CN101588364B - Signature method, device and system thereof - Google Patents

Signature method, device and system thereof Download PDF

Info

Publication number
CN101588364B
CN101588364B CN2009100812963A CN200910081296A CN101588364B CN 101588364 B CN101588364 B CN 101588364B CN 2009100812963 A CN2009100812963 A CN 2009100812963A CN 200910081296 A CN200910081296 A CN 200910081296A CN 101588364 B CN101588364 B CN 101588364B
Authority
CN
China
Prior art keywords
information
checking
main frame
cipher key
intelligent cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2009100812963A
Other languages
Chinese (zh)
Other versions
CN101588364A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN2009100812963A priority Critical patent/CN101588364B/en
Publication of CN101588364A publication Critical patent/CN101588364A/en
Application granted granted Critical
Publication of CN101588364B publication Critical patent/CN101588364B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The present invention discloses a signature method, a device and a system thereof. The invention relates to the field of information safety, and settles a technical problem that the digital signature of the subscriber is pirated by other person in the prior art. In the embodiment of the invention, after a host computer receives the transaction information input by the user, the validation information is generated, the transaction message is generated with the validation information, etc. and furthermore the transaction message is transmitted to the USB Key. The USB Key receives the transactionmessage transmitted from the host computer, extracts the validation information in the transaction message and informs the user for checking the validation information. When a confirming signal trans mitted from the user is received, the USB Key executes digital signature to the transaction message and transmits the digital signature to the host computer. A server is used for receiving the digitalsignature and the transaction message transmitted from the host computer and checks the digital signature. When the checking is successful, the server extracts the validation information from the tra nsaction message and checks the extracted validation information. The embodiment of the invention is mainly applied for the aspect of information safety.

