CN110555311A - Electronic signature system security design method and system based on pure soft cryptographic operation - Google Patents
Electronic signature system security design method and system based on pure soft cryptographic operation Download PDFInfo
- Publication number
- CN110555311A CN110555311A CN201910660926.6A CN201910660926A CN110555311A CN 110555311 A CN110555311 A CN 110555311A CN 201910660926 A CN201910660926 A CN 201910660926A CN 110555311 A CN110555311 A CN 110555311A
- Authority
- CN
- China
- Prior art keywords
- encryption key
- algorithm
- core
- core encryption
- seed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Abstract
The invention discloses a method and a system for designing the safety of an electronic signature system based on pure soft password operation, wherein the method comprises the following steps: acquiring administrator configuration information and hardware uniqueness information, and calculating a core encryption key seed according to a preset seed generation algorithm; generating a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, wherein the core encryption key is a symmetric key and is used for encrypting and decrypting information in the electronic signature system; applying a core encryption key to execute business service, wherein the business service comprises a seal making, a seal signing and a seal checking; and after the service is finished, destroying and releasing the core encryption key. The method and the system adopt the mode of only storing the master key seed and the secret key generation algorithm of the electronic signature system, avoid the appearance of the core key plaintext, ensure the safety of the core encryption key of the system, and greatly improve the operation efficiency by virtue of the operation advantages of a host CPU.
Description
Technical Field
the invention relates to the technical field of information, in particular to a method and a system for designing the safety of an electronic signature system based on pure soft password operation.
Background
with the rapid development of computer technology and computer networks, the business of online office and online transaction is more and more common, and the data transmission is more and more frequent. The wide data transmission is mainly used for online transaction, data exchange, electronic documents and the like. However, in the process of data transmission, data faces potential safety hazards such as tampering and content repudiation, so that important and high-sensitivity data need to be strictly protected through reliable technology in the transmission process. The electronic signature technology itself can guarantee the integrity and non-repudiation of the data. The electronic signature has great advantages over the traditional seal, so the electronic signature product is the fastest PKI product developed from the implementation of the electronic signature method. However, the key of the traditional electronic signature service system is stored in the cryptographic device, the implementation method has higher cost, low operation performance and poor environmental adaptability, and the cryptographic device needs to be matched with operating systems of different versions, and the like, thereby greatly limiting the popularization of products.
Disclosure of Invention
In order to solve the problems of low operation performance, high failure rate, high cost, limited use scene and the like caused by the adoption of special password equipment in the conventional electronic signature system in the background art, the invention provides a method and a system for safely designing the electronic signature system based on pure soft password operation. The electronic signature system security design method based on pure soft cryptographic operation comprises the following steps:
Acquiring administrator configuration information and hardware uniqueness information, and calculating a core encryption key seed according to a preset seed generation algorithm;
generating a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, wherein the core encryption key is a symmetric key and is used for encrypting and decrypting information in the electronic signature system;
applying a core encryption key to execute business service, wherein the business service comprises a seal making, a seal signing and a seal checking;
and after the service is finished, destroying and releasing the core encryption key.
Further, before the calculating the core encryption key seed according to the preset seed generation algorithm, the method further includes:
acquiring unique hardware information and administrator configuration information, wherein the unique hardware information comprises a mainboard, a memory and hard disk parameters;
Calculating a core encryption key seed according to a preset seed generation algorithm;
and storing the core encryption key seed in the USBKey.
Further, after the calculating the core encryption key seed according to the preset seed generation algorithm, the method further includes:
and comparing whether the core encryption key seed is consistent with the core encryption key seed prestored in the USBKey, if so, continuing to execute the subsequent operation, and if not, returning to be abnormal, and not executing the subsequent operation.
further, the preset seed generation algorithm includes:
Adding the hardware information and the administrator setting parameters encrypted according to the SM3 password hash algorithm to obtain an addition result;
and encrypting the addition result according to an SM3 cryptographic hash algorithm to obtain a core encryption key seed.
further, the preset core encryption key generation algorithm includes:
Respectively encrypting the core encryption key seeds by using an MD5 message digest algorithm, an SHA256 secure hash algorithm and an SM3 cipher hash algorithm to obtain three groups of encrypted data;
the sum of the three sets of encrypted data is encrypted according to the SM3 cryptographic hash algorithm to obtain a core encryption key.
