CN105376067A - Method and system for digital signatures - Google Patents
Method and system for digital signatures Download PDFInfo
- Publication number
- CN105376067A CN105376067A CN201510957701.9A CN201510957701A CN105376067A CN 105376067 A CN105376067 A CN 105376067A CN 201510957701 A CN201510957701 A CN 201510957701A CN 105376067 A CN105376067 A CN 105376067A
- Authority
- CN
- China
- Prior art keywords
- instruction
- usbkey
- host computer
- performs
- judge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0633—Lists, e.g. purchase orders, compilation or processing
- G06Q30/0635—Processing of requisition or of purchase orders
- G06Q30/0637—Approvals
Abstract
The invention provides a method and a system for digital signatures. The system comprises an USBKEY and an upper computer; the USBKEY comprises a control module, a communication module, a display module, a timer module and a button input module. The method and the system for digital signals do not allow to receive other orders except the appointed orders after the USBKEY starts up the screen display, do not allow to execute the orders which are irrelevant to the other transactions, guarantees the data to be what the client sign for, and guarantees the safety of the user data and prevents the tricked signing. The upper computer does not transmit the data order to obtain the signing result after the signing process is finished for a while, or the USBKEY automatically eliminates the data after the upper computers obtains the data of the signing result, which guarantees the real safety of the transaction data, prevents the leakage of the sensitive data and prevents the high level attack to the USBKEY.
Description
Technical field
The application relates to the communications field, particularly relates to a kind of digital signature method and system.
Background technology
Along with the fast development of information industry, the development of information technology brings great convenience not only to the life of people, also fundamentally change the life style of people, behavior and values, simultaneously information technology also creates huge and deep effect to economy and social development.
USBKEY is a kind of product carrying out secure payment Network Based, can prove the non repudiation of party to transaction data, employing be a kind of electronic signature mode.During digital signature, the Transaction Information of user can show on screen, and user confirms Transaction Information, thus completes whole process of exchange.
In digital signature procedure, the transaction data of user needs to confirm on screen, even if after user has confirmed transaction data, assailant may send new transaction data to user, when user does not find that transaction data changes, the transaction that also non-user is real that after button, USBKEY performs, but assailant sends to the Transaction Information of user.And after USBKEY inside completes digital signature, can signature result be stored in the buffering area of USBKEY, as buffer, rom etc., assailant can utilize the data in chip cutting or alternate manner reading chip, obtains the result of signature.Cause the safety issue of USBKEY.
Summary of the invention
In order to solve the problem, the application provides a kind of digital signature method and system.
The application proposes a kind of digital signature method, comprising:
Step S1: host computer and USBKEY set up escape way;
Step S2: digital signature program starts, screen starts display;
Step S3: judge that whether operation is overtime, if time-out, exit the method, not overtime then continuation performs step S4;
Step S4: host computer sends instruction to USBKEY, USBKEY judge whether the instruction sent is valid instruction, if valid instruction then performs step S5, otherwise exits the method;
Step S5:USBKEY operates by instruction.
Preferably, valid instruction wherein refers to that this instruction meets predetermined instruction type.
Preferably, described step S3: judge that whether operation is overtime, be specially:
Step S301: start timer 1;
Step S302: judge that whether timer 1 is overtime, if otherwise perform step S4, be assert that USBKEY signs unsuccessfully, perform step S303;
Step S303: wait for next step instruction;
Step S304: judge whether host computer sends instruction, if otherwise perform step S303, be perform step S4;
Preferably, described step S4: host computer sends instruction to USBKEY, is specially:
Step S401: send instructions under host computer;
Step S402: judge that whether decision instruction is legal, if it is continues to perform step S403, otherwise assert that USBKEY signs unsuccessfully;
Step S403: judge instruction type, if be acquisition time instruction, then performs step S501, if for performing signature command, then perform step S601, if for obtaining object command, then perform step S701.
