CN101262344A - An efficient quick authorization electronic signature method - Google Patents

Abstract

The invention relates to a fast high-efficiency authorization method of electronic signature, which comprises the specific steps: 1) determining system parameters; 2) user registering; 3) client authorizing; 4) exerting electronic signature rights by agents; 5) verifying received data messages by receivers. Compared with previous various electronic signature methods, the fast high-efficiency authorization method of electronic signature of the invention not only successfully solves choke points of performance existed in the existing various methods, but also realizes safe and reliable authorization for electronic signature rights, ensuring that the clients can strictly control and restrict the agents to exert the rights within signature range. Besides, the fast high-efficiency authorization method of electronic signature of the invention also has comparatively high execution efficiency, is easy to be managed and able to resist against various known attacking methods, has high safety, can ensure the authenticity, safety, reliability and validity of data messages, can be widely applied to various software and hardware environments such as computers, communication networks, intelligent cards and mobile telephone, etc. and has good application prospect.

Description

A kind of authorization electronic signature method of efficient quick

Technical field

The invention belongs to the authorization electronic signature method of electric endorsement method in the filed of network information security, particularly a kind of efficient quick.

Background technology

In the every field relevant with information such as e-commerce system, electronic government affairs system, information safety system, network communicating system, electronic signature technology is one of extremely basic technology.It has simulated the function of real-life handwritten signature, not only have abilities such as authentication, source discriminating, resisting denying, anti-forgery, and can also carry out integrated authentication to the data text, and can guarantee authenticity, fail safe, reliability and the legitimacy of electronic message, thereby has very significant meaning for the normal operation of guarantee information system.In many countries, comprise China, electronic signature has all obtained jurally admitting.At present, effort through the lot of domestic and foreign scholar, many electric endorsement methods have appearred, for example: it is a kind of by the written handwriting of record user when utilizing wireless pen to carry out handwritten signature that application number is that 02153672.4 patent " a kind of signing and word-leaving method of utilizing wireless pen " discloses, with its method as document signature, but because this signature only is the simple simulation of handwritten signature, do not have direct relation with document content, therefore can't realize the 5th of China's Electronic Signature Law and the 13 defined integrality at all, resisting denying, anti-forgery waits the basic demand about the electronic signature legitimacy.Application number is that 01139001.8 patent " method for anti-counterfeit of electronic signature and device " then discloses a kind of electronic signature method for anti-counterfeit that is applied to bar code system, and its applicable surface is narrower.But all these methods all can not solve the delegable problem of electronic signature right.

In real world, people often need give reliable agent with some the signature assignable of authority of oneself, allow the agent represent and go to exercise these power in person.Entrust the conventional method of signature power to be to use seal, because seal can transmit between people neatly.Therefore, in the electronic signature field, we also are badly in need of a kind of method, realizing a kind of function that is similar to real-life seal and official seal, so that with oneself electronic signature right through committing others's method.

We find through retrieval, application number is that 200410052864.4 the patent method of delegable Electronic Signature safety " the stamped signature centralized management with " power of then will sign is all entrusted to believable OA system realize the signing delegable of power and operated, this method is at the OA system, take stamped signature centralized management system, the operation of realization delegable, therefore only can be applied to credible OA system, application surface is very narrow.Numerous safety issue such as in addition, this method exists also that signature can be forged, the integrality of document can't guarantee, the agent signs power is uncontrollable, trustee and agent can deny mutually.Application number be 200510019214.4 patent " a kind of authorization controlled electronic signature method " based on elliptic curve then by by believable third party's digital certificate service organization, a kind of safe and reliable authorization controlled electronic signature method based on elliptic curve of finding the solution difficulty based on the elliptic curve discrete logarithm problem on the finite field is provided.This method can make the trustee that scope of authority, signature time and signature number of times that the agent exercises electronic signature power are controlled reliably.

But all these methods all depend on a mechanism of trusted third party strongly as authentication center, in the course of work of electronic signature, need finish the generation or the authentication of electronic signature by user and authentication center by real-time, interactive, this has not only increased the weight of the work load of system greatly, reduce the operating efficiency of system, and seriously limited the promotion and application of electronic signature technology.