Description

Endorsement method, equipment and system
Technical field
The present invention relates to information security field, relate in particular to a kind of endorsement method, equipment and system.
Background technology
At present, the transmission of network file, internet bank trade have become people's life or part of work.Therefore the fail safe of network just becomes the focus that people pay close attention to more.
Can digital signature technology not appearred by people's malicious modification in order to ensure network data in transmission course.Digital signature technology promptly carries out the technology of authentication.Along with the development and the application of this technology, in the process that bank concludes the business especially on the net, the signature process of data has been developed into and can in a kind of intelligent cipher key equipment, carry out.The process that the signature of data is carried out in intelligent cipher key equipment mainly comprises: main frame sent to intelligent cipher key equipment inside with data earlier before data are mail to server, again in the inner signature process of accomplishing data of intelligent cipher key equipment.Guarantee the fail safe of data message with this.
But the inventor finds to exist at least in the prior art following problem in above-mentioned signature process: before signing to data in intelligent cipher key equipment inside; These data still are to re-send in the intelligent cipher key equipment through after the processing of main frame; If this moment, main frame was invaded by hacker or virus; Sent to data in the intelligent cipher key equipment by main frame so and still have the possibility of being distorted with intercepting; This just causes user's digital signature to be falsely used easily, to such an extent as to can't guarantee the fail safe of data message.
Summary of the invention
Embodiments of the invention provide a kind of method, equipment and system of signature, prevent that user's digital signature from being falsely used, and improve the fail safe of data message.
For achieving the above object, embodiments of the invention adopt following technical scheme:
A kind of endorsement method, made an appointment between main frame, intelligent cipher key equipment and the server three check information identifier after, this method comprises:
Said main frame and said intelligent cipher key equipment connect;
Said main frame receives the Transaction Information of user's input, comprises critical field in the said Transaction Information;
Said main frame generates the information of checking according to the critical field in the said Transaction Information;
Said main frame generates transaction message according to said Transaction Information, contains the said information of checking in the said transaction message;
Said main frame sends to said intelligent cipher key equipment with said transaction message;
Said host waits receives the feedback of checking of said intelligent cipher key equipment transmission;
Said intelligent cipher key equipment receives the transaction message that said main frame is sent;
Said intelligent cipher key equipment extracts from the said transaction message that receives and checks information;
Said intelligent cipher key equipment notifies the user to check checking information;
If said intelligent cipher key equipment receives the affirmation information that the user sends in the time of making an appointment, then said intelligent cipher key equipment carries out digital signature to said transaction message;
Said digital signature is sent to main frame as checking feedback;
If said intelligent cipher key equipment receives the error message that the user sends in the time of making an appointment, the information that the information of then will checking is made mistakes sends to main frame as checking feedback;
If said main frame receives the feedback of checking that intelligent cipher key equipment sends in the time of making an appointment, and this is when checking feedback and being specially digital signature, and said main frame sends said digital signature and said transaction message to said server;
Said server receives main frame and sends digital signature and transaction message, comprises the information of checking in the said transaction message, checks information identifier and Transaction Information;
Said server is verified said digital signature;
If verify successfully, then from said transaction message, extract the information of checking;
Said server is verified the said information of checking;
If authentication failed, the information that then will comprise the digital signature authentication failure sends to main frame.
Wherein, said main frame generates said transaction message according to said Transaction Information and is specially:
Said main frame is according to saidly checking information, checking information identifier and said Transaction Information generates said transaction message.
Wherein, if said main frame receives the feedback of checking that intelligent cipher key equipment sends in the time of making an appointment, and this is when checking feedback and being specially the information that the information of checking makes mistakes, and then this method also comprises:
Said main frame sends the cancellation operational order to said intelligent cipher key equipment;
Said intelligent cipher key equipment shut-down operation, and the information of having cancelled to said main frame transmit operation;
Said main frame receives the information that the operation of said intelligent cipher key equipment report has been cancelled.
Wherein, if said main frame does not receive the feedback of checking of intelligent cipher key equipment transmission in the time of making an appointment,
Then this method also comprises:
Said main frame sends the cancellation operational order to said intelligent cipher key equipment;
Said intelligent cipher key equipment shut-down operation, and the information of having cancelled to said main frame transmit operation;
Said main frame receives the information that the operation of said intelligent cipher key equipment report has been cancelled.
Wherein, this method also comprises:
Said main frame can send the cancellation operational order to said intelligent cipher key equipment at any time when waiting for that receiving the intelligent cipher key equipment transmission checks feedback information;
Said intelligent cipher key equipment cancellation is operated and is cancelled to main frame report operation;
Said main frame receives the information that the operation of said intelligent cipher key equipment report has been cancelled.
Wherein, this method also comprises:
The information that comprises the digital signature authentication failure that said main frame reception server is sent.
Wherein, this method also comprises:
If said intelligent cipher key equipment does not receive the feedback of checking that the user sends in the time of making an appointment, then said intelligent cipher key equipment shut-down operation, and the information of having cancelled to said main frame transmit operation.
Wherein, said transaction message comprises the information of checking, checks information identifier and Transaction Information; Said intelligent cipher key equipment extracts the information of checking from said transaction message method is specially:
Said intelligent cipher key equipment extracts from said transaction message and checks information according to checking information identifier.
Wherein, the said user of notice checks and comprises checking information:
Said intelligent cipher key equipment shows the said information of checking through display; Wait for user input signal; Perhaps,
Said intelligent cipher key equipment is play the said information of checking through speech player; Wait for user input signal.
Wherein, this method also comprises:
When said checking comprises new line when symbol in the information, the new line symbol that runs into is carried out new line;
Then saidly show that through display the said information of checking is: said intelligent cipher key equipment shows through the information of checking of display after with said new line.
Wherein, comprise critical field in the said transaction message; Said the said information of checking verified and comprised:
Said server extracts critical field from said transaction message;
Form checking with said critical field and check information;
Judge whether information is checked in said checking identical with the information of checking of said extraction;
If the result who judges is identical, then check the Information Authentication success;
Otherwise, check the Information Authentication failure; Perhaps
Server becomes corresponding critical field with the information translation of checking of said extraction;
Judge whether the critical field that comprises in said corresponding critical field and the said transaction message is identical;
If the result who judges is identical, then check the Information Authentication success;
Otherwise, check the Information Authentication failure.
A kind of signature system comprises: main frame, intelligent cipher key equipment and server, and made an appointment between the three and checked information identifier;
Said main frame is used for connecting with intelligent cipher key equipment, and receives the Transaction Information of user's input; Comprise critical field in the said Transaction Information; After receiving said Transaction Information, generate the information of checking according to the critical field in the said Transaction Information, with saidly checking information, checking information identifier and Transaction Information generation transaction message; Send said transaction message to intelligent cipher key equipment, and wait for and receive the feedback of checking that said intelligent cipher key equipment sends;
Said intelligent cipher key equipment is used to receive the transaction message that main frame is sent, and extracts the information of checking in the said transaction message; After information is checked in extraction, notify the user to check, when receiving the affirmation signal that the user sends to checking information; Said transaction message is carried out digital signature; And said digital signature sent to main frame as checking feedback, when receiving the rub-out signal that the user sends, the information that the information of checking is made mistakes sends to main frame as checking to feed back; When receiving the cancellation operational order of main frame transmission, cancellation is operated and is cancelled to main frame report operation;