Further, the encryption and decryption algorithm of the sensitive information in the electronic signature system comprises:
the encryption process is that the plaintext information is encrypted by using a core encryption key through an AES algorithm, and then the encrypted data is encrypted by using an SM4 block cipher algorithm to obtain final ciphertext information;
the decryption process is to decrypt the ciphertext information by using the core encryption key and adopting an AES algorithm, and then decrypt the decrypted data by adopting an SM4 block cipher algorithm to obtain the final plaintext information.
The electronic signature system security design system based on pure soft cryptographic operation comprises:
the system comprises a hardware parameter acquisition unit, a core encryption key seed generation unit, a core encryption key generation unit, a system service unit and a core encryption key destruction unit;
The hardware parameter acquisition unit is used for acquiring administrator configuration information and hardware uniqueness information;
the core encryption key seed generation unit is used for calculating a core encryption key seed according to a preset seed generation algorithm by using the administrator configuration information and the hardware uniqueness information;
the core encryption key generation unit is used for generating a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, wherein the core encryption key is a symmetric key and is used for encrypting and decrypting information in the electronic signature system;
The system business service unit is used for executing system business service by applying a core encryption key, and the system business service comprises a seal making unit, a seal signing unit and a seal verifying unit;
the core encryption key destroying unit is used for destroying and releasing the encryption and decryption keys.
Further, the system also comprises a USBKey;
The USBKey is used for prestoring a core encryption key seed, the core encryption key seed is generated by the core encryption key seed generation unit, and the USBKey is prestoring in the USBKey during system initialization.
Further, the system further comprises a core encryption key seed matching unit, and the core encryption key seed matching unit is used for comparing whether the core encryption key seed generated by the core encryption key seed generating unit is consistent with the core encryption key seed prestored in the USBKey when the system is started.
further, adding the hardware information and the administrator setting parameters encrypted according to the SM3 password hash algorithm to obtain an addition result;
And encrypting the addition result according to an SM3 cryptographic hash algorithm to obtain a core encryption key seed.
Further, the core encryption key seeds are respectively encrypted by using an MD5 message digest algorithm, an SHA256 secure hash algorithm and an SM3 cryptographic hash algorithm to obtain three groups of encrypted data;
the sum of the three sets of encrypted data is encrypted according to the SM3 cryptographic hash algorithm to obtain a core encryption key.
further, the encryption process is to encrypt the plaintext information by using a core encryption key through an AES algorithm, and then encrypt the encrypted data by using an SM4 block cipher algorithm to obtain final ciphertext information;
The decryption process is to decrypt the ciphertext information by using the core encryption key and adopting an AES algorithm, and then decrypt the decrypted data by adopting an SM4 block cipher algorithm to obtain the final plaintext information.
the invention has the beneficial effects that: the technical scheme of the invention provides a method and a system for designing the security of an electronic signature system based on pure soft cryptographic operation, wherein the method and the system adopt a mode of only storing a master key seed and a secret key generation algorithm of the electronic signature system, and carry out unique design from two key links of key generation and key use, thereby effectively ensuring the use security of a core encryption key of the electronic signature system, and simultaneously greatly improving the operation efficiency and reducing the product cost by virtue of the operation advantages of a host CPU (central processing unit), and the method and the system are suitable for various application scenes.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
FIG. 1 is a flowchart of a security design method for an electronic signature system based on pure soft cryptographic operations according to an embodiment of the present invention;
FIG. 2 is a block diagram of a security design system of an electronic signature system based on pure soft cryptographic operations according to an embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
FIG. 1 is a flowchart of a security design method for an electronic signature system based on pure soft cryptographic operations according to an embodiment of the present invention; as shown in fig. 1, the method includes:
Step 110, acquiring unique hardware information and administrator configuration information, calculating a core encryption key seed according to a preset seed generation algorithm, ensuring that seed information is uniquely corresponding to the running hardware information, and preventing sensitive information from being leaked due to illegal copying of a system;
the preset seed generation algorithm is as follows:
adding the hardware information and the administrator setting parameters encrypted according to the SM3 password hash algorithm to obtain an addition result;
and encrypting the addition result according to an SM3 cryptographic hash algorithm to obtain a core encryption key seed.