Used relational language is described as follows among the present invention:

According to the definition of the Electronic Signature Law of China, so-called electronic signature is meant in the electronic message to be used to discern signer's identity and to show that the signer approves the wherein data of content so that electronic form is contained, appended.And electronic message then is meant the information that generates, sends, receives or store with electronics, optics, electromagnetism or similar means.

The trustee refers to the signer who has original electronic signature power, and he can be as required, and oneself electronic signature assignable of authority is licensed to another signer, i.e. agent.

The agent refers to the delegable according to the trustee, exercises the signer of actual electronic signature power.

Authorization electronic signature refers to the delegable of agent according to the trustee, the electronic signature that the delegate people generates.

The recipient refers to the user who receives electronic message.

The digital certificate service organization that the third party that authentication center refers to is that set up according to the 17 of Electronic Signature Law, all approved by the parties is believable, provide the associated electrical authentication service, it can provide and meet Electronic Signature Law twenty-one provision defined electronic signature certificate.

KDC refers to the mechanism that is used for producing with user's cooperation client public key and proof of identification document thereof.

Summary of the invention

The objective of the invention is to deficiency, solve problems such as existing existing inefficiency of Proxy Signature Scheme and power control dynamics be weak, a kind of authorization electronic signature method of efficient quick is provided at prior art and method.

For achieving the above object, concrete steps of the present invention are:

First step: determine system parameters: selected at random big prime number p, the generator g of system is the positive integer less than p of a picked at random, and the private key of establishing KDC is SK _SA, SK wherein _SABe positive integer at random less than p-1, and corresponding PKI ${\mathrm{PK}}_{\mathrm{SA}}=g^{S{K}_{\mathrm{SA}}}\mathrm{mod}p;$

Second step: user registration: the trustee is by cooperating with the KDC, and the key that obtains oneself is to (SK _A, PK _A), finish registration process, concrete operations are as follows:

1) positive integer k of trustee's picked at random less than number p-1 _a, calculate the registration parameter $K_A=g^{k_a}\mathrm{mod}p,$ And send it to KDC;

2) the registration parameter K of being submitted to by the trustee is being received by KDC _AAfterwards, positive integer k of picked at random, calculating trustee's PKI PK less than number p-1 _A=K _A* g ^kMod p;

3) KDC is according to trustee's PKI PK _A, content such as trustee's identity information id, proof of identification document sequence number sn and the self information SA of KDC, generate relevant trustee's proof of identification document ID _A, i.e. ID _A=(PK _A, id, sn, SA);

4) certificate parameter S calculates according to the hash digest algorithm Hash () of the prior agreement of system in KDC _a=(Hash (ID _A) * k+SK _SA) mod r, and with key parameter (ID _A, s _a) send to the trustee;

5) trustee is receiving the key parameter (ID that is sent by KDC _A, s _a) after, therefrom separate out oneself PKI PK _APKI PK with KDC _SAEtc. information, verify equation then $g^{s_a}={\mathrm{PK}}_{\mathrm{SA}}\×{({\mathrm{PK}}_A/K_A)}^{\mathrm{Hash}\left({\mathrm{ID}}_A\right)}\mathrm{mod}p$ Whether set up; If set up, then carry out this step

The 6th) step; If be false, should require KDC to resend key parameter;

6) trustee is according to the key parameter (ID that is received _A, s _a), calculate the private key SK of oneself _A=s _a+ Hash (ID _A) * k _a, then trustee's key is to being (SK _A, PK _A);

Third step: the trustee carries out delegable: when the trustee because of certain reason, need delegable agent delegate people in specified scope to exercise electronic signature during power, carry out following operation: 1) positive integer k of agent's picked at random less than p-1 _b, calculate random parameter $K_B=g^{k_b}\mathrm{mod}p,$ And with its transmission trustee;

2) trustee is receiving the random parameter K that is submitted to by the agent _BAfterwards, positive integer k of picked at random less than p-1 ', calculate and entrust parameter Q _p=K _B* g ^k' mod p;