Said server is used to receive main frame and sends digital signature and transaction message, comprises the information of checking in the said transaction message, checks information identifier and Transaction Information; Said digital signature is verified; When the digital signature authentication success, from said transaction message, extract and check information, and the information of checking of said extraction is verified; When digital signature authentication was failed, the information that will comprise the digital signature authentication failure sent to main frame.
Wherein, when said intelligent cipher key equipment sent digital signature to main frame, said main frame also was used to receive the digital signature that intelligent cipher key equipment is sent, and said digital signature and transaction message are sent to server;
When said intelligent cipher key equipment sends information that the information of checking makes mistakes to main frame; Said main frame also is used to receive the information that the information of checking that intelligent cipher key equipment sends is made mistakes; And send the instruction of cancellation operation, and receive the information that said intelligent cipher key equipment report operation has been cancelled to said intelligent cipher key equipment;
When do not receive in the time that said main frame is being made an appointment that said intelligent cipher key equipment sends check feedback the time, said main frame sends the instruction of cancellation operation to said intelligent cipher key equipment;
Said main frame is waiting for that receiving said intelligent cipher key equipment transmission checks in the process of information, can send the instruction of cancellation operation at any time to said intelligent cipher key equipment.
Wherein, said main frame specifically comprises:
Link block is used for connecting with said intelligent cipher key equipment;
First receiver module is used to receive the Transaction Information that the user imports, and comprises critical field in the said Transaction Information;
Check information generating module, be used for generating the information of checking according to the critical field of said Transaction Information;
The message generation module is used for saidly checking information, checking information identifier and Transaction Information generates transaction message;
First sending module is used to send said transaction message to said intelligent cipher key equipment;
Check receiver module, be used to receive the feedback of checking that said intelligent cipher key equipment sends.
The signature sending module is used to send said digital signature and said transaction message to said server.
Cancellation operation sending module is used for sending to said intelligent cipher key equipment the instruction of cancellation operation;
The receiver module of makeing mistakes is used to receive the information that the operation of said intelligent cipher key equipment report has been cancelled;
The checking receiver module is used to receive the information that comprises the digital signature authentication failure that said server is sent.
Wherein, the said information generating module of checking is to form the information of checking with said critical field, and this is checked information and extracts according to checking identifier.
Wherein, said intelligent cipher key equipment specifically comprises:
Second receiver module is used to receive the transaction message that said main frame sends and is used to receive the feedback of checking that the user sends;
First extraction module is used for extracting the information of checking of transaction message;
First checks module, is used to notify the user to check checking information;
First signature blocks is used for when receiving the affirmation signal that the user sends, said transaction message being carried out digital signature;
Second sending module is used for the digital signature of said signature blocks is sent to main frame as checking feedback; Also be used for when receiving the information that the information of checking that the user sends makes mistakes, check the information that information makes mistakes and send to main frame as checking feedback with said;
The cancellation operational module is used for when receiving the cancellation operational order of main frame transmission, and cancellation is operated and cancelled to main frame report operation.
Wherein, said second receiver module does not receive the feedback of checking that the user sends in the time of making an appointment;
Then said cancellation operational module also is used to cancel current operation and cancels to main frame report operation.
Wherein, the transaction message of said second receiver module reception comprises the information of checking, checks information identifier and Transaction Information; Said first extraction module is to extract the information of checking according to checking information identifier.
Wherein, the said module of checking comprises:
Display unit is used for showing the said information of checking through display, and waits for user input signal; Perhaps
Broadcast unit is used for playing the said information of checking through speech player, and waits for user input signal.
Wherein, said intelligent cipher key equipment also comprises:
Branch's module is used for comprising new line when symbol when the said information of checking, and the new line symbol that runs into is carried out new line;
Then said display unit shows through the information of checking that display will pass through after the module new line of said branch.
Wherein, said server specifically comprises:
The 3rd receiver module is used to receive said digital signature and the transaction message that said main frame is sent, and comprises the information of checking in the said transaction message, checks information identifier and Transaction Information;
The signature verification module is used for said digital signature is verified;
Second extraction module is used for when said signature verification module verification is successful, from said transaction message, extracting the information of checking;
Second checks module, is used for the said information of checking that said extraction module extracts is verified;
The checking sending module is used for when the signature verification module verification is failed, and the information that will comprise the digital signature authentication failure sends to main frame.
Wherein, said second extraction module is to extract the information of checking according to checking information identifier.
Wherein, comprise critical field in the transaction message that said the 3rd receiver module receives; Said second checks module comprises:
Extraction unit is used for extracting the critical field of said transaction message;
Component units is used for forming checking with said critical field and checks information;
Judging unit is used to judge whether information is checked in said checking identical with the information of checking of said extraction, when the result who judges is identical, checks the Information Authentication success; Otherwise, check the Information Authentication failure; Perhaps
Converting unit is used for the information translation of checking of said extraction is become corresponding critical field;
Judging unit is used for judging whether the critical field that said corresponding critical field and said transaction message comprise is identical, when the result who judges be identical, checks Information Authentication successfully; Otherwise, check the Information Authentication failure.
The method of the signature that the embodiment of the invention provides, equipment and system through be employed in the transaction message that receives carried out digital signature before; Carry out the technological means that interactive means makes the user check key message, overcome in the prior art, before the user carries out digital signature; Key message is distorted; The technical problem that digital signature is falsely used, and then obtained the digital signature that can prevent the user and falsely used, the technique effect of data information security property improved.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the FB(flow block) of the method for the embodiment of the invention 1 signature;
Fig. 2 is the block diagram of the equipment of the embodiment of the invention 2 signatures;
Fig. 3 is the block diagram of the system of the embodiment of the invention 3 signatures.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Embodiment 1
Situation when present embodiment is USB Key with the intelligent cipher key equipment is under the example, specifies a kind of method of signature.In embodiments of the present invention; Made an appointment between client host, USB Key and the server three and checked information identifier; Have output device and button on the wherein above-mentioned USB Key, wherein output device can be the liquid crystal display screen display, also can be voice announcer.
As shown in Figure 1, this method comprises:
101, client host and USB Key connect, and wait for the Transaction Information of user's input.
102, client host receives the Transaction Information of user's input, and forms the information of checking with the critical field in the Transaction Information.
In the present embodiment, critical field is: change account number, name in an account book and the amount of money in the business datum over to.
103, client host is according to above-mentionedly checking information, check information identifier and above-mentioned Transaction Information generates transaction message, and the transaction message of above-mentioned generation is sent to USB Key, and waits for and receive the feedback of checking that USB Key sends.
In embodiments of the present invention, it is following that client host generates and issue the form of transaction message of USB Key:
Figure GDA0000136236560000111
Check the concrete form of information identifier and do not limit, preferably use the XML form in the present embodiment, and this is checked information identifier and is specially<displayInfo>, check information for from<displayInfo>Begin afterwards to</DisplayInfo>Data content before finishing.Can know through above-mentioned transaction message that so the information of checking in the present embodiment is specially:
Account number: 4367420037465985234; Name in an account book: Zhang San; The amount of money: 134.22
104, USB Key receives above-mentioned transaction message and it is resolved.
105, USB Key extracts the information of checking according to checking the transaction message of information identifier after resolving.
In present embodiment 104, extract according to checking information identifier that to check information specifically as noted above from the transaction message that receives.
106, if the output device of USB Key is a voice announcer, then go out the above-mentioned information of checking, and wait for user input signal through voice broadcast, if user's input is confirmation, then carry out 107, if user's input is error message, then carry out 108; If the output device of USB Key is the liquid crystal display screen display, then the above-mentioned information of checking is shown, and wait for user input signal through display; If the user is through confirming button input validation information; Then carry out 107, if the user then carries out 108 through cancellation button input error message.
Present embodiment 106 can also comprise: if USB Key does not receive the information of user's input in the time of making an appointment, then USB Key cancels current operation and cancels to client host report operation.
In present embodiment 106, user's input validation information can be to import through the affirmation button on the USB Key;
It can be to import through the cancellation button on the USB Key that the user imports error message.
Especially; In the present embodiment 106 when the output device of USB Key is the liquid crystal display screen display; The display format of the information of checking on liquid crystal display screen depends on client host, and in checking information, includes new line when symbol, promptly " r "; Then to run into each n all carry out the new line operation, and the information of checking that will carry out the new line operation is presented on the liquid crystal display screen.
In the present embodiment, can write when checking the code of information,
Add in " account number: 4367420037465985234 " back " r "
Add in " name in an account book: Zhang San " back " r "
Add in " amount of money: 134.22 " back " r ", so correspondingly, on liquid crystal display screen, show will for:
Account number: 4367420037465985234
Name in an account book: Zhang San
The amount of money: 134.22
In addition; Can also be when the output device of USB Key is the liquid crystal display screen display in the present embodiment 106 with the mode of making an appointment to checking information conversion, said mode of making an appointment can be: for example, writing when checking the code of information; With first ": " and " r " between part as account be shown in first the row; Confirm voluntarily by USB Key with the category of language of delegation's prompt text, so correspondingly, show on the liquid crystal display screen of USB Key can also for:
Account:4367420037465985234
Name: Zhang San
Amount:134.22
107, USB Key carries out digital signature to above-mentioned transaction message, and the digital signature that obtains is sent to client host; And carry out 109.
In present embodiment 107, the algorithm that USB Key carries out digital signature to transaction message can be HASH algorithm or public key algorithm.
108, USB Key sends to client host and checks the information that information is made mistakes,
1081; Client host sends the instruction of cancellation operation to USB Key; USB Key receives after the instruction of this cancellation operation the cancellation operation and cancels to client host report operation, and client host receives to point out after the information that the operation of said intelligent cipher key equipment report cancelled makes mistakes.
The step 104 of foregoing description can also comprise an asynchronous trigger process in the middle of the step 108 in the present embodiment, and promptly client host receives in the process of checking feedback that USB Key sends and can carry out 1081 at any time in wait.
109, client host receives the digital signature that USB Key sends, and this digital signature and transaction message are sent to server.
110, server receives transaction message and the digital signature that client host is sent, and the digital signature that receives is verified, if verify successfully, then carries out 111; Otherwise carry out 112.
In present embodiment 110; The method that server is verified digital signature is specially: server uses the algorithm identical with USB Key that the transaction message that receives is carried out digital signature, obtains new digital signature, and whether the new digital signature that relatively obtains again is consistent with the digital signature that receives; If it is consistent; Then signature verification success, if inconsistent, then signature verification failure.
111, server extracts from the transaction message that receives and checks information according to checking information identifier, and whether the information of checking extracted of checking is consistent with critical field again, if the result of checking is a unanimity, represents then that to check Information Authentication successful, follow-up execution 1121; Otherwise carry out 112.
In present embodiment 111; Whether consistent method can be the information of checking that server authentication is extracted with critical field: server end extracts critical fielies such as account number, user name and amount information from transaction message; And according to the mode of making an appointment said critical field is formed checking and check information, whether information is checked in the checking of relatively forming again consistent with the information of checking of extraction;
Perhaps; Whether consistent method can also be the information of checking that server authentication is extracted with critical field: server extracts critical fielies such as account number, user name and amount information from check information according to the mode of making an appointment, and whether the critical field of relatively extraction is consistent with critical field in the transaction message.
112, server end sends corresponding error message to client host.
1121, finish the checking flow process.
The method of the signature that present embodiment provides has following beneficial effect: in the signature flow process, increased the man-machine interaction compound nucleus process; Make intelligent cipher key equipment before the combine digital signature, can pass through checking of user; Reduced digital signature by possibility that other people falsely use; Improved the fail safe of data message, and in the transaction message of present embodiment, the information of checking is separated the extensibility that expression helps improving system with Transaction Information.
Embodiment 2
Corresponding to the method for above-mentioned enforcement 1, present embodiment provides a kind of client host, so that the realization of said method.As shown in Figure 2, this client host comprises: link block 21, and receiver module 22 is checked information generating module 23; Message generation module 24, sending module 25 is checked receiver module 26, signature sending module 27; The receiver module 28 of makeing mistakes, cancellation operation sending module 29, checking receiver module 210.
Link block 21 is used for and intelligent cipher key equipment, and promptly USB Key connects; Receiver module 22 is used to receive the Transaction Information of user's input, comprises critical field in the said Transaction Information; Checking information generating module 23 is used for generating the information of checking according to the critical field of said Transaction Information; Message generation module 24 is used for saidly checking information, checking information identifier and Transaction Information generates transaction message; Sending module 25 is used to send said transaction message to USB Key; Check receiver module 26 and be used to receive the feedback of checking that USB Key sends.
Wherein, checking information generating module 23 is to form the information of checking with said critical field.
In the time of making an appointment, receive USB Key and send and to check feedback if check receiver module 26, and this is when checking feedback and being specially digital signature, signature sending module 27 is used to send said digital signature and said transaction message to server; If check receiver module 26 receives USB Key transmission in the time of making an appointment the feedback of checking; And when this is checked feedback and is specially the information that the information of checking makes mistakes; Cancellation operation sending module 29 is used to receive make mistakes after the information that receiver module 28 receives and sends the instruction of cancellation operation to USB Key; Cancellation operation sending module 29 also be used for said client host wait receive that intelligent cipher key equipment sends check feedback the time, send the cancellation operational order to USB Key at any time; The receiver module 28 of makeing mistakes is used to receive the information that USB Key report operation has been cancelled; Checking receiver module 210 is used for the information that comprises the digital signature authentication failure that reception server is sent.
In order to cooperate the method among the embodiment 1; Present embodiment also continues to provide a kind of intelligent cipher key equipment, and is that USB Key is an example with this intelligent cipher key equipment, in the present embodiment; The cancellation button is arranged on the USB Key, and the user imports the information that the information of checking is made mistakes through pressing the cancellation button.If when not cancelling button on the USB Key, then the user can also send the information that information is made mistakes of checking to USB Key through the software in the client host.As shown in Figure 2, this USB Key comprises: receiver module 31, and parsing module 32, extraction module 33 is checked module 34, confirms module 35, cancellation module 36, signature blocks 37, sending module 38, cancellation operational module 39, branch's module 310.
