CN111211911B

CN111211911B - Collaborative signature method, device, equipment and system

Info

Publication number: CN111211911B
Application number: CN201911421375.4A
Authority: CN
Inventors: 潘无穷; 林孝旦; 方海峰
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2019-12-31
Filing date: 2019-12-31
Publication date: 2021-05-14
Anticipated expiration: 2039-12-31
Also published as: CN111211911A

Abstract

The embodiment of the specification provides a collaborative signing method, a device, equipment and a system. The method comprises the following steps: the private key is divided into at least two private key components and respectively stored in cooperative parties participating in cooperative signature, before a user side initiates a signature verification behavior, a server sends a first private key operation protection component to the user side in advance, the user side generates a first partial signature by using the first private key operation protection component and the first private key component to initiate signature verification, and the server generates a complete signature based on the first partial signature and the second private key component and directly sends the complete signature to a signature verifier.

Description

Collaborative signature method, device, equipment and system

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a collaborative signature method, apparatus, device, and system.

Background

The cooperative signature means that a private key used by the signature is divided into a plurality of private key components and managed by multiple parties respectively, and the signature calculation process is also completed by the cooperation of the multiple parties. In current collaborative signature schemes, multiple parties typically communicate over the public network.

Therefore, there is a need to provide a more efficient co-signing scheme.

Disclosure of Invention

The embodiment of the specification provides a collaborative signing method for improving collaborative signing efficiency.

An embodiment of the present specification further provides a collaborative signature method, including:

when a preset time node is reached, the server sends a first private key operation protection component to the user side, wherein the preset time node is earlier than a time node at which the user side initiates a signature verification behavior;

receiving a first part of signature sent by the user side, wherein the first part of signature is generated based on a first private key component and the first private key operation protection component;

generating a complete signature based on the first partial signature and the second private key component, and sending the complete signature to a signature verifier; the first private key component and the second private key component are obtained by splitting a complete private key and are respectively stored in the user side and the server.

the method comprises the steps that a user side receives a first private key operation protection component, the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node of a signature verification behavior initiated by the user side;

generating a first partial signature based on the first private key operation protection component and a first private key component;

sending the first partial signature to the server, generating a complete signature by the server based on the first partial signature and the second private key component, and sending the complete signature to a signature verifier; the first private key component and the second private key component are obtained by splitting a secret key and are respectively stored in the user side and the server.

when the preset time point is reached, the third cooperative party sends a first private key operation protection component to the second cooperative party according to a preset cooperative sequence, wherein the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

receiving a second partial signature sent by the second cooperative party, wherein the second partial signature is generated based on a first partial signature and a second private key component, the first partial signature is generated by the first cooperative party based on a third private key operation protection component and a first private key component, the third private key operation protection component is generated by the first cooperative party based on a second private key operation protection component, and the second private key operation protection component is generated by the second cooperative party based on the first private key operation protection component;

generating a complete signature based on the second partial signature and the third private key component, and sending the complete signature to a signature verifier;

the pre-agreed collaboration sequence is used for representing an interaction sequence among a plurality of collaborators participating in the collaborative signature; the first private key component, the second private key component and the third private key component are obtained by key splitting and are respectively stored in the first cooperative party, the second cooperative party and the third cooperative party.

the second cooperative party receives a first private key operation protection component from a third cooperative party according to a preset cooperative sequence, wherein the first private key operation protection component is sent by the third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

generating a second private key operation protection component based on the first private key operation protection component and sending the second private key operation protection component to the first cooperative party;

receiving a first partial signature sent by the first cooperative party, wherein the first partial signature is generated by the first cooperative party based on a third private key operation protection component and a first private key component, and the third private key operation protection component is generated by the first cooperative party based on the second private key operation protection component;

generating a second partial signature based on the first partial signature and a second private key component and sending the second partial signature to the third cooperative party, and generating a complete signature based on the second partial signature and a third private key component by the third cooperative party and sending the complete signature to the signature verifier;

a first cooperative party receives a second private key operation protection component from a second cooperative party according to a preset cooperative sequence, wherein the second private key operation protection component is generated by the second cooperative party based on a first private key operation protection component, the first private key operation protection component is sent by a third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

generating a third private key operation protection component based on the second private key operation protection component;

generating a first part of signature based on the third private key operation protection component and the first private key component and sending the first part of signature to the second cooperative party, generating a second part of signature based on the first part of signature and the second private key component by the second cooperative party and sending the second part of signature to the third cooperative party, and generating a complete signature based on the second part of signature and the third private key component by the third cooperative party and sending the complete signature to the signature verifier;

An embodiment of the present specification further provides a collaborative signing apparatus, including:

the first sending module is used for sending a first private key operation protection component to a user side when a preset time node is reached, wherein the preset time node is earlier than a time node for initiating a signature verification behavior of the user side;

the first receiving module is used for receiving a first part of signature sent by the user side, and the first part of signature is generated based on a first private key component and the first private key operation protection component;

the first processing module generates a complete signature based on the first partial signature and the second private key component and sends the complete signature to the signature verifier; the first private key component and the second private key component are obtained by splitting a complete private key and are respectively stored in the user side and the server.

the first receiving module is used for receiving a first private key operation protection component, the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node for initiating a signature verification behavior at the user side;

the first processing module is used for generating a first part signature based on the first private key operation protection component and the first private key component;

the first sending module is used for sending the first part of signature to the server, and the server generates a complete signature based on the first part of signature and the second private key component and sends the complete signature to the signature verifier; the first private key component and the second private key component are obtained by splitting a secret key and are respectively stored in the user side and the server.

the first sending module is used for sending a first private key operation protection component to a second cooperative party according to a pre-agreed cooperative sequence when a preset time point is reached, wherein the preset time node is earlier than a time node for the first cooperative party to initiate a signature verification behavior;

a first receiving module, configured to receive a second partial signature sent by the second cooperative party, where the second partial signature is generated based on a first partial signature and a second private key component, the first partial signature is generated by the first cooperative party based on a third private key operation protection component and a first private key component, the third private key operation protection component is generated by the first cooperative party based on a second private key operation protection component, and the second private key operation protection component is generated by the second cooperative party based on the first private key operation protection component;

the first processing module generates a complete signature based on the second partial signature and the third private key component and sends the complete signature to the signature verifier;

the first receiving module is used for receiving a first private key operation protection component from a third cooperative party according to a predetermined cooperative sequence, wherein the first private key operation protection component is sent by the third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

the first processing module generates a second private key operation protection component based on the first private key operation protection component and sends the second private key operation protection component to the first cooperative party;

the second receiving module is used for receiving a first part of signature sent by the first cooperative party, wherein the first part of signature is generated by the first cooperative party based on a third private key operation protection component and a first private key component, and the third private key operation protection component is generated by the first cooperative party based on the second private key operation protection component;

the second processing module generates a second part signature based on the first part signature and a second private key component and sends the second part signature to the third cooperative party, and the third cooperative party generates a complete signature based on the second part signature and the third private key component and sends the complete signature to the signature verifier;

the first receiving module is used for receiving a second private key operation protection component from a second cooperative party according to a predetermined cooperative sequence, wherein the second private key operation protection component is generated by the second cooperative party based on a first private key operation protection component, the first private key operation protection component is sent by a third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

the first processing module generates a third private key operation protection component based on the second private key operation protection component;

the second processing module generates a first part of signature and sends the first part of signature to the second cooperative party based on the third private key operation protection component and the first private key component, generates a second part of signature and sends the second part of signature to the third cooperative party based on the first part of signature and the second private key component, and generates a complete signature and sends the complete signature to the signature verifier based on the second part of signature and the third private key component;

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

when a preset time node arrives, sending a first private key operation protection component to a user side, wherein the preset time node is earlier than a time node for initiating a signature verification behavior of the user side;

a processor; and

receiving a first private key operation protection component, wherein the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node for initiating a signature verification behavior at the user side;

a processor; and

when a preset time point is reached, sending a first private key operation protection component to a second cooperative party according to a preset cooperative sequence, wherein the preset time node is earlier than a time node of a signature verification behavior initiated by the first cooperative party;

a processor; and

receiving a first private key operation protection component from a third cooperative party according to a pre-agreed cooperative sequence, wherein the first private key operation protection component is sent by the third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

a processor; and

receiving a second private key operation protection component from a second cooperative party according to a pre-agreed cooperative sequence, wherein the second private key operation protection component is generated by the second cooperative party based on a first private key operation protection component, the first private key operation protection component is sent by a third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

Embodiments of the present specification also provide a computer-readable storage medium having a computer program stored thereon, where the computer program, when executed by a processor, implements the following operations:

An embodiment of the present specification further provides a collaborative signature system, including: m cooperative parties, the private key is split into M private key components and respectively stored in M cooperative parties, M is greater than 2, wherein:

when a preset time node is reached, according to a preset coordination sequence, a first private key operation protection component is sent to an M-1 th coordination party in an M-th coordination direction, a second private key operation protection component is generated by the M-1 th coordination party and sent to a next coordination party until the M-1 th private key operation protection component is generated by the first coordination party, and the preset time node is earlier than a time node at which the first coordination party initiates a signature verification behavior;

according to the prearranged cooperation sequence, the first cooperation party calculates a protection component and a first private key component based on the Mth private key, generates a first part of signature and sends the first part of signature to the second cooperation party, the second cooperation party generates a second part of signature based on the first part of signature and the second private key component and sends the second part of signature to the next cooperation party, and the Mth cooperation party generates a complete private key based on the M-1 part of signature and the Mth private key component and sends the complete private key to the signature checking party.

One embodiment of the description realizes that in a collaborative signature scene, the private key operation protection component is used as pre-preparation work and is completed by each collaborative party in advance before signature verification behavior, so that the round-trip times of public network transmission in the signature verification process can be reduced, and the collaborative signature efficiency is improved; moreover, an embodiment of the present specification further realizes that final signature synthesis is performed by a collaborating party in the same intranet as the signature verifying party as much as possible by adjusting the collaboration sequence of each collaborating party, so that a final signature result can be sent to the signature verifying party without public network transmission, and further, the round trip times of public network transmission can be reduced again, and the efficiency of collaborative signature can be further improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:

fig. 1a and fig. 1b are schematic diagrams of an application scenario of a collaborative signing method provided in this specification;

fig. 2 is a schematic flowchart of a collaborative signing method on a server side according to an embodiment of the present disclosure;

fig. 3 is a flowchart illustrating a collaborative signing method on a user side according to an embodiment of the present disclosure

Fig. 4 is a schematic flowchart of a collaborative signing method according to an embodiment of the present disclosure;

FIG. 5a is a schematic diagram of a private key operation protection component coordination sequence according to an embodiment of the present disclosure;

FIG. 5b is a schematic diagram of a signature collaboration sequence provided in one embodiment of the present specification;

fig. 6 is a flowchart illustrating a collaborative signing method according to another embodiment of the present disclosure;

fig. 7 is a flowchart illustrating a collaborative signing method according to yet another embodiment of the present disclosure;

fig. 8 is a schematic structural diagram of a collaborative signing apparatus according to an embodiment of the present disclosure;

fig. 9 is a schematic structural diagram of a cooperative signature apparatus according to another embodiment of the present disclosure;

fig. 10 is a schematic structural diagram of a collaborative signing apparatus according to yet another embodiment of the present disclosure;

fig. 11 is a schematic structural diagram of a collaborative signing apparatus according to yet another embodiment of the present disclosure;

fig. 12 is a schematic structural diagram of a collaborative signing apparatus according to yet another embodiment of the present disclosure;

fig. 13 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;

fig. 14 is a schematic structural diagram of a collaborative signature system according to an embodiment of the present disclosure.

Detailed Description

In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in this description belong to the protection scope of this document.

As stated in the background section, the conventional cooperative signing scheme is generally that two or more cooperating parties firstly cooperate with each other in a first cooperation order through the public network to protect components of private key operation, and then cooperate with each other in a second cooperation order opposite to the first cooperation order through the public network again to sign, so that the signing operation at least includes two round trips of public network transmission, and the delay of the public network transmission is high, and is generally hundreds of milliseconds, which results in low cooperative signing efficiency. Based on this, the present specification provides a collaborative signing method, in which the collaboration of the private key operation protection component is used as a preparation task, and is completed by each collaborative party before the signature verification action, so that the round-trip times of public network transmission in the signature verification process can be reduced, and the collaborative signing efficiency can be improved.

The cooperative party refers to a main body participating in the cooperative signature and storing the private key component, and includes a user side initiating signature verification, or may include other user sides, including a server corresponding to the user side initiating signature verification, or may include other servers; the public network is relative to the internal network, the IP address obtained by the computer on the Internet of the internal network is a reserved address on the Internet, and the IP address obtained by the computer on the Internet of the public network is a public address of the Internet and is an unreserved address.

An application scenario of the present specification is exemplified below.

Referring to fig. 1a, the first application scenario includes: user terminal 101, server 102 and verifying party 103, wherein:

the user side 101 stores a first private key component of the user; the server 102 side stores second private key components of a plurality of users, including the second private key component of the user, and the first private key component and the second private key component of the user are combined into a complete private key of the user. The collaborative signature process can be as follows:

the user terminal 101 responds to user operation and submits service data to the server 102 through communication between the network and the server 102; the user side 101 and the server 102 use the private key components stored in secret to participate in calculation together according to the appointed sequence to complete the collaborative signature of the service data, and submit the collaborative signature to the signature verifier 103, and the signature verifier 103 verifies the collaborative signature result.

The user side 101 refers to a program which is installed in user equipment, corresponds to a server, and provides local services for a client, and the user equipment may be a PC (e.g., a desktop computer) or a mobile terminal (e.g., a smart phone or a tablet); the server 102 refers to all devices of a business party providing business-related services; the signature verifier 103 is a device for verifying whether the result of the collaborative signature is legal, and may be a third party authority agreed by the user and the service party, or a platform for issuing a private key of the user.

Referring to fig. 1b, the second application scenario includes: m collaborators 111 and a signature verifier 112, wherein:

the complete private key of the user is split into M private key components and is stored in a password by M collaborators 111. The collaborative signature process can be as follows:

any one of the M collaborators 111 submits the service data, each collaborator 111 uses the secret key component stored in its own secret to participate in the calculation according to the agreed sequence to complete the collaborative signature of the service data, the last collaborator 111 submits the collaborative signature result to the signature verifier 112, and the signature verifier 112 verifies the collaborative signature result.

The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.

Fig. 2 is a flowchart of a server-side collaborative signing method according to an embodiment of the present disclosure, which can be executed by the server 102 in fig. 1a, and referring to fig. 2, the method may specifically include the following steps:

step 202, when a preset time node is reached, the server sends a first private key operation protection component to the user side, wherein the preset time node is earlier than a time node at which the user side initiates a signature verification behavior;

wherein, the time node refers to a time point marked in advance in the business handling process of the user; the signature verification behavior refers to a behavior of submitting business data related to a business to request handling of the business; the private key operation protection component refers to a parameter which is generated by the cooperative operation participant based on a random number and is used for protecting the private key, and the parameter can prevent the private key component from being exposed in the cooperative signature process; ideally, even if the attacker acquires all the interaction data and the private key components of the other parties, the private key component of the protected party cannot be calculated.

Due to the diversity of the co-signing protocol and the multi-selectivity of the time nodes, the content of the first private key operation protection component and the sending time thereof in step 202 are various, and thus step 202 is exemplarily described as follows:

example 1, a user opens a user terminal by operating a user device (e.g., clicking an icon on the user terminal); the user side sends a message to the server to inform the server that the user side is opened; and the server takes the time node of the opened user side as a preset time node, generates a first random number, and takes the first random number as the first private key operation protection component, or further encrypts the first random number to obtain a first ciphertext, and takes the first ciphertext as the first private key operation protection component.

Example 2, after the user side is opened, the user opens the target user interface by operating the user side; the user side sends a message to the server to inform the server that a target user interface is opened; the server takes the time node of the opened target user interface as a preset time node, generates a first random number, takes the first random number as the first private key operation protection component, further encrypts the first random number to obtain a first ciphertext, and takes the first ciphertext as the first private key operation protection component.

Example 3, after the user side is opened, the user opens the target user interface by operating the user side; the user side sends a message to the server to inform the server that a target user interface is opened; the server takes a time node of opening a target user interface as a preset time node, generates a first random number, and generates a first private key operation protection component based on the first random number and a pre-designated parameter of the target service data; or, further encrypting the first random number to obtain a first ciphertext; and generating the first private key operation protection component based on the first ciphertext and the pre-designated parameter of the target service data.

Wherein the pre-specified parameters may be some public parameters of the target service data, such as: in the loan service, the amount, repayment mode, repayment deadline and the like which can be borrowed by the user; the first ciphertext may be placed in the last few bytes of the bytes occupied by the first private key operation protection component for subsequent lookup and decryption during signing.

For example 2 and example 3, the server may determine, in advance, a plurality of services with higher security requirements, denoted as target services, based on the security requirements of all services supported by the user side, for example: loan transaction, authentication service, and the like, and associating at least one user interface for each target service, which is recorded as a target user interface, where the target user interface is used for a user to input/select related service data to initiate signature verification, and obviously, the start time node is earlier than the time node initiating signature verification, for example: associating a limit display interface for the loan service, wherein the limit display interface is used for displaying limit, loan application, repayment deadline and the like which can be loaned by the user, initiating a service handling request after the user selects the limit, the loan application and the like, and synchronously performing signature verification; another example is: and associating an identity information input interface for the identity authentication service, wherein the identity information input interface is used for acquiring the identity information of the user, initiating an identity authentication request after the user inputs the identity information, and synchronously performing signature authentication, and the identity information input interface can comprise a face acquisition interface, a fingerprint input interface and the like.

Example 4, after the user side is started, the user starts the user interface by operating the user side and selects the service data on the user interface, and the user side sends the service data to the server; the server judges whether the service data is the service data needing to be signed, if so, the service data is recorded as target service data, a time node of the target service data reported by the user side is used as the preset time node, a first random number is generated, the first random number is used as the first private key operation protection component, the first random number is further encrypted, a first ciphertext is obtained, and the first ciphertext is used as the first private key operation protection component.

Example 5, after the user side is opened, the user opens the user interface by operating the user side and selects the service data on the user interface, and the user side sends the service data to the server; the server judges whether the service data is the service data needing to be signed, if so, the service data is recorded as target service data, a time node of the target service data reported by the user side is used as the preset time node, a first random number is generated, and the first private key operation protection component is generated based on the first random number and a pre-designated parameter of the target service data; or, further encrypting the first random number to obtain a first ciphertext; and generating the first private key operation protection component based on the first ciphertext and the pre-designated parameter of the target service data.

Based on this, in the embodiments of the present description, for multiple services, by presetting multiple time nodes, before a user initiates a signature verification behavior, a private key operation protection component is sent to the user in advance, so as to achieve the purpose of reducing one-time public network transmission; moreover, the content of the protected component is computed by adjusting the private key sent in advance, for example: the method can carry the relevant parameters of the service data, or not, thereby being capable of adapting to the prior collaborative subscription protocol, and effectively reducing the popularization difficulty of the scheme; moreover, the random number can be encrypted, and a ciphertext generated by encryption is carried in the private key operation protection component, so that the confidentiality of the private key operation protection component is further improved; in addition, the specific implementation of the random number generation and the encryption processing is not limited herein.

Further, since the amount of traffic that the server needs to process is very large, the number of random numbers that need to be generated is very large, and if a random number with a large byte occupancy is stored on the server side, the storage/holding pressure of the server may be increased, and especially in a time period with high traffic concurrency, the server may be abnormal due to excessive pressure. For such a situation, in an embodiment of the present specification, after the first private key operation protection component is sent to the user side, the first random number may be deleted and is no longer stored in the server side, and the first ciphertext with a smaller byte occupation is stored, so that the storage pressure/holding pressure of the server may be reduced under the condition that the traceability of the first random number is ensured, thereby ensuring the reliability of the collaborative signature.

Furthermore, the server may delete the first random number, or may not store the first ciphertext, but issue the first ciphertext to the user side, and the user side sends the first ciphertext to the server when sending the first partial signature, so as to trace back the first random number. Therefore, under the condition of ensuring the traceability of the first random number, the storage pressure/holding pressure of the server can be reduced again and greatly, and the reliability of the collaborative signature can be effectively ensured.

Step 204, receiving a first part of signature sent by the user side, wherein the first part of signature is generated based on a first private key component and the first private key operation protection component; specific examples can be:

in example 1', after receiving a first private key operation protection component, a user side first stores the first private key operation protection component to a local place; and then, when the user inputs a service handling instruction, extracting the first private key operation protection component, signing the target service data submitted/selected by the user handling service by combining the first private key component to obtain a first part of signature, and sending the first part of signature to the server.

Example 2 ', on the basis of example 1', after the user side receives the first private key operation protection component, a new second random number is added to generate a second private key operation protection component and store the second private key operation protection component locally; and then, when the user inputs a service handling instruction, extracting the second private key operation protection component, signing the target service data submitted/selected by the user handling service by combining the first private key component to obtain a first part of signature, and sending the first part of signature to the server.

For example 2', it is understood that, prior to step 204, the method further comprises: the step of allocating the second random number may specifically be as follows:

example 1 ", upon arrival of the preset time node, the server generates a second random number and distributes the second random number to the user terminal. In order to reduce the resources required for distributing the second random number, the second random number and the first private key operation protection component can be sent to the user side together.

Example 2 ″, when it is detected that the target service data selected by the user and reported by the user needs to be signed, a signature indication is sent to the user to indicate that the user initiates a signature verification behavior, and the second random number and the signature indication may be synchronously sent to the user, where the signature indication is used to indicate that the target service data is signed.

Example 3 ", based on the previous example (example 2"), the first private key operation protection component and the signature indication may also be transmitted to the user side together.

The second random number can be generated by the user side or distributed by the server for the user side; since the server has better performance and the generated random number has higher security, it is preferable that the server distributes the second random number to the user terminal.

Based on this, on one hand, in the embodiments of the present specification, a random factor (random number) of one of the collaborating parties participating in the collaboration may be introduced, and a random factor of a plurality of or each collaborating party may also be introduced, so that the security of the collaborative signature may be effectively improved; moreover, the number of introduced random factors can be flexibly adjusted based on the load condition or the wind control requirement of the server, such as: when the load is larger, only a smaller random factor may be introduced, whereas more random numbers may be introduced, again for example: more random factors can be introduced when the safety requirement of the service is higher or the system wind control requirement is higher, otherwise, fewer random factors can be introduced, so that the efficiency of the collaborative signature can be flexibly adjusted; on the other hand, various information sent by the server to the user side is also merged and sent, for example: and two or three of the first private key operation protection component, the signature indication and the second random number are merged and transmitted, so that resources occupied by interaction between the server and the user side can be effectively reduced, and the purpose of further improving the efficiency of the collaborative signature is achieved.

Step 206, generating a complete signature based on the first partial signature and the second private key component, and sending the complete signature to the signature verifier; the first private key component and the second private key component are obtained by splitting a complete private key and are respectively stored in the user side and the server. With reference to the example corresponding to step 202, the implementation manner of step 206 may be:

for a signature based directly on the first random number, one implementation of step 206 may be:

generating a second partial signature using the first random number and the second private key component; generating a full signature based on the first partial signature and the second partial signature. Alternatively, the first and second electrodes may be,

and signing on the basis of the first part of signature by using the first random number and the second private key component to obtain a complete signature.

For a signature based on the first ciphertext, another implementation of step 206 may be:

firstly, decrypting the first ciphertext to obtain the first random number; specific examples can be: if the server side stores the first ciphertext, finding out the first ciphertext and decrypting the first ciphertext to obtain the first random number; if the server side does not store the first ciphertext but issues the first ciphertext to the user side, receiving the first ciphertext reported by the user side when the user side reports the first part of signature, or receiving the first part of signature reported by the user side, analyzing the first part of signature to obtain the first ciphertext, and then decrypting the first ciphertext by the server to obtain the first random number;

then, generating a second partial signature based on the first random number and the second private key component; generating a full signature based on the first partial signature and the second partial signature.

Based on this, in a collaborative signature scene, by using collaborative calculation of private key operation protection components as pre-preparation work and completing in advance by each collaborative party before signature verification behavior, the embodiments of the present specification can reduce the round-trip times of public network transmission in the signature verification process and improve the efficiency of collaborative signature; and moreover, by adjusting the cooperative sequence of each cooperative party, the server is used as the last cooperative party to ensure that the last signature synthesis is carried out by the cooperative party in the same intranet as the signature checking party as much as possible, and certainly, if the signature checking party and the user side are in the same intranet, the cooperative calculation of the private key operation protection component can be carried out according to the cooperative sequence from the user side to the server when the preset time is up, and the cooperative signature is carried out according to the cooperative sequence from the server to the user side to carry out the last signature synthesis on the user side, so that the final signature result can be sent to the signature checking party without being transmitted through the public network, the round-trip times of the transmission of the public network can be reduced again, and the cooperative signature efficiency is further improved.

Fig. 3 is a flowchart illustrating a collaborative signing method at a ue according to an embodiment of the present disclosure, which can be executed by the ue 101 in fig. 1, and referring to fig. 3, the method may specifically include the following steps:

step 302, receiving a first private key operation protection component, where the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node at which the user side initiates a signature verification behavior;

since step 302 corresponds to step 202 in the corresponding embodiment of fig. 2, and the specific implementation manner of step 202 has been described above, the description of step 302 is not repeated here, and specific reference may be made to the related description of step 202.

Step 304, generating a first partial signature based on the first private key operation protection component and the first private key component; one implementation may be:

after receiving a first private key operation protection component, a user side stores the first private key operation protection component to the local; and then, when the user inputs a service handling instruction, extracting the first private key operation protection component, signing the target service data submitted/selected by the user handling service by combining the first private key component to obtain a first part of signature, and sending the first part of signature to the server.

Another implementation manner may be:

after receiving the first private key operation protection component, the user side also adds a new second random number to generate a second private key operation protection component and stores the second private key operation protection component to the local; and then, when the user inputs a service handling instruction, extracting the second private key operation protection component, signing the target service data submitted/selected by the user handling service by combining the first private key component to obtain a first part of signature, and sending the first part of signature to the server.

Step 306, sending the first part signature to the server, and generating a complete signature by the server based on the first part signature and the second private key component and sending the complete signature to a signature verifier; the first private key component and the second private key component are obtained by splitting a secret key and are respectively stored in the user side and the server.

Since step 306 corresponds to step 206 in the corresponding embodiment of fig. 2, and the specific implementation manner of step 206 has been described above, the description of step 306 is not repeated here, and specific reference may be made to the related description of step 206.

Based on this, in a collaborative signature scene, by using collaborative calculation of private key operation protection components as pre-preparation work and completing in advance by each collaborative party before signature verification behavior, the embodiments of the present specification can reduce the round-trip times of public network transmission in the signature verification process and improve the efficiency of collaborative signature; moreover, the server is used as the last cooperative party by adjusting the cooperative sequence of each cooperative party to ensure that the final signature synthesis is carried out by the cooperative party (such as the server) in the same intranet with the signature checking party as much as possible, so that the final signature result can be sent to the signature checking party without public network transmission, the round-trip times of the public network transmission can be further reduced, and the cooperative signature efficiency is further improved.

Fig. 4 is a schematic flowchart of a collaborative signing method provided in an embodiment of this specification, where a plurality of collaborators participating in the collaborative signing are denoted as collaborators 1 to M, M is greater than or equal to 3, where 1 to M are only used to distinguish the collaborators, and do not form a limitation on a collaboration order of the collaborators, referring to fig. 4, the method may specifically include the following steps:

step 402, when a preset time point is reached, the third cooperative party sends a first private key operation protection component to the second cooperative party according to a preset cooperative sequence, wherein the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

the third collaborating party may refer to a collaborating party in the same intranet with the signature verifying party in the multiple collaborating parties, the first collaborating party may refer to a collaborating party interacting with the user and initiating a collaborative signature verification in the multiple collaborating parties, the second collaborating party refers to other collaborating parties except the first collaborating party and the third collaborating party in the multiple collaborating parties, and the secret key is split into a first private key component, a second private key component and a third private key component and is respectively stored in the first collaborating party, the second collaborating party and the third collaborating party; the pre-agreed collaboration sequence is used for characterizing the interaction sequence among a plurality of collaborators participating in the collaborative signature, and comprises the following steps: private key operations protect the order of the synergy of the components and the order of the synergy signature.

The following describes in detail the steps of determining the third collaborator:

for a scene that the signature checking party is fixed, if the multiple collaborators agree with a fixed signature checking party in advance, the collaborator in the same intranet with the signature checking party in the multiple collaborators can be directly used as a third collaborator. And if a plurality of cooperative parties in the same intranet with the signature verifying party exist, randomly selecting one cooperative party or selecting one cooperative party with a lower load.

For a scene that the signature checking party is not fixed (for example, the signature checking parties corresponding to different types of services are different), the signature checking party can be determined based on the type of the target service transacted by the user, and then the cooperative party in the same intranet with the signature checking party in the multiple cooperative parties is determined and serves as a third cooperative party. Specific examples can be:

when the preset time node arrives, if the service transacted by the user is the service of a third party, checking the signature verification party set by the third party and the network where the signature verification party is located, and further finding out a third cooperative party; if the service transacted by the user is the service provided by the cooperative party (such as a user end) used by the user, the signature verification party preset by the cooperative party and the network where the signature verification party is located can be read, and a third cooperative party is found out; and if no cooperative party in the same intranet with the signature checking party exists in the plurality of cooperative parties, taking a server corresponding to the user side used by the user as a third cooperative party.

Moreover, when the third collaborating party changes, if the change of the service transacted by the user causes the change of the signing party, and further causes the change of the third collaborating party from the original collaborating party 2 to the collaborating party M, the adjustment of the collaborating order can be performed based on the previously agreed collaborating order, for example: the specific adjustment rule of the cooperative order of the cooperative party 2 and the cooperative party M is not limited here, as long as the cooperative party M can ensure the final signature synthesis and send to the signature verifier.

Based on this, in the embodiment of the present specification, before signature verification, a signature verifier of a target service is determined by determining a type of the target service triggered by a user in advance, and then a third cooperator located in the same intranet as the signature verifier is found out, and signature synthesis is performed with the third cooperator as a last cooperator, so that a signature result can be sent to the signature verifier without public network transmission, and then, the number of round-trip public network transmission times can be reduced again, and the efficiency of collaborative signature is further improved.

Referring to fig. 5a, assuming that the third collaborator is a server (denoted as collaborator M) corresponding to the user side interacting with the user, the implementation manner of step 402 may be:

when the preset time point is reached, the cooperative party M sends a first private key operation protection component to a second cooperative party according to a private key operation protection component cooperative sequence agreed in advance; and the second cooperative party generates a second private key operation protection component based on the first private key operation protection component and sends the second private key operation protection component to the first cooperative party, and the first cooperative party generates a third private key operation protection component based on the second private key operation protection component so as to complete cooperative calculation of the private key operation protection component.

The second collaborating party can be a plurality of second collaborating parties, including all the collaborating parties except the first collaborating party and the third collaborating party in the M collaborating parties; the second private key operation protection component and the third private key operation protection component may be the same as the first private key operation protection component, that is, both the second cooperative party and the first cooperative party use the first private key operation protection component generated by the third cooperative party, and of course, may also be different, that is, the second cooperative party and the first cooperative party may regenerate a new private key operation protection component, for example, the second cooperative party adds a second random number to the first private key operation protection component to obtain a new second private key operation protection component, and similarly, the first cooperative party may also generate a new third private key operation protection component. In addition, since each second collaborating party participates in the collaboration and the collaboration contents are similar, the description of each collaborating party is not repeated here.

It is understood that the third cooperator is an initial cooperator which initiates the private key operation protection component, and is the last cooperator for verifying the cooperative signature; conversely, the first collaborator refers to an initial collaborator interacting with the user and initiating the verification of the collaborative signature, and is the last collaborator for collaboratively computing the private key operation protection component.

Step 404, receiving a second partial signature sent by the second cooperative party, where the second partial signature is generated based on a first partial signature and a second private key component, the first partial signature is generated by the first cooperative party based on a third private key operation protection component and a first private key component, the third private key operation protection component is generated by the first cooperative party based on a second private key operation protection component, and the second private key operation protection component is generated by the second cooperative party based on the first private key operation protection component;

step 406, generating a complete signature based on the second partial signature and the third private key component, and sending the complete signature to the signature verifier;

referring to fig. 5b, similarly, assuming that the third collaborator is a server (denoted as collaborator M) corresponding to the user side interacting with the user, the implementation manner of step 404 and step 406 may be:

after the first cooperative party completes cooperative calculation of the private key operation protection component, the final private key operation protection component (recorded as a third private key operation protection component) is stored to the local; the first cooperative party responds to the operation of transacting business of the user, generates a first part of signature and initiates signature verification based on the third private key operation protection component and the first private key component, so as to send the first part of signature to the second cooperative party according to the appointed cooperative signature sequence; the second cooperative party generates a second part signature based on the second part signature, the second private key operation protection component and the second private key component, and sends the second part signature to a third cooperative party according to an agreed cooperative sequence; and the third cooperative party generates a third part signature based on the second part signature, the first private key operation protection component and the third private key component, so as to synthesize the signature to obtain a complete signature and send the signature to the signature verifier. Specific examples can be:

example 1', partial signatures are independent of each other

The second cooperator may operate to protect the component and the second private key component based on the second private key, generate a second partial signature, and send the first partial signature and the second partial signature to the third cooperator; and the third cooperative party generates a third part signature based on the first private key operation protection component and the third private key component, and then synthesizes the first part signature, the second part signature and the third part signature to obtain a complete signature.

Example 2', the latter signature correlates with the former signature

The second cooperator may operate the protection component and the second private key component based on the second private key, perform signature on the basis of the first part of signature to obtain a second part of signature including the first part of signature, and send the second part of signature to the third cooperator; and the third cooperative party performs signature on the basis of the second partial signature based on the first private key operation protection component and the third private key component to obtain a third partial signature containing the first partial signature and the second partial signature, and the third partial signature is used as a complete signature.

Based on this, in a collaborative signature scene, by using collaborative calculation of private key operation protection components as pre-preparation work and completing in advance by each collaborative party before signature verification behavior, the embodiments of the present specification can reduce the round-trip times of public network transmission in the signature verification process and improve the efficiency of collaborative signature; and the cooperative sequence of all the cooperative parties is adjusted to ensure that the third cooperative party in the same intranet as the signature checking party performs final signature synthesis as much as possible, so that the final signature result can be sent to the signature checking party without public network transmission, the round-trip times of the public network transmission can be reduced again, and the cooperative signature efficiency is further improved.

Fig. 6 is a flowchart illustrating a collaborative signing method according to another embodiment of the present specification, which may be executed by a second collaborator, referring to fig. 6, where the method may specifically include the following steps:

step 602, the second cooperative party receives a first private key operation protection component from a third cooperative party according to a predetermined cooperative sequence, where the first private key operation protection component is sent by the third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

since step 602 corresponds to the implementation of step 402 in the corresponding embodiment of fig. 4, and step 402 has already been described in detail, step 602 will not be described herein.

Step 604, generating a second private key operation protection component based on the first private key operation protection component and sending the second private key operation protection component to the first cooperative party;

wherein the second collaborators may be multiple, including a first second collaborator to an nth second collaborator, and N is greater than 2, an implementation manner of step 604 may be:

the Nth second cooperative party receives the first private key operation protection component from the third cooperative party, generates a first second private key operation protection component based on the first private key operation protection component, and sends the first second private key operation protection component to the (N-1) th second cooperative party;

the N-1 second cooperative party generates a second private key operation protection component based on the first and second private key operation protection components and sends the second private key operation protection component to a next second cooperative party;

and repeating the steps until the first cooperative party generates the Nth second private key operation protection component, recording the Nth second private key operation protection component as the second private key operation protection component, and sending the second private key operation protection component to the first cooperative party by the first cooperative party.

Step 606, receiving a first partial signature sent by the first cooperator, where the first partial signature is generated by the first cooperator based on a third private key operation protection component and a first private key component, and the third private key operation protection component is generated by the first cooperator based on the second private key operation protection component;

since step 606 corresponds to the implementation of step 404 in the corresponding embodiment of fig. 4, and step 404 has already been described in detail, step 606 will not be described herein.

Step 608, generating a second partial signature based on the first partial signature and the second private key component, and sending the second partial signature to the third cooperative party, and generating a complete signature by the third cooperative party based on the second partial signature and the third private key component, and sending the complete signature to the signature verifier;

wherein the second collaborating parties may be multiple, including a first second collaborating party to an nth second collaborating party, and N is greater than 2, an implementation manner of step 608 may be:

the first and second collaborators receive the first partial signature from the first collaborator and generate a first and second partial signature based on the first partial signature and the first and second private key components;

the second cooperative party generates a second part signature based on the first part signature and a second private key component, and sends the second part signature to the next second cooperative party;

and repeating the steps until the Nth second cooperative party generates the Nth second partial signature, recording the Nth second partial signature as the second partial signature, and sending the second partial signature to the third cooperative party by the Nth second cooperative party.

Fig. 7 is a flowchart illustrating a collaborative signing method according to another embodiment of the present specification, which may be executed by a first collaborator, referring to fig. 7, where the method may specifically include the following steps:

step 702, a first cooperative party receives a second private key operation protection component from a second cooperative party according to a predetermined cooperative sequence, where the second private key operation protection component is generated by the second cooperative party based on a first private key operation protection component, the first private key operation protection component is sent by a third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

step 704, generating a third private key operation protection component based on the second private key operation protection component;

step 706, generating a first part of signature and sending the first part of signature to the second cooperative party based on the third private key operation protection component and the first private key component, generating a second part of signature and sending the second part of signature to the third cooperative party by the second cooperative party based on the first part of signature and the second private key component, and generating a complete signature and sending the complete signature to the signature verifier by the third cooperative party based on the second part of signature and the third private key component;

Since steps 702 to 706 correspond to the implementation of steps 402 to 404 in the corresponding embodiment of fig. 4, and steps 402 to 404 have already been described in detail, steps 702 to 706 will not be described herein.

Fig. 8 is a schematic structural diagram of a collaborative signing apparatus according to an embodiment of the present disclosure, and referring to fig. 8, the apparatus may specifically include: a first sending module 801, a first receiving module 802, and a first processing module 803, wherein:

the first sending module 801 is configured to send a first private key operation protection component to a user side when a preset time node is reached, where the preset time node is earlier than a time node at which the user side initiates a signature verification behavior;

a first receiving module 802, configured to receive a first partial signature sent by the user side, where the first partial signature is generated based on a first private key component and the first private key operation protection component;

the first processing module 803 generates a complete signature based on the first partial signature and the second private key component, and sends the complete signature to the signer; the first private key component and the second private key component are obtained by splitting a complete private key and are respectively stored in the user side and the server.

Optionally, the preset time node includes:

and the time node of the opened user side.

Optionally, the preset time node further includes:

a time node for starting a target user interface of the user side, wherein target service data required by a service corresponding to the target user interface needs to be signed; alternatively, the first and second electrodes may be,

and the time node is used for reporting the time node that the target service data selected by the user needs to be signed by the user.

Optionally, the apparatus further comprises:

and the first generation module generates a first random number and uses the first random number as the operation protection component of the first private key.

Optionally, the apparatus further comprises:

a second generation module for generating a first random number; and generating the first private key operation protection component based on the first random number and the pre-designated parameters of the target service data.

Optionally, the apparatus further comprises:

a third generation module for generating a first random number; and encrypting the first random number to obtain a first ciphertext which is used as the operation protection component of the first private key.

Optionally, the apparatus further comprises:

a fourth generation module that generates a first random number; encrypting the first random number to obtain a first ciphertext; and generating the first private key operation protection component based on the first ciphertext and the pre-designated parameter of the target service data.

Optionally, the apparatus further comprises:

and the deleting and storing module deletes the first random number.

Optionally, the first processing module 803 specifically includes:

the first sub-processing module is used for decrypting the first ciphertext to obtain the first random number;

a second sub-processing module that generates a second partial signature based on the first random number and the second private key component;

and the third sub-processing module generates a complete signature based on the first partial signature and the second partial signature.

Optionally, the first partial signature is generated based on the first private key component and a second private key operation protection component, and the second private key operation protection component is generated based on a second random number and the first private key operation protection component.

Optionally, the second random number is distributed by the server to the user side.

Optionally, the apparatus further comprises:

and the second sending module is used for sending the second random number and a signature indication to the user side when detecting that the target service data selected by the user and reported by the user side needs to be signed, wherein the signature indication is used for indicating to sign the target service data.

Optionally, the first sending module 801 specifically includes:

and the first sub-sending unit is used for sending the first private key operation protection component and the signature indication to the user side.

Fig. 9 is a schematic structural diagram of a collaborative signing apparatus according to another embodiment of the present disclosure, and referring to fig. 9, the apparatus may specifically include: a first receiving module 901, a first processing module 902 and a first sending module 903, wherein:

a first receiving module 901, configured to receive a first private key operation protection component, where the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node at which the user initiates a signature verification behavior;

a first processing module 902, configured to generate a first partial signature based on the first private key operation protection component and the first private key component;

a first sending module 903, configured to send the first partial signature to the server, and the server generates a complete signature based on the first partial signature and the second private key component and sends the complete signature to the signer; the first private key component and the second private key component are obtained by splitting a secret key and are respectively stored in the user side and the server.

Optionally, the first processing module 902 specifically includes:

the first sub-processing unit generates a second private key operation protection component based on the first private key operation protection component and a second random number;

and the second sub-processing unit is used for generating a first partial signature based on the second private key operation protection component and the first private key component.

Optionally, the preset time node includes:

and the time node of the opened user side.

Optionally, the preset time node further includes:

Fig. 10 is a schematic structural diagram of a collaborative signing apparatus according to another embodiment of the present disclosure, and referring to fig. 10, the apparatus may specifically include: a first sending module 1001, a first receiving module 1002, and a first processing module 1003, wherein:

the first sending module 1001 sends the first private key operation protection component to the second cooperative party according to a predetermined cooperative sequence when a preset time point is reached, where the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

the first receiving module 1002 is configured to receive a second partial signature sent by the second cooperative party, where the second partial signature is generated based on a first partial signature and a second private key component, the first partial signature is generated by the first cooperative party based on a third private key operation protection component and a first private key component, the third private key operation protection component is generated by the first cooperative party based on a second private key operation protection component, and the second private key operation protection component is generated by the second cooperative party based on the first private key operation protection component;

the first processing module 1003 generates a complete signature based on the second partial signature and the third private key component, and sends the complete signature to the signer;

Fig. 11 is a schematic structural diagram of a collaborative signing apparatus according to another embodiment of the present disclosure, and referring to fig. 11, the apparatus may specifically include: a first receiving module 1101, a first processing module 1102, a second receiving module 1103, and a second processing module 1104, wherein:

the first receiving module 1101 is configured to receive a first private key operation protection component from a third cooperative party according to a pre-agreed cooperative sequence, where the first private key operation protection component is sent by the third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

the first processing module 1102 is configured to generate a second private key operation protection component based on the first private key operation protection component and send the second private key operation protection component to the first cooperator;

a second receiving module 1103, configured to receive a first partial signature sent by the first cooperator, where the first partial signature is generated by the first cooperator based on a third private key operation protection component and a first private key component, and the third private key operation protection component is generated by the first cooperator based on the second private key operation protection component;

a second processing module 1104, configured to generate a second partial signature based on the first partial signature and the second private key component, and send the second partial signature to the third cooperator, where the third cooperator generates a complete signature based on the second partial signature and the third private key component, and sends the complete signature to the signature verifier;

Optionally, the number of the second collaborators is multiple, and the second collaborators include a first second collaborator to an nth second collaborator, where N is greater than 2;

the first processing module 1102 specifically includes:

and repeating the steps until a first cooperative party and a second cooperative party generate a second private key operation protection component, and sending the second private key operation protection component to the first cooperative party by the first cooperative party and the second cooperative party.

Optionally, the second processing module 1104 specifically includes:

and repeating the steps until the Nth second cooperative party generates a second partial signature, and sending the second partial signature to the third cooperative party by the Nth second cooperative party.

Fig. 12 is a schematic structural diagram of a collaborative signing apparatus according to another embodiment of the present disclosure, and referring to fig. 12, the apparatus may specifically include: a first receiving module 1201, a first processing module 1202 and a second processing module 1203, wherein:

a first receiving module 1201, configured to receive a second private key operation protection component from a second cooperative party according to a predetermined cooperative sequence, where the second private key operation protection component is generated by the second cooperative party based on a first private key operation protection component, the first private key operation protection component is sent by the third cooperative party when a preset time node is reached, and the preset time node is earlier than a time node at which the first cooperative party initiates a signature verification behavior;

the first processing module 1202, configured to generate a third private key operation protection component based on the second private key operation protection component;

a second processing module 1203, configured to generate a first partial signature based on the third private key operation protection component and the first private key component, and send the first partial signature to the second cooperative party, generate a second partial signature based on the first partial signature and the second private key component by the second cooperative party, and send the second partial signature to the third cooperative party, and generate a complete signature based on the second partial signature and the third private key component by the third cooperative party, and send the complete signature to the signer;

the pre-agreed collaboration sequence is used for representing an interaction sequence among a plurality of collaborators participating in the collaborative signature; the first private key component, the second private key component and the third private key component are obtained by key splitting and are respectively stored in the first cooperative party, the second cooperative party and the third cooperative party

As for the above device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment. Further, it should be noted that, among the respective components of the apparatus of the present specification, the components thereof are logically divided according to the functions to be implemented, but the present specification is not limited thereto, and the respective components may be newly divided or combined as necessary.

Fig. 13 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure, and referring to fig. 13, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may also include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the collaborative signature device on a logic level. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.

The network interface, the processor and the memory may be interconnected by a bus system. The bus may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 13, but that does not indicate only one bus or one type of bus.

The memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both read-only memory and random access memory, and provides instructions and data to the processor. The Memory may include a Random-Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory.

The processor is used for executing the program stored in the memory and specifically executing:

Alternatively, the first and second electrodes may be,

The methods performed by the co-signing apparatus or Master (Master) node as disclosed in the embodiments of fig. 8-12 of the present specification may be implemented in or by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

The co-signing device may also perform the methods of fig. 2-7 and implement the methods performed by the administrator node.

Based on the same inventive creation, the present specification also provides a computer readable storage medium storing one or more programs, which when executed by an electronic device including a plurality of application programs, cause the electronic device to execute the collaborative signing method provided by the corresponding embodiments of fig. 2 to 7.

Fig. 14 is a schematic structural diagram of a collaborative signing system according to an embodiment of the present specification, and referring to fig. 14, the system includes: m cooperative parties, the private key is split into M private key components and respectively stored in M cooperative parties, M is greater than 2, wherein:

when a preset time node is reached, according to a preset coordination sequence, a first private key operation protection component is sent to an M-1 th coordination party in an M-th coordination direction, a second private key operation protection component is generated by the M-1 th coordination party and sent to a next coordination party, and the rest is done in the same way until the M-th private key operation protection component is generated by the first coordination party, wherein the preset time node is earlier than a time node for initiating a signature verification behavior by the first coordination party;

the first cooperative party can interact with the user side to respond to the user until, according to the pre-agreed cooperative sequence, the first part of signature is generated and sent to the second cooperative party based on the Mth private key operation protection component and the first private key component, the second cooperative party generates the second part of signature based on the first part of signature and the second private key component and sends to the next cooperative party, and so on until the Mth cooperative party generates the complete private key based on the M-1 part of signature and the Mth private key component and sends to the signature checking party.

The preassigned coordination sequence comprises a private key operation protection component coordination sequence (recorded as a first coordination sequence) and a signature coordination sequence (recorded as a second coordination sequence), the Mth coordination party to the 1 st coordination party perform coordination calculation of the private key operation protection component based on the first coordination sequence, and the 1 st coordination party to the Mth coordination party perform signature coordination calculation based on the second coordination sequence.

In addition, since the mth collaborating party is similar to the third collaborating party in the embodiment corresponding to fig. 4, the first collaborating party is similar to the first collaborating party in the embodiment corresponding to fig. 4, and the M-1 st to 2 nd collaborating parties are similar to the second collaborating parties in the embodiment corresponding to fig. 4, the specific implementation manner of the collaboration is similar to that of the collaboration scheme with function release in the above method embodiment, and therefore, the details are not repeated here.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims

1. A collaborative signing method comprising:

2. The method of claim 1, the preset time node comprising:

and the time node of the opened user side.

3. The method of claim 1, the preset time node further comprising:

4. The method according to claim 2 or 3, before the server sends the first private key operation protection component to the user side, further comprising:

and generating a first random number as the first private key operation protection component.

5. The method of claim 3, further comprising, before the server sends the first private key operation protection component to the user side:

generating a first random number;

and generating the first private key operation protection component based on the first random number and the pre-designated parameters of the target service data.

6. The method according to claim 2 or 3, before the server sends the first private key operation protection component to the user side, further comprising:

generating a first random number;

and encrypting the first random number to obtain a first ciphertext which is used as the operation protection component of the first private key.

7. The method of claim 3, further comprising, before the server sends the first private key operation protection component to the user side:

generating a first random number;

encrypting the first random number to obtain a first ciphertext;

and generating the first private key operation protection component based on the first ciphertext and the pre-designated parameter of the target service data.

8. The method of claim 7, further comprising:

and deleting the first random number.

9. The method of claim 8, the generating a full signature based on the first partial signature and a second private key component, comprising:

decrypting the first ciphertext to obtain the first random number;

generating a second partial signature based on the first random number and the second private key component;

generating a full signature based on the first partial signature and the second partial signature.

10. The method of claim 1, the first partial signature generated based on the first private key component and a second private key operation protection component, the second private key operation protection component generated based on a second random number and the first private key operation protection component.

11. The method of claim 10, wherein the second random number is assigned by the server to the user terminal.

12. The method according to claim 11, before receiving the first partial signature sent by the user terminal, further comprising:

and when detecting that the target service data selected by the user and reported by the user needs to be signed, sending the second random number and a signature indication to the user, wherein the signature indication is used for indicating to sign the target service data.

13. The method of claim 12, wherein the server sends the first private key operation protection component to the user side, comprising:

and sending the first private key operation protection component and the signature indication to the user side.

14. A collaborative signing method comprising:

15. The method of claim 14, wherein generating the first partial signature based on the first private key operation protection component and the first private key component comprises:

generating a second private key operation protection component based on the first private key operation protection component and a second random number;

generating a first partial signature based on the second private key operation protection component and the first private key component.

16. A collaborative signing method comprising:

17. A collaborative signing method comprising:

18. The method of claim 17, the second collaborator being multiple, including a first second collaborator through an Nth second collaborator, N being greater than 2;

the generating a second private key operation protection component based on the first private key operation protection component and sending the second private key operation protection component to the first cooperator includes:

19. The method of claim 18, wherein generating and sending a second partial signature to the third collaborator based on the first partial signature and a second private key component comprises:

20. A collaborative signing method comprising:

21. A collaborative signing apparatus comprising:

22. A collaborative signing apparatus comprising:

the first receiving module is used for receiving a first private key operation protection component, the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node for initiating a signature verification behavior at a user side;

the first sending module is used for sending the first part of signature to a server, and the server generates a complete signature based on the first part of signature and the second private key component and sends the complete signature to a signature verifier; the first private key component and the second private key component are obtained by splitting a secret key and are respectively stored in the user side and the server.

23. A collaborative signing apparatus comprising:

24. A collaborative signing apparatus comprising:

25. A collaborative signing apparatus comprising:

26. An electronic device, comprising:

a processor; and

27. An electronic device, comprising:

a processor; and

receiving a first private key operation protection component, wherein the first private key operation protection component is sent by a server when a preset time node is reached, and the preset time node is earlier than a time node for initiating a signature verification behavior at a user side;

the first partial signature is sent to a server, and a complete signature is generated by the server based on the first partial signature and a second private key component and is sent to a signature verifier; the first private key component and the second private key component are obtained by splitting a secret key and are respectively stored in the user side and the server.

28. An electronic device, comprising:

a processor; and

29. An electronic device, comprising:

a processor; and

30. An electronic device, comprising:

a processor; and

31. A computer-readable storage medium having a computer program stored thereon, which when executed by a processor, performs the operations of:

32. A computer-readable storage medium having a computer program stored thereon, which when executed by a processor, performs the operations of:

33. A computer-readable storage medium having a computer program stored thereon, which when executed by a processor, performs the operations of:

34. A computer-readable storage medium having a computer program stored thereon, which when executed by a processor, performs the operations of:

35. A computer-readable storage medium having a computer program stored thereon, which when executed by a processor, performs the operations of:

36. A collaborative signing system comprising: m cooperator and the party of checking the signature, the private key is split into M private key weight of share and is kept in M cooperator respectively, M is greater than 2, wherein:

according to the prearranged cooperation sequence, the first cooperation party calculates a protection component and a first private key component based on the Mth private key, generates a first part of signature and sends the first part of signature to the second cooperation party, the second cooperation party generates a second part of signature based on the first part of signature and the second private key component and sends the second part of signature to the next cooperation party, and the like until the Mth cooperation party generates a complete private key based on the M-1 part of signature and the Mth private key component and sends the complete private key to the signature verifier.