3) trustee generates the power of attorney A that is used to limit procuratorial signature authority _p, comprising the SA of KDC, the extent of competence S of delegable that power of attorney's sequence number sn ', agreement are arranged _p, entrust parameter Q _p, the trustee identity information ID _AWith contents such as procuratorial identity information id ', i.e. A _p=(sn ', SA, S _p, Q _p, ID _A, id ');

4) trustee calculates and authorizes the effect parameter s according to the hash digest algorithm Hash () of the prior agreement of system _Bp=(Hash (A _p) * k '+SK _A) mod r, and will entrust request (A _p, s _Bp) send to the agent;

5) agent is receiving trust request (A _p, s _Bp) after, therefrom separate out and entrust parameter Q _p, trustee's identity information ID _A, trustee's PKI PK _AEtc. information, verify equation then $g^{s_{\mathrm{bp}}}={\mathrm{PK}}_{\mathrm{SA}}\×{{\mathrm{PK}}_A}^{\mathrm{Hash}\left({\mathrm{ID}}_A\right)}\×{(Q_p/K_B)}^{\mathrm{Hash}\left(A_p\right)}\mathrm{mod}p$ Whether set up; If set up, illustrate that then this delegable information is effectively, accepted, and carry out this step the 6th) step; If be false, should require the trustee to resend and entrust request;

6) authorization electronic signature private key SK is calculated in agent's request of accepting commission _p=s _Bp+ Hash (A _p) * k _bSo far, the trustee has finished the delegable process that authorized agent delegate people in specified scope exercises electronic signature power, and the agent can exercise electronic signature power according to scope of authority delegate people;

The 4th step: the agent exercises electronic signature power: when the delegate people exercises electronic signature power to electronics document m in the agent need the agent authority of power at oneself, carry out following operation:

1) agent utilizes authorization electronic signature private key SK _pWith the power of attorney A that is received _p, ordinary electronic endorsement method by appointment is to message (m, A _p) carry out the ordinary electronic signature, can get ordinary electronic signature S '=Sig (SK _p, m, A _p), then agent's delegate people to the authorization electronic signature that message m generated be S=(S ', A _p);

2) agent combines electronics document m and authorization electronic signature S, and formation electronic message M=(m, S);

The 5th step: the electronic message that recipient checking is received: when the recipient need check received, during by the legitimacy of the electronic message of agent's delegate people signature, carry out following operation:

1) recipient separates out m, S, A from the electronic message M that is received _pAnd Q _pEtc. parameter, calculate the authorization electronic signature verification public key ${\mathrm{PK}}_p={\mathrm{PK}}_{\mathrm{SA}}\×{{\mathrm{PK}}_A}^{\mathrm{Hash}\left({\mathrm{ID}}_A\right)}{\×Q_p}^{\mathrm{Hash}\left(A_p\right)}\mathrm{mod}p;$

2) recipient is according to power of attorney A _pCheck agent's message m of whether having the right to sign, i.e. the authorization electronic signature behavior of whether carrying out in the signature scope that limits if check and do not pass through, illustrates that then this authorization electronic signature is invalid;

3) recipient utilizes the ordinary electronic endorsement method of agreement, the legitimacy of the authorization electronic signature S that checking is received, i.e. discriminant function Ver ((m, A _p), S ', PK _p) value whether be true; If value is for true, then this authorization electronic signature is legal; Otherwise then this authorization electronic signature is illegal.

Compare with various electric endorsement methods before, the present invention has not only successfully solved existing various with existing performance bottle top in the class methods, and can realize electronic signature power is carried out safe and reliable delegable, make the trustee can strictly control the restriction agent and exercise the scope of signature.The present invention not only meets the Electronic Signature Law defined to the integrality, resisting denying of electronic signature, anti-basic demand of forging etc. about the electronic signature legitimacy, and possesses very strong unforgeable, well outstanding character such as identity and very strong non-repudiation and the ability that prevents agent's abuse of the power of agency power.