Receiver module 31 is used to receive transaction message that client host sends and the feedback of checking that is used to receive user's input; Parsing module 32 is used for the transaction message of sending from client host that receives is resolved; Extraction module 33 is used for extracting the information of checking from the transaction message after parsing module 32 parsings; Checking module 34 is used to notify the user to check checking information; Confirm that module 35 is used for when the information of checking is correct, the affirmation information that the input user presses; Cancellation module 36 is used for when checking information errors, the error message that the input user presses; Signature blocks 37 is used for when receiving the affirmation information of user through confirming module 35 and send in the time that USB Key is making an appointment, said transaction message being carried out digital signature; Sending module 38 is used for the digital signature of signature blocks 37 is sent to client host as checking feedback; Sending module 38 also is used for when receiving the error message that the user sends through cancellation module 36 in the time that USB Key is making an appointment, and the information that the information of checking is made mistakes sends to client host as checking to feed back; Sending module 38 also is used for after receiving the cancellation operational order that client host sends, the information of having cancelled to the client host transmit operation; Cancellation operational module 39 is used for when receiving the cancellation operational order of client host transmission, and cancellation is operated and cancelled to client host report operation; If USB Key does not receive the feedback of checking of user's transmission in the time of making an appointment, then cancel operational module 38 and also be used for the cancellation operation, and cancel to client host report operation.
Wherein, the transaction message of 31 receptions of the receiver module in the present embodiment comprises the information of checking, checks information identifier and Transaction Information; Said extraction module 33 is to extract the information of checking according to checking information identifier.
The module 34 of checking in the present embodiment comprises: display unit 341, perhaps broadcast unit 342.
Display unit 341 is used for showing the said information of checking through display, and waits for user input signal; Broadcast unit 342 is used for playing the said information of checking through speech player, and waits for user input signal.
Branch's module 310 in the present embodiment is used for comprising new line when symbol when the said information of checking, and the new line symbol that runs into is carried out new line; When checking module 34 and comprise display unit 341, display unit 341 shows through the information of checking that display will pass through after branch's module 310 new lines.
In order to cooperate the method in the foregoing description 1, present embodiment continues to provide a kind of server, and is as shown in Figure 2, and this server comprises: receiver module 41, and signature verification module 42, extraction module 43 is checked module 44, checking sending module 45.
Receiver module 41 is used to receive client host and sends digital signature and transaction message, comprises the information of checking in the said transaction message, checks information identifier and Transaction Information; Signature verification module 42 is used for said digital signature is verified; Extraction module 43 is used for when signature verification module 42 is verified successfully, from said transaction message, extracts the information of checking; Checking module 44 is used for the said information of checking that extraction module 43 extracts is verified; Checking sending module 45 is used for when signature verification module 42 authentication faileds, and the information that will comprise the digital signature authentication failure sends to client host.
Wherein, extraction module 43 is to extract the information of checking according to checking information identifier.
In the present embodiment, also comprise critical field in the transaction message that receiver module 41 receives; Correspondingly, the module 44 of checking in the present embodiment comprises: extraction unit 441, component units 442, judging unit 443.
Extraction unit 441 is used for extracting the critical field of said transaction message; Component units 442 is used for forming checking with said critical field and checks information; Judging unit 443 is used to judge whether information is checked in said checking identical with the information of checking of said extraction, when the result who judges is identical, checks the Information Authentication success; Otherwise, check the Information Authentication failure.
Especially, in another embodiment of the present invention, check module 44 and comprise: converting unit and judging unit.Wherein, converting unit is used for the information translation of checking of said extraction is become corresponding critical field; Judging unit is used for judging whether the critical field that said corresponding critical field and said transaction message comprise is identical, when the result who judges be identical, checks Information Authentication successfully; Otherwise, check the Information Authentication failure.
The client host that provides in the present embodiment, between intelligent cipher key equipment and the server three made an appointment check information identifier after, just can carry out each module of foregoing description and the function of unit.
Embodiment 3
Present embodiment discloses a kind of system of signature, and is as shown in Figure 3, and this system comprises: client host 20, USB Key30 and server 40.
At above-mentioned client host 20, to have made an appointment between USB Key30 and server 40 threes and checked after the information identifier, client host 20 is used for connecting with USB Key30; And the Transaction Information of reception user input; Comprise critical field in the said Transaction Information, after receiving said Transaction Information, generate the information of checking according to the critical field in the said Transaction Information; With saidly checking information, checking information identifier and Transaction Information generates transaction message; Then, the said transaction message that generates is sent to USB Key30, and wait for and receive the feedback of checking that USB Key30 sends; USB Key30 is used to receive the transaction message that client host 20 is sent, and extracts the information of checking in the said transaction message, after information is checked in extraction; Notify the user to check to checking information; When receiving the affirmation information that the user sends, said transaction message is carried out digital signature, and digital signature is sent to client host 20 as checking feedback; When receiving the error message that the user sends; The information that the information of checking is made mistakes sends to client host 20 as checking feedback, and when receiving the instruction of the cancellation operation that client host 20 sends, the cancellation operation also will be operated the information of having cancelled and send to client host 20; Server 40 is used to receive client host 20 and sends digital signature and transaction message; Comprise the information of checking in the said transaction message, check information identifier and Transaction Information; After receiving above-mentioned digital signature, said digital signature is verified, when the digital signature authentication success; From the transaction message that receives, extract the information of checking; And the information of checking of said extraction verified when digital signature authentication was failed, the information that will comprise the digital signature authentication failure sent to client host 20.
In addition, in the present embodiment, when USB Key30 sent digital signature to client host 20, client host 20 also was used to receive the digital signature that USB Key30 sends, and said digital signature and transaction message are sent to server 40.
When USB Key30 sends when comprising cue that the information of checking makes mistakes to client host 20; This client host 20 also is used to receive the information that the information of checking that USB Key30 sends is made mistakes; Send the instruction of cancellation operation to USB Key30, and after the information that the operation that receives USB Key30 transmission has been cancelled, correspondingly handle.
When do not receive in the time that USB Key30 is making an appointment that the user sends check feedback the time, USB Key30 cancellation operation is also cancelled to client host 20 report operations.
The scheme that present embodiment provides is through before being employed in digital signature; Carry out the technical scheme that man-machine exchange is checked; The digital signature that has solved user in the prior art is by technical problem that other people falsely use; And then obtained and can prevent that the digital signature of validated user from being falsely used by other people, improved the technique effect of the fail safe of data message.
In addition; One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through program; Described program can be stored in one by one in the computer read/write memory medium, and this program can comprise the flow process of aforesaid each method, equipment and system embodiment when carrying out.
Description through above execution mode; The those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform; Can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding; The part that technical scheme of the present invention contributes to prior art in essence in other words can be come out with the embodied of software product; This computer software product is stored in the storage medium that can read; Like the floppy disk of computer, hard disk or CD etc. comprise that some instructions are used so that an intelligent cipher key equipment is carried out the described method of each embodiment of the present invention.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; Can expect easily changing or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by said protection range with claim.