namely: core encryption key seed SM3 (hardware info + SM3 (Administrator set parameters))
Wherein, the SM3 is a cryptographic hash algorithm.
in step 110, before calculating the core encryption key seed according to the preset seed generation algorithm, unique hardware information and administrator configuration information are obtained, the unique hardware information includes parameters of the motherboard, the memory and the hard disk, the core encryption key seed is calculated according to the preset seed generation algorithm, and the calculated core encryption key seed is stored in the USBKkey.
And step 120, comparing whether the core encryption key seed is consistent with a core encryption key seed prestored in the USBKey, if so, continuing to execute the subsequent operation, and if not, returning to be abnormal, and not executing the subsequent operation.
Step 130, generating a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, wherein the core encryption key generation algorithm is as follows:
Further, the preset core encryption key generation algorithm includes:
Respectively encrypting the core encryption key seeds by using an MD5 message digest algorithm, an SHA256 secure hash algorithm and an SM3 cipher hash algorithm to obtain three groups of encrypted data;
The sum of the three sets of encrypted data is encrypted according to the SM3 cryptographic hash algorithm to obtain a core encryption key.
namely: the core encryption key is SM3(MD5 (core encryption key seed) + SHA256 (core encryption key seed) + SM3 (core encryption key seed));
Wherein, SM3 is a cryptographic hash algorithm, SHA256 is a secure hash algorithm, and MD5 is a message digest algorithm;
The core encryption key is a symmetric key and is used for encryption and decryption of information in the electronic signature system, and comprises a decryption signer key, a user key and the like.
Step 140, executing a business service by applying the core encryption key, wherein the business service comprises a seal making, a seal signing and a seal checking;
The key used in the business service process is protected by adopting a business key encryption algorithm, the key comprises a signer key, a user escrow key and the like, and the business key encryption algorithm is as follows: the encryption and decryption algorithm of the sensitive information in the electronic signature system comprises the following steps:
the encryption process is that the plaintext information is encrypted by using a core encryption key through an AES algorithm, and then the encrypted data is encrypted by using an SM4 block cipher algorithm to obtain final ciphertext information;
the decryption process comprises the steps of decrypting the ciphertext information by using a core encryption key through an AES algorithm, and then decrypting the decrypted data by using an SM4 block cipher algorithm to obtain final plaintext information; namely:
ciphertext message E SM4 (E AES (plaintext message))
plaintext information D SM4 (D AES (ciphertext information))
where SM4 and AES are cryptographic algorithms, E stands for encryption and D stands for decryption.
And 150, after the service is finished, destroying and releasing the core encryption key, generating the key when the key is used, releasing the key after the key is used, and ensuring the use safety of the key.
Fig. 2 is a structural diagram of a system of a security design method for an electronic signature system based on pure soft cryptographic operation according to an embodiment of the present invention, as shown in fig. 2, the system includes: a hardware parameter obtaining unit 210, a core encryption key seed generating unit 220, a core encryption key generating unit 230, a system service unit 240, and a core encryption key destroying unit 250;
the hardware parameter obtaining unit 210 is configured to obtain administrator configuration information and hardware uniqueness information;
The core encryption key seed generating unit 220 is configured to calculate a core encryption key seed according to a preset seed generating algorithm by using the administrator configuration information and the hardware uniqueness information;
the core encryption key generation unit 230 is configured to generate a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, where the core encryption key is a symmetric key and is used for encryption and decryption of information in an electronic signature system;
The system service unit 240 is configured to execute a system service using the core encryption key, where the system service includes a signature, and a verification;
The core encryption key destruction unit 250 is configured to destroy and release the encryption and decryption keys.
further, the system also comprises a USBKey, wherein the USBKey is used for pre-storing a core encryption key seed, the core encryption key seed is generated by the core encryption key seed generation unit, and the USBKey is pre-stored in the USBKey during system initialization.