In addition, the present invention also possesses higher execution efficient, be easy to management, can resist various known attack methods, fail safe is very high, can guarantee authenticity, fail safe, reliability and the legitimacy of electronic message, can be widely used in various hardware environments such as computer, communication network, smart card, mobile phone, and every field such as e-commerce system, electronic government affairs system, information safety system, network communicating system, have good application prospects.

Embodiment

The invention will be further described below in conjunction with embodiment, but this embodiment should not be construed as limitation of the present invention.

System parameters: the big prime number p of selected one 1024 bit, and one less than the positive integer g of the p generator as system.Wherein:

p＝90263322638969161970869742926721592962852572876235477183189752231195515533726904774806425078297159311040039025083724608201473900514798177649413646622847127140417251504188523770133414476670262136197211023159073004450926935634808641348120991607495697378686487079903542524301817273543299305270754191090084623071

g＝17678187918937189425425129762265348404304624186638463475929096597991555069648770683672843412379273268176113845487788768161966012911937393135864623398161

If the private key of KDC is SK _SA, be the positive integer at random less than p-1, the PKI that it is corresponding ${\mathrm{PK}}_{\mathrm{SA}}=g^{{\mathrm{SK}}_{\mathrm{SA}}}\mathrm{mod}p.$

System agreement is used the hash digest algorithm of MD5 algorithm as agreement, and the DSA algorithm is as the ordinary electronic signature algorithm, and operates by concrete steps of the present invention, can finish the flow process of authorization electronic signature.

Clearly, the present invention is not limited to the foregoing description, but can change under the situation that does not break away from invention scope and thought and revise.

The present invention is based on the difficulty of finding the solution discrete logarithm problem on the finite multiplicative group, by power of attorney, original signer identity and proxy signers identity are organically combined, need not the help at third party's authentic authentication center, only need single stepping can finish all verification operations to the public key certificate that comprises the trustee, procuratorial public key certificate, power of attorney and authorization electronic signature, but also can help the trustee to realize that the scope of authority of the agent being exercised electronic signature power control effectively, and prevents agent's abuse of the power of agency power.

The content that this specification is not described in detail belongs to and well known to a person skilled in the art prior art.

Claims (1)

1, a kind of authorization electronic signature method of efficient quick, its concrete steps are:

First step: determine system parameters: selected at random big prime number p, the generator g of system is the positive integer less than p of a picked at random, and the private key of establishing KDC is SK _SA, SK wherein _SABe positive integer at random less than p-1, and corresponding PKI ${\mathrm{PK}}_{\mathrm{SA}}=g^{S{K}_{\mathrm{SA}}}\mathrm{mod}p;$

Second step: user registration: the trustee is by cooperating with the KDC, and the key that obtains oneself is to (SK _A, PK _A), finish registration process, concrete operations are as follows:

1) positive integer k of trustee's picked at random less than number p-1 _a, calculate the registration parameter $K_A=g^{k_a}\mathrm{mod}p,$ And send it to KDC;

2) the registration parameter K of being submitted to by the trustee is being received by KDC _AAfterwards, positive integer k of picked at random, calculating trustee's PKI PK less than number p-1 _A=K _A* g ^kMod p;

3) KDC is according to trustee's PKI PK _A, content such as trustee's identity information id, proof of identification document sequence number sn and the self information SA of KDC, generate relevant trustee's proof of identification document ID _A, i.e. ID _A=(PK _A, id, sn, SA);

4) certificate parameter S calculates according to the hash digest algorithm Hash () of the prior agreement of system in KDC _a=(Hash (ID _A) * k+SK _SA) mod r, and with key parameter (ID _A, s _a) send to the trustee;

5) trustee is receiving the key parameter (ID that is sent by KDC _A, s _a) after, therefrom separate out oneself PKI PK _APKI PK with KDC _SAEtc. information, verify equation then $g^{s_a}={\mathrm{PK}}_{\mathrm{SA}}\×{({\mathrm{PK}}_A/K_A)}^{\mathrm{Hash}\left({\mathrm{ID}}_A\right)}\mathrm{mod}p$ Whether set up; If set up, then carry out this step

The 6th) step; If be false, should require KDC to resend key parameter;