Claims (22)

1. the method for a signature is characterized in that, made an appointment between main frame, intelligent cipher key equipment and the server three check information identifier after, this method comprises:
Said main frame and said intelligent cipher key equipment connect;
Said main frame receives the Transaction Information of user's input, comprises critical field in the said Transaction Information;
Said main frame generates the information of checking according to the critical field in the said Transaction Information;
Said main frame contains the said information of checking according to said information, said information identifier and the said Transaction Information generation transaction message checked checked in the said transaction message;
Said main frame sends to said intelligent cipher key equipment with said transaction message;
Said host waits receives the feedback of checking of said intelligent cipher key equipment transmission;
Said intelligent cipher key equipment receives the transaction message that said main frame is sent;
Said intelligent cipher key equipment extracts from the said transaction message that receives and checks information;
Said intelligent cipher key equipment notifies the user to check checking information;
If said intelligent cipher key equipment receives the affirmation information that the user sends in the time of making an appointment, then said intelligent cipher key equipment carries out digital signature to said transaction message;
Said digital signature is sent to main frame as checking feedback;
If said intelligent cipher key equipment receives the error message that the user sends in the time of making an appointment, the information that the information of then will checking is made mistakes sends to main frame as checking feedback;
If said main frame receives the feedback of checking that intelligent cipher key equipment sends in the time of making an appointment, and this is when checking feedback and being specially digital signature, and said main frame sends said digital signature and said transaction message to said server;
Said server receives digital signature and the transaction message that main frame is sent, and comprises the information of checking in the said transaction message, checks information identifier and Transaction Information;
Said server is verified said digital signature;
If the information of checking is then extracted in the digital signature authentication success from said transaction message;
Said server is verified the said information of checking;
If the digital signature authentication failure, the information that then will comprise the digital signature authentication failure sends to main frame.
2. the method for signature according to claim 1; It is characterized in that; If said main frame receives the feedback of checking that intelligent cipher key equipment sends in the time of making an appointment, and this is when checking feedback and being specially the information that the information of checking makes mistakes, and then this method also comprises:
Said main frame sends the cancellation operational order to said intelligent cipher key equipment;
Said intelligent cipher key equipment shut-down operation, and the information of having cancelled to said main frame transmit operation;
Said main frame receives the information that the operation of said intelligent cipher key equipment report has been cancelled.
3. the method for signature according to claim 1 is characterized in that, if said main frame does not receive the feedback of checking of intelligent cipher key equipment transmission in the time of making an appointment,
Then this method also comprises:
Said main frame sends the cancellation operational order to said intelligent cipher key equipment;
Said intelligent cipher key equipment shut-down operation, and the information of having cancelled to said main frame transmit operation;
Said main frame receives the information that the operation of said intelligent cipher key equipment report has been cancelled.
4. the method for signature according to claim 1 is characterized in that, this method also comprises:
Said main frame sends the cancellation operational order to said intelligent cipher key equipment at any time when waiting for that receiving the intelligent cipher key equipment transmission checks feedback information;
Said intelligent cipher key equipment cancellation is operated and is cancelled to main frame report operation;
Said main frame receives the information that the operation of said intelligent cipher key equipment report has been cancelled.
5. the method for signature according to claim 1 is characterized in that, this method also comprises:
The information that comprises the digital signature authentication failure that said main frame reception server is sent.
6. the method for signature according to claim 1 is characterized in that, this method also comprises:
If said intelligent cipher key equipment does not receive the feedback of checking that the user sends in the time of making an appointment, then said intelligent cipher key equipment shut-down operation, and the information of having cancelled to said main frame transmit operation.
7. the method for signature according to claim 6 is characterized in that,
Said transaction message comprises the information of checking, checks information identifier and Transaction Information; Said intelligent cipher key equipment extracts the information of checking from said transaction message method is specially:
Said intelligent cipher key equipment extracts from said transaction message and checks information according to checking information identifier.
8. the method for signature according to claim 7 is characterized in that, the said user of notice checks and comprises checking information:
Said intelligent cipher key equipment shows the said information of checking through display; Wait for user input signal; Perhaps,
Said intelligent cipher key equipment is play the said information of checking through speech player; Wait for user input signal.
9. the method for signature according to claim 8 is characterized in that, this method also comprises:
When said checking comprises new line when symbol in the information, the new line symbol that runs into is carried out new line;
Then saidly show that through display the said information of checking is: said intelligent cipher key equipment shows through the information of checking of display after with said new line.
10. the method for signature according to claim 1 is characterized in that,
Comprise critical field in the said transaction message;
Said the said information of checking verified and comprised:
Said server extracts critical field from said transaction message;
Form checking with said critical field and check information;
Judge whether information is checked in said checking identical with the information of checking of said extraction;
If the result who judges is identical, then check the Information Authentication success;
Otherwise, check the Information Authentication failure; Perhaps
Server becomes corresponding critical field with the information translation of checking of said extraction;
Judge whether the critical field that comprises in said corresponding critical field and the said transaction message is identical;
If the result who judges is identical, then check the Information Authentication success;
Otherwise, check the Information Authentication failure.
11. a signature system is characterized in that, comprising: main frame, intelligent cipher key equipment and server, and made an appointment between the three and checked information identifier;
Said main frame is used for connecting with intelligent cipher key equipment, and receives the Transaction Information of user's input; Comprise critical field in the said Transaction Information; After receiving said Transaction Information, generate the information of checking according to the critical field in the said Transaction Information, with saidly checking information, checking information identifier and Transaction Information generation transaction message; Send said transaction message to intelligent cipher key equipment, and wait for and receive the feedback of checking that said intelligent cipher key equipment sends;
Said intelligent cipher key equipment is used to receive the transaction message that main frame is sent, and extracts the information of checking in the said transaction message; After information is checked in extraction, notify the user to check, when receiving the affirmation signal that the user sends to checking information; Said transaction message is carried out digital signature; And said digital signature sent to main frame as checking feedback, when receiving the rub-out signal that the user sends, the information that the information of checking is made mistakes sends to main frame as checking to feed back; When receiving the cancellation operational order of main frame transmission, cancellation is operated and is cancelled to main frame report operation;