Further, the system further comprises a core encryption key seed matching unit, wherein the core encryption key seed matching unit is used for comparing whether the core encryption key seed generated by the core encryption key seed generation unit is consistent with the core encryption key seed prestored in the USBKey when the system is started, if so, the subsequent operation is continuously executed, and if not, the exception is returned, and the subsequent operation is not executed.
further, the preset seed generation algorithm includes:
Adding the hardware information and the administrator setting parameters encrypted according to the SM3 password hash algorithm to obtain an addition result;
And encrypting the addition result according to an SM3 cryptographic hash algorithm to obtain a core encryption key seed.
Further, the preset core encryption key generation algorithm includes:
Respectively encrypting the core encryption key seeds by using an MD5 message digest algorithm, an SHA256 secure hash algorithm and an SM3 cipher hash algorithm to obtain three groups of encrypted data;
The sum of the three sets of encrypted data is encrypted according to the SM3 cryptographic hash algorithm to obtain a core encryption key.
Furthermore, the system service unit also comprises a key information encryption module, wherein the key information encryption module is used for protecting keys required by the service by adopting a service key encryption algorithm;
the encryption process of the service key encryption algorithm is to encrypt plaintext information by adopting an AES algorithm and encrypt the encrypted data by adopting an SM4 block cipher algorithm to obtain final ciphertext information;
And the decryption process of the service key encryption algorithm comprises the steps of decrypting the ciphertext information by adopting an AES algorithm and decrypting the decrypted data by adopting an SM4 block cipher algorithm to obtain the final plaintext information.
in the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Reference to step numbers in this specification is only for distinguishing between steps and is not intended to limit the temporal or logical relationship between steps, which includes all possible scenarios unless the context clearly dictates otherwise.
moreover, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the disclosure and form different embodiments. For example, any of the embodiments claimed in the claims can be used in any combination.
Various component embodiments of the disclosure may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. The present disclosure may also be embodied as device or system programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present disclosure may be stored on a computer-readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
it should be noted that the above-mentioned embodiments illustrate rather than limit the disclosure, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The disclosure may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several systems, several of these systems may be embodied by one and the same item of hardware.
the foregoing is directed to embodiments of the present disclosure, and it is noted that numerous improvements, modifications, and variations may be made by those skilled in the art without departing from the spirit of the disclosure, and that such improvements, modifications, and variations are considered to be within the scope of the present disclosure.
Claims (12)
1. a security design method of an electronic signature system based on pure soft cryptographic operation comprises the following steps:
acquiring administrator configuration information and hardware uniqueness information, and calculating a core encryption key seed according to a preset seed generation algorithm;
generating a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, wherein the core encryption key is a symmetric key and is used for encrypting and decrypting information in the electronic signature system;
Applying a core encryption key to execute business service, wherein the business service comprises a seal making, a seal signing and a seal checking;
and after the service is finished, destroying and releasing the core encryption key.
2. The method of claim 1, wherein before said computing the core encryption key seed according to the predetermined seed generation algorithm, the method further comprises:
Acquiring unique hardware information and administrator configuration information, wherein the unique hardware information comprises a mainboard, a memory and hard disk parameters;
calculating a core encryption key seed according to a preset seed generation algorithm;
And storing the core encryption key seed in the USBKey.
