| Electronic signature system is the main online government and business handling platform in the Internet era.With the growth of the number of online businesses,the electronic signature system is used by more and more users,and the handling of online businesses has become inevitable.With the rapid development of the electronic signature system,many problems followed,such as the authentication security of user identity,the internal data security of the system,the security of the electronic signature,the internal risk control of the system when users use the system,and other issues need to be addressed.In this thesis,the user authentication and internal security problems faced by the electronic signature system are studied and a biometric-based electronic signature system is designed.Different from the traditional electronic signature system,this system guarantees the non-repudiation,anti-counterfeiting and anti-theft characteristics of the electronic seal generated in the system by combining the biological characteristics with the electronic seal,and displays it in the form of QR code.When the user signs up,the system will extract the finger vein feature of the user and generate it together with other signing information into an electronic seal.With the help of finger vein feature,which is the characteristic of biological feature in living body,the feature value extracted each time is different and cannot be stolen or forged.Therefore,the electronic seal generated by the system each time represents the user’s recognition attitude when signing a contract,and ensures the non-repudiation of the electronic seal.In addition to the biometrics,the system adds the information related to the contract(contract text,place,time,and subjects of both parties)to the electronic seal,so that the electronic seal can be associated with the corresponding contract information,so that the seal will not be diverted to other contracts,ensuring the anti-theft and anti-counterfeit characteristics of the electronic seal.The system is implemented in the way of microservice architecture.Each functional module is independent of each other and packaged into different microservices.The system consists of five modules,namely:background service module,authentication and authorization module,data storage module,seal management module,and risk control module.Each module is responsible for different services,and the authentication and authorization module is responsible for the user’s identity authentication and authority granting,including the intravenous authentication and key,security authentication,and granting different levels of operation authority for different authentication methods.The data storage module is responsible for the internal data storage and collection of the system,which is composed of three parts:distributed storage module,RocketMQ message queue and MySQL database.The distributed storage module is responsible for storing the user’s sensitive information,such as vein template and security issues.The consistency of the information stored internally will be checked when reading.If there is a problem with the data,an alarm operation will be carried out and the administrator will be notified for processing.RocketMQ is responsible for collecting and caching user behavior logs and inputting them to different downstream consumers.MySQL database is responsible for storing system state information and persistent user logs.The seal management module is responsible for the generation and inspection of seals.The risk control module is used to process and analyze the behavior log generated by users when using the system,and detect whether the user has any operation behavior that affects the system and user risk through the behavior log.If there is any relevant behavior,the system administrator and relevant users will be alerted in time to reduce the internal risk.At the same time,all alarm information will be recorded to facilitate the system administrator to trace the internal status of the system,handle abnormal problems. |
PDF Full Text Request