Said server is used to receive digital signature and the transaction message that main frame is sent, and comprises the information of checking in the said transaction message, checks information identifier and Transaction Information; Said digital signature is verified; When the digital signature authentication success, from said transaction message, extract and check information, and the information of checking of said extraction is verified; When digital signature authentication was failed, the information that will comprise the digital signature authentication failure sent to main frame.
12. signature system according to claim 11 is characterized in that,
When said intelligent cipher key equipment sent digital signature to main frame, said main frame also was used to receive the digital signature that intelligent cipher key equipment is sent, and said digital signature and transaction message are sent to server;
When said intelligent cipher key equipment sends information that the information of checking makes mistakes to main frame; Said main frame also is used to receive the information that the information of checking that intelligent cipher key equipment sends is made mistakes; And send the instruction of cancellation operation, and receive the information that said intelligent cipher key equipment report operation has been cancelled to said intelligent cipher key equipment;
When do not receive in the time that said main frame is being made an appointment that said intelligent cipher key equipment sends check feedback the time, said main frame sends the instruction of cancellation operation to said intelligent cipher key equipment;
Said main frame is waiting for that receiving said intelligent cipher key equipment transmission checks in the process of feedback, sends the instruction of cancellation operation at any time to said intelligent cipher key equipment.
13. signature system according to claim 12 is characterized in that, said main frame specifically comprises:
Link block is used for connecting with said intelligent cipher key equipment;
Receiver module is used to receive the Transaction Information that the user imports, and comprises critical field in the said Transaction Information;
Check information generating module, be used for generating the information of checking according to the critical field of said Transaction Information;
The message generation module is used for saidly checking information, checking information identifier and Transaction Information generates transaction message;
Sending module is used to send said transaction message to said intelligent cipher key equipment;
Check receiver module, be used to receive the feedback of checking that said intelligent cipher key equipment sends;
The signature sending module is used to send said digital signature and said transaction message to said server;
Cancellation operation sending module is used for sending to said intelligent cipher key equipment the instruction of cancellation operation;
The receiver module of makeing mistakes is used to receive the information that the operation of said intelligent cipher key equipment report has been cancelled;
The checking receiver module is used to receive the information that comprises the digital signature authentication failure that said server is sent.
14. signature system according to claim 13 is characterized in that,
The said information generating module of checking is to form the information of checking with said critical field, and this is checked information and extracts according to checking information identifier.
15. signature system according to claim 12 is characterized in that, said intelligent cipher key equipment specifically comprises:
Receiver module is used to receive the transaction message that said main frame sends and is used to receive the feedback of checking that the user sends;
Parsing module is used for the transaction message of sending from said main frame that receives is resolved;
Extraction module is used for extracting the information of checking of said transaction message;
Check module, be used to notify the user that the said information of checking is checked;
Confirm module, be used for when the said information of checking when correct the affirmation information that the input user presses;
The cancellation module is used for when said when checking information errors the error message that the input user presses;
Signature blocks is used for when receiving the affirmation signal that the user sends, said transaction message being carried out digital signature;
Sending module is used for the digital signature of said signature blocks is sent to main frame as checking feedback; Also be used for when receiving the information that the information of checking that the user sends makes mistakes, check the information that information makes mistakes and send to main frame as checking feedback with said;
The cancellation operational module is used for when receiving the cancellation operational order of main frame transmission, and cancellation is operated and cancelled to main frame report operation.
16. signature system according to claim 15 is characterized in that, if said receiver module does not receive the feedback of checking that the user sends in the time of making an appointment;
Then said cancellation operational module also is used to cancel current operation and cancels to main frame report operation.
17. signature system according to claim 16 is characterized in that,
The transaction message that said receiver module receives comprises the information of checking, checks information identifier and Transaction Information;
Said extraction module is to extract the information of checking according to checking information identifier.
18. signature system according to claim 17 is characterized in that, the said module of checking comprises:
Display unit is used for showing the said information of checking through display, and waits for user input signal; Perhaps
Broadcast unit is used for playing the said information of checking through speech player, and waits for user input signal.
19. signature system according to claim 18 is characterized in that, said intelligent cipher key equipment also comprises:
Branch's module is used for comprising new line when symbol when the said information of checking, and the new line symbol that runs into is carried out new line;
Then said display unit shows through the information of checking that display will pass through after the module new line of said branch.
20. signature system according to claim 12 is characterized in that, said server specifically comprises:
Receiver module is used to receive said digital signature and the transaction message that said main frame is sent, and comprises the information of checking in the said transaction message, checks information identifier and Transaction Information;
The signature verification module is used for said digital signature is verified;
Extraction module is used for when said signature verification module verification is successful, from said transaction message, extracting the information of checking;
Check module, be used for the said information of checking that said extraction module extracts is verified;
The checking sending module is used for when the signature verification module verification is failed, and the information that will comprise the digital signature authentication failure sends to main frame.
21. signature system according to claim 20 is characterized in that,
Said extraction module is to extract the information of checking according to checking information identifier.
22. signature system according to claim 21 is characterized in that,
Comprise critical field in the transaction message that said receiver module receives; The said module of checking comprises:
Extraction unit is used for extracting the critical field of said transaction message;
Component units is used for forming checking with said critical field and checks information;
Judging unit is used to judge whether information is checked in said checking identical with the information of checking of said extraction, when the result who judges is identical, checks the Information Authentication success; Otherwise, check the Information Authentication failure; Perhaps
Converting unit is used for the information translation of checking of said extraction is become corresponding critical field;
Judging unit is used for judging whether the critical field that said corresponding critical field and said transaction message comprise is identical, when the result who judges be identical, checks Information Authentication successfully; Otherwise, check the Information Authentication failure.
CN2009100812963A 2009-03-31 2009-03-31 Signature method, device and system thereof Active CN101588364B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100812963A CN101588364B (en) 2009-03-31 2009-03-31 Signature method, device and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100812963A CN101588364B (en) 2009-03-31 2009-03-31 Signature method, device and system thereof