Preferred, described step S5:USBKEY operates by instruction, is specially:
If described instruction is acquisition time instruction, then perform following steps:
Step S501: perform and obtain instruction remaining time, return key press time;
Step S502: host computer judges whether to remain key press time in addition, if it is performs step S503, otherwise assert that USBKEY signs unsuccessfully;
Step S503: wait for user key-press;
Step S504: judge user's whether button, if it is perform step S505, otherwise perform step S3;
Step S505: wait for next step instruction;
Step S506: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S505.
If described instruction is acquisition time instruction, then perform following steps:
Step S601: judge USBKEY running status, judges whether user completes button, if it is performs step S602, otherwise performs step S605;
Step S602:USBKEY performs signature command;
Step S603: start timer 2;
Step S604: judge that whether timer 2 is overtime, if it is assert that USBKEY signs unsuccessfully, otherwise performs step S606;
Step S605: generation error code;
Step S606: wait for next step instruction;
Step S607: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S606.
If described instruction for obtaining object command, then performs following steps:
Step S701: judge USBKEY running status, judges whether user completes button, if it is performs step S702, otherwise performs step S706;
Step S702: judge that whether signature command is complete, if it is performs step S703, otherwise performs step S706;
Step S703:USBKEY performs and obtains object command;
Step S704: judge the whether wrong code of USBKEY, if it is performs step S707, otherwise performs step S705;
Step S705: return digital signature result state to host computer, performs step S708;
Step S706: generation error code;
Step S707: return error code to host computer;
Step S708:USBKEY removes data cached.
Preferred, assert that described USBKEY signs unsuccessfully and perform following steps:
Step N1: enter wait state, waits for next step instruction;
Step N2: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step T1.
The application also proposes a kind of digital signature system, comprises host computer and USBKEY, and described system comprises:
Host computer: for setting up escape way with USBKEY, sends instruction to USBKEY, and accepts signature object information or the error code information of USBKEY transmission;
USBKEY: for setting up escape way with host computer, received the instruction of host computer transmission by escape way, whether decision instruction is valid instruction, if valid instruction then performs this instruction and return signature object information to host computer; If disable instruction then sends error message.
Preferably, valid instruction wherein refers to that this instruction meets predetermined instruction type.
Preferably, described USBKEY comprises:
Control module: for setting up escape way with host computer, sends according to host computer the operation that instruction performs corresponding correspondence;
Communication module: for returning signature object information or error code information to host computer;
Display module: for digital signature program at first, screen display relevant information;
Timer module: for judging that according to timer whether operation is overtime;
Keyboard input module: for judging user's whether button.
Preferred, described control module comprises:
Identifying unit: whether legal for judging the instruction that host computer sends, if legal, judges the type of instruction, judges USBKEY running status;
Logical processing unit: for setting up escape way with host computer, and process accordingly respectively according to the instruction type that described identifying unit judges, if be acquisition time instruction, then obtain remaining time, and wait for user key-press, if for performing signature command, then perform signature operation, if for obtaining object command, detect error code, and detection signature result.
Preferably, described host computer comprises:
Determination module: the temporal information for returning according to USBKEY Timer module judges that whether operation is overtime;
Computing module: for setting up escape way with USBKEY;
Communication module: for sending instruction to USBKEY, and the signature object information or the error code information that accept USBKEY transmission.
A kind of digital signature method that the invention described above proposes and system, obtain following technique effect:
1, the application propose a kind of digital signature method and system, by after the display of USBKEY startup screen, do not allow to receive other instructions except some instruction of specifying, do not allow to perform any other and the uncorrelated instruction of transaction, ensure that namely transaction data is signed by real finding, with the safety of user data, what prevent transaction deceives label.
2, the application propose a kind of digital signature method and system, do not send by host computer in a period of time after signature process completes instruction of fetching data to go to obtain signature result, or obtained the data of signature result at host computer after, USBKEY clears data automatically, thus ensure that the safety that transaction data is real, prevent the leakage of sensitive data, the attack for USBKEY higher level can be defendd.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the application, for those of ordinary skill in the art, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the application's digital signature system structural representation;
Fig. 2 is the structural representation of the application USBKEY;
Fig. 3 is the structural representation of the application's host computer;
Fig. 4 is the structural representation of the application USBKEY Timer module;
Fig. 5 is the structural representation of the application USBKEY control module;
Fig. 6 is the schematic flow sheet of the application's digital signature method;
Fig. 7 is the method flow schematic diagram judging in the application's digital signature method that whether operation is overtime;
Fig. 8 is the method flow schematic diagram that in the application's digital signature method, host computer sends instruction to USBKEY;
Fig. 9 is in the application's digital signature method when described instruction is acquisition time instruction, and USBKEY carries out the method flow schematic diagram operated;
Figure 10 is that USBKEY carries out the method flow schematic diagram operated in the application's digital signature method when described instruction is for performing signature command;
Figure 11 is that USBKEY carries out the method flow schematic diagram operated in the application's digital signature method when described instruction is for obtaining object command.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.
The application proposes a kind of digital signature system, and as shown in Figure 1, described system comprises described host computer 11 and USBKEY12, concrete:
Described host computer 11: for setting up escape way with USBKEY12, sends instruction to USBKEY12, and accepts signature object information or the error code information of USBKEY12 transmission.
USBKEY12: for setting up escape way with described host computer 11, and combine digital signature operation, and return signature object information or error message to described host computer 11.
More specifically, described USBKEY12 as shown in Figure 2, comprising:
Control module 21: for setting up escape way with described host computer 11, and send according to host computer the operation that instruction performs corresponding correspondence.
More specifically, as shown in Figure 5, described control module 21 comprises:
Logical processing unit 51: for setting up escape way with host computer, comprise: initialization is carried out to USBKEY12, described host computer 11 sends communication request to USBKEY12, when USBKEY12 receives the communication request of described host computer 11 transmission, authentication request is sent to described host computer 11, identity information is sent to USBKEY12 by described host computer 11, USBKEY12 verifies the identity information that described host computer 11 sends, detect USBKEY12 and whether have the public and private key pair with the coded communication of described host computer 11, if do not generate public and private key pair, PKI is sent to described host computer 11 by USBKEY12, described host computer 11 generates random number as communication key, communication key is encrypted by described host computer 11 PKI of USBKEY12, communication key after public key encryption is sent to USBKEY12 by described host computer 11, after USBKEY12 receives the communication key of encryption, the private key communication key to described encryption corresponding with PKI is decrypted, obtain described host computer 11 communication key, USBKEY12 described host computer 11 communication key and described host computer 11 set up escape way, the instruction type also judged according to described identifying unit processes respectively accordingly, if be acquisition time instruction, then obtain remaining time, and wait for user key-press, if for performing signature command, then perform signature operation, if for obtaining object command, detect error code, and detection signature result.
Identifying unit 52: whether legal for judging the instruction that host computer sends, if legal, judges the type of instruction, judges USBKEY running status.
Concrete, described valid instruction refers to that this instruction meets predetermined instruction type, and such as acquisition time instruction, acquisition object command, performing these three kinds of instructions of signature operation instruction is default valid instruction type.
When in the process in digital signature, when host computer sends to the instruction of USBKEY to be valid instruction, and this valid instruction is acquisition time instruction, performs following method:
Step S501: perform and obtain instruction remaining time, return key press time.
Step S502: host computer judges whether to remain key press time in addition, if it is performs step S503, otherwise assert that USBKEY signs unsuccessfully.
Step S503: wait for user key-press.
Step S504: judge user's whether button, if it is perform step S505, otherwise perform step S3.
Step S505: wait for next step instruction.
Step S506: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S505.
When in the process in digital signature, when host computer sends to the instruction of USBKEY to be valid instruction, and this valid instruction is for performing signature command, performs following steps:
Step S601: judge USBKEY running status, judges whether user completes button, if it is performs step S602, otherwise performs step S605.
Step S602:USBKEY performs signature command.
