A method for generating multi-position electronic signature of PDF document based on content semantics of seal
By generating seal fingerprints to determine signature equivalence and constructing basic signature data templates, and sharing signature input data, the problem of high resource consumption and low efficiency in multi-location signing scenarios is solved, and efficient multi-location signing is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SHANGHAI ELECTRONIC CERTIFICATE AUTHORITY CENT CO LTD
- Filing Date
- 2026-04-16
- Publication Date
- 2026-07-14
AI Technical Summary
Existing technologies, in multi-location signing scenarios, cannot analyze the semantics of the seal content, resulting in repeated signature calculations for each signature, leading to high resource consumption and low efficiency.
By generating a seal fingerprint, signature equivalence is determined and a basic signature data template is constructed. Signature input data is shared, and the template is generated only once within the equivalence group, generating an independent result for each signature position.
It significantly reduces the number of repeated signature calculations, lowers the resource consumption of hardware cryptographic devices and remote signature services, and improves the overall efficiency of multi-location signing.
Smart Images

Figure CN122389092A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of electronic signature and document security technology, and more specifically, to a method and system for generating multi-location electronic signatures for PDF documents based on the semantics of seal content. Background Technology
[0002] PDF electronic signature, as a mature digital signature technology, combines encryption algorithms with identity authentication mechanisms to embed verifiable signature information in electronic documents. This ensures the integrity of the document, the authenticity of the signer's identity, and the non-repudiation of the signing behavior. It is widely used in various scenarios such as electronic contracts, electronic documents, and financial documents.
[0003] In practical applications, scenarios frequently arise where the same PDF document needs to be stamped with the same seal in multiple locations, such as the signature section on each page of a multi-page contract. Current PDF electronic signature technologies typically require constructing complete signature input data for each signature location and then independently calling a hardware cryptographic device (HSM), cryptographic card, or remote signature service to perform the signature calculation. Each signature calculation consumes secure computing resources, resulting in high call costs and leading to long overall signing times and limited system throughput in multi-location signing scenarios.
[0004] To address the performance bottleneck issues associated with multi-location signing, existing technologies have yet to provide an effective solution. Because current technologies do not analyze and represent the semantic content of the seal, they cannot achieve the sharing and reuse of signature input data. This results in a complete signature calculation process being required regardless of whether multiple signature requests use the same seal or have consistent semantics, exacerbating the problems of excessive resource consumption and low signing efficiency.
[0005] Therefore, there is an urgent need for a technical solution that can effectively reduce the computational resource consumption of repeated signatures in multi-location signing scenarios, while ensuring that each signature location is an independent and valid PDF electronic signature. Summary of the Invention
[0006] The purpose of this invention is to provide a method and system for generating multi-location electronic signatures for PDF documents based on the semantics of seal content, thereby solving the problem of excessive consumption of signature computing resources and low signing efficiency in multi-location signing scenarios due to the inability to analyze and represent the semantics of seal content.
[0007] To achieve the above objectives, this invention provides a method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content, comprising: Step S1: Receive at least one PDF electronic signature request, wherein the signature request includes at least the PDF document to be signed, seal-related information, and signature position-related parameters; Step S2: Process the seal-related information in the received signature request to generate a seal fingerprint that uniquely represents the semantics of the seal content. Step S3: Perform signature equivalence determination based on the seal fingerprint, determine whether multiple signature requests belong to the same signature equivalence group, and group them according to the determination result; Step S4: For each signature equivalence group, construct the basic input data required for signature calculation; Step S5: Generate a basic signature data template based on the basic input data, wherein the basic signature data template is generated only once for each signature equivalence group; Step S6: Based on the basic signature data template, for each signature request within the signature equivalence group, generate a signature result that uniquely corresponds to the signature position; Step S7: Write the generated signature result into the corresponding signature position in the PDF document to generate a signature document that conforms to the PDF electronic signature specification.
[0008] In some embodiments, the seal-related information includes at least seal image data and seal display attributes; Step S2 further includes: Extract the seal image data and seal display attributes from the signature request; Seal image data and seal display attributes are calculated independently to generate corresponding image content summaries and display attribute summaries. The image content summary and the display attribute summary are combined according to a preset combination rule to generate the seal fingerprint.
[0009] In some embodiments, the seal image data is used to characterize the content semantics of the seal; The seal display attributes include at least one or more of the following: seal display size, seal rotation angle, and seal transparency and display parameters.
[0010] In some embodiments, the algorithm used for the digest calculation includes one or more of the following types: A hash function-based digest calculation algorithm; Summarization algorithms based on feature extraction; and A summary computation algorithm based on rule mapping.
[0011] In some embodiments, the preset combination rule includes one or more of the following: The two summary results are combined; Weighted combination of the two summary results; and Perform a summary calculation again on the combined data.
[0012] In some embodiments, step S3 further includes: Compare the seal fingerprints corresponding to multiple signature requests; If the fingerprints of multiple signature requests are identical, then the multiple signature requests are determined to belong to the same signature equivalence group.
[0013] In some embodiments, the basic signature data template is signature input source data that can be shared by multiple signature requests within the same signature equivalence group; The basic signature data template includes at least: original document content summary data, signature input data related to seal semantics, signature certificate information and signature strategy parameters.
[0014] In some embodiments, step S6 is a derived signature generation method: The derived signature generation method includes, based on the basic signature data template, performing derivation processing on each signature request within the signature equivalence group to generate a signature result that uniquely corresponds to the signature position of the signature request.
[0015] In some embodiments, the derived signature generation method further includes: Obtain the basic signature data template corresponding to the same signature equivalence group; For each signature request within the signature equivalence group, the following steps are performed sequentially: Retrieve the signature position-related parameters corresponding to the current signature request; Based on the PDF document structure corresponding to the current signature request, calculate and inject the byte range information corresponding to the signature position; Based on the basic signature data template, and combined with the byte range information and the signature position-related parameters, a derivation process is performed to generate the derived signature input data. Based on the derived signature input data, perform signature calculation to generate a signature result that uniquely corresponds to the signature position; Based on the signature result, an independent PDF signature description unit is generated for the current signature position.
[0016] In some embodiments, step S6 is a signature result sharing method; The signature result sharing method includes generating a shared signature result corresponding to multiple signature requests within the same signature equivalence group based on the basic signature data template.
[0017] In some embodiments, step S7 further includes: The generated signature results are written into a PDF document, so that each signature location forms an independent signature description structure.
[0018] To achieve the above objectives, the present invention provides a PDF document multi-location electronic signature generation device based on seal content semantics, used to execute the PDF document multi-location electronic signature generation method based on seal content semantics, the device comprising: The signature request receiving module is used to perform step S1 in the method for generating multi-location electronic signatures for PDF documents. The module for determining the uniqueness of seal content is used to perform step S2 in the method for generating multi-location electronic signatures for PDF documents. The signature equivalence determination module is used to perform step S3 in the method for generating multi-location electronic signatures for PDF documents. The signature source data construction module is used to perform step S4 in the method for generating multi-location electronic signatures for PDF documents. The basic signature data template generation module is used to perform step S5 in the method for generating multi-location electronic signatures for PDF documents. The signature processing module is used to perform step S6 in the method for generating multi-location electronic signatures for PDF documents. The PDF writing module is used to perform step S7 in the method for generating multi-location electronic signatures for PDF documents.
[0019] In some embodiments, the signature processing module includes a derived signature generation module and / or a signature result sharing module; The derived signature generation module is used to perform derivation processing on each signature request within the signature equivalence group based on the basic signature data template, and generate a signature result that uniquely corresponds to the signature position of the signature request. The signature result sharing module is used to generate shared signature results corresponding to multiple signature requests within the same signature equivalence group based on the basic signature data template.
[0020] To achieve the above objectives, this invention provides a PDF document multi-location electronic signature generation system based on the semantics of seal content, comprising: Memory, used to store computer programs; A processor is configured to execute the aforementioned method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content when the computer program is invoked.
[0021] To achieve the above objectives, the present invention provides a computer-readable storage medium having a computer program stored thereon, the computer program being executed by a processor to implement the above-described method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content.
[0022] This invention provides a method, apparatus, and system for generating multi-location electronic signatures for PDF documents based on the semantics of seal content. By generating seal fingerprints from the semantics of seal content and determining signature equivalence based on the seal fingerprints, a basic signature data template is constructed only once for multiple signature requests within the same equivalence group. Under the premise of ensuring that each signature location generates an independent and verifiable PDF electronic signature result, the shared signature input data is reused, thereby significantly reducing the number of repeated signature calculations, reducing the consumption of high-cost resources such as hardware cryptographic devices and remote signature services, and improving the overall signing efficiency in multi-location signing scenarios. Attached Figure Description
[0023] The above and other features, properties and advantages of the present invention will become more apparent from the following description taken in conjunction with the accompanying drawings and embodiments, in which the same reference numerals always denote the same features, wherein: Figure 1 A flowchart illustrating the steps of a method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content according to an embodiment of the present invention is provided. Figure 2 A flowchart of seal fingerprint generation and signature equivalence determination according to an embodiment of the present invention is disclosed; Figure 3 A diagram illustrating a derived signature generation method according to an embodiment of the present invention is disclosed; Figure 4 A schematic diagram of a PDF document multi-location electronic signature generation device based on seal content semantics, according to an embodiment of the present invention, is disclosed. Figure 5 A timing diagram for generating multi-location electronic signatures in PDF documents based on the semantics of seal content, according to an embodiment of the present invention, is disclosed.
[0024] The meanings of the labels in the figures are as follows: 41. Signature request receiving module; 42. Seal content uniqueness determination module; 43. Signature equivalence determination module; 44. Signature source data construction module; 45. Basic signature data template generation module; 46. Signature processing module; 461 Derivative signature generation module; 462 Signature Result Sharing Module; 47 PDF writing module. Detailed Implementation
[0025] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are for illustrative purposes only and are not intended to limit the invention.
[0026] Figure 1 A step diagram illustrating a method for generating multi-location electronic signatures in PDF documents based on the semantic meaning of seal content according to an embodiment of the present invention is shown, such as... Figure 1 As shown, the present invention proposes a method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content, comprising: Step S1: Receive at least one PDF electronic signature request, wherein the signature request includes at least the PDF document to be signed, seal-related information, and signature position-related parameters; Step S2: Process the seal-related information in the received signature request to generate a seal fingerprint that uniquely represents the semantics of the seal content. Step S3: Perform signature equivalence determination based on the seal fingerprint, determine whether multiple signature requests belong to the same signature equivalence group, and group them according to the determination result; Step S4: For each signature equivalence group, construct the basic input data required for signature calculation; Step S5: Generate a basic signature data template based on the basic input data, wherein the basic signature data template is generated only once for each signature equivalence group; Step S6: Based on the basic signature data template, for each signature request within the signature equivalence group, generate a signature result that uniquely corresponds to the signature position; Step S7: Write the generated signature result into the corresponding signature position in the PDF document to generate a signature document that conforms to the PDF electronic signature specification.
[0027] To address the technical problems of high resource consumption and low signing efficiency caused by repeated signature calculations in multi-location electronic signature scenarios, this invention proposes a method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content. By determining the equivalence of signatures through the semantics of seal content, reusing shareable signature input data, and generating multi-location PDF electronic signatures through the signature input data, this method effectively optimizes signing performance and significantly improves overall signing efficiency while ensuring signature compliance and independence.