6) trustee is according to the key parameter (ID that is received _A, s _a), calculate the private key SK of oneself _A=s _a+ Hash (ID _A) * k _a, then trustee's key is to being (SK _A, PK _A);

Third step: the trustee carries out delegable: when the trustee because of certain reason, need delegable agent delegate people in specified scope to exercise electronic signature during power, carry out following operation:

1) positive integer k of agent's picked at random less than p-1 _b, calculate random parameter $K_B=g^{k_b}\mathrm{mod}p,$ And with its transmission trustee;

2) trustee is receiving the random parameter K that is submitted to by the agent _BAfterwards, positive integer k of picked at random less than p-1 ', calculate and entrust parameter Q _p=K _B* g ^k' mod p;

3) trustee generates the power of attorney A that is used to limit procuratorial signature authority _p, comprising the SA of KDC, the extent of competence S of delegable that power of attorney's sequence number sn ', agreement are arranged _p, entrust parameter Q _p, the trustee identity information ID _AWith contents such as procuratorial identity information id ', i.e. A _p=(sn ', SA, S _p, Q _p, ID _A, id ');

4) trustee calculates and authorizes the effect parameter S according to the hash digest algorithm Hash () of the prior agreement of system _Bp=(Hash (A _p) * k '+SK _A) mod r, and will entrust request (A _p, S _Bp) send to the agent;

5) agent is receiving trust request (A _p, S _Bp) after, therefrom separate out and entrust parameter Q _p, trustee's identity information ID _A, trustee's PKI PK _AEtc. information, verify equation then $g^{s_{\mathrm{bp}}}={\mathrm{PK}}_{\mathrm{SA}}\×{{\mathrm{PK}}_A}^{\mathrm{Hash}\left({\mathrm{ID}}_A\right)}\×{(Q_p/K_B)}^{\mathrm{Hash}\left(A_p\right)}\mathrm{mod}p$ Whether set up; If set up then explanation

This delegable information is effectively, accepted, and carry out this step the 6th) step; If be false, should require the trustee to resend and entrust request;

6) authorization electronic signature private key SK is calculated in agent's request of accepting commission _p=S _Bp+ Hash (A _p) * k _bSo far, the trustee has finished the delegable process that authorized agent delegate people in specified scope exercises electronic signature power, and the agent can exercise electronic signature power according to scope of authority delegate people;

The 4th step: the agent exercises electronic signature power: when the delegate people exercises electronic signature power to electronics document m in the agent need the agent authority of power at oneself, carry out following operation:

1) agent utilizes authorization electronic signature private key SK _pWith the power of attorney A that is received _p, ordinary electronic endorsement method by appointment is to message (m, A _p) carry out the ordinary electronic signature, can get ordinary electronic signature S '=Sig (SK _p, m, A _p), then agent's delegate people to the authorization electronic signature that message m generated be S=(S ', A _p);

2) agent combines electronics document m and authorization electronic signature S, and formation electronic message M=(m, S);

The 5th step: the electronic message that recipient checking is received: when the recipient need check received, during by the legitimacy of the electronic message of agent's delegate people signature, carry out following operation: 1) recipient separates out m, S, A from the electronic message M that is received _pAnd Q _pEtc. parameter, calculate the authorization electronic signature verification public key ${\mathrm{PK}}_p={\mathrm{PK}}_{\mathrm{SA}}\×{{\mathrm{PK}}_A}^{\mathrm{Hash}\left({\mathrm{ID}}_A\right)}\×{Q_p}^{\mathrm{Hash}\left(A_p\right)}\mathrm{mod}p;$

2) recipient is according to power of attorney A _pCheck agent's message m of whether having the right to sign, i.e. the authorization electronic signature behavior of whether carrying out in the signature scope that limits if check and do not pass through, illustrates that then this authorization electronic signature is invalid;

3) recipient utilizes the ordinary electronic endorsement method of agreement, the legitimacy of the authorization electronic signature S that checking is received, i.e. discriminant function Ver ((m, A _p), S ', PK _p) value whether be true; If value is for true, then this authorization electronic signature is legal; Otherwise then this authorization electronic signature is illegal.