Step S603: start timer 2.
Step S604: judge that whether timer 2 is overtime, if it is assert that USBKEY signs unsuccessfully, otherwise performs step S606.
Step S605: generation error code.
Step S606: wait for next step instruction.
Step S607: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S606.
When in the process in digital signature, when host computer sends to the instruction of USBKEY to be valid instruction, and this valid instruction is for obtaining object command, performs following method:
Step S701: judge USBKEY running status, judges whether user completes button, if it is performs step S702, otherwise performs step S706.
Step S702: judge that whether signature command is complete, if it is performs step S703, otherwise performs step S706.
Step S703:USBKEY performs and obtains object command.
Step S704: judge the whether wrong code of USBKEY, if it is performs step S707, otherwise performs step S705.
Step S705: return digital signature result state to host computer, performs step S708.
Step S706: generation error code.
Step S707: return error code to host computer.
Step S708:USBKEY removes data cached.
Communication module 22: for returning signature object information or error code information to described host computer 11.
Display module 23: for digital signature program at first, screen display relevant information.
More specifically, the process of described displaying information on screen, comprising:
Step R1: wait for that described host computer 11 sends packet.
Step R2: resolve packet, if analysis result transaction message, then performs step R3, if clear data performs step R4.
Step R3: extract analytical algorithm by data and dissection process is carried out to transaction message.
Step R4: be presented at resolving the critical values obtained on the display screen of display module.
More specifically, can increase before step R2: if the packet that described host computer 11 sends is multiple subpackage, need to judge whether that packet finishes receiving completely.
More specifically, described data extract analytical algorithm can be that other data with corresponding level of security such as SM3 hash algorithm or SHA256 algorithm extract analytical algorithm.
More specifically, can increase before described step R4: to needing the critical values length of display to judge, if numerical value length is greater than the character length that display screen can show, then terminate this operation, if length is less than or equal to the character length that display screen can show, then continue to perform step R4.
Timer module 24: for judging that according to timer whether operation is overtime.
More specifically, as shown in Figure 4, described Timer module 24 comprises:
Timer 1: for judging that whether user key-press operation is overtime.
Timer 2: for judging that whether signature operation is overtime.
More specifically, the time-out of above-mentioned indication is: in a period of time after counter starts, described host computer 11 issues any instruction to described USBKEY12, or described host computer 11 sends to the instruction type of USBKEY12 not to be the signature command of expection or reads data command, or user does not operate button, all regard as time-out.
More specifically, described acquisition instruction remaining time for: obtain the count down time that records of timer 1.
More specifically, if the count down time of timer 1 is greater than 0, then described host computer 11 does not make next step operation to described USBKEY12, if when the countdown of timer 1 equals 0, then the identification of described host computer 11 is signed unsuccessfully, interrupts signature procedure, and prompting is on the display module of USBKEY12.
Keyboard input module 25: for judging user's whether button.
Concrete, as shown in Figure 3, described host computer 11 comprises:
Determination module 31: the temporal information for returning according to USBKEY Timer module judges that whether operation is overtime.
Computing module 32: for setting up escape way with USBKEY.
Communication module 33: for sending instruction to USBKEY, and the signature object information or the error code information that accept USBKEY transmission.
Describe the application's digital signature system according to Fig. 1-5 above, based on above-mentioned digital signature system, introduce a kind of digital signature method of the application's proposition below according to Fig. 6-11.
The digital signature method that the application proposes, as shown in Figure 6, comprising:
Step S1: described host computer 11 sets up escape way with USBKEY12.
More specifically, described step S1: described host computer 11 sets up escape way with USBKEY12, comprising:
Step T1: initialization is carried out to USBKEY12.
Step T2: described host computer 11 sends communication request to USBKEY12.
Step T3: whether detect USBKEY12 has the public and private key pair with the coded communication of described host computer 11, if do not generate public and private key pair.
PKI is sent to described host computer 11 by step T4:USBKEY12.
Step T5: described host computer 11 generates random number as communication key.
