Digital document editing techniques as part of electronic signature collection are described. These techniques support a single unified workflow in which comments and edits may be made as part of collecting an electronic signature. In this way, user and computational efficiency may be increased over conventional techniques that require initialization of the electronic signature collection workflow any time a comment or change is to be made to a digital document. Further, the comments and edits may be incorporated as part of audit trail associated with the electronic signature, thus increasing effectiveness of the electronic signature in providing supporting evidence of signature validity by documenting changes made to the digital document by one or more of the parties that sign the document.

Aspects include accessing, by a processing system, one or more data records and a metadata record. The metadata record includes a first digital signature associated with the one or more data records. One or more additional digital signatures associated with the one or more data records are generated, where the first digital signature and the one or more additional digital signatures are generated based on applying at least one different digital signature generation aspect with respect to the one or more data records. The one or more additional digital signatures are stored in the metadata record.

A system, method, and apparatus for distributed extensible blockchain structures is provided. A system includes a parent blockchain. The parent blockchain includes a first block including first content, the first block stored at a first location, and a second block stored at a second location different than the first location. The second block includes second content and a first SignerInfo element. The first SignerInfo element includes a hash on the second content, a hash on the first content of the first block, a pointer to the first location of the first block, and a first SignatureValue element generated by digitally signing at least the hash on the second content, the hash on the first content, and the pointer to the first location.

A signature generation method performed by an electronic apparatus is provided. A message abstract is generated according to a to-be-signed message and eigenvalues of a plurality of signature parties, an eigenvalue of a signature party being based on a random number of the signature party. Public keys and sub signatures of the plurality of signature parties are obtained, and a sub signature of the signature party is based on the random number of the signature party, the message abstract, and private keys of the plurality of signature parties. An aggregation public key is generated according to the public keys of the plurality of signature parties, and a length of the aggregation public key is less than a length of the plurality of public keys after splicing. An aggregation signature is generated according to a sum value of the plurality of sub signatures and the message abstract.

The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

The purpose of the present invention is to facilitate utilization of digital signature. First, a device 120 acquires data to be signed and a signature (S501). Then, the device 120 verifies the signature by determining, using a public key, whether the signature has been given by an owner of the public key (S502). The verification of the signature may be performed at a verification apparatus (not shown) that the device 120 can access, and the verification result may be returned to the device 120. When the verification of the signature has been successful, the device 120 displays a document image 201 with a predetermined seal overlaid, on the display of the device 120 (S503). In this way, the user of the device 120 can visually confirm that the digital signature has been given by someone having approval authority.

One or more embodiments of the present specification provide blockchain-based transaction methods, apparatuses, and electronic devices. A target transaction sent by a node device of a transaction initiator is received. An account of the transaction initiator corresponds to a plurality of public keys, and the target transaction includes transaction content and a digital signature. The digital signature is created by using one or more private keys corresponding to the plurality of public keys of the account and is created based on at least a part of the transaction content. The target transaction is verified, including verifying whether the digital signature is valid. In response to a successful verification, the target transaction is recorded to a distributed database of a blockchain based on a consensus rule of the blockchain.

Techniques are provided for using tokenization in conjunction with “behind-the-wall” JWT authentication. “Behind-the-wall” JWT authentication refers to JWT authentication techniques in which the JWT stays exclusively within the private network that is controlled by the web application provider. Because the JWT stays within the private network, the security risk posed by posting the JWT in a client cookie is avoided. However, because JWT is used behind-the-wall to authenticate a user with the services requested by the user, the authentication-related overhead is significantly reduced.

Techniques are provided for using tokenization in conjunction with “behind-the-wall” JWT authentication. “Behind-the-wall” JWT authentication refers to JWT authentication techniques in which the JWT stays exclusively within the private network that is controlled by the web application provider. Because the JWT stays within the private network, the security risk posed by posting the JWT in a client cookie is avoided. However, because JWT is used behind-the-wall to authenticate a user with the services requested by the user, the authentication-related overhead is significantly reduced.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.