[0028] These steps will be described in detail below. It should be understood that, within the scope of this invention, the above-described technical features of this invention and the technical features specifically described below (such as in the embodiments) can be combined and related to each other to form preferred technical solutions.
[0029] Step S1: Receive at least one PDF electronic signature request, wherein the signature request includes at least the PDF document to be signed, seal-related information, and signature position-related parameters.
[0030] Specifically, step S1 is the signature request receiving process, which is used to uniformly access and manage multiple signature requests in multi-location signing scenarios.
[0031] Figure 2 A flowchart illustrating the generation of seal fingerprints and determination of signature equivalence according to an embodiment of the present invention is disclosed, such as... Figure 1 and Figure 2 As shown, step S1 receives multiple PDF electronic signature requests from the business system. The signature requests may come from the same business source or from different business sources.
[0032] The signature request includes at least the PDF document to be signed, seal-related information, and signature position-related parameters.
[0033] For example, parameters related to the signature location may include the page number where the signature is located, coordinate position, display level, etc., which are used to accurately locate the specific position of the signature in the PDF document.
[0034] Step S2: Process the seal-related information in the received signature request to generate a seal fingerprint that uniquely represents the semantics of the seal content.
[0035] Specifically, step S2 is the process of determining the uniqueness of the seal content. For each signature request, the system extracts the relevant seal information, processes the relevant seal information in the signature request in a targeted manner, and generates a seal fingerprint (Seal-Fingerprint) that can uniquely represent the semantics of the seal content, providing a basis for the signature equivalence determination in the subsequent step S3.
[0036] In some embodiments, seal-related information is used to describe the content semantic attributes and display semantic attributes of the seal in an electronic document. Specifically, seal-related information includes at least seal image data and seal display attributes.
[0037] Among them, seal image data belongs to seal image content information, which is used to represent the semantic content of the seal.
[0038] The stamp display attributes include at least one or more of the following: stamp display size, stamp rotation angle, stamp transparency, and display parameters.
[0039] Stamp display size, used to characterize the size of the stamp displayed in the document; stamp rotation angle, used to characterize the display direction of the stamp; stamp transparency and display parameters, used to characterize the display effect of the stamp.
[0040] More specifically, seal image data refers to the raw data content of a seal image, including the image's binary data or its digest value (such as a hash value), used to uniquely identify the seal image itself. Even if different seals are the same size and location, if their image content differs, they should be considered non-signature equivalents. This parameter is the basic input data for generating seal fingerprints.
[0041] More specifically, the seal display size refers to the actual rendered size of the seal image when displayed in a PDF document, including parameters such as width, height, and scaling ratio. The same seal image will have different signature appearances at different display sizes. If the size difference exceeds a preset threshold, the corresponding signing request should not be considered equivalent to a signature at the semantic level.
[0042] More specifically, the seal rotation angle refers to the angle parameter by which the seal image is rotated relative to its original orientation within a document. In certain business or compliance scenarios, seals with different rotation angles have different legal or business meanings. If the rotation angles are different, the corresponding signing requests should not be considered as equivalent signatures.
[0043] More specifically, seal transparency and display parameters refer to the transparency or opacity parameters of the seal image when rendered into a PDF document. Seals with different levels of transparency have different visual and business effects. When generating seal fingerprints, incorporating transparency parameters into the calculation helps avoid mistakenly classifying seals with different display effects as equivalent signatures.
[0044] By combining and analyzing the above information, it is possible to accurately determine whether the seals used in different signing requests are semantically consistent, providing a reliable basis for the subsequent division of signature equivalence groups.
[0045] A seal fingerprint is an identifier used to uniquely represent the semantics of a seal's content and its display characteristics. Since the seal image content and the seal display attributes differ in data structure and change characteristics, in this embodiment, summaries are calculated for both separately, and the resulting summaries are combined to generate a seal fingerprint that represents the overall semantics of the seal.
[0046] like Figure 2 As shown, for each pending signature request, the system performs the following operations in sequence: First, the current signature request is obtained, and the seal image data and seal display attributes are extracted from the signature request. Then, a digest calculation is performed independently on the seal image data to generate a corresponding image content digest; a digest calculation is also performed independently on the seal display attributes to generate a corresponding display attribute digest; finally, the image content digest and the display attribute digest are combined according to a preset combination rule to generate a seal fingerprint that uniquely represents the semantics of the seal content. The seal fingerprint is used to represent the uniqueness of the seal content at the semantic level, is independent of the specific signature location, and is the core basis for subsequent determination of signature equivalence.
[0047] In this embodiment, the summary calculation is used to convert the seal image content and seal display attributes into fixed-length or semi-fixed-length summary data to participate in the generation of the seal fingerprint, reducing data redundancy and improving judgment efficiency. In this embodiment, by separating the image content summary and the display attribute summary, the accuracy of the judgment can be guaranteed while avoiding misjudgment of the seal semantics due to changes in a single parameter.
[0048] Specifically, the algorithm used for the digest calculation includes one or more of the following types: hash function-based digest calculation algorithm, feature extraction-based digest generation algorithm, and rule mapping-based digest calculation algorithm.
[0049] Optionally, the hash function-based digest calculation algorithm can use common hash algorithms such as SHA-256 and SM3. The feature extraction-based digest generation algorithm can use image feature extraction methods such as SIFT (Scale-Invariant Feature Transform) and HOG (Histogram of Oriented Gradients). The rule mapping-based digest calculation algorithm can generate a digest by formulating corresponding mapping rules according to the specific type of the stamp display attributes. This invention does not impose specific limitations on these methods.
[0050] Since seal image data and seal display attributes differ in data type and variation characteristics, this invention can employ the same digest calculation algorithm or different digest calculation algorithms for separate processing; this invention does not limit this approach. For example, a feature extraction-based digest generation algorithm can be used for seal image data, while a hash function-based digest calculation algorithm can be used for seal display attributes, to adapt to the characteristics of different data.
[0051] In this embodiment, the preset combination rules include one or more of the following methods: concatenating two summary results, weighting and combining two summary results, and performing summary calculation again on the combined data.
[0052] Specifically, the image content summary and the display attribute summary can be concatenated in sequence to form a complete seal fingerprint; or the seal fingerprint can be generated by weighted summation based on the influence weight of the two on the seal semantics; or the concatenated summary data can be hashed again to generate a fixed-length seal fingerprint, further improving the uniqueness and security of the fingerprint.
[0053] After generating the seal fingerprint, the system performs the signature equivalence determination operation in step S3.
[0054] Step S3: Perform signature equivalence determination based on the seal fingerprint, determine whether multiple signature requests belong to the same signature equivalence group, and group them according to the determination result.
[0055] Specifically, step S3 is the signature equivalence determination process, which groups multiple signature requests based on the seal fingerprint and determines whether the multiple signature requests belong to the same signature equivalence group.
[0056] In this invention, signature equivalence means that the core signature input data required by multiple signature requests at the signature computation level is semantically consistent, allowing the core signature input data to be shared and reused in the pre-signature computation stage. It should be noted that signature equivalence does not mean that multiple signatures will have identical signature results, but rather that, apart from the differentiated parameters related to specific signature positions, the remaining parts of their signature input structure are semantically shareable, thereby allowing for reduced redundant computation while ensuring signature independence.
[0057] In some embodiments, the signature equivalence determination in step S3 further includes: Compare the seal fingerprints corresponding to multiple signature requests; If the fingerprints of multiple signature requests are identical, then the multiple signature requests are determined to belong to the same signature equivalence group.
[0058] like Figure 2 As shown, the system compares the seal fingerprint of the current signature request with the seal fingerprint of the processed signature requests to determine if there are any identical seal fingerprints. If no identical seal fingerprints are found, a new signature equivalence group is created, and the current signature request is added to the new equivalence group; if identical seal fingerprints are found, the current signature request is added to an existing signature equivalence group.
[0059] After determining the equivalence group affiliation of the current signature request, the system further determines whether there are any unprocessed signature requests: if there are unprocessed signature requests, the system returns to step S1 to obtain unprocessed signature requests and repeats the above-mentioned seal fingerprint generation, equivalence determination and grouping operations until all signature requests are processed; if there are no unprocessed signature requests, the system proceeds to the signature source data construction process in step S4 to provide a foundation for the subsequent generation of basic signature data templates.
[0060] In some embodiments, a fingerprint comparison threshold can be set. If the similarity between two fingerprints exceeds the preset threshold, they can be considered as identical, thereby improving the flexibility and fault tolerance of the judgment.
[0061] Step S4: For each signature equivalence group, construct the basic input data required for signature computation.
[0062] Specifically, step S4 is the signature source data construction process, which constructs the basic input data required for signature calculation for each signature equivalence group. This step constructs the input source data required for signature calculation, rather than the actual signature result.
[0063] In this embodiment, the construction of the basic input data is based on the semantic consistency of signature equivalence sets, specifically including one or more of the following: The original content summary data of the PDF document corresponding to the same signature equivalence set is generated by performing hash calculation or feature extraction on the core content of the PDF document and is used to characterize the integrity of the document content; The seal fingerprint generated in step S2, which uniquely represents the semantics of the seal content, serves as the core identifier for distinguishing different signature equivalence groups. The common configuration data required for signing includes signature certificate information, signature algorithm type identifier, signature strategy parameters, etc. Public metadata related to business scenarios, such as the signing entity information and the baseline value of the signing timestamp.
[0064] Step S5: Generate a basic signature data template based on the basic input data, wherein the basic signature data template is generated only once for each signature equivalence group.
[0065] Specifically, step S5 is the process of generating a basic signature data template.
[0066] Each signature equivalence group generates a basic signature data template only once, which is used as a common input for multiple subsequent signature generation methods. This avoids repeatedly constructing input data for multiple signature requests within the same equivalence group, thus saving computational resources.
[0067] Furthermore, the data in the basic signature data template is signature input source data that can be shared by multiple signature requests within the same signature equivalence group. The basic signature data template includes at least: original document content summary data, signature input data related to seal semantics, signature certificate information, and signature strategy parameters. The basic signature data template does not contain any signature result data.
[0068] For example, the original content digest data of a document is the original content digest of the PDF documents corresponding to all signature requests within the same equivalence group, without the need to calculate it separately for each signature request; the signature input data related to seal semantics may include seal fingerprints, seal image hash values, etc., to uniformly represent the content and display semantics of the seal; the signature certificate related information may include certificate serial number, issuer information, public key, etc., and all signature requests can share the same signature certificate; the signature policy parameters may include unified configuration parameters such as signature algorithm type and signature validity period to ensure that signatures within the same equivalence group comply with the same compliance requirements.
[0069] Step S6: Based on the basic signature data template, generate a signature result that uniquely corresponds to the signature position for each signature request within the signature equivalence group.
[0070] Specifically, step S6 is the signature processing flow. Based on the basic signature data template, the system generates corresponding derived signature data, i.e., derived signature results, according to the signature position-related parameters of different signature requests; or, under the premise of meeting the PDF electronic signature verification rules, multiple signature description units share the same signature result, i.e., shared signature results, to adapt to different business scenario requirements.
[0071] In a preferred embodiment, step S6 is a derived signature generation method. The derived signature generation method includes, based on the basic signature data template, generating a signature result that uniquely corresponds to the signature position of each signature request within the signature equivalence group.
[0072] Figure 3 A diagram illustrating a derived signature generation method according to an embodiment of the present invention is provided. The derived signature generation method based on a basic signature data template provided by this embodiment is applicable to multiple signature location scenarios and can effectively reduce the number of calculations for duplicate signatures while ensuring that each signature result meets the PDF electronic signature verification requirements.
[0073] More specifically, the derived signature generation method further includes: obtaining a basic signature data template corresponding to the same signature equivalence group; and based on the basic signature data template, performing core processing logic for each signature request within the signature equivalence group. Figure 3 The process is exactly the same; perform the following operations in sequence: Obtain the signature position-related parameters corresponding to the current signature request; calculate and inject the byte range information corresponding to the signature position based on the PDF document structure corresponding to the current signature request; perform derivation processing based on the basic signature data template, combined with the byte range information and the signature position-related parameters, to generate derived signature input data; perform signature calculation based on the derived signature input data to generate a signature result uniquely corresponding to the signature position.
[0074] Compared to existing technologies that reduce computation by directly reusing signature values or signature results, the derived signature generation method in this embodiment has significant advantages.
[0075] Existing solutions often weaken the independence of signatures, which can easily lead to problems such as unclear signature verification and inaccurate signature description binding to the signature location, making it difficult to balance performance optimization and electronic signature compliance requirements.
[0076] The derived signature generation method proposed in this embodiment significantly reduces the consumption of signature computing resources by reusing the input source data that can be shared during the signature calculation process, while ensuring that each signature position generates an independent signature result that can be independently verified by a standard PDF signature verification tool.
[0077] like Figure 3 As shown, the specific steps for generating a derived signature are as follows: S601: Obtain the basic signature data template. The system obtains the basic signature data template constructed for a set of signature requests that are determined to be signature equivalent. This template is the shared input basis for all signature requests within the same signature equivalence group and only needs to be generated once.
[0078] S602: Obtain the signature position-related parameters for the current signature request. For the currently pending signature request, the system obtains the signature position-related parameters corresponding to that signature request.
[0079] In some embodiments, the signature location-related parameters include at least one or more of the following: the page number where the signature is located, the coordinate position of the signature area, the width and height of the signature display area, and the display order or hierarchy of the signature in the document.
[0080] The parameters related to the signature position are non-shareable data, which is the direct cause of the different byte ranges (ByteRange) at different signature positions.
[0081] S603: Calculate and inject byte interval information. Based on the PDF document structure corresponding to the current signature request, the system calculates the byte interval information corresponding to the signature position and injects this byte interval information into the basic signature data template. The byte interval indicates the data range in the PDF that participates in the signature digest calculation. Different signature positions correspond to different byte intervals, which is a key technical means to ensure that each signature result can be independently verified.
[0082] S604: Constructing Derivative Signature Input Data. Based on the basic signature data template, the system extracts the basic signature data encapsulated in the template, combines the injected byte range information and signature position-related parameters, and performs derivation processing on the basic signature data to generate derived signature input data that uniquely corresponds to the current signature request.
[0083] The basic signature data mainly refers to the general input data used for signature calculation and can be reused across multiple signature requests, including document digests, seal semantic data, signature certificate information, and signature strategy parameters. This step reuses most of the signature input source data in the basic signature data template, only performing differentiated derivation on the parts related to the signature position, rather than reusing the signature value, thereby ensuring the independence of each signature result.
[0084] S605: Perform derived signature calculation. Based on the derived signature input data, the system calls a hardware cryptographic device (HSM) or a remote signature service to perform a signature calculation operation and generate signature result data that uniquely corresponds to the signature position.
[0085] S606: Generate an independent signature description unit. Based on the generated signature result data, the system combines the signature result data with relevant metadata such as signature location information and signature algorithm parameters to construct an independent PDF signature description unit for the current signature location, and writes this description unit into the corresponding location in the PDF document. The signature result data is embedded within the signature description unit as its core content. Each signature description unit has a complete signature structure and can be individually verified by standard PDF signature verification tools such as Adobe Acrobat, meeting the requirements of the PDF electronic signature specification.
[0086] S607: Process the next signature position. For other signature requests within the same signature equivalence group, the system repeats steps S602 to S606 until all derived signatures for all signature requests within the same signature equivalence group are generated. The basic signature data template is constructed only once, and the derivation processing flow can be executed in parallel or serially, significantly reducing the number of calls to high-cost signature resources and improving overall signing efficiency. After all derived signatures are generated, the system enters the PDF writing process in step S7 to complete the final signature document generation.
[0087] Optionally, step S6 is a signature result sharing method; The signature result sharing method includes generating a shared signature result corresponding to multiple signature requests within the same signature equivalence group based on the basic signature data template.
[0088] More specifically, a signature result is generated based on a basic signature data template, and the signature result is referenced by multiple signature description units in a PDF document, thereby reducing the number of signature calculations.
[0089] It should be noted that the signature result sharing method has certain limitations in terms of signature independence, compliance adaptability, and universality. It is mainly suitable for application scenarios with extremely high performance requirements and where the business system has additional control measures for compliance.
[0090] Step S7: Write the generated signature result into the corresponding signature position in the PDF document to generate a signature document that conforms to the PDF electronic signature specification.
[0091] Specifically, step S7 is the PDF writing process, in which the system writes the generated derived signature result or shared signature result into the corresponding signature position in the PDF document, so that each signature position forms an independent and verifiable PDF electronic signature result.
[0092] In some embodiments, step S7 further includes: writing the generated signature result into a PDF document, so that each signature position forms an independent signature description structure. Specifically, the derived signature result or shared signature result is written into the corresponding signature position in the PDF document to generate a signature document that conforms to the PDF electronic signature specification, and each signature position after writing forms an independent signature description structure.
[0093] This invention provides a method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content. By judging whether multiple signing requests have signature equivalence based on the semantics of seal content, an independent signature result is generated under the premise that each signature location meets the PDF electronic signature verification requirements. By reusing the signature input data that can be shared during the signature calculation process, the number of repeated signature calculations is reduced, thereby significantly reducing the consumption of high-cost signature resources such as hardware cryptographic devices and remote signature services in multi-location signing scenarios and improving the overall signing efficiency.
[0094] Although the methods described above are illustrated and depicted as a series of actions for the sake of simplicity, it should be understood and appreciated that these methods are not limited by the order of the actions, as some actions may occur in a different order and / or concurrently with other actions from the illustrations and descriptions herein or not illustrated and described herein but which may be understood by those skilled in the art, according to one or more embodiments.
[0095] The present invention also proposes a PDF document multi-location electronic signature generation device based on seal content semantics, for performing the PDF document multi-location electronic signature generation method based on seal content semantics as described above.
[0096] Figure 4 A schematic diagram of a PDF document multi-location electronic signature generation device based on seal content semantics according to an embodiment of the present invention is disclosed, such as... Figure 4 As shown, the PDF document multi-location electronic signature generation device based on seal content semantics proposed in this invention includes: The signature request receiving module 41 is used to perform the operation of step S1, that is, to receive at least one PDF electronic signature request, wherein the signature request includes at least the PDF document to be signed, seal-related information and signature position-related parameters. The seal content uniqueness determination module 42 is connected to the signature request receiving module 41 and is used to perform the operation of step S2, that is, to process the seal-related information in the received signature request and generate a seal fingerprint for uniquely representing the semantics of the seal content. The signature equivalence determination module 43 is connected to the seal content uniqueness determination module 42 and is used to perform the operation of step S3, that is, to perform signature equivalence determination based on the seal fingerprint, determine whether multiple signature requests belong to the same signature equivalence group, and group them according to the determination result; The signature source data construction module 44 is connected to the signature equivalence determination module 43 and is used to perform the operation of step S4, that is, to construct the basic input data required for signature calculation for each signature equivalence group. The basic signature data template generation module 45 is connected to the signature source data construction module 44 and is used to perform the operation of step S5, that is, to generate a basic signature data template based on the basic input data, wherein each signature equivalence group generates a basic signature data template only once. The signature processing module 46 is connected to the basic signature data template generation module 45 and is used to perform the operation of step S6, that is, based on the basic signature data template, for each signature request in the signature equivalence group, a signature result that uniquely corresponds to the signature position is generated. The PDF writing module 47 is connected to the signature processing module 46 and is used to perform the operation of step S7, that is, to write the generated signature result into the corresponding signature position in the PDF document and generate a signature document that conforms to the PDF electronic signature specification.
[0097] Furthermore, the signature processing module 46 includes a derived signature generation module 461 and / or a signature result sharing module 462, which can be enabled independently or in combination according to actual business scenario requirements.
[0098] The derived signature generation module 461 is used to perform derivation processing on each signature request within the signature equivalence group based on the basic signature data template, generating a signature result that uniquely corresponds to the signature position of the signature request. This module corresponds to the derived signature generation method in the method embodiment and is a preferred implementation.
[0099] The signature result sharing module 462 is used to generate shared signature results corresponding to multiple signature requests within the same signature equivalence group based on the basic signature data template. This module corresponds to the signature result sharing method in the method embodiment and is suitable for specific scenarios with extremely high performance requirements and additional compliance control measures.
[0100] The aforementioned modules can be deployed on general-purpose servers, signature service nodes, or in a secure computing environment that works in conjunction with hardware cryptographic devices. In some embodiments, each module can adopt a modular design, supporting independent deployment, expansion, and maintenance, facilitating flexible adjustments according to business needs, and improving the system's scalability and maintainability. The data flow between modules is as follows: Figure 4 As shown by the middle arrow, the complete processing flow from receiving the signature request to writing the signature result is completed sequentially.
[0101] The following is combined with Figure 4 The apparatus shown illustrates the timing sequence of signature processing in a multi-signature request scenario. Figure 5 A timing diagram of multi-location electronic signature generation for PDF documents based on seal content semantics, according to an embodiment of the present invention, is disclosed, such as... Figure 5 As shown, the signature processing timing flow of this invention in a multi-signature request scenario includes the following steps: T101: Submit a signature request. Signature request A and signature request B are submitted to the signature service module respectively. Each signature request includes at least the PDF document to be signed, the seal image and its display parameters, and the corresponding signature position information. The signature service module consists of... Figure 4 The system is implemented collaboratively by multiple functional modules, such as the signature request receiving module 41 and the seal content uniqueness determination module 42.
[0102] T102: The signature service module determines the consistency of the seal and fingerprint. The signature service module calls... Figure 4 The uniqueness determination module 42 of the seal content in the signature request process processes the seal-related information in signature request A and signature request B respectively, and generates corresponding seal fingerprints. Then, the signature equivalence determination module 43 compares and analyzes the seal fingerprints, and determines that the seal fingerprints of the two signature requests are consistent, thereby determining that the signature requests belong to the same signature equivalence group.
[0103] T103: Construct a basic signature data template and initiate a signature request. After determining that multiple signature requests are equivalent, the signature service module calls... Figure 4 The signature source data construction module 44 and the basic signature data template generation module 45 in the system only construct the basic signature data template (BaseSignedData) once, and initiate a signature request to the signature calculation module based on the basic signature data template. The signature calculation module corresponds to […] in the overall system architecture. Figure 4 The derived signature generation module 461 or the signature result sharing module 462 in the middle.
[0104] T104: The signature calculation module returns the signature result data. Based on the received signature input data, the signature calculation module calls a hardware cryptographic device or a remote signature service to perform signature calculation, and returns the signature result data obtained from the signature calculation to the signature service module.
[0105] T105: Generate derived signatures and write them to different signature locations (derived signature mode). In derived signature mode, the signature service module calls... Figure 4 The derived signature generation module 461, based on the basic signature data template and the returned signature result data, injects corresponding byte range information and signature position-related parameters for different signature requests to generate derived signatures that correspond one-to-one with different signature positions (e.g., ...). Figure 5 (As shown in T1051 and T1052). Subsequently, the signature service module calls... Figure 4 The PDF writing module 47 writes the derived signatures to signature positions A and B in the PDF document, thereby generating multiple independent signature description units in the PDF document. In this way, each signature position corresponds to an independent signature description, and each signature result can be independently verified using a standard PDF electronic signature verification tool.
[0106] T106: Signature Result Sharing Mode (Comparison Explanation). In contrast, under signature result sharing mode, the signature service module calls... Figure 4 The signature result sharing module 462 in the document configures multiple signature description units to reference the same shared signature result, thereby creating a signing effect in which the same signature result is shared in multiple locations within the PDF document.
[0107] It should be noted that this invention preferably employs the aforementioned derived signature mode, rather than the signature result sharing mode. The derived signature mode can better guarantee the independence and compliance of the signature, and is adaptable to more business scenarios.
[0108] This disclosure also provides a PDF document multi-location electronic signature generation system based on seal content semantics, including a memory and a processor: The memory is used to store computer programs; The processor is configured to execute the PDF document multi-location electronic signature generation method based on seal content semantics provided in any of the above embodiments when the computer program is invoked.
[0109] Specifically, the memory may be a hard disk, random access memory (RAM), read-only memory (ROM), or other types of storage media, used to store program code and related data that implement the method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content according to the present invention. The processor may be a central processing unit (CPU), graphics processing unit (GPU), or other computing unit, used to execute the program code in the memory to implement the multi-location electronic signature generation operation for PDF documents.
[0110] In addition, the system may include input / output interfaces for receiving signature requests and outputting signed PDF documents. By combining the collaborative work of memory and processor, this system can efficiently complete multi-location electronic signature generation tasks, significantly reducing the consumption of high-cost signature resources such as hardware cryptographic devices and remote signature services, and improving overall signing efficiency.
[0111] This disclosure also provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content provided in any of the above embodiments.
[0112] The readable storage medium may include, but is not limited to: portable disk, hard disk, random access memory, read-only memory, erasable programmable read-only memory, optical storage device, magnetic storage device, or any suitable combination thereof.
[0113] This disclosure also provides a computer program product, including a computer program that, when executed by a processor, implements the method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content as described above.
[0114] The program code for executing the computer program product of this disclosure can be written in any combination of one or more programming languages, and the program code can be executed entirely on a user device, partially on a user device, as a stand-alone software package, partially on a user device and partially on a remote device, or entirely on a remote device.
[0115] The present invention proposes a method, apparatus, and system for generating multi-location electronic signatures for PDF documents based on the semantics of seal content, which has the following beneficial effects: 1) By constructing a basic signature data template and generating it only once for signature equivalence sets, the repetitive signature calculation operations are significantly reduced in scenarios where the same seal is signed in multiple locations; 2) By generating an independent signature description unit for each signature position through a derived signature generation method, performance optimization is achieved without changing the existing PDF signature verification mechanism; 3) By reusing the basic signature data template, the number of times signature computing resources are called is reduced, effectively saving high-cost signature resources such as hardware cryptographic devices and remote signature services; 4) Quickly determine signature equivalence and group signatures using seals and fingerprints, suitable for high-concurrency business scenarios such as multi-page contracts and batch signing.
[0116] As indicated in this application and claims, unless the context clearly indicates otherwise, the words "a," "an," "an," and / or "the" are not specifically singular and may include plural forms. Generally speaking, the terms "comprising" and "including" only indicate the inclusion of explicitly identified steps and elements, which do not constitute an exclusive list, and the method or apparatus may also include other steps or elements.
[0117] Those skilled in the art will understand that information, signals, and data can be represented using any of a variety of different techniques and skills. For example, the data, instructions, commands, information, signals, bits, symbols, and chips described throughout the above description can be represented by voltage, current, electromagnetic waves, magnetic fields or magnetic particles, light fields or optical particles, or any combination thereof.
[0118] Those skilled in the art will further appreciate that the various illustrative logic blocks, modules, circuits, and algorithm steps described in conjunction with the embodiments disclosed herein can be implemented as electronic hardware, computer software, or a combination of both. To clearly illustrate this interchangeability between hardware and software, the various illustrative components, blocks, modules, circuits, and steps are described above in a generalized manner in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the specific application and the design constraints imposed on the overall system. Those skilled in the art may implement the described functionality in different ways for each specific application, but such implementation decisions should not be construed as departing from the scope of the invention.
[0119] The various illustrative logic modules and circuits described in conjunction with the embodiments disclosed herein may be implemented or performed using a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. The general-purpose processor may be a microprocessor, but in alternatives, it may be any conventional processor, controller, microcontroller, or state machine. The processor may also be implemented as a combination of computing devices, such as a combination of a DSP and a microprocessor, multiple microprocessors, one or more microprocessors cooperating with a DSP core, or any other such configuration.
[0120] The steps of the methods or algorithms described in conjunction with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of both. The software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to a processor such that the processor can read and write information to / from the storage medium. In an alternative, the storage medium may be integrated into the processor. The processor and storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In an alternative, the processor and storage medium may reside as discrete components in the user terminal.
[0121] The above embodiments are provided for those skilled in the art to implement or use the present invention. Those skilled in the art can make various modifications or changes to the above embodiments without departing from the inventive concept of the present invention. Therefore, the protection scope of the present invention is not limited to the above embodiments, but should be the maximum scope that conforms to the innovative features mentioned in the claims.
Claims
1. A method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content, characterized in that, include: Step S1: Receive at least one PDF electronic signature request, wherein the signature request includes at least the PDF document to be signed, seal-related information, and signature position-related parameters; Step S2: Process the seal-related information in the received signature request to generate a seal fingerprint that uniquely represents the semantics of the seal content. Step S3: Perform signature equivalence determination based on the seal fingerprint, determine whether multiple signature requests belong to the same signature equivalence group, and group them according to the determination result; Step S4: For each signature equivalence group, construct the basic input data required for signature calculation; Step S5: Generate a basic signature data template based on the basic input data, wherein the basic signature data template is generated only once for each signature equivalence group; Step S6: Based on the basic signature data template, for each signature request within the signature equivalence group, generate a signature result that uniquely corresponds to the signature position; Step S7: Write the generated signature result into the corresponding signature position in the PDF document to generate a signature document that conforms to the PDF electronic signature specification.
2. The method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content according to claim 1, characterized in that, The seal-related information includes at least seal image data and seal display attributes; Step S2 further includes: Extract the seal image data and seal display attributes from the signature request; Seal image data and seal display attributes are calculated independently to generate corresponding image content summaries and display attribute summaries. The image content summary and the display attribute summary are combined according to a preset combination rule to generate the seal fingerprint.
3. The method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content according to claim 2, characterized in that, The seal image data is used to characterize the semantic content of the seal; The seal display attributes include at least one or more of the following: seal display size, seal rotation angle, seal transparency, and display parameters.
4. The method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content according to claim 2, characterized in that, The algorithm used for the digest calculation includes one or more of the following types: A hash function-based digest calculation algorithm; Summarization algorithms based on feature extraction; and A summary computation algorithm based on rule mapping.
5. The method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content according to claim 2, characterized in that, The preset combination rules include one or more of the following methods: The two summary results are combined; Weighted combination of the two summary results; and Perform a summary calculation again on the combined data.
6. The method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content according to claim 1, characterized in that, The signature equivalence determination in step S3 further includes: Compare the seal fingerprints corresponding to multiple signature requests; If the fingerprints of multiple signature requests are identical, then the multiple signature requests are determined to belong to the same signature equivalence group.
7. The method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content according to claim 1, characterized in that, The basic signature data template is a signature input source data that can be shared by multiple signature requests within the same signature equivalence group; The basic signature data template includes at least: original document content summary data, signature input data related to seal semantics, signature certificate information and signature strategy parameters.
8. The method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content according to claim 1, characterized in that, Step S6 is the derived signature generation method: The derived signature generation method includes, based on the basic signature data template, performing derivation processing on each signature request within the signature equivalence group to generate a signature result that uniquely corresponds to the signature position of the signature request.
9. The method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content according to claim 8, characterized in that, The derived signature generation method further includes: Obtain the basic signature data template corresponding to the same signature equivalence group; For each signature request within the signature equivalence group, the following steps are performed sequentially: Retrieve the signature position-related parameters corresponding to the current signature request; Based on the PDF document structure corresponding to the current signature request, calculate and inject the byte range information corresponding to the signature position; Based on the basic signature data template, and combined with the byte range information and the signature position-related parameters, a derivation process is performed to generate the derived signature input data. Based on the derived signature input data, perform signature calculation to generate a signature result that uniquely corresponds to the signature position; Based on the signature result, an independent PDF signature description unit is generated for the current signature position.
10. The method for generating multi-location electronic signatures for PDF documents based on the semantic meaning of seal content according to claim 1, characterized in that, Step S6 is a signature result sharing method; The signature result sharing method includes generating a shared signature result corresponding to multiple signature requests within the same signature equivalence group based on the basic signature data template.
11. The method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content according to claim 1, characterized in that, Step S7 further includes: The generated signature results are written into a PDF document, so that each signature location forms an independent signature description structure.
12. A PDF document multi-location electronic signature generation apparatus based on seal content semantics, used to execute the PDF document multi-location electronic signature generation method based on seal content semantics as described in any one of claims 1 to 11, characterized in that, The device includes: The signature request receiving module is used to perform step S1 in the method for generating multi-location electronic signatures for PDF documents. The module for determining the uniqueness of seal content is used to perform step S2 in the method for generating multi-location electronic signatures for PDF documents. The signature equivalence determination module is used to perform step S3 in the method for generating multi-location electronic signatures for PDF documents. The signature source data construction module is used to perform step S4 in the method for generating multi-location electronic signatures for PDF documents. The basic signature data template generation module is used to perform step S5 in the method for generating multi-location electronic signatures for PDF documents. The signature processing module is used to perform step S6 in the method for generating multi-location electronic signatures for PDF documents. The PDF writing module is used to perform step S7 in the method for generating multi-location electronic signatures for PDF documents.
13. The PDF document multi-location electronic signature generation device based on seal content semantics according to claim 12, characterized in that, The signature processing module includes a derived signature generation module and / or a signature result sharing module; The derived signature generation module is used to perform derivation processing on each signature request within the signature equivalence group based on the basic signature data template, and generate a signature result that uniquely corresponds to the signature position of the signature request. The signature result sharing module is used to generate shared signature results corresponding to multiple signature requests within the same signature equivalence group based on the basic signature data template.
14. A PDF document multi-location electronic signature generation system based on seal content semantics, characterized in that, include: Memory, used to store computer programs; A processor is configured to execute, when the computer program is invoked, the method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content as described in any one of claims 1 to 11.
15. A computer-readable storage medium having a computer program stored thereon, characterized in that, The computer program is executed by a processor to implement the method for generating multi-location electronic signatures for PDF documents based on the semantics of seal content as described in any one of claims 1 to 11.