Step T6: communication key is encrypted by described host computer 11 PKI of USBKEY12.
Step T7: the communication key after public key encryption is sent to USBKEY12 by described host computer 11.
After step T8:USBKEY12 receives the communication key of encryption, the private key communication key to described encryption corresponding with PKI is decrypted, and obtains described host computer 11 communication key.
Step T9:USBKEY12 described host computer 11 communication key and described host computer 11 set up escape way.
More specifically, set up in the method for escape way at host computer 11 described above with USBKEY12, can increase between step T2 and step T3:
When step T2a:USBKEY12 receives the communication request of described host computer 11 transmission, send authentication request to described host computer 11.
Step T2b: identity information is sent to USBKEY12 by described host computer 11.
If step T2c:USBKEY12 verifies and identical with the trusted users information be preset in USBKEY12, is then verified the identity information that described host computer 11 sends, and perform step T3, authentication failed then exits the method.
More specifically, described public and private key is to the enciphering and deciphering algorithm can with level of security.
The enciphering and deciphering algorithm used in the present embodiment is for the asymmetric public and private key of RSA is to enciphering and deciphering algorithm.
Step S2: digital signature program starts, screen starts display.
More specifically, the process of described displaying information on screen, comprising:
Step R1: wait for that described host computer 11 sends packet.
Step R2: resolve packet, if analysis result transaction message, then performs step R3, if clear data performs step R4.
Step R3: extract analytical algorithm by data and dissection process is carried out to transaction message.
Step R4: be presented at resolving the critical values obtained on the display screen of display module.
More specifically, can increase before step R2: if the packet that described host computer 11 sends is multiple subpackage, need to judge whether that packet finishes receiving completely.
More specifically, described data extract analytical algorithm can be that other data with corresponding level of security such as SM3 hash algorithm or SHA256 algorithm extract analytical algorithm.
More specifically, can increase before described step R4: to needing the critical values length of display to judge, if numerical value length is greater than the character length that display screen can show, then terminate this operation, if length is less than or equal to the character length that display screen can show, then continue to perform step R4.
Step S3: judge that whether operation is overtime, if time-out, exit the method flow process; Not overtime continuation performs step S4.
Concrete, as shown in Figure 7, described step S3: judge that whether operation is overtime, comprising:
Step S301: start timer 1.
Step S302: judge that whether timer 1 is overtime, if otherwise perform step S4, be assert that USBKEY signs unsuccessfully, perform step S303.
More specifically, in above-mentioned steps S302, the time-out of indication is: in a period of time after counter starts, described host computer 11 issues any instruction to described USBKEY12, or described host computer 11 sends to the instruction type of USBKEY12 not to be valid instruction, all regards as time-out.
More specifically, if the count down time of timer 1 is greater than 0, then described host computer 11 does not make next step operation to described USBKEY12, if when the countdown of timer 1 equals 0, then the identification of described host computer 11 is signed unsuccessfully, interrupts signature procedure, and prompting is on the display module of USBKEY12.
Step S303: wait for next step instruction.
Step S304: judge whether host computer sends instruction, if otherwise perform step S303, be perform step S4.
Step S4: host computer sends instruction to USBKEY, USBKEY judge whether the instruction sent is valid instruction, if valid instruction then performs step S5, otherwise exits the method.
Concrete, as shown in Figure 8, described step S4: host computer sends instruction to USBKEY, is specially:
Step S401: send instructions under host computer.
Step S402: judge that whether decision instruction is legal, if it is continues to perform step S403, otherwise assert that USBKEY signs unsuccessfully.
Step S403: judge instruction type, if be acquisition time instruction, performs step S501, if for performing signature command, perform step S601, if for obtaining object command, perform step S701.
Step S5:USBKEY12 performs signature operation.
Concrete, as shown in figs. 9-11, described step S5:USBKEY12 performs signature operation, is specially:
As shown in Figure 9, if described instruction is acquisition time instruction, then following steps are performed:
Step S501: perform and obtain instruction remaining time, return key press time.
