is invalidated. The file to be verified is then added to the Bloom filter in the leaf node. If the file exists, it is verified, the signature is correct, and all its preceding related files are trustworthy; otherwise, the file verification fails.

[0087] In summary, this invention proposes an efficient method for verifying the trust and file set relationships of electronically signed documents. Addressing the issue of verifying the association of electronically signed documents in business process signing, it achieves trusted association verification of electronically signed documents and, based on a Bloom filter, pre-verifies and stores electronically signed documents, enabling rapid batch verification of file sets containing associated documents. Electronically signed documents are based on the signing business process, and their association information and directed file dependencies are stored in a graph database. Electronically signed PDF files have a dictionary of preceding file information added to store dependent preceding file information and file data hash values. Trusted certificate authorities verify the file chains of electronically signed documents, and verified trusted electronically signed documents are stored in a Bloom filter within the file set. The Bloom filter, acting as leaf nodes, constructs a hierarchical Bloom tree, and the retrieval path of the Bloom filter within the Bloom tree is determined based on each hash function. The Bloom filter leaf nodes of the pre-verified file set results are retrieved, and the verification results of the signed documents are retrieved to achieve batch verification of files and associated documents.

[0088] To facilitate understanding of the above technical solutions of the present invention, the working principle or operation method of the present invention in actual process will be described in detail below.

[0089] The purpose of this invention is to realize the storage and verification of associated file information by utilizing the association relationship of electronically signed documents, and to improve the verification efficiency of documents based on Bloom filters, thereby achieving efficient verification of a set of electronically signed associated files.

[0090] Detailed implementation methods: such as Figure 2 The diagram illustrates a specific implementation flow of the present invention. Using the method of the present invention, users of an electronic signature platform can associate electronically signed documents, enabling the association verification of related documents with mutual verification trust relationships, and providing trusted third-party pre-verification results to achieve efficient retrieval and verification of associated documents. Specifically, the efficient verification method for electronically signed document sets based on Bloom filters includes the following steps:

[0091] Step 1: Generate a file relationship diagram based on the electronic signature business process using the standard electronic signature PDF file, and store the electronic signature files and the directed file dependencies.

[0092] Dependencies are represented by vertices in the file association graph using electronically signed documents as nodes, and directed edges representing dependencies between them. When a business process in one electronically signed document is the next level process in another electronically signed document business process, and the two electronically signed documents have a trust relationship, a directed edge is constructed between the two electronically signed document nodes to represent their trust dependency relationship. Dependencies can be preset by file templates or configured as needed. The file set is then associated and stored as a directed graph based on the above method for constructing the association graph.

[0093] For example, if there exists A collection of files ; the file set There exists files The files are processed in this order as the dependency verification order. A corresponding graph relationship is constructed and stored. And connect them in that order via directed edges.

[0094] Step 2: The signature business process management department creates a signature dictionary for the electronic signature PDF file based on the directed related file dependencies, adds the file information and file digest of the preceding process and trusted dependent files to the optional entries of the signature dictionary of the PDF file, and adds the file signature.

[0095] Based on the document association and trust dependency relationship, the signature business process management department stores the name of the previous-level dependent file, the file identifier, and the file digest of the electronic signature document into the optional custom entries of the signature dictionary, and adds a signature to the signature dictionary.

[0096] For example, the aforementioned document The preceding dependency files are Then it is a file Add a dictionary to store the preceding file. file name identifier With Abstract And add a signature to it.

[0097] Step 3: The trusted certificate authority verifies the file trust chain of the electronic signature associated files and stores the verified trusted electronic signature files in the corresponding Bloom filter of the file set.

[0098] Trusted certificate authorities obtain document sets from electronic signature management systems. The system stores file association information and requests verification information for all electronically signed documents from the electronic signature management system, including document digests, signature data, and digest data of documents that the document depends on. Based on the document verification information, it sequentially verifies the electronically signed documents, starting with the latest file in the file chain. signature Digital signature certificate Summary of the parent file of the associated trust dependency relationship Check if it is correct, and recursively verify the previous file in the file chain up to the first file; then, select the valid files in the file chain. Calculate the hash value from the file name, file identifier, and file digest. Mapping to Bloom Filter In the process, the entire trust chain of the file is verified and stored sequentially in the Bloom filter. And generate a unique file set identifier for it. .

[0099] For example, the aforementioned file set The file in Constructing Bloom Filters It calculates hash values ​​for file information and maps the files to Bloom filters.

[0100] Step 4: The trusted certificate authority builds a Bloom tree upwards by using the Bloom filters of the file set as leaf nodes. The Bloom tree is a multi-branch tree, and each level of the node is composed of Bloom filters. The Bloom filter data corresponding to the leaf nodes is stored in the Bloom filters of the non-leaf nodes using different hash functions.