3. the method of claim 2, wherein after the calculating the core encryption key seed according to the predetermined seed generation algorithm, the method further comprises:
and comparing whether the core encryption key seed is consistent with the core encryption key seed prestored in the USBKey, if so, continuing to execute the subsequent operation, and if not, returning to be abnormal, and not executing the subsequent operation.
4. the method of claim 1, wherein the pre-set seed generation algorithm comprises:
adding the hardware information and the administrator setting parameters encrypted according to the SM3 password hash algorithm to obtain an addition result;
And encrypting the addition result according to an SM3 cryptographic hash algorithm to obtain a core encryption key seed.
5. the method of claim 1, wherein the pre-defined core encryption key generation algorithm comprises:
respectively encrypting the core encryption key seeds by using an MD5 message digest algorithm, an SHA256 secure hash algorithm and an SM3 cipher hash algorithm to obtain three groups of encrypted data;
the sum of the three sets of encrypted data is encrypted according to the SM3 cryptographic hash algorithm to obtain a core encryption key.
6. The method of claim 1, further comprising:
The keys required by the service are protected by adopting a service key encryption algorithm;
the encryption process of the service key encryption algorithm is to encrypt plaintext information by adopting an AES algorithm and encrypt the encrypted data by adopting an SM4 block cipher algorithm to obtain final ciphertext information;
And the decryption process of the service key encryption algorithm comprises the steps of decrypting the ciphertext information by adopting an AES algorithm and decrypting the decrypted data by adopting an SM4 block cipher algorithm to obtain the final plaintext information.
7. A security design system of an electronic signature system based on pure soft cryptographic operation comprises a hardware parameter acquisition unit, a core encryption key seed generation unit, a core encryption key generation unit, a system service unit and a core encryption key destruction unit;
The hardware parameter acquisition unit is used for acquiring administrator configuration information and hardware uniqueness information;
the core encryption key seed generation unit is used for calculating a core encryption key seed according to a preset seed generation algorithm by using the administrator configuration information and the hardware uniqueness information;
the core encryption key generation unit is used for generating a core encryption key according to a preset core encryption key generation algorithm and the core encryption key seed, wherein the core encryption key is a symmetric key and is used for encrypting and decrypting information in the electronic signature system;
The system business service unit is used for executing system business service by applying a core encryption key, and the system business service comprises a seal making unit, a seal signing unit and a seal verifying unit;
the core encryption key destroying unit is used for destroying and releasing the encryption and decryption keys.
8. the system of claim 7, wherein: the system also includes a USBKey;
The USBKey is used for prestoring a core encryption key seed, the core encryption key seed is generated by the core encryption key seed generation unit, and the USBKey is prestoring in the USBKey during system initialization.
9. the system according to claim 8, wherein the system further comprises a core encryption key seed matching unit, and the core encryption key seed matching unit is configured to compare whether the core encryption key seed generated by the core encryption key seed generation unit at system startup is consistent with the core encryption key seed pre-stored in the USBKey.
10. the system of claim 7, wherein the pre-set seed generation algorithm comprises:
adding the hardware information and the administrator setting parameters encrypted according to the SM3 password hash algorithm to obtain an addition result;
and encrypting the addition result according to an SM3 cryptographic hash algorithm to obtain a core encryption key seed.
11. the system of claim 7, wherein the pre-defined core encryption key generation algorithm comprises:
Respectively encrypting the core encryption key seeds by using an MD5 message digest algorithm, an SHA256 secure hash algorithm and an SM3 cipher hash algorithm to obtain three groups of encrypted data;
the sum of the three sets of encrypted data is encrypted according to the SM3 cryptographic hash algorithm to obtain a core encryption key.