Step S502: host computer judges whether to remain key press time in addition, if it is performs step S503, otherwise assert that USBKEY signs unsuccessfully.
Step S503: wait for user key-press.
Step S504: judge user's whether button, if it is perform step S505, otherwise perform step S3.
Step S505: wait for next step instruction.
Step S506: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S505.
As shown in Figure 10, if described instruction is acquisition time instruction, then following steps are performed:
Step S601: judge USBKEY running status, judges whether user completes button, if it is performs step S602, otherwise performs step S605.
Step S602:USBKEY performs signature command.
Step S603: start timer 2.
Step S604: judge that whether timer 2 is overtime, if it is assert that USBKEY signs unsuccessfully, otherwise performs step S606.
Step S605: generation error code.
Step S606: wait for next step instruction.
Step S607: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S606.
As shown in figure 11, if described instruction is for obtaining object command, then following steps are performed:
Step S701: judge USBKEY running status, judges whether user completes button, if it is performs step S702, otherwise performs step S706.
Step S702: judge that whether signature command is complete, if it is performs step S703, otherwise performs step S706.
Step S703:USBKEY performs and obtains object command.
Step S704: judge the whether wrong code of USBKEY, if it is performs step S707, otherwise performs step S705.
Step S705: return digital signature result state to host computer, performs step S708.
Step S706: generation error code.
Step S707: return error code to host computer.
Step S708:USBKEY removes data cached.
More specifically, the described USBKEY of above-mentioned identification signs unsuccessfully and then performs following steps:
Step N1: enter wait state, waits for next step instruction.
Step N2: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step T1.
The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be the content not departing from technical solution of the present invention, according to any simple modification that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.
Claims (11)
1. a digital signature method, is characterized in that, described method comprises:
Step S1: host computer and USBKEY set up escape way;
Step S2: digital signature program starts, screen starts display;
Step S3: judge that whether operation is overtime, if time-out, exit the method, not overtime then continuation performs step S4;
Step S4: host computer sends instruction to USBKEY, USBKEY judge whether the instruction sent is valid instruction, if valid instruction then performs step S5, otherwise exits the method;
Step S5:USBKEY operates by instruction.
2. digital signature method as claimed in claim 1, it is characterized in that, valid instruction wherein refers to that this instruction meets predetermined instruction type.
3. the method for digital signature as claimed in claim 1, is characterized in that, described step S3: judge that whether operation is overtime, be specially:
Step S301: start timer 1;
Step S302: judge that whether timer 1 is overtime, if otherwise perform step S4, be assert that USBKEY signs unsuccessfully, perform step S303;
Step S303: wait for next step instruction;
Step S304: judge whether host computer sends instruction, if otherwise perform step S303, be perform step S4.
4. the method for digital signature as claimed in claim 1, it is characterized in that, described step S4: host computer sends instruction to USBKEY, is specially:
Step S401: send instructions under host computer;
Step S402: judge that whether decision instruction is legal, if it is continues to perform step S403, otherwise assert that USBKEY signs unsuccessfully;
Step S403: judge instruction type, if be acquisition time instruction, then performs step S501, if for performing signature command, then perform step S601, if for obtaining object command, then perform step S701.