[0101] like Figure 3 As shown, a Bloom tree storage structure is provided. The specific steps for constructing a Bloom tree using data are: Trusted Certificate Authorities (CCAs) determine the number of files in the file set... Complete construction Forked Brønsted tree, completely The height of the forked tree is Create a Bloom filter for each of the nodes, and for each leaf node... Corresponding A set of files in a set of files To form a correspondence .

[0102] Bloom filter maintenance for each internal node of the Bloom tree A set of hash functions ,like Figure 3 Each corresponding node in the dataset has two child nodes and two corresponding hash functions. Each hash function corresponds to an edge from the corresponding node to one of its child nodes. For any set of files... The retrieval path is determined based on the position of its corresponding leaf node. The hash function used for the corresponding path, Calculate the hash function corresponding to the path edge from the internal node to the leaf node of the file set. And store it in the Bloom filter of that internal node.

[0103] For example, such as Figure 3 As shown, when constructing the Bloom tree, all file set data is stored sequentially, and then the file set is stored... At that time, file collection The merged leaf node is the first leaf node. The hash function corresponding to the path from the root node to the leaf node is: Use the corresponding hash function to divide the file set The data hash value is calculated and stored in the internal node Bloom filter, and the file collection is... The hash value of the file is calculated and stored in the leaf node. .

[0104] File collection The hash function corresponding to the search path is The file set is retrieved based on the edge corresponding to the hash. Bloom filter leaf nodes.

[0105] Step 5: The signature document verifier retrieves and verifies the document set and the signature document. It retrieves the leaf node of the pre-verification result Bloom filter that stores the document to be verified and verifies whether the hash of the electronic signature document data to be verified is in the corresponding leaf node Bloom filter. If it exists, it can be determined that the document is valid and has not been tampered with.

[0106] For the collection of files to be verified The file to be verified Starting from the root node, the set of hash functions is used sequentially on the current node. Each hash function in the calculation The process involves determining whether a hash function result exists in the Bloom filter. If it does, the search continues downwards along the corresponding edge to its child nodes until a leaf node is reached. If it does not exist, the file set is invalidated. The file to be verified is then added to the Bloom filter in the leaf node. If the file exists, it is verified, the signature is correct, and all its preceding related files are trustworthy; otherwise, the file verification fails.

[0107] For example, Figure 3 As shown, the file collection The hash function corresponding to the search path is In the actual retrieval process, the hash function is calculated starting from the root node. The results were obtained in The result corresponds to the Bloom filter. If not, confirm the first edge in the search path and continue searching in the corresponding child nodes until the leaf node is finally found. Verify the file to be verified. and Calculate the hash value , All results are present in the Bloom filter used to verify valid results, and the verification passed.

[0108] In summary, by utilizing the above-mentioned technical solution of this invention, this invention verifies the association of documents by constructing the association relationship of electronically signed documents as graph information and storing the directed dependency graph. The dependent files of the electronically signed documents are stored in their PDF file dictionary, recording the association information. The integrity of the association of preceding files is verified based on the stored summary information, verifying whether the summary information of the preceding files is consistent with the stored summary information, ensuring that the preceding files have not been tampered with based on the trusted content that subsequent files depend on, thus guaranteeing the integrity of the trusted file chain association. This invention achieves efficient verification of the associated file chain through Bloom filters and trusted third-party pre-verification, storing the pre-verification results, and constructing a Bloom tree to realize efficient file set retrieval. The file chain information to be verified is obtained through efficient retrieval, and the file information to be verified in the Bloom filter is retrieved to determine its validity. The efficient retrieval through Bloom filters reduces time overhead and storage costs, achieving efficient storage and retrieval of file pre-verification and verification results, and improving the verification efficiency of documents through trusted pre-verification.

[0109] The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. An electronic signature associated file trust and efficient verification of a collection of files method, characterized in that, The method includes: Obtain standard electronically signed documents and construct a document relationship diagram based on the electronic signature business process. Generate a file set and directed file dependencies based on the document relationship diagram. A signature dictionary is created for standard electronic signature files based on the directed file dependency relationship, and the information of the previous level dependent standard electronic signature files is stored in the signature dictionary. The step of storing the acquired information of the preceding pre-existing standard electronic signature file into the signature dictionary includes: The information of the preceding pre-approved standard electronic signature document includes the name, identifier, and summary of the preceding pre-approved standard electronic signature document; Based on the file association trust dependency relationship, obtain the name, identifier and digest of the previous level of the electronic signature document that the current electronic signature document depends on; Store the name, identifier, and digest of the previous-level pre-dependent standard electronic signature file into an optional custom entry in the signature dictionary, and add file signatures to the signature dictionary; Based on the information stored in the file set and signature dictionary, each standard electronic signature file in the file set is verified sequentially to obtain the verification result. Based on the verification result, the valid files in the file trust chain are determined and stored in the Bloom filter. Based on the information stored in the file set and signature dictionary, each standard electronically signed file in the file set is verified sequentially to obtain a verification result. Based on the verification result, valid files in the file trust chain are determined and stored in a Bloom filter, including: Retrieve the stored file association information from the file collection, and obtain the verification information of all standard electronically signed files. Determine the file trust chain of the file collection based on the stored file association information. The standard electronically signed files in the file set are verified sequentially using the verification information in the order of the file trust chain, and the previous dependent standard electronically signed files are verified recursively until the first standard electronically signed file in the file trust chain is reached, and the verification result is obtained. Based on the verification results, obtain the name, identifier, and digest of the valid files in the file trust chain. Calculate the hash value based on the name, identifier, and digest of the valid files. Map the hash value to the Bloom filter. Store all valid files in the file trust chain to the Bloom filter in sequence to generate a unique file set identifier. A Bloom tree is constructed by using the Bloom filters of the entire file set as leaf nodes and building upwards. Based on the Bloom tree, the files to be verified in the file set are retrieved and verified to obtain the file set to be verified and the verification results of the files to be verified, including: The height of the Bloom tree is determined based on the number of all file sets, and the Bloom filter of each file set is used as a leaf node. Based on the leaf node positions corresponding to the file set, the retrieval path from the internal node to the leaf node of the file set and the hash function corresponding to the path edge are determined. The hash value is calculated according to the hash function and stored in the Bloom filter of the internal node to construct a fully multi-branch Bloom tree. The validity of the set of files to be verified is verified using a Bloom tree, and the verification results of the set of files to be verified are obtained. Based on the verification results of the set of files to be verified, the leaf nodes of the files to be verified are retrieved and queried. The verification results of the files to be verified are determined according to the query results.

2. The method for efficient verification of electronic signature-associated document trust and document sets according to claim 1, characterized in that, The process of obtaining standard electronically signed documents and constructing a file association graph based on the electronic signature business process, and generating a file set and directed file dependencies based on the file association graph, includes: Standard electronic signature documents are used as points in the document relationship graph, and the electronic signature document dependencies are extracted according to the electronic signature business process. The dependencies between electronically signed documents are used as directed edges in the file association graph to construct the file association graph; Based on the file association diagram, several standard electronic signature files with dependencies on each other are integrated into a file set, and the directed file dependencies are stored in units of the file set.

3. The method of claim 2, wherein, The rules for determining the dependencies of the electronically signed documents are as follows: In an electronic signature business process, if one standard electronic signature document business process is the next level process of another standard electronic signature document business process, and the two standard electronic signature documents have a trust association, then the two standard electronic signature documents have an electronic signature document dependency relationship.

4. The method of claim 3, wherein, The rule for determining the trust association between the two standard electronic signature documents is as follows: when the preceding standard electronic signature document becomes invalid, all subsequent standard electronic signature documents become invalid and need to be updated and re-signed based on the new preceding standard electronic signature document.

5. The method of claim 1, wherein, The verification information includes: standard electronic signature document digest, standard electronic signature document signature data, and digest data of the previous-level dependent standard electronic signature document of the standard electronic signature document. The sequential verification includes: sequentially verifying whether the signature of the standard electronic signature document, the signature digital certificate of the standard electronic signature document, and the digest of the previous-level pre-dependency standard electronic signature document associated with the trust dependency relationship of the standard electronic signature document are correct.

6. The method of claim 1, wherein, The process involves using a Bloom tree to validate the set of files to be validated, obtaining validation results for the set of files to be validated, and then performing leaf node retrieval and querying on the files to be validated based on the validation results. The validation result of each file is then determined based on the query results. This includes: The search begins from the root node of the Bloom tree. At the current root node, each file in the set of files to be verified is used to calculate its hash value using each hash function in the set of hash functions. Based on the hash value calculation result, it is determined whether the file should be stored in the Bloom filter, and the storage determination result is obtained. The validity of the file set to be verified is determined based on the storage judgment result, and the verification result of the file set to be verified is obtained. If the verification result of the file set to be verified is that the file set to be verified is valid, then the corresponding edge of the corresponding hash function is used to search its child nodes until the leaf node is found. The file to be verified is queried in the Bloom filter of the leaf node. If the query result shows that the file to be verified exists, the verification result of the file to be verified is that the verification of the file to be verified is successful; otherwise, the verification result of the file to be verified is that the verification of the file to be verified is unsuccessful.

7. The method for efficient verification of electronic signature-associated document trust and document set according to claim 6, characterized in that, The determination of the validity of the set of files to be verified based on the storage judgment result includes: If the hash value corresponding to one of the hash functions in the hash value calculation result is stored in the Bloom filter, then the set of files to be verified is deemed valid. If the storage judgment result is that the hash values ​​corresponding to all hash functions in the hash value calculation result are not stored in the Bloom filter, then the set of files to be verified is determined to be invalid.