Publications (2)

Publication Number Publication Date
CN101588364A CN101588364A (en) 2009-11-25
CN101588364B true CN101588364B (en) 2012-08-08

Family

ID=41372427

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100812963A Active CN101588364B (en) 2009-03-31 2009-03-31 Signature method, device and system thereof

Country Status (1)

Country Link
CN (1) CN101588364B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102012925B (en) * 2010-11-30 2012-09-05 中国工商银行股份有限公司 Page data generation method, data reviewing method and data exchange entry system
CN102891842A (en) * 2012-09-07 2013-01-23 北京天龙融和软件有限公司 Security authentication method and system
CN102983973B (en) * 2012-11-02 2018-11-30 天地融科技股份有限公司 Transaction system and method for commerce
CN104166918B (en) * 2014-08-20 2017-08-25 齐鲁工业大学 Safe payment method based on audio button
CN105471580B (en) * 2014-09-11 2021-12-24 苏州海博智能系统有限公司 Signature rechecking method and device
CN104933811B (en) * 2015-05-13 2017-09-29 深圳怡化电脑股份有限公司 Outputting note of ATM apparatus control method and device
CN104851206A (en) * 2015-05-25 2015-08-19 华北电力大学 USBKEY (universal serial bus key)-based online electric charge payment system
CN105681281B (en) * 2015-12-30 2019-02-12 北京金科联信数据科技有限公司 Encryption device based on embedded OS
CN106059773B (en) * 2016-05-27 2019-08-02 深圳市星龙基电子技术有限公司 Digital signature method and system
CN106960144B (en) * 2017-04-11 2018-10-02 北京深思数盾科技股份有限公司 Information security electronic device and its method for carrying out data processing
CN109345193A (en) * 2018-09-06 2019-02-15 平安科技(深圳)有限公司 Declaration form based on information security saves checking method and terminal device from damage

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209446B2 (en) * 1999-09-27 2007-04-24 Cisco Technology, Inc. Methods and apparatus for controlling a data stream using a host agent acting on behalf of a host computer
CN101183456A (en) * 2007-12-18 2008-05-21 中国工商银行股份有限公司 Encryption device, system and method for encryption, identification using the encryption device
CN101184107A (en) * 2007-12-17 2008-05-21 北京飞天诚信科技有限公司 Network transaction system and method for executing network transaction using the system
CN101212301A (en) * 2007-12-21 2008-07-02 北京飞天诚信科技有限公司 Authentication device and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209446B2 (en) * 1999-09-27 2007-04-24 Cisco Technology, Inc. Methods and apparatus for controlling a data stream using a host agent acting on behalf of a host computer
CN101184107A (en) * 2007-12-17 2008-05-21 北京飞天诚信科技有限公司 Network transaction system and method for executing network transaction using the system
CN101183456A (en) * 2007-12-18 2008-05-21 中国工商银行股份有限公司 Encryption device, system and method for encryption, identification using the encryption device
CN101212301A (en) * 2007-12-21 2008-07-02 北京飞天诚信科技有限公司 Authentication device and method

Also Published As

Publication number Publication date
CN101588364A (en) 2009-11-25

Similar Documents

Publication Publication Date Title
CN101588364B (en) Signature method, device and system thereof
CN101562525B (en) Method, device and system for signature
CN103635912B (en) Method and apparatus for encoding and decoding data transmitted to an authentication token
CN106533690B (en) Digital asset processing method adopting block chain asset processing terminal
CN108764848B (en) Electronic contract signing method and system
CN101599836B (en) Signature method, signature equipment and system
CN101540677B (en) Method, apparatus and system for signiture
CN101335755B (en) Method for enhancing security verified by information security device using acoustic information
CN101620705A (en) Safety certificate method and system for Internet banking
CN100574328C (en) Verification System and authentication method
CN105678535A (en) Payment method and device
CN111835514A (en) Method and system for realizing safe interaction of front-end and back-end separated data
CN101763477B (en) Signature method of intelligent secret key device
CN101645890B (en) Method, system and corresponding equipment for verifying information source integrality
KR101577057B1 (en) Method for Non-faced Financial Transaction by Using Verification of Transaction Step
Alzomai et al. Display security for online transactions: SMS-based authentication scheme
US20190295083A1 (en) The method for executing a digital value transfer transaction and the digital value transfer system for its implementation
CN101807237B (en) Signature method and device
KR101495914B1 (en) System and method for providing internet banking service
CN111291014B (en) Block chain consensus method, apparatus and storage medium
CN107318100A (en) Method, apparatus and system for binding phone number
CN102195943B (en) Safety information interaction method and system
CN115001806B (en) Mobile phone bank login authorization method and device
CN108052842B (en) Signature data storage and verification method and device
WO2016013048A1 (en) Method and system for generating signing code used for secure money transfer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address

Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085

Patentee after: Feitian Technologies Co.,Ltd.

Country or region after: China

Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing

Patentee before: Feitian Technologies Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address