5. the method for digital signature as claimed in claim 1, it is characterized in that, described step S5:USBKEY operates by instruction, is specially:
If described instruction is acquisition time instruction, then perform following steps:
Step S501: perform and obtain instruction remaining time, return key press time;
Step S502: host computer judges whether to remain key press time in addition, if it is performs step S503, otherwise assert that USBKEY signs unsuccessfully;
Step S503: wait for user key-press;
Step S504: judge user's whether button, if it is perform step S505, otherwise perform step S3;
Step S505: wait for next step instruction;
Step S506: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S505;
If described instruction is acquisition time instruction, then perform following steps:
Step S601: judge USBKEY running status, judges whether user completes button, if it is performs step S602, otherwise performs step S605;
Step S602:USBKEY performs signature command;
Step S603: start timer 2;
Step S604: judge that whether timer 2 is overtime, if it is assert that USBKEY signs unsuccessfully, otherwise performs step S606;
Step S605: generation error code;
Step S606: wait for next step instruction;
Step S607: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step S606;
If described instruction for obtaining object command, then performs following steps:
Step S701: judge USBKEY running status, judges whether user completes button, if it is performs step S702, otherwise performs step S706;
Step S702: judge that whether signature command is complete, if it is performs step S703, otherwise performs step S706;
Step S703:USBKEY performs and obtains object command;
Step S704: judge the whether wrong code of USBKEY, if it is performs step S707, otherwise performs step S705;
Step S705: return digital signature result state to host computer, performs step S708;
Step S706: generation error code;
Step S707: return error code to host computer;
Step S708:USBKEY removes data cached.
6. the method for the digital signature as described in claim 2-4, is characterized in that, assert that described USBKEY signs unsuccessfully and performs following steps:
Step N1: enter wait state, waits for next step instruction;
Step N2: judge whether host computer sends instruction, if it is performs step S4, otherwise performs step T1.
7. a digital signature system, comprises host computer and USBKEY, it is characterized in that, described system comprises:
Host computer: for setting up escape way with USBKEY, sends instruction to USBKEY, and accepts signature object information or the error code information of USBKEY transmission;
USBKEY: for setting up escape way with host computer, received the instruction of host computer transmission by escape way, whether decision instruction is valid instruction, if valid instruction then performs this instruction and return signature object information to host computer; If disable instruction then sends error message.
8. digital signature system as claimed in claim 7, it is characterized in that, valid instruction wherein refers to that this instruction meets predetermined instruction type.
9. digital signature system as claimed in claim 7, it is characterized in that, described USBKEY comprises:
Control module: for setting up escape way with host computer, sends according to host computer the operation that instruction performs corresponding correspondence;
Communication module: for returning signature object information or error code information to host computer;
Display module: for digital signature program at first, screen display relevant information;
Timer module: for judging that according to timer whether operation is overtime;
Keyboard input module: for judging user's whether button.
10. digital signature system as claimed in claim 9, it is characterized in that, described control module comprises:
Identifying unit: whether legal for judging the instruction that host computer sends, if legal, judges the type of instruction, judges USBKEY running status;
Logical processing unit: for setting up escape way with host computer, and process accordingly respectively according to the instruction type that described identifying unit judges, if be acquisition time instruction, then obtain remaining time, and wait for user key-press, if for performing signature command, then perform signature operation, if for obtaining object command, detect error code, and detection signature result.
11. digital signature systems as claimed in claim 7, it is characterized in that, described host computer comprises:
Determination module: the temporal information for returning according to USBKEY Timer module judges that whether operation is overtime;
Computing module: for setting up escape way with USBKEY;
Communication module: for sending instruction to USBKEY, and the signature object information or the error code information that accept USBKEY transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510957701.9A CN105376067A (en) | 2015-12-18 | 2015-12-18 | Method and system for digital signatures |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510957701.9A CN105376067A (en) | 2015-12-18 | 2015-12-18 | Method and system for digital signatures |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105376067A true CN105376067A (en) | 2016-03-02 |