12. the system according to claim 7, wherein the system service unit further comprises a key information encryption module, and the key information encryption module is configured to protect keys required for service by using a service key encryption algorithm;
the encryption process of the service key encryption algorithm is to encrypt plaintext information by adopting an AES algorithm and encrypt the encrypted data by adopting an SM4 block cipher algorithm to obtain final ciphertext information;
and the decryption process of the service key encryption algorithm comprises the steps of decrypting the ciphertext information by adopting an AES algorithm and decrypting the decrypted data by adopting an SM4 block cipher algorithm to obtain the final plaintext information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910660926.6A CN110555311A (en) | 2019-07-22 | 2019-07-22 | Electronic signature system security design method and system based on pure soft cryptographic operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910660926.6A CN110555311A (en) | 2019-07-22 | 2019-07-22 | Electronic signature system security design method and system based on pure soft cryptographic operation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110555311A true CN110555311A (en) | 2019-12-10 |
Family
ID=68736488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910660926.6A Pending CN110555311A (en) | 2019-07-22 | 2019-07-22 | Electronic signature system security design method and system based on pure soft cryptographic operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110555311A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN101369889A (en) * | 2007-08-13 | 2009-02-18 | 深圳兆日技术有限公司 | System and method for electronic endorsement of document |
| CN101894238A (en) * | 2010-08-09 | 2010-11-24 | 中国人民解放军海军工程大学 | Double authentication-based word document electronic seal system and method |
| CN106230600A (en) * | 2016-08-10 | 2016-12-14 | 武汉信安珞珈科技有限公司 | A kind of generation method and system of dynamic password |
| WO2017024934A1 (en) * | 2015-08-07 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Electronic signing method, device and signing server |
| CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
-
2019
- 2019-07-22 CN CN201910660926.6A patent/CN110555311A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN101369889A (en) * | 2007-08-13 | 2009-02-18 | 深圳兆日技术有限公司 | System and method for electronic endorsement of document |
| CN101894238A (en) * | 2010-08-09 | 2010-11-24 | 中国人民解放军海军工程大学 | Double authentication-based word document electronic seal system and method |
| WO2017024934A1 (en) * | 2015-08-07 | 2017-02-16 | 阿里巴巴集团控股有限公司 | Electronic signing method, device and signing server |
| CN106230600A (en) * | 2016-08-10 | 2016-12-14 | 武汉信安珞珈科技有限公司 | A kind of generation method and system of dynamic password |
| CN109472166A (en) * | 2018-11-01 | 2019-03-15 | 恒生电子股份有限公司 | A kind of electronic signature method, device, equipment and medium |
Non-Patent Citations (1)
| Title |
|---|
| 赵 波: "基于USB Key的安全增强密钥生成方案", 《计算机工程与应用》, pages 135 - 141 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107210914B (en) | Method for secure credential provisioning | |
| EP3318003B1 (en) | Confidential authentication and provisioning | |
| US9684789B2 (en) | Arbitrary code execution and restricted protected storage access to trusted code | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| US8909932B2 (en) | Method and apparatus for security over multiple interfaces | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| JP2005012732A (en) | Device authentication system, terminal device, authentication server, service server, terminal device method, authentication method, terminal device program, authentication program, service server program, and storage medium | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| US11888832B2 (en) | System and method to improve user authentication for enhanced security of cryptographically protected communication sessions | |
| CN112311718A (en) | Method, device and equipment for detecting hardware and storage medium | |
| CN114793184A (en) | Security chip communication method and device based on third-party key management node | |
| CN113726733B (en) | Encryption intelligent contract privacy protection method based on trusted execution environment | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| US10057054B2 (en) | Method and system for remotely keyed encrypting/decrypting data with prior checking a token | |
| KR20140071775A (en) | Cryptography key management system and method thereof | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| CN110555311A (en) | Electronic signature system security design method and system based on pure soft cryptographic operation | |
| CN108985079B (en) | Data verification method and verification system | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| US11928247B2 (en) | Methods and devices for AI model integrity and secrecy protection | |
| CN109981612B (en) | Method and system for preventing cipher machine equipment from being illegally copied and cipher machine equipment | |
| CN102236754B (en) | Data security method and electronic device using same | |
| WO2022133923A1 (en) | License authentication method and apparatus, electronic device, system, and storage medium | |
| CN116188009A (en) | National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |