Overall architecture diagram of electronic signature system
As shown in the above figure, the whole electronic signature platform system consists of digital certificate authentication system (PKI/CA system), electronic seal management subsystem, electronic signature authentication subsystem and client electronic signature software. The overall architecture of the system includes "three horizontal" and "two vertical".
"Three horizontal" includes:
Support layer: it is the existing PKI infrastructure. Electronic signature system is an application-oriented security platform system based on PKI system, which is integrated with PKI from two levels through interfaces. First, the police USBKEY is used, and then the authentication, signature and encryption based on digital certificate are carried out.
Management: it is the core of the whole electronic signature system and the basic platform for all kinds of public security application systems to apply electronic signatures. Comprises an electronic signature authentication system and an electronic seal management system. The management of key disk distribution, seal application, approval, production, electronic seal distribution, authorization/re-authorization, loss reporting/cancellation, and destruction of electronic seal, as well as the maintenance and management of electronic seal impression picture library, provide the audit management function of electronic seal use, which is the guarantee for the safe use of electronic seal by all application systems.
Application layer: The application layer mainly includes two parts. One is public security business information system, such as police platform and office automation system (OA). The other is the electronic signature application support system, which can satisfy the seal of official documents in various public security application systems, such as MS Office(Word & amp; Excel) signature, wps signature, pdf signature, web signature, form signature, etc.
"Two vertical" includes:
Management system: The application system must have corresponding management norms when adopting electronic signature, including signature application norms, signature making norms and signature use norms. As the most important supplier of electronic signature system in the public security industry, Beijing Anzhengtong Company has rich experience in the management and use of electronic seals in the public security industry. During the deployment of the system, we will work with relevant departments to formulate the Regulations on the Management and Use of Electronic Seals according to specific conditions to strengthen the management of electronic seals by organs.
Security system: As an application security support platform system, electronic signature system should have a perfect security system, which mainly includes security management, safe operation and security technology. In terms of safety management, after winning the bid, we will refer to the management and use standards of electronic seals already formulated by other public security systems and assist in formulating the management and use standards of electronic seals. Technically, mature technology will be adopted to realize the cluster deployment of electronic seal servers, realize load balancing and data synchronization, and ensure the safe and stable operation of the system.
On the basis of not affecting the existing business system process, the electronic signature client software is embedded into various files and legal documents in the application-level business system, and the electronic signature is organically integrated with the business system and PKI/PMI system to achieve "strengthening management and ensuring security" from top to bottom and from inside to outside.
The specific functions of each part are summarized as follows:
1) public security CA system: it mainly realizes the functions of digital certificate application, approval, issuance, destruction and update. At present, PKI infrastructure has been built, and the digital certificates required by the electronic signature system in this bidding scheme are uniformly issued and managed by CA system.
2) Electronic seal management subsystem: it mainly completes the application, approval and production of electronic seals, the issuance, authorization/re-authorization, loss reporting/cancellation and destruction management of electronic seals, and the maintenance and management of electronic seal impression picture library. At the same time, it provides the audit management function of electronic seal usage-recording in detail when and where the signer stamped or revoked which electronic seal. Through the "user-role-authority" three-dimensional authority management model, different people are given different roles, and then different access rights are allocated, so that the authority to apply for, make and manage seals is allocated to different people, thus strengthening the seal safety management from the process and ensuring the authenticity and reliability of the seal source from the perspective of seal management. At present, the public security key has been issued to the police, and the system supports two modes: local chapter making and remote chapter making, which is convenient for making electronic seals and electronic signatures without affecting the normal use of existing business systems.
3) Electronic signature authentication subsystem: including electronic seal authentication module, thousands of pages (forms) server-side component and information encryption and decryption component, which verifies all electronic signature requests and seal verification requests online, ensures that only legal signers can sign, and provides identity authentication function.
4) Client electronic signature software: Electronic signature client software is the software directly used by signers to realize electronic signature operation, including Word signature software, Excel signature software, PDF/DSF signature software, WPS signature software, WEB signature software (including html and winform forms) and electronic signature middleware.
As can be seen from the above overall architecture, the electronic signature system is an electronic signature platform system with reasonable system architecture and strict authentication system, which can support the requirements of all application information systems for electronic signatures.