Family
ID=55377898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510957701.9A Pending CN105376067A (en) | 2015-12-18 | 2015-12-18 | Method and system for digital signatures |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105376067A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107645500A (en) * | 2017-09-15 | 2018-01-30 | 成都德芯数字科技股份有限公司 | Broadcast data exchange method and device |
| CN108269091A (en) * | 2018-01-25 | 2018-07-10 | 北京明华联盟科技有限公司 | standby processing method, device, system and computer readable storage medium |
| CN112307518A (en) * | 2020-10-16 | 2021-02-02 | 神州融安科技(北京)有限公司 | Signature information processing method, signature information display method, signature information processing device, signature information display device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1913429A (en) * | 2005-08-11 | 2007-02-14 | 北京握奇数据系统有限公司 | Physic identification method and electronic device |
| CN101599835A (en) * | 2009-07-14 | 2009-12-09 | 北京坚石诚信科技有限公司 | Signature device and method for executing operating instructions thereof |
| CN102571355A (en) * | 2012-02-02 | 2012-07-11 | 飞天诚信科技股份有限公司 | Method and device for importing secret key without landing |
| CN103235911A (en) * | 2013-04-27 | 2013-08-07 | 飞天诚信科技股份有限公司 | Signature method |
-
2015
- 2015-12-18 CN CN201510957701.9A patent/CN105376067A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1913429A (en) * | 2005-08-11 | 2007-02-14 | 北京握奇数据系统有限公司 | Physic identification method and electronic device |
| CN101599835A (en) * | 2009-07-14 | 2009-12-09 | 北京坚石诚信科技有限公司 | Signature device and method for executing operating instructions thereof |
| CN102571355A (en) * | 2012-02-02 | 2012-07-11 | 飞天诚信科技股份有限公司 | Method and device for importing secret key without landing |
| CN103235911A (en) * | 2013-04-27 | 2013-08-07 | 飞天诚信科技股份有限公司 | Signature method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107645500A (en) * | 2017-09-15 | 2018-01-30 | 成都德芯数字科技股份有限公司 | Broadcast data exchange method and device |
| CN108269091A (en) * | 2018-01-25 | 2018-07-10 | 北京明华联盟科技有限公司 | standby processing method, device, system and computer readable storage medium |
| CN108269091B (en) * | 2018-01-25 | 2022-03-29 | 北京明华联盟科技有限公司 | Standby processing method, device and system and computer readable storage medium |
| CN112307518A (en) * | 2020-10-16 | 2021-02-02 | 神州融安科技(北京)有限公司 | Signature information processing method, signature information display method, signature information processing device, signature information display device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10700861B2 (en) | System and method for generating a recovery key and managing credentials using a smart blockchain contract | |
| CN109983466B (en) | Account management system and method based on block chain and storage medium | |
| US20170300920A1 (en) | Method Of And Apparatus For Authenticating Fingerprint, Smart Terminal And Computer Storage Medium | |
| JP2018521417A (en) | Safety verification method based on biometric features, client terminal, and server | |
| US9027103B2 (en) | Method and system for securely accessing to protected resource | |
| CN105408910A (en) | Systems and methods for authenticating access to operating system by user before the operating system is booted using wireless communication token | |
| US9332011B2 (en) | Secure authentication system with automatic cancellation of fraudulent operations | |
| WO2012149907A1 (en) | User terminal and payment system | |
| CN116980230B (en) | Information security protection method and device | |
| WO2014012392A1 (en) | Display device, authentication system comprising display device and authentication method | |
| WO2016010643A1 (en) | Method and system for password setting and authentication | |
| CN106487758B (en) | data security signature method, service terminal and private key backup server | |
| CN113709115A (en) | Authentication method and device | |
| CN105376067A (en) | Method and system for digital signatures | |
| CN105933503B (en) | Information processing method and electronic equipment | |
| TW201525895A (en) | Method of identification verification and terminal payment, terminal device and server thereof | |
| US20180075230A1 (en) | Identity authentication method and apparatus | |
| WO2018195759A1 (en) | Signature verification method, device and system | |
| CN104702410A (en) | Dynamic password authentication device, system and method | |
| CN110888716A (en) | Data processing method and device, storage medium and electronic equipment | |
| CN104021322A (en) | Electronic signature method, electronic signature equipment and electronic signature client | |
| CN114172923B (en) | Data transmission method, communication system and communication device | |
| WO2022073336A1 (en) | Secure payment method and apparatus, electronic device, and storage medium | |
| CN103699859A (en) | Information display method and device | |
| KR101319941B1 (en) | User authentication system by using touch pattern |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160302 |
|
| RJ01 | Rejection of invention patent application after publication |